The near bare metal multi-container supervisor and OS management system.

Overview

Pantavisor

What is Pantavisor?

Pantavisor is the easiest way to build and manage embedded Linux projects with lightweight containers. Put your Linux distribution or custom-made firmware and userland into containers and get all of the benefits of portable containerized lifecycle management without needing to replace your distribution.

Pantavisor is the Linux device init system that turns the runtime into a set of containerized microservices. It is not a container engine but rather a framework for assembling and managing containerized building blocks for firmware and applications. Pantavisor provides a simple way to deploy and atomically manage your containerized embedded firmware and apps across millions of devices in a reproducible manner.

Meets the requirements of low-spec devices

To ensure it can cover the low-spec end of the market, Pantavisor brings full container functionality into a single binary to keeps its size as small as possible. Depending on the software functions that are built into the container, the size can vary, but the average for a fully functional system puts the Pantavisor binary at around 1mg (as a compressed initial ramdisk).

Pantavisor takes advantage of pure Linux container technology. It implements parts of the LXC suite as a library that wraps around the basic building blocks of containers. Because LXC is a pure C project, the overall footprint of Pantavisor is very small.

Build your embedded system with containerized building blocks

With a containerized system, you can mix and match components from different distros to build your system and update and maintain customizations without replacing your distro or the entire board.

In a Pantavisor-enabled device, each application or service is defined as a container, including all of the associated objects that are needed to start them. In Pantavisor this includes:

  • Board Support Packages (BSPs): kernel, modules, and firmware. 
  • System Middleware Containers: you can choose to package your monolithic distro middleware in one or build your middleware in more fine-grained units. 
  • Apps: Linux or Docker containers.
  • Configuration: system level configurations

In the case of a multi-service system, there can be definitions of these that make up the full running system. This is what we refer to as the Pantavisor State Format. This state is declarative and is in JSON format. It is managed via the Pantavisor CLI and kept in our SaaS Pantacor Hub or managed locally on your device with the system utilities Pantabox.

Pantacor Hub and Pantavisor

Pantacor Hub is the open source SaaS that manages app and device state in the cloud. You can think of it as a cross between an image sharing repository, a device system revision repository and a deployment platform. The hub allows you to share images and device data between team members or other users. It also manages the atomic revisions of the device state and also deploys them over the air across device fleets. In addition, you can use it to view logs, troubleshoot and configure devices as well as edit application, and user meta-data.

How to Get Started

This is the quickest way to get to know Pantavisor:

If you have a device like a Raspberry Pi, you can download a pre-built image for Raspberry Pi and several other device types that come with Pantavisor installed:

After you've downloaded and flashed your device with Pantavisor, try out a tutorial:

Getting help and support

We're a friendly and helpful community and welcome questions, and any feedback you may have.

License

Pantavisor applies the MIT license with copyright.

Issues
  • Bugfix/fix bad storage report

    Bugfix/fix bad storage report

    Fix some errors with the storage report. I realized that the off_t type (in the struct pv_storage) is normally defined as a signed integer on POSIX and in another hand, the types inside of the struct statfs involved in the storage size calculation are __fsword_t that type is for internal use and the recommendation is to use an unsigned int and fsblkcnt_t who is defined as "unsigned integer type" so I change those off_t to unsigned to avoid the overflow. Also finally I change the pv_json_ser_int by pv_json_ser_number because the underlying library uses double

    opened by fortizc 3
  • dm-crypt: add pv_disk with dm-crypt

    dm-crypt: add pv_disk with dm-crypt

    dm-crypt: add pv_disk with dm-crypt

    add initial support for dm-crypt based pv_disks. current implementation handles only CAAM and DCP explicit.

    disk defaults to persistent storage. Brief features list are,

    • disks.json: added new disks.json for handling the control over physical meidum to use. Refer 1 for more details.
    • disk types: There are 4 disk types introduced. - Directory (default): will be used to mount to pvroot as default - dm-crypt-versatile: use the cryptsetup utils to mount the disk/file encrypted with plain text key - dm-crypt-dcp: specific to i.Mx2 & i.Mx6 low spec variants with hardware DCP module. Compared with versatile, the key will be encrypted using Hardware DCP and cryptsetup uses encrypted key blob - dm-crypt-caam: specific to all modern i.Mx platforms with CAAM. Encryption of the key and cryptsetup uses the black blob
    • run.json: to consume the disks to use, defined the disk entry to run.json. Refere 2 for more details.

    Signed-off-by: Parthiban Nallathambi [email protected]

    opened by parthitce 2
  • Add uname data on different keys

    Add uname data on different keys

    The output of pvcontrol devmeta ls | jq is something like:

    {
      "storage": {
        "total": 15610982400,
        "free": 15318548480,
        "reserved": 780549120,
        "real_free": 14537999360
      },
      "pantavisor.version": "015-rc4-32-gfe4e999-220622-136fbe4",
      "pantavisor.uname": {
        "kernel.name": "Linux",
        "kernel.release": "4.19.127-v8+",
        "kernel.version": "#1 SMP PREEMPT Tue Jun 14 19:59:42 UTC 2022",
        "node.name": "(none)",
        "machine": "aarch64"
      },
      "pantavisor.revision": "locals/pbox-1655906948",
      "pantavisor.mode": "local",
      "pantavisor.dtmodel": "Raspberry Pi 3 Model B Plus Rev 1.3",
      "pantavisor.arch": "aarch64/64/EL",
      "pantahub.state": "update",
      "pantahub.online": "0",
      "pantahub.claimed": "1",
      "pantahub.address": "163.172.132.38:443",
      "interfaces": {
        "lo.ipv4": [
          "127.0.0.1"
        ],
        "enxb827eb52df46.ipv4": [
          "192.168.1.89"
        ],
        "lxcbr0.ipv4": [
          "10.0.3.1"
        ],
        "lo.ipv6": [
          "::1"
        ],
        "enxb827eb52df46.ipv6": [
          "fe80::54f3:4de4:569a:b0e3%enxb827eb52df46"
        ]
      }
    }
    
    opened by fortizc 1
  • dm-crypt: handle mounting path with perm and rev

    dm-crypt: handle mounting path with perm and rev

    adapt dm-crypt implementation to align with using

    • /<storage_path>/perm/
    • /<storage_path>/rev//.

    Done with a help of comman path. Now dm-crypt does,

    • create image file if not exist
    • create device mapper if not exist
    • mount to common path (currently under /media/pv/dmcrypt/<disk_name>)
    • mount container paths

    Signed-off-by: Parthiban Nallathambi [email protected]

    opened by parthitce 1
  • Refactor file and fs libraries

    Refactor file and fs libraries

    This is the first of three PR to complete refactor the code present on utils/fs.h and utils/file.h This PR adds utils/filesystem.h with all functions to replace the current implementations.

    Next step:

    1. Replace library calls
    2. Delete the old libraries
    opened by fortizc 0
  • add devmeta to storage and allow pvctrl management

    add devmeta to storage and allow pvctrl management

    This allows devmeta to be saved on disk and loaded after reboots in a usrmeta fashion. It also adds new pvctrl requests to save and delete devmeta (for now it requires mgmt role).

    List of changes:

    • config: deprecate meta.cache.dir in favour of cache.usrmetadir
    • config: add new cache.devmetadir pantavisor.config key
    • ctrl: add new PUT and DELETE usrmeta requests
    • metadata: avoid initializating user-meta. if there is nothing to store
    • metadata: save devmeta in storage when added
    • metadata: add new rm devmeta function
    • metadata: load devmeta from storage when initializing pv
    • mount: mount new device-meta dir in /pv
    • paths: new path functions for /storage and /pv devmeta
    • pv_lxc: mount /storage/device-meta in mgmt plats
    • pv_lxc: mount /storage/device-meta. in non-mgmt plats
    • storage: new functions to save and remove devmeta from disk
    opened by anibalportero 0
  • refactor roles and add them to pvcontrol ls

    refactor roles and add them to pvcontrol ls

    Refactor roles so it easier to add new ones.

    List of changes:

    • conditions: use pv_json_ser library to generate json
    • ctrl: use new role function to check mgmt
    • parser_system1: use new role functions to set and unset mgmt
    • platforms: store roles with masks
    • platforms: offer new functions to modify and check mask
    • platforms: use pv_json_ser library to generate json
    • platforms: show roles in platform json for pvcontrol ls
    opened by anibalportero 0
  • appengine init mode

    appengine init mode

    This change introduces the changes that are necessary to make apengine init mode work. This init mode allows to run Pantavisor in an existing Linux distro.

    It is set in pantavisor.config like:

    system.init.mode=appengine
    

    With this, Pantavisor will expect state JSONs with the [email protected] spec, but will not allow the bsp keys in them.

    List of changes:

    • bootloader: get cmdline from pv struct instead of from disk
    • config: fix value string override
    • config: fix keep_factory
    • config: move log.dir to pantavisor.config
    • config_parser: get cmdline from pv struct instead of from disk
    • ctrl: unlink socket after closing it to allow reopening
    • init: avoid early mounts in appengine init mode
    • init: allow cmdline as an argument. Load from disk if argument not used
    • metadata: do not remove usrmeta and devmeta lists if empty, which could case a crash
    • mount: avoid late mounts in appengine init mode
    • mount: avoid executing pv_e2fsgrow if not in embedded mode
    • pantavisor: store cmdline in pv struct
    • pantavisor: fix state not being stopped (and thus volumes not unmounted) in some rollback cases
    • pantavisor: avoid reseting or rebooting in appengine init mode. Exit instead
    • parser: minor refactor to allow easier addition of new parse formats
    • parser: limit appengine init mode to system1
    • parser_system1: minor refactor to allow reuse of parser code from other formats
    • parser_system1: disable bsp and non app groups in appengine init mode
    • paths: configs now accept file names
    • ph_logger: close and unlink socket when stopping log main service
    • pv_lxc: add some missing dynamic paths
    • pv_lxc: shutdown containers that failed to start to avoid leftovers in further executions
    • state: unmount volumes allways except when plat is stopping, starting or started
    • storage: avoid linking bsp artifacts in appengine init mode
    • updater: fix endpoint downloading being freed twice
    opened by anibalportero 0
  • Declarative kernel module loading support for BSPs

    Declarative kernel module loading support for BSPs

    This adds support to a declarative interface in the BSP JSON for kernel modules that are provided by the BSP and that expose the said modules to the application containers depending on the presence of a named dtb or dtbo object as passed by the bootloader.

    opened by ricmm 0
  • Fix: crypt logging

    Fix: crypt logging

    crypt failures with CAAM are sporadic and no meaningful debug information available with existing state. Adapt volume handler and add additional debug logs in error exit path.

    opened by parthitce 0
  • add mdev.sh to hooks_lxc-mount.d

    add mdev.sh to hooks_lxc-mount.d

    To use this put a mdev.json in your platform folder, e.g. for a container named "busy" you could do:

    cat busy/mdev.json 
    {
        "rules": [
            "hwrng 0:0 666 \u003epv/",
            "ebbchar 0:0 666 \u003epv/",
            ".* 0:0 000 !"
        ]
    }
    opened by asac 0
  • refactor logging system: collect logs in one socket

    refactor logging system: collect logs in one socket

    This ~merge~ pull request refactors the logging system. With theses changes, we collect all logs in the central logging socket called logserver. This allows us to easily change the way we log in pantavisor. Additionally, we only have one json log file per revision instead of folder tree structure with multiple files.

    • adding new file logserver.c: This is the socket which accepts all logs. It also provides functionality to send logs to the socket.
    • move all code in ph_logger related to the logsocket. logserver now fully controls the logsocket.
    • add 2 new config options to config.c: log.server.outputs is a comma seperated list of consumers. Each output stands for a function that consumes the struct logserver_msg_data of incoming messages. I have implemented singlefile for one log file in json format and filetree for the current behavior in master. For example, we could add a consumer that prints to stdout.
    • log.c: Redirect logs to logserver. Add function to log to console. All logs in the system now go through /pv/pv-ctrl-log.

    TODO:

    • Fix pantahub log push when in version 2 (if we want to keep this version).
    opened by julianhartmer 0
Releases(014)
Owner
Pantavisor
A framework for containerized embedded Linux
Pantavisor
Nin - It's metal to my ears. Build system in Go.

nin An experimental fork of ninja translated in Go. Currently a toy. Are you serious? Yeah. Marc-Antoine, isn't it a stupid idea? Yeah. When Google wa

M-A 6 May 26, 2022
Accelerated Container Image

OverlayBD Accelerated Container Image Accelerated Container Image is an open-source implementation of paper "DADI: Block-Level Image Service for Agile

Alibaba 119 Jun 21, 2022
an easy implementation of a multi-process tcp server and a multi-thread tcp client

一个TCP多进程服务器-多线程客户端的简单实现。 客户端类似Apache ab的测试功能,能够通过向某一个ip端口发送指定并发量和总数量的tcp短连接;服务端处理tcp短连接,每来一条消息就打印一条log。 使用cmake编译,建议在vscode里编译,或者命令行 # 终端进入目录 mkdir bu

adin 1 Nov 28, 2021
aria2 is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line.

aria2 is a lightweight multi-protocol & multi-source, cross platform download utility operated in command-line. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink.

aria2 26.7k Jul 2, 2022
Steve's Unreal Quest System: data-driven quest system for UE4

Steve's Unreal Quest System (SUQS) What Is It? SUQS is a simple, data-driven quest system for UE4. It helps you define quest structures for your game,

Steve Streeting 57 May 28, 2022
Mongoose Embedded Web Server Library - a multi-protocol embedded networking library with TCP/UDP, HTTP, WebSocket, MQTT built-in protocols, async DNS resolver, and non-blocking API.

Mongoose - Embedded Web Server / Embedded Networking Library Mongoose is a networking library for C/C++. It implements event-driven non-blocking APIs

Cesanta Software 8.5k Jun 29, 2022
An HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation focused offensive operations

WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications. This kit was designed to emulate covert APT offensive operations. This kit includes WARFOX (Windows implant), HIGHTOWER (Listening Post), and other tools to build configs and set up a proxy network.

null 93 Jun 30, 2022
Event-driven network library for multi-threaded Linux server in C++11

Muduo is a multithreaded C++ network library based on the reactor pattern. http://github.com/chenshuo/muduo Copyright (c) 2010, Shuo Chen. All righ

Shuo Chen 11.5k Jun 29, 2022
SoftEther VPN - Cross-platform multi-protocol VPN software.

SoftEther VPN - Cross-platform multi-protocol VPN software.

SoftEther 9k Jul 1, 2022
Multi-protocol Port Mapping client library

libplum - Multi-protocol Port Mapping client library libplum (Port Lightweight and Universal Mapping) is a library allowing to forward ports on Networ

Paul-Louis Ageneau 14 Jun 18, 2022
WARFOX is a software-based HTTPS beaconing Windows implant that uses a multi-layered proxy network for C2 communications.

An HTTPS beaconing Windows implant and multi-layered proxy C2 network designed for covert APT emulation focused offensive operations

null 92 Jun 20, 2022
wolfSSL Intrusion Detection and Prevention System (IDPS)

wolfSentry is the wolfSSL IDPS (Intrusion Detection and Prevention System). It is mainly used as a library, but can also be used as part of a kernel module.

wolfSSL 13 Mar 29, 2022
Open Source IoT Operating System

IoTaaP OS Open Source IoT Operating System Usage Include IoTaaP_OS.h to your project and define IoTaaP OS object Usage example #include <IoTaaP_OS.h>

IoTaaP 38 Nov 23, 2021
Open source file system for small embedded systems

STORfs Open Source File System Release Version 1.0.2 Created by: KrauseGLOBAL Solutions, LLC What is STORfs? STORfs is an open source flash file syste

null 16 Apr 23, 2022
A webserver hosting a bank system for Minecraft, able to be used from web browser or from CC/OC if you're playing modded.

CCash A webserver hosting a bank system for Minecraft, able to be used from web browser or from CC/OC if you're playing modded. Description the curren

William Katz 24 Dec 10, 2021
A linux based file-transfer system in terminal. Share Files Over A Network

Introduction A linux based file-transfer system in terminal. Share Files Over A Network Note This Project Is Not Fully Completed Yet But You Are Free

notaweeb 8 Sep 20, 2021
Linux Terminal Service Manager (LTSM) is a set of service programs that allows remote computers to connect to a Linux operating system computer using a remote terminal session (over VNC or RDP)

Linux Terminal Service Manager (LTSM) is a set of service programs that allows remote computers to connect to a Linux operating system computer using a remote terminal session (over VNC)

null 14 Jan 5, 2022
Sync up system date/time with this NTP client for OS/400 V4R5

Synchronise OS/400 V4R5 system date/time with an NTP server OS/400 V4R5 lacks an NTP client, so here is one. I followed the specifications provided in

Dave Asta 1 Nov 10, 2021
Built a peer-to-peer group based file sharing system where users could share or download files from the groups they belonged to. Supports parallel downloading with multiple file chunks from multiple peers.

Mini-Torrent Built a peer-to-peer group based file sharing system where users could share or download files from the groups they belonged to. Supports

null 1 Nov 15, 2021