Hello community, here is the log from the commit of package lxd.12244 for openSUSE:Leap:15.1:Update checked in at 2020-04-08 14:09:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/lxd.12244 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.lxd.12244.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxd.12244" Wed Apr 8 14:09:38 2020 rev:1 rq:791153 version:4.0.0 Changes: -------- New Changes file: --- /dev/null 2020-04-01 01:12:57.297512941 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.lxd.12244.new.3248/lxd.changes 2020-04-08 14:09:41.024828428 +0200 @@ -0,0 +1,245 @@ +------------------------------------------------------------------- +Wed Apr 1 14:23:25 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 4.0.0. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-4-0-lts-has-been-released/7231 + boo#1168338 + + Breaking Changes: + * Removal of --container-only, replaced by --instance-only + + + VM: Support for backup (import/export) + + PCI and USB devices in the resource API + + Support for multiple ipvlan NIC devices + + Support for host addresses on routed NIC + + Support for editing cluster roles + + Disk usage for custom volumes + + Disk usage for snapshots + + Support for passwordless PKI mode + +------------------------------------------------------------------- +Sat Mar 21 04:55:09 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.23. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-23-has-been-released/7140 + boo#1167304 + + Custom storage volumes in projects + + Schedule snapshots for custom storage volumes + + Expiry for custom storage volumes + + Limits for projects + + Restrictions for projects + + Improved backup/export logic + + VM: Support for migration + + VM: Support for publishing + +------------------------------------------------------------------- +Sat Mar 7 14:49:16 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.22. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-22-has-been-released/7027 + boo#1165976 + + Resource limits for projects + + nftables backend for firewalling + + Container: Hugepages in unprivileged containers + + VM: Support for 9p disk devices + + VM: File templating support + +------------------------------------------------------------------- +Fri Feb 14 07:27:24 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.21. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-21-has-been-released/6802 + boo#1163651 + + New way to attach to LXD managed networks + + Clustering: Configurable number of active and standby database members + * Ceph ported to new storage driver infrastructure + * VM: CPU pinning and topology + * VM: Network and storage optimizations + * VM: Agent-less reporting of IPv6 addresses +- Remove upstreamed patch. boo#1156336 + - boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch + +------------------------------------------------------------------- +Mon Feb 3 15:03:49 UTC 2020 - Dominique Leuenberger <dims...@opensuse.org> + +- BuildRequire pkgconfig(libudev) instead of libudev-devel: Allow + OBS to shortcut through the -mini flavors. + +------------------------------------------------------------------- +Sat Feb 1 23:37:24 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Fix bash-completion by installing it to the correct path. boo#1162426 + +------------------------------------------------------------------- +Fri Jan 31 10:16:27 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Backport https://github.com/canonical/dqlite/pull/207 to fix boo#1156336. + + boo1156336-0001-vfs-vfs__delete-fix-double-unlock-of-root-mutex.patch + +------------------------------------------------------------------- +Fri Jan 31 00:33:47 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.20. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-20-has-been-released/6673 + boo#1162299 + + Server side support of API collections + + New unix-hotplug device type + + Support for standby cluster members +- Update packaging to use GOPATH="_dist" rather than trying to move everything + to vendor/. This is the recommended approach by upstream (and makes our + specfile marginally less horrific). + +------------------------------------------------------------------- +Fri Jan 17 05:17:53 UTC 2020 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.19. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-19-has-been-released/6529 + boo#1161615 + + Virtual machine support + + Reworked storage layer + + Routed networking mode + + Custom mount options for disk devices + + Interception of the mount system call + + Multi-architecture clustering + + ... +- Rework package handling to fake Go module builds. + +------------------------------------------------------------------- +Wed Dec 11 23:55:40 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Support older SLE systems which don't have "usermod -w -v". + +------------------------------------------------------------------- +Thu Oct 3 01:53:53 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.18. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-18-has-been-released/5869 + boo#1152846 + + New /1.0/instances endpoint + + Support for storing VM images + + Extended disk resources information + + Modification of image expiry date + + Clustering roles + + IPv4 configuration when in Fan mode + +------------------------------------------------------------------- +Wed Sep 25 11:03:42 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Clean up a few remaining specfile bits left over from the 3.17 update. + +------------------------------------------------------------------- +Tue Sep 24 12:31:21 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Completely drop all stripping -- it appears to cause all sorts of problems + with unresolved symbol errors. +- Update to LXD 3.17. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-17-has-been-released/5679 + boo#1151874 + + Storage pool backed image tarballs and backups + + Container configuration as YAML on lxc init and lxc launch + * Ported to final Dqlite 1.0 + * Database rework + * Container devices rework + * Storage rework + +------------------------------------------------------------------- +Mon Jul 15 06:40:30 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.15. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-15-has-been-released/5218 + + Switch to dqlite 1.0. + * Reworked DHCP lease handling + * Reworked cluster heartbeat handling + * Better syscall interception framework + * More reliable unix socket proxying + + Hardware VLAN and MAC filtering on SR-IOV + + New storage-size option for lxd-p2c + + IPv4 and IPv6 filtering (spoof protection) + * Reworked resources API (host hardware) + + Control over uid, gid and cwd during command execution + + Quota support for custom storage volumes on dir backend + * Lots of bug fixes... + +------------------------------------------------------------------- +Wed Jun 19 07:21:29 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.14. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-14-has-been-released/5045 + boo#1138770 + + Cluster: Re-worked DNS forwarding + + Script to factory reset LXD + + Improvements to syscall interception + * Lots of bug fixes... + +------------------------------------------------------------------- +Wed Jun 19 03:16:40 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Update build to use go_nostrip, in order to attempt to fix the broken + binaries on Leap 15.1. boo#1138769 + +------------------------------------------------------------------- +Sun Jun 9 08:21:19 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Explicitly require lxcfs-hooks-lxc. LXD supports lxcfs but it requires tha + the LXC configuration files be present. + +------------------------------------------------------------------- +Sun Jun 2 17:22:35 UTC 2019 - Jan Engelhardt <jeng...@inai.de> + +- Trim filler wording from description. +- Remove --with-pic which often has no point with --disable-static. +- Avoid bash-specific sh code. + +------------------------------------------------------------------- +Thu May 9 20:28:55 UTC 2019 - Aleksa Sarai <asa...@suse.com> + +- Update to LXD 3.13. The full upstream changelog is available from: + https://discuss.linuxcontainers.org/t/lxd-3-13-has-been-released/4738 ++++ 48 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.lxd.12244.new.3248/lxd.changes New: ---- lxd-4.0.0.tar.gz lxd-4.0.0.tar.gz.asc lxd-rpmlintrc lxd.changes lxd.dnsmasq lxd.keyring lxd.service lxd.spec lxd.sysctl ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxd.spec ++++++ # # spec file for package lxd # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # nodebuginfo %go_nostrip %define _buildshell /bin/bash %define import_path github.com/lxc/lxd Name: lxd Version: 4.0.0 Release: 0 Summary: Container hypervisor based on LXC License: Apache-2.0 Group: System/Management URL: https://linuxcontainers.org/lxd Source: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz Source1: https://linuxcontainers.org/downloads/%{name}/%{name}-%{version}.tar.gz.asc Source2: %{name}.keyring Source3: %{name}-rpmlintrc # LXD upstream doesn't use systemd, they use snapd. Source100: %{name}.service # Additional runtime configuration. Source200: %{name}.sysctl Source201: %{name}.dnsmasq BuildRequires: fdupes BuildRequires: golang-packaging BuildRequires: libacl-devel BuildRequires: libcap-devel BuildRequires: patchelf BuildRequires: pkg-config BuildRequires: rsync BuildRequires: golang(API) >= 1.10 BuildRequires: pkgconfig(libudev) BuildRequires: pkgconfig(lxc) >= 3.0.0 # Needed to build the sqlite fork and dqlite. BuildRequires: autoconf BuildRequires: libtool BuildRequires: pkgconfig(libuv) >= 1.8.0 BuildRequires: pkgconfig(tcl) # Bits required for images and other things at runtime. Requires: acl Requires: ebtables BuildRequires: dnsmasq Requires: criu >= 2.0 Requires: dnsmasq Requires: lxcfs Requires: lxcfs-hooks-lxc Requires: rsync Requires: squashfs Requires: tar Requires: xz # Storage backends -- we don't recommend ZFS since it's not *technically* a # blessed configuration. Recommends: lvm2 Recommends: thin-provisioning-tools Recommends: btrfsprogs Suggests: zfs %description LXD is a system container manager. It offers a user experience similar to virtual machines but uses Linux containers (LXC) instead. %package bash-completion Summary: Bash Completion for %{name} Group: System/Management Requires: %{name} = %{version} Supplements: packageand(%{name}:bash-completion) BuildArch: noarch %description bash-completion Bash command line completion support for %{name}. %prep %setup -q # Create fake "go mod"-like import paths. This is going to be really fun to # maintain but it's unfortunately necessary because openSUSE doesn't have nice # "go mod" support in OBS... ln -s . _dist/src/github.com/cpuguy83/go-md2man/v2 %build # Make sure any leftover go build caches are gone. go clean -cache # Set up GOPATH. export GOPATH="$PWD/.gopath" export PKGDIR="$GOPATH/src/%{import_path}" mkdir -p "$PKGDIR" cp -a * "$PKGDIR" # Set up temporary installation paths. export INSTALL_ROOT="$PKGDIR/.install" export INSTALL_INCLUDEDIR="$INSTALL_ROOT/%{_includedir}" export INSTALL_LIBDIR="$INSTALL_ROOT/%{_libdir}/%{name}" # We first need to build all of the LXD-specific dependencies. To avoid binary # bloat, we build them as dylibs -- but we then later need to mess around with # the ELF headers to stop the openSUSE packaging scripts from freaking out. export CFLAGS="%{optflags} -fPIC -DPIC" # We have a temporary-install directory which contains all of the dylib deps. export PKG_CONFIG_SYSROOT_DIR="$INSTALL_ROOT" export PKG_CONFIG_PATH="$INSTALL_LIBDIR/pkgconfig" # SQLite pushd "$PKGDIR/_dist/deps/sqlite" autoreconf -fiv %configure \ --libdir="%{_libdir}/%{name}" \ --disable-static \ --enable-replication \ --disable-tcl make clean make %{?_smp_mflags} make DESTDIR="$INSTALL_ROOT" install popd # libco pushd "$PKGDIR/_dist/deps/libco" make \ CFLAGS="$CFLAGS" \ PREFIX="" \ INCLUDEDIR="%{_includedir}" \ LIBDIR="%{_libdir}/%{name}" \ DESTDIR="$INSTALL_ROOT" \ all install popd # raft pushd "$PKGDIR/_dist/deps/raft" autoreconf -fiv %configure \ --libdir="%{_libdir}/%{name}" \ --disable-static make %{?_smp_mflags} make DESTDIR="$INSTALL_ROOT" install popd # dqlite pushd "$PKGDIR/_dist/deps/dqlite" ( autoreconf -fiv %configure \ --libdir="%{_libdir}/%{name}" \ --disable-static make clean make %{?_smp_mflags} make DESTDIR="$INSTALL_ROOT" install ) popd # Find all of the main packages using go-list. readarray -t mainpkgs \ <<<"$(go list -f '{{.Name}}:{{.ImportPath}}' %{import_path}/... | \ awk -F: '$1 == "main" { print $2 }' | \ grep -Ev '^github.com/lxc/lxd/(test|shared)')" # _dist/src is effectively an old-school "vendor/" tree, so add it to GOPATH. export GOPATH="$GOPATH:$PKGDIR/_dist" # And now we can finally build LXD and all of the related binaries. mkdir bin for mainpkg in "${mainpkgs[@]}" do binary="$(basename "$mainpkg")" ( # We need to link against our particular dylib deps. export \ CGO_CFLAGS="-I $INSTALL_INCLUDEDIR" \ CGO_LDFLAGS="-L $INSTALL_LIBDIR" ||: go build -buildmode=pie -tags "libsqlite3" -o "bin/$binary" "$mainpkg" ) done # This part is quite ugly, so I apologise upfront. # # We want to have our _dist/deps/* libraries be dylibs so that we don't bloat # our lxd binary. Unfortunately, we are presented with a few challenges: # # * Doing this naively (put it in {_libdir}) results in sqlite3 package # conflicts -- and we aren't going to maintain sqlite3 for all of openSUSE # here. # # * Putting everything in a hidden {_libdir}/{name} with RUNPATH configured # accordingly works a little better, but still results in lxd ending up with # {Provides,Requires}: libsqlite3.so.0. This results in more esoteric # conflicts but is still an issue (we'd need to add Prefer: libsqlite3-0 # everywhere). # # So, the only reasonable choice left is to use absolute paths as DT_NEEDED # entries -- which bypasses the need for RUNPATH and allows us to set garbage # sonames for our _dist/deps/* libraries. Absolute paths for DT_NEEDED is # *slightly* undefined behaviour, but glibc has had this behaviour for a very # long time -- and others have considered using it in a similar manner[1]. # # What F U N. # # [1]: https://github.com/NixOS/nixpkgs/issues/24844 ( # A simple check that lxd isn't broken. We can't do this after patchelf # because we'd need to chroot(2) into {buildroot} which isn't permitted due # to user namespaces being blocked inside rpmbuild. boo#1138769 export LD_LIBRARY_PATH="$INSTALL_LIBDIR" ./bin/lxd help ) for lib in "$INSTALL_LIBDIR"/lib*.so do # Strip off last two version digits. name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')" # Give our libraries unrecognisable DT_SONAME entries. patchelf --set-soname "._LXD_INTERNAL-$name" "$lib" # Make sure they're executable. chmod +x "$lib" done # Switch to absolute DT_NEEDED for all dylibs we have as well as the main LXD # binary. We do this for all dylibs to make sure we don't end up with weird # chain-loading problems. for target in bin/* "$INSTALL_LIBDIR"/lib*.so do # Drop RPATH in case it got included during builds. patchelf --remove-rpath "$target" # And now replace all the possible DT_NEEDEDs to absolute paths. for lib in "$INSTALL_LIBDIR"/lib*.so do # Strip off last two version digits. name="$(basename "$(readlink "$lib")" | sed -E 's/\.[0-9]+\.[0-9]+$//')" patchelf --replace-needed {,%{_libdir}/%{name}/}"$name" "$target" done done # Generate man pages. mkdir man ./bin/lxc manpage man/ pushd bin/ for bin in * do # Ensure that all our binaries are dynamic. boo#1138769 file "$bin" | grep 'dynamically linked' # Check what they are linked against. ldd "$bin" done popd %install export GOPATH="$PWD/.gopath" export PKGDIR="$GOPATH/src/%{import_path}" export INSTALL_LIBDIR="$PKGDIR/.install/%{_libdir}/%{name}" install -d -m 0755 %{buildroot}%{_libdir}/%{name} # We can't use install because *.so.$n are symlinks. cp -avt %{buildroot}%{_libdir}/%{name}/ "$INSTALL_LIBDIR"/lib*.so.* # Install all the binaries. pushd bin/ for bin in * do install -D -m 0755 "$bin" "%{buildroot}%{_bindir}/$bin" done popd # Install man pages. pushd man/ for man in * do section="${man##*.}" install -D -m 0644 "$man" "%{buildroot}%{_mandir}/man$section/$man" done popd # bash-completion. install -D -m 0644 scripts/bash/lxd-client %{buildroot}%{_datadir}/bash-completion/completions/lxc # sysv-init and systemd setup. install -D -m 0644 %{S:100} %{buildroot}%{_unitdir}/%{name}.service mkdir -p %{buildroot}%{_sbindir} ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name} # Run-time configuration. install -D -m 0644 %{S:200} %{buildroot}%{_sysctldir}/60-lxd.conf install -D -m 0644 %{S:201} %{buildroot}%{_sysconfdir}/dnsmasq.d/60-lxd.conf # Run-time directories. install -d -m 0711 %{buildroot}%{_localstatedir}/lib/%{name} install -d -m 0755 %{buildroot}%{_localstatedir}/log/%{name} %fdupes %{buildroot} %pre # Group which owns the lxd socket, which allows people to administer it. getent group %{name} >/dev/null || groupadd -r %{name} # /etc/sub[ug]id should exist already (it's part of shadow-utils), but older # distros don't have it. LXD just parses it and doesn't need any special # shadow-utils helpers. touch /etc/subuid /etc/subgid ||: # Add sub[ug]ids for LXD's unprivileged containers -- in order to support # isolated containers we add quite a few subuids. Since LXD runs as root we add # them for the root user (not the lxd group). We only bother if there aren't # any mappings available already. # # We have no guarantee that the range we pick will be unique -- which ideally # we would want it to be. There isn't a nice way to do this without # reimplementing a bunch of range-handling code for /etc/sub[ug]id in bash. So # we just pick the 400-900 million range, and hope for the best (most tutorials # use the 1-million range, so we avoid that pitfall). # # This default setting of 500 million is enough for ~8000 isolated containers, # which should be enough for most users. grep -q '^root:' /etc/subuid || \ usermod -v 400000000-900000000 root &>/dev/null || \ echo "root:400000000:500000001" >>/etc/subuid ||: grep -q '^root:' /etc/subgid || \ usermod -w 400000000-900000000 root &>/dev/null || \ echo "root:400000000:500000001" >>/etc/subgid ||: %service_add_pre %{name}.service %post %sysctl_apply %service_add_post %{name}.service %preun %service_del_preun %{name}.service %postun %sysctl_apply %service_del_postun %{name}.service %files %defattr(-,root,root) %doc AUTHORS README.md doc/ %license COPYING %{_bindir}/* %{_mandir}/man*/* %{_libdir}/%{name} %{_sbindir}/rc%{name} %{_unitdir}/%{name}.service %dir %{_localstatedir}/lib/%{name} %dir %{_localstatedir}/log/%{name} %{_sysctldir}/60-lxd.conf %config(noreplace) %{_sysconfdir}/dnsmasq.d/60-lxd.conf %files bash-completion %defattr(-,root,root) %{_datadir}/bash-completion/ %changelog ++++++ lxd-rpmlintrc ++++++ # The linking against full paths underneath /usr/lib64/lxd/ is intentional, as # our shared libraries are internal and aren't meant to be used outside LXD. # This error only appears in old SLE versions. addFilter ("^lxd.* E: invalid-filepath-dependency .* /usr/lib(32|64)?/lxd/") ++++++ lxd.dnsmasq ++++++ # WARNING: DO NOT MODIFY THIS FILE. # Changes to this file will be lost when the lxd package is updated or removed. # Instead, add changes to /etc/dnsmasq.d/. # Tell any system-wide dnsmasq instance to make sure to bind to interfaces # instead of listening on 0.0.0.0. bind-interfaces except-interface=lxdbr0 ++++++ lxd.keyring ++++++ pub rsa4096/0xC638974D64792D67 2010-10-23 [SC] 602F567663E593BCBD14F338C638974D64792D67 uid [ unknown] Stéphane Graber <stgra...@stgraber.org> uid [ unknown] Stéphane Graber <stgra...@ubuntu.com> sub rsa4096/0x9E4B2A99D7B3258F 2010-10-23 [E] -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBEzDJtYBEADeY2GjCIHiP69HyT6dea1bcBYKHzGusmPjUGfNExAgseCgkFGo xROSpjt5ez8FGyvjvSevVTtWTO955eLrhj7fUzfcN8ot+Lj5EeCeyX6evR/jv/Kw dJZfKNHEKFlsRL74NEodSIvxDxANsu4iggpPWe+RMcZt7yP/4j5j7/yfZHCtDNVe 6vYr6FvR9YmJ1TK3SudKQ0eLYBgW75V45xtgl1dzcTfmmnQKRq0NBgGHQ9P+VdA5 TTaKDxDyVGuGL3eSBABLKiOTVxn8cLK75NOHH920PbOIKAfXh0StvIRbHL0EcwNj 4nrSHHsDqFwQaieVueEpxaL3OfKXlF/4KdkCz8J1fXMiKd7MrOaVCGfriU4J9H3V 2JUPzHCv1QOLlJFkzyfbAh/62xRuUKihqBnLvMStl1wCesbMSAUxZZs2u+emqjD7 wqf7bj5u34bCb/7eBnirBhk7fCPrWeiw+tyr8focN3TB9ZjoFba+lzReP+ehYpFI 15ro7wJ82VvEYw3/UIOyUhGBdGWZzwoag6Y2sm7zY84YGtNV44LsaKpJYZUi7er4 2JQZ6PN68lfkGgTyjd3eFQ4la7pmhOWDZt9ldy8rz8dw0K8gKRP+b5NNmaPznCcM tg8s+mQqcjWpeqwmq93JrgbxGwgiI2qw9P+dZI0jn+Aoth+DDki3MC6ZXwARAQAB tCZTdMOpcGhhbmUgR3JhYmVyIDxzdGdyYWJlckB1YnVudHUuY29tPokCNwQTAQoA IQUCTMMuOgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDGOJdNZHktZ35S D/434tFecFY622NY/YLjQUN++bSvP+mbeCeOXnOULZozURQTuQzneTWFgkPOL7Uv RIrw0WznQEwhUMai7PUF3SbOYcj7iYSXJM6t3aNfW0zmjS185Ny2bRB7URihTAyE eM4Jpk6oMTmhqmH2OHnFQuNqmCl1tiH44KVv/sQAEzN/txjxj64YSq5NSzkQKlMG /n7QfLL+RhoB4db1wY8vhnrryP7vUx5DR1A5z9MYfFTIJb75vsQM6r4s3sVtwSTG kozJMUZAs0EXbI2Tgx2Wd7t2ix21lBu0PDb/RINpXQV0pyhT1kQxa1ZKfpLoM2LR Wp6ctqmU+qkryaW8cLEHkYmDKEQIgQ7/DrOJPrPgjfBIC9LOcXgI1LbIh1L7tNFA OiOVS/e4C3zxBowCS4VCWq9m0LrmC531sFF46cmAMhrmtStWqJpn/Yaxn8VmhhTU zIVOUr3gL9RzbynYGIiSif+LXsrPLzEaDTGjmKm3oFvDadUHmb6HyuQ0M9UCgLQK kWiOvybx6Q16doFm61VQsJMqHDSpLBjOc5cSHO9PiXlYzkK0dv8h8e0LG2MORHCJ K4s8SfsPAXBCJwoZufcohaO0DD/fx93ErcAyNlDiwL2TxrQ4wEMHj73lt18A/HqP VpU0zTWDpNDe/N12a3sfTfs9IdB/izq6k2kTzZwHmqgpKbQoU3TDqXBoYW5lIEdy YWJlciA8c3RncmFiZXJAc3RncmFiZXIub3JnPokCOgQTAQoAJAIbAwULCQgHAwUV CgkICwUWAgMBAAIeAQIXgAUCTMMuYQIZAQAKCRDGOJdNZHktZyTdEACcaGpJvqa8 uDiVrmbyaK/LDWhKdVE9JujTg4g05xtRpEE/yQKwHXKKxQfe8wQRuNOXWLj66w4o UBKJs7Rc/DdNEM/RfYiTJD0dZ2fPq3GcU5rbZos1Tvmdpc1qVOyEMf3VJQ/vZEEy 7SM+i+jHx7lCx8lE0D6TsdrLVyh9cvr5+MwiqcVQXqK0aqGKjCdbEjUtsPz1d5Cu Mq95ZQff6W6m1yNlxMnRMxdreYXCrjtv78RzlQi8dTgboaOOBC3TYQQwHx9ZrLGM 3WuPmUl9uecPTOSxIqoZHEpvz5fUQ0DhnlcxCd3R2qgPneEq0yEuaZrq8UZNyp/o 4iQAAz9BH/I7i34HySBuEzkCOSgRd1zMmuXGyrgg67kSMUFs8zyMqyjgups+ig1f x8mKmwykVdH5Wgc310sy2W9wG5lWET45Z7gCDiu9x8B+3l6Qwn4WNffSI39ryTG4 aPGbQ/Z3+Ipm+uEV98Gm8TDcj0GUhL5XmsQ9DEcftGfw/Kxt4vaDtCOFaSZqmsoV b325sKF+LhCZTUwZVCHrkSIC75bJ0JtxRWu+4qWtBgbFTgx5jpr1zWP524x+c0a7 aLGrsB1lAnmFqFoipzvfj2grNgtY7zDf3rcf/lBwt6VKGTCPuoJW0iRLhJQGK3AZ Nkeu4F9t4IC5XcNKSnWJNQg0PiF0sfxTFbkCDQRMwybWARAApvNuefvVycI47ABo T7AzBsHf0lbt4ihMpugZ+GfubzK98kn8pDRprUAfACx6+NLkxuAf9WyL7CFoFLSJ je1m7ZhYeeNckrF5Ir1VRsF+6DueantQzawL8tq6o/sr+4/F5e0jwpXAbHNKiuqj Q/DbLVPEmln29aYtJT3Vtm1eVzK2XkxicSlRROKHrGbaGSHEJgWr/7zqNcDPY9Ss /pms2lqGCWK7MMG/PGVhYIJ9LKNK4yGQtxD51UuruAy6MmRfu1cKDzJ4frQjJTkr c746uofRzK7F/uTQYFpXXd2uQ2/xi+dRnTyoqszvlS7Cm5/V2AhblbnUVE+gWgcR lg3WXetJmI/jMwPCYSy1wxWFwZGYs/VTXcimHBcOZWu7cAur8zDNkm6uQaMaFRrq LmkkLjoY0e8cXZIkcmQfvlWHdDkebQevRvKlNWIJChRXLU7SAKjrIe5y1lxyzy3y dS8saK1nt7swubf737jHahQkNev9QwZ3r9ZxsyRXXRkXpKOoHQ2MVqyId+6Nk8Pn /0yE6RPN+t01je/I731fLUZzsCs6y2e5d+xxQzQSTGBiJfxfHodBts3D6r3sxxYn nvIe3H2Trzv34lNmiwX6RhxqPGiHBSvRxoTXz4luydDKIrBdaN+sgTkMINa3KDhf VMmbdnwTOQbW2pi3qUCbjA0TI+EAEQEAAYkCHwQYAQoACQUCTMMm1gIbDAAKCRDG OJdNZHktZxrrD/97bryBoLKJNc4tAtDY8umo+phdL/kUTx9gVeKHpZZVoymHW7pS 3stXC9UJigHuaDjkdvHq1v9fUdIp9mD8uqWgGJNO+hV99ARZSEkXfAFtNHYw0gVi izz0J0FEmMibJJBjj4kDi9Z/2fWRKsvNfwQ6UKrKtYkkM1DWNnqhNJVDVNJ+4Mr5 Y8wbkItPV07f5L3kdYFE90K08IJh/pvalt383RuNmuqFwNGjStLcfo2YRpTyjmWA oR7qaGflTAKm0+Qj/vx8vfHu7WAfcdcAT6ftZ5Q7C0LcPPuNkTBGFUyvJwW+7AV5 3Pln6vsbZg451J4iFQ0FTAYys40LbkLKYSAXfvfYHXY9ZOCvoZvsoeDG8zDUEGj5 EnsiJNlJx2xCRwjIrCzujUs91HdxQoVtXWwtlknZNwO46x433+ukhkTGJGQ7YFao x/JxkvQOhndYJBKm5C1P7ZlLmcRndv7Lrld9rVsYGk4/lCLDPXb/ZJ0jmZLYNqez 2z0Pcd0m+jtbVVuMxuIMI2NOFIccVsQxlrtWCdhnGfs+KH1D1eyLNB7PpzWq01yI z3pNBo5YYOLovpu0wVB0vxLTkDxmcl4aoM6MGkbnDfK4al+RQ+hDJlCAW+z3hUxH 2CmlO+WHtRJyXqE37QX6y9xmflvckMvo+CB+gopGyzMJuLqkBL2sFHZbIw== =JVth -----END PGP PUBLIC KEY BLOCK----- ++++++ lxd.service ++++++ [Unit] Description=LXD Container Hypervisor After=network-online.target lxcfs.service Requires=network-online.target lxcfs.service Documentation=man:lxd(1) [Service] ExecStart=/usr/bin/lxd --group=lxd --logfile=/var/log/lxd/lxd.log ExecStartPost=/usr/bin/lxd waitready --timeout=600 TimeoutStartSec=600s TimeoutStopSec=30s Restart=on-failure # Having non-zero Limit*s causes performance problems due to accounting overhead # in the kernel. We recommend using cgroups to do container-local accounting. LimitNOFILE=1048576 LimitNPROC=infinity LimitCORE=infinity # No need to add a task limit. TasksMax=infinity # Set delegate yes so that systemd does not mess with LXD cgroups. Delegate=yes # Kill only the LXD process, not all processes in the cgroup. KillMode=process [Install] WantedBy=multi-user.target ++++++ lxd.sysctl ++++++ # WARNING: DO NOT MODIFY THIS FILE. # Changes to this file will be lost when the lxd package is updated or removed. # Instead, add changes to /etc/sysctl.d/. # These defaults come from doc/production-setup.md, but have been slightly # modified to be less extreme. The recommended value is included as a comment # below each changed value. # inotify limits. fs.inotify.max_queued_events = 131072 # 1048576 fs.inotify.max_user_instances = 131072 # 1048576 fs.inotify.max_user_watches = 131072 # 1048576 # Number of memory mappings a process can have (lxd can have quite a lot). #vm.max_map_count = 262144 # Deny container access to kmsg, but this also blocks non-root host users so # it's disabled by default. This isn't a bad hardening measure in general. #kernel.dmesg_restrict = 1 # ARP table size (one per container) net.ipv4.neigh.default.gc_thresh3 = 2048 # 8192 net.ipv6.neigh.default.gc_thresh3 = 2048 # 8192 # Number of kernel keyrings for unprivileged users (one per container). kernel.keys.maxkeys = 2048
