Hello,
I'm about to submit two factory 3 packages, from the Virtualization
Devel project:
- libkrunfw
https://build.opensuse.org/package/show/Virtualization/libkrunfw
- libkrun
https://build.opensuse.org/package/show/Virtualization/libkrun
- krunvm
https://build.opensuse.org/package/show/Virtualization/krunvm
Libkrun is the key and the heart of everything. It's a library that
enable a (OCI) runtime to start the environments that such runtimes
usually handles (read: containers) inside a super-lightweight virtual
machine (using KVM underneath, of course).
If you're familiar with KataContainers, well, it's similar... but all
done in a library, which makes things smaller and faster (at least
potentially, as the project is still in early stage of development and
performance is not a goal yet).
This is already possible, with krunvm, which is basically a CLI for
libkrun, that allows you to create lightweight VMs out of OCI images.
Watch this:
$ cat /etc/os-release
NAME="openSUSE Tumbleweed"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20210223"
[...]
$ uname -a
Linux Solace 5.10.16-1-default #1 SMP Sat Feb 13 16:20:19 UTC 2021 (11381f3) x86_64 x86_64 x86_64 GNU/Linux
Now, if I do:
$ sudo krunvm create opensuse/leap --name leap
Resolving "opensuse/leap" using unqualified-search registries
(/etc/containers/registries.conf)
Getting image source signatures
Copying blob 99b65196a7ec done
[...]
Lightweight VM created with name: leap
$ sudo krunvm list
leap
CPUs: 2
RAM (MiB): 1024
DNS server: 1.1.1.1
Buildah container: leap-working-container
Workdir: /root
Mapped volumes: {}
Mapped ports: {}
$ sudo krunvm start leap
sh-4.4# cat /etc/os-release
NAME="openSUSE Leap"
VERSION="15.2"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.2"
sh-4.4# uname -a
Linux leap 5.10.10 #1 SMP Fri Feb 26 08:27:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
And you can tell that it's a VM from --among other things-- the fact
that the kernels (see the two `uname -a`) are different!
In this example, I used `sudo`, but it does work rootless as well, like
this (for now):
$ buildah unshare
Solace:~ # krunvm create ubuntu --name ubu
Solace:~ # krunvm start ubu
# apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [109
kB]
[...]
Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64
Packages [934 kB]
Fetched 1257 kB in 3s (423 kB/s)
Reading package lists... Done
# ^D
Solace:~ # exit
$
And yes, as you see from the above example where I used apt, networking
works (limited to IPv4-TCP, for now... because as I said it's early!)
with zero configuration.
And of course it supports bind mounting pieces of the host filesystem
as well (and also with zero config needed).
Note also that the crun OCI runtime already has support for libkrun,
and that podman can work on top of crun. Therefore, we could one day
have podman containers running as lightweight VMs!
We could one day have toolbox containers (which is why I'm cross-
posting to Kubic) running as lightweight VMs!!
Sure, we need to have crun for that, which I don't think we do right
now. But, baby steps. :-)
The third package, libkrunfw, is basically where the kernel of the
lightweight VM lives. Now, ideally, we would pick-up our kernel-source
package, apply patches and configuration, ad build libkrunfw from it.
However, this is currently not possible, due to the dependency of some
of the needed patches on a specific kernel-version.
We do intend, however, to fix this as soon as possible.
Libkrun and krunvm are available already in Fedora, via Copr and on
MacOS-aarch64 (the so-called M1).
You can find more about the project at the following links:
https://github.com/containers/libkrun
https://github.com/containers/krunvm
https://news.ycombinator.com/item?id=25939995
https://static.sched.com/hosted_files/devconfcz2021/b9/libkrun%20Virtuailzat...
Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<