Mirage OS Logo

The MirageOS Documentation

and developer guides


Weekly Meeting: 2015-05-20
By Amir Chaudhry - 2015-05-20

Agenda

  • Quality and Test
  • TLS release planning
  • Mirage.io status
  • Jitsu status update
  • Irmin sync from browser
  • Docs on XenProject
  • 3.0 Planning

Attendees: Reynir Björnsson, Amir Chaudhry (chair), Thomas Gazagnaire, David Kaloper, Masoud Koleini, Thomas Leonard, Hannes Mehnert, Richard Mortier, Dave Scott, Balraj Singh, Anil Madhavapeddy, Jon Ludlum, Jeremy Yallop and Mindy Preston

Notes

Quality and Test

Mindy has written some tests for networking and they're passing. A point was made that they could be functorised. Other tests that force error loops would also be useful. For example, the 'while true curl' route? There's also the desire to be able to run tests on live sites (e.g. mirage-www). For example, something like http-perf when a new kernel is booted? Mindy suggested something that Anil would look into.

We've also noticed an issue with https://mirage.io as it goes unresponsive after few days. We're not really sure what the issue is but it's not strictly within the the TLS stack (Piñata and handshake server have been fine). If anyone else can stress test what's going on, that would be very useful.

TLS release planning

We'll soon be doing a set of releases that are related to native TLS support. We do need more tests and deployments of the combined stack because right now there are only two deployments that are providing feedback. We really need more people to try this out and report feedback.

Some of the releases will involve fixing conduit patches and changing the mirage tool to adapt to new the API. There was also one person on the opam repository who complained about issues around zarith. Hannes has a PR to fix this and it also works on his Cubieboard. The other big thing to deal with is mirage-entropy-xen.

Anil had some ideas on how to fix the launchpad PPA for binutils and gcc. The workaround is ok for now but the main thing is to make sure it doesn't affect other packages in opam.

A TLS tunnel unix binary is also in production to replace stunnel. It's almost a slot-in replacement but has a slightly different CLI. It's worth trying out now and Dave said he'd take a look.

The TLS stack has been deployed on https://realworldocaml.org and Anil has found that it's been rock solid for weeks. Balraj couldn't get it to work from Chrome from a hotel connection from his laptop. This was probably a transient issue or due to odd middle-box behaviour.

The Logjam attack was also announced in the morning and the team is checking over things to understand how it affects us (if at all, since we don't support 'export'). You can follow the discussions at mirleft/ocaml-tls#271.

Mirage.io status

This is running a unikernel with the TLS stack. Also running its own DNS servers again, which means it's back to being fully self-hosted (hasn't been that way for 6 months). There are patches to submit to TCP/IP.

Jitsu status update

Jitsu itself seems to be working well - Magnus has been running a public, low-traffic DNS server ever since NSDI. A few minor bugs have been discovered but nothing major so far. We questioned whether there was a way to to use Jitsu on XenServer. This might be possible on the development version but probably not on the currently released version.

Irmin sync from browser

Irmin sync in the browser is now working! It's going to a memory store on Unix using Irmin native. ThomasL had to patch bin_prot as apparently it didn't like being turned into JavaScript. Everyone should be able to check it out and test it.

There are some serialisation issues though. When you serialise a value in Irmin it doesn't include length so you can't compose them. This is fixable and ThomasG will go and check it. We should make sure to upstream the various patches too.

Docs on XenProject

It's important that we put some content on the Xen Project wiki pages about MirageOS. A number of newcomers find out about MirageOS via Xen Project, yet the content on the wiki there is quite limited and also out of date. The best approach is probably to put some stable content there and point people to the docs page on our own site at: https://mirage.io/docs — Amir will look at this over the coming weeks.

3.0 Planning

We have more tests and more quality libraries. Continuing the efforts around test would be great and we should think of this as being the 'production-ready' release.

Beyond 3.0, it would be great to be in a position to support multiple backends. We'll be able to think about this once all the details of compatibility become clearer. OCamlJava would be one of the things to think about but this is necessarily a longer term effort.

--

AoB

  • Regarding some of the (TCP) patches, we note that libvirt doesn't support command line arguments. Perhaps we can ask Dave about this. Might even be worth getting in touch to see if they can add this.

  • Security mailing list — We've internally discussed the need for a lightweight security advisory process, so this should be added to list of items before release.

  • Cross-compilation: This is going well. Question about when we drop 4.01 support. Not clear that anyone is tied to 4.01 for production code. May well be that MirageOS 3.0 will be the one to drop 4.01 support but will need to define a cut off date. Must also comprehensively replace camlp4, which is necessary to improve the situation on ARM. The cutoff should be defined when all our libs are released using ppx instead, with the same functionality — cf. typeconv from JaneStreet.

  • The next call is scheduled for Wednesday, 3rd June. Please add any agenda items you wish to discuss in advance and refer to the mailing list for actual details a day or so in advance.