move to dune, rename executables

This commit is contained in:
Hannes Mehnert 2019-03-28 00:11:43 +01:00
parent dce477a01e
commit 45f37389aa
45 changed files with 258 additions and 182 deletions

3
.gitignore vendored
View file

@ -1,2 +1,3 @@
_build _build
vmm.install albatross.install
.merlin

View file

@ -27,46 +27,46 @@ access is done on a name basis - if access to `foo` is granted, `foo.hello`,
Albatross consists of a set of binaries. Several daemons, which communicate in a Albatross consists of a set of binaries. Several daemons, which communicate in a
request-response style over Unix domain sockets, are run in the host system: request-response style over Unix domain sockets, are run in the host system:
- `vmmd`: privileged to create and destroy unikernels - `albatrossd`: privileged to create and destroy unikernels
- `vmmd_console`: reads the console output of unikernels - `albatross_console`: reads the console output of unikernels
- `vmmd_log`: event log - `albatross_log`: event log
- `vmmd_stats`: statistics gathering (rusage, ifstat, BHyve debug counters) - `albatross_stats`: statistics gathering (rusage, ifstat, BHyve debug counters)
- `vmmd_tls`: remote deployment via TLS with client certificate, and proxies to local daemons - `albatross_tls_endpoint`: remote deployment via TLS with client certificate, and proxies to local daemons
- `vmmd_tls_inetd`: remote deployment via TLS and inetd (alternative to `vmmd_tls`) - `albatross_tls_inetd`: remote deployment via TLS and inetd (alternative to `albatross_tls_endpoint`)
- `vmmd_influx`: statistic reporting from `vmmd_stats` to influx - `albatross_influx`: statistic reporting from `albatross_stats` to influx
The main daemon is the privileged `vmmd`, which supervises unikernels. It opens The main daemon is the privileged `albatrossd`, which supervises unikernels. It opens
a listening Unix domain socket, reads the persisted unikernel configuration, a listening Unix domain socket, reads the persisted unikernel configuration,
starts these unikernels, and awaits commands. Access can be regulated by Unix starts these unikernels, and awaits commands. Access can be regulated by Unix
file permissions, only those users who can write to that socket can send file permissions, only those users who can write to that socket can send
commands. commands.
`Vmmd_console` does not keep any persistent state, but a ring buffer of console `Albatross_console` does not keep any persistent state, but a ring buffer of console
output from each unikernel. These messages can be retrieved by a client, as a output from each unikernel. These messages can be retrieved by a client, as a
stream of messages (history, and whenever a new line is output, it is send to stream of messages (history, and whenever a new line is output, it is send to
the interested client). Each unikernel output can only be read by a single the interested client). Each unikernel output can only be read by a single
client, to avoid amplification of traffic if lots of clients are connected. client, to avoid amplification of traffic if lots of clients are connected.
`Vmmd` sends a message to `vmmd_console` whenever a new unikernel is started, `Albatrossd` sends a message to `albatross_console` whenever a new unikernel is started,
upon reception `Vmmd_console` opens and reads the fifo which the unikernel will upon reception `albatross_console` opens and reads the fifo which the unikernel will
write their standard output to. write their standard output to.
`Vmmd_log` keeps a persistent event log for albatross, can be read by clients. `Albatross_log` keeps a persistent event log for albatross, can be read by clients.
`Vmmd_stats` gathers periodically statistics (memory, CPU, network, hypervisor) `Albatross_stats` gathers periodically statistics (memory, CPU, network, hypervisor)
from all running unikernels. from all running unikernels.
`Vmmd_tls` and `vmmd_tls_inetd` listen on a TCP port, and proxy requests from `Albatross_tls_endpoint` and `albatross_tls_inetd` listen on a TCP port, and proxy requests from
remote clients to the respective daemons described above. They enforce client remote clients to the respective daemons described above. They enforce client
authentication, and use the commen names of the client certificate chain as authentication, and use the commen names of the client certificate chain as
administrative domain. The policies are embedded in CA certificates, the command administrative domain. The policies are embedded in CA certificates, the command
is embedded in the leaf certificate. is embedded in the leaf certificate.
The following command-line applications for local and remote management are provided: The following command-line applications for local and remote management are provided:
- `vmmc_local`: sends a command locally to the Unix domain sockets - `albatross_client_local`: sends a command locally to the Unix domain sockets
- `vmmc_remote`: connects to a remote TLS endpoint and sends a command - `albatross_client_remote_tls`: connects to a remote TLS endpoint and sends a command
- `vmmp_request`: creates a certificate signing request containing a command - `albatross_provision_request`: creates a certificate signing request containing a command
- `vmmp_ca`: certificate authority operations: sign, generate, and revoke (NYI) - `albatross_provision_ca`: certificate authority operations: sign, generate, and revoke (NYI)
- `vmmc_bistro`: command line utility to execute a command remotely: request, sign, remote (do not use in production, requires CA key locally) - `albatross_client_bistro`: command line utility to execute a command remotely: request, sign, remote (do not use in production, requires CA key locally)
## Installation ## Installation

27
_tags
View file

@ -1,27 +0,0 @@
true : bin_annot, safe_string, principal, color(always)
true : warn(+A-4-44-48)
true : package(rresult logs ipaddr bos hex ptime astring duration cstruct decompress)
"src" : include
<src/vmm_lwt.{ml,mli}>: package(lwt lwt.unix)
<src/vmm_tls_lwt.{ml,mli}>: package(lwt tls.lwt)
<src/vmm_tls.{ml,mli}>: package(x509)
<src/vmm_vmmd.{ml,mli}>: package(ptime.clock.os)
<src/vmm_asn.{ml,mli}>: package(asn1-combinators)
<app/*>: package(checkseum.c lwt.unix cmdliner logs.fmt fmt.cli logs.cli fmt.tty lwt ipaddr.unix asn1-combinators)
<app/vmmd.{ml,native,byte}>: package(ptime.clock.os)
<app/vmmd_console.{ml,native,byte}>: package(ptime.clock.os)
<app/vmmd_log.{ml,native,byte}>: package(ptime.clock.os)
<app/vmmd_tls*.{ml,native,byte}>: package(tls.lwt ptime.clock.os)
<app/vmmd_stats.{ml,native,byte}>: link_vmm_stats
<app/vmmc_stat.{ml,native,byte}>: link_vmm_stats
<app/vmmc_remote.{ml,native,byte}>: package(nocrypto tls.lwt nocrypto.lwt)
<app/vmmc_bistro.{ml,native,byte}>: package(nocrypto tls.lwt nocrypto.lwt)
<app/vmmp_request.{ml,native,byte}>: package(nocrypto.unix ptime.clock.os x509)
<app/vmmp_ca.{ml,native,byte}>: package(nocrypto.unix ptime.clock.os x509)
<app/vmm_provision.{ml}>: package(nocrypto.unix ptime.clock.os x509)

View file

@ -7,9 +7,7 @@ bug-reports: "https://github.com/hannesm/albatross/issues"
depends: [ depends: [
"ocaml" {>= "4.05.0"} "ocaml" {>= "4.05.0"}
"ocamlfind" {build} "dune" {build}
"ocamlbuild" {build}
"topkg" {build}
"lwt" {>= "3.0.0"} "lwt" {>= "3.0.0"}
"ipaddr" {>= "2.9.0"} "ipaddr" {>= "2.9.0"}
"hex" "hex"
@ -31,6 +29,7 @@ depends: [
] ]
build: [ build: [
[ "ocaml" "pkg/pkg.ml" "build" "--pinned" "%{pinned}%" "--tests" "false" ] ["dune" "subst"] {pinned}
["dune" "build" "-p" name "-j" jobs]
] ]
synopsis: "Albatross - orchestrate and manage MirageOS unikernels with Solo5" synopsis: "Albatross - orchestrate and manage MirageOS unikernels with Solo5"

View file

@ -11,7 +11,7 @@ let read fd =
Vmm_tls_lwt.read_tls fd >>= function Vmm_tls_lwt.read_tls fd >>= function
| Error _ -> Lwt.return () | Error _ -> Lwt.return ()
| Ok wire -> | Ok wire ->
Vmm_cli.print_result version wire ; Albatross_cli.print_result version wire ;
loop () loop ()
in in
loop () loop ()
@ -76,7 +76,7 @@ let remove_policy _ endp cert key ca name =
jump endp cert key ca name (`Policy_cmd `Policy_remove) jump endp cert key ca name (`Policy_cmd `Policy_remove)
let add_policy _ endp cert key ca name vms memory cpus block bridges = let add_policy _ endp cert key ca name vms memory cpus block bridges =
let p = Vmm_cli.policy vms memory cpus block bridges in let p = Albatross_cli.policy vms memory cpus block bridges in
jump endp cert key ca name (`Policy_cmd (`Policy_add p)) jump endp cert key ca name (`Policy_cmd (`Policy_add p))
let info_ _ endp cert key ca name = let info_ _ endp cert key ca name =
@ -86,7 +86,7 @@ let destroy _ endp cert key ca name =
jump endp cert key ca name (`Unikernel_cmd `Unikernel_destroy) jump endp cert key ca name (`Unikernel_cmd `Unikernel_destroy)
let create _ endp cert key ca force name image cpuid memory argv block network compression = let create _ endp cert key ca force name image cpuid memory argv block network compression =
match Vmm_cli.create_vm force image cpuid memory argv block network compression with match Albatross_cli.create_vm force image cpuid memory argv block network compression with
| Ok cmd -> jump endp cert key ca name (`Unikernel_cmd cmd) | Ok cmd -> jump endp cert key ca name (`Unikernel_cmd cmd)
| Error (`Msg msg) -> `Error (false, msg) | Error (`Msg msg) -> `Error (false, msg)
@ -114,7 +114,7 @@ let help _ _ man_format cmds = function
| Some _ -> List.iter print_endline cmds; `Ok () | Some _ -> List.iter print_endline cmds; `Ok ()
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let server_ca = let server_ca =
let doc = "The certificate authority used to verify the remote server." in let doc = "The certificate authority used to verify the remote server." in
@ -254,13 +254,13 @@ let help_cmd =
Term.info "help" ~doc ~man Term.info "help" ~doc ~man
let default_cmd = let default_cmd =
let doc = "VMM client and go to bistro" in let doc = "Albatross client and go to bistro" in
let man = [ let man = [
`S "DESCRIPTION" ; `S "DESCRIPTION" ;
`P "$(tname) executes the provided subcommand on a remote albatross" ] `P "$(tname) executes the provided subcommand on a remote albatross" ]
in in
Term.(ret (const help $ setup_log $ destination $ Term.man_format $ Term.choice_names $ Term.pure None)), Term.(ret (const help $ setup_log $ destination $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmc_bistro" ~version:"%%VERSION_NUM%%" ~doc ~man Term.info "albatross_client_bistro" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; info_cmd ; let cmds = [ help_cmd ; info_cmd ;
policy_cmd ; remove_policy_cmd ; add_policy_cmd ; policy_cmd ; remove_policy_cmd ; add_policy_cmd ;

View file

@ -17,7 +17,7 @@ let connect socket_path =
let process fd = let process fd =
Vmm_lwt.read_wire fd >|= function Vmm_lwt.read_wire fd >|= function
| Error _ -> Error () | Error _ -> Error ()
| Ok wire -> Ok (Vmm_cli.print_result version wire) | Ok wire -> Ok (Albatross_cli.print_result version wire)
let read fd = let read fd =
(* now we busy read and process output *) (* now we busy read and process output *)
@ -50,7 +50,7 @@ let remove_policy _ opt_socket name =
jump opt_socket name (`Policy_cmd `Policy_remove) jump opt_socket name (`Policy_cmd `Policy_remove)
let add_policy _ opt_socket name vms memory cpus block bridges = let add_policy _ opt_socket name vms memory cpus block bridges =
let p = Vmm_cli.policy vms memory cpus block bridges in let p = Albatross_cli.policy vms memory cpus block bridges in
jump opt_socket name (`Policy_cmd (`Policy_add p)) jump opt_socket name (`Policy_cmd (`Policy_add p))
let info_ _ opt_socket name = let info_ _ opt_socket name =
@ -60,7 +60,7 @@ let destroy _ opt_socket name =
jump opt_socket name (`Unikernel_cmd `Unikernel_destroy) jump opt_socket name (`Unikernel_cmd `Unikernel_destroy)
let create _ opt_socket force name image cpuid memory argv block network compression = let create _ opt_socket force name image cpuid memory argv block network compression =
match Vmm_cli.create_vm force image cpuid memory argv block network compression with match Albatross_cli.create_vm force image cpuid memory argv block network compression with
| Ok cmd -> jump opt_socket name (`Unikernel_cmd cmd) | Ok cmd -> jump opt_socket name (`Unikernel_cmd cmd)
| Error (`Msg msg) -> `Error (false, msg) | Error (`Msg msg) -> `Error (false, msg)
@ -94,7 +94,7 @@ let help _ _ man_format cmds = function
| Some _ -> List.iter print_endline cmds; `Ok () | Some _ -> List.iter print_endline cmds; `Ok ()
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let socket = let socket =
let doc = "Socket to connect to" in let doc = "Socket to connect to" in
@ -243,10 +243,10 @@ let default_cmd =
let doc = "VMM local client" in let doc = "VMM local client" in
let man = [ let man = [
`S "DESCRIPTION" ; `S "DESCRIPTION" ;
`P "$(tname) connects to vmmd via a local socket" ] `P "$(tname) connects to albatrossd via a local socket" ]
in in
Term.(ret (const help $ setup_log $ socket $ Term.man_format $ Term.choice_names $ Term.pure None)), Term.(ret (const help $ setup_log $ socket $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmc_local" ~version:"%%VERSION_NUM%%" ~doc ~man Term.info "albatross_client_local" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; info_cmd ; let cmds = [ help_cmd ; info_cmd ;
policy_cmd ; remove_policy_cmd ; add_policy_cmd ; policy_cmd ; remove_policy_cmd ; add_policy_cmd ;

View file

@ -8,7 +8,7 @@ let rec read_tls_write_cons t =
Vmm_tls_lwt.read_tls t >>= function Vmm_tls_lwt.read_tls t >>= function
| Error _ -> Lwt.return_unit | Error _ -> Lwt.return_unit
| Ok wire -> | Ok wire ->
Vmm_cli.print_result version wire ; Albatross_cli.print_result version wire ;
read_tls_write_cons t read_tls_write_cons t
let client cas host port cert priv_key = let client cas host port cert priv_key =
@ -45,7 +45,7 @@ let run_client _ cas cert key (host, port) =
Lwt_main.run (client cas host port cert key) Lwt_main.run (client cas host port cert key)
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let cas = let cas =
let doc = "The full path to PEM encoded certificate authorities. Can either be a FILE or a DIRECTORY." in let doc = "The full path to PEM encoded certificate authorities. Can either be a FILE or a DIRECTORY." in
@ -64,13 +64,13 @@ let destination =
Arg.(required & pos 3 (some host_port) None & info [] ~docv:"HOST:PORT" ~doc) Arg.(required & pos 3 (some host_port) None & info [] ~docv:"HOST:PORT" ~doc)
let cmd = let cmd =
let doc = "VMM remote TLS client" in let doc = "Albatross remote TLS client" in
let man = [ let man = [
`S "DESCRIPTION" ; `S "DESCRIPTION" ;
`P "$(tname) connects to a server and initiates a TLS handshake" ] `P "$(tname) connects to an Albatross server and initiates a TLS handshake" ]
in in
Term.(pure run_client $ setup_log $ cas $ client_cert $ client_key $ destination), Term.(pure run_client $ setup_log $ cas $ client_cert $ client_key $ destination),
Term.info "vmmc_remote" ~version:"%%VERSION_NUM%%" ~doc ~man Term.info "albatross_client_remote_tls" ~version:"%%VERSION_NUM%%" ~doc ~man
let () = let () =
match Term.eval cmd match Term.eval cmd

20
client/dune Normal file
View file

@ -0,0 +1,20 @@
(executable
(name albatross_client_bistro)
(public_name albatross-client-bistro)
(package albatross)
(modules albatross_client_bistro)
(libraries albatross.cli albatross albatross.tls))
(executable
(name albatross_client_local)
(public_name albatross-client-local)
(package albatross)
(modules albatross_client_local)
(libraries albatross.cli albatross))
(executable
(name albatross_client_remote_tls)
(public_name albatross-client-remote-tls)
(package albatross)
(modules albatross_client_remote_tls)
(libraries albatross.cli albatross albatross.tls))

View file

@ -174,7 +174,7 @@ let jump _ file =
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let socket = let socket =
let doc = "socket to use" in let doc = "socket to use" in
@ -182,6 +182,6 @@ let socket =
let cmd = let cmd =
Term.(ret (const jump $ setup_log $ socket)), Term.(ret (const jump $ setup_log $ socket)),
Term.info "vmmd_console" ~version:"%%VERSION_NUM%%" Term.info "albatross_console" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -293,7 +293,7 @@ let run_client _ socket (influxhost, influxport) vm =
Lwt_main.run (client socket influxhost influxport vm) Lwt_main.run (client socket influxhost influxport vm)
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let socket = let socket =
let doc = "socket to use" in let doc = "socket to use" in
@ -304,13 +304,13 @@ let influx =
~doc:"the influx hostname:port to connect to") ~doc:"the influx hostname:port to connect to")
let cmd = let cmd =
let doc = "VMM InfluxDB connector" in let doc = "Albatross Influx connector" in
let man = [ let man = [
`S "DESCRIPTION" ; `S "DESCRIPTION" ;
`P "$(tname) connects to a vmm stats socket, pulls statistics and pushes them via TCP to influxdb" ] `P "$(tname) connects to a albatross stats socket, pulls statistics and pushes them via TCP to influxdb" ]
in in
Term.(pure run_client $ setup_log $ socket $ influx $ opt_vm_name), Term.(pure run_client $ setup_log $ socket $ influx $ opt_vm_name),
Term.info "vmmd_influx" ~version:"%%VERSION_NUM%%" ~doc ~man Term.info "albatross_influx" ~version:"%%VERSION_NUM%%" ~doc ~man
let () = let () =
match Term.eval cmd match Term.eval cmd

View file

@ -184,11 +184,10 @@ let jump _ file sock =
Lwt.async (handle mvar ring cs addr) ; Lwt.async (handle mvar ring cs addr) ;
loop () loop ()
in in
loop ()) ; loop ())
`Ok ()
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let socket = let socket =
let doc = "socket to use" in let doc = "socket to use" in
@ -200,6 +199,6 @@ let file =
let cmd = let cmd =
Term.(ret (const jump $ setup_log $ file $ socket)), Term.(ret (const jump $ setup_log $ file $ socket)),
Term.info "vmm_log" ~version:"%%VERSION_NUM%%" Term.info "albatross_log" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -1,6 +1,6 @@
(* (c) 2017 Hannes Mehnert, all rights reserved *) (* (c) 2017 Hannes Mehnert, all rights reserved *)
open Vmm_cli open Albatross_cli
open Vmm_core open Vmm_core
@ -246,6 +246,6 @@ open Cmdliner
let cmd = let cmd =
Term.(const jump $ setup_log), Term.(const jump $ setup_log),
Term.info "vmmd" ~version:"%%VERSION_NUM%%" Term.info "albatrossd" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

34
daemon/dune Normal file
View file

@ -0,0 +1,34 @@
(library
(name albatross_cli)
(public_name albatross.cli)
(wrapped false)
(modules albatross_cli)
(libraries checkseum.c albatross lwt.unix cmdliner logs.fmt logs.cli fmt.cli fmt.tty ipaddr.unix))
(executable
(name albatrossd)
(public_name albatrossd)
(package albatross)
(modules albatrossd)
(libraries albatross.cli albatross))
(executable
(name albatross_console)
(public_name albatross-console)
(package albatross)
(modules albatross_console)
(libraries albatross.cli albatross))
(executable
(name albatross_influx)
(public_name albatross-influx)
(package albatross)
(modules albatross_influx)
(libraries albatross.cli albatross))
(executable
(name albatross_log)
(public_name albatross-log)
(package albatross)
(modules albatross_log)
(libraries albatross.cli albatross))

2
dune-project Normal file
View file

@ -0,0 +1,2 @@
(lang dune 1.0)
(name albatross)

View file

@ -1,26 +0,0 @@
open Ocamlbuild_plugin
let to_opt = List.fold_left (fun acc x -> [A "-ccopt"; A x] @ acc) []
let ccopt = to_opt [ "-O3" ; "-Wall" ]
let os = Ocamlbuild_pack.My_unix.run_and_read "uname -s"
let vmm_lib = match os with
| "FreeBSD\n" -> [A "-cclib"; A "-lvmmapi"]
| _ -> []
let () =
dispatch begin function
| After_rules ->
flag ["c"; "compile"] (S ccopt) ;
flag ["link"; "library"; "ocaml"; "byte"; "use_vmm_stats"]
(S ([A "-dllib"; A "-lvmm_stats_stubs"]));
flag ["link"; "library"; "ocaml"; "native"; "use_vmm_stats"]
(S ([A "-cclib"; A "-lvmm_stats_stubs"]));
flag ["link"; "ocaml"; "link_vmm_stats"]
(S ([A "app/libvmm_stats_stubs.a"] @ vmm_lib));
dep ["link"; "ocaml"; "use_vmm_stats"] ["app/libvmm_stats_stubs.a"];
dep ["link"; "ocaml"; "link_vmm_stats"] ["app/libvmm_stats_stubs.a"];
| _ -> ()
end

View file

@ -41,8 +41,8 @@ EOD;
mkdir -p /var/run/albatross/util /var/run/albatross/fifo mkdir -p /var/run/albatross/util /var/run/albatross/fifo
chown albatross:albatross /var/run/albatross/util /var/run/albatross/fifo chown albatross:albatross /var/run/albatross/util /var/run/albatross/fifo
chmod 2760 /var/run/albatross/fifo chmod 2760 /var/run/albatross/fifo
chgrp albatross /usr/local/libexec/albatross/vmmd chgrp albatross /usr/local/libexec/albatross/albatrossd
chmod 2700 /usr/local/libexec/albatross/vmmd chmod 2700 /usr/local/libexec/albatross/albatrossd
EOD; EOD;
post-deinstall = <<EOD post-deinstall = <<EOD
@ -76,7 +76,7 @@ messages [
add path 'vmm/solo5*' mode 0660 group albatross add path 'vmm/solo5*' mode 0660 group albatross
* start TLS endpoint via inetd on port 1025, add to /etc/inetd.conf: * start TLS endpoint via inetd on port 1025, add to /etc/inetd.conf:
blackjack stream tcp nowait albatross /usr/local/libexec/albatross/vmmd_tls_inetd vmmd_tls_inetd /usr/local/etc/albatross/cacert.pem /usr/local/etc/albatross/server.pem /usr/local/etc/albatross/server.key blackjack stream tcp nowait albatross /usr/local/libexec/albatross/alabtross_tls_inetd albatross_tls_inetd /usr/local/etc/albatross/cacert.pem /usr/local/etc/albatross/server.pem /usr/local/etc/albatross/server.key
and add cacert.pem server.pem and server.key to /usr/local/etc/albatross and add cacert.pem server.pem and server.key to /usr/local/etc/albatross

View file

@ -25,12 +25,26 @@ for f in albatross_log \
do install -U $basedir/packaging/rc.d/$f $rootdir/usr/local/etc/rc.d/$f; done do install -U $basedir/packaging/rc.d/$f $rootdir/usr/local/etc/rc.d/$f; done
# stage albatross app binaries # stage albatross app binaries
for f in vmmd vmmd_log vmmd_console vmmd_stats vmmd_influx vmmd_tls vmmd_tls_inetd; do for f in albatrossd albatross_log albatross_console albatross_influx; do
install -U $basedir/_build/app/$f.native \ install -U $basedir/_build/default/daemon/$f.exe \
$rootdir/usr/local/libexec/albatross/$f; done $rootdir/usr/local/libexec/albatross/$f; done
for f in vmmc_local vmmc_remote vmmc_bistro vmmp_ca vmmp_request; do for f in albatross_tls_endpoint albatross_tls_inetd; do
install -U $basedir/_build/app/$f.native \ install -U $basedir/_build/default/tls/$f.exe \
$rootdir/usr/local/libexec/albatross/$f; done
install -U $basedir/_build/default/stats/albatross_stats.exe \
$rootdir/usr/local/libexec/albatross/albatross_stats
install -U $basedir/_build/default/stats/albatross_stat_client.exe \
$rootdir/usr/local/sbin/albatross_stat_client
for f in albatross_client_local albatross_client_remote_tls albatross_client_bistro; do
install -U $basedir/_build/default/client/$f.exe \
$rootdir/usr/local/sbin/$f; done
for f in albatross_provision_ca albatross_provision_request; do
install -U $basedir/_build/default/provision/$f.exe \
$rootdir/usr/local/sbin/$f; done $rootdir/usr/local/sbin/$f; done
# create +MANIFEST # create +MANIFEST

View file

@ -29,7 +29,7 @@ start_cmd="albatross_console_start"
: ${albatross_console_user:="albatross"} : ${albatross_console_user:="albatross"}
pidfile="/var/run/albatross_console.pid" pidfile="/var/run/albatross_console.pid"
procname="/usr/local/libexec/albatross/vmmd_console" procname="/usr/local/libexec/albatross/albatross_console"
albatross_console_start () { albatross_console_start () {
echo "Starting ${name}." echo "Starting ${name}."

View file

@ -32,7 +32,7 @@ start_precmd="albatross_daemon_precmd"
: ${albatross_daemon_flags:=""} : ${albatross_daemon_flags:=""}
pidfile="/var/run/albatross_daemon.pid" pidfile="/var/run/albatross_daemon.pid"
procname="/usr/local/libexec/albatross/vmmd" procname="/usr/local/libexec/albatross/albatrossd"
# #
# force_depend script [rcvar] # force_depend script [rcvar]

View file

@ -31,7 +31,7 @@ start_precmd="albatross_influx_precmd"
: ${albatross_influx_user:="albatross"} : ${albatross_influx_user:="albatross"}
pidfile="/var/run/albatross_influx.pid" pidfile="/var/run/albatross_influx.pid"
procname="/usr/local/libexec/albatross/vmmd_influx" procname="/usr/local/libexec/albatross/albatross_influx"
# #
# force_depend script [rcvar] # force_depend script [rcvar]

View file

@ -30,7 +30,7 @@ start_precmd="albatross_log_precmd"
: ${albatross_log_user:="albatross"} : ${albatross_log_user:="albatross"}
pidfile="/var/run/albatross_log.pid" pidfile="/var/run/albatross_log.pid"
procname="/usr/local/libexec/albatross/vmmd_log" procname="/usr/local/libexec/albatross/albatross_log"
logfile="/var/log/albatross" logfile="/var/log/albatross"
albatross_log_precmd () { albatross_log_precmd () {

View file

@ -29,7 +29,7 @@ start_cmd="albatross_stat_start"
: ${albatross_stat_user:="albatross"} : ${albatross_stat_user:="albatross"}
pidfile="/var/run/albatross_stat.pid" pidfile="/var/run/albatross_stat.pid"
procname="/usr/local/libexec/albatross/vmmd_stats" procname="/usr/local/libexec/albatross/albatross_stats"
albatross_stat_start () { albatross_stat_start () {
echo "Starting ${name}." echo "Starting ${name}."

View file

@ -31,7 +31,7 @@ start_precmd="albatross_tls_precmd"
: ${albatross_tls_user:="albatross"} : ${albatross_tls_user:="albatross"}
pidfile="/var/run/albatross_tls.pid" pidfile="/var/run/albatross_tls.pid"
procname="/usr/local/libexec/albatross/vmmd_tls" procname="/usr/local/libexec/albatross/albatross_tls_endpoint"
# #
# force_depend script [rcvar] # force_depend script [rcvar]

View file

@ -40,7 +40,7 @@ albatross_x_start () {
echo "Starting albatross VMs: ${albatross_x_vms}." echo "Starting albatross VMs: ${albatross_x_vms}."
for _vm in $albatross_x_vms; do for _vm in $albatross_x_vms; do
eval _create_args=\"\$albatross_x_args_${_vm}\" eval _create_args=\"\$albatross_x_args_${_vm}\"
/usr/local/sbin/vmmc_local create $_vm $_create_args /usr/local/sbin/albatross_client_local create $_vm $_create_args
done done
return return
;; ;;
@ -48,7 +48,7 @@ albatross_x_start () {
echo "Starting albatross VMs: ${@}." echo "Starting albatross VMs: ${@}."
for _vm in $@; do for _vm in $@; do
eval _create_args=\"\$albatross_x_args_${_vm}\" eval _create_args=\"\$albatross_x_args_${_vm}\"
/usr/local/sbin/vmmc_local create $_vm $_create_args /usr/local/sbin/albatross_client_local create $_vm $_create_args
done done
} }
@ -57,16 +57,16 @@ albatross_x_stop () {
_ALL) _ALL)
echo "Stopping albatross VMs: ${albatross_x_vms}." echo "Stopping albatross VMs: ${albatross_x_vms}."
for _vm in $albatross_x_vms for _vm in $albatross_x_vms
do /usr/local/sbin/vmmc_local destroy $_vm; done do /usr/local/sbin/albatross_client_local destroy $_vm; done
return return
esac esac
echo "Stopping albatross VMs: ${@}." echo "Stopping albatross VMs: ${@}."
for _vm in $@ for _vm in $@
do /usr/local/sbin/vmmc_local destroy $_vm; done do /usr/local/sbin/albatross_client_local destroy $_vm; done
} }
albatross_x_status () { albatross_x_status () {
/usr/local/sbin/vmmc_local info /usr/local/sbin/albatross_client_local info
} }
case $# in case $# in

View file

@ -1,3 +0,0 @@
description = "VM Manager"
version = "%%VERSION_NUM%%"
requires = ""

View file

@ -1,22 +0,0 @@
#!/usr/bin/env ocaml
#use "topfind"
#require "topkg"
open Topkg
let () =
Pkg.describe "albatross" @@ fun _ ->
Ok [
Pkg.bin "app/vmmd" ;
Pkg.bin "app/vmmd_console" ;
Pkg.bin "app/vmmd_log" ;
Pkg.bin "app/vmmd_stats" ;
Pkg.bin "app/vmmd_tls" ;
Pkg.bin "app/vmmd_tls_inetd" ;
Pkg.bin "app/vmmd_influx" ;
Pkg.bin "app/vmmc_local" ;
Pkg.bin "app/vmmc_remote" ;
Pkg.bin "app/vmmc_bistro" ;
Pkg.bin "app/vmmp_request" ;
Pkg.bin "app/vmmp_ca" ;
Pkg.test ~run:false "app/vmmc_stat" ;
]

View file

@ -53,7 +53,7 @@ let sign_csr dbname cacert key csr days =
in in
Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd) ; Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd) ;
Ok (ext :: exts) >>= fun extensions -> Ok (ext :: exts) >>= fun extensions ->
Vmm_provision.sign ~dbname extensions issuer key csr (Duration.of_day days) Albatross_provision.sign ~dbname extensions issuer key csr (Duration.of_day days)
| Error e -> Error e | Error e -> Error e
let sign _ db cacert cakey csrname days = let sign _ db cacert cakey csrname days =
@ -78,20 +78,20 @@ let help _ man_format cmds = function
let generate _ name db days sname sdays = let generate _ name db days sname sdays =
Nocrypto_entropy_unix.initialize () ; Nocrypto_entropy_unix.initialize () ;
match match
Vmm_provision.priv_key ~bits:4096 None name >>= fun key -> Albatross_provision.priv_key ~bits:4096 None name >>= fun key ->
let name = [ `CN name ] in let name = [ `CN name ] in
let csr = X509.CA.request name key in let csr = X509.CA.request name key in
Vmm_provision.sign ~certname:"cacert" (d_exts ()) name key csr (Duration.of_day days) >>= fun () -> Albatross_provision.sign ~certname:"cacert" (d_exts ()) name key csr (Duration.of_day days) >>= fun () ->
Vmm_provision.priv_key None sname >>= fun skey -> Albatross_provision.priv_key None sname >>= fun skey ->
let sname = [ `CN sname ] in let sname = [ `CN sname ] in
let csr = X509.CA.request sname skey in let csr = X509.CA.request sname skey in
Vmm_provision.sign ~dbname:(Fpath.v db) s_exts name key csr (Duration.of_day sdays) Albatross_provision.sign ~dbname:(Fpath.v db) s_exts name key csr (Duration.of_day sdays)
with with
| Ok () -> `Ok () | Ok () -> `Ok ()
| Error (`Msg e) -> `Error (false, e) | Error (`Msg e) -> `Error (false, e)
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let csr = let csr =
let doc = "signing request" in let doc = "signing request" in
@ -123,7 +123,7 @@ let generate_cmd =
[`S "DESCRIPTION"; [`S "DESCRIPTION";
`P "Generates a certificate authority."] `P "Generates a certificate authority."]
in in
Term.(ret (const generate $ setup_log $ Vmm_provision.nam $ db $ days $ sname $ sday)), Term.(ret (const generate $ setup_log $ Albatross_provision.nam $ db $ days $ sname $ sday)),
Term.info "generate" ~doc ~man Term.info "generate" ~doc ~man
let days = let days =
@ -148,7 +148,7 @@ let help_cmd =
let doc = "The topic to get help on. `topics' lists the topics." in let doc = "The topic to get help on. `topics' lists the topics." in
Arg.(value & pos 0 (some string) None & info [] ~docv:"TOPIC" ~doc) Arg.(value & pos 0 (some string) None & info [] ~docv:"TOPIC" ~doc)
in in
let doc = "display help about vmmp_sign" in let doc = "display help about albatross_priviion_ca" in
let man = let man =
[`S "DESCRIPTION"; [`S "DESCRIPTION";
`P "Prints help about commands and subcommands"] `P "Prints help about commands and subcommands"]
@ -157,13 +157,13 @@ let help_cmd =
Term.info "help" ~doc ~man Term.info "help" ~doc ~man
let default_cmd = let default_cmd =
let doc = "VMM " in let doc = "Albatross CA provisioning" in
let man = [ let man = [
`S "DESCRIPTION" ; `S "DESCRIPTION" ;
`P "$(tname) executes the provided subcommand on a remote albatross" ] `P "$(tname) does CA operations (creation, sign, etc.)" ]
in in
Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ Term.pure None)), Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmp_ca" ~version:"%%VERSION_NUM%%" ~doc ~man Term.info "albatross_provision_ca" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; sign_cmd ; generate_cmd ; (* TODO revoke_cmd *)] let cmds = [ help_cmd ; sign_cmd ; generate_cmd ; (* TODO revoke_cmd *)]

View file

@ -1,6 +1,6 @@
(* (c) 2017, 2018 Hannes Mehnert, all rights reserved *) (* (c) 2017, 2018 Hannes Mehnert, all rights reserved *)
open Vmm_provision open Albatross_provision
open Vmm_asn open Vmm_asn
open Rresult.R.Infix open Rresult.R.Infix
@ -32,7 +32,7 @@ let remove_policy _ name =
jump name (`Policy_cmd `Policy_remove) jump name (`Policy_cmd `Policy_remove)
let add_policy _ name vms memory cpus block bridges = let add_policy _ name vms memory cpus block bridges =
let p = Vmm_cli.policy vms memory cpus block bridges in let p = Albatross_cli.policy vms memory cpus block bridges in
jump name (`Policy_cmd (`Policy_add p)) jump name (`Policy_cmd (`Policy_add p))
let info_ _ name = jump name (`Unikernel_cmd `Unikernel_info) let info_ _ name = jump name (`Unikernel_cmd `Unikernel_info)
@ -41,7 +41,7 @@ let destroy _ name =
jump name (`Unikernel_cmd `Unikernel_destroy) jump name (`Unikernel_cmd `Unikernel_destroy)
let create _ force name image cpuid memory argv block network compression = let create _ force name image cpuid memory argv block network compression =
match Vmm_cli.create_vm force image cpuid memory argv block network compression with match Albatross_cli.create_vm force image cpuid memory argv block network compression with
| Ok cmd -> jump name (`Unikernel_cmd cmd) | Ok cmd -> jump name (`Unikernel_cmd cmd)
| Error (`Msg msg) -> `Error (false, msg) | Error (`Msg msg) -> `Error (false, msg)
@ -69,7 +69,7 @@ let help _ man_format cmds = function
| Some _ -> List.iter print_endline cmds; `Ok () | Some _ -> List.iter print_endline cmds; `Ok ()
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let destroy_cmd = let destroy_cmd =
let doc = "destroys a virtual machine" in let doc = "destroys a virtual machine" in
@ -184,22 +184,22 @@ let help_cmd =
let doc = "The topic to get help on. `topics' lists the topics." in let doc = "The topic to get help on. `topics' lists the topics." in
Arg.(value & pos 0 (some string) None & info [] ~docv:"TOPIC" ~doc) Arg.(value & pos 0 (some string) None & info [] ~docv:"TOPIC" ~doc)
in in
let doc = "display help about vmmc" in let doc = "display help about albatross provision request" in
let man = let man =
[`S "DESCRIPTION"; [`S "DESCRIPTION";
`P "Prints help about albatross local client commands and subcommands"] `P "Prints help about albatross provision request commands and subcommands"]
in in
Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ topic)), Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ topic)),
Term.info "help" ~doc ~man Term.info "help" ~doc ~man
let default_cmd = let default_cmd =
let doc = "VMM local client" in let doc = "Albatross provisioning request" in
let man = [ let man = [
`S "DESCRIPTION" ; `S "DESCRIPTION" ;
`P "$(tname) connects to vmmd via a local socket" ] `P "$(tname) creates a certificate signing request for Albatross" ]
in in
Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ Term.pure None)), Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmp_request" ~version:"%%VERSION_NUM%%" ~doc ~man Term.info "albatross_provision_request" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; info_cmd ; let cmds = [ help_cmd ; info_cmd ;
policy_cmd ; remove_policy_cmd ; add_policy_cmd ; policy_cmd ; remove_policy_cmd ; add_policy_cmd ;

21
provision/dune Normal file
View file

@ -0,0 +1,21 @@
(library
(name albatross_provision)
(public_name albatross.provision)
(wrapped false)
(modules albatross_provision)
(libraries albatross.cli x509 nocrypto.unix))
(executable
(name albatross_provision_ca)
(public_name albatross-provision-ca)
(package albatross)
(modules albatross_provision_ca)
(libraries albatross.cli albatross.provision albatross x509))
(executable
(name albatross_provision_request)
(public_name albatross-provision-request)
(package albatross)
(modules albatross_provision_request)
(libraries albatross.cli albatross.provision albatross x509))

6
src/dune Normal file
View file

@ -0,0 +1,6 @@
(library
(name albatross)
(public_name albatross)
(wrapped false)
(libraries rresult logs ipaddr bos hex ptime astring duration cstruct
decompress lwt lwt.unix ptime.clock.os asn1-combinators))

View file

@ -1,5 +1,5 @@
open Vmm_core open Vmm_core
open Vmm_stats_pure open Albatross_stats_pure
let timer pid vmmapi = let timer pid vmmapi =
let rusage = sysctl_rusage pid in let rusage = sysctl_rusage pid in
@ -28,7 +28,7 @@ let jump _ pid name interval =
None None
| Some vmctx -> | Some vmctx ->
Logs.info (fun m -> m "vmmapi_open succeeded for %s" name) ; Logs.info (fun m -> m "vmmapi_open succeeded for %s" name) ;
Vmm_stats_pure.fill_descr vmctx ; fill_descr vmctx ;
Some vmctx Some vmctx
in in
let _ev = Lwt_engine.on_timer interval true (fun _e -> timer pid vmmapi) in let _ev = Lwt_engine.on_timer interval true (fun _e -> timer pid vmmapi) in
@ -36,7 +36,7 @@ let jump _ pid name interval =
t) t)
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let interval = let interval =
let doc = "Interval between statistics gatherings (in seconds)" in let doc = "Interval between statistics gatherings (in seconds)" in
@ -52,6 +52,6 @@ let vmname =
let cmd = let cmd =
Term.(ret (const jump $ setup_log $ pid $ vmname $ interval)), Term.(ret (const jump $ setup_log $ pid $ vmname $ interval)),
Term.info "vmmd_stats" ~version:"%%VERSION_NUM%%" Term.info "albatross_stat_client" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -14,7 +14,7 @@
open Lwt.Infix open Lwt.Infix
open Vmm_stats_pure open Albatross_stats_pure
let t = ref (empty ()) let t = ref (empty ())
@ -83,7 +83,7 @@ let jump _ file interval =
loop ()) loop ())
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let socket = let socket =
let doc = "socket to use" in let doc = "socket to use" in
@ -95,6 +95,6 @@ let interval =
let cmd = let cmd =
Term.(ret (const jump $ setup_log $ socket $ interval)), Term.(ret (const jump $ setup_log $ socket $ interval)),
Term.info "vmmd_stats" ~version:"%%VERSION_NUM%%" Term.info "albatross_stats" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

32
stats/dune Normal file
View file

@ -0,0 +1,32 @@
(* -*- tuareg -*- *)
let freebsd = try Sys.command "uname -s | grep -c FreeBSD > /dev/null" = 0 with _ -> false
let () =
Jbuild_plugin.V1.send @@ Printf.sprintf {|
(library
(name albatross_stats)
(public_name albatross.stats)
(libraries albatross)
(wrapped false)
(c_names albatross_stats_stubs)
(modules albatross_stats_pure))
(executable
(name albatross_stats)
(public_name albatross-stats)
(package albatross)
(modules albatross_stats)
%s
(libraries albatross.cli albatross.stats albatross))
(executable
(name albatross_stat_client)
(public_name albatross-stat-client)
(package albatross)
(modules albatross_stat_client)
%s
(libraries albatross.cli albatross.stats albatross)) |}
(if freebsd then "(link_flags (-ccopt \"-lvmmapi\"))" else "")
(if freebsd then "(link_flags (-ccopt \"-lvmmapi\"))" else "")

View file

@ -2,7 +2,7 @@
open Lwt.Infix open Lwt.Infix
open Vmmd_tls_common open Albatross_tls_common
let server_socket port = let server_socket port =
let open Lwt_unix in let open Lwt_unix in
@ -21,7 +21,7 @@ let jump _ cacert cert priv_key port =
tls_config cacert cert priv_key >>= fun (config, ca) -> tls_config cacert cert priv_key >>= fun (config, ca) ->
let rec loop () = let rec loop () =
Lwt.catch (fun () -> Lwt.catch (fun () ->
Lwt_unix.accept socket >>= fun (fd, addr) -> Lwt_unix.accept socket >>= fun (fd, _addr) ->
Lwt.catch Lwt.catch
(fun () -> Tls_lwt.Unix.server_of_fd config fd) (fun () -> Tls_lwt.Unix.server_of_fd config fd)
(fun exn -> (fun exn ->
@ -52,7 +52,7 @@ let jump _ cacert cert priv_key port =
loop ()) loop ())
open Cmdliner open Cmdliner
open Vmm_cli open Albatross_cli
let port = let port =
let doc = "TCP listen port" in let doc = "TCP listen port" in
@ -60,6 +60,6 @@ let port =
let cmd = let cmd =
Term.(ret (const jump $ setup_log $ cacert $ cert $ key $ port)), Term.(ret (const jump $ setup_log $ cacert $ cert $ key $ port)),
Term.info "vmmd_tls" ~version:"%%VERSION_NUM%%" Term.info "albatross_tls_endpoint" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -1,7 +1,7 @@
(* (c) 2018 Hannes Mehnert, all rights reserved *) (* (c) 2018 Hannes Mehnert, all rights reserved *)
open Lwt.Infix open Lwt.Infix
open Vmmd_tls_common open Albatross_tls_common
let jump cacert cert priv_key = let jump cacert cert priv_key =
Sys.(set_signal sigpipe Signal_ignore) ; Sys.(set_signal sigpipe Signal_ignore) ;
@ -29,6 +29,6 @@ open Cmdliner
let cmd = let cmd =
Term.(ret (const jump $ cacert $ cert $ key)), Term.(ret (const jump $ cacert $ cert $ key)),
Term.info "vmmd_tls_inetd" ~version:"%%VERSION_NUM%%" Term.info "albatross_tls_inetd" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1 let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

26
tls/dune Normal file
View file

@ -0,0 +1,26 @@
(library
(name albatross_tls)
(public_name albatross.tls)
(wrapped false)
(modules vmm_tls vmm_tls_lwt)
(libraries albatross tls tls.lwt x509))
(library
(name albatross_tls_cli)
(wrapped false)
(modules albatross_tls_common)
(libraries albatross_cli albatross.tls))
(executable
(name albatross_tls_endpoint)
(public_name albatross-tls-endpoint)
(package albatross)
(modules albatross_tls_endpoint)
(libraries albatross_cli albatross_tls_cli albatross))
(executable
(name albatross_tls_inetd)
(public_name albatross-tls-inetd)
(package albatross)
(modules albatross_tls_inetd)
(libraries albatross_cli albatross_tls_cli albatross))