Weekly status for the week of 26th August to 1st September.

Introduction

The highlight of the past week is the added support for GPU passthrough to LXD containers using CDI. Additionally, LXD received several bug fixes listed below. As always, thanks to all the contributors!

Support GPU passthrough to LXD containers using Container Device Interface (CDI)

LXD now supports passing the integrated NVIDIA GPU through to a container. Both discrete (dGPU) and integrated (iGPU) GPUs are supported. Note that the required runtime libraries are passed through as well, however, they need to be manually installed and configured on the host where LXD server is running.

The following examples showcase how iGPU or dGPU can be attached to the LXD container:

# Example for iGPU.
lxc config device add c1 igpu0 gpu gputype=physical id=nvidia.com/igpu=0

# Example for dGPU.
lxc config device add c1 gpu0 gpu gputype=physical id=nvidia.com/gpu=0

Documentation: How to pass an NVIDIA GPU to a container and LXD GPU device

Guest OS compatibility matrix

The LXD documentation now contains OS compatibility matrix. It showcases the commonly used distributions that were tested by manually installing virtual machines from an ISO image.

At the time of writing, the matrix covers CentOS, RHEL, SUSE, Ubuntu, and Windows operating systems. This matrix does not refer to images provided by the ubuntu: and images: remotes, as those are considered fully functional by default.

Documentation: Guest OS compatibility matrix

OVN NIC long-lived virtual ports

When OVN support was introduced into LXD the virtual ports for each ovn NIC were created and destroyed in OVN at NIC start and stop time respectively, similar to how bridged NICs created and deleted their virtual veth interfaces at start and stop time respectively.

However this was causing unexpected behaviour when using dynamic IP addresses for ovn NICs, as the IP that OVN was allocating could change due to the start ordering of other instances such that rebooting your instance or rebooting the LXD host could cause instances to start back up with different IPs to what they had previously.

To avoid this unexpected behaviour LXD now creates virtual ports in OVN at NIC add time and removes them only at NIC removal time. This causes OVN to reserve dynamic IP allocations for the lifetime that the NIC is attached to an instance. This change ensures that even if an instance is stopped, no other instance can take its reserved IP address. However, this also limits the number of instances that can connect to a specific network, as an error will occur if no free IP addresses are available for allocation.

Bugfixes

• Fixed an issue where the authorizer could return a Not found error if projects had features.* enabled. Previously, the authorizer only checked the project specified in the request URL and did not account for entities being accessible in other projects under certain circumstances, such as enabling features.profiles or features.images.

• Fixed an issue where ZFS instance volumes were not deactivated during LXD shutdown. This occurred because an already canceled shutdown context was passed to the deactivation function.

• Fixed an issue where the snapshot expiry date was not stored in the instance’s backup file, leading to the expiry date being omitted after a successful recovery.

• Fixed an issue where error was not reported back to the client instance copy or migration failed. Previously, the error was only logged on the server where the issue occurred. (from Incus)

• Added examples to the help messages for the storage bucket create, network zone create, and network load balancer create commands. (from Incus)

• Fixed an issue where the LV state could change after resizing, causing data to be written to a file in the /dev folder instead of the intended device. (from Incus)

• Added support for specifying a storage volume description when creating a volume from a YAML config.

• Adjusted the AppArmor profile for unprivileged containers to explicitly allow procfs and sysfs mounts. This additional rule is necessary due to changes in AppArmor 4.0, where these mounts were previously allowed by default.

• Certificate names can no longer contain / or - at the beginning to prevent potential issues when managing certificates using lxc.

• Fixed an issue where the project ID was being reapplied to all files within an instance’s directory storage volume during quota changes, even when the project had not changed. This caused unnecessarily long instance updates, especially in containers with many files. (from Incus)

LXD UI

• Improved the edit experience for instances, profiles, networks and storage pools.
• Added a clearer way to switch between YAML configuration for said entities.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• gpu: Support GPU passthrough to LXD containers using Container Device Interface (CDI)
• shared/cmd: Allow a cmd asker to be created with a logger instance
• Effective project handling
• Network: Switch to long-lived OVN ports
• lxd/certificates: Add input validation for certificate names
• Migration: Forward migration errors (from Incus)
• lxd/recover: Add snapshot expiry when recovering instance snapshots
• build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
• build(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0
• build(deps): bump github.com/zitadel/oidc/v2 from 2.12.0 to 2.12.1
• build(deps): bump github.com/minio/minio-go/v7 from 7.0.75 to 7.0.76
• build(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0
• build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
• lxc/storage_bucket: Add example for storage bucket create (from Incus)
• lxc/network_zone: Add example for create command (from Incus)
• lxc/network_load_balancer: add Example to create (from Incus)
• lxd: Disable networks during evacuation (from Incus)
• storage: Conserve LV state (from Incus)
• Add methods to instantiate a StatusError without formatting
• Storage: Don’t use d.state.ShutdownCtx in ZFS GetVolumeDiskPath
• Add guest OS compatibility matrix
• doc/reference: Add warning about volatile keys
• Device: Remove unused IsBlockdev()
• Bump Go min to 1.21 (stable-5.0)
• shared: Fix conversion source disk size JSON and YAML key name
• AppArmor: Allow procfs for unprivileged containers
• AppArmor: Allow signals receiving
• Device: Disable NVIDIA CDI for armhf platforms
• lxd/device/cdi: add no-op defaultNvidiaTegraCSVFiles for armhf build
• doc/guest-os-compatibility: add SUSE 12 and 15
• storage: Handle unsupported response from drivers (from Incus)
• AppArmor: Allow sysfs for unprivileged containers
• Makefile: pin gorilla/websocket version (stable-5.0)
• Add Ubuntu to guest OS compat
• Backports (stable-5.21)
• lxd/storage: Create a volume snapshot with a Description
• Makefile: Pin github.com/dell/goscaleio@v1.15.0
• Storage: Fix unnecessary dir project quota updates (from Incus)
• test/lint/godeps: don’t abort on first error
• Improve on doc on how to manually setup the LXD agent

LXD UI

• fix(network) show physical managed network state
• fix(ui) avoid small caps for keys from key value pairs shown on detail page overview
• feat: Add create instance from snapshot feature [WD-14411]
• fix: infinite api call loop when duplicating instance
• simpler one click edit mode for edit forms
• feat: [WD-14389] Combine instance detail page actions
• feat: [WD-14391] instance duplication tests
• move yaml switch to the footer of forms and flatten navigation
• Simplify snapshot test
• chore(deps): update dependency @canonical/react-components to v1.2.1
• feat: [WD-14383] Image export upload delete tests
• chore(deps): bump micromatch from 4.0.5 to 4.0.8 in the npm_and_yarn group across 1 directory

LXD Charm

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

LXD snap

• snapcraft: add zfs.external config key
• Invoke virt-v2v-in-place on host (5.21-edge)

dinmusic - Hello

I have undertaken to add your summary to our Ubuntu Weekly Newsletter, under our new “Ubuntu Meeting Activity Reports” section in the next week’s issue.
I expect to have issue856 as a Work in progress available in a few hours.
Formerly to this the LXD report was a bulleted item - Moving to a dedicated section I hope will give greater exposure to the team’s activities.

Please review and further edit the summary to suit your team’s needs,

Regards

Hi Billy,

Thank you very much. Will the separate section always include the introduction part from now on? Just want to keep that in mind when writing future news.

Din - Quite welcome
Pleased that I thought of LXD’s efforts when we made up this new section.
As to what to include in the summary - hey - You can focus on how you want readers to perceive what the LXD Team does, whereas if the UWN team writes would result in a generic, somewhat quick outsiders view.

The Newsletter is a open WIKI that any accredited member of Discourse can access and edit. The current summary - as such- is just 'cause I do not know better how your team would prefer the presentation. Come close out time - we may do-edit what is current IF you do not make the additions,

It is your section - write as needed - generally keep it to 4 sentences (overall length of the NewsLetter is a large consideration) . Keep always in mind that this is a newsletter, not a podium or for any other purpose than news,

My Regards