Profile

Cover photo
Stéphane Graber
Works at Canonical Ltd.
Lives in Montréal
170,718 views
AboutPostsPhotos

Stream

Stéphane Graber

Shared publicly  - 
 
Today we're releasing the fix to two LXC security issues. Most distributions should already have or very soon will upload security updates but if you're not using distro-provided packages, you should grab the fixes and rebuild!

Thanks to Roman Fiedler for finding those issues!
[lxc-users] LXC security issues - affects all supported releases. Stéphane Graber stgraber at ubuntu.com. Wed Jul 22 14:29:47 UTC 2015. Previous message: [lxc-users] How to connect to container with Host Bridge from outside the host? Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] ...
4
Add a comment...

Stéphane Graber

Shared publicly  - 
 
And LXD 0.13 is out!

This release brings among other things, LVM thin pool support as a container and image backing store, support for turning a container into an image, batch container operations and a variety of other improvements.

This is also the first release to be buildable on something other than Linux with the LXD client now being buildable on MacOS X! 

Enjoy!
20
5
Vincent JOBARD (Winael)'s profile photoLenz Grimmer's profile photo
Add a comment...

Stéphane Graber

Shared publicly  - 
 
And LXD 0.12 is now out!

Ubuntu packages will be available tomorrow, hopefully shortly followed by an official Snap in the store.
17
5
Christopher Jones's profile photoGustav H Meyer's profile photoOliver Grawert (ogra)'s profile photoRicardo Salveti (rsalveti)'s profile photo
3 comments
 
thanks. I had to check twice.. RUNNING containers cannot be renamed. did not notice "running" word in command answer, weird. so ignore my earlier question ;)
Add a comment...

Stéphane Graber

Shared publicly  - 
 
LXD 0.11 is now out!

This release brings file templating, systemd socket activation, support for container restart on host reboot and much more!
16
6
Carla Sella's profile photoJon Disnard's profile photoRyan Beisner's profile photoTim Fall's profile photo
4 comments
 
Checked. Also in desktop install EDITOR variable is not defined by default. I guess it's still set/hardcoded somewhere to 'vi' but not in LXD apparently.
Add a comment...

Stéphane Graber

Shared publicly  - 
 
Almost 30C here in Montreal today, good thing there's a light breeze and I'm not stuck inside :)
7
Adolfo Santiago's profile photoSergio Schvezov's profile photoClaire Graber's profile photoDenise Egger's profile photo
4 comments
 
Salut. En effet, c'est plutôt sympa! J'espère quand même que les 30 degrés n'auront pas tenus trop longtemps.
 ·  Translate
Add a comment...

Stéphane Graber

Shared publicly  - 
 
And LXD 0.9 is now out the door and available in our PPA!

This version is mostly a bugfix and performance improvement release with a few new features here and there!

Enjoy!
10
2
Dusty Wilson's profile photoThomas Voß's profile photo
Add a comment...

Stéphane Graber

Shared publicly  - 
 
And LXD 0.14 is out!

This release brings a lot of polish to some recently (and not so recently) added features. But more importantly, it also finally brings support for the official Ubuntu Cloud images. At this point, this is limited to wily as we're waiting for images to get published for the stable releases, but it should only be a matter of days!


For those who were waiting to use LXD with cloud-init, you can use LXD 0.14, import official cloud images, either yourself or import the latest through the helper script "lxd-images import ubuntu".

Then create your containers, setting the user.user-data config key to your cloud-init metadata. This will be fed to cloud-init and processed as it would in the cloud.


Note that while this is all working, things will get ever better when cloud-init's /dev/lxd support lands and when we add background sync support to lxd-images (so your images are always fresh) but all that is for a later release.

Enjoy!
15
3
erkan yanar's profile photoOliver Grawert (ogra)'s profile photoVincent JOBARD (Winael)'s profile photoCarla Sella's profile photo
 
You/We need more hands on turtorials.
Add a comment...

Stéphane Graber

Shared publicly  - 
 
Got NAT64 and DNS64 setup at home, turned off IPv4 on my laptop entirely and kept on with my life. That was a couple of hours ago and so far nothing unexpected failed, everything that I usually use over the IPv4 internet is working exactly as usual, except my laptop thinks they're all now IPv6!
18
1
Stéphane Graber's profile photoStephen Kellat's profile photo
 
The expected failure was communication with my chromecast from my web browser. But that's a very very weird setup where the chromecast sits on one subnet the multicast traffic is then routed across subnets by my gateway and then routed again on my laptop to the LXC container which runs my web browser. So pretty brittle to begin with :)
Add a comment...

Stéphane Graber

Shared publicly  - 
 
Just uploaded LXD 0.12 to wily. Backports to our PPAs will happen on their own shortly.

This version is the first to do systemd socket activation by default. Upon installation, LXD will start as normal, but later (after reboot), it will only start when first accessed over the unix socket or over the network.
10
Add a comment...

Stéphane Graber

Shared publicly  - 
 
LXD finally has a snap!
(For those unfamiliar, a snap is a package for Ubuntu Snappy Core)

It took a little while to get things working and it's still not quite ready enough to hit the store, but we have a script which will build all of our dependencies and get us a working snap.

A binary for amd64 can be downloaded at:
    https://dl.stgraber.org/lxd_0.11-git0_amd64.snap

Then installed with:
    snappy-remote --url=ssh://localhost:8022 install lxd_0.11-git0_amd64.snap

After installation, connect as the Ubuntu user and do:
    lxc remote add images images.linuxcontainers.org
    lxc launch images:ubuntu/trusty/amd64 trusty
    lxc exec trusty bash

And you'll be inside a full Ubuntu 14.04 LTS container running on your Snappy system. To do more, go look at the documentation at https://linuxcontainers.org/lxd
20
5
Sergio Schvezov's profile photoRicardo Salveti (rsalveti)'s profile photoMitsuya Shibata's profile photoAlexander Sack (asac)'s profile photo
4 comments
 
Good good. I assumed so, but your post didn't mention it, so I was curious :)
Add a comment...

Stéphane Graber

Shared publicly  - 
 
As per our usual fortnightly release schedule, LXD 0.10 got tagged yesterday!

This release introduces a few new commands, adds some new arguments to existing ones and introduces some small features our users have been requesting. That on top of the usual pile of bugfixes.

Enjoy!
9
2
Carla Sella's profile photoOliver Grawert (ogra)'s profile photo
Add a comment...

Stéphane Graber

Shared publicly  - 
 
Had a great (but exhausting) weekend running the infrastructure at +NorthSec 2015!

As usual, this was a great stress test for the Linux kernel, LXC, Ubuntu and our network equipment. We were running just shy of 10000 LXC containers, about a hundred VMs co-located with those, several hundred VLANs including nested VLANs (QinQ + jumbo frames) and an insanely complex IPv6-only network.

Remember that we simulate a whole IPv6-only Internet FOR EVERY ONE OF THE 30 PARTICIPATING TEAMS. And that's only the base on which we build the actually competition!

Oh and did I mention we're running all that stuff on only a handful of 10 years old server (HP DL380 G5)?

Overall things went relatively smoothly, we only found two kernel bugs (on 3.19) which we're still debugging and even though the load average on our servers regularly spiked above 3000, which on a 8 thread system is rather high, things didn't fail horribly.

Getting rid of those pesky spinning drives and moving to SSDs is now pretty much at the top of our list for next year as 300iops shared with 2000 containers and 20 VMs was a recipe for disastrous failure.
SSDs should get us to about 200000iops so really hoping we'll get enough sponsors to make this happen! :)

Now back to work, trying to figure out some of the LXC and kernel issues we ran into and starting planning for NorthSec 2016!

Hoping to see you there next year!
NorthSec Applied Security Event will take place in Bonsecours Market in Montreal, Canada. Two days of conference followed by the amazing 48 hours CTF.
12
1
Stéphane Graber's profile photoJean-Christophe Lariviere's profile photoOliver Grawert (ogra)'s profile photo
7 comments
 
Awesome, thanks again!
Add a comment...
Work
Occupation
Working on Ubuntu
Employment
  • Canonical Ltd.
    Software Engineer for Foundations team, 2011 - present
  • Revolution Linux
    LTSP developer and Ubuntu liaison, 2008 - 2011
Basic Information
Gender
Male
Relationship
In a relationship
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Montréal
Previously
Sherbrooke - Bevaix
Links
Other profiles
Contributor to
Links