Re: Running Xen rumprun unikernels non-interactively (eg. piping rumprun -i to logger or systemd)

  • From: Martin Lucina <martin@xxxxxxxxxx>
  • To: Anil Madhavapeddy <anil@xxxxxxxxxx>
  • Date: Thu, 6 Aug 2015 17:35:54 +0200

On Thursday, 06.08.2015 at 16:14, Anil Madhavapeddy wrote:

On 22 Jul 2015, at 23:09, Antti Kantee <pooka@xxxxxx> wrote:

On 22/07/15 17:25, Martin Lucina wrote:
Hi all,

I've just submitted a patch to upstream Xen which will be of interest to
rumprun users who want to run "rumprun -i" non-interactively, ie. without
stdin and piping stdout to eg. logger. This also allows you to trivially
run a rumprun unokernel as a systemd service.

Cool, that is definitely a useful improvement for folks who want to
(semi-)automatically provision a large number of rumprun unikernels and
still keep track of what they are doing.

I assume your motivation for the integration with systemd is to start
services as a set of unikernels when a host boots up.

This very problem just came up for our MirageOS unikernels as well. Has
anyone actually got systemd playing nicely with on-demand launching of
kernels with xl? Magnus (CCed) has been refreshing his "Jitsu" daemon [1]
which launches a Xen VM in response to network traffic, and we observed that
its featureset is rapidly set to collide with systemd/launchd...


Systemd socket activation relies on passing local (i.e. dom0) listening
sockets as file descriptors to the service it's starting (more or less what
inetd used to do, ie. via fork()).

That does not map terribly well to booting a unikernel with its own IP
address, plus there'd still have to be a shim daemon running on the dom0
copying the data from the socket systemd handed to it to a vchan (or

That said, I wonder if -i should not be called -i. Enabling the use of
interactive mode non-interactively is, um, weird ;)

That is a little odd. Something like "-n" would be closer to what the ssh
client uses...

Well, the "-i" was inspired by "docker run -i" when I wrote the rumprun
script. I guess we could implement a "-n" which, at present, would do
exactly the same thing, just be documented differently. Not sure if it's
worth it.


Other related posts: