Weekly status for the week of the 8th to 14th of November.

Introduction

This past week LXD has gained routed NIC support for VMs, and self certificate renewal for non-admin users. Also the LXD disk device has been reworked to lay the groundwork for the forthcoming restricted path feature. Additionally Dqlite has seen a focus on improving armhf builds and testing.

LXD

@stgraber has added two new videos this week; What’s new in LXD 4.20, and Snapshots and VM stateful shutdown.

https://www.youtube.com/watch?v=hyliCTJjytw

https://www.youtube.com/watch?v=qNkpPu_OgGo

New features:

• Self certificate renewal for non-admin users.
• Added routed NIC support for VMs.

Improvements:

• Add SSL support for OVN database connections.
• Added support for OVN PMTU discovery for external ingress traffic (on recent versions of OVN).
• The disk device has been reworked to use file handles when opening the source of a disk device rather than passing the source path directly to the instance driver. This is laying the groundwork for adding the ability to use the openat2 syscall for restricted path passthrough in the future.
• Cleaned up some of LXD’s dependencies to aid the Debian packaging project.
• Consistent use of IEC units.

Bug fixes:

• Fixes multi-USB device pass-through for single logical LXD device for VMs.
• Fix liblxc handle leak in state output which was leaving a file handle open to liblxc’s log file until the Go garbage collector kicked in.
• Clean up mdev GPU device on start up failure.
• Fixed upgrade from LXD 2.0/3.0 now that we are using go-dqlite v1.10.1 which supports NULLable fields.
• Use correct project in live migration.

LXC

Bug fixes:

• Avoid multiple liblxc.so with --enable-pam flag.
• Revert use of vfork in lxc_container_init() as not recommended usage.

LXCFS:

Bug fixes:

• Fixed an issue that was causing incorrect cpu idle time in /proc/stat when cpu.cfs_quota_us=-1.

Distrobuilder:

Bug fixes:

• Fixed an issue with the timeout handler not taking effect.

Dqlite (database):

Bug fixes:

• Build fixes armhf impish.

Dqlite (Go bindings)

Bug fixes:

• Fix armhf tests.

Youtube channel

We’ve started a Youtube channel with live streams covering LXD releases and its use in the wider ecosystem.

You may want to give it a watch and/or subscribe for more content in the coming weeks.

https://www.youtube.com/lxd-videos

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Distrobuilder Windows support
• Virtual networks in LXD
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Support trust certificate self renewal
• doc: Elaborate on pongo2 date-time syntax for snapshots
• lxc/list: Changed units to be IEC consistent
• VM: fix usb pass-through with more than one device
• DB: Fix upgrade from LXD 2.0/3.0 when using go-dqlite v1.10.1 NULLable fields
• lxd/device: Clean up mdev vGPU on failure
• lxd/instances: Use correct project in live migration
• Network: Add support for OVN PTMU discovery for external ingress traffic
• Switch to original go-udev
• Switch to go-httprequest
• Storage: Disk mounting cleanup and improvements
• Migrate: Only use pointers to migration.MigrationControl to avoid shallow copies
• Default profile units
• DB: Always defer close until after statement has returned to avoid panicking on error
• Stricter regexps
• Container: Fix liblxc handle leak in renderState
• Device: Switch VM disk devices to use opened file descriptors for passing disk sources to QEMU
• Warning entry for missing instance driver
• lxd/network/ovn: Support SSL
• Network: Separate IP neighbour and neighbour proxy management functions
• NIC: Reworks routed NIC to not depend on liblxc’s router NIC type
• NIC: Adds routed NIC support for VMs
• doc: Fix misspelling in server.md

LXC

• autotools: Avoid multiple liblxc.so with --enable-pam
• macro: ensure necessary io_uring flags are defined
• Revert “initutils: use vfork() in lxc_container_init()”

LXCFS

• Skip cpu revise when cfs quota is disable

Distrobuilder

• main: Fix timeout handler

Dqlite (RAFT library)

• Nothing to report this week

Dqlite (database)

• Build fixes armhf impish
• command: Initialize header

Dqlite (Go bindings)

• Armhf test fixes

LXD Charm

• Fix log message in ceph relation-changed handler

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• ovs: Enabled SSL
• ovn: Enabled SSL
• ovs: Bumped to 2.16.1
• ovn: Bumped to 21.09.0
• ovn: Added ovn.builtin config key
• lxd: Cherry-pick upstream bugfixes