Introduction

The LXD team is very excited to announce the release of LXD 3.15!

This release both includes a number of major new features as well as some significant internal rework of various parts of LXD.

One big highlight is the transition to the dqlite 1.0 branch which will bring us more performance and reliability, both for our cluster users and for standalone installations. This rework moves a lot of the low-level database/replication logic to dedicated C libraries and significantly reduces the amount of back and forth going on between C and Go.

On the networking front, this release features a lot of improvements, adding support for IPv4/IPv6 filtering on bridges, MAC and VLAN filtering on SR-IOV devices and much improved DHCP server management.

We’re also debuting a new version of our resources API which will now provide details on network devices and storage disks on top of extending our existing CPU, memory and GPU reporting.

And that’s all before looking into the many other performance improvements, smaller features and bugfixes that went into this release.

For our Windows users, this is also the first LXD release to be available through the Chocolatey package manager: choco install lxc

Enjoy!

Major improvements

Switch to dqlite 1.0

After over a year of running all LXD servers on the original implementation of our distributed sqlite database, it’s finally time for LXD to switch to its 1.0 branch.

This doesn’t come with any immediately noticeable improvements for the user, but reduces the number of external dependencies, CPU usage and memory usage for the database. It will also make it significantly easier for us to debug issues and better integrate with more complex database operations when running clusters.

Upon upgrading to LXD 3.15, the on-disk database format will change, getting automatically converted following an automated backup. For cluster users, the protocol used for database queries between cluster nodes is also changing, which will cause all cluster nodes to refresh at the same time so they all transition to the new database.

Reworked DHCP lease handling

In the past, LXD’s handling of DHCP was pretty limited. We would write static lease entries to the configuration and then kick dnsmasq to read it. For changes and deletions of static leases, we’d need to completely restart the dnsmasq process which was rather costly.

LXD 3.15 changes that by instead having LXD itself issue DHCP requests to the dnsmasq server based on what’s currently in the DHCP lease table. This can be used to manually release a lease when a container’s configuration is altered or a container is deleted, all without ever needing to restart dnsmasq.

Reworked cluster heartbeat handling

In the past, the cluster leader would send a message to all cluster members on a 10s cadence, spreading those heartbeats over time. The heatbeat data itself was just the list of database nodes so that all cluster members would know where to send database queries.

Separately from that mechanism, we then had background tasks on all cluster members which would periodically look for version mismatches between members to detect pending updates and another task to detect changes in the list of members or in their IP addresses to re-configure clustered DNS.

For large size clusters, those repetitive tasks ended up being rather costly and also un-needed.

LXD 3.15 now extends this internal heartbeat to include the most recent version information from the cluster as well as the status of all cluster members, not just the database ones. This means that only the cluster leader needs to retrieve that data and all other members will now have a consistent view of everything within 10s rather than potentially several minutes (as was the case for the update check).

Better syscall interception framework

Quite a bit of work has gone into the syscall interception feature of LXD. Currently this covers mknod and mknodat for systems that run a 5.0+ kernel along with a git snapshot of both liblxc and libseccomp.

The changes involve a switch of API with liblxc ahead of the LXC 3.2 release as well as fixing handling of shiftfs backed containers and cleaning common logic to make it easier to intercept additional syscalls in the near future.

More reliable unix socket proxying

A hard to track down bug in the proxy device code was resolved which will now properly handle unix socket forwarding. This was related to end of connection detection and forwarding of the disconnection event.

Users of the proxy device for X11 and/or pulseaudio may in the past have noticed windows that won’t close on exit or the sudden inability to start new software using that unix socket. This has now been resolved and so should make the life of those running graphical applications in LXD much easier.

New features

Hardware VLAN and MAC filtering on SR-IOV

The security.mac_filtering and vlan properties are now avaiable to SR-IOV devices. This directly controls the matching SR-IOV options on the virtual function and so will completely prevent any MAC spoofing from the container or in the case of VLANs will perform hardware filtering at the VF level.

root@athos:~# lxc init ubuntu:18.04 c1 Creating c1 root@athos:~# lxc config device add c1 eth0 nic nictype=sriov parent=eth0 vlan=1015 security.mac_filtering=true Device eth0 added to c1 root@athos:~# lxc start c1 root@athos:~# lxc list c1 +------+---------+------+-----------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+------+-----------------------------------------------+------------+-----------+ | c1 | RUNNING | | 2001:470:b0f8:1015:7010:a0ff:feca:e7e1 (eth0) | PERSISTENT | 0 | +------+---------+------+-----------------------------------------------+------------+-----------+

New storage-size option for lxd-p2c

A new --storage-size option has been added which when used together with --storage allows specifying the desired volume size to use for the container.

root@mosaic:~# ./lxd-p2c 10.166.11.1 p2c / --storage btrfs --storage-size 10GB Generating a temporary client certificate. This may take a minute... Certificate fingerprint: fd200419b271f1dc2a5591b693cc5774b7f234e1ff8c6b78ad703b6888fe2b69 ok (y/n)? y Admin password for https://10.166.11.1:8443: Container p2c successfully created stgraber@castiana:~/data/code/go/src/github.com/lxc/lxd (lxc/master)$ lxc config show p2c architecture: x86_64 config: volatile.apply_template: copy volatile.eth0.hwaddr: 00:16:3e:12:39:c8 volatile.idmap.base: "0" volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]' volatile.last_state.idmap: '[]' devices: root: path: / pool: btrfs size: 10GB type: disk ephemeral: false profiles: - default stateful: false description: ""

Ceph FS storage backend for custom volumes

Ceph FS was added as a storage driver for LXD. Support is limited to custom storage volumes though, containers will not be allowed on Ceph FS and it’s indeed recommended to use Ceph RBD for them.

Ceph FS support includes size restrictions (quota) and native snapshot supports when the server, server configuration and client kernel support those features.

This is a perfect match for users of LXD clustering with Ceph as Ceph FS will allow you to attach the same custom volume to multiple containers at the same time, even if they’re located on different hosts (which isn’t the case for RBD).

stgraber@castiana:~$ lxc storage create test cephfs source=persist-cephfs/castiana Storage pool test created stgraber@castiana:~$ lxc storage volume create test my-volume Storage volume my-volume created stgraber@castiana:~$ lxc storage volume attach test my-volume c1 data /data stgraber@castiana:~$ lxc exec c1 -- df -h Filesystem Size Used Avail Use% Mounted on /var/lib/lxd/storage-pools/default/containers/c1/rootfs 142G 420M 141G 1% / none 492K 4.0K 488K 1% /dev udev 7.7G 0 7.7G 0% /dev/tty tmpfs 100K 0 100K 0% /dev/lxd tmpfs 100K 0 100K 0% /dev/.lxd-mounts tmpfs 7.8G 0 7.8G 0% /dev/shm tmpfs 7.8G 156K 7.8G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup [2001:470:b0f8:1015:5054:ff:fe5e:ea44]:6789:/castiana 47G 0 47G 0% /data

IPv4 and IPv6 filtering (spoof protection)

One frequently requested feature is to extend our spoofing protection beyond just MAC spoofing, doing proper IPv4 and IPv6 filtering too.

This effectively allows multiple containers to share the same underlying bridge without having concerns about root in one of those containers being able to spoof the address of another, hijacking traffic or causing connectivity issues.

To prevent a container from being able to spoof the MAC or IP of any other container, you can now set the following properties on the nic device:

security.mac_filtering=true

security.ipv4_filtering=true

security.ipv6_filtering=true

NOTE: Setting those will prevent any internal bridging/nesting inside that container as those rely on multiple MAC addresses being used for a single container.

stgraber@castiana:~$ lxc config device add c1 eth0 nic nictype=bridged name=eth0 parent=lxdbr0 security.mac_filtering=true security.ipv4_filtering=true security.ipv6_filtering=true Device eth0 added to c1 stgraber@castiana:~$ lxc start c1 stgraber@castiana:~$ lxc list c1 +------+---------+----------------------+----------------------------------------------+------------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +------+---------+----------------------+----------------------------------------------+------------+-----------+ | c1 | RUNNING | 10.166.11.178 (eth0) | 2001:470:b368:4242:216:3eff:fefa:e5f8 (eth0) | PERSISTENT | 0 | +------+---------+----------------------+----------------------------------------------+------------+-----------+

Reworked resources API (host hardware)

The resources API (/1.0/resources) has seen a lot of improvements as well as a re-design of the existing bits. Some of the changes include:

CPU Improved reporting of NUMA nodes (now per-core) Improved reporting of frequencies (minimum, current and turbo) Added cache information reporting Added full core/thread topology Added ID (to use for pinning) Added architecture name

Memory Added NUMA node reporting Added hugepages tracking

GPU Added sub-section for DRM information Now detecting cards which aren’t bound to a DRM driver Support for GPU SR-IOV reporting

NIC Added reporting of ethernet & infiniband cards Support for SR-IOV Per-port link information

Disks Added support for disk reporting Bus type reporting Partition list Disk identifiers (vendor, WWN, …)



The lxc info --resources command was updated to match.

NOTE: This version of the resources API isn’t compatible with the previous one. The data structures had to change to properly handle more complex CPU topologies (like AMD Epyc) and couldn’t be done in a properly backward compatible way. As a result, the command line client will detect the resources_v2 API and fail for servers which do not support it.

Lengthy example output root@athos:~# lxc info --resources CPUs (x86_64): Socket 0: Vendor: GenuineIntel Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz Caches: - Level 1 (type: Data): 33kB - Level 1 (type: Instruction): 33kB - Level 2 (type: Unified): 262kB - Level 3 (type: Unified): 31MB Cores: - Core 0 Frequency: 2814Mhz NUMA node: 0 Threads: - 0 (id: 0, online: true) - 1 (id: 24, online: true) - Core 1 Frequency: 2800Mhz NUMA node: 0 Threads: - 0 (id: 1, online: true) - 1 (id: 25, online: true) - Core 2 Frequency: 2652Mhz NUMA node: 0 Threads: - 0 (id: 2, online: true) - 1 (id: 26, online: true) - Core 3 Frequency: 2840Mhz NUMA node: 0 Threads: - 0 (id: 27, online: true) - 1 (id: 3, online: true) - Core 4 Frequency: 2613Mhz NUMA node: 0 Threads: - 0 (id: 28, online: true) - 1 (id: 4, online: true) - Core 5 Frequency: 2811Mhz NUMA node: 0 Threads: - 0 (id: 29, online: true) - 1 (id: 5, online: true) - Core 8 Frequency: 2710Mhz NUMA node: 0 Threads: - 0 (id: 30, online: true) - 1 (id: 6, online: true) - Core 9 Frequency: 2807Mhz NUMA node: 0 Threads: - 0 (id: 31, online: true) - 1 (id: 7, online: true) - Core 10 Frequency: 2805Mhz NUMA node: 0 Threads: - 0 (id: 32, online: true) - 1 (id: 8, online: true) - Core 11 Frequency: 2874Mhz NUMA node: 0 Threads: - 0 (id: 33, online: true) - 1 (id: 9, online: true) - Core 12 Frequency: 2936Mhz NUMA node: 0 Threads: - 0 (id: 10, online: true) - 1 (id: 34, online: true) - Core 13 Frequency: 2819Mhz NUMA node: 0 Threads: - 0 (id: 11, online: true) - 1 (id: 35, online: true) Frequency: 2790Mhz (min: 1200Mhz, max: 3200Mhz) Socket 1: Vendor: GenuineIntel Name: Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz Caches: - Level 1 (type: Data): 33kB - Level 1 (type: Instruction): 33kB - Level 2 (type: Unified): 262kB - Level 3 (type: Unified): 31MB Cores: - Core 0 Frequency: 1762Mhz NUMA node: 1 Threads: - 0 (id: 12, online: true) - 1 (id: 36, online: true) - Core 1 Frequency: 2440Mhz NUMA node: 1 Threads: - 0 (id: 13, online: true) - 1 (id: 37, online: true) - Core 2 Frequency: 1845Mhz NUMA node: 1 Threads: - 0 (id: 14, online: true) - 1 (id: 38, online: true) - Core 3 Frequency: 2899Mhz NUMA node: 1 Threads: - 0 (id: 15, online: true) - 1 (id: 39, online: true) - Core 4 Frequency: 2727Mhz NUMA node: 1 Threads: - 0 (id: 16, online: true) - 1 (id: 40, online: true) - Core 5 Frequency: 2345Mhz NUMA node: 1 Threads: - 0 (id: 17, online: true) - 1 (id: 41, online: true) - Core 8 Frequency: 1931Mhz NUMA node: 1 Threads: - 0 (id: 18, online: true) - 1 (id: 42, online: true) - Core 9 Frequency: 1959Mhz NUMA node: 1 Threads: - 0 (id: 19, online: true) - 1 (id: 43, online: true) - Core 10 Frequency: 2137Mhz NUMA node: 1 Threads: - 0 (id: 20, online: true) - 1 (id: 44, online: true) - Core 11 Frequency: 3065Mhz NUMA node: 1 Threads: - 0 (id: 21, online: true) - 1 (id: 45, online: true) - Core 12 Frequency: 2603Mhz NUMA node: 1 Threads: - 0 (id: 22, online: true) - 1 (id: 46, online: true) - Core 13 Frequency: 2543Mhz NUMA node: 1 Threads: - 0 (id: 23, online: true) - 1 (id: 47, online: true) Frequency: 2354Mhz (min: 1200Mhz, max: 3200Mhz) Memory: Hugepages: Free: 0B Used: 171.80GB Total: 171.80GB NUMA nodes: Node 0: Hugepages: Free: 0B Used: 85.90GB Total: 85.90GB Free: 119.93GB Used: 150.59GB Total: 270.52GB Node 1: Hugepages: Free: 0B Used: 85.90GB Total: 85.90GB Free: 127.28GB Used: 143.30GB Total: 270.58GB Free: 250.14GB Used: 290.96GB Total: 541.10GB GPUs: Card 0: NUMA node: 0 Vendor: Matrox Electronics Systems Ltd. (102b) Product: MGA G200eW WPCM450 (0532) PCI address: 0000:08:03.0 Driver: mgag200 (5.0.0-20-generic) DRM: ID: 0 Card: card0 (226:0) Control: controlD64 (226:0) Card 1: NUMA node: 1 Vendor: NVIDIA Corporation (10de) Product: GK208B [GeForce GT 730] (1287) PCI address: 0000:82:00.0 Driver: vfio-pci (0.2) Card 2: NUMA node: 1 Vendor: NVIDIA Corporation (10de) Product: GK208B [GeForce GT 730] (1287) PCI address: 0000:83:00.0 Driver: vfio-pci (0.2) NICs: Card 0: NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Gigabit Network Connection (1521) PCI address: 0000:02:00.0 Driver: igb (5.4.0-k) Ports: - Port 0 (ethernet) ID: eth0 Address: 00:25:90:ef:ff:31 Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full Supported ports: twisted pair Port type: twisted pair Transceiver type: internal Auto negotiation: true Link detected: true Link speed: 1000Mbit/s (full duplex) SR-IOV information: Current number of VFs: 7 Maximum number of VFs: 7 VFs: 7 - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:10.0 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s16 Address: 72:10:a0:ca:e7:e1 Auto negotiation: false Link detected: false - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:10.4 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s16f4 Address: 3e:fa:1d:b2:17:5e Auto negotiation: false Link detected: false - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:11.0 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s17 Address: 36:33:bf:74:89:8e Auto negotiation: false Link detected: false - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:11.4 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s17f4 Address: 86:a4:f0:b5:2f:e1 Auto negotiation: false Link detected: false - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:12.0 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s18 Address: 56:0a:5a:0c:e7:ff Auto negotiation: false Link detected: false - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:12.4 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s18f4 Address: 0a:a9:b3:21:13:8c Auto negotiation: false Link detected: false - NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Ethernet Controller Virtual Function (1520) PCI address: 0000:02:13.0 Driver: igbvf (2.4.0-k) Ports: - Port 0 (ethernet) ID: enp2s19 Address: ae:1a:db:06:8a:51 Auto negotiation: false Link detected: false Card 1: NUMA node: 0 Vendor: Intel Corporation (8086) Product: I350 Gigabit Network Connection (1521) PCI address: 0000:02:00.1 Driver: igb (5.4.0-k) Ports: - Port 0 (ethernet) ID: eth1 Address: 00:25:90:ef:ff:31 Supported modes: 10baseT/Half, 10baseT/Full, 100baseT/Half, 100baseT/Full, 1000baseT/Full Supported ports: twisted pair Port type: twisted pair Transceiver type: internal Auto negotiation: true Link detected: true Link speed: 1000Mbit/s (full duplex) SR-IOV information: Current number of VFs: 0 Maximum number of VFs: 7 Disks: Disk 0: NUMA node: 0 ID: nvme0n1 Device: 259:0 Model: INTEL SSDPEKNW020T8 Type: nvme Size: 2.05TB WWN: eui.0000000001000000e4d25c8b7c705001 Read-Only: false Removable: false Partitions: - Partition 1 ID: nvme0n1p1 Device: 259:1 Read-Only: false Size: 52.43MB - Partition 2 ID: nvme0n1p2 Device: 259:2 Read-Only: false Size: 26.84GB - Partition 3 ID: nvme0n1p3 Device: 259:3 Read-Only: false Size: 8.59GB - Partition 4 ID: nvme0n1p4 Device: 259:4 Read-Only: false Size: 53.69GB - Partition 5 ID: nvme0n1p5 Device: 259:5 Read-Only: false Size: 1.96TB Disk 1: NUMA node: 0 ID: nvme1n1 Device: 259:6 Model: INTEL SSDPEKNW020T8 Type: nvme Size: 2.05TB WWN: eui.0000000001000000e4d25cca7c705001 Read-Only: false Removable: false Partitions: - Partition 1 ID: nvme1n1p1 Device: 259:7 Read-Only: false Size: 52.43MB - Partition 2 ID: nvme1n1p2 Device: 259:8 Read-Only: false Size: 26.84GB - Partition 3 ID: nvme1n1p3 Device: 259:9 Read-Only: false Size: 8.59GB - Partition 4 ID: nvme1n1p4 Device: 259:10 Read-Only: false Size: 53.69GB - Partition 5 ID: nvme1n1p5 Device: 259:11 Read-Only: false Size: 1.96TB Disk 2: NUMA node: 0 ID: sda Device: 8:0 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sda1 Device: 8:1 Read-Only: false Size: 6.00TB - Partition 9 ID: sda9 Device: 8:9 Read-Only: false Size: 8.39MB Disk 3: NUMA node: 0 ID: sdb Device: 8:16 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdb1 Device: 8:17 Read-Only: false Size: 6.00TB - Partition 9 ID: sdb9 Device: 8:25 Read-Only: false Size: 8.39MB Disk 4: NUMA node: 0 ID: sdc Device: 8:32 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdc1 Device: 8:33 Read-Only: false Size: 6.00TB - Partition 9 ID: sdc9 Device: 8:41 Read-Only: false Size: 8.39MB Disk 5: NUMA node: 0 ID: sdd Device: 8:48 Model: WDC WD60EFRX-68L Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdd1 Device: 8:49 Read-Only: false Size: 6.00TB - Partition 9 ID: sdd9 Device: 8:57 Read-Only: false Size: 8.39MB Disk 6: NUMA node: 0 ID: sde Device: 8:64 Model: CT1000MX500SSD1 Type: scsi Size: 1.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sde1 Device: 8:65 Read-Only: false Size: 52.43MB - Partition 2 ID: sde2 Device: 8:66 Read-Only: false Size: 1.07GB - Partition 3 ID: sde3 Device: 8:67 Read-Only: false Size: 17.18GB - Partition 4 ID: sde4 Device: 8:68 Read-Only: false Size: 4.29GB - Partition 5 ID: sde5 Device: 8:69 Read-Only: false Size: 977.60GB Disk 7: NUMA node: 0 ID: sdf Device: 8:80 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdf1 Device: 8:81 Read-Only: false Size: 6.00TB - Partition 9 ID: sdf9 Device: 8:89 Read-Only: false Size: 8.39MB Disk 8: NUMA node: 0 ID: sdg Device: 8:96 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdg1 Device: 8:97 Read-Only: false Size: 6.00TB - Partition 9 ID: sdg9 Device: 8:105 Read-Only: false Size: 8.39MB Disk 9: NUMA node: 0 ID: sdh Device: 8:112 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdh1 Device: 8:113 Read-Only: false Size: 6.00TB - Partition 9 ID: sdh9 Device: 8:121 Read-Only: false Size: 8.39MB Disk 10: NUMA node: 0 ID: sdi Device: 8:128 Model: WDC WD60EFRX-68M Type: scsi Size: 6.00TB Read-Only: false Removable: false Partitions: - Partition 1 ID: sdi1 Device: 8:129 Read-Only: false Size: 6.00TB - Partition 9 ID: sdi9 Device: 8:137 Read-Only: false Size: 8.39MB

Control over uid, gid and cwd during command execution

It is now possible to specify what user id (uid), group id (gid) or current working directory (cwd) to use for a particular command. Note that user names and group names aren’t supported.

stgraber@castiana:~$ lxc exec c1 --user 1000 --group 1000 --cwd /tmp -- bash ubuntu@c1:/tmp$ id uid=1000(ubuntu) gid=1000(ubuntu) groups=1000(ubuntu) ubuntu@c1:/tmp$

Quota support for custom storage volumes on dir backend

When using a storage pool backend by the dir driver and with a source path that supports filesystem project quotas, it is now possible to set disk usage limits on custom volumes.

stgraber@castiana:~$ sudo truncate -s 100G test.img stgraber@castiana:~$ sudo mkfs.ext4 test.img mke2fs 1.45.2 (27-May-2019) Discarding device blocks: done Creating filesystem with 26214400 4k blocks and 6553600 inodes Filesystem UUID: 50ee78cb-e4e3-4e09-b38b-3fb06c6740a4 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000, 7962624, 11239424, 20480000, 23887872 Allocating group tables: done Writing inode tables: done Creating journal (131072 blocks): done Writing superblocks and filesystem accounting information: done stgraber@castiana:~$ sudo tune2fs -O project -Q prjquota test.img tune2fs 1.45.2 (27-May-2019) stgraber@castiana:~$ sudo mkdir /mnt/test stgraber@castiana:~$ sudo mount -o prjquota test.img /mnt/test stgraber@castiana:~$ sudo rmdir /mnt/test/lost+found stgraber@castiana:~$ lxc storage create dir dir source=/mnt/test Storage pool dir created stgraber@castiana:~$ lxc storage volume create dir blah Storage volume blah created stgraber@castiana:~$ lxc storage volume attach dir blah c1 blah /blah stgraber@castiana:~$ lxc exec c1 -- df -h /blah Filesystem Size Used Avail Use% Mounted on /dev/loop32 98G 61M 93G 1% /blah stgraber@castiana:~$ lxc storage volume set dir blah size 10GB stgraber@castiana:~$ lxc exec c1 -- df -h /blah Filesystem Size Used Avail Use% Mounted on /dev/loop32 9.4G 4.0K 9.4G 1% /blah

Bugs fixed

client: Move to units package

doc: Fix underscore escaping

doc/devlxd: Fix path to host’s communication socket

doc/README: Add basic install instructions

doc/README: Update linker flags

i18n: Update translations from weblate

i18n: Update translation templates

lxc: Fix renaming storage volume snapshots

lxc: Move to units package

lxc/copy: Always strip volatile.last_state.power

lxc/export: Expire the backup after 24 hours

lxd: Better handle bad commands

lxd: Fix renaming volume snapshots

lxd: Move to units package

lxd: Use RunCommandSplit when needed

lxd/api: Update handler funcs to take nodeRefreshFunc

lxd/cluster: Always return node list on rebalance

lxd/cluster: Better handle DB node removal

lxd/cluster: Export some heartbeat code

lxd/cluster: Perform heartbeats only on the leader

lxd/cluster: Update HandlerFuncs calls in tests

lxd/cluster: Update heartbeat test to pass last leader heartbeat time

lxd/cluster: Update tests not to use KeepUpdated in tests

lxd/cluster: Use correct node id on promote

lxd/cluster/gateway: Update to receive new heartbeat format

lxd/cluster/heartbeat: Add new heartbeat request format

lxd/cluster/heartbeat: Compare both ID and Address

lxd/cluster/heartbeat: Fix bug when nodes join during heartbeat

lxd/cluster/heartbeat: Remove unneeded go routine (as context does cancel)

lxd/cluster/heartbeat: Use current timestamp for DB record

lxd/cluster/membership: Update Join to send new heartbeat format

lxd/cluster/upgrade: Remove KeepUpdated and use MayUpdate directly

lxd/cluster/upgrade: Remove unused context

lxd/cluster/upgrade: Remove unused context from test

lxd/containers: Add allocateNetworkFilterIPs

lxd/containers: Add error checking for calls to networkClearLease

lxd/containers: Add SR-IOV parent restoration

lxd/containers: Better detect and alert on missing br_netfilter module

lxd/containers: Combine state updates

lxd/containers: Consistent comment endings

lxd/containers: Disable auto mac generation for sriov devices

lxd/containers: Ensure dnsmasq config refresh if bridge nic added/removed

lxd/containers: Ensure that sriov devices use volatile host_name for removal

lxd/containers: Fix return value of detachInterfaceRename

lxd/containers: Fix showing host_name of veth pair in lxc info

lxd/containers: Fix snapshot restore on ephemeral

lxd/containers: Fix template handling

lxd/containers: generateNetworkFilterEbtablesRules to accept IP info as args

lxd/containers: generateNetworkFilterIptablesRules to accept IP info as args

lxd/containers: Improve comment on DHCP host config removal

lxd/containers: Made detection of veth nic explicit

lxd/containers: Move all nic hot plug functionality into separate functions

lxd/containers: Move container taring logic into standalone class

lxd/containers: Move network filter setup into setupHostVethDevice

lxd/containers: Move stop time nic device detach into cleanupNetworkDevices

lxd/containers: Remove containerNetworkKeys as unused

lxd/containers: Remove ineffective references to containerNetworkKeys

lxd/containers: Remove the need for fixed veth peer when doing mac_filtering

lxd/containers: Remove unused arg from setNetworkRoutes

lxd/containers: Separate cleanupHostVethDevices into cleanupHostVethDevice

lxd/containers: Speed up startCommon a bit

lxd/containers: Update removeNetworkFilters to use dnsmasq config

lxd/containers: Update setNetworkFilters to allocate IPs if needed

lxd/containers: Update setupHostVethDevice to wipe old DHCPv6 leases

lxd/containers: Use current binary for early hooks

lxd/daemon: Update daemon to support node refresh tasks from heartbeat

lxd/db: Add Gateway.isLeader() function

lxd/db: Better formatting

lxd/db: Bootstrap dqlite for new servers

lxd/db: Check dqlite version of connecting nodes

lxd/db: Check TLS cert in raft connection handler

lxd/db: Conditionally check leadership in dqlite dial function

lxd/db: Convert tests to the new go-dqlite API

lxd/db: Copy network data between TLS Go conn and Unix socket

lxd/db: Custom dqlite dial function

lxd/db: Don’t use the db in legacy patch 12

lxd/db: Drop dependencies on hashicorp/raft

lxd/db: Drop hashicorp/raft setup code

lxd/db: Drop the legacy /internal/raft endpoint

lxd/db: Drop unused hashicorp/raft network transport wrapper

lxd/db: Fix comment

lxd/db: Fix import

lxd/db: Fix lint

lxd/db: Get information about current servers from dqlite

lxd/db: Ignore missing WAL files when reproducing snapshots

lxd/db: Improve gateway standalone test

lxd/db: Instantiate dqlite

lxd/db: Move container list from containersShutdown into containersOnDisk

lxd/db: No need to shutdown hashicorp/raft instance

lxd/db: Only use the schema db transaction in legacy patches

lxd/db: Perform data migration to dqlite 1.0 format

lxd/db: Retry copy-related errors

lxd/db: Return HTTP code 426 (Upgrade Required) if peer has old version

lxd/db: Set max open conns before running schema upgrades

lxd/db: Translate address of first node

lxd/db: Turn patchShrinkLogsDBFile into a no-op

lxd/db: Update comment

lxd/db: Update docstring

lxd/db: Update unit tests

lxd/db: Use dqlite leave primitive

lxd/db: Use dqlite’s join primitive

lxd/db: Use ID instead of address to detect initial node

lxd/db: Wire isLeader()

lxd/instance_types: Improve errors

lxd/main: Fix debug mode flag to actually enable debug mode

lxd/main: Fix test runner by allowing empty command arg

lxd/main_callhook: Don’t call /1.0

lxd/main_checkfeature: Remove unused variable

lxd/main_forkmknod: Check for MS_NODEV

lxd/main_forkmknod: Correctly handle shiftfs

lxd/main_forkmknod: Ensure correct device ownership

lxd/main_forkmknod: Remove unused variables

lxd/main_forkmknod: Simplify

lxd/main_forknet: Clean up forknet detach error logging and output

lxd/networks: Add DHCP range functions

lxd/networks: Add --dhcp-rapid-commit when dnsmasq version > 2.79

lxd/networks: Add IP allocation functions

lxd/networks: Add networkDeviceBindWait function

lxd/networks: Add networkDHCPv4Release function

lxd/networks: Add networkDHCPv6Release function and associated packet helper

lxd/networks: Add networkGetVirtFuncInfo function

lxd/networks: Add networkUpdateStaticContainer

lxd/networks: Add SR-IOV related PCI bind/unbind helper functions

lxd/networks: Allow querying state on non-managed

lxd/networks: Call networkUpdateForkdnsServersTask from node refresh

lxd/networks: Cleaned up the device bind/unbind functions for SR-IOV

lxd/networks: Fix bug preventing 3rd party routes restoration on startup

lxd/networks: Remove unused context

lxd/networks: Remove unused state.State from networkClearLease()

lxd/networks: Start dnsmasq with --no-ping option to avoid delayed writes

lxd/networks: Update networkClearLease to support a mode flag

lxd/networks: Update networkClearLease to use DHCP release helpers

lxd/networks: Update networkUpdateStatic to use existing config for filters

lxd/networks: Update networkUpdateStatic to use networkUpdateStaticContainer

lxd/networks: Update refreshForkdnsServerAddresses to run from node refresh

lxd/patches: Handle btrfs snapshots properly

lxd/proxy: Fix error handling for unix

lxd/rsync: Allow disabling xattrs during copy

lxd/rsync: Don’t double-specify --xattrs

lxd/seccomp: Add insertMount() helpers

lxd/seccomp: Cause a default message to be sent

lxd/seccomp: Check permissions before handling mknod via device injection

lxd/seccomp: Cleanup + simplify

lxd/seccomp: Define __NR_mknod if missing

lxd/seccomp: Ensure correct owner on __NR_mknod{at}

lxd/seccomp: Fix error reporting

lxd/seccomp: Handle compat arch syscalls

lxd/seccomp: Handle new liblxc seccomp notify updates

lxd/seccomp: Retry with mount hotplug

lxd/seccomp: Rework missing syscall number definitions

lxd/seccomp: Simplify and make more secure

lxd/storage: Fix copies of volumes with snapshots

lxd/storage/ceph: Fix snapshot deletion cleanup

lxd/storage/dir: Allow size limits on dir volumes

lxd/storage/dir: Fix quotas on dir

lxd/storage/dir: Fix some deletion cases

lxd/storage/lvm: Adds space used reporting for LVM thinpools

lxd/task/group: Improve locking of Start/Add/Stop functions to avoid races

Makefile: Update make deps to build also libco and raft

shared: Add volatile key suffixes for SR-IOV

shared: Better handle stdout/stderr in RunCommand

shared: Move to units package

shared/netutils: Add lxc_abstract_unix_recv_fds_iov()

shared/netutils: Fix bug with getting container PID

shared/termios: Fix port to sys/unix

shared/units: Move unit functions

tests: Add check for dnsmasq host config file removal on container delete

tests: Add DHCP lease release tests

tests: Add p2p test for adding new nic rather than updating existing

tests: Add SR-IOV tests

tests: Add test for dnsmasq host config update when nic added/removed

tests: Add tests for security.mac_filtering functionality

tests: Always pass --force to stop/restart

tests: Don’t leak remotes in tests

tests: Fix bad call to spawn_lxd

tests: Fix typo in test/suites/clustering.sh

tests: Increase nic bridge ping sleep time to 2s

tests: Make new shellcheck happy

tests: Make shellcheck happy

tests: Optimize ceph storage test

tests: Properly scope LXD_NETNS

tests: Remove un-needed LXD_DIR

tests: Re-order tests a bit

tests: Scope cluster LXD variables

tests: Test renaming storage volume snapshots

tests: Update godeps

tests: Update nic bridge tests to check for route restoration

various: Removes use of golang.org/x/net/context in place of stdlib context

vendor: Drop vendor directory

Try it for yourself

This new LXD release is already available for you to try on our demo service.

Downloads

The release tarballs can be found on our download page.

Binary builds are also available for: