Weekly Update Templates960×540 53.3 KB

Introduction

This past week saw the addition of initial support for AMD SEV (Secure Encrypted Virtualization) in LXD VMs, which can be used to encrypt the memory of a guest VM (if the host CPU supports it).

Job openings

Canonical Ltd. strengthens its investment into LXD and is looking at building multiple squads under the technical leadership of @stgraber.

As such, we are looking for first line managers (highly technical) and individual contributors to grow the team and pursue our efforts around scalability and clustering.

All positions are 100% remote with some travel for internal events and conferences.

For more info please see LXD related openings at Canonical Ltd (2022-2023)

LXD

New features:

• Added basic support for AMD SEV (Secure Encrypted Virtualization) in LXD VMs, which can be used to encrypt the memory of a guest VM (if the host CPU supports it).

Improvements:

• Moved the VM generation ID feature from using QEMU’s command line flag option to use the config file option, so that the QEMU command invocation was shorter.
• Now that LXD supports filtering access to managed bridge networks at the project level, when using the lxd-user daemon socket (for unprivileged users accessing LXD), the first time it is used by a new user a dedicated LXD bridge network is created rather and that is set as the only network that unprivileged user’s project can use.
• Clarified documentation on how to set minimum TLS version in lxc tooling.

Bug fixes:

• Fixed bug that was preventing taking snapshots of VMs on ceph storage pools.
• Fixed bug where the automatic scheduled snapshot create task was sometimes overlapping with the automatic snapshot prune task, causing warnings about snapshot inconsistency in the log. Now these tasks have been combined so they always run one after the other.
• Fixed an issue with the recently merged intra-cluster instance move feature that was not stopping the instance until after the storage was synced (when doing a stateless transfer), but it should have been stopping the instance before doing the storage sync so that the storage volume(s) transferred were consistent.
• Fixed an issue where adding a trust token using lxc config trust add would fail if a remote LXD was specified.
• Several fixes and improvements to the migration socket handling; fixed an issue where the sending side could block on an externally called command (such as zfs send) while it waited for the socket to become writable (even if the socket had been closed at the TCP layer). Also ensured that reads to the migration websockets were not done concurrently (as this is not supported), and added the same socket level timeout options that are used on the migration send side to the migration receive side.
• Fixed linter issue with unused context.Context in lxd-generate’s CreateConfig and CreateDevices functions.

LXCFS

Bug fixes:

• Fixed missing 15th column (discard) in /proc/diskstats output. After this fix /proc/diskstats format in full agreement with 4.18 kernel.

YouTube videos

The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.

https://www.youtube.com/lxd-videos

Contribute to LXD

Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors

Upcoming events

• Nothing to report this week

Ongoing projects

The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.

• Stable release work for LXC, LXCFS and LXD

Upstream changes

The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.

LXD

• Adding basic support for AMD SEV VMs
• doc: Add source.wipe
• Storage: Fix VM snapshots on Ceph
• lxd: auto snap create and pruning are in the same task
• Instance: Stop instance before moving statelessly between cluster members
• Instance: Avoid using loop-back API connection to source when doing intra-cluster member instance moves
• lxd/instance/qemu: Move vmgenid to using qemu.conf
• lxd-user: Use per-user bridge
• Update network_increase_bandwidth.md
• Instance: Fix VM start with vmgenid
• doc/devices/pci: add link to YouTube video
• Fix config trust command fail when remote is specified
• Migration: Socket improvements
• lxd-generate: Use tx.ExecContext over tx.Exec
• doc/authentication: Update minimum TLS

LXC

• Nothing to report this week

LXCFS

• proc: fix /proc/diskstats output format

Distrobuilder

• Nothing to report this week

LXD Charm

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week

Snap

• Nothing to report this week