People eventually come to realize they're not so great when having to apply real-world, cross-cutting concerns like access control, audit, logging, debugging, profiling, monitoring, throttling, backup, and recovery.
The emperor's new clothes might have a hole or two in them.
It seems that way because people are stuck thinking in terms of an operating system. Need access control? Put a file on the server. Need auditing? Log into the server. Need logging? A text file... on the server. None of these need be done this way, and in fact ways that make sense when you have a full operating system don't make sense with a unikernel. Hint: All of these things should be database-driven.
Access Control: There is none internally. We don't have the notion of users.
Logging: Keep using whatever you want be it elasticsearch, syslog, cloudwatch, etc. No opinions here.
Debugging: GDB works fine and in many cases since you can simply export the vm in it's entirety and then attach to it locally this becomes even easier to debug than the same application running on linux.
Profiling: We support things like ftrace and of course things like prometheus you can export.
Monitoring: Kinda in the same boat as logging - keep using whatever you are using today - datadog, victoria metrics, etc.
Throttling: This is traditionally an app-level concern that someone would implement at perhaps a load balancing layer - keep using whatever you are using.
Backup/Recovery: Running unikernels make it trivial to backup as you can clone running vms. In fact most cloud deploys involve making a snapshot that is already stored as a 'backup' and makes things like rollback much easier to do.
Command line. Packages. Mounts. File systems. Any standard anything. There's nothing unless you reinvent the wheel. Standardization and repeatability allow reuse of the work of many others. Unikernels throw 99.99% of it away.
Mounts also exist - in fact you can hotplug volumes on the fly on all the major clouds. People really like this cause they can do things like rotate ssl certs every few hours.
The file system exists - at the very least you need to load a program that sits on the filesystem but people are running webservers that write to temp files and load static assets and also databases.
Sorry - just now seeing this. This is a build of PVM that works with Nanos. We're also maintaining that patch set as I don't ever see it getting included into the kernel (not anytime soon anyways).
Running Java applications was the original mission of OSv (https://osv.io/). Reading the website now they seem to have pivoted to running unmodified Linux applications.
It doesn't necessarily mean that but yes you most definitely can run native images - another example showing that: https://github.com/nanovms/ops-examples/tree/master/java/07-... . Both of these pair very well with unikernels. Especially quarkus has excellent boot time and low mem usage.
Unikernels are quite an intriguing concept. They'll be re-discovered every five years, like programmers keep re-discovering functional programming.
They're flying cars and VR.
People eventually come to realize they're not so great when having to apply real-world, cross-cutting concerns like access control, audit, logging, debugging, profiling, monitoring, throttling, backup, and recovery.
The emperor's new clothes might have a hole or two in them.
It seems that way because people are stuck thinking in terms of an operating system. Need access control? Put a file on the server. Need auditing? Log into the server. Need logging? A text file... on the server. None of these need be done this way, and in fact ways that make sense when you have a full operating system don't make sense with a unikernel. Hint: All of these things should be database-driven.
Access Control: There is none internally. We don't have the notion of users.
Logging: Keep using whatever you want be it elasticsearch, syslog, cloudwatch, etc. No opinions here.
Debugging: GDB works fine and in many cases since you can simply export the vm in it's entirety and then attach to it locally this becomes even easier to debug than the same application running on linux.
Profiling: We support things like ftrace and of course things like prometheus you can export.
Monitoring: Kinda in the same boat as logging - keep using whatever you are using today - datadog, victoria metrics, etc.
Throttling: This is traditionally an app-level concern that someone would implement at perhaps a load balancing layer - keep using whatever you are using.
Backup/Recovery: Running unikernels make it trivial to backup as you can clone running vms. In fact most cloud deploys involve making a snapshot that is already stored as a 'backup' and makes things like rollback much easier to do.
Unikernels lack infrastructure to do any of these. That's why they're self-defeating canards.
I'm not sure what your comment means? What infrastructure? I just broke apart each of those into examples of how people use them today.
Command line. Packages. Mounts. File systems. Any standard anything. There's nothing unless you reinvent the wheel. Standardization and repeatability allow reuse of the work of many others. Unikernels throw 99.99% of it away.
Packages exist: https://repo.ops.city
Mounts also exist - in fact you can hotplug volumes on the fly on all the major clouds. People really like this cause they can do things like rotate ssl certs every few hours.
The file system exists - at the very least you need to load a program that sits on the filesystem but people are running webservers that write to temp files and load static assets and also databases.
@eyberg: i'm curious on how NanosVM Inception works? what's included in the image here
https://aws.amazon.com/marketplace/pp/prodview-lwk72eg6wfo3i
Sorry - just now seeing this. This is a build of PVM that works with Nanos. We're also maintaining that patch set as I don't ever see it getting included into the kernel (not anytime soon anyways).
Undead, undead, undead.
[dead]
Wake me up when you can unikernel-ize a Java framework like Quarkus or Spring.
https://github.com/nanovms/ops-examples/tree/master/java/04-...
Running Java applications was the original mission of OSv (https://osv.io/). Reading the website now they seem to have pivoted to running unmodified Linux applications.
The rabbit hole goes even deeper. Georgios was thinking about this with Jikes even earlier: https://gousios.org/pub/gousios-mscthesis.pdf
Does it mean it can run Java compiled to Native Image?
It doesn't necessarily mean that but yes you most definitely can run native images - another example showing that: https://github.com/nanovms/ops-examples/tree/master/java/07-... . Both of these pair very well with unikernels. Especially quarkus has excellent boot time and low mem usage.
Why not full VM with JIT? Seems much easier and more compatible with apps out there.
You can also run the full JVM and in fact I'd imagine that's how most of our JVM users actually use it today.
Because the JVM is fairly dynamic so it becomes hard to know which part to prune