Secure mTLS and gRPC backed runtime daemon. Alternative to systemd. Written in Rust.

Overview

Auraed

A runtime daemon written in Rust.

  • Designed to run as pid 1
  • mTLS backed gRPC API over unix domain socket
  • Run executables
  • Run containers
  • Run virtual machines (as a hypervisor)
  • Schedule workloads
  • Piping for stdout and stderr from scheduled workloads
  • Mapping network devices to workloads
  • Piping for kernel logs
  • Piping for syslog
  • Piping for kernel events
  • Native eBPF support
  • Built on glibc

Build from source

We suggest using the environment repository for building.

Otherwise you will need to check out the Aurae API in the following directory structure.

.
├── api
│   └── v1
│       └── *.proto
└── auraed
    ├── Cargo.toml
    └── Makefile

Navigate to the /auraed directory and build using Make

make install

or using Cargo directly

cargo clippy
cargo install --debug --path .
Comments
  • mount kernel filesystems if run as pid1

    mount kernel filesystems if run as pid1

    Hi aurae community,

    This PR adds first steps to make auraed boot as pid1, mainly mounting the kernel filesystems (devfs, procfs and sysfs), but also some minor fixes to make auraed boot without kernel panic.

    • Fixes kernel panic due to a rust panic thrown by syslog creation (missing unix sockets [1])
      • The rust panic causes auraed to stop, and if started as pid1 the kernel will in turn also panic because the init process ended.
    • Fixes hack/hack.mk for zsh users
    • Adds a SystemRuntime (analog to AuraedRuntime), which handles system preparation.
      • SystemRuntime Case: not-pid1
        • assume a systemd environment (currently only unix socket /var/run/syslog)
      • SystemRuntime Case: pid1
        • initializes logging without unix socket dependency. Using syslog crate would require creation of unix socket first, and I suggest to discuss this first if there is a use case to have a unix socket for logging.
        • mounts file based kernel interfaces
        • devfs, sysfs, procfs
    • Added helper functions for basic file io (currently for devfs, sysfs, procfs interfaces)
      • get content of e.g. /dev, /sys or /proc
      • or /sys/class/net/ to see available network interfaces

    ToDo:

    • Discuss Logging targets
      • Same log targets for all SystemRuntime cases?
    • Network initialization
    • Stop auraed in pid1 case gracefully (kernel halt syscall to shutdown or reboot)

    How to test

    Steps to run auraed as pid in a qemu vm are documented in the hack/README.md. Copy pasted them here:

    make build-container
    make kernel
    make initramfs
    
    # create `vm-br0` bridge on your machine:
    make network
    
    # run auraed in a VM as pid 1:
    make virsh-start virsh-console virsh-stop
    
    # exit VM console with Ctrl+]
    
    Screenshot 2022-09-27 at 17 01 29

    Links

    [1] https://docs.rs/syslog/latest/src/syslog/lib.rs.html#232-243

    Access Granted 
    opened by Vincinator 14
  • adding make targets to run auraed as pid 1 within a libvirt VM

    adding make targets to run auraed as pid 1 within a libvirt VM

    Hi Kris,

    together with @vincinator I am working on a project somewhat similar to aurae. We are writing a pid 1 in Rust to act as a VMM (basically a replacement for systemd+libvirt), that exposes a gRPC API to control VMs from a SmartNIC. It's not published yet, but will also be under Apache v2.

    I have extracted our tooling around testing the program as pid 1 within a libvirt VM. Have a look at hack/README.md for details.

    Basically this PR allows you to start a VM, boot a Kernel and load auraed as pid 1. With the current state of auraed you see a Kernel panic as auraed expects things on the Linux system, that don't exist (e.g. syslog).

    We can discuss the way those scripts are implemented. I am open for changes.

    Malte

    Access Granted 
    opened by MalteJ 11
  • network config: add ipv6 and ipv4 route to network device

    network config: add ipv6 and ipv4 route to network device

    Hi all,

    • feature: add ipv4/ipv6 route to network interface
      • adding routes to a network interface required a workaround for issue https://github.com/aurae-runtime/auraed/issues/40
    • refactor: extract network configuration in separate functions (loopback config, current default nic config)
      • needed to understand why adding an ip route failed, this refactor helped identifying the cause (described in #40)
    Access Granted 
    opened by Vincinator 1
  • refactor: simple anyhow error handling

    refactor: simple anyhow error handling

    Hi @future-highway, could you review this PR please?

    This PR iterates over the error handling of the init module.

    • added Err return values in cases where we silently failed before
    • use expect instead of unwrap
    • restrict function visibility of init functions to a minimum, to help maintain and select appropriate error handling

    Next iteration on error handling could be the introduction of custom error types. see: https://github.com/aurae-runtime/auraed/issues/32

    Access Granted 
    opened by Vincinator 1
  • Handle Power Button Event

    Handle Power Button Event

    Hi Community,

    this PR adds a power button listener.

    • Listen to power button events
    • No libc required for listening to events
      • libc only used for reboot syscall (easy to replace)

    Test

    Run auraed in a VM as pid1:

    make build-container
    make kernel
    make initramfs
    
    # create `vm-br0` bridge on your machine:
    make network
    
    # run auraed in a VM as pid 1:
    make virsh-start virsh-console virsh-stop
    
    # exit VM console with Ctrl+]
    

    Send a shutdown signal:

    make virsh-shutdown 
    # before the vm is powered off, a log entry shows the received input event
    

    Todos

    • Notify Runtime first before shutting down - .await the auraed runtime
    • detect correct power button input device (hardcoded to /dev/input/event0 which works for the libvirtd development vm)
    • Handle reboot button with a reboot instead
    Access Granted 
    opened by Vincinator 1
  • Init network

    Init network

    Hi,

    This PR uses the crate little-dude/netlink to initialize network devices

    • Added network initialization for the libvirt-pid1 initialization flow
      • Initialize lo device
        • assign ::1/128
        • assign 127.0.0.1/8
      • Initialize eth0 device
        • assign fe80::2/64
      • Print network info after initialization
    • Functions used in above initialization flow are a starting point for other scenarios
    • Possibility to create sriov devices for a given network interface

    How to test

    As usual, copy paste steps from hack/README.md:

    make build-container
    make kernel
    make initramfs
    
    # create `vm-br0` bridge on your machine:
    make network
    
    # run auraed in a VM as pid 1:
    make virsh-start virsh-console virsh-stop
    
    # exit VM console with Ctrl+]
    

    On a second terminal you are now able to ping the auraed node via

    # name of network interface "vm-br0" is set up by make network
    ping fe80::2%vm-br0 
    

    Screenshot

    2022-09-29_19-54-57_screenshot

    Access Granted 
    opened by Vincinator 1
  • Exec improve

    Exec improve

    This PR adds a few features to the project

    • Removes the repeated protobuf definitions for the meta objects
    • Establishes runtime as a synchronous subsystem (schedule will be async)
    • Introduces a working exec
    • Introduces some code cleanup in auraed to simplify our codebase
    Access Granted 
    opened by krisnova 0
  • Reorganizing init module (first pass)

    Reorganizing init module (first pass)

    Definitely not where I would want to end up, but this seemed like a good place to do the pr/get a review. If the organization makes sense, I (with some guidance) or someone else can attempt to continue with network, fileio, and power.

    Steps taken:

    • Moved all the init code into the init module (specifically SystemRuntime)
    • Attempted to architect the code in a more foolproof way (e.g., non-pid1 process cannot call pid1 init code)
    • Divided related code into smaller mods
    • Slimed down init's top level mod, and expose the minimum necessary
    • Reduced the reliance on anyhow in favor of custom errors using thiserror
    Access Granted 
    opened by future-highway 0
  • Run clippy on build

    Run clippy on build

    Clippy has a default configuration, so it will output warnings for more than explicitly configured. This should be overridable, but starting with the defaults seems like a good choice.

    You can see an example of where I needed to override clippy in the build.rs file.

    Access Granted 
    opened by future-highway 0
  • Objects and Code Generation

    Objects and Code Generation

    The Aurae project is based around the concept of objects.

    Giving that an RPC Message is the lowest common definition for our data structures, we will need to be able to generate a substantial amount of code and boilerplate for each object.

    Developers (and maybe one day consumers, clients, and end-users) should have an easy way of creating and expressing new and generic objects in the codebase.

    For each object we define as an RPC message we will need to do the following.

    • Establish a database table, and corresponding schema.
    • Establish a source of truth for Rust structures
    • Establish client code
    • Establish server code
    • Establish Authz (authorization) style traits which can be implemented to bring authz to each object and corresponding functions
    • Establish AuraeScript definitions with corresponding getters and setters such that the objects can quickly be expressed in AuraeScript
    opened by krisnova 0
  • Generate README markdown from rustdoc

    Generate README markdown from rustdoc

    We need to start taking advantage of rustdoc in the .proto files.

    Ideally we can generate the documentation with a Make target or similar and have it write directly to the /stdlib directory.

    opened by krisnova 0
  • Waiting for network link to become available

    Waiting for network link to become available

    When setting a network device up (via netlink) the function returns before the network device is actually in state up. Assigning routes to a network device (via netlink) requires the network device to be up.

    I think the caller should safely assume that .await for the async function init/network.rs:set_link_up assures that the link is up, so that follow up network configuration steps can safely assume that the link is really up after the call.

    In addition, I would like to provide access to the netdevice state during network configuration, so that a config functions relying on a link state can implement safety checks.

    Bug 
    opened by Vincinator 0
  • WIP: Adding Qemu VMs

    WIP: Adding Qemu VMs

    • [x] Compiling Qemu and adding to initramfs
    • [ ] Check if Qemu is able to run within auraed environment
    • [ ] Add API methods to create VMs
    • [ ] Start Qemu VMs from auraed
    • [ ] Wire up VM's serial console with auraed internal log data streams
    Access Granted 
    opened by MalteJ 1
  • Trigger reboot/shutdown from grpc

    Trigger reboot/shutdown from grpc

    it should be possible to trigger a system reboot or a shutdown via the grpc API. If auraed has a process ID > 1 this action should result in a graceful shutdown and exit of auraed instead.

    See also #36

    opened by MalteJ 0
  • Graceful shutdown

    Graceful shutdown

    We need to implement a graceful shutdown flow. This flow must be executed when auraed gets a SIGTERM signal, the power button is pressed (if executed as pid 1) or when auraed gets a reboot or shutdown request via GRPC.

    1. An event has to be sent to all GRPC clients to inform them about the imminent shutdown.
    2. No new workloads (processes, containers, VMs, ...) may be scheduled.
    3. All threads, processes, containers, VMs, MicroVMs must be shut down gracefully (e.g. sending SIGTERM to processes, waiting for x seconds and then sending SIGKILL if they have not shut down; sending ACPI shutdown to VMs, power off after timeout).
    4. The GRPC API needs to be stopped.
    5. The API socket needs to be deleted.
    opened by MalteJ 1
Owner
Aurae Runtime
Distributed Operating System
Aurae Runtime
A kernel version manager for systemd-boot and AOSC OS

Your systemd-boot's best friend ever (Implemented in Rust) A kernel version manager for systemd-boot and AOSC OS Usage First initialize friend and sys

AOSC-Dev 20 Oct 9, 2022
Open-source Autonomy Software in Rust-lang with gRPC for the Roomba series robot vacuum cleaners

CleanIt Open-source Autonomy Software in Rust-lang with gRPC for the Roomba series robot vacuum cleaners Motivation Motivation is to build a complete

Kristoffer Rakstad Solberg 216 Dec 13, 2022
Charted's email service built in Rust that can be connected via gRPC

email-service is a small microservice to help transfer emails towards other people without trying to implement it in different languages. This is used in charted-server for member invitations, passwordless authentication, and more.

charted 7 Mar 6, 2023
A Simple Audio Control and Notifications Daemon

SACAND This is sacand, a Simple Audio Control and Notifications Daemon As it name oaths to imply, this is intended to be a simple audio control daemon

null 2 Jan 24, 2022
Linux daemon to bind keys and macros to your controller's buttons

makima Makima is a daemon for Linux to bind your controller's buttons to key sequences and macros. Features: Configure your keybindings through a simp

null 48 Jun 14, 2023
A Rust crate that implements a range map data structure backed by a Vec.

range_map_vec This crate implements a range map data structure backed by a Vec using binary search. Docs and usage can be found in the corresponding r

Microsoft 9 Sep 8, 2023
Simple daemon built with Rust to track metrics.

Marvin - Metrics Tracker What I cannot create, I do not understand. — Richard Feynman Simple daemon built with Rust to track metrics. The goal is run

João Henrique Machado Silva 3 Aug 30, 2021
A tree-backed slab allocator

beton A tree-backed slab allocator API Docs | Releases | Contributing Installation $ cargo add beton Memory Safety This crate uses unsafe operations i

Yosh 6 Sep 12, 2023
A simpler and 5x faster alternative to HashMap in Rust, which doesn't use hashing and doesn't use heap

At least 5x faster alternative of HashMap, for very small maps. It is also faster than FxHashMap, hashbrown, ArrayMap, and nohash-hasher. The smaller

Yegor Bugayenko 12 Apr 19, 2023
High Assurance Rust - A free book about developing secure and robust systems software.

High Assurance Rust - A free book about developing secure and robust systems software.

Tiemoko Ballo 1.1k Jan 9, 2023
A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable.

Volksforo A traditional web forum built in Rust with modern technology to be fast, secure, scalable, and stable. Stack Rust actix-web askama ScyllaDB

Josh 5 Mar 21, 2023
A fast and secure RISC-V based virtual machine

PolkaVM PolkaVM is a general purpose user-level RISC-V based virtual machine. This project is still unfinished and is a very heavy work-in-progress! D

Koute 31 Sep 4, 2023
An alternative broken buggy Nix implementation in Rust + Java (for evaluation)

An alternative broken buggy Nix implementation in Rust + Java (for evaluation)

Moritz Hedtke 1 Feb 12, 2022
Build database expression type checker and vectorized runtime executor in type-safe Rust

Typed Type Exercise in Rust Build database expression type checker and vectorized runtime executor in type-safe Rust. This project is highly inspired

Andy Lok 89 Dec 27, 2022
Salty and Sweet one-line Rust Runtime Optimization Library

SAS SAS (Salty-And-Sweet) is an one-line Rust runtime optimization library. Features NUMA-aware rayon: numa feature should be enabled If you have 1 NU

UlagBulag 3 Feb 21, 2024
Nyah is a programming language runtime built for high performance and comes with a scripting language.

?? Nyah ( Unfinished ) Nyah is a programming language runtime built for high performance and comes with a scripting language. ??️ Status Nyah is not c

Stacker 3 Mar 6, 2022
🐱 A high-speed JIT programming language and its runtime, meow~

?? A high-speed JIT programming language and its runtime, meow~

EnabledFish 30 Dec 22, 2022
An asynchronous runtime compatible with WebAssembly and non-WebAssembly targets.

Promise x Tokio = Prokio An asynchronous runtime compatible with WebAssembly and non-WebAssembly targets. Rationale When designing components and libr

Yew Stack 29 Feb 6, 2023
An efficient runtime for asynchronous applications in Rust.

PhotonIO PhotonIO is an efficient runtime for asynchronous applications in Rust. Features Asynchronous filesystem and networking I/O for Linux based o

PhotonDB 40 Jan 4, 2023