We’re very grateful to this week’s (and our inaugural) sponsor: OPS is a new free open source tool that allows anyone including non-developers to run existing Linux applications as unikernels. Long predicted to be the next generation of cloud infrastructure, unikernels have remained inaccessible to developers because of their low level nature. OPS fixes that.
Please visit their website to learn more: https://ops.city
OPS is a new free open source tool that allows anyone including non-developers to run existing linux applications as unikernels.
If you want to cut to the chase goto https://ops.city – download and you can be building and running your own unikernels in a few clicks. If you’re the type that wants to build from source go to https://github.com/nanovms/ops .
Unikernels have long been predicted to be the next generation of cloud infrastructure but have remained in-accessible to developers because of their low level nature. OPS fixes that.
But what is a unikernel? A unikernel is the synthesis of a single application and the operating system bits it actually needs to work into a small light-weight secure virtual machine. How small? Sometimes they can be measured in the kilobyte size. Being a single process system with no support for running multiple processes or support for users or shells allows them to run much faster and much more secure.
Unikernels are a breath of fresh air compared to the 15M LOC in a linux kernel or the 50-200M LOC found in modern distributions. They are also designed to reflect how developers actually deploy software in 2019 –
not 1969.
Get started quickly:
curl https://ops.city/get.sh -sSfL | shNow put this into a hi.js:
console.log("hello from inside the machine!\n");Now let’s run it:
ops load node_v11.15.0 -a console.jsWhat this does is build a disk image out of your code and rather than boot into linux than your init manager it boots straight to your application and starts running immediately. OPS implements a thin wrapper around qemu to orchestrate locally but it can be deployed on
various hypervisors.
So checkout https://github.com/nanovms/ops – download it, fork it, star it and let us know what you build!
Kudos to the OPS team for their work and for sponsoring the site. It would be great to have more info though. Any chance of a hyperbole-free explanation of what OPS and unikernals do, how they work, their limitations, how OPS compares to something like MirageOS, maybe some performance stats if they exist?
There was not a lot of room to go in depth in this short article and it’s something I could talk all day about. But to quickly answer some of your questions: OPS is simply a builder/orchestrator of these designed to make them easy to use. Unikernels are single process systems (there are many more nuances here but I’ll leave it at that for now). MirageOS belongs in this camp and coined the term although there are now north of 10 different unikernel implementations out there. Exokernels and library operating systems are in this space. Limitations would include that they are single process (some people see that as a benefit though.) and there’s not a ton of tooling out there for them currently. OPS runs arbitrary ELFs (eg: linux apps) – Mirage is currently constrained to OCaml but this allows them to do things we would not be able to do easily. As for performance I believe OSv is still the fastest unikernel out there although depending on the context (eg: boot times) NEC’s 5ms boot time is pretty insane. Right now our focus is on ease of use and portability.
eyberg,
Thank you for responding!
I actually have several questions about what the limitations are for the software being run inside the virtual environment.
Do standard multithreading, networking and IO work as usual?
Does forking work normally?
Is there some kind of task scheduler inside the VM?
I write a lot of asynchronous applications, to what extent does OPS support less common linux syscalls? For example something like timerfd with epoll?
Will all programming languages work or do they have to be compiled into ELF?
I presume you’ve done away with the linux out of memory killers and swap files, what happens when an OPS VM runs out of memory? Can it grow & shrink dynamically or does it require an up-front allocation?
This seems pretty awesome.
I currently use QEMU/KVM to allow users to run full virtual machines with their own operating systems independently from one another. I can attest to the overhead of running a complete OS as guest. I find that guest operating systems can use a fair amount of CPU even when “idle”. So I can see the advantages unikernels could offer. Yet, in terms of running a single application in a guest, I’m curious about the reasoning to use QEMU at all? What is the motivations for using full virtualization technology for a single application over something like linux containers LXC/LXD for instance?
Thanks for sponsoring OSAlert, I really like how this project is “on topic” for OSAlert
“Containers” have become incredibly popular over the course of the years but there’s one thing that virtualization still excels at and that is isolation. Until we see Google Cloud and Amazon Web Services wholesale replace virtual machines with containers I think this argument is going to hold for a while (or the side channel attacks improve to the point to make it irrelevant). I do tend to agree with the recent Google paper that software changes alone won’t defeat this – we need new hardware. In general the various unikernel implementations out there are much faster at runtime, much faster to boot, are highly more secure than containers are (no users, shells, single process, single digit library count, etc.)
Lastly it should be noted that many of the people I interface with that use unikernels have access to bare metal systems and that’s where they choose to run them – in cases like this you can literally spin up thousands of these on small servers.
Shouldn’t this sponsored news item be made sticky on the frontpage, on top of other news items?
(and hm, unikernel …so, is it microkernel or monolithic? ;P )