Weekly status for the week of 26th August to 1st September.
Introduction
The highlight of the past week is the added support for GPU passthrough to LXD containers using CDI. Additionally, LXD received several bug fixes listed below. As always, thanks to all the contributors!
Support GPU passthrough to LXD containers using Container Device Interface (CDI)
LXD now supports passing the integrated NVIDIA GPU through to a container. Both discrete (dGPU) and integrated (iGPU) GPUs are supported. Note that the required runtime libraries are passed through as well, however, they need to be manually installed and configured on the host where LXD server is running.
The following examples showcase how iGPU or dGPU can be attached to the LXD container:
# Example for iGPU.
lxc config device add c1 igpu0 gpu gputype=physical id=nvidia.com/igpu=0
# Example for dGPU.
lxc config device add c1 gpu0 gpu gputype=physical id=nvidia.com/gpu=0
Documentation: How to pass an NVIDIA GPU to a container and LXD GPU device
Guest OS compatibility matrix
The LXD documentation now contains OS compatibility matrix. It showcases the commonly used distributions that were tested by manually installing virtual machines from an ISO image.
At the time of writing, the matrix covers CentOS, RHEL, SUSE, Ubuntu, and Windows operating systems. This matrix does not refer to images provided by the ubuntu:
and images:
remotes, as those are considered fully functional by default.
Documentation: Guest OS compatibility matrix
OVN NIC long-lived virtual ports
When OVN support was introduced into LXD the virtual ports for each ovn
NIC were created and destroyed in OVN at NIC start and stop time respectively, similar to how bridged
NICs created and deleted their virtual veth interfaces at start and stop time respectively.
However this was causing unexpected behaviour when using dynamic IP addresses for ovn
NICs, as the IP that OVN was allocating could change due to the start ordering of other instances such that rebooting your instance or rebooting the LXD host could cause instances to start back up with different IPs to what they had previously.
To avoid this unexpected behaviour LXD now creates virtual ports in OVN at NIC add time and removes them only at NIC removal time. This causes OVN to reserve dynamic IP allocations for the lifetime that the NIC is attached to an instance. This change ensures that even if an instance is stopped, no other instance can take its reserved IP address. However, this also limits the number of instances that can connect to a specific network, as an error will occur if no free IP addresses are available for allocation.
Bugfixes
-
Fixed an issue where the authorizer could return a
Not found
error if projects hadfeatures.*
enabled. Previously, the authorizer only checked the project specified in the request URL and did not account for entities being accessible in other projects under certain circumstances, such as enablingfeatures.profiles
orfeatures.images
. -
Fixed an issue where ZFS instance volumes were not deactivated during LXD shutdown. This occurred because an already canceled shutdown context was passed to the deactivation function.
-
Fixed an issue where the snapshot expiry date was not stored in the instance’s backup file, leading to the expiry date being omitted after a successful recovery.
-
Fixed an issue where error was not reported back to the client instance copy or migration failed. Previously, the error was only logged on the server where the issue occurred. (from Incus)
-
Added examples to the help messages for the storage bucket create, network zone create, and network load balancer create commands. (from Incus)
-
Fixed an issue where the LV state could change after resizing, causing data to be written to a file in the
/dev
folder instead of the intended device. (from Incus) -
Added support for specifying a storage volume description when creating a volume from a YAML config.
-
Adjusted the AppArmor profile for unprivileged containers to explicitly allow
procfs
andsysfs
mounts. This additional rule is necessary due to changes in AppArmor 4.0, where these mounts were previously allowed by default. -
Certificate names can no longer contain
/
or-
at the beginning to prevent potential issues when managing certificates usinglxc
. -
Fixed an issue where the project ID was being reapplied to all files within an instance’s directory storage volume during quota changes, even when the project had not changed. This caused unnecessarily long instance updates, especially in containers with many files. (from Incus)
LXD UI
- Improved the edit experience for instances, profiles, networks and storage pools.
- Added a clearer way to switch between YAML configuration for said entities.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- gpu: Support GPU passthrough to LXD containers using Container Device Interface (CDI)
- shared/cmd: Allow a cmd asker to be created with a logger instance
- Effective project handling
- Network: Switch to long-lived OVN ports
- lxd/certificates: Add input validation for certificate names
- Migration: Forward migration errors (from Incus)
- lxd/recover: Add snapshot expiry when recovering instance snapshots
- build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
- build(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0
- build(deps): bump github.com/zitadel/oidc/v2 from 2.12.0 to 2.12.1
- build(deps): bump github.com/minio/minio-go/v7 from 7.0.75 to 7.0.76
- build(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0
- build(deps): bump github.com/zitadel/oidc/v3 from 3.27.0 to 3.28.2
- lxc/storage_bucket: Add example for storage bucket create (from Incus)
- lxc/network_zone: Add example for create command (from Incus)
- lxc/network_load_balancer: add Example to create (from Incus)
- lxd: Disable networks during evacuation (from Incus)
- storage: Conserve LV state (from Incus)
- Add methods to instantiate a
StatusError
without formatting - Storage: Don’t use d.state.ShutdownCtx in ZFS GetVolumeDiskPath
- Add guest OS compatibility matrix
- doc/reference: Add warning about volatile keys
- Device: Remove unused IsBlockdev()
- Bump Go min to 1.21 (stable-5.0)
- shared: Fix conversion source disk size JSON and YAML key name
- AppArmor: Allow procfs for unprivileged containers
- AppArmor: Allow signals receiving
- Device: Disable NVIDIA CDI for
armhf
platforms - lxd/device/cdi: add no-op
defaultNvidiaTegraCSVFiles
forarmhf
build - doc/guest-os-compatibility: add SUSE 12 and 15
- storage: Handle unsupported response from drivers (from Incus)
- AppArmor: Allow sysfs for unprivileged containers
- Makefile: pin gorilla/websocket version (stable-5.0)
- Add Ubuntu to guest OS compat
- Backports (stable-5.21)
- lxd/storage: Create a volume snapshot with a
Description
- Makefile: Pin github.com/dell/goscaleio@v1.15.0
- Storage: Fix unnecessary dir project quota updates (from Incus)
- test/lint/godeps: don’t abort on first error
- Improve on doc on how to manually setup the LXD agent
LXD UI
- fix(network) show physical managed network state
- fix(ui) avoid small caps for keys from key value pairs shown on detail page overview
- feat: Add create instance from snapshot feature [WD-14411]
- fix: infinite api call loop when duplicating instance
- simpler one click edit mode for edit forms
- feat: [WD-14389] Combine instance detail page actions
- feat: [WD-14391] instance duplication tests
- move yaml switch to the footer of forms and flatten navigation
- Simplify snapshot test
- chore(deps): update dependency @canonical/react-components to v1.2.1
- feat: [WD-14383] Image export upload delete tests
- chore(deps): bump micromatch from 4.0.5 to 4.0.8 in the npm_and_yarn group across 1 directory
LXD Charm
- Nothing to report this week
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.