wip: * lima vm
This commit is contained in:
51
README.org
51
README.org
@@ -1,6 +1,35 @@
|
|||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#+OPTIONS: H:3 num:t \n:nil @:t ::t |:t ^:{} f:t *:t TeX:t LaTeX:t skip:nil p:nil
|
#+OPTIONS: H:3 num:t \n:nil @:t ::t |:t ^:{} f:t *:t TeX:t LaTeX:t skip:nil p:nil
|
||||||
|
|
||||||
|
* lima vm
|
||||||
|
When dealing with a highly stateful, evolving system, development workflows that
|
||||||
|
treat containers as immutable black boxes fall apart. Docker's model is great
|
||||||
|
for microservices and stateless demos — but not for real systems where:
|
||||||
|
- Executables change frequently (still coding)
|
||||||
|
- Data must persist (and be inspected live)
|
||||||
|
- Containers cannot be restarted casually (because they are the system)
|
||||||
|
|
||||||
|
Inside a single, well-managed VM we can
|
||||||
|
- Mount real filesystems (/data, /code, /state) — no awkward volume plugins
|
||||||
|
- Recompile and make install — no need to rebuild images
|
||||||
|
- Keep all services running — no data loss
|
||||||
|
- Log in and debug anything interactively
|
||||||
|
|
||||||
|
This is the exact model used before container cargo-culting took over.
|
||||||
|
|
||||||
|
For local *development* of a complex, stateful system like MRVA, dumping Docker in
|
||||||
|
favor of chroot or systemd-nspawn-style environments gives us:
|
||||||
|
- Full control over state, logs, mounts
|
||||||
|
- Zero rebuild delay
|
||||||
|
- Native process inspection, debugging, and file editing
|
||||||
|
- Persistent state without Docker’s volume opacity
|
||||||
|
- Easy replication of logical components via shell or Make
|
||||||
|
|
||||||
|
|
||||||
|
#+BEGIN_SRC sh
|
||||||
|
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
* Using the Containers
|
* Using the Containers
|
||||||
** Running the containers
|
** Running the containers
|
||||||
1. Start the containers
|
1. Start the containers
|
||||||
@@ -65,6 +94,28 @@
|
|||||||
docker exec mrva-agent pkill mrvaagent
|
docker exec mrva-agent pkill mrvaagent
|
||||||
|
|
||||||
#+END_SRC
|
#+END_SRC
|
||||||
|
- gh-mrva
|
||||||
|
#+BEGIN_SRC sh
|
||||||
|
#* Cross-compile locally
|
||||||
|
cd ~/work-gh/mrva/gh-mrva
|
||||||
|
go mod edit -replace="github.com/GitHubSecurityLab/gh-mrva=/Users/hohn/work-gh/mrva/gh-mrva"
|
||||||
|
go mod tidy
|
||||||
|
GOOS=linux GOARCH=arm64 go build
|
||||||
|
|
||||||
|
#* Look for the gh-mrva name in the process table
|
||||||
|
docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#* Copy the new binary
|
||||||
|
cd ~/work-gh/mrva/gh-mrva
|
||||||
|
docker cp mrvaagent mrva-agent:/usr/local/bin/mrvaagent
|
||||||
|
|
||||||
|
#* Restart the binary
|
||||||
|
docker exec mrva-agent pkill mrvaagent
|
||||||
|
|
||||||
|
#+END_SRC
|
||||||
|
|
||||||
|
|
||||||
** Use gh-mrva container to send request via cli
|
** Use gh-mrva container to send request via cli
|
||||||
*** Start container and check gh-mrva tool
|
*** Start container and check gh-mrva tool
|
||||||
|
|||||||
Reference in New Issue
Block a user