Are Unikernels the best alternative to Docker for 'containerised' releases?

The alternatives I’m looking at now are:

• Unikernels - e.g. Ling looks interesting, but it looks like it died as a project about 2 years ago?

• Project FiFo - and possibly running a unikernel release via it.

• Nerves - researching to see if it’s worth trying to make my own build using similar architecture for servers (‘Serves’|‘Nervers’?), possibly using FreeBSD or SmartOS (as Project FiFo works with and both are brilliant OSes for scalability, security, sanity (easy config)). I was hoping a mod of Nerves could do this on bare metal or a VPS, but a Nerves core team member said here recently that it isn’t possible or that’s how I interpreted his detailed and helpful reply to my question.

Has anyone got production experience in any of the above, can point to a working tutorial, and if possible one for optimising the scaling/security/config of an Elixir app whether as an umbrella or distributed app or however it is architected?

Thanks

What might be related to this, is Erlang on Xen, which is Erlang running on bare metal for use in the cloud.

I don’t have a lot of experience with Nerves yet, so I cannot tell you how Erlang on Xen relates to Nerves.

This is a very interesting question, and I hope someone else is able to provide more information .

Ling and ErlangOnXen are the same project… unfortunately has withered on the vine.

There is a little here about uni kernels but author is not optimistic about them …

I could easily be wrong - but from a (too) quick reading of that interview - the BDFL of Redox OS believes Redox OS is more secure than using a unikernel, which is interesting because one touted advantage of unikernels is that they greatly improve security by removing many potential attack vectors ie those in the typical operating systems used for hosting.

Although there is some overlap in the criticism of unikernels between the interview you link to and the following, I think the best arguments against unikernels are in the following interview, although they still haven’t convinced me that unikernels aren’t the best alternative to docker etc: DevOps ‘Unikernels will send us back to the DOS era’ – DTrace guru Bryan Cantrill speaks out

I’m going to follow up this reply with a list of the pros/cons or at least more info about unikernels so we can try to look at this alternative as a community and perhaps resurrect/adapt an existing project to give it a test run as an alternative to docker etc.

Update -

As others have said and I’ve found - it appears work on various competing unikernels ended, at least publicly, about 2 years ago.

Some of the reasons appear due to the amount of time and work to create a unikernel based on individual applications, lack of commonly accepted approach to building them, and business acquisitions likes Docker buying Unikernel Systems who were ‘trying to bring unikernels to the masses’ - Docker Acquires Unikernel Systems As It Looks Beyond Containers.

However, it appears unikernels are going to make a comeback via the announcement last December:

Xen Project Introduces the Unikraft Unikernel Project

More info from the team here: Unikraft

Summaries and presentation:

Unikraft project promises to simplify unikernel creation

Unikraft will provide two basic components:

Library pools for creating unikernels. These include libraries specific to computer architectures such as x86_64 and Arm32, libraries that target platforms such as Xen and KVM, and a library of operating system elements such as device drivers, file systems, network stacks, and runtimes.

A build tool for compiling the application and selected libraries to build a binary for a specific platform and hardware architecture.

Unleashing the Power of Unikernels with Unikraft

All of this interests me because of examples like the following using Rumprun:

PDF: Erlang on Rumprun Unikernel - An Erlang/Elixir platform enabling the microservices architecture.

YouTube: Erlang on Rumprun Unikernel aiding the Microservices Architecture by Neeraj Sharma

What does it look like?
●
Erlang/OTP BEAM VM builds to 6.3MB (stipped)
●
Custom Cowboy Websocket demo builds to ~8MB
○
Boots in KVM under 2 seconds
●
Hello Phoenix Elixir builds to ~19MB
○
Boots in KVM under 3 seconds
●
The euc2016-cool-demo builds to ~12MB

That’s awesomely fast!

Sadly Rumprun’s repo appears to have died about 3 years ago.

But I’m hoping Unikraft will perfect unikernels and this will save me and others from having to use Docker containers or alternative containers (I should update my thread’s title).

I’m going to keep researching this topic and updating it from time to time here - and would appreciate anyone adding to this and if possible presenting real world working examples we can use for our Elixir/Phoenix dev and deployment.

I would love for us to be able to read an update from someone like Neeraj Sharma ‘the author of porting Erlang to Rumprun unikernel’ - Erlang on Rumprun Unikernel aiding the Microservices Architecture and find out where he believes unikernels are going, his view of Unikraft, and how Elixir/OTP/Phoenix can run on unikernels.

Anyone keen to invite him and others knowledgeable on this subject to this forum?

That’s not really a bad thing though…

I know people like to talk ill about DOS, but it was a FANTASTIC kernel and runs circles around pretty much any modern OS, but it can mostly due this due to how low level it is, how cheap the kernel calls are, and it is cooporative instead of pre-emptive multithreading (your program, like the BEAM VM, could of course pre-empt internally).

But yep, especially with docker and VM’s being fairly ubiquitous now, unikernels are absolutely awesome.

Of the range of competing unikernels that are/were in development until recently, have you seen MirageOS?

I mention because of your interest in OCaml that MirageOS appears to be largely written in.

Being a bit cheeky here to tease one of this community into the discussion - @bobbypriambodo - would love to see his views on MirageOS (as from reading his previous comments, I think you may have influenced him to dive into OCaml) - at the end of his article Lightweight OCaml Docker Images with Multi-Stage Builds, he writes:

“But Bobby, why Docker?” The OCaml developers among you are surely very eager to point me to the amazing MirageOS project for unikernels and containerization. I assure you, it’s next on my learning list! There are still so many things to learn!

Yep, I’ve been following it only for about a year.

Lol. ^.^

Thanks - listening to this now!

Do you know if MirageOS or another unikernel is currently offering a working, maintained, and semi-well-documented - or not, Elixir and/or Phoenix and/or Umbrella app?

Hehe, yeah - sometimes I think you wrote OCaml - but, at the least, you’ve convinced me to start looking at it. I’m not quire sure the use cases of it yet, but as I investigate unikernels, I’ll check out MirageOS.

It’s true! And I don’t regret it

Unfortunately I still have none. Haven’t got the chance to look into it, since I’m investing the little free time I have to add more practical introductory-level blogs. I’m interested in what you think about it if you do check it out.

Honestly though, for having the best productivity for ‘me’ (unsure if best overall) I would love a mix of OCaml with Rust’s borrowing system (no GC) and a couple other minor things. I’ve always intended to create a mock-up of such a language but I’ve never got around to it, it would be a non-trivial task and I only have trivial time available… ^.^;

Very interesting is LinuxKit by Docker GitHub - linuxkit/linuxkit: A toolkit for building secure, portable and lean operating systems for containers