Greg, OSv cannot run natively in Nitro instances (see https://github.com/cloudius-systems/osv/issues/924).
I am not sure I understand enclaves well but can they be used across i3 (other "bare metal") instances and help communicate between OSv instances running under Firecracker on those? Would this even make sense and have any benefit? Regardless of this adding vsock support would be beneficial but we need volunteers. Waldek On Sunday, November 1, 2020 at 3:48:27 PM UTC-5 greg...@gmail.com wrote: > With the introduction of Enclave instances which communicate via vsock and > the security benefits of OSv/unikernel approach maybe this issue will > warrant more attention as the two seem made for one another (OSv and > Enclaves). Any ideas? This is on Nitro instances, I forget if OSv > supports Nitro yet or not... > > :) > > https://aws.amazon.com/ec2/nitro/nitro-enclaves/ > > -greg > > On Fri, Oct 23, 2020 at 10:43 AM Waldek Kozaczuk <jwkoz...@gmail.com> > wrote: > >> Base on page 26 in this slide - >> https://static.sched.com/hosted_files/kvmforum2019/50/KVMForum_2019_virtio_vsock_Andra_Paraschiv_Stefano_Garzarella_v1.3.pdf, >> >> it looks like there is a plan to use virtio-net device a transport for >> vsock. That would help us a lot, I guess. >> >> Does anyone have any more insight? >> >> Waldek >> >> On Friday, October 23, 2020 at 10:30:13 AM UTC-4 Waldek Kozaczuk wrote: >> >>> Hi, >>> >>> Unfortunately, I do not have any bandwidth to work on it now (maybe in a >>> couple of months). So we are looking for volunteers to help us with it. Are >>> you interested? >>> >>> As the mailing group conversation linked to #1069 indicates, adding >>> vsock support would require implementing virtio socket device driver and >>> wiring it up into network stack as a AF_VSOCK family socket. I have a hunch >>> it should not be that difficult as there is some similarity to a network >>> device in a sense that both have tx and rx virt queues so it might be >>> possible to re-use some code or at least base the socket implementation on >>> the network one. But the socket device has an extra event virt queue which >>> has to be handled as well. >>> >>> Also, vsock handles both host and guest initiated sessions. Would it >>> make an effort smaller if we only implemented one of them for now? Which >>> one do you need? >>> >>> I have also found a nice document about vsock which might give more >>> hints on how to implement it - >>> https://stefano-garzarella.github.io/posts/2019-11-08-kvmforum-2019-vsock/ >>> . >>> >>> Regards, >>> Waldek >>> >>> On Thursday, October 22, 2020 at 11:21:23 AM UTC-4 d787...@gmail.com >>> wrote: >>> >>>> Hi all, >>>> I can see that issue #1069 has been raised already to add support for >>>> vsock. Is there a plan to implement this in the next release? I would like >>>> to utilise a vsock mechanism to communicate configuration information >>>> between the host and my golang app running under a firecracker instance. >>>> >>> -- >> > You received this message because you are subscribed to the Google Groups >> "OSv Development" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to osv-dev+u...@googlegroups.com. >> > To view this discussion on the web visit >> https://groups.google.com/d/msgid/osv-dev/93bd9dcf-814c-4f2e-87f8-d308f072f52bn%40googlegroups.com >> >> <https://groups.google.com/d/msgid/osv-dev/93bd9dcf-814c-4f2e-87f8-d308f072f52bn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "OSv Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to osv-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/osv-dev/769c2a91-e845-4068-92e4-40c5e9e38790n%40googlegroups.com.
