package albatross
Install
Dune Dependency
Authors
Maintainers
Sources
sha256=01201cb598b91cc50b04860cf2dda7416923e89ca23bfbb9ab310a7def9d7c63
sha512=2c4f9ae7addf46bf2695f4d9f24961b9a83d1fefa96abbf3259b5dc56cf6ebdaeb42f3e29f926ab0e28fb217c12f510c96e3e96efe59c82f061d77fb7ac64ce2
Description
Published: 11 Dec 2022
README
Albatross: orchestrate and manage MirageOS unikernels with Solo5
The goal of albatross is robust deployment of MirageOS unikernels using Solo5. Resources managed by albatross are network interfaces of kind tap
, which are connected to already existing bridges, block devices, memory, and CPU. Each unikernel is pinned (cpuset
/ taskset
) to a specific core.
Albatross allows remote management. To deploy or destroy a unikernel, no shell access is necessary. The remote channel is a mutually authenticated (with X.509 certificates) TLS connection. Console output of the unikernels is stored in memory in a ring buffer, and accessible remotely. Monitoring data (CPU and memory usage) of the unikernels can be collected as well, and pushed into an Influx time series database.
Albatross consists of multiple processes, each running with the least privileges. Albatross can be run next to other orchestration systems; it does not assume to be the single instance on a dom0 which creates and destroys virtual machines. Resource policies can be dynamically configured for each administrative domain (similar to DNS, a hierarchical naming scheme), and are checked statically (to decrease while going down the tree) and dynamically when a new unikernel is to be deployed.
When a unikernel is deployed, albatross tries its best to keep it running, even when the physical hardware reboots, or albatross is restarted. When the unikernel exits, depending on configuration and its exit code, it is re-started. The current set of running unikernels is persisted on disk, though there is no dependency or order for restarting them.
The scope of albatross is to provide a minimal orchestration system that avoids the need for shell access on the dom0. This leads to mostly immutable - or only mutable via albatross - infrastructure. Further dissemination of albatross into virtual machines, and a communication interface for deploying and destroying unikernels, is being researched on.
Components
Albatross consists of a set of binaries. Several daemons, which communicate in a request-response style over Unix domain sockets, are run in the host system:
albatrossd
: privileged to create and destroy unikernelsalbatross-console
: reads the console output of unikernelsalbatross-stats
: statistics gathering (rusage, ifstat, BHyve debug counters)albatross-tls-inetd
: remote deployment via TLS and inetd (an alternative isalbatross-tls-endpoint
)albatross-influx
: statistic reporting fromalbatross-stats
to influx
The main daemon is the privileged albatrossd
, which supervises unikernels. It opens a listening Unix domain socket, reads the persisted unikernel configuration, starts these unikernels, and awaits commands. Access can be regulated by Unix file permissions -- only those users who can write to that socket can send commands.
Albatross-console
does not keep any persistent state, but a ring buffer of console output from each unikernel. These messages can be retrieved by a client as a stream of messages (history, and whenever a new line is output, it is sent to the interested client). Each unikernel output can only be read by a single client, to avoid amplification of traffic if lots of clients are connected. Albatrossd
sends a message to albatross-console
whenever a new unikernel is started, upon reception albatross-console
opens and reads the fifo which the unikernel will write their standard output to.
Albatross-stats
periodically gathers statistics (memory, CPU, network, hypervisor) from all running unikernels.
Albatross-tls-inetd
is executed via inetd (socket activation) and proxies requests from remote clients to the respective daemons described above. It enforces client authentication, and uses the common names of the client certificate chain as the administrative domain. The policies are embedded in CA certificates, and the command is embedded in the leaf certificate. The albatross-tls-endpoint
is an alternative which listens on a TCP port and executes an asynchronous task for each incoming request.
The following command-line applications for local and remote management are provided:
albatross-client-local
: sends a command locally to the Unix domain socketsalbatross-client-remote-tls
: connects to a remote TLS endpoint and sends a commandalbatross-provision-request
: creates a certificate signing request containing a commandalbatross-provision-ca
: certificate authority operations: sign, generate, and revoke (NYI)albatross-client-bistro
: command line utility to execute a command remotely: request, sign, remote (do not use in production, requires CA key locally)
Installation
Binary packages are available for Debian, Ubuntu and FreeBSD. How to install.
For other operating systems / distributions, run opam install albatross
.
Also read the blog article for the motivation behind albatross and an overview of its functionality.
Dependencies (31)
-
owee
>= "0.4"
-
solo5-elftool
>= "0.3"
- happy-eyeballs-lwt
-
http-lwt-client
>= "0.2.0"
- hex
- metrics-rusage
-
metrics-influx
>= "0.2.0"
-
metrics-lwt
>= "0.2.0"
-
metrics
>= "0.2.0"
- checkseum
-
bigstringaf
>= "0.2.0"
-
decompress
>= "1.3.0"
- duration
-
asn1-combinators
>= "0.2.0" & < "0.3.0"
-
mirage-crypto-rng
>= "0.8.0" & < "1.0.0"
-
mirage-crypto
< "1.0.0"
-
tls
>= "0.13.1" & < "0.16.0"
-
x509
>= "0.13.0"
-
fmt
>= "0.8.7"
-
cmdliner
>= "1.1.0"
- ptime
- bos
- logs
-
cstruct
>= "6.0.0"
-
ipaddr
>= "5.3.0"
-
lwt
>= "3.0.0"
-
conf-libnl3
os = "linux"
-
conf-pkg-config
build
- dune-configurator
-
dune
>= "2.7.0"
-
ocaml
>= "4.12.0"
Dev Dependencies (1)
-
alcotest
with-test
Used by (1)
Conflicts
None