Restructure the mirage/dhcp container into the new project structure

Signed-off-by: Thomas Gazagnaire <thomas@gazagnaire.org>
2025-07-20 01:29:07 +00:00 · 2017-03-17 17:39:57 +01:00 · 2017-03-17 17:39:57 +01:00 · 30be4647ad
commit 30be4647ad
parent 0a2cf858d8
23 changed files with 73 additions and 35 deletions
--- a/base/dhcp-client/ROADMAP.md
+++ b/base/dhcp-client/ROADMAP.md
@ -1,22 +0,0 @@
 ## Roadmap
 Very basic roadmap, to be improved shortly.
 ### Done
 - use 2 static binaries privileged + unikernel (calf) in the container,
  connected via socketpairs and pipes.
 - use eBPF to filter DHCP traffic
 - redirect the calf's sterr/stdout to the priv container
 - the priv exposes a simple HTTP interface to the calf, and read/write
  are stored into a local Datakit/Git repo.
 - use upstream MirageOS's charrua-core.
 ### TODO
 - current: make the packets flow in both directions
 - use runc to isolate the calf
 - use seccomp to isolate the privileged container
 - use the DHCP results to actually update the system
 - add metrics aggregation (using prometheus)
 - better logging aggregation (using syslog)
--- a/moby.yaml
+++ b/moby.yaml
@ -17,13 +17,6 @@ system:
     - /proc/sys/fs/binfmt_misc:/binfmt_misc
    read_only: true
    command: [/usr/bin/binfmt, -dir, /etc/binfmt.d/, -mount, /binfmt_misc]
  - name: dhcp-client
    network_mode: host
    image: "mobylinux/dhcp-client:dc3fd177a588ca9a850cfc75dd9083fb26d278dc"
    capabilities:
     - CAP_NET_RAW
    command: [/dhcp-client]
    read_only: true
 daemon:
  - name: rngd
    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
--- a/projects/miragesdk/README.md
+++ b/projects/miragesdk/README.md
@ -7,7 +7,7 @@
               | privileged shim |                      |       calf     |
               |=================|                      |================|
               |                 |                      |                |
-    eth0 ----> |    eBPF rules   | <--- network IO ---> |   type-safe    |
+<--  eth0 ---> |    eBPF rules   | <--- network IO ---> |   type-safe    |
               |                 |      (data path)     | network stack  |
               |                 |                      |                |
               |-----------------|                      |----------------|
@ -86,7 +86,7 @@ share it with the calf on startup).
 - Has access to a Mirage_net.S interface for network traffic
 - Has access to a a simple KV interface
-Internally, it might use something more typed than a KV store:
+Internally, it uses something more typed than a KV store:
 ```
 module Shim: sig
@ -114,8 +114,25 @@ What the SDK should enable:
 ### Roadmap
- first PoC
+#### first PoC: DHCP client
- ipv6 support
+
- gracefully handle expiration
+Current status: one container containing two static binaries (priv + calf),
 private pipes open between the process for stdout/stderr aggregation +
 raw sockets (data path). Control path is using a simple HTTP server running
 in the priv container. The calf is using the dev version of mirage/charrua-core,
 and is able to get a DHCP lease on boot.
 ##### TODO
 - use runc to isolate the calf
 - eBPF filtering
 - use seccomp to isolate the privileged container
 - use the DHCP results to actually update the system
 - add metrics aggregation (using prometheus)
 - better logging aggregation (using syslog)
 - IPv6 support
 - tests, tests, tests (especially against non compliant RFC servers)
- second iteration: NTP
+
 ### Second iteration: NTP
 TODO
--- a/projects/miragesdk/dhcp-client/.gitignore
+++ b/projects/miragesdk/dhcp-client/.gitignore
--- a/projects/miragesdk/dhcp-client/Dockerfile.build
+++ b/projects/miragesdk/dhcp-client/Dockerfile.build
--- a/projects/miragesdk/dhcp-client/Dockerfile.dev
+++ b/projects/miragesdk/dhcp-client/Dockerfile.dev
--- a/projects/miragesdk/dhcp-client/Dockerfile.pkg
+++ b/projects/miragesdk/dhcp-client/Dockerfile.pkg
--- a/projects/miragesdk/dhcp-client/Makefile
+++ b/projects/miragesdk/dhcp-client/Makefile
--- a/projects/miragesdk/dhcp-client/README.md
+++ b/projects/miragesdk/dhcp-client/README.md
--- a/projects/miragesdk/dhcp-client/calf/.merlin
+++ b/projects/miragesdk/dhcp-client/calf/.merlin
--- a/projects/miragesdk/dhcp-client/calf/config.ml
+++ b/projects/miragesdk/dhcp-client/calf/config.ml
--- a/projects/miragesdk/dhcp-client/calf/unikernel.ml
+++ b/projects/miragesdk/dhcp-client/calf/unikernel.ml
--- a/projects/miragesdk/dhcp-client/init-dev.sh
+++ b/projects/miragesdk/dhcp-client/init-dev.sh
--- a/projects/miragesdk/dhcp-client/src/.merlin
+++ b/projects/miragesdk/dhcp-client/src/.merlin
--- a/projects/miragesdk/dhcp-client/src/_tags
+++ b/projects/miragesdk/dhcp-client/src/_tags
--- a/projects/miragesdk/dhcp-client/src/inflator.ml
+++ b/projects/miragesdk/dhcp-client/src/inflator.ml
--- a/projects/miragesdk/dhcp-client/src/io_fs.ml
+++ b/projects/miragesdk/dhcp-client/src/io_fs.ml
--- a/projects/miragesdk/dhcp-client/src/main.ml
+++ b/projects/miragesdk/dhcp-client/src/main.ml
--- a/projects/miragesdk/examples/mirage-dhcp.yaml
+++ b/projects/miragesdk/examples/mirage-dhcp.yaml
@ -0,0 +1,50 @@
 kernel:
  image: "mobylinux/kernel:4.9.x"
  cmdline: "console=ttyS0 page_poison=1"
 init: "mobylinux/init:d6d115d601e78f7909d4a2ff7eb4caa3fff65271"
 system:
  - name: sysctl
    image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
    network_mode: host
    pid: host
    ipc: host
    capabilities:
     - CAP_SYS_ADMIN
    read_only: true
  - name: binfmt
    image: "mobylinux/binfmt:bdb754f25a5d851b4f5f8d185a43dfcbb3c22d01"
    binds:
     - /proc/sys/fs/binfmt_misc:/binfmt_misc
    read_only: true
    command: [/usr/bin/binfmt, -dir, /etc/binfmt.d/, -mount, /binfmt_misc]
  - name: dhcp-client
    network_mode: host
    image: "mobylinux/dhcp-client:dc3fd177a588ca9a850cfc75dd9083fb26d278dc"
    capabilities:
     - CAP_NET_RAW
    command: [/dhcp-client]
    read_only: true
 daemon:
  - name: rngd
    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9@sha256:1c93c1db7196f6f71f8e300bc1d15f0376dd18e8891c8789d77c8ff19f3a9a92"
    capabilities:
     - CAP_SYS_ADMIN
    oom_score_adj: -800
    read_only: true
    command: [/bin/tini, /usr/sbin/rngd, -f]
  - name: nginx
    image: "nginx:alpine"
    capabilities:
     - CAP_NET_BIND_SERVICE
     - CAP_CHOWN
     - CAP_SETUID
     - CAP_SETGID
     - CAP_DAC_OVERRIDE
    network_mode: host
 files:
  - path: etc/docker/daemon.json
    contents: '{"debug": true}'
 outputs:
  - format: kernel+initrd
  - format: iso-bios
  - format: iso-efi
--- a/projects/miragesdk/mirage-compile/.gitignore
+++ b/projects/miragesdk/mirage-compile/.gitignore
--- a/projects/miragesdk/mirage-compile/Dockerfile
+++ b/projects/miragesdk/mirage-compile/Dockerfile
--- a/projects/miragesdk/mirage-compile/Makefile
+++ b/projects/miragesdk/mirage-compile/Makefile
--- a/projects/miragesdk/mirage-compile/compile.sh
+++ b/projects/miragesdk/mirage-compile/compile.sh