Commit graph

307 commits

Author SHA1 Message Date
Reynir Björnsson 362ff7b27a Linux: Fix socket permissions 2020-11-24 14:41:56 +01:00
Reynir Björnsson 04ed59202b Set FD_CLOEXEC in sd_listen_fds 2020-11-18 21:30:29 +01:00
Reynir Björnsson c67bafa063 Implement sd_listen_fds in OCaml 2020-11-18 17:36:36 +01:00
Reynir Björnsson b2b9ddcdef Systemd services depend on their sockets 2020-11-11 14:31:26 +01:00
Reynir Björnsson 99a992b3c4 AssertPathExists belongs under [Unit]
And not [Service].
2020-11-11 14:18:07 +01:00
Reynir Björnsson f79ed78a2b packaging/Linux/albatross_stat.service fix typo 2020-11-11 14:11:25 +01:00
Reynir Björnsson d9c572109c Install .socket files 2020-11-11 13:54:06 +01:00
Reynir Björnsson 0013e55d71 Add missing systemd.socket files
Also pass the new --systemd-socket-activation to the daemons.
2020-11-11 13:02:48 +01:00
Reynir Björnsson 0508465bba Refactor socket activation, use for all daemons 2020-11-11 12:17:08 +01:00
Reynir Björnsson 0c29e2b90d Experimental systemd socket activation 2020-11-11 11:41:07 +01:00
Hannes Mehnert 7030b1a3fa
Merge pull request #40 from reynir/linux-packaging
Update Linux packaging
2020-11-10 15:46:28 +01:00
Reynir Björnsson 910c842448 Update Linux packaging
* Update README: Names of binaries have changed, CLI interface as well,
  add instructions for installing tenders...
* Install an empty log
* Add assertion in albatross_log.service that the log file exists
2020-11-10 11:02:17 +01:00
Hannes Mehnert 3f36fe6382
Merge pull request #38 from hannesm/old-logs
albatross_log: skip unknown entries
2020-07-29 15:55:57 +02:00
Hannes Mehnert a5265c9a44 albatross_log: skip unknown entries 2020-07-29 15:22:05 +02:00
Hannes Mehnert 1b1164166b
Merge pull request #36 from hannesm/more
enhancements in tooling
2020-07-29 14:14:53 +02:00
Hannes Mehnert f7881e24e5 FreeBSD packaging: add albatross_client_inspect_dump to package 2020-07-29 12:26:46 +02:00
Hannes Mehnert c7ee9dd908 vmm_asn: document versioning 2020-07-14 18:32:25 +02:00
Hannes Mehnert da8b71cd2e bash is needed now (for parsexp 0.14) 2020-07-05 21:28:59 +02:00
Hannes Mehnert c7b468fe09 new command: get which downloads a unikernel and dumps it into a file 2020-07-05 21:27:44 +02:00
Hannes Mehnert 5adc2f0a8a vmm_asn: instead of potentially losing information, be honest and fail if requested to encode older versions of unikernel configuration 2020-07-05 20:53:57 +02:00
Hannes Mehnert 125711ac6d further rng cleanups (remove deps from dune); albatross-client-inspect-dump which reads a state file (for cautious upgrades) 2020-07-05 20:39:29 +02:00
Hannes Mehnert d93a683d94 tls: no need to initialize rng (tls.lwt does this for us) 2020-06-23 20:03:59 +02:00
Hannes Mehnert c98ac0494d retry-connections now defaults to 0
this makes it much easier to reason about the initialization.

for production, init scripts should enforce the dependency order
for testing, provide your own if desired

//cc MagnusS

also move enable_stats and retry_connections up (before exit codes)
2020-06-16 11:45:47 +02:00
Hannes Mehnert 21406965e7 require OCaml 4.08.0 since mirage-crypto depends on 4.08 2020-06-15 18:17:12 +02:00
Hannes Mehnert b07f09ba12 remove superfluous and outdated .ocamlinit 2020-06-15 16:48:59 +02:00
Hannes Mehnert a4c4331b71 TLS applications: initialize RNG 2020-06-15 16:33:11 +02:00
Hannes Mehnert ceafacbd2a require tls 1.3, avoid renegotiation (client certificate is now already encrypted) 2020-05-19 21:07:39 +02:00
Hannes Mehnert ccf3cae68c albatrossd: style cleanups 2020-05-19 21:00:37 +02:00
Magnus Skjegstad 50958a32f5
Albatrossd: --enable-stats and --retry-connections (#33)
* Make albatrossd wait for other sockets to appear if --retry-connections is specified
* Connect to log/console before creating main socket
* Disable stats by default unless --enable stats is specified
2020-05-19 20:51:32 +02:00
Hannes Mehnert 604f3ec52e Bos.OS.Cmd.run_out needs to check the exit status (using Bos.OS.Cmd.success) 2020-05-11 13:26:35 +02:00
Hannes Mehnert ab76e1ef89 metrics got released, no longer pin-depend 2020-05-09 22:47:54 +02:00
Hannes Mehnert 0920ae142e on cirrus, watermark (dune subst) and build with release profile before packaging and uploading 2020-05-02 22:08:59 +02:00
Hannes Mehnert 7cad9bd08d on linux, be a bit smarter which network device name to use 2020-04-25 19:59:19 +02:00
Hannes Mehnert 0c5af23848 vmmd: unikernel_info no longer transfers the unikernel image
regression introduced in dfd22be62b
(which prepared dumping to a file, and restart-on-failure)
this is not desired from a bandwidth point of view, if it is
considered to be a useful feature, there should be a separate
command for it
2020-04-25 17:12:41 +02:00
Hannes Mehnert 1fbec307ab update FreeBSD in cirrus to 12.1 2020-04-25 16:42:39 +02:00
Hannes Mehnert 0932d06c41 client: provide exit code depending on failure
fixes #31, piggy-backs on the 'a in type 'a result = [ `Ok of 'a | ... ]
the code uses Ok Albatross_cli.Remote_command_failed to signal "exit 123"
2020-04-25 16:28:48 +02:00
Hannes Mehnert 9bc4d478d5 albatross_cli: fix docstring of dbdir location on linux 2020-04-21 11:19:12 +02:00
Hannes Mehnert c0f093d39c add ISC license (fixes #13, re-requested by Poulpe on discord) 2020-04-21 11:10:46 +02:00
Hannes Mehnert 4c9faf4262 adapt to x509 0.11.0 API changes 2020-04-21 11:10:39 +02:00
Hannes Mehnert b7747a2547 linux tap device discovery: redirect stderr of run to /dev/null 2020-04-21 11:07:57 +02:00
Hannes Mehnert 03c9948526 avoid brctl on Linux, use ip instead 2020-04-09 17:02:17 +02:00
Hannes Mehnert be83686a22 Vmm_unix: fix ip tuntap command (provide tap name earlier), also set link up 2020-04-03 17:44:21 +02:00
Hannes Mehnert 18728a7601 packaging/linux: cleanups of systemd scripts
- console creates the run directories (albatross albatross/fifo albatross/util)
-> log depends on console
- albatross/fifo needs special permission (albatross_daemon creates fifo there, albatross_console needs to read them)
- use /var/lib/albatross/albatross.log for the log file
- only require root in albatross_daemon, use user albatross in albatross_console and albatross_log
- defer albatross_stat for now
2020-04-03 17:43:45 +02:00
Hannes Mehnert 59212bdca9 [ci skip] minor rewording 2020-03-31 21:18:09 +02:00
Hannes Mehnert 14f861b945 stats: instead of executing the sysctl kinfo_proc twice (for retrieving kinfo_mem and rusage), only execute it once 2020-03-31 11:53:07 +02:00
Hannes Mehnert 65693ea188 revise the "--net=yyy" argument to (optionally) contain a service:bridge
it used to only contain service, and used the same string for the bridge. This
is not flexible enough to run off-the-shelf unikernels (configured for bridge
"service" and "management" on multi-homed servers). The old behaviour is the
new default (i.e. "--net=service" creates and attaches a tap device to bridge
"service", and passes "--net:service=tapYY" to the solo5 tender). But it is more
flexible now: "--net=service:other-bridge" will create a tap device attached to
"other-bridge" and pass "--net:service=tapYY" to the tender. This way, there's
no need to match bridge names on the actual server with network device names of
the unikernels.

NB: this is (mostly) backwards-compatible: the on-disk data structures are
versioned (and the version is bumped with this PR), an old albatross client can
send "create" commands to a new server. But a new client will get a parse error
from an old server - which is fine taking into consideration the deployment
base.
2020-03-25 16:09:23 +01:00
Hannes Mehnert 19a817e26c cirrus: install pkgconf 2020-03-13 18:37:12 +01:00
Hannes Mehnert a134218b64 use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
Hannes Mehnert 22ce1fbdbc
Merge pull request #25 from hannesm/linux2
Linux support
2020-02-20 21:01:52 +01:00
Hannes Mehnert da5ed22a14 compute uptime from now - started 2020-02-16 19:47:39 +01:00