Go to file
Hannes Mehnert 65693ea188 revise the "--net=yyy" argument to (optionally) contain a service:bridge
it used to only contain service, and used the same string for the bridge. This
is not flexible enough to run off-the-shelf unikernels (configured for bridge
"service" and "management" on multi-homed servers). The old behaviour is the
new default (i.e. "--net=service" creates and attaches a tap device to bridge
"service", and passes "--net:service=tapYY" to the solo5 tender). But it is more
flexible now: "--net=service:other-bridge" will create a tap device attached to
"other-bridge" and pass "--net:service=tapYY" to the tender. This way, there's
no need to match bridge names on the actual server with network device names of
the unikernels.

NB: this is (mostly) backwards-compatible: the on-disk data structures are
versioned (and the version is bumped with this PR), an old albatross client can
send "create" commands to a new server. But a new client will get a parse error
from an old server - which is fine taking into consideration the deployment
base.
2020-03-25 16:09:23 +01:00
client use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
command-line revise the "--net=yyy" argument to (optionally) contain a service:bridge 2020-03-25 16:09:23 +01:00
daemon Merge pull request #25 from hannesm/linux2 2020-02-20 21:01:52 +01:00
packaging systemd services, based on ee49c6240aa2cf2c9dac47eff6c751ce8c17efb5 by @cfcs 2019-11-27 11:27:55 +01:00
provision use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
src revise the "--net=yyy" argument to (optionally) contain a service:bridge 2020-03-25 16:09:23 +01:00
stats use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
tls use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
.cirrus.yml cirrus: install pkgconf 2020-03-13 18:37:12 +01:00
.gitignore move to dune, rename executables 2019-03-28 00:11:43 +01:00
.ocamlinit address most of @cfcs comments 2018-10-29 17:14:51 +01:00
.travis.yml use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
albatross.opam use mirage-crypto and modern tls 2020-03-13 16:36:05 +01:00
CHANGES.md initial 2017-07-10 10:38:25 +01:00
dune-project move to dune, rename executables 2019-03-28 00:11:43 +01:00
LICENSE.md initial 2017-07-10 10:38:25 +01:00
README.md move to dune, rename executables 2019-03-28 00:11:43 +01:00

Albatross: orchestrate and manage MirageOS unikernels with Solo5

Build Status

The goal of albatross is robust deployment of MirageOS unikernels using Solo5, including precise error handling of failures. The code running under superuser privileges is minimimal. Albatross is supposed to be run on a machine in the dom0, next to the hypervisor. Albatross keeps track of unikernel resource usage (memory, CPUs, bridges, block storage and active block devices). Policies restricting these resources for administrative domains are available. Local and remote deployments are supported, remote ones are authenticated and encrypted via a mutually authenticated TLS connection using X.509 client certificates. Multi-tenancy deployments are possible, tenants do not need any other access to the machine: console output and statistics gathered by the host are accessible via TLS. Albatross keeps the information of running unikernels persistently, and starts these unikernels when the albatross daemon is started. This means that whenever a unikernel was started, it keeps running until it crashes or an explicit destroy command is issued.

The administrative domain is similar to DNS: each unikernel has a name (e.g. foo.hello), which consists of labels separated by dots. Policies and access is done on a name basis - if access to foo is granted, foo.hello, foo.bar.hello, etc. can be accessed, but not bar or bar.hello.

Components

Albatross consists of a set of binaries. Several daemons, which communicate in a request-response style over Unix domain sockets, are run in the host system:

  • albatrossd: privileged to create and destroy unikernels
  • albatross_console: reads the console output of unikernels
  • albatross_log: event log
  • albatross_stats: statistics gathering (rusage, ifstat, BHyve debug counters)
  • albatross_tls_endpoint: remote deployment via TLS with client certificate, and proxies to local daemons
  • albatross_tls_inetd: remote deployment via TLS and inetd (alternative to albatross_tls_endpoint)
  • albatross_influx: statistic reporting from albatross_stats to influx

The main daemon is the privileged albatrossd, which supervises unikernels. It opens a listening Unix domain socket, reads the persisted unikernel configuration, starts these unikernels, and awaits commands. Access can be regulated by Unix file permissions, only those users who can write to that socket can send commands.

Albatross_console does not keep any persistent state, but a ring buffer of console output from each unikernel. These messages can be retrieved by a client, as a stream of messages (history, and whenever a new line is output, it is send to the interested client). Each unikernel output can only be read by a single client, to avoid amplification of traffic if lots of clients are connected. Albatrossd sends a message to albatross_console whenever a new unikernel is started, upon reception albatross_console opens and reads the fifo which the unikernel will write their standard output to.

Albatross_log keeps a persistent event log for albatross, can be read by clients.

Albatross_stats gathers periodically statistics (memory, CPU, network, hypervisor) from all running unikernels.

Albatross_tls_endpoint and albatross_tls_inetd listen on a TCP port, and proxy requests from remote clients to the respective daemons described above. They enforce client authentication, and use the commen names of the client certificate chain as administrative domain. The policies are embedded in CA certificates, the command is embedded in the leaf certificate.

The following command-line applications for local and remote management are provided:

  • albatross_client_local: sends a command locally to the Unix domain sockets
  • albatross_client_remote_tls: connects to a remote TLS endpoint and sends a command
  • albatross_provision_request: creates a certificate signing request containing a command
  • albatross_provision_ca: certificate authority operations: sign, generate, and revoke (NYI)
  • albatross_client_bistro: command line utility to execute a command remotely: request, sign, remote (do not use in production, requires CA key locally)

Installation

To install Albatross, run opam pin add albatross https://github.com/hannesm/albatross.

Init scripts for FreeBSD are provided in the packaging/rc.d subdirectory.

TODO: from here on, this documentation is not up to date.

It may help to read the outdated blog article for motivation of albatross and an overview over its functionality.