Canonical unveiled recently the release of the new version of the container manager LXD 5.0 and the LXCFS 5.0 virtual file system, being this new branch 5.0 classified as a long-term support version and in which the updates will be formed until June 2027.
LXC is used as runtime for launching as containers, which includes the liblxc library, a set of utilities (lxc-create, lxc-start, lxc-stop, lxc-ls, etc.), templates for creating containers, and a set of bindings for various programming languages. Isolation is done using the regular mechanisms of the Linux kernel.
The namespace mechanism is used to isolate processes, the ipc, uts network stack, user ids, and cgroups mount points are used to limit resources. Kernel features such as Apparmor and SELinux profiles, Seccomp policies, Chroots (pivot_root), and capabilities are used to reduce privileges and restrict access.
In addition to LXC, LXD also uses components from the CRIU and QEMU projects. If LXC is a low-level toolkit for manipulating individual containers at the level, LXD provides tools for centralized management of containers deployed in a multi-server cluster.
LXD is implemented as a background process which accepts requests over the network via a REST API and supports various storage backends (directory tree, ZFS, Btrfs, LVM), stateful snapshots, live migration of running containers from one machine to another, and tools for image storage containers. LXCFS is used to simulate the /proc and /sys pseudo-FS containers, and the virtualized view of cgroupfs to make the containers look like a normal stand-alone system.
Main news of LXD 5.0
In this new version of LXD 5.0 that is presented, the ability to hot plug and unplug USB drives and devices. In a virtual machine, a new disk is detected by a new device appearing on the SCSI bus, and a USB device is detected by generating a USB hotplug event.
The ability to start LXD even if it is impossible to establish a network connection, for example, due to the lack of a necessary network device. Instead of showing an error when starting, LXD now starts as many environments as it can under current conditions, with the rest of the environments starting after the network connection is established.
In LXD 5.0 a new new role of cluster members: ovn-chassis, intended for clusters that use Open Virtual Network (OVN) for network interaction (by assigning the ovn-chassis role, servers can be assigned to act as OVN routers).
Another change that stands out is that an optimized way to update the content of storage partitions is proposed. In previous versions, upgrading consisted of first copying a container instance or partition, for example using the send/receive functionality in zfs or btrfs, after which the created copy was synchronized by running the rsync program.
To improve efficiency of the virtual machine update, the new version uses advanced migration logic, where if the source and destination servers use the same storage group, snapshots and send/receive operations are used automatically instead of rsync.
Of the other changes that stand out:
- The environment identification logic in cloud-init has been redesigned: UUID is now used as instance IDs instead of environment names.
- Added support for hooking up the sched_setscheduler system call to allow non-privileged containers to change process priorities.
- Implemented lvm.thinpool_metadata_size option to control the size of metadata in thinpool.
- Redesigned network information file format for lxc. Added support for interface bindings, network bridges, VLANs, and OVNs.
- Increased requirements for minimum component versions: Linux kernel 5.4, Go 1.18, LXC 4.0.x and QEMU 6.0.
- LXCFS 5 added support for a unified cgroup hierarchy (cgroup2), implemented /proc/slabinfo and /sys/devices/system/cpu, and used the meson toolkit for assembly.
Finally, if you are interested in knowing more about it, you can consult the details In the following link.