Ignite: Micro-VM launcher

Install Weaveworks Ignite.

Ignite is to a Firecracker micro-VM what Docker, Podman or Rkt are to a container.

Branch	CI Status
master
develop

⚠️ WARNING
⚡ Code in this repository requires cloud provider credentials and, if made available, will cost you money.

❗ NOTE
You accept all responsibility for any and all costs incurred by running any code in this repository.

Contents

• Usage
  • Distributions & Releases
• Development
  • Test-Kitchen
  • CI/CD & End-to-End Integration Tests
  • CircleCI
• Further Development Notes
  • Git & Signing Commit Data

Usage

See the integration tests for examples of how to write a recipe using this library cookbook. Specifically, the recipe/smoke.rb in test/cookbooks/ignite_test shows how to install:

1. The ignite binary.
2. The ignited binary.
3. A service that launches ignited in daemon mode (service name ignite-ignited).
4. Add a micro-VM manifest (1CPU, 1.2GB HDD, 456MB RAM) to /etc/firecracker/manifests. When the file is written, the ignite-ignited service launches the micro-VM.

# The `ignite_service` create action installs `ignited`
ignite_service 'ignited' do
  action [:create, :start]  # :delete, :restart, :stop
  install_method 'binary'   # 'package' 'tarball' 'none'
  service_manager 'systemd' # 'execute' 'systemd' 'sysvinit' 'upstart'
  uri 'ignt://weaveworks/?file=ignited&version=0.6.3#amd64' # Conforms to URI spec
  ignited_bin '/usr/bin/ignited' # Path (incl. filename) to install `ignited` executable
end

ignite_installation_binary 'default' do
  action :install      # :uninstall
  ignited_bin '/usr/bin/ignite' # Path (incl. filename) to install `ignite` executable
  install_docker true  # false
  keyboard_atkbd 'y'   # 'n'
  serio_i8042 'y'      # 'n'
  uri 'ignt://weaveworks/?file=ignite&version=0.6.3#amd64' # Conforms to URI spec
end

# Not required if you have created the `ignite_service`
ignited_installation_binary 'default' do
  action :install      # :uninstall
  ignited_bin '/usr/bin/ignited' # Path (incl. filename) to install `ignited` executable
  install_docker true  # false
  keyboard_atkbd 'y'   # 'n'
  serio_i8042 'y'      # 'n'
  uri 'ignt://weaveworks/?file=ignited&version=0.6.3#amd64' # Conforms to URI spec
end

Distributions & Releases

The version 1.0 release has only been tested on Ubuntu 18.04 (Bionic Beaver). However, this cookbook library supports the following distributions:

Status	Distribution	Releases	Detail
⭕	Amazon Linux	Any	TBC
⭕	Centos	Any	TBC
⭕	Scientific Linux	Any	TBC
⭕	Oracle	Any	TBC
✔️	Debian	10	Tested (DigitalOcean)
⭕	Fedora	Any	TBC
⭕	Redhat Enterprise Linux	Any	TBC
✔️	Ubuntu	18.04	Tested (DigitalOcean)

If you are able to confirm the following test suite completes for any distro release in the table above and for any cloud provider please make a pull request updating the table above.

⚠️ WARNING
⚡ Code below requires cloud provider credentials and, if made available, will cost you money.

❗ NOTE
You accept all responsibility for any and all costs incurred by running the code below.

export DIGITALOCEAN_ACCESS_TOKEN="<your DigitalOcean token>"
export DIGITALOCEAN_SSH_KEY_IDS="<your DigitalOcean SSH key fingerprint>"
chef exec bundle exec kitchen test smoke-<distro>-<release>

Development

Testing is done against cloud providers that support nested virtualization. Currently DigitalOcean is the tested cloud provider. Pull requests adding other cloud providers to the test suites are welcome.

Test-Kitchen

Integration (e2e) tests are setup using Test-Kitchen and currently run on DigitalOcean. InSpec "compliance as code" controls are used to verify the integration-test installations are correct:

⚠️ WARNING
⚡ The following code uses your cloud provider credentials and will cost you money...

❗ NOTE
You accept all responsibility for any costs incurred by running any code in this repository.

export DIGITALOCEAN_ACCESS_TOKEN="<your DigitalOcean token>"
export DIGITALOCEAN_SSH_KEY_IDS="<your DigitalOcean SSH key fingerprint>"
CHEF_LICENSE="accept" chef exec bundle check || bundle install --deployment --clean --jobs=1 --retry=3
CHEF_LICENSE="accept" chef exec bundle exec kitchen list
CHEF_LICENSE="accept" chef exec bundle exec kitchen test list
CHEF_LICENSE="accept" chef exec bundle exec kitchen test <suite-name>
CHEF_LICENSE="accept" chef exec bundle exec kitchen test all

CI/CD & End-to-End Integration Tests

The integration (e2e) tests use cloud providers that support nested virtualization. Currently only DigitalOcean is setup. PR's adding other providers are welcome. For reasons of cost alone - multiple cloud VM launches on each PR is costly - we have not configured CirelceCI to run the integration tests on commits nor on pull requests.

The e2e integration test is the responsibility of the merge approver. A example e2e integration test suite is:

⚠️ WARNING
⚡ The following code uses your cloud provider credentials and will cost you money.

❗ NOTE
You accept all responsibility for any costs incurred by running any code in this repository.

export DIGITALOCEAN_ACCESS_TOKEN="<your DigitalOcean token>"
export DIGITALOCEAN_SSH_KEY_IDS="<your DigitalOcean SSH key fingerprint>"
chef exec bundle exec kitchen test smoke-ubunut-18

To see a full list of test suites chef exec bundle exec kitchen list.

CircleCI

The CircleCI is setup to trigger only lint/style guards. You can run these tests locally:

chef exec bundle exec rake style_only

Further Development Notes

Git & Signing Commit Data

IF you wish to follow the upstream (Begley Brothers Inc.) git workflow (not required):

git config --local include.path ../.git-config

By inspecting .git-config you will see this assumes:

• Isolated SSH keys dedicated to Git usage (minimizing the blast radius from compromised keys)
• SSH key files named <git-user@email> and <git-user@email>.pub
• SSH keys located in the Git XDG Desktop Base Directory Specification folder.
• GPG signing is delegated to signify-notes script in ./scripts.
• Signify signed commits stored as Git notes with the parent commit ID.

Hope that helps?