move to dune, rename executables

This commit is contained in:
Hannes Mehnert 2019-03-28 00:11:43 +01:00
parent dce477a01e
commit 45f37389aa
45 changed files with 258 additions and 182 deletions

3
.gitignore vendored
View file

@ -1,2 +1,3 @@
_build
vmm.install
albatross.install
.merlin

View file

@ -27,46 +27,46 @@ access is done on a name basis - if access to `foo` is granted, `foo.hello`,
Albatross consists of a set of binaries. Several daemons, which communicate in a
request-response style over Unix domain sockets, are run in the host system:
- `vmmd`: privileged to create and destroy unikernels
- `vmmd_console`: reads the console output of unikernels
- `vmmd_log`: event log
- `vmmd_stats`: statistics gathering (rusage, ifstat, BHyve debug counters)
- `vmmd_tls`: remote deployment via TLS with client certificate, and proxies to local daemons
- `vmmd_tls_inetd`: remote deployment via TLS and inetd (alternative to `vmmd_tls`)
- `vmmd_influx`: statistic reporting from `vmmd_stats` to influx
- `albatrossd`: privileged to create and destroy unikernels
- `albatross_console`: reads the console output of unikernels
- `albatross_log`: event log
- `albatross_stats`: statistics gathering (rusage, ifstat, BHyve debug counters)
- `albatross_tls_endpoint`: remote deployment via TLS with client certificate, and proxies to local daemons
- `albatross_tls_inetd`: remote deployment via TLS and inetd (alternative to `albatross_tls_endpoint`)
- `albatross_influx`: statistic reporting from `albatross_stats` to influx
The main daemon is the privileged `vmmd`, which supervises unikernels. It opens
The main daemon is the privileged `albatrossd`, which supervises unikernels. It opens
a listening Unix domain socket, reads the persisted unikernel configuration,
starts these unikernels, and awaits commands. Access can be regulated by Unix
file permissions, only those users who can write to that socket can send
commands.
`Vmmd_console` does not keep any persistent state, but a ring buffer of console
`Albatross_console` does not keep any persistent state, but a ring buffer of console
output from each unikernel. These messages can be retrieved by a client, as a
stream of messages (history, and whenever a new line is output, it is send to
the interested client). Each unikernel output can only be read by a single
client, to avoid amplification of traffic if lots of clients are connected.
`Vmmd` sends a message to `vmmd_console` whenever a new unikernel is started,
upon reception `Vmmd_console` opens and reads the fifo which the unikernel will
`Albatrossd` sends a message to `albatross_console` whenever a new unikernel is started,
upon reception `albatross_console` opens and reads the fifo which the unikernel will
write their standard output to.
`Vmmd_log` keeps a persistent event log for albatross, can be read by clients.
`Albatross_log` keeps a persistent event log for albatross, can be read by clients.
`Vmmd_stats` gathers periodically statistics (memory, CPU, network, hypervisor)
`Albatross_stats` gathers periodically statistics (memory, CPU, network, hypervisor)
from all running unikernels.
`Vmmd_tls` and `vmmd_tls_inetd` listen on a TCP port, and proxy requests from
`Albatross_tls_endpoint` and `albatross_tls_inetd` listen on a TCP port, and proxy requests from
remote clients to the respective daemons described above. They enforce client
authentication, and use the commen names of the client certificate chain as
administrative domain. The policies are embedded in CA certificates, the command
is embedded in the leaf certificate.
The following command-line applications for local and remote management are provided:
- `vmmc_local`: sends a command locally to the Unix domain sockets
- `vmmc_remote`: connects to a remote TLS endpoint and sends a command
- `vmmp_request`: creates a certificate signing request containing a command
- `vmmp_ca`: certificate authority operations: sign, generate, and revoke (NYI)
- `vmmc_bistro`: command line utility to execute a command remotely: request, sign, remote (do not use in production, requires CA key locally)
- `albatross_client_local`: sends a command locally to the Unix domain sockets
- `albatross_client_remote_tls`: connects to a remote TLS endpoint and sends a command
- `albatross_provision_request`: creates a certificate signing request containing a command
- `albatross_provision_ca`: certificate authority operations: sign, generate, and revoke (NYI)
- `albatross_client_bistro`: command line utility to execute a command remotely: request, sign, remote (do not use in production, requires CA key locally)
## Installation

27
_tags
View file

@ -1,27 +0,0 @@
true : bin_annot, safe_string, principal, color(always)
true : warn(+A-4-44-48)
true : package(rresult logs ipaddr bos hex ptime astring duration cstruct decompress)
"src" : include
<src/vmm_lwt.{ml,mli}>: package(lwt lwt.unix)
<src/vmm_tls_lwt.{ml,mli}>: package(lwt tls.lwt)
<src/vmm_tls.{ml,mli}>: package(x509)
<src/vmm_vmmd.{ml,mli}>: package(ptime.clock.os)
<src/vmm_asn.{ml,mli}>: package(asn1-combinators)
<app/*>: package(checkseum.c lwt.unix cmdliner logs.fmt fmt.cli logs.cli fmt.tty lwt ipaddr.unix asn1-combinators)
<app/vmmd.{ml,native,byte}>: package(ptime.clock.os)
<app/vmmd_console.{ml,native,byte}>: package(ptime.clock.os)
<app/vmmd_log.{ml,native,byte}>: package(ptime.clock.os)
<app/vmmd_tls*.{ml,native,byte}>: package(tls.lwt ptime.clock.os)
<app/vmmd_stats.{ml,native,byte}>: link_vmm_stats
<app/vmmc_stat.{ml,native,byte}>: link_vmm_stats
<app/vmmc_remote.{ml,native,byte}>: package(nocrypto tls.lwt nocrypto.lwt)
<app/vmmc_bistro.{ml,native,byte}>: package(nocrypto tls.lwt nocrypto.lwt)
<app/vmmp_request.{ml,native,byte}>: package(nocrypto.unix ptime.clock.os x509)
<app/vmmp_ca.{ml,native,byte}>: package(nocrypto.unix ptime.clock.os x509)
<app/vmm_provision.{ml}>: package(nocrypto.unix ptime.clock.os x509)

View file

@ -7,9 +7,7 @@ bug-reports: "https://github.com/hannesm/albatross/issues"
depends: [
"ocaml" {>= "4.05.0"}
"ocamlfind" {build}
"ocamlbuild" {build}
"topkg" {build}
"dune" {build}
"lwt" {>= "3.0.0"}
"ipaddr" {>= "2.9.0"}
"hex"
@ -31,6 +29,7 @@ depends: [
]
build: [
[ "ocaml" "pkg/pkg.ml" "build" "--pinned" "%{pinned}%" "--tests" "false" ]
["dune" "subst"] {pinned}
["dune" "build" "-p" name "-j" jobs]
]
synopsis: "Albatross - orchestrate and manage MirageOS unikernels with Solo5"

View file

@ -11,7 +11,7 @@ let read fd =
Vmm_tls_lwt.read_tls fd >>= function
| Error _ -> Lwt.return ()
| Ok wire ->
Vmm_cli.print_result version wire ;
Albatross_cli.print_result version wire ;
loop ()
in
loop ()
@ -76,7 +76,7 @@ let remove_policy _ endp cert key ca name =
jump endp cert key ca name (`Policy_cmd `Policy_remove)
let add_policy _ endp cert key ca name vms memory cpus block bridges =
let p = Vmm_cli.policy vms memory cpus block bridges in
let p = Albatross_cli.policy vms memory cpus block bridges in
jump endp cert key ca name (`Policy_cmd (`Policy_add p))
let info_ _ endp cert key ca name =
@ -86,7 +86,7 @@ let destroy _ endp cert key ca name =
jump endp cert key ca name (`Unikernel_cmd `Unikernel_destroy)
let create _ endp cert key ca force name image cpuid memory argv block network compression =
match Vmm_cli.create_vm force image cpuid memory argv block network compression with
match Albatross_cli.create_vm force image cpuid memory argv block network compression with
| Ok cmd -> jump endp cert key ca name (`Unikernel_cmd cmd)
| Error (`Msg msg) -> `Error (false, msg)
@ -114,7 +114,7 @@ let help _ _ man_format cmds = function
| Some _ -> List.iter print_endline cmds; `Ok ()
open Cmdliner
open Vmm_cli
open Albatross_cli
let server_ca =
let doc = "The certificate authority used to verify the remote server." in
@ -254,13 +254,13 @@ let help_cmd =
Term.info "help" ~doc ~man
let default_cmd =
let doc = "VMM client and go to bistro" in
let doc = "Albatross client and go to bistro" in
let man = [
`S "DESCRIPTION" ;
`P "$(tname) executes the provided subcommand on a remote albatross" ]
in
Term.(ret (const help $ setup_log $ destination $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmc_bistro" ~version:"%%VERSION_NUM%%" ~doc ~man
Term.info "albatross_client_bistro" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; info_cmd ;
policy_cmd ; remove_policy_cmd ; add_policy_cmd ;

View file

@ -17,7 +17,7 @@ let connect socket_path =
let process fd =
Vmm_lwt.read_wire fd >|= function
| Error _ -> Error ()
| Ok wire -> Ok (Vmm_cli.print_result version wire)
| Ok wire -> Ok (Albatross_cli.print_result version wire)
let read fd =
(* now we busy read and process output *)
@ -50,7 +50,7 @@ let remove_policy _ opt_socket name =
jump opt_socket name (`Policy_cmd `Policy_remove)
let add_policy _ opt_socket name vms memory cpus block bridges =
let p = Vmm_cli.policy vms memory cpus block bridges in
let p = Albatross_cli.policy vms memory cpus block bridges in
jump opt_socket name (`Policy_cmd (`Policy_add p))
let info_ _ opt_socket name =
@ -60,7 +60,7 @@ let destroy _ opt_socket name =
jump opt_socket name (`Unikernel_cmd `Unikernel_destroy)
let create _ opt_socket force name image cpuid memory argv block network compression =
match Vmm_cli.create_vm force image cpuid memory argv block network compression with
match Albatross_cli.create_vm force image cpuid memory argv block network compression with
| Ok cmd -> jump opt_socket name (`Unikernel_cmd cmd)
| Error (`Msg msg) -> `Error (false, msg)
@ -94,7 +94,7 @@ let help _ _ man_format cmds = function
| Some _ -> List.iter print_endline cmds; `Ok ()
open Cmdliner
open Vmm_cli
open Albatross_cli
let socket =
let doc = "Socket to connect to" in
@ -243,10 +243,10 @@ let default_cmd =
let doc = "VMM local client" in
let man = [
`S "DESCRIPTION" ;
`P "$(tname) connects to vmmd via a local socket" ]
`P "$(tname) connects to albatrossd via a local socket" ]
in
Term.(ret (const help $ setup_log $ socket $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmc_local" ~version:"%%VERSION_NUM%%" ~doc ~man
Term.info "albatross_client_local" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; info_cmd ;
policy_cmd ; remove_policy_cmd ; add_policy_cmd ;

View file

@ -8,7 +8,7 @@ let rec read_tls_write_cons t =
Vmm_tls_lwt.read_tls t >>= function
| Error _ -> Lwt.return_unit
| Ok wire ->
Vmm_cli.print_result version wire ;
Albatross_cli.print_result version wire ;
read_tls_write_cons t
let client cas host port cert priv_key =
@ -45,7 +45,7 @@ let run_client _ cas cert key (host, port) =
Lwt_main.run (client cas host port cert key)
open Cmdliner
open Vmm_cli
open Albatross_cli
let cas =
let doc = "The full path to PEM encoded certificate authorities. Can either be a FILE or a DIRECTORY." in
@ -64,13 +64,13 @@ let destination =
Arg.(required & pos 3 (some host_port) None & info [] ~docv:"HOST:PORT" ~doc)
let cmd =
let doc = "VMM remote TLS client" in
let doc = "Albatross remote TLS client" in
let man = [
`S "DESCRIPTION" ;
`P "$(tname) connects to a server and initiates a TLS handshake" ]
`P "$(tname) connects to an Albatross server and initiates a TLS handshake" ]
in
Term.(pure run_client $ setup_log $ cas $ client_cert $ client_key $ destination),
Term.info "vmmc_remote" ~version:"%%VERSION_NUM%%" ~doc ~man
Term.info "albatross_client_remote_tls" ~version:"%%VERSION_NUM%%" ~doc ~man
let () =
match Term.eval cmd

20
client/dune Normal file
View file

@ -0,0 +1,20 @@
(executable
(name albatross_client_bistro)
(public_name albatross-client-bistro)
(package albatross)
(modules albatross_client_bistro)
(libraries albatross.cli albatross albatross.tls))
(executable
(name albatross_client_local)
(public_name albatross-client-local)
(package albatross)
(modules albatross_client_local)
(libraries albatross.cli albatross))
(executable
(name albatross_client_remote_tls)
(public_name albatross-client-remote-tls)
(package albatross)
(modules albatross_client_remote_tls)
(libraries albatross.cli albatross albatross.tls))

View file

@ -174,7 +174,7 @@ let jump _ file =
open Cmdliner
open Vmm_cli
open Albatross_cli
let socket =
let doc = "socket to use" in
@ -182,6 +182,6 @@ let socket =
let cmd =
Term.(ret (const jump $ setup_log $ socket)),
Term.info "vmmd_console" ~version:"%%VERSION_NUM%%"
Term.info "albatross_console" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -293,7 +293,7 @@ let run_client _ socket (influxhost, influxport) vm =
Lwt_main.run (client socket influxhost influxport vm)
open Cmdliner
open Vmm_cli
open Albatross_cli
let socket =
let doc = "socket to use" in
@ -304,13 +304,13 @@ let influx =
~doc:"the influx hostname:port to connect to")
let cmd =
let doc = "VMM InfluxDB connector" in
let doc = "Albatross Influx connector" in
let man = [
`S "DESCRIPTION" ;
`P "$(tname) connects to a vmm stats socket, pulls statistics and pushes them via TCP to influxdb" ]
`P "$(tname) connects to a albatross stats socket, pulls statistics and pushes them via TCP to influxdb" ]
in
Term.(pure run_client $ setup_log $ socket $ influx $ opt_vm_name),
Term.info "vmmd_influx" ~version:"%%VERSION_NUM%%" ~doc ~man
Term.info "albatross_influx" ~version:"%%VERSION_NUM%%" ~doc ~man
let () =
match Term.eval cmd

View file

@ -184,11 +184,10 @@ let jump _ file sock =
Lwt.async (handle mvar ring cs addr) ;
loop ()
in
loop ()) ;
`Ok ()
loop ())
open Cmdliner
open Vmm_cli
open Albatross_cli
let socket =
let doc = "socket to use" in
@ -200,6 +199,6 @@ let file =
let cmd =
Term.(ret (const jump $ setup_log $ file $ socket)),
Term.info "vmm_log" ~version:"%%VERSION_NUM%%"
Term.info "albatross_log" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -1,6 +1,6 @@
(* (c) 2017 Hannes Mehnert, all rights reserved *)
open Vmm_cli
open Albatross_cli
open Vmm_core
@ -246,6 +246,6 @@ open Cmdliner
let cmd =
Term.(const jump $ setup_log),
Term.info "vmmd" ~version:"%%VERSION_NUM%%"
Term.info "albatrossd" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

34
daemon/dune Normal file
View file

@ -0,0 +1,34 @@
(library
(name albatross_cli)
(public_name albatross.cli)
(wrapped false)
(modules albatross_cli)
(libraries checkseum.c albatross lwt.unix cmdliner logs.fmt logs.cli fmt.cli fmt.tty ipaddr.unix))
(executable
(name albatrossd)
(public_name albatrossd)
(package albatross)
(modules albatrossd)
(libraries albatross.cli albatross))
(executable
(name albatross_console)
(public_name albatross-console)
(package albatross)
(modules albatross_console)
(libraries albatross.cli albatross))
(executable
(name albatross_influx)
(public_name albatross-influx)
(package albatross)
(modules albatross_influx)
(libraries albatross.cli albatross))
(executable
(name albatross_log)
(public_name albatross-log)
(package albatross)
(modules albatross_log)
(libraries albatross.cli albatross))

2
dune-project Normal file
View file

@ -0,0 +1,2 @@
(lang dune 1.0)
(name albatross)

View file

@ -1,26 +0,0 @@
open Ocamlbuild_plugin
let to_opt = List.fold_left (fun acc x -> [A "-ccopt"; A x] @ acc) []
let ccopt = to_opt [ "-O3" ; "-Wall" ]
let os = Ocamlbuild_pack.My_unix.run_and_read "uname -s"
let vmm_lib = match os with
| "FreeBSD\n" -> [A "-cclib"; A "-lvmmapi"]
| _ -> []
let () =
dispatch begin function
| After_rules ->
flag ["c"; "compile"] (S ccopt) ;
flag ["link"; "library"; "ocaml"; "byte"; "use_vmm_stats"]
(S ([A "-dllib"; A "-lvmm_stats_stubs"]));
flag ["link"; "library"; "ocaml"; "native"; "use_vmm_stats"]
(S ([A "-cclib"; A "-lvmm_stats_stubs"]));
flag ["link"; "ocaml"; "link_vmm_stats"]
(S ([A "app/libvmm_stats_stubs.a"] @ vmm_lib));
dep ["link"; "ocaml"; "use_vmm_stats"] ["app/libvmm_stats_stubs.a"];
dep ["link"; "ocaml"; "link_vmm_stats"] ["app/libvmm_stats_stubs.a"];
| _ -> ()
end

View file

@ -41,8 +41,8 @@ EOD;
mkdir -p /var/run/albatross/util /var/run/albatross/fifo
chown albatross:albatross /var/run/albatross/util /var/run/albatross/fifo
chmod 2760 /var/run/albatross/fifo
chgrp albatross /usr/local/libexec/albatross/vmmd
chmod 2700 /usr/local/libexec/albatross/vmmd
chgrp albatross /usr/local/libexec/albatross/albatrossd
chmod 2700 /usr/local/libexec/albatross/albatrossd
EOD;
post-deinstall = <<EOD
@ -76,7 +76,7 @@ messages [
add path 'vmm/solo5*' mode 0660 group albatross
* start TLS endpoint via inetd on port 1025, add to /etc/inetd.conf:
blackjack stream tcp nowait albatross /usr/local/libexec/albatross/vmmd_tls_inetd vmmd_tls_inetd /usr/local/etc/albatross/cacert.pem /usr/local/etc/albatross/server.pem /usr/local/etc/albatross/server.key
blackjack stream tcp nowait albatross /usr/local/libexec/albatross/alabtross_tls_inetd albatross_tls_inetd /usr/local/etc/albatross/cacert.pem /usr/local/etc/albatross/server.pem /usr/local/etc/albatross/server.key
and add cacert.pem server.pem and server.key to /usr/local/etc/albatross

View file

@ -25,12 +25,26 @@ for f in albatross_log \
do install -U $basedir/packaging/rc.d/$f $rootdir/usr/local/etc/rc.d/$f; done
# stage albatross app binaries
for f in vmmd vmmd_log vmmd_console vmmd_stats vmmd_influx vmmd_tls vmmd_tls_inetd; do
install -U $basedir/_build/app/$f.native \
for f in albatrossd albatross_log albatross_console albatross_influx; do
install -U $basedir/_build/default/daemon/$f.exe \
$rootdir/usr/local/libexec/albatross/$f; done
for f in vmmc_local vmmc_remote vmmc_bistro vmmp_ca vmmp_request; do
install -U $basedir/_build/app/$f.native \
for f in albatross_tls_endpoint albatross_tls_inetd; do
install -U $basedir/_build/default/tls/$f.exe \
$rootdir/usr/local/libexec/albatross/$f; done
install -U $basedir/_build/default/stats/albatross_stats.exe \
$rootdir/usr/local/libexec/albatross/albatross_stats
install -U $basedir/_build/default/stats/albatross_stat_client.exe \
$rootdir/usr/local/sbin/albatross_stat_client
for f in albatross_client_local albatross_client_remote_tls albatross_client_bistro; do
install -U $basedir/_build/default/client/$f.exe \
$rootdir/usr/local/sbin/$f; done
for f in albatross_provision_ca albatross_provision_request; do
install -U $basedir/_build/default/provision/$f.exe \
$rootdir/usr/local/sbin/$f; done
# create +MANIFEST

View file

@ -29,7 +29,7 @@ start_cmd="albatross_console_start"
: ${albatross_console_user:="albatross"}
pidfile="/var/run/albatross_console.pid"
procname="/usr/local/libexec/albatross/vmmd_console"
procname="/usr/local/libexec/albatross/albatross_console"
albatross_console_start () {
echo "Starting ${name}."

View file

@ -32,7 +32,7 @@ start_precmd="albatross_daemon_precmd"
: ${albatross_daemon_flags:=""}
pidfile="/var/run/albatross_daemon.pid"
procname="/usr/local/libexec/albatross/vmmd"
procname="/usr/local/libexec/albatross/albatrossd"
#
# force_depend script [rcvar]

View file

@ -31,7 +31,7 @@ start_precmd="albatross_influx_precmd"
: ${albatross_influx_user:="albatross"}
pidfile="/var/run/albatross_influx.pid"
procname="/usr/local/libexec/albatross/vmmd_influx"
procname="/usr/local/libexec/albatross/albatross_influx"
#
# force_depend script [rcvar]

View file

@ -30,7 +30,7 @@ start_precmd="albatross_log_precmd"
: ${albatross_log_user:="albatross"}
pidfile="/var/run/albatross_log.pid"
procname="/usr/local/libexec/albatross/vmmd_log"
procname="/usr/local/libexec/albatross/albatross_log"
logfile="/var/log/albatross"
albatross_log_precmd () {

View file

@ -29,7 +29,7 @@ start_cmd="albatross_stat_start"
: ${albatross_stat_user:="albatross"}
pidfile="/var/run/albatross_stat.pid"
procname="/usr/local/libexec/albatross/vmmd_stats"
procname="/usr/local/libexec/albatross/albatross_stats"
albatross_stat_start () {
echo "Starting ${name}."

View file

@ -31,7 +31,7 @@ start_precmd="albatross_tls_precmd"
: ${albatross_tls_user:="albatross"}
pidfile="/var/run/albatross_tls.pid"
procname="/usr/local/libexec/albatross/vmmd_tls"
procname="/usr/local/libexec/albatross/albatross_tls_endpoint"
#
# force_depend script [rcvar]

View file

@ -40,7 +40,7 @@ albatross_x_start () {
echo "Starting albatross VMs: ${albatross_x_vms}."
for _vm in $albatross_x_vms; do
eval _create_args=\"\$albatross_x_args_${_vm}\"
/usr/local/sbin/vmmc_local create $_vm $_create_args
/usr/local/sbin/albatross_client_local create $_vm $_create_args
done
return
;;
@ -48,7 +48,7 @@ albatross_x_start () {
echo "Starting albatross VMs: ${@}."
for _vm in $@; do
eval _create_args=\"\$albatross_x_args_${_vm}\"
/usr/local/sbin/vmmc_local create $_vm $_create_args
/usr/local/sbin/albatross_client_local create $_vm $_create_args
done
}
@ -57,16 +57,16 @@ albatross_x_stop () {
_ALL)
echo "Stopping albatross VMs: ${albatross_x_vms}."
for _vm in $albatross_x_vms
do /usr/local/sbin/vmmc_local destroy $_vm; done
do /usr/local/sbin/albatross_client_local destroy $_vm; done
return
esac
echo "Stopping albatross VMs: ${@}."
for _vm in $@
do /usr/local/sbin/vmmc_local destroy $_vm; done
do /usr/local/sbin/albatross_client_local destroy $_vm; done
}
albatross_x_status () {
/usr/local/sbin/vmmc_local info
/usr/local/sbin/albatross_client_local info
}
case $# in

View file

@ -1,3 +0,0 @@
description = "VM Manager"
version = "%%VERSION_NUM%%"
requires = ""

View file

@ -1,22 +0,0 @@
#!/usr/bin/env ocaml
#use "topfind"
#require "topkg"
open Topkg
let () =
Pkg.describe "albatross" @@ fun _ ->
Ok [
Pkg.bin "app/vmmd" ;
Pkg.bin "app/vmmd_console" ;
Pkg.bin "app/vmmd_log" ;
Pkg.bin "app/vmmd_stats" ;
Pkg.bin "app/vmmd_tls" ;
Pkg.bin "app/vmmd_tls_inetd" ;
Pkg.bin "app/vmmd_influx" ;
Pkg.bin "app/vmmc_local" ;
Pkg.bin "app/vmmc_remote" ;
Pkg.bin "app/vmmc_bistro" ;
Pkg.bin "app/vmmp_request" ;
Pkg.bin "app/vmmp_ca" ;
Pkg.test ~run:false "app/vmmc_stat" ;
]

View file

@ -53,7 +53,7 @@ let sign_csr dbname cacert key csr days =
in
Logs.app (fun m -> m "signing %a" Vmm_commands.pp cmd) ;
Ok (ext :: exts) >>= fun extensions ->
Vmm_provision.sign ~dbname extensions issuer key csr (Duration.of_day days)
Albatross_provision.sign ~dbname extensions issuer key csr (Duration.of_day days)
| Error e -> Error e
let sign _ db cacert cakey csrname days =
@ -78,20 +78,20 @@ let help _ man_format cmds = function
let generate _ name db days sname sdays =
Nocrypto_entropy_unix.initialize () ;
match
Vmm_provision.priv_key ~bits:4096 None name >>= fun key ->
Albatross_provision.priv_key ~bits:4096 None name >>= fun key ->
let name = [ `CN name ] in
let csr = X509.CA.request name key in
Vmm_provision.sign ~certname:"cacert" (d_exts ()) name key csr (Duration.of_day days) >>= fun () ->
Vmm_provision.priv_key None sname >>= fun skey ->
Albatross_provision.sign ~certname:"cacert" (d_exts ()) name key csr (Duration.of_day days) >>= fun () ->
Albatross_provision.priv_key None sname >>= fun skey ->
let sname = [ `CN sname ] in
let csr = X509.CA.request sname skey in
Vmm_provision.sign ~dbname:(Fpath.v db) s_exts name key csr (Duration.of_day sdays)
Albatross_provision.sign ~dbname:(Fpath.v db) s_exts name key csr (Duration.of_day sdays)
with
| Ok () -> `Ok ()
| Error (`Msg e) -> `Error (false, e)
open Cmdliner
open Vmm_cli
open Albatross_cli
let csr =
let doc = "signing request" in
@ -123,7 +123,7 @@ let generate_cmd =
[`S "DESCRIPTION";
`P "Generates a certificate authority."]
in
Term.(ret (const generate $ setup_log $ Vmm_provision.nam $ db $ days $ sname $ sday)),
Term.(ret (const generate $ setup_log $ Albatross_provision.nam $ db $ days $ sname $ sday)),
Term.info "generate" ~doc ~man
let days =
@ -148,7 +148,7 @@ let help_cmd =
let doc = "The topic to get help on. `topics' lists the topics." in
Arg.(value & pos 0 (some string) None & info [] ~docv:"TOPIC" ~doc)
in
let doc = "display help about vmmp_sign" in
let doc = "display help about albatross_priviion_ca" in
let man =
[`S "DESCRIPTION";
`P "Prints help about commands and subcommands"]
@ -157,13 +157,13 @@ let help_cmd =
Term.info "help" ~doc ~man
let default_cmd =
let doc = "VMM " in
let doc = "Albatross CA provisioning" in
let man = [
`S "DESCRIPTION" ;
`P "$(tname) executes the provided subcommand on a remote albatross" ]
`P "$(tname) does CA operations (creation, sign, etc.)" ]
in
Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmp_ca" ~version:"%%VERSION_NUM%%" ~doc ~man
Term.info "albatross_provision_ca" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; sign_cmd ; generate_cmd ; (* TODO revoke_cmd *)]

View file

@ -1,6 +1,6 @@
(* (c) 2017, 2018 Hannes Mehnert, all rights reserved *)
open Vmm_provision
open Albatross_provision
open Vmm_asn
open Rresult.R.Infix
@ -32,7 +32,7 @@ let remove_policy _ name =
jump name (`Policy_cmd `Policy_remove)
let add_policy _ name vms memory cpus block bridges =
let p = Vmm_cli.policy vms memory cpus block bridges in
let p = Albatross_cli.policy vms memory cpus block bridges in
jump name (`Policy_cmd (`Policy_add p))
let info_ _ name = jump name (`Unikernel_cmd `Unikernel_info)
@ -41,7 +41,7 @@ let destroy _ name =
jump name (`Unikernel_cmd `Unikernel_destroy)
let create _ force name image cpuid memory argv block network compression =
match Vmm_cli.create_vm force image cpuid memory argv block network compression with
match Albatross_cli.create_vm force image cpuid memory argv block network compression with
| Ok cmd -> jump name (`Unikernel_cmd cmd)
| Error (`Msg msg) -> `Error (false, msg)
@ -69,7 +69,7 @@ let help _ man_format cmds = function
| Some _ -> List.iter print_endline cmds; `Ok ()
open Cmdliner
open Vmm_cli
open Albatross_cli
let destroy_cmd =
let doc = "destroys a virtual machine" in
@ -184,22 +184,22 @@ let help_cmd =
let doc = "The topic to get help on. `topics' lists the topics." in
Arg.(value & pos 0 (some string) None & info [] ~docv:"TOPIC" ~doc)
in
let doc = "display help about vmmc" in
let doc = "display help about albatross provision request" in
let man =
[`S "DESCRIPTION";
`P "Prints help about albatross local client commands and subcommands"]
`P "Prints help about albatross provision request commands and subcommands"]
in
Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ topic)),
Term.info "help" ~doc ~man
let default_cmd =
let doc = "VMM local client" in
let doc = "Albatross provisioning request" in
let man = [
`S "DESCRIPTION" ;
`P "$(tname) connects to vmmd via a local socket" ]
`P "$(tname) creates a certificate signing request for Albatross" ]
in
Term.(ret (const help $ setup_log $ Term.man_format $ Term.choice_names $ Term.pure None)),
Term.info "vmmp_request" ~version:"%%VERSION_NUM%%" ~doc ~man
Term.info "albatross_provision_request" ~version:"%%VERSION_NUM%%" ~doc ~man
let cmds = [ help_cmd ; info_cmd ;
policy_cmd ; remove_policy_cmd ; add_policy_cmd ;

21
provision/dune Normal file
View file

@ -0,0 +1,21 @@
(library
(name albatross_provision)
(public_name albatross.provision)
(wrapped false)
(modules albatross_provision)
(libraries albatross.cli x509 nocrypto.unix))
(executable
(name albatross_provision_ca)
(public_name albatross-provision-ca)
(package albatross)
(modules albatross_provision_ca)
(libraries albatross.cli albatross.provision albatross x509))
(executable
(name albatross_provision_request)
(public_name albatross-provision-request)
(package albatross)
(modules albatross_provision_request)
(libraries albatross.cli albatross.provision albatross x509))

6
src/dune Normal file
View file

@ -0,0 +1,6 @@
(library
(name albatross)
(public_name albatross)
(wrapped false)
(libraries rresult logs ipaddr bos hex ptime astring duration cstruct
decompress lwt lwt.unix ptime.clock.os asn1-combinators))

View file

@ -1,5 +1,5 @@
open Vmm_core
open Vmm_stats_pure
open Albatross_stats_pure
let timer pid vmmapi =
let rusage = sysctl_rusage pid in
@ -28,7 +28,7 @@ let jump _ pid name interval =
None
| Some vmctx ->
Logs.info (fun m -> m "vmmapi_open succeeded for %s" name) ;
Vmm_stats_pure.fill_descr vmctx ;
fill_descr vmctx ;
Some vmctx
in
let _ev = Lwt_engine.on_timer interval true (fun _e -> timer pid vmmapi) in
@ -36,7 +36,7 @@ let jump _ pid name interval =
t)
open Cmdliner
open Vmm_cli
open Albatross_cli
let interval =
let doc = "Interval between statistics gatherings (in seconds)" in
@ -52,6 +52,6 @@ let vmname =
let cmd =
Term.(ret (const jump $ setup_log $ pid $ vmname $ interval)),
Term.info "vmmd_stats" ~version:"%%VERSION_NUM%%"
Term.info "albatross_stat_client" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -14,7 +14,7 @@
open Lwt.Infix
open Vmm_stats_pure
open Albatross_stats_pure
let t = ref (empty ())
@ -83,7 +83,7 @@ let jump _ file interval =
loop ())
open Cmdliner
open Vmm_cli
open Albatross_cli
let socket =
let doc = "socket to use" in
@ -95,6 +95,6 @@ let interval =
let cmd =
Term.(ret (const jump $ setup_log $ socket $ interval)),
Term.info "vmmd_stats" ~version:"%%VERSION_NUM%%"
Term.info "albatross_stats" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

32
stats/dune Normal file
View file

@ -0,0 +1,32 @@
(* -*- tuareg -*- *)
let freebsd = try Sys.command "uname -s | grep -c FreeBSD > /dev/null" = 0 with _ -> false
let () =
Jbuild_plugin.V1.send @@ Printf.sprintf {|
(library
(name albatross_stats)
(public_name albatross.stats)
(libraries albatross)
(wrapped false)
(c_names albatross_stats_stubs)
(modules albatross_stats_pure))
(executable
(name albatross_stats)
(public_name albatross-stats)
(package albatross)
(modules albatross_stats)
%s
(libraries albatross.cli albatross.stats albatross))
(executable
(name albatross_stat_client)
(public_name albatross-stat-client)
(package albatross)
(modules albatross_stat_client)
%s
(libraries albatross.cli albatross.stats albatross)) |}
(if freebsd then "(link_flags (-ccopt \"-lvmmapi\"))" else "")
(if freebsd then "(link_flags (-ccopt \"-lvmmapi\"))" else "")

View file

@ -2,7 +2,7 @@
open Lwt.Infix
open Vmmd_tls_common
open Albatross_tls_common
let server_socket port =
let open Lwt_unix in
@ -21,7 +21,7 @@ let jump _ cacert cert priv_key port =
tls_config cacert cert priv_key >>= fun (config, ca) ->
let rec loop () =
Lwt.catch (fun () ->
Lwt_unix.accept socket >>= fun (fd, addr) ->
Lwt_unix.accept socket >>= fun (fd, _addr) ->
Lwt.catch
(fun () -> Tls_lwt.Unix.server_of_fd config fd)
(fun exn ->
@ -52,7 +52,7 @@ let jump _ cacert cert priv_key port =
loop ())
open Cmdliner
open Vmm_cli
open Albatross_cli
let port =
let doc = "TCP listen port" in
@ -60,6 +60,6 @@ let port =
let cmd =
Term.(ret (const jump $ setup_log $ cacert $ cert $ key $ port)),
Term.info "vmmd_tls" ~version:"%%VERSION_NUM%%"
Term.info "albatross_tls_endpoint" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

View file

@ -1,7 +1,7 @@
(* (c) 2018 Hannes Mehnert, all rights reserved *)
open Lwt.Infix
open Vmmd_tls_common
open Albatross_tls_common
let jump cacert cert priv_key =
Sys.(set_signal sigpipe Signal_ignore) ;
@ -29,6 +29,6 @@ open Cmdliner
let cmd =
Term.(ret (const jump $ cacert $ cert $ key)),
Term.info "vmmd_tls_inetd" ~version:"%%VERSION_NUM%%"
Term.info "albatross_tls_inetd" ~version:"%%VERSION_NUM%%"
let () = match Term.eval cmd with `Ok () -> exit 0 | _ -> exit 1

26
tls/dune Normal file
View file

@ -0,0 +1,26 @@
(library
(name albatross_tls)
(public_name albatross.tls)
(wrapped false)
(modules vmm_tls vmm_tls_lwt)
(libraries albatross tls tls.lwt x509))
(library
(name albatross_tls_cli)
(wrapped false)
(modules albatross_tls_common)
(libraries albatross_cli albatross.tls))
(executable
(name albatross_tls_endpoint)
(public_name albatross-tls-endpoint)
(package albatross)
(modules albatross_tls_endpoint)
(libraries albatross_cli albatross_tls_cli albatross))
(executable
(name albatross_tls_inetd)
(public_name albatross-tls-inetd)
(package albatross)
(modules albatross_tls_inetd)
(libraries albatross_cli albatross_tls_cli albatross))