Weekly status for the week of the 27th June to the 3rd July.
Introduction
The past week saw us continue working on our larger cycle projects, as well as fixing a number of bugs since the LXD 5.3 release.
Most notable of these was a regression in liblxc that was introduced by the switch to the meson build system. It manifested itself in preventing containers using external disk devices using some filesystems as a source from being able to start. The fix for this has been added to the LXD snap package and is available now in the latest/candidate channel and will be pushed out to the latest/stable channel today. See add check for statvfs · lxc/lxc@8ee615c · GitHub for more info.
Additionally @stgraber and @brauner were at the Linux Security Summit North America last week and gave a talk on System call interception for unprivileged containers.
LXD
Improvements:
- Improved clarity of error message when failing to parse a JSON PID file in the
subprocesspackage. This now gives the full path of the file that cannot be parsed, which is useful if LXD is having trouble parsing old/invalid PID files, as it allows them to be manually removed easily. - Switched to using GitHub source for getting go-lxc rather than gopkg.in in Go mod.
- Updated lifecycle events to use new constants.
- Modified internal network load balancer structs to support multiple target backends for the forthcoming OVN load balancer functionality.
- Added additional automated linters and associated code cleanups.
Bug fixes:
- Fixed a regression in OVN network setup introduced by some of the recent linter changes that broke the logical router port setup.
- Fixed a regression that was causing container start failures when the underlying
liblxcwasn’t built with AppArmor support. - Fixed an issue in the OVN cluster setup tutorial that was causing multiple discrete clusters to be configured rather than a single cluster.
LXC
Bug fixes:
- Fixed a regression since LXC 4.0.6 that was setting incorrect broadcast address on container NICs when the configured IPv4 address was using
/31or/32prefix. This primarily affectedroutermode NICs and caused some IPs in the same network to be unreachable from an instance. The broadcast address is now set to 0.0.0.0 for these prefixes, effectively making the NIC operate in point-to-point mode. - idmapped rootfs startup fixes.
- Fixed TTY name.
- Fixed network namespace sharing between containers.
- Fixed check for statvfs regression which had been lost since move to meson build system. This was causing bind mount errors on container start.
Distrobuilder:
Bug fixes:
- Fixed broken link to LXD image format documentation.
Dqlite (RAFT library):
Improvements:
- Deprecated raft_fixture_init.
- Cleaned up the PRNG seeding in raft_uv.
YouTube videos
The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing planned currently.
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Stable release work for LXC, LXCFS and LXD
- [LXD] Bidirectional vsock interface for VMs
- [LXD] Network load-balancers (OVN)
- Dqlite disk-only operation mode
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Enables additional linters via golangci-lint config file.
- doc: storage: clarify that most docs are about custom volumes
- lxd/network/openvswitch: Use %s so that delimiting quotes are not escaped.
- Subprocess: Improve errors in ImportProcess
- Tweaks to go-lxc usage
- Update lifecycle events
- doc: add link to YouTube video about image handling
- lxd/instance/lxc: Don’t fail on missing apparmor
- Shell linters and github action
- Network: Load balancer struct prerequisites applied to network forwards
- Tiny lint fixes
- lxd/network/driver/ovn: Inserts newlines after blocks.
- workflows: Removes unit tests and reinstates ubuntu client tests.
- lxd/db/generate/lex: Use cases.Title instead of deprecated strings.Title
- Generator: Fix config table error handling.
- Fix OVN docs
LXC
- fix for issue #4026: set broadcast to 0.0.0.0 for /31 and /32
- conf: startup fixes
- conf: fix append_ttyname()
- start: fix namespace sharing
- add check for statvfs
LXCFS
- Nothing to report this week
Distrobuilder
Dqlite (RAFT library)
Dqlite (database)
- Nothing to report this week
Dqlite (Go bindings)
- Nothing to report this week
LXD Charm
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- lxd: Cherry-pick upstream bugfixes