[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Virtualisation alternatives for deploying a small number of services

From: Tomas Volf
Subject: Re: Virtualisation alternatives for deploying a small number of services
Date: Wed, 22 May 2024 19:16:54 +0200

On 2024-05-22 16:47:51 +0100, Fabio Natali wrote:
> Hi,
> I'd like to run a small number of VMs on a single physical machine. The
> reason for using VMs is security, i.e. to get a strong level of
> isolation when deploying some services.
> Among the options I've been considering:
> + libvirt, which I understand would imply some manual (potentially non
>   declarative?) setup, beyond defining and bringing up the libvirt Guix
>   service.
> + Ganeti, which might be a bit of an overkill for this particular use
>   case.
> + Guix's 'least-authority-wrapper', which of course would give me
>   containerisation rather than virtualisation, so not really what I'm
>   looking for.
> I think libvirt is my favourite option so far but I was wondering if
> there's any further alternative that I haven't been considering.
> I think the ideal solution would be some wrapper similar to the
> least-authority one, but that spins up a VM rather than a container. I
> see there's 'virtual-build-machine-service-type' which of course
> wouldn't fit the bill, but it might be close to the idea of a VM-based
> wrapper?
> Any ideas or pointers to existing solution are welcome.

If your main goal is strong isolation and security, you probably might want to
take a look at firecracker[0].  Downside is non-existent support in Guix, not
even a package.

The wrapper along the lines of least-authority is quite an interesting idea and
I will likely explore it a bit, thank you.


> Thanks, best, Fabio.
> (I'd be grateful if you could CC me in if replying as otherwise I might
> miss your email.)
> --
> Fabio Natali

Have a nice day,
Tomas Volf

There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]