Weekly status for the week of 5th June to 11th June.
Introduction
This past week we have added UEFI Compatibility Support Module (CSM) support for LXD VMs. This allows for booting non-UEFI legacy operating systems.
There was also a continuation of the documentation improvements for LXD, this time focusing on restructuring the Manage LXD and Internals sections. As well as the usual round of bug fixes and improvements.
Additionally @stgraber has added a video covering LXD backup and disaster recovery:
https://www.youtube.com/watch?v=IFOZpAxckPo
Job openings
Canonical Ltd. strengthens its investment into LXD and is looking at building multiple squads under the technical leadership of @stgraber.
As such, we are looking for first line managers (highly technical) and individual contributors to grow the team and pursue our efforts around scalability and clustering.
All positions are 100% remote with some travel for internal events and conferences.
For more info please see LXD related openings at Canonical Ltd (2022-2023)
LXD
New features:
- Added support for UEFI CSM to allow running of legacy VM operating systems. This is controlled by the
security.csminstance setting.
Improvements:
- The output of instance
execrecord-output mode is now stored in the instance’s storage volume rather than in the root filesystem. This means that it now falls under the instance’s root disk quota, whereas before it was in theory possible to consume all root filesystem space. - Added
auth_user_nameandauth_user_methodto the output of the/1.0API endpoint. This was added for the LXD UI in order to ascertain whether to show a Logout button or not.
Bug fixes:
- Fixed issue with concurrent VM create from same image AppArmor issue when using non-optimized storage pools. Now each invocation of
qemu-imgthat is used to unpack VM images is wrapped with a unique AppArmor profile which avoids permissions issues preventing unpack. - Fixed bug regarding SRIOV representor port lookup with
ovnNICs when using theaccelerationmode. - Fixed issue with
lxc warning acknowledgenot returning an error if the warning UUID didn’t exist. - Fixed issue with VM NICs causing high CPU usage on the host when using the vhost-net CPU offloading feature. This was addressed by modifying the settings applied to the LXD configured TAP device to match what QEMU expects before it was passed to QEMU.
- Fixed GPU device selection filtering. This allows adding physical GPU devices to containers by setting the DRM ID with the
idsetting. Before a new device/dev/nvidia[0123...]was added for each graphics card regardless of what was configured withid. - Fixed issue with VM refresh since the improved configuration validation was added. This highlighted a bug in
lxccommand that was always trying to setvolatile.idmap.nexton refresh, even though this setting isn’t valid for VMs. - Added workaround for an OVN bug that prevents communication with the uplink network when using OVN with IPv6 geneve tunnels in a cluster. LXD will now attempt to ping both IPv4 and IPv6 OVN virtual router external addresses on start up in order to get OVN to record the uplink gateway’s MAC address. The Canonical OVN team are investigating the actual OVN issue to see what is happening.
- Fixed issue with the
zfsstorage driver where ifatime=offwas set/inherited on the instance dataset this was not manifesting itself asnoatimeon the root filesystem mount. We have also added support forrelatime=off atime=onwhich will manifest itself asstrictatimeon the root filesystem mount. - Fixed AppArmor issue when using snap package and
lxc exportwith squashfs. - Fixed rename of global
lxcremotes.
YouTube videos
The LXD team is running a YouTube channel with live streams covering LXD releases and weekly videos on different aspects of LXD. You may want to give it a watch and/or subscribe for more content in the coming weeks.
https://www.youtube.com/lxd-videos
Contribute to LXD
Ever wanted to contribute to LXD but not sure where to start?
We’ve recently gone through some effort to properly tag issues suitable for new contributors on Github: Easy issues for new contributors
Upcoming events
- Nothing to report this week
Ongoing projects
The list below is feature or refactoring work which will span several weeks/months and can’t be tied directly to a single Github issue or pull request.
- Stable release work for LXC, LXCFS and LXD
Upstream changes
The items listed below are highlights of the work which happened upstream over the past week and which will be included in the next release.
LXD
- doc: restructure the Manage LXD and Internals sections
- lxd/storage: Use a unique apparmor profile for qemu-img unpacking
- Fix SRIOV representor port lookup
- doc: Update max value of
net.core.bpf_jit_limit - lxd: Check if warning exists before acknowledging it
- lxd/instance: Fix exec record-output location
- VM: Fix addNetDevConfig to match the tap interface settings that QEMU uses
- lxc/utils: Change sort ByName interface name to SortColumnsNaturally
- Instance: Fix VM image unpack apparmor regression
- Shared CLI package
- Allow the consistent selection of a GPU device by DRM ID
- lxc/copy: Don’t try and modify volatile.idmap.next on refresh if not set in source
- doc/devices/nic:
ovnNICs support hotplugging for VMs now - Network: Ping OVN virtual router external addresses when using physical uplink network
- lxd/instance_logs: Cleanup function call
- Introduce auth_user_name and auth_user_method in /1.0
- Add CSM support
- lxd/storage/zfs: Fix ZFS does not respect atime=off option
- lxd/db: return an error in
UpdateWarningStateis the warning is not found - lxd/endpoints: make sure to not access passed the end of the slice
- lxd/apparmor/archive: Fix snap handling
- lxc/remote: Fix rename of global remotes
LXC
- Nothing to report this week
LXCFS
- Nothing to report this week
Distrobuilder
- Nothing to report this week
LXD Charm
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXC, LXD and LXCFS as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week
Snap
- Nothing to report this week