Commit graph

312 commits

Author SHA1 Message Date
Hannes Mehnert 65693ea188 revise the "--net=yyy" argument to (optionally) contain a service:bridge
it used to only contain service, and used the same string for the bridge. This
is not flexible enough to run off-the-shelf unikernels (configured for bridge
"service" and "management" on multi-homed servers). The old behaviour is the
new default (i.e. "--net=service" creates and attaches a tap device to bridge
"service", and passes "--net:service=tapYY" to the solo5 tender). But it is more
flexible now: "--net=service:other-bridge" will create a tap device attached to
"other-bridge" and pass "--net:service=tapYY" to the tender. This way, there's
no need to match bridge names on the actual server with network device names of
the unikernels.

NB: this is (mostly) backwards-compatible: the on-disk data structures are
versioned (and the version is bumped with this PR), an old albatross client can
send "create" commands to a new server. But a new client will get a parse error
from an old server - which is fine taking into consideration the deployment
base.
2020-03-25 16:09:23 +01:00
Hannes Mehnert 19a817e26c cirrus: install pkgconf 2020-03-13 18:37:12 +01:00
Hannes Mehnert a134218b64 use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
Hannes Mehnert 22ce1fbdbc
Merge pull request #25 from hannesm/linux2
Linux support
2020-02-20 21:01:52 +01:00
Hannes Mehnert da5ed22a14 compute uptime from now - started 2020-02-16 19:47:39 +01:00
Hannes Mehnert ff59f05660 compatibility with x509 0.9.0 2020-02-16 16:33:19 +01:00
Hannes Mehnert eebecd4a96 adjust cirrus for new location of create_package.sh 2019-11-27 11:28:38 +01:00
Hannes Mehnert 05ab18457b systemd services, based on ee49c6240aa2cf2c9dac47eff6c751ce8c17efb5 by @cfcs 2019-11-27 11:27:55 +01:00
Hannes Mehnert 3dc21c037e move FreeBSD packaging to packaging/FreeBSD 2019-11-27 11:27:55 +01:00
Hannes Mehnert eccdaeafda set umask in mkfifo 2019-11-27 11:27:55 +01:00
Hannes Mehnert 34817a2090 notes about brctl, could potentially be replaced by ip 2019-11-27 11:27:55 +01:00
Hannes Mehnert 6206e8681a make dbdir and tmpdir platform-specific and overwritable by all command line utilities 2019-11-27 11:27:55 +01:00
Hannes Mehnert 56aa5545f8 basic cirrus on FreeBSD set 2019-11-27 11:27:25 +01:00
Hannes Mehnert 2d26a56c0d
Merge pull request #24 from hannesm/versioning
Versioning
2019-11-13 19:01:44 +01:00
Hannes Mehnert 13e731b78e albatross tls: re-allow root in leaf certificate (i.e. root) to fix log and info commands via tls
this is an interaction of 057dbbf147 (allow multiple labels in leaf certificates) and a579a8e143 (print root as "." instead of "")
2019-11-11 23:20:03 +01:00
Hannes Mehnert ff067255b0 albatrossd: acquire lock for restore 2019-11-11 23:20:03 +01:00
Hannes Mehnert 784429744c versioning: revise it all, use a 'current' in Vmm_commands, all daemons reply with the received version on that particular stream 2019-11-11 23:20:03 +01:00
Hannes Mehnert 365a569b25 albatross_ca: compare request vs my version, write mine, bump to AV4 2019-11-11 19:18:48 +01:00
Hannes Mehnert af04739575 albatross_ca: default to 1 day for leaf certificates, 1 year for intermediate policy_add certificates 2019-11-10 23:23:42 +01:00
Hannes Mehnert b1272a75ec create from state in series, not parallel to avoid communication mishappenings
the socket lock was removed in 58c34907 in favour of a global lock -- but the
bootup used an iter_p for create (which is usually called with the lock being
held by the caller)
2019-11-09 21:32:49 +01:00
Hannes Mehnert bcb3efcb23 canonical tag is vm (historical reasons), let's unify 2019-11-09 20:52:39 +01:00
Hannes Mehnert 057dbbf147 revise naming freedom: multiple labels are allowed in certificate common names
influx may drop topmost label (if --drop-label provided)
2019-11-09 20:36:32 +01:00
Hannes Mehnert ec9f00b39a vmm_ring revise implementation 2019-10-29 20:42:51 +01:00
Hannes Mehnert 8a113e5ce0 revise log and console subscription protocol, require either since or count 2019-10-29 20:17:50 +01:00
Hannes Mehnert 90d1fd9d7d console: use Lwt_unix.openfile (RDONLY; NONBLOCK) to open the fifo, followed
by Lwt_unix.wait_read (in read_console, called asynchronously in a fresh task)
and only then convert to a Lwt_io.t (of_fd ~mode:Input) -- thanks to @cfcs

This allows albatross to be run on Linux, where the former code lead to:
- open FIFO
- read <- EOF (although no writer was connected yet)

this works nicely around ocsigen/lwt#741
2019-10-27 23:23:54 +01:00
Hannes Mehnert 82782363b8 Vmm_unix.check_commands : unit -> (unit, [> `Msg of string ]) result - which
checks (platform-dependent) all required executables
Vmm_unix.prepare/exec execute solo5-{spt/hvt} depending on the image type
 (solo5-elftool figures that out), use jsonm to parse output
Vmm_unix: use ip on linux, no longer ifconfig
2019-10-27 21:31:37 +01:00
Hannes Mehnert 01f6983325 cosmetics 2019-10-27 19:47:37 +01:00
Hannes Mehnert 1d33c17b53 use a variant for uname result, not strings 2019-10-27 19:43:54 +01:00
Hannes Mehnert e1239366e1 travis: use docker, test on 4.08 and 4.09 as well 2019-10-15 20:25:44 +02:00
Hannes Mehnert 537c113a8a albatross_log: a read-only mode to read a log file 2019-10-15 00:50:16 +02:00
Hannes Mehnert 47fef438e0 preserve backwards data compatibility 2019-10-15 00:49:58 +02:00
Hannes Mehnert 5b187999f1 restart: range 60..64 no restart, document all the exits 2019-10-14 11:05:22 +02:00
Hannes Mehnert a579a8e143 root name is "." instead of "" 2019-10-13 13:40:17 +02:00
Hannes Mehnert 249796ce6f minor 2019-10-12 02:30:21 +02:00
Hannes Mehnert 866cd9041a move conn_metrics to Vmm_core 2019-10-12 02:15:44 +02:00
Hannes Mehnert 13edb22db3 bump wire version 2019-10-12 02:06:45 +02:00
Hannes Mehnert c9820f3106 deterministic mac addresses! 2019-10-12 02:06:45 +02:00
Hannes Mehnert 0808c20583 restart on failure: add optional integer set which exit codes to restart on 2019-10-12 02:06:45 +02:00
Hannes Mehnert 6be9ebbc8b revise tag and compression in unikernel config 2019-10-12 02:06:45 +02:00
Hannes Mehnert 520eab879e minor api cleanup 2019-10-12 02:06:45 +02:00
Hannes Mehnert 58c3490782 restart on failure 2019-10-12 02:06:45 +02:00
Hannes Mehnert f81a12bc4d initial metrics 2019-10-12 02:06:38 +02:00
Hannes Mehnert 94912c21e4 changes for solo5 0.6
-- this is a breaking change in the wire protocol
2019-10-12 02:06:27 +02:00
Hannes Mehnert a46538cabc x509 API upgrade to 0.8.0 2019-10-12 02:06:16 +02:00
Hannes Mehnert 4787b0cf1f remove unnecessary freebsd-specific teardown code (bhyvectl --destroy), since 0.6 reverted privdrop 2019-10-12 02:04:44 +02:00
Hannes Mehnert 2db9e0c15e compression level is 9 for remote (bistro/request), and 0 for local now 2019-10-12 02:04:44 +02:00
Hannes Mehnert da8dcef6a0 there's no need for albatross_x anymore, albatross keeps state itself these days 2019-10-12 02:04:44 +02:00
Hannes Mehnert 37ad18107e something weird with decompress 1.0.0: getting Error: Library "decompress" not found. from dune @dinosaure 2019-10-12 02:04:44 +02:00
Hannes Mehnert 4ce52daea8 gather more statistics from kinfo_user (sys/user.h) on FreeBSD
- real time runtime information (in microsecs) ki_runtime
- start timeval ki_start
- count of copy-on-write fauls ki_cow
2019-10-12 02:04:44 +02:00
Hannes Mehnert 50ed6a8d1e adapt to X509 0.7.0 API, minor comment and doc tweaks 2019-07-27 14:01:12 +02:00