get rid of FreeBSD kludge by using devfs!
This commit is contained in:
parent
1355a92292
commit
2bf1b96178
14
README.md
14
README.md
|
@ -96,6 +96,20 @@ SRV# sysctl net.link.tap.up_on_open=1
|
||||||
SRV# brctl addbr ext
|
SRV# brctl addbr ext
|
||||||
```
|
```
|
||||||
|
|
||||||
|
At least on FreeBSD, in order to monitor unikernels write permissions to
|
||||||
|
`/dev/vmm/<vm>` are needed. To achieve this (otherwise `vmm_stats` won't be
|
||||||
|
able to collect statistics unless running as a privileged user, the following
|
||||||
|
`devfs` ruleset can be used in `/etc/devfs.rules` (in case you created an
|
||||||
|
`albatross` group):
|
||||||
|
|
||||||
|
```
|
||||||
|
[albatross=10]
|
||||||
|
add path 'vmm/ukvm*' mode 0660 group albatross
|
||||||
|
```
|
||||||
|
|
||||||
|
Also need to activate by adding `devfs_system_ruleset="albatross"` to
|
||||||
|
`/etc/rc.conf` and `service devd restart` on the host system.
|
||||||
|
|
||||||
## Provision our first virtual machine
|
## Provision our first virtual machine
|
||||||
|
|
||||||
We will delegate some resource to a certificate and key we keep on our
|
We will delegate some resource to a certificate and key we keep on our
|
||||||
|
|
|
@ -190,13 +190,3 @@ let exec vm taps =
|
||||||
R.error_msgf "cmd %a exits: %a" Bos.Cmd.pp cmd pp_unix_error e
|
R.error_msgf "cmd %a exits: %a" Bos.Cmd.pp cmd pp_unix_error e
|
||||||
|
|
||||||
let destroy vm = Unix.kill vm.pid 15 (* 15 is SIGTERM *)
|
let destroy vm = Unix.kill vm.pid 15 (* 15 is SIGTERM *)
|
||||||
|
|
||||||
let setup_freebsd_kludge pid =
|
|
||||||
(* on FreeBSD we need to chmod g+rw /dev/vmm/ukvm$pid to run
|
|
||||||
bhyvectl --get-stats --vm=ukvm$pid as non-priviliged user *)
|
|
||||||
Lazy.force (uname ()) >>= fun (sys, _) ->
|
|
||||||
match sys with
|
|
||||||
| x when x = "FreeBSD" ->
|
|
||||||
let dev = "/dev/vmm/ukvm" ^ string_of_int pid in
|
|
||||||
Bos.OS.Cmd.run Bos.Cmd.(v "chmod" % "g+rw" % dev)
|
|
||||||
| _ -> Ok ()
|
|
||||||
|
|
|
@ -17,5 +17,3 @@ val close_no_err : Unix.file_descr -> unit
|
||||||
val create_tap : string -> (string, [> R.msg ]) result
|
val create_tap : string -> (string, [> R.msg ]) result
|
||||||
|
|
||||||
val create_bridge : string -> (unit, [> R.msg ]) result
|
val create_bridge : string -> (unit, [> R.msg ]) result
|
||||||
|
|
||||||
val setup_freebsd_kludge : int -> (unit, [> R.msg ]) result
|
|
||||||
|
|
|
@ -141,7 +141,6 @@ let handle_create t vm_config policies =
|
||||||
Ok (t, `Tls (s, tls_out) :: out, vm))
|
Ok (t, `Tls (s, tls_out) :: out, vm))
|
||||||
|
|
||||||
let setup_stats t vm =
|
let setup_stats t vm =
|
||||||
Vmm_commands.setup_freebsd_kludge vm.pid >>= fun () ->
|
|
||||||
let stat_out = Vmm_wire.Stats.add t.stats_counter t.stats_version (vm_id vm.config) vm.pid vm.taps in
|
let stat_out = Vmm_wire.Stats.add t.stats_counter t.stats_version (vm_id vm.config) vm.pid vm.taps in
|
||||||
let t = { t with stats_counter = succ t.stats_counter } in
|
let t = { t with stats_counter = succ t.stats_counter } in
|
||||||
Ok (t, stat t stat_out)
|
Ok (t, stat t stat_out)
|
||||||
|
|
Loading…
Reference in a new issue