Weekly status for the week of 13th November to 26th November.
Introduction
This week’s post covers the last 2 weeks of changes as last week’s regular post was missed.
We are starting to see some of our roadmap items being merged for the 24.04 cycle, the first of which is the removal of 2MB UEFI firmware support, with 4MB firmware now forced for new and existing VMs. Additionally we have landed support for a debug UEFI VM firmware to aid in debugging VM start up issues.
Following on from the recent bump of the minimum Go version for LXD in the main
branch to Go 1.20, the 5.0-stable
branch has had its minimum Go version bumped to Go 1.19. This is to ensure we can keep up to date with security fixes for dependent packages.
LXD highlights
Features
- Added new VM instance option
boot.debug_edk2
which allows enabling a debug UEFI EDKII firmware to aid debugging VM start up issues. The LXD snap package will include the required debug firmware build in a file calledOVMF_CODE.4MB.debug.fd
. The debug output will be captured and written to the fileedk2.log
(inside the$LXD_DIR/logs/<instance_name>
directory). E.g./var/snap/lxd/common/lxd/logs/myvm/edk2.log
.
Improvements
- The 4MB UEFI firmware for VMs is now forced for new and existing VMs. The 2MB firmware variant has been removed from the snap. This is to reduce the number of different firmware variants that need to be supported in the snap. The 4MB variant is required for booting Windows 11. This change should be transparent for existing VMs.
- Each LXD server will now generate and persist a file containing a UUID which will be used to identify the server for use with NVMe bindings. This will be used with the forthcoming new Dell Powerflex storage driver.
- The
InstanceExecArgs
struct in theclient
package has been updated to have itsStdin
,Stdout
andStderr
field types better align with those used by Go’s ownexec
package by removing the need requirement for these fields to implement theio.Closer
interface. Because this is reducing the size of the interface required, this should not affect any user who is currently passing in an interface that also implements theio.Closer
interface.
Bug fixes
- Fixed regression introduced in #12258 where BTRFS pools whose source is a subvolume outside of the pool mount path would fail to be created.
- Fixed regression introduced in #12313 that prevented trusting certs in CA mode.
- Fixed regression introduced in #12348. Use volume copy when moving a volume to target project.
- Fixed bug where websocket ping frames sent by LXD were not being consumed by the
lxc
client command for the control and stdin channels.
All changes
The items listed below is all of the work which happened over the past week and which will be included in the next release.
LXD
- shared/network: Only skip TLS verification if no remote certificate is available
- client: Use io.Writer for Stdout/Stderr in InstanceExecArgs
- btrfs: Handle pools whose source is a subvolume outside of the pool mount path
- Trust ca certs
- lxd/instance/drivers/driver_qemu: force 4MB UEFI firmware in snap
- lxc: Use volume copy when moving to target project
- lxd/instance/drivers/driver_qemu: add the boot.debug_edk2 option
- lxd/instance/exec: Only use keepalives on TCP sockets
- Detect btrfs compression (incus)
- config: Fix
acme.ca_url
short description - Read system certs directly from
/etc/ssl
- Exec cleanup improvements
- lxd/instance/drivers/driver_qemu: use OVMF_CODE.fd in a non-snap envi…
- Add LXD server UUID file
- Go 1.19 (stable-5.0)
- doc/installing: LXC_DEVEL needs to be fixed on 22.04+
LXD Charm
- charm: Change charmhub.io vector graphic
- README: mention that LTS and feature releases are supported
- config: add snap-config-ui-enable to control the LXD UI
Distribution work
This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.
Ubuntu
- Nothing to report this week.
Snap
- github: test build lxd-migrate prior to pushing to LP
- daemon.start: stop disabling Apparmor restrictions on unpriv userns/unconfined
- snapcraft/{hooks,commands}: handle new AppArmor unconfined profile mode
- snapcraft: drop edk2 2MB image
- lxd-migrate: remove support for upstart
- Drop
shiftfs.enable
configuration key - snapcraft: start to ship edk2 debug build
- snapcraft/commands/daemon.start: have LXD warn if a lxc debug binary is found
- github: look for branch target name in PR title (latest-candidate)
- Drop
shiftfs.enable
configuration key (latest-candidate) - snapcraft/{hooks,commands}: handle new AppArmor unconfined profile mode (latest-candidate)
- lxd-migrate: remove support for upstart (latest-candidate)
- snapcraft/commands/daemon.start: have LXD warn if a lxc debug binary is found (latest-candidate)
- snapcraft: drop edk2 2MB image (latest-candidate)
- github: test build lxd-migrate prior to pushing to LP (latest-candidate)