Weekly Update Templates960×540 53.5 KB

Introduction

The highlights of the past week were the releases of LXD 4.24 and LXCFS 5.0.0 LTS. The LXD release is the last feature release before we start the LXD 5.0 LTS series, and LXCFS is the first in its new 5.0 LTS series.

The release video of LXD 4.24 can be seen here:

https://www.youtube.com/watch?v=cBITRyeLT_8

Additionally @stgraber has added a video covering using the new multi-user feature of LXD, which can be useful when deploying LXD to desktops in an enterprise environment:
https://www.youtube.com/watch?v=6O0q3rSWr8A

LXD

Improvements:

• Added a --listen flag to the lxc file mount command to allow forcing the use of the SSH SFTP listener (rather than trying to use sshfs) and allowing to specify which IP and port to setup the listener on.
• Switched VM TPM device to CRB mode.
• Added restricted.containers.interception to projects to prevent the use of potentially unsafe interception features in restricted projects.
• Allow unauthenticated access to metrics API endpoint.
• Set spawn=allow option in QEMU for VMs as part of working toward support for QEMU 5.2.
• The lxc storage volume info command now returns an empty EXPIRES AT field value if no expiry set.
• Added last-modified to the file API.

Bug fixes:

• Fix heartbeat hang during cluster upgrade by adding a websocket handshake timeout to the event client.
• Fixed some issues with the new AppArmor profile for image archive unpacking when using custom volumes for images.
• Fixed a recent regression in VM live migration.
• Fixed a recent regression in VM disk shares.
• Allow ipv{n}.address=none to be set on bridged NICs that connect to managed networks to allow filtering all protocol traffic.
• Fix disk usage in the Grafana dashboard.
• Disable idmapped mount support if environment variable LXD_SHIFTFS_DISABLE=true.
• Fix image archive unpack ownership issue by passing --numeric-owner to the tar command.

YouTube videos

The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.

https://www.youtube.com/lxd-videos

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Nothing planned currently.

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Prometheus & grafana integration with the LXD charm
• Various kernel work
• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• lxc/file: Adds support for setting up local SFTP server for mount command
• lxd/apparmor/archive: Expand all paths
• Allow unauthenticated metrics
• lxd/instance/qemu: Switch TPM mode to CRB
• Improve lxc storage volume info
• Add restricted.containers.interception to projects
• Device: Fix regression for VM disk shares
• LXD: Disable idmapped mounts if LXD_SHIFTFS_DISABLE=true
• Fix live-migration of VMs and quiesce apparmor when using a LXD binary symlink
• Fix disk usage in Grafana dashboard
• Export sorting helpers.
• lxd/apparmor: Handle missing paths
• Add last-modified to file API
• lxd/instance/qemu: Set spawn=allow
• lxc/file: Adds --listen flag to mount command
• lxd: Adds IdmappedMounts field to OS struct
• Warnings: Use WarningExists from DB generator
• lxd/device/nic: Lock concurrent access to networkSRIOVRestoreVF
• Allow ipv{n}.address=none for bridged NICs on managed networks
• Storage: Pass --numeric-owner to backup tar unpack command
• tests: Fix ordering in bridge filtering test
• fix typo
• Update description in lxc file mount
• sphinx: Don’t pin dependencies
• lxd: Warn if exec control connection disconnects prematurely
• ‘lxc storage volume info’ returns empty ‘EXPIRES AT’ values
• Cluster: Fix hang during cluster upgrade due to missing event websocket handshake timeout

LXC

• lxc-checkconfig: Only check probed modules if /proc/modules exists

LXCFS

• proc_fuse: improve error message
• meson: Cleanup build files
• More meson tweaks
• Makefile: Fix ordering and add PHONY
• fuse: set file info for fuse2
• meson: Include documentation
• More sysfs fixes
• sysfs_fuse: fixes
• init/meson: Use libdir instead of hardcoded /lib path
• Query systemd system unit dir.

Distrobuilder

• Fixed typo

Dqlite (RAFT library)

• Nothing to report this week

Dqlite (database)

• Nothing to report this week

Dqlite (Go bindings)

• Nothing to report this week

LXD Charm

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Removed the lxd shim package from Ubuntu 22.04
• Pushed an update to the lxd shim package in Ubuntu 20.04 in preparation for LXD 5.0

Snap

• lxcfs: Bump to 5.0.0
• lxd: Bump to 4.24
• edk2: Bump to 202202
• zfs: Bump to 2.1.3
• sqlite: Bump to 3.38.0
• swtpm: Bump to 0.7.2
• nvidia: Bump to 1.8.1
• nftables: Bump to 1.0.2
• libtpms: Bump to 0.9.3
• lxd: Add sshfs support