Mirage OS and Unikernels

What is a unikernel?

Consider a simple web service, serving static webpages over HTTP, running in a virtualised enviroment like AWS

What "machinery" is required to perform this task?

             -------------------
            | web server config |
             -------------------
            | web server        | < many features you don't need
             -------------------
            | OS libraries      | < huge APIs (+bugs ?)
             -------------------
            | OS kernel         | < driver support for old hardware
             -------------------
            | hypervisor        |
             -------------------
            | hardware          |
             -------------------

It would be nice if we didn't have to worry about securing and maintaining all this stuff!

How about?

           ---------------------
          | web server + config | < web server is the (uni)kernel
           ---------------------
          | hypervisor          |
           ---------------------
          | hardware            | 
           ---------------------

No unnecessary dependencies, just the things you need to run your application!

Mirage OS is one approach to unikernels.

Mirage OS

Isn't writing your own kernel a bit, errr, difficult???

          
          open Lwt

          module Main (C: V1_LWT.CONSOLE) = struct

            let start c =
              lwt () =  OS.Time.sleep 5.0 in
              C.log c "hello unikernel world";
              return ()
            end

possibly ill advised live demo

What's going on?

We write Mirage applications in the OCaml programming language

Mirage can create Unix executables or unikernels that run on the Xen hypervisor

Mirage has libraries that implement a network stack, access to block storage, and other things that your OS would usually provide

The `mirage` command line tool configures your application code to use the correct libraries, based on the desired target.

          
open Lwt

module Main (C: V1_LWT.CONSOLE) (S: V1_LWT.STACKV4) = struct
  let start c s =
    S.listen_tcpv4 s ~port:8000 (fun flow -> do_something_with flow);

    S.listen s
end

https://github.com/mattgray/devsintheditch-unikernel-talk/tree/master/example_network

          
open Mirage

let main = foreign "Unikernel.Main" (console @-> stackv4 @-> job)

let net =
  try match Sys.getenv "NET" with
    | "direct" -> `Direct
    | "socket" -> `Socket
    | _        -> `Socket
  with Not_found -> `Socket

let dhcp =
  try match Sys.getenv "ADDR" with
    | "dhcp"   -> `Dhcp
    | "static" -> `Static
  with Not_found -> `Dhcp

let stack console =
  match net, dhcp with
  | `Direct, `Dhcp   -> direct_stackv4_with_dhcp console tap0
  | `Direct, `Static -> direct_stackv4_with_default_ipv4 console tap0
  | `Socket, _       -> socket_stackv4 console [Ipaddr.V4.any]

let () =
  register "network" [
    main $ default_console $ stack default_console
  ]

another possibly ill advised live demo

Mirage lets us write us quickly iterate an application as a standard Unix executable and produce a unikernel from the same code