Weekly status for the week of 13th February to 19th February.
Introduction
The highlight of the past week was the release of LXD 5.11. This was a pretty packed release with a couple of big highlight features, specifically the instance placement scriptlet and ZFS zvol support but also included are quite a few other smaller features, performance improvements and bugfixes.
Please see the release notes and release video for more details:
https://www.youtube.com/watch?v=iMLiK1fX4I0
Additionally @stgraber has continued his series on LXD Instance Devices, this week covering the unix-char
, unix-block
and unix-hotplug
device types .
https://www.youtube.com/watch?v=C2e3LD5wLI8
Job openings
Canonical Ltd. strengthens its investment into LXD and is looking at building multiple squads under the technical leadership of @stgraber.
As such, we are looking for first line managers (highly technical) and individual contributors to grow the team and pursue our efforts around scalability and clustering.
All positions are 100% remote with some travel for internal events and conferences.
For more info please see LXD related openings at Canonical Ltd (2022-2023)
LXD
New features:
- Added support for ZFS block mode. This is controlled by the
volume.zfs.block_mode
,volume.block.filesystem
andvolume.block.mount_options
ZFS storage pool settings. See [LXD] ZFS block mode for more information.
Improvements:
- Refreshed and improved the Images section of the documentation.
- Added a documentation section about troubleshooting failing instances.
- Improved the
forkproxy
AppArmor profile to prevent unnecessary DENIED entries in the system logs. - Added support for converting Go structs to Starlark objects for the instance placement scriptlet.
- Added support for the
network
option to thephysical
NIC type. This allows usingphysical
type networks (although only one instance can be running at a time per network because the physical device is passed into the instance). - Removed trust password configuration from
lxd init
. For both clusters and standalone, we now support and recommend using one time tokens rather than relying on the trust password. Users who absolutely need this will now need to manually setcore.trust_password
.
Bug fixes:
- Fixed an issue where BTRFS optimized refresh would perform a full copy instead of just an optimized diff between the previously transferred snapshots.
- Fixed the CRIU (container live migration) integration in LXD. This was previously preventing live migration of even a basic Busybox container, which now works.
- Fixed an issue where if you had a stale cached image in one project and the same cached image in another project (which wasn’t stale) then when LXD went to remove the stale cached image entry it was also removing the on-disk image files, which was preventing instances being created from the remaining image entry in the other project. LXD will now only delete the on-disk image files when the image is considered stale in all projects its used in.
- Fixed Ceph filesystem custom volume support for VMs. This had been regressed and was trying to pass the filesystem volume as an RBD block device into the VM. Now it has been reverted to being passed via 9p/virtiofsd like other filesystem volumes.
- Fixed VM Ceph support for parsing the Ceph
keyring
configuration setting, rather than using the default location only. - For cgroup v2 containers LXD was not properly handling soft memory limits. Previously it was setting
memory.low
parameter for soft limits, butmemory.high
should be used instead. - Fixed bug that prevented management of network DNS zone records in non-default projects.
- Improve network forward and network load balancer conflict validation between networks. LXD now checks for conflicting network forwards on the OVN uplink network when using a
bridge
network as the uplink.
LXC
Bug fixes:
- Fix nftables syntax for IPv6 NAT in
lxc-net
. - Use PRIu64 for uint64_t in setproctitle.
YouTube videos
The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.
https://www.youtube.com/lxd-videos
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- Support ZFS block mode
- doc: Images section
- Storage: Fix optimized BTRFS refresh
- lxd/instance/drivers/driver/lxc: s/container/instance/
- lxd/apparmor: fix AppArmor forkproxy profile
- Scriptlet: Change
StarlarkMarshal
to convert Go structs to Starlark objects - Instance: Get CRIU working again
- Images: Only remove cached image files & volumes when image is expired in all projects that use it
- device: support managed network with physical nic
- Instance: Remove erroneous empty log error in LXC driver
- device/disk: Don’t use RBD for FS custom volumes
- cgroup: properly set soft mem limit for cgroup-v2
- instance: differentiate msg for creation/deletion of snapshots
- Storage: Fix BTRFS regression from ZFS block mode
- Network: Allow management of zone records in non-default project zones
- tests: make it work when seccomp is enabled externally
- ceph: Check ceph config file for key
- lxd/apparmor: Add microceph to ceph paths
- Network: Improve network forward and load balancer conflict validation between networks
- Remove trust passwords from
lxd init
- Move C and therefore CGO out of shared package
- doc: add video links
- doc: fix in documentation for
physical
NIC with thenetwork
option - doc: add a page about troubleshooting failing instances
- doc/storage: Document zfs.block_mode
LXC
LXCFS
- Nothing to report this week
Distrobuilder
LXD Charm
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- minio: Bump to 2023-02-10
- nvidia-container: Bump to v1.12.0
- ovs: Bump to v3.1.0
- ovn: Bump to v22.12.0
- zfs: Bump to 2.19
- lxd: Bump to 5.11