[lxc-devel] LXD an "hypervisor" for containers (based on liblxc)

Stéphane Graber stgraber at ubuntu.com
Tue Nov 4 17:33:01 UTC 2014


So some of you may have seen discussions here and there about an announcement
which was made earlier today at the OpenStack Summit in Paris.

The public description of the project is at:

Now all of this is pretty vague so I'll try to give some context and
describe how things will be moving forward from there.

Earlier this year, I started a discussion with some of you and some of
our biggest users on improving the LXC user experience. This resulted in
a bunch of good ideas, especially being able to transparently manage a
bunch of hosts over the network, move containers around and do all of
this safely.

After some more discussions at conferences and internally within
Canonical, what's announced today as LXD was born.

The concept is relatively simple, it's a daemon exporting an
authenticated REST API both locally over a unix socket and over the
network using https.
There are then two clients for this daemon, one is an OpenStack plugin,
the other a standalone command line tool.

The main features and I'm sure I'll be forgetting some are:
 - Secure by default (unprivileged containers, apparmor, seccomp, ...)
 - Image based workflow (no more locally built rootfs)
 - Support for online snapshotting, including running state (with CRIU)
 - Support for live migration
 - A simpler command line experience

This work will be done in Go, using the great go-lxc binding from S.Çağlar.

Now as to what this means for LXC upstream:
 - A new project will be setup at github.com/lxc/lxd.
 - Code to this project will be contributed under an Apache2 license, no
   CLA is required but we will require contributors to Sign-off on their
   commits as always (DCO).
 - Discussions about lxd will happen on lxc-devel and lxc-users.
 - Contributions to github.com/lxc/lxd will happen through github pull
   requests only and reviews will happen on github too.

This is kept separate from the main tree because at least initially, I
believe it best to have a separate release schedule for both of those
and because it tends to be easier for Go-only projects to live in their
own branch.

This also isn't the end of the old lxc tools and templates. Those will
keep being developed and maintained so long as there's interest in doing
so by the LXC community.

lxd will be a nice way to try and build a completely new, slicker user
experience without having to care about backward compatibility, as a new
project, it should also be much easier for newcomers to work on.

In order to be a good hypervisor, we also need to make containers feel
like they are their own system and so we'll be spending quite a bit of
time figuring out how to improve the situation.
Some of the work presented at Linux Plumbers is going to contribute to
that, like cgmanagerfs to provide a reasonable view of /proc and a fake
cgroupfs, Seth's unprivileged FUSE mounts and all the cool things
mentioned in Serge's earlier post about 

Now as for the next steps. We will be creating the repository on github
over the next few hours with Serge and I as the initial maintainers.
Once the project is properly started and active, we will promote some of
the most active contributors to commiters.

The first few commits in there will be text versions of the
specifications we came up with until now. This should also serve as a
good todo list for people who want to get involved.

Over the next few days/weeks, the existing code which was used for the
demo at the OpenStack summit in Paris will be submitted through pull
requests, reviewed and merge.

I'm also working on a new version of linuxcontainers.org which will end
up covering all linuxcontainers.org projects, that is at the moment,
lxc, cgmanager and lxd, with clear descriptions, examples, news, ...

Help with any of the above would be greatly appreciated, please get in
touch, on the list or on IRC (#lxcontainers on Freenode)!

Stéphane Graber
Ubuntu developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141104/f12dd026/attachment.sig>

More information about the lxc-devel mailing list