diff --git a/Posts/Deploy b/Posts/Deploy index 91d396f..384b163 100644 --- a/Posts/Deploy +++ b/Posts/Deploy @@ -17,7 +17,7 @@ This post describes how you can deploy MirageOS unikernels without compiling it To execute a MirageOS unikernel, apart from a hypervisor (Xen/KVM/Muen), a tender (responsible for allocating host system resources and passing these to the unikernel) is needed. Using virtio, this is conventionally done with qemu on Linux, but its code size (and attack surface) is huge. For MirageOS, we develop [Solo5](https://github.com/solo5/solo5), a minimal tender. It supports *hvt* - hardware virtualization (Linux KVM, FreeBSD BHyve, OpenBSD VMM), *spt* - sandboxed process (a tight seccomp ruleset (only a handful of system calls allowed, no hardware virtualization needed), Linux only). Apart from that, [*muen*](https://muen.sk) (a hypervisor developed in Ada), *virtio* (for some cloud deployments), and *xen* (PVHv2 or Qubes 4.0) - [read more](https://github.com/Solo5/solo5/blob/master/docs/building.md). We deploy our unikernels as hvt with FreeBSD BHyve as hypervisor. -On [builds.robur.coop](https://builds.robur.coop), next to the unikernel images, *solo5-hvt* packages ([FreeBSD 12.2](https://builds.robur.coop/job/solo5-hvt-freebsd/build/latest/), [Ubuntu 20.04](https://builds.robur.coop/job/solo5-hvt-ubuntu-20.04/build/latest/)) are provided - download the binary and install it. A [NixOS package](https://github.com/NixOS/nixpkgs/tree/master/pkgs/os-specific/solo5) is already available - please note that [soon](https://github.com/Solo5/solo5/pull/494) packaging will be much easier (and we will work on packages merged into distributions). +On [builds.robur.coop](https://builds.robur.coop), next to the unikernel images, [*solo5-hvt* packages](https://builds.robur.coop/job/solo5-hvt/) are provided - download the binary and install it. A [NixOS package](https://github.com/NixOS/nixpkgs/tree/master/pkgs/os-specific/solo5) is already available - please note that [soon](https://github.com/Solo5/solo5/pull/494) packaging will be much easier (and we will work on packages merged into distributions). When the tender is installed, download a unikernel image (e.g. the [traceroute](https://builds.robur.coop/job/traceroute/build/latest/) described in [an earlier post](/Posts/Traceroute)), and execute it: @@ -25,7 +25,7 @@ When the tender is installed, download a unikernel image (e.g. the [traceroute]( $ solo5-hvt --net:service=tap0 -- traceroute.hvt --ipv4=10.0.42.2/24 --ipv4-gateway=10.0.42.1 ``` -If you plan to orchestrate MirageOS unikernels, you may be interested in [albatross](https://github.com/roburio/albatross) - we provide binary packages as well for this ([albatross FreeBSD](https://builds.robur.coop/job/albatross-freebsd/build/latest/) and [albatross Ubuntu 20.04](https://builds.robur.coop/job/albatross-ubuntu-20.04/build/latest/)). An upcoming post will go into further details of how to setup albatross. +If you plan to orchestrate MirageOS unikernels, you may be interested in [albatross](https://github.com/roburio/albatross) - we provide [binary packages as well for albatross](https://builds.robur.coop/job/albatross/). An upcoming post will go into further details of how to setup albatross. ## MirageOS configuration @@ -71,9 +71,9 @@ To reproduce such a built, you need to get the same operating system (OS, OS_FAM You can [browse](https://builds.robur.coop/job/dns-primary-git/) the different builds, and if there are checksum changes, you can browse to a diff between the opam switches to reason whether the checksum change was intentional (e.g. [here](https://builds.robur.coop/compare/ba9ab091-9400-4e8d-ad37-cf1339114df8/23341f6b-cd26-48ab-9383-e71342455e81/opam-switch) the checksum of the unikernel changed when the x509 library was updated). The opam reproducible build infrastructure is driven by: -- [orb](https://github.com/roburio/orb) conducting reproducible builds (packages [FreeBSD](https://builds.robur.coop/job/orb-freebsd/build/latest/), [Ubuntu 20.04](https://builds.robur.coop/job/orb-ubuntu-20.04/build/latest/)) -- [builder](https://github.com/roburio/builder) scheduling builds in contained environments (packages [FreeBSD](https://builds.robur.coop/job/builder-freebsd/build/latest/), [Ubuntu 20.04](https://builds.robur.coop/job/builder-ubuntu-20.04/build/latest/)) -- [builder-web](https://git.robur.io/robur/builder-web) storing builds in a database and providing a HTTP interface (packages [FreeBSD](https://builds.robur.coop/job/builder-web-freebsd/build/latest/)) +- [orb](https://github.com/roburio/orb) conducting reproducible builds ([packages](https://builds.robur.coop/job/orb/)) +- [builder](https://github.com/roburio/builder) scheduling builds in contained environments ([packages](https://builds.robur.coop/job/builder/)) +- [builder-web](https://git.robur.io/robur/builder-web) storing builds in a database and providing a HTTP interface ([packages](https://builds.robur.coop/job/builder-web/)) These tools are themselves reproducible, and built on a daily basis. The infrastructure executing the build jobs installs the most recent packages of orb and builder before conducting a build. This means that our build infrastructure is reproducible as well, and uses the latest code when it is released.