Towards Heroku for Unikernels: Part 1 - Automated deployment. In my Jekyll to Unikernel post, I described an automated workflow that would take your static website, turn it into a MirageOS unikernel, and then store that unikernel in a git repo for later deployment.
Although it was written from the perspective of a static website, the process was applicable to any MirageOS project. This post covers how things have progressed since then and the kind of automated, end-to-end deployments that we can achieve with unikernels. If you’re already familiar with the above-linked post then it should be clear that this will involve writing a few more scripts and ensuring they’re in the right place. The rest of this post will go through a real world example of such an automated system, which we’ve set up for building and deploying the unikernel that serves our slide decks — mirage-decks. Once you’ve gone though this post, you should be able to recreate such a workflow for your own needs. Standardised build scripts. One Secure OS for the Cloud - The Rise of Unikernels. In the last few years, a number of open source projects have started to build interesting new technologies to create faster and more secure and scalable cloud applications.
The name: unikernels. The goal: develop a new breed of applications (or port existing ones) for the cloud that significantly improve security, performance and scalability by reducing the traditional layer-cake application stack into a single unikernel virtual machine (VM) image. In other words, the operating system, any libraries you need and the application itself are compiled into a small unikernel image. Traditional application stacks run in parallel within an operating system, which in turn may run in a (VM).
The operating system manages resources and isolates applications from one another. Unikernels also deliver impressive flexibility, speed and versatility for cross-platform environments, big data analytics and scale-out cloud computing. Unikernel. Library operating systems In a library operating system, protection boundaries are pushed to the lowest hardware layers, resulting in: a set of libraries that implement mechanisms such as those needed to drive hardware or talk network protocols;a set of policies that enforce access control and isolation in the application layer.
The library OS architecture has several advantages and disadvantages compared with conventional OS designs. One of the advantages is that since there is only a single address space, there is no need for repeated privilege transitions to move data between user space and kernel space. Therefore, a library OS can provide improved performance by allowing direct access to hardware without context switches. OS virtualization can overcome these drawbacks on commodity hardware.
Benefits and drawbacks Unikernels have a number of benefits and drawbacks when compared to traditional operating systems. Modern implementations Minimalist Cassandra VM using an OSv Unikernel. When I was living in Singapore I “accidentally” got involved in maintaining a community site for expats in Singapore.
Till now, one in a while I’m still doing a bit of webmastering on the site as one of my side activities/hobbies. Use case To prevent those rubbish email addresses from getting into the final list of email addresses for the newsletter, some serious scrubbing needs to be done. A lot of the scrubbing is done by Data Validation, but before the email addresses are sent to them, they are going through some sanity checks first. Of course the format is checked and the domain is verified against a list of disposable email addresses, but the email addresses are also verified against a database of email and ip addresses that belong to spammers. Over time, I have collected a list of approximately ~30mln email addresses and ~5mln ip addresses that belong or belonged to spammers. Why Unikernel approach? How to build it Demo time! You can see that there is hardly an OS booting up.
OSv - the operating system designed for the cloud. Mosquitto Unikernel using OSv and Capstan. Some time ago, I wrote a blog post about Unikernels and was quite enthousiast about the combination of OSv and XenServer.
I had Cassandra running in an OSv container in a Jiffy and think Unikernels on hypervisors are quite better to manage and maintain than Docker images. If you want to know more about why I think they could be considered the successor of Docker, please do feel free to read my blog “Minimalist Cassandra VM using an OSv Unikernel“. In this blog I have written about my journey to get a unikernel Cassandra running, but I’m also trying to outline the pros and cons of Unikernels in general.
A few weeks after I wrote that blog, I received a comment from Tim (hello Tim who asked me what it would take to boot another application. Mosquitto Unikernel But I did take Tim’s question as a challenge. Workstation preparations The first thing that needed to be done was to setup a Linux machine where I could spin-up Unikernels and experiment with them. Preparing Mosquitto.