Weekly status #255


Weekly status for the week of the 27th June to the 3rd July.

Introduction

The past week saw us continue working on our larger cycle projects, as well as fixing a number of bugs since the LXD 5.3 release.

Most notable of these was a regression in liblxc that was introduced by the switch to the meson build system. It manifested itself in preventing containers using external disk devices using some filesystems as a source from being able to start. The fix for this has been added to the LXD snap package and is available now in the latest/candidate channel and will be pushed out to the latest/stable channel today. See add check for statvfs · lxc/lxc@8ee615c · GitHub for more info.

Additionally @stgraber and @brauner were at the Linux Security Summit North America last week and gave a talk on System call interception for unprivileged containers.

LXD

Improvements:

  • Improved clarity of error message when failing to parse a JSON PID file in the subprocess package. This now gives the full path of the file that cannot be parsed, which is useful if LXD is having trouble parsing old/invalid PID files, as it allows them to be manually removed easily.
  • Switched to using GitHub source for getting go-lxc rather than gopkg.in in Go mod.
  • Updated lifecycle events to use new constants.
  • Modified internal network load balancer structs to support multiple target backends for the forthcoming OVN load balancer functionality.
  • Added additional automated linters and associated code cleanups.

Bug fixes:

  • Fixed a regression in OVN network setup introduced by some of the recent linter changes that broke the logical router port setup.
  • Fixed a regression that was causing container start failures when the underlying liblxc wasn’t built with AppArmor support.
  • Fixed an issue in the OVN cluster setup tutorial that was causing multiple discrete clusters to be configured rather than a single cluster.

LXC

Bug fixes:

  • Fixed a regression since LXC 4.0.6 that was setting incorrect broadcast address on container NICs when the configured IPv4 address was using /31 or /32 prefix. This primarily affected router mode NICs and caused some IPs in the same network to be unreachable from an instance. The broadcast address is now set to 0.0.0.0 for these prefixes, effectively making the NIC operate in point-to-point mode.
  • idmapped rootfs startup fixes.
  • Fixed TTY name.
  • Fixed network namespace sharing between containers.
  • Fixed check for statvfs regression which had been lost since move to meson build system. This was causing bind mount errors on container start.

Distrobuilder:

Bug fixes:

  • Fixed broken link to LXD image format documentation.

Dqlite (RAFT library):

Improvements:

  • Deprecated raft_fixture_init.
  • Cleaned up the PRNG seeding in raft_uv.

YouTube videos

The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

  • Nothing planned currently.

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

LXC

LXCFS

  • Nothing to report this week

Distrobuilder

Dqlite (RAFT library)

Dqlite (database)

  • Nothing to report this week

Dqlite (Go bindings)

  • Nothing to report this week

LXD Charm

  • Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

  • Nothing to report this week

Snap

  • lxd: Cherry-pick upstream bugfixes
1 Like