SRU of LXD 2.0.11 (upstream bugfix release)

Bug #1731146 reported by Stéphane Graber on 2017-11-09
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxd (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Stéphane Graber
Xenial
Undecided
Stéphane Graber

Bug Description

LXD upstream released LXD 2.0.11 as a bugfix release with following changelog:
    - It's now possible to interrupt image downloads
    - Added a new security.idmap.base config key
      (overrides the base uid/gid of the container)
    - Added support for delta image downloads
    - Implemented instance types as a proxy for resource limits
    - The user-agent string was expanded to include OS and kernel information
    - The client library and related code is now kept in sync with master
    - The command line client has been ported to the new client library

    - client: Add CancelTarget to RemoteOperation
    - client: Add CreateContainerFromImage function
    - client: Added insecureSkipVerify flag the ConnectionArgs struct
    - client: Add extra exec option to block on I/O
    - client: Add GetServerResources()
    - client: Add GetStoragePoolResources()
    - client: Add image_create_aliases backward compat
    - client: Add RenameStoragePoolVolume()
    - client: Allow canceling image download from LXDs
    - client: Allow specifying base http client
    - client: Cleanup code duplication in image download code
    - client: Commonize error handling
    - client: Don't live migrate stopped containers
    - client: Drop experimental tag from new client
    - client: Fail if source isn't listening on network
    - client: Fix crash in operation handler
    - client: Fix crash when missing cookiejar
    - client: Fix handling of public LXD remote
    - client: Fix image copy
    - client: Fix non-interactive exec hangs
    - client: Fix potential race in event handler setup
    - client: Fix race condition in operation handling
    - client: Implement container and snapshot copy
    - client: Implement push and relay container copy
    - client: Implement remote operations
    - client: Improve error on image copy
    - client: Improve migration relay code
    - client: Keep track of protocol
    - client: Make it possible to retrieve HTTP client
    - client: Make the authentication Interactor configurable
    - client: Move CopyImage to the target server
    - client: Only set file headers if value is provided
    - client: Properly handle remote disconnections
    - client: Reduce request logging to Debug
    - client: Simplify ConnectPublicLXD logic
    - client: Support for macaroons-based authentication
    - client: Sync with master branch
    - client: Use RemoteOperation for CopyImage
    - config: Add support for CookieJar
    - config: Try to be clever about ":" in snapshots
    - doc: Add a note about blkio limits
    - doc: Add section on macvlan vs bridge
    - doc: Add SUPPORT.md
    - doc: Document instance types
    - doc: Document that squashfs images can also be used
    - doc: Document the exec control API
    - doc: Extend/rework security-related documentation.
    - doc: Fix lxd.log location in issue template
    - doc: Fix spaces, commas, quotes, brackets where needed
    - doc: Initial documentation of container env
    - doc: Refresh the issue template
    - doc: Seriously rework the content of the README
    - doc: Sort container config keys
    - doc: Sort server.md config keys
    - doc: Update containers.md
    - extra/lxc-to-lxd: Fix bad test
    - extra/lxc-to-lxd: Ignore capabilities dropped by default
    - extra/lxc-to-lxd: Ignore sysfs/proc mounts
    - extra/lxc-to-lxd: Properly handle lxc.seccomp
    - i18n: Update Japanese translation (for stable-2.0)
    - lxc: Add plumbing for operation cancelation
    - lxc: Cross-platform HOME handling
    - lxc: Fix help to provide sample that actually works
    - lxc: Fix import crash when adding properties
    - lxc: Fix race in progress reporter
    - lxc: Properly record alias source on copy
    - lxc: Re-introduce remote protocol migration
    - lxc: Respect HOME if set
    - lxc/config: Removal of multiple devices at once
    - lxc/copy: Report progress data
    - lxc/delete: Fix lxc delete --force description
    - lxc/exec: Fix signal handler for Windows
    - lxc/exec: Fix Windows port
    - lxc/file: Fix file push/pull with names containing spaces.
    - lxc/file: Read file perms from Windows FS
    - lxc/file: Use shared.HostPath for push/pull
    - lxc/image: Always use long fingerprint in exported filenames
    - lxc/image: Expose the "cached" flag
    - lxc/image: Fix aliases with simplestreams remotes
    - lxc/image: Fix "lxc image copy" not recording the source
    - lxc/image: Fix regression in exported filename
    - lxc/image: Improve filter handling
    - lxc/image: Make "lxc image copy" fast again
    - lxc/image: Update image aliases when they already exist
    - lxc/image: Use shared.HostPath for import/export
    - lxc/init: Fix failure to launch containers with random names
    - lxc/list: Error if --columns and --fast are used together
    - lxc/move: Use force on delete
    - lxc/publish: Fix fingerprint printing
    - lxc/remote: Don't require a cert for public remotes
    - lxc/utils: Avoid potential progress race condition
    - lxc/utils: Println doesn't do format strings
    - lxd-benchmark: Add CreateContainers function
    - lxd-benchmark: Add csv reporting
    - lxd-benchmark: Add freezeContainer function
    - lxd-benchmark: Add processBatch function
    - lxd-benchmark: Add "spawn" as equivalent but deprecated to "launch"
    - lxd-benchmark: Add start and stop commands
    - lxd-benchmark: Add StartContainers function
    - lxd-benchmark: Add StopContainers function
    - lxd-benchmark: Change name of spawn command to launch
    - lxd-benchmark: Extract deleteContainer and copyImage functions
    - lxd-benchmark: Extract ensureImage function
    - lxd-benchmark: Extract getBatchSize function
    - lxd-benchmark: Extract GetContainers function
    - lxd-benchmark: Extract logic to separate package
    - lxd-benchmark: Extract PrintServerInfo function
    - lxd-benchmark: Extract printTestConfig function
    - lxd-benchmark: Fix ensureImage when a local alias is passed
    - lxd-benchmark: Fix local image handling
    - lxd-benchmark: Return operations duration
    - lxd-benchmark: Split private functions to separate files
    - lxd-benchmark: Use NewConfig to get a default configuration
    - lxd: Add initial lxd/sys sub-package and OperatingSystem structure
    - lxd: Fix typo now -> know
    - lxd: Make .dir-locals.el play nice with flycheck
    - lxd: Replace some uses of InternalError with SmartError
    - lxd: Use sql.DB or sys.OS instead of Daemon where possible
    - lxd/apparmor: Drop useless apparmor denies
    - lxd/apparmor: Support new stacking syntax
    - lxd/containers: Allow passing disk devices with the LXD snap
    - lxd/containers: Better handle errors in memory reporting
    - lxd/containers: Check for container mountpoint too
    - lxd/containers: Check whether disk device exists
    - lxd/containers: Cleanup volatile keys on update
    - lxd/containers: Detect POLLNVAL when poll()ing during exec
    - lxd/containers: Fix readonly mode for directory mount
    - lxd/containers: Make "dev" work as a network interface name
    - lxd/containers: Remove from db on storage failure
    - lxd/containers: Show underlying error when container delete fails
    - lxd/containers: Update to support LXC 2.1 configuration keys
    - lxd/containers: Use lxc.network.N.
    - lxd/daemon: Don't update images while pruning
    - lxd/daemon: d.os.Init must be run after all paths are created
    - lxd/daemon: Extract Daemon.ExpireLogs into a standalone function
    - lxd/daemon: Extract Daemon.GetListeners into a standalone function
    - lxd/daemon: Extract Daemon.httpClient into a standalone HTTPClient func
    - lxd/daemon: Extract Daemon.ListenAddresses into a standalone function
    - lxd/daemon: Extract Daemon.PasswordCheck into a standalone function
    - lxd/daemon: Extract Daemon.SetupStorageDriver into a standalone function
    - lxd/daemon: Finish replacing Daemon with State in higher-level entity API
    - lxd/daemon: Fix handling of config triggers
    - lxd/daemon: Improve error on invalid config key
    - lxd/daemon: Log a warning for unknown config keys and don't crash
    - lxd/daemon: Move Daemon.BackingFs to the OS struct
    - lxd/daemon: Move Daemon.IdmapSet to OS.IdmapSet
    - lxd/daemon: Move Daemon.isRecursionRequest to the lxd/util sub-package
    - lxd/daemon: Move Daemon.lxcpath to OS.LxcPath
    - lxd/daemon: Move Daemon.MockMode to OS.MockMode
    - lxd/daemon: Move Deamon.CheckTrustState and Deamon.isTrustedClient
    - lxd/daemon: Move filesystemDetect function into lxd/util subpackage.
    - lxd/daemon: Move lxd/util.go into its own lxd/util/ sub-package
    - lxd/daemon: Replace Daemon with State in all model entities
    - lxd/daemon: Reset the images auto-update loop when configuration changes
    - lxd/daemon: Simplify time channels
    - lxd/daemon: Use select and save goroutines
    - lxd/db: Add db/query sub-package with common query helpers
    - lxd/db: Add db/schema sub-package for managing database schemas
    - lxd/db: Add query.Transaction
    - lxd/db: Add Schema.Dump() method for flattening a series of schema update
    - lxd/db: Add schema.NewFromMap convenience to create a schema from a map.
    - lxd/db: Automatically generate database schema from database updates
    - lxd/db: Don't special-case mock mode unnecessarily in db patches
    - lxd/db: Drop dependencies on Daemon
    - lxd/db: Fix bad DB schema update between schema 30 and 31
    - lxd/db: Fix database upgrade logic not inserting interim versions
    - lxd/db: Move db*.go files into their own db/ sub-package
    - lxd/db: Separate db-level update logic from daemon-level one
    - lxd/db: Wire new schema code into db.go
    - lxd/devices: Add support for isolcpu in CPU scheduler
    - lxd/devices: Don't mark all cpus isolated by default
    - lxd/devices: Fix handling of major and minor numbers in device IDs
    - lxd/devices: Fix sorting order of devices
    - lxd/devices: Handle empty isolcpus set
    - lxd/devices: Take all 32 bits of minor device number
    - lxd/events: Fix race condition in event handlers
    - lxd/images: Actually get the list of images to remove
    - lxd/images: Always expand fingerprint
    - lxd/images: Carry old "cached" value on refresh
    - lxd/images: Clear error for image not found
    - lxd/images: Don't access the returned struct in case of error
    - lxd/images: Fix image refresh when fingerprint is passed
    - lxd/images: Fix ordering of compressor arguments
    - lxd/images: Fix potential double unlock
    - lxd/images: Fix private image copy with partial fp
    - lxd/images: Fix regression in image auto-update logic
    - lxd/images: Initialize image info in direct download case
    - lxd/images: Properly extract the image expiry
    - lxd/images: Respect disabled cache expiry
    - lxd/images: Store UploadedAt as RFC3399
    - lxd/init: Add a cmd.Parser helper for parsing command line flags
    - lxd/init: Consolidate interactive/auto init logic with the preseed one
    - lxd/init: Extract code asking init questions to individual methods
    - lxd/init: Extract logic to fill init data to standalone methods
    - lxd/init: Extract validation of --auto args into a separate method
    - lxd/init: Make the log cmdInit unit-testable
    - lxd/init: Move state-changing inline functions to own methods
    - lxd/init: Plug cmd.Parser into main.go
    - lxd/init: Properly set default port
    - lxd/main: Fix error message when log path is missing
    - lxd/migration: Fix live migration (bad URL in dumpsuccess)
    - lxd/networks: Don't require ipt_checksum
    - lxd/patches: Convert UploadedAt to RFC3399
    - lxd/rsync: Handle sparse files when rsyncing
    - lxd/shutdown: Only timeout if told to
    - lxd/storage/btrfs: Workaround btrfs bug
    - lxd/storage/dir: Unfreeze on rsync error
    - lxd/storage/rsync: Ignore vanished file warnings
    - Makefile: Fix static-analysis target
    - Makefile: Update pot before po
    - network: Do not update limits unconditionally
    - shared: Add wrapper to translate host paths
    - shared: Cleanup use of log
    - shared: Fix bad check for snap paths
    - shared: Fix growing of buf in GroupId
    - shared: Fix new golint warning
    - shared: Move GetRemoteCertificate from lxc/remote
    - shared: Move idmap/acl functions to a separate package
    - shared: Move testhelpers into shared/osarch for now
    - shared: Use custom error type for RunCommand
    - shared: Vendor the subtest compatibility schim in shared/subtest
    - shared: Websocket proxy should proxy everything
    - shared/api: Add API for editing containers metadata.yaml and templates
    - shared/api: Add container template files operations.
    - shared/api: Add server resource api structs
    - shared/api: Add storage pool resource api structs
    - shared/api: Add StorageVolumePost
    - shared/api: Add support for macaroons-based authentication indicator
    - shared/api: Extensions go at the bottom
    - shared/api: Implement complete push migration
    - shared/api: Migration: state{ful,less} snapshot migration
    - shared/api: Split storage in separate files for pools and volumes
    - shared/api: Sync with master branch
    - shared/canceler: Support canceling with parallel downloads
    - shared/canceler: Fix return value ordering
    - shared/canceler: Use request Cancel channel
    - shared/cmd: Don't depend on testify in the cmd package
    - shared/cmd: Update to match master
    - shared/idmap: Disallow hostids intersecting subids
    - shared/idmap: Fix numerous issues
    - shared/idmap: Fix tests
    - shared/idmap: Make ACL failures more verbose
    - shared/logger: Temporary workaround for log15 API breakage
    - shared/network: Add some more TLS ciphers
    - shared/network: Sync TLS handling with master
    - shared/osarch: Add function for parsing /etc/os-release
    - shared/osarch: Add missing architecture aliases
    - shared/osarch: Fix uname handling on some architectures
    - shared/util: Add helper to create tempfiles
    - shared/util: Extract helper to get uname
    - shared/util: Guess size when sysconf() returns -1
    - shared/util: Guess size when sysconf() returns -1
    - shared/util: Implement mountpoint checking
    - shared/util: More snap handling logic
    - shared/util: Shift xattr ACLs uid/gid
    - shared/util: Sync ParseLXDFileHeaders with master
    - shared/version: Add helper to get platform-specific versions
    - shared/version: Only include kernel version, not build id
    - tests: Add a test for read-only disks
    - tests: Add new dependencies
    - tests: Add performance regression tests
    - tests: Add storage helpers
    - tests: Add support for LXD_TMPFS to perf.sh
    - tests: Add test for disallowing hostid in subuid
    - tests: Also measure batch startup time in perf.sh
    - tests: bump image auto update limit to 20min
    - tests: Clear database state in the mock daemon after each lxdSuiteTest
    - tests: Don't attempt to finger public remotes
    - tests: Don't attempt to finger public remotes
    - tests: Don't copy running lvm/ceph containers
    - tests: Fix bad raw.lxc test
    - tests: Fix dependency check
    - tests: Fix image_auto_update test
    - tests: Fix image expiry test
    - tests: Fix shell return value masking
    - tests: Function to include storage backends helpers
    - tests: include lvm in image auto update
    - tests: More apparmor presence checking
    - tests: Refactor cleanup functions
    - tests: Setup basic channel handler for triggers
    - tests: Skip apparmor tests when no kernel support
    - tests: Split out lxc and lxd related helper functions
    - tests: Split out network-related helper functions
    - tests: Split out storage-related helper functions
    - tests: Split out test setup related helper functions
    - tests: Support running individual testify test suites
    - tests: Switch to new storage helpers
    - tests: Update perf.sh to "lxd-benchmark launch"
    - tests: use "--force" everywhere on stop
    - tests: Use in-memory db for tests (makes them faster)
    - tests: Use testimage for perf testing
    - tests: Validate that the right busybox is present
    - tests: Wait up to 2 minutes for image updates

Just like Ubuntu itself, upstream releases long term support releases, as is 2.0 and then periodic point releases including all the accumulated bugfixes.

Only the latest upstream release gets full support from the upstream developers, everyone else is expected to first update to it before receiving any kind of support.

This should qualify under the minor upstream bugfix release allowance of the SRU policy, letting us SRU this without paperwork for every single change included in this upstream release.

Once the SRU hits -updates, we will be backporting this to trusty-backports as well, making sure we have the same version everywhere.

Stéphane Graber (stgraber) wrote :

Uploaded to the queue for xenial.

Changed in lxd (Ubuntu):
status: New → Invalid
Changed in lxd (Ubuntu Trusty):
status: New → In Progress
status: In Progress → Triaged
Changed in lxd (Ubuntu Xenial):
status: New → In Progress
Changed in lxd (Ubuntu Trusty):
assignee: nobody → Stéphane Graber (stgraber)
Changed in lxd (Ubuntu Xenial):
assignee: nobody → Stéphane Graber (stgraber)

Hello Stéphane, or anyone else affected,

Accepted lxd into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxd/2.0.11-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxd (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-xenial
Stéphane Graber (stgraber) wrote :

Automated testing is happy, we've seen a few hundred users using this without any bug report so far and I just did some extra manual testing including the upgrade and all looks good.

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (17.0 KiB)

This bug was fixed in the package lxd - 2.0.11-0ubuntu1~16.04.2

---------------
lxd (2.0.11-0ubuntu1~16.04.2) xenial; urgency=medium

  * Cherry-pick upstream fixes:
    - 0010-zfs-Fix-slowdown-because-of-mountpoint-check.patch
    - 0011-tests-Deal-with-missing-ttyS0-ttyS1-on-s390x.patch

lxd (2.0.11-0ubuntu1~16.04.1) xenial; urgency=medium

  * New upstream bugfix release (2.0.11) (LP: #1731146)
    - It's now possible to interrupt image downloads
    - Added a new security.idmap.base config key
      (overrides the base uid/gid of the container)
    - Added support for delta image downloads
    - Implemented instance types as a proxy for resource limits
    - The user-agent string was expanded to include OS and kernel information
    - The client library and related code is now kept in sync with master
    - The command line client has been ported to the new client library

    - client: Add CancelTarget to RemoteOperation
    - client: Add CreateContainerFromImage function
    - client: Added insecureSkipVerify flag the ConnectionArgs struct
    - client: Add extra exec option to block on I/O
    - client: Add GetServerResources()
    - client: Add GetStoragePoolResources()
    - client: Add image_create_aliases backward compat
    - client: Add RenameStoragePoolVolume()
    - client: Allow canceling image download from LXDs
    - client: Allow specifying base http client
    - client: Cleanup code duplication in image download code
    - client: Commonize error handling
    - client: Don't live migrate stopped containers
    - client: Drop experimental tag from new client
    - client: Fail if source isn't listening on network
    - client: Fix crash in operation handler
    - client: Fix crash when missing cookiejar
    - client: Fix handling of public LXD remote
    - client: Fix image copy
    - client: Fix non-interactive exec hangs
    - client: Fix potential race in event handler setup
    - client: Fix race condition in operation handling
    - client: Implement container and snapshot copy
    - client: Implement push and relay container copy
    - client: Implement remote operations
    - client: Improve error on image copy
    - client: Improve migration relay code
    - client: Keep track of protocol
    - client: Make it possible to retrieve HTTP client
    - client: Make the authentication Interactor configurable
    - client: Move CopyImage to the target server
    - client: Only set file headers if value is provided
    - client: Properly handle remote disconnections
    - client: Reduce request logging to Debug
    - client: Simplify ConnectPublicLXD logic
    - client: Support for macaroons-based authentication
    - client: Sync with master branch
    - client: Use RemoteOperation for CopyImage
    - config: Add support for CookieJar
    - config: Try to be clever about ":" in snapshots
    - doc: Add a note about blkio limits
    - doc: Add section on macvlan vs bridge
    - doc: Add SUPPORT.md
    - doc: Document instance types
    - doc: Document that squashfs images can also be used
    - doc: Document the exec control API
    - doc: Extend/rework security-related documentation.
    - doc: Fix lxd.log location in is...

Changed in lxd (Ubuntu Xenial):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for lxd has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers