hey, over the last weekends I worked on a system to provision and deploy MirageOS unikernels onto a machine with hypervisor (under my control).
The result is a bunch of unix processes (event log, console output, statistics, connection handling + virtual machine creation and deletion) written in OCaml, which communicate via unix domain sockets. A unikernel is - together with its configuration (memory, network device*s, optional block device, CPU id) embedded in an authenticated key/value store (X.509 certificate). I use the X.509 certificate chain to further delegate resources (by handing out (subCA) certificates) and check policies. I wrote some text about it at https://hannes.nqsb.io/Posts/VMM ; code is at https://github.com/hannesm/vmm It's up and running since some weeks on my machine now, feel free to send me signing requests in case you want to deploy unikernels. It is all based on FreeBSD and Solo5 ukvm at the moment, but it should work on Linux + ukvm as well (at least it compiles ;). Please let me know of any feedback, to either the system design, the implementation, or the article, hannes _______________________________________________ MirageOS-devel mailing list [email protected] https://lists.xenproject.org/cgi-bin/mailman/listinfo/mirageos-devel
