Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package lxd.15746 for openSUSE:Leap:15.2:Update checked in at 2021-02-08 16:04:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/lxd.15746 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.lxd.15746.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxd.15746" Mon Feb 8 16:04:55 2021 rev:1 rq:869762 version:4.11 Changes: -------- New Changes file: --- /dev/null 2021-01-11 18:20:20.070723563 +0100 +++ /work/SRC/openSUSE:Leap:15.2:Update/.lxd.15746.new.28504/lxd.changes 2021-02-08 16:04:56.785449397 +0100 @@ -0,0 +1,426 @@ +------------------------------------------------------------------- +Fri Feb 5 07:41:04 UTC 2021 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.11. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-11-has-been-released/10135 + boo#1181825 + + + Bulk instance state change API + + GVRP support for dynamic vlan configuration + + Server-side instance storage pool migration + + Volume usage API + + + VM: SR-IOV GPU Support + + VM: PCI Device Type + + VM: ISO images now exposed as cdrom + +------------------------------------------------------------------- +Mon Jan 11 12:53:22 UTC 2021 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.10. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-10-has-been-released/9894 + boo#1180772 + + + VLAN information in network state + + Proxy device support for VMs (NAT only) + + Bridge port isolation + + New sub-commands for image properties + + Multi-queue networking in VMs + +------------------------------------------------------------------- +Sat Dec 12 06:32:48 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.9. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-9-has-been-released/9673 + boo#1179972 + + + Mediated GPU devices for Virtual Machines + + IOMMU groups for PCI devices + + QEMU version in server environment information + * Improved lifecycle events + + "user." keys allowed on all objects + + usb_address and pci_address properties in USB/network resources + + ipv4.dhcp and ipv6.dhcp on OVN networks + + ovn.ingress_mode on physical networks + + ipv4.routes.anycast and ipv6.routes.anycast on physical networks + + limits.instances project option + + zstd compression for images and backups + +------------------------------------------------------------------- +Fri Nov 13 06:15:10 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.8. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-8-has-been-released/9458 + boo#1178759 + + + vTPM support + + VirtioFS support for virtual machines + + Full CGroup2 support + + rebase mode for zfs.clone_copy + + --reuse option in lxc snapshot and lxc storage volume snapshot + * restarted lifecycle event + * Improved logging of user requests + +------------------------------------------------------------------- +Sat Oct 17 09:03:58 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.7. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-7-has-been-released/9213 + boo#1177825 + + + Backup (export/import) of custom storage volumes + + Import of instances with alternative name + + Virtual machine memory shrinking (and re-grow) + + USB device passthrough for virtual machines + + Configurable rsync compression in migration + + Restrict available uplinks for project networks + + Add new physical managed network type + + Support for external routed addresses/subnets on OVN + +------------------------------------------------------------------- +Sat Sep 19 04:50:10 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.6. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-6-has-been-released/8981 + boo#1176737 + + + Networks in projects + + AppArmor profiles for qemu + - Removal of custom sqlite fork. + +------------------------------------------------------------------- +Sat Aug 29 02:59:26 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.5. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-5-has-been-released/8824 + boo#1175910 + + + Initial support for OVN virtual networks + + Initial bpf syscall interception + * Support for native terminal device allocation + * VGA console now working on Windows + * Improved handling of remote storage pools + * forkdns and forkproxy now running under AppArmor confinement + + lxc move now let???s you select a cluster target too + +------------------------------------------------------------------- +Sat Aug 1 07:14:32 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.4. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-4-has-been-released/8574 + boo#1174789 + + + VGA console for virtual machines + + Clustering failure domains + + /dev/lxd API in virtual machines + + Graceful daemon shutdown + + macvlan and sriov managed network types + + Disk usage limits in projects + + AppAmor confinement for dnsmasq + + GPU mediated devices in resources API + + --console option in lxc launch + +------------------------------------------------------------------- +Thu Jul 2 02:12:53 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.3. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-3-has-been-released/8303 + boo#1173608 + + + Block custom storage volumes + + VM: Initial work for graphical console + * VM: Rework of PCIe layout + + VM: GPU passthrough + * Direct console attach on lxc start and lxc restart + * Isolated CPUs reporting in resources API + +------------------------------------------------------------------- +Fri Jun 5 23:58:50 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.2. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-2-has-been-released/8071 + bsc#1172605 + + + VLAN filtering on bridges + * Expanded network state information + + Support for custom search domains + + New IPv4 and IPv6 columns in network lists + * mips & riscv64 support for containers and s390x support for VMs + * Using pidfds for all container subprocesses + * LVM volumes only active when needed + + DB query tracing support + * Better cluster life-cycle handling + * Cleaned up database functions + +------------------------------------------------------------------- +Sat May 9 03:45:46 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.1. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-1-has-been-released/7737 + + + Push and relay support for images + + Routing table support for routed NIC devices + + L2 mode for ipvlan NIC devices + * Tweaks to the resources API + * Addition of OS data in the server information + + New lxd cluster remove-raft-node command + * Improved table sorting in the command line tool + +------------------------------------------------------------------- +Fri Apr 24 06:58:55 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.0.1. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-0-1-lts-has-been-released/7515 + boo#1170404 + + * Tweaked and improved the resources API + * Added lxd cluster remove-raft-node disaster recovery function + * Implemented ceph rbd/fs disk devices can now be attached to virtual machines + * Fixed some data migration issues for users of < 3.0 upgrading to 4.0 directly + * Fixed file descriptor leakage in exec + +------------------------------------------------------------------- +Wed Apr 1 14:23:25 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.0.0. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-0-lts-has-been-released/7231 + boo#1168338 + + Breaking Changes: + * Removal of --container-only, replaced by --instance-only + + + VM: Support for backup (import/export) + + PCI and USB devices in the resource API + + Support for multiple ipvlan NIC devices + + Support for host addresses on routed NIC + + Support for editing cluster roles + + Disk usage for custom volumes ++++ 229 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.lxd.15746.new.28504/lxd.changes New: ---- lxd-4.11.tar.gz lxd-4.11.tar.gz.asc lxd-rpmlintrc lxd.changes lxd.dnsmasq lxd.keyring lxd.service lxd.spec lxd.sysctl ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxd.spec ++++++ # # spec file for package lxd # # Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # nodebuginfo %go_nostrip %define _buildshell /bin/bash %define import_path github.com/lxc/lxd Name: lxd Version: 4.11 Release: 0 Summary: Container hypervisor based on LXC License: Apache-2.0 Group: System/Management URL: https://linuxcontainers.org/lxd Source: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz Source1: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring Source3: %{name}-rpmlintrc # LXD upstream doesn't use systemd, they use snapd. Source100: %{name}.service # Additional runtime configuration. Source200: %{name}.sysctl Source201: %{name}.dnsmasq BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: libacl-devel BuildRequires: libcap-devel BuildRequires: patchelf BuildRequires: pkg-config BuildRequires: rsync BuildRequires: sqlite3-devel >= 3.25 # Due to a limitation in openSUSE's Go packaging we cannot have a BuildRequires # for 'golang(API) >= 1.14' here, so just require 1.14 exactly. bsc#1172608 BuildRequires: golang(API) = 1.14 BuildRequires: pkgconfig(libudev) BuildRequires: pkgconfig(lxc) >= 3.0.0 # Needed to build dqlite and raft. BuildRequires: autoconf BuildRequires: libtool BuildRequires: pkgconfig(libuv) >= 1.8.0 # Bits required for images and other things at runtime. Requires: acl Requires: ebtables BuildRequires: dnsmasq Requires: criu >= 2.0 Requires: dnsmasq Requires: lxcfs Requires: lxcfs-hooks-lxc Requires: rsync Requires: squashfs Requires: tar Requires: xz # Storage backends -- we don't recommend ZFS since it's not *technically* a # blessed configuration. Recommends: lvm2 Recommends: thin-provisioning-tools Recommends: btrfsprogs Suggests: zfs %description LXD is a system container manager. It offers a user experience similar to virtual machines but uses Linux containers (LXC) instead. %package bash-completion Summary: Bash Completion for %{name} Group: System/Management Requires: %{name} = %{version} Supplements: packageand(%{name}:bash-completion) BuildArch: noarch %description bash-completion Bash command line completion support for %{name}. %prep %setup -q # Create fake "go mod"-like import paths. This is going to be really fun to # maintain but it's unfortunately necessary because openSUSE doesn't have nice # "go mod" support in OBS... ln -s . _dist/src/github.com/cpuguy83/go-md2man/v2 %build # Make sure any leftover go build caches are gone. go clean -cache # Set up GOPATH. export GOPATH="$PWD/.gopath" export PKGDIR="$GOPATH/src/%{import_path}" mkdir -p "$PKGDIR" cp -a * "$PKGDIR" # Set up temporary installation paths. export INSTALL_ROOT="$PKGDIR/.install" export INSTALL_INCLUDEDIR="$INSTALL_ROOT/%{_includedir}" export INSTALL_LIBDIR="$INSTALL_ROOT/%{_libdir}/%{name}" # We first need to build all of the LXD-specific dependencies. To avoid binary # bloat, we build them as dylibs -- but we then later need to mess around with # the ELF headers to stop the openSUSE packaging scripts from freaking out. export CFLAGS="%{optflags} -fPIC -DPIC" # We have a temporary-install directory which contains all of the dylib deps. export PKG_CONFIG_SYSROOT_DIR="$INSTALL_ROOT" export PKG_CONFIG_PATH="$INSTALL_LIBDIR/pkgconfig" # For some reason, Leap need us to specify this explicitly now. export CPPFLAGS="-I$INSTALL_INCLUDEDIR" # raft pushd "$PKGDIR/_dist/deps/raft" autoreconf -fiv %configure \ --libdir="%{_libdir}/%{name}" \ --disable-static make %{?_smp_mflags} make DESTDIR="$INSTALL_ROOT" install popd # dqlite pushd "$PKGDIR/_dist/deps/dqlite" ( autoreconf -fiv %configure \ --libdir="%{_libdir}/%{name}" \ --disable-static make clean make %{?_smp_mflags} make DESTDIR="$INSTALL_ROOT" install ) popd # Find all of the main packages using go-list. readarray -t mainpkgs \ <<<"$(go list -f '{{.Name}}:{{.ImportPath}}' %{import_path}/... | \ awk -F: '$1 == "main" { print $2 }' | \ grep -Ev '^github.com/lxc/lxd/(test|shared)')" # _dist/src is effectively an old-school "vendor/" tree, so add it to GOPATH. export GOPATH="$GOPATH:$PKGDIR/_dist" # And now we can finally build LXD and all of the related binaries. mkdir bin for mainpkg in "${mainpkgs[@]}" do binary="$(basename "$mainpkg")" ( # We need to link against our particular dylib deps. export \ CGO_CFLAGS="-I $INSTALL_INCLUDEDIR" \ CGO_LDFLAGS="-L $INSTALL_LIBDIR" ||: go build -buildmode=pie -tags "libsqlite3" -o "bin/$binary" "$mainpkg" ) done # This part is quite ugly, so I apologise upfront. # # We want to have our _dist/deps/* libraries be dylibs so that we don't bloat # our lxd binary. Unfortunately, we are presented with a few challenges: # # * Doing this naively (put it in {_libdir}) results in sqlite3 package # conflicts -- and we aren't going to maintain sqlite3 for all of openSUSE # here. # # * Putting everything in a hidden {_libdir}/{name} with RUNPATH configured # accordingly works a little better, but still results in lxd ending up with # {Provides,Requires}: libsqlite3.so.0. This results in more esoteric # conflicts but is still an issue (we'd need to add Prefer: libsqlite3-0 # everywhere). # # So, the only reasonable choice left is to use absolute paths as DT_NEEDED # entries -- which bypasses the need for RUNPATH and allows us to set garbage # sonames for our _dist/deps/* libraries. Absolute paths for DT_NEEDED is # *slightly* undefined behaviour, but glibc has had this behaviour for a very # long time -- and others have considered using it in a similar manner[1]. # # What F U N. # # [1]: https://github.com/NixOS/nixpkgs/issues/24844 ( # A simple check that lxd isn't broken. We can't do this after patchelf # because we'd need to chroot(2) into {buildroot} which isn't permitted due # to user namespaces being blocked inside rpmbuild. boo#1138769 export LD_LIBRARY_PATH="$INSTALL_LIBDIR" ./bin/lxd help ) for lib in "$INSTALL_LIBDIR"/lib*.so do # Strip off last two version digits. name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')" # Give our libraries unrecognisable DT_SONAME entries. patchelf --set-soname "._LXD_INTERNAL-$name" "$lib" # Make sure they're executable. chmod +x "$lib" done # Switch to absolute DT_NEEDED for all dylibs we have as well as the main LXD # binary. We do this for all dylibs to make sure we don't end up with weird # chain-loading problems. for target in bin/* "$INSTALL_LIBDIR"/lib*.so do # Drop RPATH in case it got included during builds. patchelf --remove-rpath "$target" # And now replace all the possible DT_NEEDEDs to absolute paths. for lib in "$INSTALL_LIBDIR"/lib*.so do # Strip off last two version digits. name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')" patchelf --replace-needed {,%{_libdir}/%{name}/}"$name" "$target" done done # Generate man pages. mkdir man ./bin/lxc manpage man/ pushd bin/ for bin in * do # Ensure that all our binaries are dynamic. boo#1138769 file "$bin" | grep 'dynamically linked' # Check what they are linked against. ldd "$bin" done popd %install export GOPATH="$PWD/.gopath" export PKGDIR="$GOPATH/src/%{import_path}" export INSTALL_LIBDIR="$PKGDIR/.install/%{_libdir}/%{name}" install -d -m 0755 %{buildroot}%{_libdir}/%{name} # We can't use install because *.so.$n are symlinks. cp -avt %{buildroot}%{_libdir}/%{name}/ "$INSTALL_LIBDIR"/lib*.so.* # Install all the binaries. pushd bin/ for bin in * do install -D -m 0755 "$bin" "%{buildroot}%{_bindir}/$bin" done popd # Install man pages. pushd man/ for man in * do section="${man##*.}" install -D -m 0644 "$man" "%{buildroot}%{_mandir}/man$section/$man" done popd # bash-completion. install -D -m 0644 scripts/bash/lxd-client %{buildroot}%{_datadir}/bash-completion/completions/lxc # sysv-init and systemd setup. install -D -m 0644 %{S:100} %{buildroot}%{_unitdir}/%{name}.service mkdir -p %{buildroot}%{_sbindir} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} # Run-time configuration. install -D -m 0644 %{S:200} %{buildroot}%{_sysctldir}/60-lxd.conf install -D -m 0644 %{S:201} %{buildroot}%{_sysconfdir}/dnsmasq.d/60-lxd.conf # Run-time directories. install -d -m 0711 %{buildroot}%{_localstatedir}/lib/%{name} install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name} %fdupes %{buildroot} %pre # Group which owns the lxd socket, which allows people to administer it. getent group %{name} >/dev/null || groupadd -r %{name} # /etc/sub[ug]id should exist already (it's part of shadow-utils), but older # distros don't have it. LXD just parses it and doesn't need any special # shadow-utils helpers. touch /etc/subuid /etc/subgid ||: # Add sub[ug]ids for LXD's unprivileged containers -- in order to support # isolated containers we add quite a few subuids. Since LXD runs as root we add # them for the root user (not the lxd group). We only bother if there aren't # any mappings available already. # # We have no guarantee that the range we pick will be unique -- which ideally # we would want it to be. There isn't a nice way to do this without # reimplementing a bunch of range-handling code for /etc/sub[ug]id in bash. So # we just pick the 400-900 million range, and hope for the best (most tutorials # use the 1-million range, so we avoid that pitfall). # # This default setting of 500 million is enough for ~8000 isolated containers, # which should be enough for most users. grep -q '^root:' /etc/subuid || \ usermod -v 400000000-900000000 root &>/dev/null || \ echo "root:400000000:500000001" >>/etc/subuid ||: grep -q '^root:' /etc/subgid || \ usermod -w 400000000-900000000 root &>/dev/null || \ echo "root:400000000:500000001" >>/etc/subgid ||: %service_add_pre %{name}.service %post %sysctl_apply %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %sysctl_apply %service_del_postun %{name}.service %files %defattr(-,root,root) %doc AUTHORS README.md doc/ %license COPYING %{_bindir}/* %{_mandir}/man*/* %{_libdir}/%{name} %{_sbindir}/rc%{name} %{_unitdir}/%{name}.service %dir %{_localstatedir}/lib/%{name} %dir %{_localstatedir}/log/%{name} %{_sysctldir}/60-lxd.conf %config(noreplace) %{_sysconfdir}/dnsmasq.d/60-lxd.conf %files bash-completion %defattr(-,root,root) %{_datadir}/bash-completion/ %changelog ++++++ lxd-rpmlintrc ++++++ # The linking against full paths underneath /usr/lib64/lxd/ is intentional, as # our shared libraries are internal and aren't meant to be used outside LXD. # This error only appears in old SLE versions. addFilter ("^lxd.* E: invalid-filepath-dependency .* /usr/lib(32|64)?/lxd/") ++++++ lxd.dnsmasq ++++++ # WARNING: DO NOT MODIFY THIS FILE. # Changes to this file will be lost when the lxd package is updated or removed. # Instead, add changes to /etc/dnsmasq.d/. # Tell any system-wide dnsmasq instance to make sure to bind to interfaces # instead of listening on 0.0.0.0. bind-interfaces except-interface=lxdbr0 ++++++ lxd.keyring ++++++ pub rsa4096/0xC638974D64792D67 2010-10-23 [SC] 602F567663E593BCBD14F338C638974D64792D67 uid [ unknown] St??phane Graber <stgra...@stgraber.org> uid [ unknown] St??phane Graber <stgra...@ubuntu.com> sub rsa4096/0x9E4B2A99D7B3258F 2010-10-23 [E] -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBEzDJtYBEADeY2GjCIHiP69HyT6dea1bcBYKHzGusmPjUGfNExAgseCgkFGo xROSpjt5ez8FGyvjvSevVTtWTO955eLrhj7fUzfcN8ot+Lj5EeCeyX6evR/jv/Kw dJZfKNHEKFlsRL74NEodSIvxDxANsu4iggpPWe+RMcZt7yP/4j5j7/yfZHCtDNVe 6vYr6FvR9YmJ1TK3SudKQ0eLYBgW75V45xtgl1dzcTfmmnQKRq0NBgGHQ9P+VdA5 TTaKDxDyVGuGL3eSBABLKiOTVxn8cLK75NOHH920PbOIKAfXh0StvIRbHL0EcwNj 4nrSHHsDqFwQaieVueEpxaL3OfKXlF/4KdkCz8J1fXMiKd7MrOaVCGfriU4J9H3V 2JUPzHCv1QOLlJFkzyfbAh/62xRuUKihqBnLvMStl1wCesbMSAUxZZs2u+emqjD7 wqf7bj5u34bCb/7eBnirBhk7fCPrWeiw+tyr8focN3TB9ZjoFba+lzReP+ehYpFI 15ro7wJ82VvEYw3/UIOyUhGBdGWZzwoag6Y2sm7zY84YGtNV44LsaKpJYZUi7er4 2JQZ6PN68lfkGgTyjd3eFQ4la7pmhOWDZt9ldy8rz8dw0K8gKRP+b5NNmaPznCcM tg8s+mQqcjWpeqwmq93JrgbxGwgiI2qw9P+dZI0jn+Aoth+DDki3MC6ZXwARAQAB tCZTdMOpcGhhbmUgR3JhYmVyIDxzdGdyYWJlckB1YnVudHUuY29tPokCNwQTAQoA IQUCTMMuOgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDGOJdNZHktZ35S D/434tFecFY622NY/YLjQUN++bSvP+mbeCeOXnOULZozURQTuQzneTWFgkPOL7Uv RIrw0WznQEwhUMai7PUF3SbOYcj7iYSXJM6t3aNfW0zmjS185Ny2bRB7URihTAyE eM4Jpk6oMTmhqmH2OHnFQuNqmCl1tiH44KVv/sQAEzN/txjxj64YSq5NSzkQKlMG /n7QfLL+RhoB4db1wY8vhnrryP7vUx5DR1A5z9MYfFTIJb75vsQM6r4s3sVtwSTG kozJMUZAs0EXbI2Tgx2Wd7t2ix21lBu0PDb/RINpXQV0pyhT1kQxa1ZKfpLoM2LR Wp6ctqmU+qkryaW8cLEHkYmDKEQIgQ7/DrOJPrPgjfBIC9LOcXgI1LbIh1L7tNFA OiOVS/e4C3zxBowCS4VCWq9m0LrmC531sFF46cmAMhrmtStWqJpn/Yaxn8VmhhTU zIVOUr3gL9RzbynYGIiSif+LXsrPLzEaDTGjmKm3oFvDadUHmb6HyuQ0M9UCgLQK kWiOvybx6Q16doFm61VQsJMqHDSpLBjOc5cSHO9PiXlYzkK0dv8h8e0LG2MORHCJ K4s8SfsPAXBCJwoZufcohaO0DD/fx93ErcAyNlDiwL2TxrQ4wEMHj73lt18A/HqP VpU0zTWDpNDe/N12a3sfTfs9IdB/izq6k2kTzZwHmqgpKbQoU3TDqXBoYW5lIEdy YWJlciA8c3RncmFiZXJAc3RncmFiZXIub3JnPokCOgQTAQoAJAIbAwULCQgHAwUV CgkICwUWAgMBAAIeAQIXgAUCTMMuYQIZAQAKCRDGOJdNZHktZyTdEACcaGpJvqa8 uDiVrmbyaK/LDWhKdVE9JujTg4g05xtRpEE/yQKwHXKKxQfe8wQRuNOXWLj66w4o UBKJs7Rc/DdNEM/RfYiTJD0dZ2fPq3GcU5rbZos1Tvmdpc1qVOyEMf3VJQ/vZEEy 7SM+i+jHx7lCx8lE0D6TsdrLVyh9cvr5+MwiqcVQXqK0aqGKjCdbEjUtsPz1d5Cu Mq95ZQff6W6m1yNlxMnRMxdreYXCrjtv78RzlQi8dTgboaOOBC3TYQQwHx9ZrLGM 3WuPmUl9uecPTOSxIqoZHEpvz5fUQ0DhnlcxCd3R2qgPneEq0yEuaZrq8UZNyp/o 4iQAAz9BH/I7i34HySBuEzkCOSgRd1zMmuXGyrgg67kSMUFs8zyMqyjgups+ig1f x8mKmwykVdH5Wgc310sy2W9wG5lWET45Z7gCDiu9x8B+3l6Qwn4WNffSI39ryTG4 aPGbQ/Z3+Ipm+uEV98Gm8TDcj0GUhL5XmsQ9DEcftGfw/Kxt4vaDtCOFaSZqmsoV b325sKF+LhCZTUwZVCHrkSIC75bJ0JtxRWu+4qWtBgbFTgx5jpr1zWP524x+c0a7 aLGrsB1lAnmFqFoipzvfj2grNgtY7zDf3rcf/lBwt6VKGTCPuoJW0iRLhJQGK3AZ Nkeu4F9t4IC5XcNKSnWJNQg0PiF0sfxTFbkCDQRMwybWARAApvNuefvVycI47ABo T7AzBsHf0lbt4ihMpugZ+GfubzK98kn8pDRprUAfACx6+NLkxuAf9WyL7CFoFLSJ je1m7ZhYeeNckrF5Ir1VRsF+6DueantQzawL8tq6o/sr+4/F5e0jwpXAbHNKiuqj Q/DbLVPEmln29aYtJT3Vtm1eVzK2XkxicSlRROKHrGbaGSHEJgWr/7zqNcDPY9Ss /pms2lqGCWK7MMG/PGVhYIJ9LKNK4yGQtxD51UuruAy6MmRfu1cKDzJ4frQjJTkr c746uofRzK7F/uTQYFpXXd2uQ2/xi+dRnTyoqszvlS7Cm5/V2AhblbnUVE+gWgcR lg3WXetJmI/jMwPCYSy1wxWFwZGYs/VTXcimHBcOZWu7cAur8zDNkm6uQaMaFRrq LmkkLjoY0e8cXZIkcmQfvlWHdDkebQevRvKlNWIJChRXLU7SAKjrIe5y1lxyzy3y dS8saK1nt7swubf737jHahQkNev9QwZ3r9ZxsyRXXRkXpKOoHQ2MVqyId+6Nk8Pn /0yE6RPN+t01je/I731fLUZzsCs6y2e5d+xxQzQSTGBiJfxfHodBts3D6r3sxxYn nvIe3H2Trzv34lNmiwX6RhxqPGiHBSvRxoTXz4luydDKIrBdaN+sgTkMINa3KDhf VMmbdnwTOQbW2pi3qUCbjA0TI+EAEQEAAYkCHwQYAQoACQUCTMMm1gIbDAAKCRDG OJdNZHktZxrrD/97bryBoLKJNc4tAtDY8umo+phdL/kUTx9gVeKHpZZVoymHW7pS 3stXC9UJigHuaDjkdvHq1v9fUdIp9mD8uqWgGJNO+hV99ARZSEkXfAFtNHYw0gVi izz0J0FEmMibJJBjj4kDi9Z/2fWRKsvNfwQ6UKrKtYkkM1DWNnqhNJVDVNJ+4Mr5 Y8wbkItPV07f5L3kdYFE90K08IJh/pvalt383RuNmuqFwNGjStLcfo2YRpTyjmWA oR7qaGflTAKm0+Qj/vx8vfHu7WAfcdcAT6ftZ5Q7C0LcPPuNkTBGFUyvJwW+7AV5 3Pln6vsbZg451J4iFQ0FTAYys40LbkLKYSAXfvfYHXY9ZOCvoZvsoeDG8zDUEGj5 EnsiJNlJx2xCRwjIrCzujUs91HdxQoVtXWwtlknZNwO46x433+ukhkTGJGQ7YFao x/JxkvQOhndYJBKm5C1P7ZlLmcRndv7Lrld9rVsYGk4/lCLDPXb/ZJ0jmZLYNqez 2z0Pcd0m+jtbVVuMxuIMI2NOFIccVsQxlrtWCdhnGfs+KH1D1eyLNB7PpzWq01yI z3pNBo5YYOLovpu0wVB0vxLTkDxmcl4aoM6MGkbnDfK4al+RQ+hDJlCAW+z3hUxH 2CmlO+WHtRJyXqE37QX6y9xmflvckMvo+CB+gopGyzMJuLqkBL2sFHZbIw== =JVth -----END PGP PUBLIC KEY BLOCK----- ++++++ lxd.service ++++++ [Unit] Description=LXD Container Hypervisor After=network-online.target lxcfs.service Requires=network-online.target lxcfs.service Documentation=man:lxd(1) [Service] ExecStart=/usr/bin/lxd --group=lxd --logfile=/var/log/lxd/lxd.log ExecStartPost=/usr/bin/lxd waitready --timeout=600 TimeoutStartSec=600s TimeoutStopSec=30s Restart=on-failure # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity # No need to add a task limit. TasksMax=infinity # Set delegate yes so that systemd does not mess with LXD cgroups. Delegate=yes # Kill only the LXD process, not all processes in the cgroup. KillMode=process [Install] WantedBy=multi-user.target ++++++ lxd.sysctl ++++++ # WARNING: DO NOT MODIFY THIS FILE. # Changes to this file will be lost when the lxd package is updated or removed. # Instead, add changes to /etc/sysctl.d/. # These defaults come from doc/production-setup.md, but have been slightly # modified to be less extreme. The recommended value is included as a comment # below each changed value. # inotify limits. fs.inotify.max_queued_events = 131072 # 1048576 fs.inotify.max_user_instances = 131072 # 1048576 fs.inotify.max_user_watches = 131072 # 1048576 # Number of memory mappings a process can have (lxd can have quite a lot). #vm.max_map_count = 262144 # Deny container access to kmsg, but this also blocks non-root host users so # it's disabled by default. This isn't a bad hardening measure in general. #kernel.dmesg_restrict = 1 # ARP table size (one per container) net.ipv4.neigh.default.gc_thresh3 = 2048 # 8192 net.ipv6.neigh.default.gc_thresh3 = 2048 # 8192 # Number of kernel keyrings for unprivileged users (one per container). kernel.keys.maxkeys = 2048
