Just-In-Time Summoning of Unikernels

Jitsu is experimental software. See LICENSE for conditions.

Jitsu is a forwarding DNS server that automatically boots unikernels on demand. When a DNS query is received, Jitsu first checks for a local unikernel that is mapped to the requested domain. If a unikernel is found, the unikernel is started and its IP is returned to the client. Otherwise, the request is forwarded to the next DNS server. If no DNS requests are received for the unikernel within a given timeout period it is automatically stopped.

This version of Jitsu has been tested with MirageOS and Rumprun unikernels.

Jitsu supports several backends to manage the unikernel VMs. Currently libvirt, XAPI and libxenlight are supported. Metadata and internal state is stored in Irmin and the DNS server is implemented on top of ocaml-dns.

Latest release: https://github.com/mirage/jitsu/releases
Bugtracker: https://github.com/mirage/jitsu/issues
Development version: https://github.com/mirage/jitsu

Installing Jitsu

The latest release of Jitsu is available in opam. To install Jitsu, run:

$ opam install jitsu

When Jitsu is installed it will look for available backends that can be used to start unikernels (or processes). The backends currently supported are xenctrl (libxl), libvirt and xen-api-client (xapi). If a new backend is installed opam will reinstall Jitsu to add support for it.

The virtual packages jitsu-libvirt, jitsu-xapi and jitsu-libxl can be used to force Jitsu to be installed with a specific backend.

To add a backend, either use the virtual package:

$ opam install jitsu-libxl

Or install the backend directly with opam:

$ opam install jitsu
$ opam depext xenctrl    # install external dependencies, optional
$ opam install xenctrl

To install the latest development version of Jitsu, you can pin Jitsu to the current master branch on Github. This version is unstable and changes frequently.

$ opam pin add jitsu --dev
$ opam install jitsu

If the installation succeeds you should now be able to start Jitsu. If you ran into problems and are using OS X, see below for additional troubleshooting tips.

OS X troubleshooting

To install the OCaml libvirt bindings on OS X we have to set CPPFLAGS first (due to this bug). This step can be skipped on other platforms.

$ CPPFLAGS="-Wno-error=tautological-compare -Wno-error=unused-function" \
opam install libvirt

You should now be able to install Jitsu as usual.

Getting started

Jitsu is initially launched with a list of unikernels, their configurations and a set of parameters that define

how to connect to the virtualization backend
how the DNS server should be configured
how the unikernels should be managed

A minimal Jitsu configuration could look like this:

$ sudo ./jitsu -c xen:/// \
dns=www.openmirage.org,\
ip=192.168.0.22,\
name=mirage-www

The command above connects to a local Xen-server (from dom0) through libvirt (the default) and starts the DNS server. Requests for www.openmirage.org will be redirected to the Xen-VM called "mirage-www" with IP 192.168.0.22. If "mirage-www" is not running, Jitsu will start it automatically before responding to the DNS request.

Each unikernel is configured using a set of key/value pairs separated by commas. The parameters that are supported depends on which virtualization backend (libvirt, xapi or libxl) is used to control the unikernels. See below or run ./jitsu --help for a complete set of options.

Examples

MirageOS web server

For this example you need a working MirageOS unikernel with a static IP address and access to dom0 on a Xen server with libxl installed. You can also install Xen in Virtualbox, as described here or use one of the Mirage Vagrant VMs. An example unikernel that displays the unikernel boot time can be found here (a live version is running here). Follow the instructions in the README to configure the network settings. After building the unikernel you should have a binary file that can be booted in Xen, usually mirage-www.xen. You can also check the generated .xl file and locate the kernel= parameter to find the file.

We should now be able to start Jitsu to manage the unikernel:

$ sudo jitsu -x libxl \
dns=www.example.org,\
ip=10.0.0.1,\
kernel=mirage-www.xen,\
memory=64000,\
name=www,\
nic=br0

This command boots the unikernel when www.example.org is resolved. The IP 10.0.0.1 is returned to clients that resolve the domain and the booted unikernel is in mirage-www.xen. The VM is given 64MB of memory and access to a network bridge at br0.

If everything worked, Jitsu should now be running a DNS server on localhost. To verify that the domain is automatically started you can run host to resolve the domain:

host www.example.org 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases: 

www.example.org has address 10.0.0.1

After running host you should be able to open the web page on 10.0.0.1 (or telnet to port 80) and ping the IP.

The unikernel is automatically destroyed after the DNS cache entry expires. This timeout can be set with the --ttl parameter. See jitsu --help for a full list of available parameters and options that can be passed to the libxl backend.

nginx in rumprun

Rumprun unikernels can also be managed by Jitsu, but currently only with the libxl backend. Prior to running Jitsu, the rumprun tool must be used to generate a JSON configuration file that is passed to Jitsu using the rumprun_config parameter.

A tutorial for building a unikernel that hosts a static web page in QEMU is available here. To get a Xen unikernel, follow the instructions, but run rumpbake with the xen_pv parameter instead of hw_virtio. After baking the Xen unikernel it must be started once with rumprun to obtain the configuration files. To run the Nginx unikernel from the tutorial in Xen you could (depending on your configuration) use a command similar to this:

sudo rumprun -T tmp xen -M 64 -i \
    -b images/stubetc.iso,/etc -b images/data.iso,/data \
    -I mynet,xenif,bridge=br0 -W mynet,inet,static,10.0.0.1/24,10.0.1.1 \
    -- nginx.bin -c /data/conf/nginx.conf

The command above will boot a rumprun unikernel that mounts two disks (stubetc.iso and data.iso), connect it to the network bridge br0 and give it the IP 10.0.0.1. The -T parameter saves the generated configuration files in the tmp directory. You can verify that the unikernel booted correctly by running sudo xl list. You can also attach to the console with sudo xl console [name of unikernel]. To stop the unikernel, use sudo xl destroy [name of unikernel].

If the unikernel booted correctly we should now be able to use the file tmp/json.conf to boot it with Jitsu.

jitsu -x libxl dns=www.example.org,\
memory=64000,\
ip=10.0.0.1,\
name=rumprun,\
kernel=nginx.bin,\
disk=images/stubetc.iso@xvda,\
disk=images/data.iso@xvdb,\
nic=br0,\
rumprun_config=tmp/json.cfg

Verify that the unikernel boots in Jitsu by running host www.example.org 127.0.0.1. An nginx web server should now be running in a rumprun unikernel on IP 10.0.0.1.

Note that rumprun unikernels currently have to wait for the disk images to be configured by Xen. When the disks are mounted as ISO files (as in this example) the total boot time can be more than a second. An alternative is to use losetup to create loopback devices that map to the ISO files. The -d parameter can also be used to delay the DNS response to compensate for this. See jitsu --help for a full list of available options.

Linux VMs in Virtualbox

Jitsu can be u

Jitsu

Install / Use

README