[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mirari updates

To: <cl-mirage@xxxxxxxxxxxxxxx>
From: Vincent B. <vb@xxxxxxxxx>
Date: Tue, 5 Mar 2013 22:14:55 +0000
Cc: Jon Ludlam <jonathan.ludlam@xxxxxxxxxxxxx>
List-id: MirageOS development <cl-mirage.lists.cam.ac.uk>

On 05/03/2013 20:54, Anil Madhavapeddy wrote:

On 5 Mar 2013, at 17:56, Vincent Bernardoff <vb@xxxxxxxxxxxxxx> wrote:

On 27/02/2013 21:52, Anil Madhavapeddy wrote:

- In the UNIX backend, in mirage-platform/unix/runtime/tap_stubs_*.c,
   we currently hardcode an `ifconfig 10.0.0.1` to give the tap device
   a static IP address.  This has made it easy so far to get networking
   up and running, but the tap device setup really ought to be done by
   Mirari-run instead of the Mirage-platform libraries (which should just
   open a tun passed to them).


I don’t think mirari (and obviously even less Netif) should setup the tap since 
it requires root access. Mirari should give instructions on how to do so, but not 
issue root commands itself.


It doesn't necessarily need root: there are a bunch of platform-specific ways. 
For example, on Linux, you can set CAP_NET_ADMIN to the Mirari binary to gain 
access to tunctl.  There's a good summary of all the ways in the Erlang tuntap 
bindings here:

https://github.com/msantos/tunctl

(it might be worth creating a robust ocaml-tuntap that wraps these mechanisms)

Ok. I’ve read about the CAP_NET_ADMIN but thought at first that it wasnot a very practical possiblity. It would work well with Mirari onLinux, Mirari would have to have that cap and it could create tun/tapinterfaces. For other OS, it seems that sudo is needed. But this looksreally feasible indeed. And an ocaml-tuntap library is probably the bestway to implement those functions, as they will probably be needed byother ocaml programs in the future. As everybody seems to agree on thatI’ll do my best to write such small library, if we were going to portmirage-platform code into Mirari, it should not be much more work to putit into such library instead.

The other possibility is to _not_ bother to setup tun/tap with mirari,but let the use issue the right commands instead (ip tuntap ... orwhatever command on other unixes). This is probably a bit lessconvenient for the user, but it removes some complexity frommirage/mirari, and it makes the user more aware of what is under thehood. My opinion on that is that automatic setup is better ONLY if itworks perfectly for everybody. If implementing it properly for allplatforms is too tricky such that it does not work equally well foreveryone and frustrates users, then it is seems better to me to explainusers that they have to setup a tuntap interface, and how to do it.


Just tell me what you think about that.

About the Xen backend, we should decide on a standard way to execute kernels 
(as Anil said). At the moment, I only tested the xl create -c config.cfg 
kernel.xen method, which works well. If I understand well, it is better to use 
libvirt as it is a library that could be better integrated with mirari. I did 
not test it yet, but plan to do it asap.


Great. I know Dave has been experimenting with libvirt recently, but he's 
travelling this week.  Jon, Mike, do you have any opinions about this?

A (very) simple first start would be to just generate the minimal .conf file 
(as mir-run does at the moment) and directly call 'xl/xm create -c'.

Finally I think this is a better first solution (and maybe a better lastsolution as well). Because it does not require the dependency tolibvirt, and that will always work. I’ll definitely implement thatfirst, and I’ll have a look at libvirt later if needed.

The more interesting second backend is automating Amazon EC2, for which 
bindings exist on Github (but I haven't tried). This requires signing the Xen 
kernel as an AKI image, and calling the right HTTP calls to upload it and 
register it, before spinning it up.  I can give you delegate access to my 
Amazon account, Vincent, if you don't have access to an EC2 account within 
Citrix.


Agree that it is very cool.

So, basically, here is what I’m going to do for mirari run, in order (ifeveryones agree):

1. mirari run for UNIX backend: Basically figure out / fix the tuntapbusiness, and just run the executable.

2. mirari run for Xen: Create a xl config file, then run the kernel(using xl exe/ (or libxl if available ?)


3. mirari run for EC2: Implement the automation of sending kernels on EC2.

As for making mirari do the opam switch itself (and thus specify thedesired backend in mirari config file), I have no opinion about it. Tome personally I don’t perceive that as very important (I don’t mind opamswitching manually, because I don’t think it is required to do itoften). But I can certainly implement it if needed (as you explained informer emails).


Good evening,

Vincent

Follow-Ups:
- Re: mirari updates
  - From: Anil Madhavapeddy

References:
- Re: mirari updates
  - From: Vincent Bernardoff
- Re: mirari updates
  - From: Anil Madhavapeddy

Prev by Date: Re: mirari updates
Next by Date: Re: mirari updates
Previous by thread: Re: mirari updates
Next by thread: Re: mirari updates
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.