[lxc-devel] LXD an "hypervisor" for containers (based on liblxc)

Hello, So some of you may have seen discussions here and there about an announcement which was made earlier today at the OpenStack Summit in Paris. The public description of the project is at: http://www.ubuntu.com/cloud/tools/lxd Now all of this is pretty vague so I'll try to give some context and describe how things will be moving forward from there. Earlier this year, I started a discussion with some of you and some of our biggest users on improving the LXC user experience. This resulted in a bunch of good ideas, especially being able to transparently manage a bunch of hosts over the network, move containers around and do all of this safely. After some more discussions at conferences and internally within Canonical, what's announced today as LXD was born. The concept is relatively simple, it's a daemon exporting an authenticated REST API both locally over a unix socket and over the network using https. There are then two clients for this daemon, one is an OpenStack plugin, the other a standalone command line tool. The main features and I'm sure I'll be forgetting some are: - Secure by default (unprivileged containers, apparmor, seccomp, ...) - Image based workflow (no more locally built rootfs) - Support for online snapshotting, including running state (with CRIU) - Support for live migration - A simpler command line experience This work will be done in Go, using the great go-lxc binding from S.Çağlar. Now as to what this means for LXC upstream: - A new project will be setup at github.com/lxc/lxd. - Code to this project will be contributed under an Apache2 license, no CLA is required but we will require contributors to Sign-off on their commits as always (DCO). - Discussions about lxd will happen on lxc-devel and lxc-users. - Contributions to github.com/lxc/lxd will happen through github pull requests only and reviews will happen on github too. This is kept separate from the main tree because at least initially, I believe it best to have a separate release schedule for both of those and because it tends to be easier for Go-only projects to live in their own branch. This also isn't the end of the old lxc tools and templates. Those will keep being developed and maintained so long as there's interest in doing so by the LXC community. lxd will be a nice way to try and build a completely new, slicker user experience without having to care about backward compatibility, as a new project, it should also be much easier for newcomers to work on. In order to be a good hypervisor, we also need to make containers feel like they are their own system and so we'll be spending quite a bit of time figuring out how to improve the situation. Some of the work presented at Linux Plumbers is going to contribute to that, like cgmanagerfs to provide a reasonable view of /proc and a fake cgroupfs, Seth's unprivileged FUSE mounts and all the cool things mentioned in Serge's earlier post about Now as for the next steps. We will be creating the repository on github over the next few hours with Serge and I as the initial maintainers. Once the project is properly started and active, we will promote some of the most active contributors to commiters. The first few commits in there will be text versions of the specifications we came up with until now. This should also serve as a good todo list for people who want to get involved. Over the next few days/weeks, the existing code which was used for the demo at the OpenStack summit in Paris will be submitted through pull requests, reviewed and merge. I'm also working on a new version of linuxcontainers.org which will end up covering all linuxcontainers.org projects, that is at the moment, lxc, cgmanager and lxd, with clear descriptions, examples, news, ... Help with any of the above would be greatly appreciated, please get in touch, on the list or on IRC (#lxcontainers on Freenode)! -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141104/f12dd026/attachment.sig>