Aurae is a free and open source Rust project which houses a memory-safe systems runtime daemon built specifically for enterprise distributed systems called auraed
.
The auraed
daemon can be run as a PID 1 on a Linux kernel and manages containers, virtual machines, and spawning short-lived nested virtual instances of itself for an additional layer of isolation.
Aurae is on a mission to be the most loved and effective way of managing workloads on a single piece of hardware. Our hope is that by bringing a better set of controls to a node, we can unlock brilliant higher order distributed systems in the future.
Aurae takes ownership of all runtime processes on a single piece of hardware, and provides mTLS encrypted gRPC APIs (Aurae Standard Library) to manage the processes. With Aurae Cells the project offers a way to slice up a system using various isolation strategies for enterprise workloads.
The project is very young and under active development. The APIs are subject to change without notice until further notice. As we continue to develop the project the APIs will stabilize and eventually a long term stable release will be offered.
At this time the project should not be run in production.
Please read getting involved if you are interested in joining the project in its early phases. Contribution types of all types and ranges are welcome. You do not have to know Rust to join the project.
Aurae offers a runtime API which is capable of managing:
- Executables (Basic runtime processes)
- Cells (Processes running in a shared cgroup namespace)
- Spawned Aurae Instances (Short lived nested virtual instances of Aurae)
- Pods (Cells running in spawned instances)
- Virtual Machines (Long-lived arbitrary virtual machines)
Think of auraed as a PID 1 init machine daemon with a scope similar to systemd and functionality similar to containerd and firecracker.
Aurae brings SPIFFE/SPIRE (x509 mTLS) backed identity, authentication (authn) and authorization (authz) as low as the Unix domain socket layer in a distributed system.
Aurae exposes its functionality over a gRPC API which is referred to as the Aurae Standard Library.
A single Aurae instance has no awareness of higher order scheduling mechanisms such as the Kubernetes control plane. Aurae is designed to take ownership of a single node, and expose the standard library as a generic and meaningful way for higher order consumers.
Aurae is a low level building block and is designed to work well with any higher order system by offering a thoughtful set of APIs and controls for managing workloads on a node.
Read Why fix Kubernetes and Systemd by Kris Nóva.
Aurae attempts to simplify and improve the stack in enterprise distributed systems by carving out a small portion of responsibility while offering a few basic guarantees with regard to state, synchronicity, awareness, and security.
Aurae brings enterprise identity as low as the socket layer in a system, which unlocks multi tenant workloads that run below tools like Kubernetes.
Aurae offers a Turing complete scripting language built on top of TypeScript called AuraeScript. AuraeScript embeds the Deno source code directly, and offers a remote client and SDK to interface directly with Aurae remotely. The AuraeScript library is automatically generated from the .proto
files defined in the Aurae Standard Library.
Valid TypeScript files can be leveraged to replace static manifests, such as YAML, as well as interact directly with a running system.
#!/usr/bin/env auraescript
let cells = new runtime.CellServiceClient();
let allocated = await cells.allocate(<runtime.AllocateCellRequest>{
cell: runtime.Cell.fromPartial({
name: "my-cell",
cpus: "2"
})
});
let started = await cells.start(<runtime.StartExecutableRequest>{
executable: runtime.Executable.fromPartial({
cellName: "my-cell",
command: "sleep 4000",
description: "Sleep for 4000 seconds",
name: "sleep-4000"
})
})
The Aurae Standard Library is expressed in .proto
files and stored in this repository.
Many components of the Aurae runtime system are automatically generated from these core definitions.
See the V0 API Reference for the current library definition.