smolBSD: Easily Create Your Own BSD System
With smolBSD, NetBSD is intended to become a basis for MicroVMs under QEMU or Firecracker. The project shows how easy it can be to create MicroVMs.
(Image: smolBSD, Screenshot: heise medien)
- Michael Plura
With smolBSD, a loving diminutive of smallBSD, Spanish NetBSD developer Emile “iMil” Heitor has created an environment for generating tiny NetBSD installations. The lean design is intended to form the basis for a stable system with the lowest possible resource requirements, optimized for security and performance. This makes it suitable for use in embedded systems, containers, virtual machines, or on various, including older, architectures—explicitly including a 32-bit kernel for the x86 platform.
Mini-Systems, Appliances, and Above All MicroVMs
Above all, the minimalist smolBSD is intended to run as a MicroVM (Micro Virtual Machine) in short-lived, isolated, and secure execution environments. MicroVMs are provided, for example, by QEMU, Cloud Hypervisor, and Amazon with Firecracker. The smolBSD project page explicitly lists QEMU and Firecracker as functioning platforms.
Heitor presented details about his motivation for developing smolBSD and information about its internal structure at BSDcon 2024 at the University of Ottawa in his talk Making NetBSD a fast(er) booting microvm. His project is already attracting other developers like Leah Neukirchen, who has created nitro, a small, flexible, and above all portable init framework with a process supervisor (PID 1) that also runs under smolBSD.
Astonishingly Simple, Fast, and Problem-Free
To get a glimpse of smolBSD MicroVMs, you need a system with Intel VT-x or AMD-V running NetBSD, GNU/Linux, or macOS. A test with the systemd-less Devuan GNU/Linux went smoothly after installing a few packages (qemu-system-x86, curl, git, bmake, uuid-runtime, bsdtar). In the copy of smolBSD cloned via git, the functionality and configuration of the MicroVMs can be adjusted in the etc and service directories. Pre-made examples such as a simple SSH access, an SSH bouncer, and a web server are available in the etc directory. The MicroVM image is then generated via bmake and can then be distributed or started directly via the startnb.sh script.
(Image:Â Michael Plura / heise medien)
Milliseconds Count for Microservices
In the age of cloud architectures, serverless computing, and microservices, increasingly bloated operating systems are becoming more and more unattractive. What's desired are extremely lean systems that contain only what's really needed and ideally start almost in real-time. One example is Amazon's Firecracker, a lightweight virtual machine monitor (VMM) via KVM specifically developed for fast and secure startup of isolated MicroVMs in cloud and serverless environments. AWS Lambda (FaaS) and AWS Fargate (CaaS) run functions or services/containers without their server base. QEMU has also offered “microvm” as a “machine type” for some time.
Videos by heise
Normally, Linux runs in Firecracker MicroVMs. However, in recent years, FreeBSD developer Colin Percival has made FreeBSD suitable for execution under Firecracker. The project is still considered experimental, but the startup times in his tests of 25ms or even under 20ms, compared to Linux with 75ms or more, show that there is significant potential in BSD-based microVMs—and not just because AWS bills Firecracker costs in milliseconds. According to the smolBSD developer, his NetBSD MicroVM kernel should start in 10 to 14ms under QEMU—a not truly comparable environment. Here, concrete practical tests need to show the real performance of the three solutions.
Conclusion
Certainly, it is a security advantage if MicroVMs do not rely solely on a Linux monoculture but can also be diversified towards FreeBSD and perhaps soon NetBSD. smolBSD creates an additional, appealing alternative.
(vbr)
