Weekly status #248


Weekly status for the week of the 9th May to the 15th May.

Introduction

This past week we have been mostly focusing on reducing our issues backlog. However several smaller features and performance improvement have been added as well.

@stgraber has also added a video covering LXD’s network ACL (Access Control List) features:
https://www.youtube.com/watch?v=mu34G0cX6Io

LXD

New features:

  • Added support for copying profiles across projects.
  • Expose PCI VPD info in resources API.

Improvements:

  • Switched to using the QEMU RBD driver for VMs on Ceph. This improves I/O performance by avoiding the need to use the krbd I/O interface.
  • Added support for server-side filtering for list commands in the lxc CLI and Go client package.
  • The storage subsystem has seen some internal improvements to implement mount reference counting for instance snapshot volumes. This aligns the instance snapshot mount interface with the instance mount interface for consistency.
  • For OVN networks LXD now waits for changes to be propagated from the OVN northbound database into the OVN southbound database. This allows the OVN databases to be in sync before the LXD operation returns to make for a more predicable experience.

Bug fixes:

  • The 30s HTTP header response client timeout added in LXD 5.1 has been increased to 1 hour. In principle a 30s HTTP header response timeout should have been sufficient, even for operations that took longer than 30s, as LXD has support for async operations (which use websockets for status updates) and thus the initial response header should have been returned by LXD within 30s even for long running operations. Indeed we saw no automated test regressions when the 30s timeout was introduced (even in our daily VM tests that do perform long running operations >30s). However several users experienced the client timeout occur in various operations. Unfortunately working with them we were not able to gather sufficient information from their systems as to why this was occurring, and we were not able to reproduce by artificially introducing network delays. To be on the safe side though we have significantly increased the header response timeout, but have still kept the TLS negotiation timeout to 30s.
  • Clarified the help text on command lxc config trust revoke-token that it takes a name not a token argument.
  • Fix error message about instance type in project allow instance creation logic.
  • Fix possible LXD crash scenario when starting LXD if it was already running (the newly launched process could crash, not the previously running one).
  • Show non-editable fields in the instance edit screen (lxc config edit <instance>) which makes it consistent with other edit screens (as well as the existing comment example shown at the top of the screen). For readability this excludes the expanded config fields. To achieve this the ExpandedConfig and ExpandedDevices fields in the Instance API struct have been marked as omitempty.
  • Instance storage volume snapshot config and description information is now restored when restoring an instance snapshot.
  • Instance backup exports now populates the instance snapshot volume info in the backup.yaml file and this is used when restoring (if available).
  • Copying a custom volume within the same storage pool now maintains the volume snapshot config info.
  • Modifying the VM security.secureboot setting on a profile was not applied to running VM instances. This config key now has deferred apply support, so if the config key is changed when the VM is running, it is applied on the next start of the instance.
  • Fix single lxc config trust remove command when single argument <remote>:<fingerprint> format was used.
  • Fixed an issue that was preventing memory state info from being returned from the VM lxd-agent process when running in pure cgroup2 instances.
  • Fixed auto snapshot on restricted projects.

LXC

Bug fixes:

  • Renamed the main bash completion file so as not to conflict with the LXD’s lxc command.

LXCFS

Bug fixes:

  • Removed extra space in /proc/stat emulation.

Distrobuidler

Improvements:

  • Adds export LC_ALL=C to get a small speed boost by using the C locale since we are only handling ASCII anyway.

LXD Charm

Improvements:

  • Adds snap-config-openvswitch-external setting to allow using the system’s OVS tools (ignores snap-config-openvswitch-builtin).

YouTube videos

The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.

https://www.youtube.com/lxd-videos

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

  • Nothing planned currently.

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

  • Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

LXC

LXCFS

Distrobuilder

Dqlite (RAFT library)

  • Nothing to report this week

Dqlite (database)

  • Nothing to report this week

Dqlite (Go bindings)

  • Nothing to report this week

LXD Charm

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

  • Nothing to report this week

Snap

  • lxd: Cherry-pick upstream bugfixes
2 Likes