Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| projects:osmiumvm:start [2020-08-12 03:49] – ↷ Page moved from projects:virtualization-platform:start to projects:osmiumvm:start nkukard | projects:osmiumvm:start [2026-01-08 15:46] (current) – [Links] nkukard | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== OsmiumVM ====== | + | ====== OsmiumVM |
| - | ===== Purpose ===== | + | **OsmiumVM** is a reusable Go library for QEMU virtual machine management, providing a clean API for VM lifecycle control, device configuration, |
| - | Easy to use web based virtualization (cloud) platform. | + | **IliVM** is the IDMS Linux Instant VM application built on top of OsmiumVM, designed for automation with boot detection, SSH integration, |
| - | ===== Features ===== | + | **Osmium Sandbox** is a sandboxing library for confining processes on Linux using Seccomp, Landlock, Linux CAP dropping and Namespaces. |
| - | * WebUI easy to use on a desktop and in cloud environment | + | ===== OsmiumVM Features ===== |
| - | * Minimal dependencies able to run on almost any distro | + | |
| - | * Easy to use clustering, add server based on URL to associate with cluster | + | |
| - | * Rich API | + | |
| - | * Rich terminal support | + | |
| - | * noVNC for VNC-based access | + | |
| - | * xterm.js for serial access | + | |
| - | * Multi-tenancy with fine grained access control | + | |
| - | * Quotas | + | |
| - | * Storage | + | |
| - | * Network rate limit | + | |
| - | * vCPU' | + | |
| - | * Snapshot count or space utilization | + | |
| - | * Snapshots | + | |
| - | * Automated | + | |
| - | * Rollback option | + | |
| - | * Backups | + | |
| - | * Based on snapshots? | + | |
| - | * Statistics | + | |
| - | * IO | + | |
| - | * vCPU | + | |
| - | * Network | + | |
| - | * Storage support | + | |
| - | * LVM | + | |
| - | * LVM thin | + | |
| - | * QCOW2 | + | |
| - | * Live migration to another clustered host | + | |
| - | * Secure environment by dropping Qemu into apparmor | + | |
| - | * Networking | + | |
| - | * Strong network isolation based on locking IPv4/IPv6 to MAC of VM | + | |
| - | * IPv4/IPv6 network address pools | + | |
| - | * Ability to create virtual layer 2 networks between VM's (VXLAN) | + | |
| - | * Rich block device support | + | |
| - | * HTTP URL for ISO' | + | |
| - | * Cloud-init support | + | |
| - | * Uploading of ISO's (global & per tenant) | + | |
| - | * Our own splash screen | + | |
| - | ===== Technologies ===== | + | * **VM Lifecycle Management** - Create, prepare, start, stop, and cleanup VMs |
| + | * **Device Registry** - Unified device interface for all hardware components | ||
| + | * **QMP Protocol** - QEMU Machine Protocol for VM control and monitoring | ||
| + | * **Guest Agent** - Communication with QEMU guest agent for guest OS interaction | ||
| + | * **PCI Address Allocation** - Automatic PCI/PCIe address management for Q35 machines | ||
| + | * **Display Support** - VNC, SPICE, and GTK display with authentication | ||
| + | * **Storage Devices** - VirtIO block devices, NVMe, and CD-ROM support | ||
| + | * **Network Devices** - User-mode networking with port forwarding | ||
| - | * Python | + | ===== IliVM Features ===== |
| - | * [[..: | + | |
| - | ===== Challenges ===== | + | * **Boot Detection** - Guest agent polling with optional network readiness wait |
| + | * **SSH Integration** - Automatic key generation, file transfer, and remote execution | ||
| + | * **OEM Customization** - ISO-based OEM configuration injection | ||
| + | * **Serial Console** - Line-buffered and raw serial output handling | ||
| + | * **Script Execution** - Run installation scripts on guest VMs | ||
| - | {{page> | + | ===== Osmium Sandbox Features ===== |
| + | * **Seccomp BPF Filters** - Fine-grained syscall filtering using Linux seccomp | ||
| + | * **Policy Management** - Loadable filter policies tailored for workloads | ||
| + | * **Process Confinement** - Integrate with OsmiumVM to sandbox QEMU processes | ||
| + | * **Constants & Utilities** - Go bindings for seccomp modes, actions, and flags | ||
| + | * **Linux-Specific** - Built for `linux/ | ||
| + | * **Technologies** - Seccomp BPF, Landlock, CGroups v2, Namespaces (user/ | ||
| + | ===== Supported Platforms ===== | ||
| + | |||
| + | * **Machine Type**: Q35 | ||
| + | * **Accelerator**: | ||
| + | * **Guest OS**: Linux (KVM paravirtualization), | ||
| + | * **Sandbox Host**: Linux (seccomp BPF support required) | ||
| + | |||
| + | ===== Links ===== | ||
| + | |||
| + | (not yet created) | ||
| + | |||
| + | * [[https:// | ||
| + | * [[https:// | ||
| + | * [[https:// | ||