Add unikernel runtime: run services as Nanos VMs under QEMU/KVM

Implements the hypervisor design's Phase 1: a second runtime.Runtime backend (QEMU) that runs each service component as a Nanos unikernel VM instead of a podman container, selected per-component via a new runtime = "unikernel" service-def field. - internal/runtime/qemu.go: QEMURuntime. Pull extracts the ELF from the OCI image; Run does `ops build` + boots qemu-system-x86_64 with KVM, user-mode net port-forwards, QMP control socket and serial console log; Stop/Remove/Inspect/List/Logs map onto VM lifecycle + state dir. - proto/registry/servicedef: add runtime, memory_mb, vcpus fields (registry migration 5). - agent: holds both runtimes; runtimeFor() selects per component; listAllContainers() merges containers + VMs so drift/status see both. Unikernel runtime auto-enables on nodes with /dev/kvm + ops. Validated end-to-end on straylight: a test service deploys via `mcp deploy --direct`, boots as a Nanos unikernel, serves HTTP through the agent port-forward, and reports running via `mcp status`/`mcp logs`. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 00:54:49 -07:00
parent 3b08caaa0a
commit d56f224359
30 changed files with 949 additions and 152 deletions
--- a/internal/registry/components.go
+++ b/internal/registry/components.go
@@ -30,10 +30,22 @@ type Component struct {
 	Volumes       []string
 	Cmd           []string
 	Routes        []Route
+	Runtime       string // "container" (default) or "unikernel"
+	MemoryMB      int    // unikernel guest memory in MB
+	VCPUs         int    // unikernel guest vCPUs
 	CreatedAt     time.Time
 	UpdatedAt     time.Time
 }

+// defaultRuntime normalizes an empty runtime to "container" so the
+// components.runtime column is never empty.
+func defaultRuntime(r string) string {
+	if r == "" {
+		return "container"
+	}
+	return r
+}
+
 // CreateComponent creates a new component in the registry.
 func CreateComponent(db *sql.DB, c *Component) error {
 	tx, err := db.Begin()
@@ -43,10 +55,10 @@ func CreateComponent(db *sql.DB, c *Component) error {
 	defer tx.Rollback() //nolint:errcheck

 	_, err = tx.Exec(`
-		INSERT INTO components (name, service, image, network, user_spec, restart, desired_state, observed_state, version)
-		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+		INSERT INTO components (name, service, image, network, user_spec, restart, desired_state, observed_state, version, runtime, memory_mb, vcpus)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
 		c.Name, c.Service, c.Image, c.Network, c.UserSpec, c.Restart,
-		c.DesiredState, c.ObservedState, c.Version,
+		c.DesiredState, c.ObservedState, c.Version, defaultRuntime(c.Runtime), c.MemoryMB, c.VCPUs,
 	)
 	if err != nil {
 		return fmt.Errorf("insert component %q/%q: %w", c.Service, c.Name, err)
@@ -74,11 +86,11 @@ func GetComponent(db *sql.DB, service, name string) (*Component, error) {
 	var createdAt, updatedAt string
 	err := db.QueryRow(`
 		SELECT name, service, image, network, user_spec, restart,
-		       desired_state, observed_state, version, created_at, updated_at
+		       desired_state, observed_state, version, runtime, memory_mb, vcpus, created_at, updated_at
 		FROM components WHERE service = ? AND name = ?`,
 		service, name,
 	).Scan(&c.Name, &c.Service, &c.Image, &c.Network, &c.UserSpec, &c.Restart,
-		&c.DesiredState, &c.ObservedState, &c.Version, &createdAt, &updatedAt)
+		&c.DesiredState, &c.ObservedState, &c.Version, &c.Runtime, &c.MemoryMB, &c.VCPUs, &createdAt, &updatedAt)
 	if err != nil {
 		return nil, fmt.Errorf("get component %q/%q: %w", service, name, err)
 	}
@@ -109,7 +121,7 @@ func GetComponent(db *sql.DB, service, name string) (*Component, error) {
 func ListComponents(db *sql.DB, service string) ([]Component, error) {
 	rows, err := db.Query(`
 		SELECT name, service, image, network, user_spec, restart,
-		       desired_state, observed_state, version, created_at, updated_at
+		       desired_state, observed_state, version, runtime, memory_mb, vcpus, created_at, updated_at
 		FROM components WHERE service = ? ORDER BY name`,
 		service,
 	)
@@ -123,7 +135,7 @@ func ListComponents(db *sql.DB, service string) ([]Component, error) {
 		var c Component
 		var createdAt, updatedAt string
 		if err := rows.Scan(&c.Name, &c.Service, &c.Image, &c.Network, &c.UserSpec, &c.Restart,
-			&c.DesiredState, &c.ObservedState, &c.Version, &createdAt, &updatedAt); err != nil {
+			&c.DesiredState, &c.ObservedState, &c.Version, &c.Runtime, &c.MemoryMB, &c.VCPUs, &createdAt, &updatedAt); err != nil {
 			return nil, fmt.Errorf("scan component: %w", err)
 		}
 		c.CreatedAt, _ = time.Parse("2006-01-02 15:04:05", createdAt)
@@ -169,9 +181,11 @@ func UpdateComponentSpec(db *sql.DB, c *Component) error {

 	_, err = tx.Exec(`
 		UPDATE components
-		SET image = ?, network = ?, user_spec = ?, restart = ?, version = ?, updated_at = datetime('now')
+		SET image = ?, network = ?, user_spec = ?, restart = ?, version = ?,
+		    runtime = ?, memory_mb = ?, vcpus = ?, updated_at = datetime('now')
 		WHERE service = ? AND name = ?`,
-		c.Image, c.Network, c.UserSpec, c.Restart, c.Version, c.Service, c.Name,
+		c.Image, c.Network, c.UserSpec, c.Restart, c.Version,
+		defaultRuntime(c.Runtime), c.MemoryMB, c.VCPUs, c.Service, c.Name,
 	)
 	if err != nil {
 		return fmt.Errorf("update component %q/%q: %w", c.Service, c.Name, err)
--- a/internal/registry/db.go
+++ b/internal/registry/db.go
@@ -156,4 +156,9 @@ var migrations = []string{
 		created_at       TEXT NOT NULL DEFAULT (datetime('now')),
 		updated_at       TEXT NOT NULL DEFAULT (datetime('now'))
 	);`,
+
+	// Migration 5: unikernel runtime support (per-component runtime + VM resources)
+	`ALTER TABLE components ADD COLUMN runtime TEXT NOT NULL DEFAULT 'container';
+	 ALTER TABLE components ADD COLUMN memory_mb INTEGER NOT NULL DEFAULT 0;
+	 ALTER TABLE components ADD COLUMN vcpus INTEGER NOT NULL DEFAULT 0;`,
 }
--- a/internal/registry/registry_test.go
+++ b/internal/registry/registry_test.go
@@ -37,7 +37,7 @@ func TestServiceCRUD(t *testing.T) {
 	db := openTestDB(t)

 	// Create
-	if err := CreateService(db, "metacrypt", true); err != nil {
+	if err := CreateService(db, "metacrypt", true, ""); err != nil {
 		t.Fatalf("create: %v", err)
 	}

@@ -60,7 +60,7 @@ func TestServiceCRUD(t *testing.T) {
 	}

 	// Update active
-	if err := UpdateServiceActive(db, "metacrypt", false); err != nil {
+	if err := UpdateServiceActive(db, "metacrypt", false, ""); err != nil {
 		t.Fatalf("update: %v", err)
 	}
 	s, _ = GetService(db, "metacrypt")
@@ -80,17 +80,17 @@ func TestServiceCRUD(t *testing.T) {

 func TestServiceDuplicateName(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "metacrypt", true); err != nil {
+	if err := CreateService(db, "metacrypt", true, ""); err != nil {
 		t.Fatalf("first create: %v", err)
 	}
-	if err := CreateService(db, "metacrypt", true); err == nil {
+	if err := CreateService(db, "metacrypt", true, ""); err == nil {
 		t.Fatal("expected error on duplicate name")
 	}
 }

 func TestComponentCRUD(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "metacrypt", true); err != nil {
+	if err := CreateService(db, "metacrypt", true, ""); err != nil {
 		t.Fatalf("create service: %v", err)
 	}

@@ -198,7 +198,7 @@ func TestComponentCRUD(t *testing.T) {

 func TestComponentCompositePK(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "metacrypt", true); err != nil {
+	if err := CreateService(db, "metacrypt", true, ""); err != nil {
 		t.Fatalf("create service: %v", err)
 	}

@@ -213,7 +213,7 @@ func TestComponentCompositePK(t *testing.T) {

 func TestCascadeDelete(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "metacrypt", true); err != nil {
+	if err := CreateService(db, "metacrypt", true, ""); err != nil {
 		t.Fatalf("create service: %v", err)
 	}

@@ -239,7 +239,7 @@ func TestCascadeDelete(t *testing.T) {

 func TestComponentRoutes(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "svc", true); err != nil {
+	if err := CreateService(db, "svc", true, ""); err != nil {
 		t.Fatalf("create service: %v", err)
 	}

@@ -298,7 +298,7 @@ func TestComponentRoutes(t *testing.T) {

 func TestRouteHostPort(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "svc", true); err != nil {
+	if err := CreateService(db, "svc", true, ""); err != nil {
 		t.Fatalf("create service: %v", err)
 	}

@@ -363,7 +363,7 @@ func TestRouteHostPort(t *testing.T) {

 func TestRouteCascadeDelete(t *testing.T) {
 	db := openTestDB(t)
-	if err := CreateService(db, "svc", true); err != nil {
+	if err := CreateService(db, "svc", true, ""); err != nil {
 		t.Fatalf("create service: %v", err)
 	}

--- a/internal/registry/services.go
+++ b/internal/registry/services.go
@@ -10,15 +10,16 @@ import (
 type Service struct {
 	Name      string
 	Active    bool
+	Comment   string
 	CreatedAt time.Time
 	UpdatedAt time.Time
 }

 // CreateService creates a new service in the registry.
-func CreateService(db *sql.DB, name string, active bool) error {
+func CreateService(db *sql.DB, name string, active bool, comment string) error {
 	_, err := db.Exec(
-		"INSERT INTO services (name, active) VALUES (?, ?)",
-		name, active,
+		"INSERT INTO services (name, active, comment) VALUES (?, ?, ?)",
+		name, active, comment,
 	)
 	if err != nil {
 		return fmt.Errorf("create service %q: %w", name, err)
@@ -31,9 +32,9 @@ func GetService(db *sql.DB, name string) (*Service, error) {
 	s := &Service{}
 	var createdAt, updatedAt string
 	err := db.QueryRow(
-		"SELECT name, active, created_at, updated_at FROM services WHERE name = ?",
+		"SELECT name, active, comment, created_at, updated_at FROM services WHERE name = ?",
 		name,
-	).Scan(&s.Name, &s.Active, &createdAt, &updatedAt)
+	).Scan(&s.Name, &s.Active, &s.Comment, &createdAt, &updatedAt)
 	if err != nil {
 		return nil, fmt.Errorf("get service %q: %w", name, err)
 	}
@@ -44,7 +45,7 @@ func GetService(db *sql.DB, name string) (*Service, error) {

 // ListServices returns all services.
 func ListServices(db *sql.DB) ([]Service, error) {
-	rows, err := db.Query("SELECT name, active, created_at, updated_at FROM services ORDER BY name")
+	rows, err := db.Query("SELECT name, active, comment, created_at, updated_at FROM services ORDER BY name")
 	if err != nil {
 		return nil, fmt.Errorf("list services: %w", err)
 	}
@@ -54,7 +55,7 @@ func ListServices(db *sql.DB) ([]Service, error) {
 	for rows.Next() {
 		var s Service
 		var createdAt, updatedAt string
-		if err := rows.Scan(&s.Name, &s.Active, &createdAt, &updatedAt); err != nil {
+		if err := rows.Scan(&s.Name, &s.Active, &s.Comment, &createdAt, &updatedAt); err != nil {
 			return nil, fmt.Errorf("scan service: %w", err)
 		}
 		s.CreatedAt, _ = time.Parse("2006-01-02 15:04:05", createdAt)
@@ -64,11 +65,15 @@ func ListServices(db *sql.DB) ([]Service, error) {
 	return services, rows.Err()
 }

-// UpdateServiceActive updates a service's active flag.
-func UpdateServiceActive(db *sql.DB, name string, active bool) error {
-	res, err := db.Exec(
-		"UPDATE services SET active = ?, updated_at = datetime('now') WHERE name = ?",
-		active, name,
+// UpdateServiceActive updates a service's active flag and comment. If comment
+// is empty, the existing comment is preserved.
+func UpdateServiceActive(db *sql.DB, name string, active bool, comment string) error {
+	res, err := db.Exec(`
+		UPDATE services SET active = ?,
+			comment = CASE WHEN ? = '' THEN comment ELSE ? END,
+			updated_at = datetime('now')
+		WHERE name = ?`,
+		active, comment, comment, name,
 	)
 	if err != nil {
 		return fmt.Errorf("update service %q: %w", name, err)