Getting Started in UnikernelsUsing the Rump Kernel

Justin Cormack @justincormack

Slides athttp://texaslinuxfest2015.myriabit.com/

2

Justin CormackLondon based developer working on rump kernels and unikernels for the

last few years.

Co-author of new ebook Docker in the Trenches: Successful Production

Deployment

On twitter @justincormack and Github justincormack

3

Why unikernel?Lots more in the previous talk...

• Just the code you need.

• Self contained with all dependencies

• Makes system software more accessible

4

What is the rump kernel?Essentially it is the drivers from NetBSD without the rest of the kernel

• TCP, UDP, sockets

• File system drivers

• Hardware drivers and virtio drivers

• Random numbers, crypto

5

What is the rump kernel not?It does not have

• Scheduler

• Processes

• Userspace

6

Why not Linux?It has not been done yet...

While the code to use NetBSD drivers without the kernel has been

upstream for years, originally for easy driver development in userspace

and for running the test suite, eg to spin up a TCP stack for testing.

Hajime Tazaki is working on LibOS-Nuse which starts the work with the

network stack.

7

Turning the rump kernel into a unikernel• Add simple threading and scheduler

• Add platform support: so far for userspace, Xen, KVM, Qemu and some

bare metal platforms.

• Add libc, and other userspace libraries

8

Architecture

9

Architecture• The hypercall layer provides threads, clock, and scheduler, eg if running

in userspace this is very simple

• Code is a normal library, so syscalls are just function calls, sharing the

same stack

•

10

What doesn't work• Single process only – cannot fork or exec.

• No virtual memory – cannot mmap files.

• No shared librarues – everything is statically linked.

11

Languages known to workSo far mostly tested with C programs, many dynamic languages expect

dynamic libraries, although this can be worked around in principle.

• C, C++

• Lua, LuaJIT

• Python, PHP

12

Programs known to work• Nginx

• Redis

• MySQL

• LevelDB

• mpg123

• roundcube

• ...

13

Build process• Essentially we are cross compiling

• And we need to make static binaries

• Unfortunately not everything likes to do those nowadays

• Still working on improving and simplifying the build process...

14

Build stepsWill build for qemu, as it runs anywhere on Linux. Build is pretty much

the same for Xen, KVM.

1. Build (cross) toolchain

2. Compile any (static) libraries needed

3. Compile program

4. Configure program

5. Run

15

1. Build toolchain• git clone https://github.com/rumpkernel/rumprun

• cd rumprun

• git submodule update --init

• ./build-rr.sh hw

• export PATH=$PWD/app-tools:$PATH

16

2. Build an application• git clone https://github.com/rumpkernel/rumprun-

packages

• cd rumprun-packages

• echo "RUMPRUN_TOOLCHAIN_TUPLE=x86_64-rumprun-

netbsd" > config.mk

• cd nginx

• make

• rumpbake hw_generic bin/nginx.qemu bin/nginx

17

3. Configure networking• sudo ip tuntap add dev tap0 mode tap user $(whoami)

• ip link set dev tap0 up

• sudo brctl addbr bridge0

• sudo ip link set bridge0 up

• sudo brctl addif bridge0 tap0

• sudo ip addr add 10.0.0.1/24 dev bridge0

• replace /etc/qemu-ifup with an empty script

18

4. Run unikernel• rumprun qemu -i -I 'qnet0,vioif,-net

tap,ifname=tap0' -W qnet0,inet,static,10.0.0.2/24 -b

images/stubetc.iso,/etc -b images/data.iso,/data

bin/nginx.qemu -c /data/conf/nginx.conf

• curl http://10.0.0.2/

19

Building other applicationsModify the build as appropriate, hopefully as simple as:

• ./configure --host=x86_64-rumprun-netbsd --disable-

shared

20

Docker buildsThe toolchain and packaged applications are experimentally available as

docker containers, will be finalized and documented shortly

• docker pull justincormack/rumprun

• docker pull justincormack/rumprun-packages

21

Getting help• rumpkernel.org

• IRC #rumpkernel on Freenode

• Mailing list https://www.freelists.org/list/rumpkernel-users

• Twitter @rumpkernel

22