This is a tutorial series on using the ReasonML language to build MirageOS unikernels and user-facing applications with tools like Reason-React. Using the same language for the entire stack is appealing. You’ll likely be able to stay in one editor, become very familiar with the syntax, and share common code between the layers of your application. Let’s talk about the different components of such a stack.
If you aren’t familiar with the concept of unikernels then there’s a decent Wikipedia page on the subject to read. You are encouraged to read about them or watch some videos to learn more.
Unikernels are minimalist operating systems that consist only of your application and the libraries needed at runtime. One feature often needed for an application is the concept of files on disk. In a general-purpose OS, the filesystem and shell are always there underneath your application. If your application is 100% network-based and you don’t need a file-system, then in a unikernel you wouldn’t include the library for accessing files. This eliminates dead code that is often vulnerable and would otherwise be there waiting for hackers.
MirageOS is an OCaml unikernel development kit that targets many different platforms. Your code can be developed on a normal general-purpose desktop operating system. Applications built with MirageOS are very flexible and can be deployed on the cloud using KVM, Xen, or even static POSIX binaries. In the case of POSIX deployments, MirageOS stops being a unikernel. But this is a great feature in that we can test the application on our desktop and deploy it in disguise on Kubernetes.
MirageOS consists of a command line utility and a set of libraries that enables you to build a stand-alone OS. Once built, your application IS the whole operating system. The `mirage` command line utility allows you to configure your target deployment environment on the fly. You can decide where you would like to run your OS after you’ve written the code and tested it on your desktop.
There’s very little attack surface on a unikernel. This is attractive. Firstly, your OS isn’t “the droids you are looking for” when it comes to hackers. Secondly, there’s no shell or extra services running in your OS. Even if a hacker could probe your application’s services, they will likely not be able to gain elevated general privileges (E.G., root) on your OS.
For years, even during the peak of Bitcoin’s price in 2017, there was a MirageOS Unikernel pinata running with 10 bitcoin inside. Even with nearly $200,000.00 USD hanging out there on the internet and a public challenge to steal them, nobody was able to do so. I think this is a great testament to the security aspects of unikernels. Nothing is foolproof but this is definitely a step in the right direction.
While it’s not necessary to use a unikernel for services, it is interesting technology. You could also just write a native webserver for Linux or write ReasonML bindings to popular Node webserver frameworks. We might show some of those also.
There’s less explaining needed here. Most of you are familiar with React or other web frameworks. We will combine a ReasonML webserver with a Reason-React web interface. The webserver will serve the application and then respond to the user’s needs via GraphQL or REST. We might also possibly show a desktop or a smartphone application written in ReasonML. We’ll see. This is a work in progress.
All of the mini-tutorials shown will use Docker. This may not be how we develop things on a day to day basis. But, for the purposes of sharing information, Docker is a great choice for portability. It’ll work on most any OS regardless of state. So long as you have Docker, you are good to go. (If you happen to be using a Debian-based OS, then you can just copy the Docker steps in your own desktop OS.)
This work is sponsored by me as an effort to hustle work. I have worked contract remote for the last 12 years but I’m open to employment or partnership in a startup effort. I am always looking for an opportunity to use Haskell, OCaml/ReasonML, or Rust full-time. I can help your team temporarily or permanently. No opportunity is too short or long. Don’t be shy.
I have 20+ years of software development under my belt including 10 years of functional programming and multiple years of both leadership and in-the-trenches SRE work.
If you like privacy then use keybase and/or send me a note using my Age|Rage public key age19k29c8pgqf9e82dum0xk2y0aw3ql5gc8w47upuz57mqm8r66839s6ys4ul
I use the same ‘dysinger’ user id everywhere I can on the internet. Contact me via keybase, wire, matrix, github, twitter, discord, or even old-fashioned email.
These are listed in order, progressively getting more complicated as we go. Follow the links or head into the subdirectories for each one.
[[][https://static.scarf.sh/a.png?x-pxid=90b427f6-f7e2-4259-aaf2-0f48d2e974]]