Weekly status for the week of the 14th February to the 20th of February.
Introduction
This past week we have been working toward our roadmap features as well as the usual round of improvements and bug fixes.
LXD
New features:
- Added
ipv{n}.neighbor_probe
setting torouted
NICs, defaulting totrue
, that allows disabling the recently added IP neighbor checking on the parent network. This allows using the previous behaviour of starting the instance NIC (and advertising its IPs to the parent network), even if the parent network indicates (via ARP or NDP) that the IPs are already in use by another device.
Improvements:
- Ignore stale file handle errors in the
fsmonitor
filesystem watcher subsystem that was causing intermittent spurious errors in the logs. - Cluster heartbeat improvements to reduce the possibility of stale cluster member role and status info being distributed during a cluster member role/state change.
- Improve support for metrics in
lxc query
to allow it to work with candid/RBAC authenticated endpoints and add ability to select a specific server by using?target=XYZ
. - Allow live updating of
cluster.evacuate
config key for VM instances.
Bug fixes:
- Fixed an issue that caused LXD to crash when manually disconnecting from a
lxc console
session. - Set ZFS volume mountpoints to
legacy
in an attempt to workaround/avoid issues running the ZFS mount/unmount commands inside the snap package’s mount namespace. - Fixed token generation over HTTPS.
- Fixed bad cgroup cpuset check, was incorrectly checking memory cgroup.
- Fixed an issue in the
routed
NIC that prevent using thevlan
option when the<parent>.<vlan>
interface didn’t already exist on the host. - Fixed an issue with the
bridged
NIC that was causing certain ebtables rules to be cleared when the instance stopped even if those rules were not added by LXD. We now only attempt to clear the ebtables rules if MAC or IP filtering are enabled.
LXC
Improvements:
- Cgroup file handle check improvements.
Dqlite (RAFT library)
Bug fixes:
- Fixed an assertion calling
uvWriterClose
being called twice, by not finalizing segments if there are writes in-flight. - uv_os: Perform a runtime check on file and dir lengths when joining to fix coverity issues.
Dqlite (database)
Bug fixes:
- Fixed an invalid memory address or nil pointer dereference caused by not handling NULL nodes.
- Initialize transport stack variables to fix coverity issues.
- Fixed crash when being passed an empty query statement.
Dqlite (Go bindings)
Improvements:
- Don’t use background context for c bindings and instead use context from the node to allow cancelling the proxy go routine.
YouTube videos
The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.
https://www.youtube.com/lxd-videos
This week, the team published a video on integrating LXD with Canonical RBAC:
https://www.youtube.com/watch?v=VE60AbJHT6E
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing planned currently.
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Reworked cluster event distribution mechanism
- New unified P2C/P2V tooling
- Token based remote add
- Network ACL log API
- Prometheus & grafana integration with the LXD charm
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- lxd/main_init_interactive: Add missing :
- lxc/console: Don’t crash on manual disconnect
- doc/metrics: stop tuning job’s scrape_interval now that results are c…
- doc/metrics: don’t assume any default scrape_interval value
- Rework FileResponse
- lxd/response: Rename FileModify to FileModified
- lxd/fsmonitor/drivers: Ignore stale file handle errors.
- Remove state.State dependency from apparmor package
- Storage: Set all ZFS dataset mountpoint settings to legacy
- Cluster: Heartbeat improvements
- lxc/config_trust: Support --name flag for tokens
- Client: Context improvements
- test: Update clustering membership tests to not expect a specific promotion order of members
- shared/api/url: Add WithQuery
- Fix message typo: entriess to entries, doest to does
- test: Update cluster rebalance tests to not use member specific role logic
- Cluster: Heartbeat improvement
- Improve
lxc query
support for metrics - lxd/certificates: Fix token generation over HTTPS
- lxd/cgroup: Fix bad cpuset check
- lxc/cluster_group: Update long descriptions
- NIC: Various routed fixes and improvements
- doc/metrics: use secp384r1 curve with SHA384 signature
- NIC: Adds ipv{n}.neighbor_probe settings to routed NIC
- NIC: Don’t attempt to clear bridged filter rules on stop if filtering is not enabled
- lxd/instance/qemu: Allow live update of cluster.evacuate
LXC
LXCFS
- Nothing to report this week
Distrobuilder
- Nothing to report this week
Dqlite (RAFT library)
- uv_append: Don’t finalize segment if there are writes in-flight
- uv_os: Perform a runtime check on file and dir lengths when joining
Dqlite (database)
- server: check for NULL node in dqlite_node_errmsg
- gateway: transport: Initialize stack variables
- gateway: Handle empty query statements
Dqlite (Go bindings)
LXD Charm
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- nvidia-container: Include new libraries
- lxd: Cherry-pick upstream bugfixes