Weekly Update Templates(1)960×540 53.4 KB

Introduction

This past week we have continued working through the support and issues backlog after our trip to Prague a few weeks ago as well as handling most of the recently reported bug issues.

LXD

Bug fixes:

• Fixed an issue with image handling in projects where features.images=false but features.profiles=true. Now newly imported images will be added to the default profile of all projects that have features.images=fasle and features.profiles=true.
• Fixed an issue when using some specific device names with VMs. These were previously based64 encoded to allow using device names with characters that QEMU didn’t allow. However some names being being encoded with the + character which QEMU doesn’t allow. So now it has been switch to use base64 raw URL encoding format to avoid this.
• Fixed an issue that allowed moving an instance within a cluster to an invalid or empty name when using the API directly.
• Fixed an issue with the new VM CPU hotplugging feature. LXD now detects if the underlying QEMU version/architecture supports CPU hotplugging before trying to use it.
• Fixed a bug with the tpm device on containers. Unlike VMs, this wasn’t passing through the TPM resource manager device, and without it most TPM operations were not possible. The tpm device on containers now requires a new option pathrm to be provided to indicate where to create the the tpmrm device.
• Fixed some missing operation clean ups during error handling on container stop & update.
• Fixed bash auto-completion to consider instances in the recently added READY state, as well as those in the RUNNING state.
• Fixed an issue that was offering cephobject pool driver as an option during lxd init, when LXD should only be offering storage pool drivers that support instance volumes.
• Fixed an AppArmor issue preventing unpacking VM custom images when using a custom storage volume for image storage.
• Fixed an issue with container NIC MAC addresses being re-written during a race between LXD creating the interface and setting the MAC address on it and something on the host system re-writing the MAC address after LXD had set it. LXD now also passes the NIC MAC address hwaddr setting to liblxc config to allow liblxc itself a second chance to set the MAC address to the address required before the container is started.
• Fixed an issue with LXD consuming a lot of CPU due to its recursive inotify watches on /dev directories. When using the fsnotify driver (as opposed to the more recent fanotify driver) LXD was receiving WRITE events to devices inside of the directories being watched (even though LXD wasn’t watching those devices explicitly). This was identified as a limitation in the fsnotify Go package being used which didn’t allow LXD to specify the sort of events it wanted to receive, and instead required LXD to receive all event types (including the WRITE events that LXD doesn’t need to see). The fix for this was to switch to a more light weight inotify Go package (as cross-platform support isn’t needed) that does allow LXD to specify that it only needs to be notified when devices are created or deleted. This should considerably reduce the amount of CPU that LXD is consuming when writes are occurring on devices inside of /dev on the host system when not using fanotify driver.
• Fixed default value behaviour inconsistency of the acme.agree_tos server setting to align with other server wide config settings.
• Fixed a sizing issue with publishing and then using a custom VM image from an LVM storage pool. Previously if an instance with a quota using GB was published as an image, then trying to create a new instance from that image with the same GB quota size would fail saying the image was too big to fit into the new instance volume. To avoid this error LXD now takes into account LVM’s extent rounding behaviour to allow slightly less strict volume size validation, and allowing LXD to slightly grow the new instance volume to account for the larger image.
• Fixed an issue with the recently added lxc init --device flag that allows overriding devices during instance initialization or launching. The problem was that when combined with the --storage or --network options, the --device flag would replace the custom disk or nic device added by those flags and replace it with an overridden device from the profile(s). The lxc init command now takes into account whether the device being overridden exists in the local instance request, and if it does it will override it directly rather than using a device from the profile(s) as the basis for overriding.
• Fixed a bug in UsedByInstanceDevices function where a macvlan NIC could be incorrectly considered connected to an OVN network if it was using parent property connected to an un-managed bridge of the same name as an OVN network in a non-default project. Also standardized on the use of UsedByInstanceDevices instead of several other slightly different bespoke implementations for specific use cases to avoid logic duplication and improve maintainability.

LXC

Bug fixes:

• Fixed a series of blocking issues with building LXC>=5.0 on openSUSE.
• Fixed test builds on ia64.
• Meson build fixes.
• Fixed an issue that prevented cgroup remove on container stop if the container was using a custom idmap such that the root user in the container was the root user on the host, but the container itself was not considered “privileged”.

Distrobuilder

New features:

• Added support for openEuler.

Bug fixes:

• Sets user agent for downloaded.

LXD Charm

Improvements:

• Make more use of pylxd.
• Added support for Ubuntu 22.04.

YouTube videos

The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• FOSDEM 2023 4th-5th February 2023. See FOSDEM 2023 containers devroom: Call for papers

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• lxd: Fix handling of images in projects with features.images=false
• Network: Remove unnecessary query for server name in bridge Leases
• VM: Fix blockNodeName to use base64 raw URL format
• Instance: Prevent moving instance to invalid (or empty) name
• Instance: Restrict VM CPU hotplugging architecture
• lxd/device/tpm: Expose tpmrm to the container
• doc: allow returning traffic in DOCKER-USER custom chain
• scripts/bash/lxd-client: fix autocompletion not working
• lxd/util: Skip cephobject in AvailableStorageDrivers
• VM: Fix VM image unpack apparmor profile in archiveProfile
• Device: Add hwaddr key to liblxc NIC config
• Check CPU hotplug support based on QMP command
• Improve error handling on container stop/update
• fsmonitor: Don’t watch for WRITE events when using inotify
• config: Fix inconsistency with acme.agree_tos option
• Storage: Move block volume rounding logic into driver and use extent size for LVM rounding
• lxc: Allow --device flag to override local devices from --storage and --network flags
• Network: Use UsedByInstanceDevices for checkAddressConflict and Leases

LXC

• build: fix build issues on openSUSE
• [lxc-5.0.z] build: fix build issues on openSUSE
• tests: lxc-test-reboot: Fix build on ia64
• meson.build: strip newlines from git output
• src/lxc/meson.build: fix the static library path
• meson.build: strip newlines from git output
• meson.build: strip newline for variable assignments
• meson.build: strip newline for variable assignments
• README: remove lgtm
• cgroups: fix cgroup removal

LXCFS

• doc: guide for mount /sys/devices/system/cpu in docker demo

Distrobuilder

• source: add support for openeuler downloader
• change release style to 22.03-LTS-SPx
• sources: Set user-agent for downloads

LXD Charm

• Pylxd cluster
• Add support for 22.04

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• commands: small shellcheck fixes
• zfs: Bump to 2.1.6
• sqlite: Bump to 3.40.0
• swtpm: Bump to v0.8.0
• spice: Bump to v0.15.1
• ovs: Bump to v3.0.1
• minio: Bump to RELEASE.2022-11-17T23-20-09Z
• liburing: Bump to 2.3
• libnftnl: Bump to 1.2.4