Commit graph

41 commits

Author SHA1 Message Date
Hannes Mehnert c8f1030403 rename Vm to Unikernel 2018-11-13 01:02:05 +01:00
Hannes Mehnert 85372b0c7e rework resources: now block, vms, and policies are in separate tries 2018-11-13 00:06:43 +01:00
Hannes Mehnert b5c9cdea6a cleanups 2018-11-12 22:19:39 +01:00
Hannes Mehnert 8ccda0e410 refactor bridge: use a string instead of a complicated thing 2018-11-12 22:07:45 +01:00
Hannes Mehnert 2e7f2730a2 move Vm to submodule 2018-11-11 03:24:50 +01:00
Hannes Mehnert 561ba5c5df put Policy in a submodule 2018-11-11 03:09:37 +01:00
Hannes Mehnert 89a1d30154 cleanups in respect to directories and scope 2018-11-11 02:33:00 +01:00
Hannes Mehnert 43379d6d9d rename Vmm_core.id to Vmm_core.Name.t and make it private - also check constructors to fit into 20 chars ldh (and in Vmm_tls max depth = 10) 2018-11-11 01:44:31 +01:00
Hannes Mehnert 6dcde8eb68 block device support 2018-11-11 00:01:56 +01:00
Hannes Mehnert 6945d21422 Vmm_core.drop_super / is_sub_id: fix function (used to assume reverse ordered labels) 2018-11-09 01:27:22 +01:00
Hannes Mehnert 7b8f2cf802 add policy does nothing when received policy is equal to stored one 2018-10-28 19:41:06 +01:00
Hannes Mehnert 5e921d7345 skip empty common names in vmm_tls 2018-10-28 19:04:24 +01:00
Hannes Mehnert 01f933702d move stuff around 2018-10-26 21:30:54 +02:00
Hannes Mehnert 04367421bf since argument for log_subscribe and console_subscribe 2018-10-26 21:29:59 +02:00
Hannes Mehnert d513269453 move stuff into vmm_commands 2018-10-26 21:29:59 +02:00
Hannes Mehnert ce0c42fa77 more cleanups 2018-10-26 21:29:59 +02:00
Hannes Mehnert 46548418cd minor cleanup: stats type 2018-10-26 21:29:59 +02:00
Hannes Mehnert f3c67f626a more cleanups 2018-10-26 21:29:59 +02:00
Hannes Mehnert f5ce2d8826 reuse commands from Vmm_asn.wire_commands for certificates 2018-10-26 21:29:59 +02:00
Hannes Mehnert d6c87bacde minor tweaks 2018-10-26 21:29:59 +02:00
Hannes Mehnert c399501a18 get rid of vm_config.vname 2018-10-26 21:29:59 +02:00
Hannes Mehnert 1d4d7509dc remove vmm_wire, use asn.1 2018-10-26 21:29:59 +02:00
Hannes Mehnert bcb280aa00 refactor commands into vmm_commands 2018-10-26 21:29:59 +02:00
Hannes Mehnert 182e2ae10c policies:
vmmc now has more subcommands
  - policy [-n name] returns all policies in name and below
  - add_policy [-n name] [--cpu cpuid] [--mem mem] [--bridge bridge] [--block size] adds a policy
  - remove [-n name] removes policy at name

policy is just the same which is in vmm_req_delegation, and vmm_resources now check them:
- you cannot insert a subpolicy violating the prefix
- you cannot insert a policy which would forbid current resource usage
- you cannot insert a policy with which any subpolicy would be invalid
- you can adjust (increase/decrease) a policy if the above invariants are kept

implement "force create" directly in vmmd: much nicer to
 - check resource constraints,
 - kill vm potentially,
 - and create a new vm,
all as single transaction.
2018-10-26 21:29:59 +02:00
Hannes Mehnert ea83013068 delegation -> policy 2018-10-26 21:29:59 +02:00
Hannes Mehnert e413b8c99a remove naming struggle in vm_config and Log.hdr 2018-10-26 21:29:59 +02:00
Stefan Grundmann 133884faf4 log, stats and console socket go in their own directory 2018-10-07 00:32:25 +00:00
Hannes Mehnert 38094a53e3 use vmm_trie in log and stat, cleanups 2018-09-28 22:44:38 +02:00
Hannes Mehnert 02f8d94db8 s/ukvm/hvt/ 2018-09-21 22:31:04 +02:00
Hannes Mehnert e7b4742964 less is more, also unify default socket paths
and vmmc console command
2018-09-19 21:53:18 +02:00
Hannes Mehnert bd10209297 wip, vmmc and vmmd talk with each other! 2018-09-09 20:52:04 +02:00
Hannes Mehnert 0583fbfaf1 stats: transmit vmid in add/remove/stats, pid only in add
don't use /tmp anymore, but /var/run/albatross for fifos + sockets + vm images,
  and /var/db/albatross for ukvm-bin and crls, and /var/log/albatross for logging

vmm_console/vmm_log/vmm_stats_lwt: delete socket on startup if it exists

vmm_influxdb_stats: connects to vmm_stats socket and pushes every interval in
 influxdb line format via tcp to specified host and port
2018-04-26 00:03:46 +02:00
Hannes Mehnert 9696953cd7 revise force-restart: now with wait for kill and resource cleanup before start
allows to cleanup various hacks, such as checking for pid in vmm_resources
or removing temporarily the allocated resources from the resource map in vmm_engine

semantics is now slightly different, but for sure enhanced.
- each VM has a Lwt.wait () task attached in Vmm_engine.t (tasks : 'c String.Map.t)
- normal create shouldn't be much different, apart from memoizing the sleeper
- after waitpid is done in vmmd, and vmm_engine.shutdown succeeded, Lwt.wakeup is called for the sleeper
- force create now:
 - checks static policies
 - looks for existing VM (and task), if present: kill and wait for task in vmmd
 - continue with presence checking of vm name, dynamic policies, allocate resources (tap, img, fifo)

this means the whole randomness in filenames can be removed, and the
communication between vmm_console and vmm_client is working again (attach/detach
could not work since vmm_console knew only about "albatross.AAA.BBB.RANDOM",
whereas vmm_client insisted on "AAA.BBB"

resource overcommitment (and races in e.g. block device closing + opening) are
gone now, only if the old vm is cleanup up, resources for the new one are
allocated and it is executed
2018-04-05 01:02:45 +02:00
Hannes Mehnert a89b2925fd Vmm_core.cmd is now a variant (no longer polymorphic variant), some renames in Vmm_wire.Stats and Vmm_wire.Console to disambiguate 2018-04-04 22:16:31 +02:00
Hannes Mehnert 7a4661b2e1 style: require lwt 3.0.0, fix warnings, disable 4 (fragile pattern matching) and 48 (implicit elimination of optional argument) 2018-04-03 22:58:31 +02:00
Hannes Mehnert db8ae1ee37 compression, fixes #6 2018-03-22 17:00:08 +01:00
Hannes Mehnert bb61388cfc new permission: force_create
a client certificate may either contain `Create or `Force_create permission.  If
the latter is used (vmm_req_vm --force), and a VM with the same name already
exists, this is destroyed (if the dynamic resources without the existing would
allow the new one to be deployed) and the new one is started.

I had this concrete deployment scenario, where kill ; create takes some minutes
since it is 10MB data which needs to be transferred from my laptop to a remote
server (me behind dialup).

- renamed `Image to `Create
- renamed `Destroy_image to `Destroy_vm
2018-03-22 17:00:08 +01:00
Hannes Mehnert 8807150c86 use a random temporary file instead of the serial numbers of the certificate chain for temporary host resources 2018-03-22 13:54:33 +01:00
Hannes Mehnert bd8cc0ad22 style 2017-12-20 22:29:22 +01:00
Hannes Mehnert bdedadf689 vmmd:
- fix fd leak (always close socket)
 - send first message (login) after renegotiation

vmm_stats:
 - remove unneeded functionality (keeping old statistics around)
 - translate internal tap names to bridge names
 - gather statistics from vmmapi as well

vmm_prometheus_stats:
 - new exporter of statistics to prometheus

*:
 - fix typo in README
 - style
2017-09-14 21:47:07 +01:00
Hannes Mehnert 02be3f4528 initial 2017-07-10 10:38:25 +01:00