Weekly status for the week of the 21st February to the 27th of February.
Introduction
This past week we have merged the Event Hub feature from our LXD roadmap, as well as making significant progress on our File Streaming API roadmap item. Additionally we have added the ability for the VM lxd-agent to rename network interfaces inside the guest using the LXD device config names.
Additionally @stgraber has created a video on the new token based authentication for LXD remotes.
https://www.youtube.com/watch?v=4iNpiL-lrXU
LXD
New features:
- Event Hub - added the ability to specify certain cluster members act as “hubs” for LXD event streams. The purpose for this is to reduce intra-member connections and interrupts in larger clusters caused by the full-mesh connections opened between every member. This can be achieved by adding the
event-hub
role to at least 2 members in a cluster. This will reorganise the cluster member event connections so that rather than every member connecting to every other member (“full-mesh” mode) to instead have each non-event-hub member connect to every event-hub member. These event-hub members will then redistribute the events they receive to every other event-hub member (which in turn will distribute the events to their non-hub member listeners). - VM lxd-agent network interface rename and MTU applied from LXD device config.
Improvements:
- File Streaming API: Replace forkfile with Go implementation of SFTP - this should instance file operation performance (especially when making multiple requests in quick succession) by avoiding the need to fork a new process for each file operation, and instead maintain a persistent process inside the instance that can provide access to the instance’s filesystem and expose that over an SFTP connection back to the LXD server.
- VM detect io_uring support in QEMU and use it for improved performance.
- Harden calls to image unpackers by leveraging AppArmor profiles running the unpacker commands.
Bug fixes:
- Further refinements on device name validation to relax the recently device name restrictions added to allow
.
,/
and:
in device names, and several fixes to handle escaping/
in names for subsystems that do not support them. - Support
--allow-inconsistent
flag when refreshing an instance. - Fixed static DHCP allocation reservation bug when using multiple NICs inside a single instance connected to the same parent bridge.
- Fixed logic problem in matching Entity ID when resolving an deleting persistent warnings.
LXC
Bug fixes:
- Ensure container_ttys environment variable is set correctly.
- Fixes to modify cgroup2 attach logic to support recent kernel permission checks.
Dqlite (Go bindings)
Improvements:
- Adds
WithUnixSocket
to app to allow setting a specific socket path.
LXD Charm
Improvements:
- Add
prometheus2
charm to all-in-one bundle. - Added grafana-dashboard support.
YouTube videos
The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.
https://www.youtube.com/lxd-videos
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing planned currently.
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Reworked cluster event distribution mechanism
- New unified P2C/P2V tooling
- Token based remote add
- Network ACL log API
- Prometheus & grafana integration with the LXD charm
- Various kernel work
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Events: Add event-hub cluster member role
- Adds lxd-agent option to apply name and MTU to nic devices
- Harden calls to image unpackers
- Replace
forkfile
with Go implementation using SFTP - Restrict device names
- lxd/certificates: Better handle authentication
- Shared: Adds IsTrueOrEmpty and IsFalseOrEmpty
- Refresh instance allow inconsistent
- Add filesystem.Syncfs
- lxd/db/generate: Fix bad loop logic
- Add Context option to some DB actions.
- lxd/instance/lxc: Use contextual logger in Metrics
- doc: add Open Graph metadata
- Device: Name validation improvements
- doc: fix Open Graph version
- Network: Fix DHCP static allocation bug
- Warnings: Fix logic bug in matching entityID in resolve and delete warning functions
- doc: fix the footer
- VM: Bug fixes and improvements to the lxd-agent NIC settings feature
- doc: Fix cert pathing in metrics.md
- lxd/util/sys: Pass liblxc version to RuntimeLiblxcVersionAtLeast
- Warnings: Use DB generator for warnings functions
- Detect and use io_uring for VMs
LXC
- doc: Fix reverse allowlist/denylist in Japanese man page
- ttys: ensure container_ttys= env variable is set correctly
- cgroups: modify cgroup2 attach logic
LXCFS
- Nothing to report this week
Distrobuilder
- Nothing to report this week
Dqlite (RAFT library)
- Nothing to report this week
Dqlite (database)
- Nothing to report this week
Dqlite (Go bindings)
LXD Charm
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- lxd: Cherry-pick upstream bugfixes
- lxc: Cherry-pick upstream bugfixes
- qemu: Build with io_uring