What's new with Mollymawk?

• OCaml
• Mollymawk
• Albatross

How it started

At the 14th MirageOS retreat which happened in 2024 (you can read about it on this post by Hannes), work began on Mollymawk. Mollymawk is a web UI and HTTP API for ochestrating and deploying MirageOS unikernels using solo5 and albatross.

The vision behind Mollymawk was:

• To provide a user-friendly interface for ochestrating unikernels, which can be used by both unikernel operators and unikernel developers.
• To provide a deployment mechanism that allows for seamless updates via automation tools like GitHub Actions.
• To deploy and update from the reproducible MirageOS unikernel database (which uses builder-web)

The initial prototype which was done by Pixie and Hannes, was able to gather information about running unikernels, and deploy a unikernel from the web UI. Hannes worked on the interactions with Albatross while Pixie focused on Javascript.

Mollymawk operates as a unikernel itself, running on top of Albatross. It communicates with Albatross over TLS, managing its own certificates to ensure secure operations. Given this design, safeguarding secrets and authentication has been a top priority, preventing unauthorized access that could compromise our infrastructure.

Now, after months of active development, Mollymawk has reached its first major milestone. This article outlines the latest updates and improvements that have brought us closer to a fully functional deployment and management tool for MirageOS unikernels.

Latest Updates and Improvements

1. Authentication and Security Enhancements**

Mollymawk relies on TLS certificates to communicate with Albatross, but we needed to shield the web UI to allow only authorized users. We've now introduced user authentication, restriction actions to authorized users only (users who have an account). Key updates include:

• Implementation of a cookie-based & token-based authentication to validate HTTP API requests.
• Permissions for administrator and normal users, where adminstrators may adjust the resources (memory, disk, access to networks) granted to individual users.

2. Improved Web UI for Deployment & Management

Mollymawk's UI has become significantly more intuitive and responsive. Enhancements include:

• A dashboard view displaying running unikernels, logs, and system metrics.
• A streamlined deployment interface, allowing users to pull updates, restart and destroy with a single click.

3. Enhanced API Functionality

Mollymawk's REST API has seen substantial improvements, making it more robust and flexible:

• New RESTful endpoints for creating, updating, and destroying unikernels.
• More detailed response handling, including error messages and status updates.

NLnet Grant

Early this year, Mollymawk received a grant from NLnet (see announcement) to further develop more features and improve existing ones.

For our first milestone, we focused on three key aspects:

1. 🔄 Upgrading Running Unikernels

The core of this milestone is enabling seamless upgrades of unikernels directly from builds.robur.coop (or another instance of builder-web). Instead of manually fetching, deploying, and verifying updates, we now automate this process while giving users control over what gets updated.

Mollymawk now detects whether a unikernel is out-of-date compared to the latest available build and users can also inspect what changed, helping ensure updates don't introduce unexpected behavior.

2. 🩺 Liveliness Checks (HTTP & DNS)

When we update a unikernel, the worst-case scenario is an unresponsive unikernel. To prevent this, we've built automated liveliness checks into the workflow. Right before and after an upgrade, Mollymawk can ensure the unikernel responds as expected via both HTTP and DNS checks.

If the unikernel fails these checks, the system halts further actions and marks the deployment as unstable.

This ensures that a failed update doesn't go unnoticed, reducing debugging headaches and reducing service outage. Subsequently, we plan to use these liveliness checks for automated restarts in addition to other restart metrics such as memory and CPU usage.

3. ⏪ Rollback Mechanism

Sometimes, updates don't go as planned. If a new build introduces issues, we need a reliable way to revert to the last known working version. That's exactly what this rollback feature does - if an upgrade fails, Mollymawk can automatically restore the previous build.

• Fallback logic: If the liveliness check fails after an update, the system triggers an automatic rollback.
• Manual rollback support: Users can also initiate a rollback themselves (within 10 minutes after an update) if something isn't working as expected.

What's Next?

With the upgrade workflow in place, we'll be refining the UI and improving reliability. Next steps might include multi-instance mollymawks (mollymawk communicating with multiple albatross installations), other vm-types support, advanced monitoring and notifications, live migration, auto-scaling and a more enhanced deployment workflow.

Robur is a cooperative that develops applications and unikernels in OCaml. The aim is to use and promote MirageOS unikernels.

Our work is only partially funded, we cross-fund our work by commercial contracts and public (EU) funding. We are part of a non-profit company, you can make a (in the EU tax-deductible) donation (select "DONATION robur" in the dropdown menu), or sponsor us via the GitHub sponsor button.