Weekly status for the week of the 2nd of August to the 8th of August.

Introduction

The highlight of the past week was the release of LXD 4.17, please see the release notes and associated release video for more details.

The LXD team is hiring

The LXD team at Canonical is currently looking for a Go software engineer to join our distributed team of engineers. We’re looking for candidates anywhere in Europe or the Americas!

All LXD positions are 100% remote with some travel for internal events and conferences.

LXD

Improvements:

• When attaching custom block volumes to VMs there is no ability to specify a filesystem mount path (because LXD doesn’t know that there is even a filesystem on the block volume). To avoid confusion LXD checks that no filesystem mount path has been specified by the user and returns an error if it is. However previously this required explicitly passing an empty argument to the lxc storage volume attach command (as the lxc tool itself was requiring the presence of the mount path argument, even if empty). This has now been updated so that the mount path argument is optional in the lxc CLI and it is left to LXD to check whether it is required or not based on the volume type.
• For bridge networks LXD previously added firewall rules to the host system to allow DHCP and DNS from the instances to the LXD dnsmasq server. This has now been extended to allow specific ICMP types to allow for IPv6 router advertisements and IPv6 router solicitations from the instances, in case these would have been dropped by an existing firewall rule.
• There have been several improvements to the lxd recover command, including pre-scanning all of the detected unknown volumes when restoring the storage pool DB record so we can prefer to restore it from an instance config backup file rather than the user specified config entered during the recovery scan stage, so that we have a full config that was previously taken from the database.
• The internal database query code generator has been seeing some improvements to make it more consistent, cleaner, and safer (ensuring that all filter parameters supplied are actually used when querying or throwing an error if not usable rather than silently being ignored which could have lead to unexpected result sets).
• We have made the Ceph config parser more tolerant in order for it to support more variations in the external config definitions.
• Improvement to the AppArmor rules to make systemd happier when running inside unprivileged containers (affected Centos 8) which was previously causing periodic error messages on the host.

Bug fixes:

• The raw.lxc config key is documented as appending custom liblxc config to the LXD generated liblxc config file. However this was not always the case as the dynamic device config was added to the config file after the raw.lxc content, which was preventing it from overriding NIC level config from that setting. This has now been fixed.
• Allow instance cross-pool moves without triggering a duplicate MAC address error. The recently added duplicate MAC and IP address checks were incorrectly being triggered when performing a cross-pool instance move due to the fact that LXD creates a new temporary instance on the new pool before removing the old one. To workaround this temporary duplicate instance, we now use the volatile.uuid config key to discount this new instance from the duplicate checks if it matches the source.
• Several improvements and bug fixes to the recently added cluster evacuation feature to make the process handle more instance states.
• A fix to to the recently added lxd recover feature to handle ZFS pools that are named different than the LXD storage pool name.

LXC

Bug fixes:

• A regression that prevented containers with empty network namespaces from being started has been fixed.

Distrobuilder

Improvements:

• Support ISO generation with mkiofs.

Bug fixes:

• Disable overlay FS on FUSE filesystems.
• Fixed a regression in the unified tarball generation caused by the recent compression feature changes.
• OpenWRT fixes.

Dqlite (database)

Improvements:

• Adds Recover V2 command that supports server roles.

Bug fixes:

• Fix issues with dqlite_set_network_latency_ms function.

Dqlite (Go bindings)

New features:

• Adds a new .reconfigure command to force a new config into the raft cluster for recovery.

Youtube channel

We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.

You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Distrobuilder Windows support
• Virtual networks in LXD
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Tweak lxc info
• Generator: Parameterized delete
• Generator: ID and UUID casing
• Recovery: Prefer restoring pool config from instance backup file over user input if available
• Generator: Remove wildcard support
• doc: Add events doc to navigation
• Recovery: Improve tests and cephfs support
• Storage: Prevent custom block volume export
• lxc/init: When using network flag support managed networks
• lxd/device/disk: Update comment regading custom block volumes
• lxc/storage: Allow attaching custom block volumes to VMs
• Instance: Don’t trigger duplicate NIC warnings when performing cross-pool move
• lxd: Hide built-in completion command
• Instance: Prevent starting an instance whilst it is being created
• syscall_wrappers: don’t conflict with glibc provided close_range()
• lxd/apparmor: Allow remount using strictatime
• Generator: Use Pointers for Filter fields.
• Allow ICMP to/from LXD networks
• Improve ceph config parser
• global: Disable the completion command
• lxd/instance/lxc: Rework raw.lxc handling
• Fix some ZFS issues with lxd recover
• lxd/cluster: Fix some early issues with cluster evacuation/restore
• More cluster evacuation fixes

LXC

• mount_utils: introduce mount_at()
• conf: rootfs mount option fixes
• network: fix container with empty network namespaces

LXCFS

• Nothing to report this week

Distrobuilder

• windows: Disable overlay on FUSE filesystems
• image: Fix unified LXD tarballs
• sources/openwrt: Remove verification
• main: Support ISO generation with mkisofs

Dqlite (RAFT library)

• Nothing to report this week

Dqlite (database)

• Recover v2
• server: Add dqlite_set_network_latency_ms to API

Dqlite (Go bindings)

• Recover
• Swap my-key and my-value

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• LXC 4.0.10 made it to Ubuntu Impish

Snap

• lxd: Update to 4.17
• lxd: Cherry-pick upstream bugfixes