diff --git a/packaging/Linux/README.md b/packaging/Linux/README.md new file mode 100644 index 0000000..2274031 --- /dev/null +++ b/packaging/Linux/README.md @@ -0,0 +1,10 @@ +# systemd service scripts + +these are preliminary and just here to let people play with `solo5-spt`, the seccomp-enabled backend for [Solo5](https://github.com/Solo5/solo5) on Linux. + +1) You need to build the `vmm` tooling in this repository +2) You need to build a `spt`-compatible binary to deploy. +3) See [`install.sh`](./install.sh) for commands required to deploy it. +4) `sudo journalctl -fu albatross'*'.service` +5) ideally, once the services are up and running, you would be able to issue this command to deploy a unikernel: + `sudo vmmc_local.native -t spt-amd64 --compression0 helloworld /path/to/hello_world.spt` diff --git a/packaging/Linux/albatross_console.service b/packaging/Linux/albatross_console.service new file mode 100644 index 0000000..6da26a3 --- /dev/null +++ b/packaging/Linux/albatross_console.service @@ -0,0 +1,34 @@ +[Unit] + +# To configure this service, please use the following command +# to create an override configuration: +# systemctl edit albatross_console.service + +Description=Albatross console daemon (albatross_console) +After=syslog.target +[Service] +Type=simple + +#TODO no need to run as root! +#Environment="albatross_console_user=root" +User=root + +WorkingDirectory=/ + +# TODO what does the following line do? +Environment=albatross_prefix=/usr/local/sbin/albatross_console.exe +#ExecStartPre=id # the fbsd scripts do something here, not sure what +ExecStart=/usr/local/sbin/albatross_console.exe --tmpdir="%t/albatross/" -vv + +# state=%S +# runtime=%t +# small temp=%T +# large temp=%V +# PrivateTmp=yes + +RuntimeDirectoryPreserve=yes +RuntimeDirectory=albatross albatross/fifo albatross/util +PIDFile=%t/albatross/console.pid + +[Install] +WantedBy=multi-user.target diff --git a/packaging/Linux/albatross_daemon.service b/packaging/Linux/albatross_daemon.service new file mode 100644 index 0000000..0b1d710 --- /dev/null +++ b/packaging/Linux/albatross_daemon.service @@ -0,0 +1,38 @@ +[Unit] +Description=Albatross VMM daemon (albatrossd) +Requires=albatross_console.service albatross_log.service albatross_stat.service +After=syslog.target albatross_console.service albatross_log.service albatross_stat.service +[Service] +Type=simple + +# TODO not necessarily needs to be run as root, anything that can solo5-spt/hvt, +# create tap interfaces should be fine! +#Environment=albatross_daemon_user=root +#User=${albatross_daemon_user} +User=root + +WorkingDirectory=/ + +#ExecStartPre=id # the fbsd scripts do something here, not sure what +ExecStart=/usr/local/sbin/albatrossd.exe --tmpdir="%t/albatross/" -vv +#--dbdir (defaults to /run/albatross) + +RuntimeDirectoryPreserve=yes +RuntimeDirectory=albatross albatross/fifo albatross/util +PIDFile=/%t/albatross/daemon.pid + +## hardening stuff +ProtectSystem=full +ProtectHome=true +UMask=0077 +OOMScoreAdjust=-1000 +#AppArmorProfile= +#SmackProcessLabel=albatross_vmm +IgnoreSIGPIPE=true +#SystemCallFilter=~reboot +#SystemCallFilter= +RestrictAddressFamilies=AF_UNIX AF_INET +#RuntimeDirectoryMode=0700 + +[Install] +WantedBy=multi-user.target diff --git a/packaging/Linux/albatross_log.service b/packaging/Linux/albatross_log.service new file mode 100644 index 0000000..cd1a93d --- /dev/null +++ b/packaging/Linux/albatross_log.service @@ -0,0 +1,25 @@ +[Unit] + +# To configure this service, please use the following command +# to create an override configuration: +# systemctl edit albatross_log.service + +Description=Albatross log daemon (albatross_log) +After=syslog.target +[Service] +Type=simple + +# TODO should not be root (needs to write to logfile (%L/albatross.log)) +User=root + +WorkingDirectory=/ + +#ExecStartPre=id # the fbsd scripts do something here, not sure what +ExecStart=/usr/local/sbin/albatross_log.exe --logfile="%L/albatross.log" --tmpdir="%t/albatross/" -vv + +RuntimeDirectory=albatross +RuntimeDirectory=albatross albatross/fifo albatross/util +PIDFile=/%t/albatross/log.pid + +[Install] +WantedBy=multi-user.target diff --git a/packaging/Linux/albatross_stat.service b/packaging/Linux/albatross_stat.service new file mode 100644 index 0000000..fcb52a2 --- /dev/null +++ b/packaging/Linux/albatross_stat.service @@ -0,0 +1,34 @@ +[Unit] + +# To configure this service, please use the following command +# to create an override configuration: +# systemctl edit albatross_stat.service + +Description=Albatross stat daemon (albatross_stat) +After=syslog.target +[Service] +Type=simple + +# TODO no need to run as root! +#Environment="albatross_stat_user=root" +User=root + +WorkingDirectory=/ + +# TODO what does the following line do? +Environment=albatross_prefix=/usr/local/sbin/albatross_stats.exe +#ExecStartPre=id # the fbsd scripts do something here, not sure what +ExecStart=/usr/local/sbin/albatross_stats.exe --tmpdir="%t/albatross/" -vv + +# state=%S +# runtime=%t +# small temp=%T +# large temp=%V +# PrivateTmp=yes + +RuntimeDirectoryPreserve=yes +RuntimeDirectory=albatross albatross/fifo albatross/util +PIDFile=%t/albatross/stat.pid + +[Install] +WantedBy=multi-user.target diff --git a/packaging/Linux/install.sh b/packaging/Linux/install.sh new file mode 100755 index 0000000..f90c63c --- /dev/null +++ b/packaging/Linux/install.sh @@ -0,0 +1,18 @@ +#!/bin/sh +sudo mkdir -m 0700 -p /var/lib/albatross/block + +sudo cp ../../_build/default/client/*.exe /usr/local/sbin/ +sudo cp ../../_build/default/daemon/*.exe /usr/local/sbin/ +sudo cp ../../_build/default/provision/*.exe /usr/local/sbin/ +sudo cp ../../_build/default/stats/*.exe /usr/local/sbin/ +sudo cp ../../_build/default/tls/*.exe /usr/local/sbin/ +sudo cp ./albatross_*.service /lib/systemd/system/ +sudo systemctl daemon-reload +sudo systemctl stop albatross_console +sudo systemctl start albatross_console +sudo systemctl stop albatross_log +sudo systemctl start albatross_log +sudo systemctl stop albatross_stat +sudo systemctl start albatross_stat +sudo systemctl stop albatross_daemon +sudo systemctl start albatross_daemon