Ops
Search…
⌃K

Configuration

The configuration file used by ops (such as one passed as a parameter, e.g. ops --config myconfig.json) specifies various options and attributes of code execution, such as files to include, arguments, and environment variables. This file follows the standard json format.
For a complete sample of a configuration, see our sample.
You can also enable config interpolation for things like secrets, hosts or other configuration that you would like to inject from your environment. This is helpful to reduce duplicate config:
For example:
secret=test ops_render_config=true ops run -c config.json
Will populate 'secret' with 'test':
{
"Env": {
"secret": "$secret"
}
}

Configuration Attributes

OPS_HOME

The OPS_HOME environment variable points to the location of where ops will store build images and releases locally. By default it is set to ~/.ops . However there are some use-cases where you might want it set to something else like so:
OPS_HOME=/opt/ops

Args

Args is an array of arguments passed to your program to execute when running the image. Most programs will consider the program name as arg[0] but not all.
{
"Args": ["--report-on-fatalerror", "ex.js"]
}

DisableArgsCopy

DisableArgsCopy, when set to true, disables the auto copy of files from host to image when present in args.
{
"Args": ["ex.js"],
"DisableArgsCopy": true
}

BaseVolumeSz

The BaseVolumeSz is an optional parameter you can pass to specify the size of the base volume. By default the size is the end of blocks written by TFS.
To specify 100 megabytes:
{
"BaseVolumeSz": "100m"
}
To specify 1 gigabyte:
{
"BaseVolumeSz": "1g"
}

Boot

Boot sets the path of bootloader file.
{
"Boot": "nanos/output/platform/pc/boot/boot.img"
}

Uefi

Uefi indicates whether image should support booting via UEFI. Default is false.
{
"Uefi": true
}

UefiBoot

UefiBoot sets the path of UEFI bootloader file.
{
"UefiBoot": "nanos/output/platform/pc/boot/bootx64.efi"
}

BuildDir

BuildDir path to the temporary directory used during image build.
{
"BuildDir": "/tmp/my_app_build_dir"
}

CloudConfig

The CloudConfig configures various attributes about the cloud provider, we want to use with ops.

BucketName

BucketName specifies the bucket to store the Ops built image artifacts.
{
"CloudConfig": {
"BucketName": "my-bucket"
}
}

BucketNamespace

BucketNamespace is required on uploading files to cloud providers as oci.
{
"CloudConfig": {
"BucketNamespace": "my-namespace"
}
}

DomainName

DomainName is used to update DNS entry with the started instance IP.
{
"CloudConfig": {
"DomainName": "ops.city"
}
}

StaticIP

This option is only supported on AWS, GCP.
StaticIP by cloud provider to assign a public static IP to a NIC.
{
"CloudConfig": {
"StaticIP": "1.2.3.4"
}
}

EnableIPv6

This option is only supported on AWS, GCP.
If EnableIPv6 is set to true and a VPC is created, the new VPC will have ipv6 support. Otherwise, it doesn't affect the selected VPC ipv6 support.
{
"CloudConfig": {
"EnableIPv6": true
}
}

Flavor

Flavor specifies the machine type used to create an instance. Each cloud provider has different types descriptions.
{
"CloudConfig": {
"Flavor": "t2.micro"
}
}

ImageType

ImageType allows the user to specify an image type (whose possible values are target platform-specific) when creating an image. Can be used to create images for Hyper-V generation 2 instances.
{
"CloudConfig": {
"ImageType": "gen2"
}
}

ImageName

ImageName specifies the image name in the cloud provider.
{
"CloudConfig": {
"ImageName": "web-server"
}
}

InstanceProfile

InstanceProfile sets up an IAM role for an instance. Currently, this is only used for AWS but, in the future, it might be used to set roles for other cloud providers.
{
"CloudConfig": {
"InstanceProfile": "my-iam-rolename"
}
}

Platform

Platform defines the cloud provider to use with the ops CLI.
Currently supported platforms:
  • Default onprem
  • Google Cloud Platform gcp
  • AWS aws
  • Vultr vultr
  • Vmware vsphere
  • Azure azure
  • Openstack openstack
  • Upcloud upcloud
  • Hyper-v hyper-v
  • DigitalOcean do
  • OpenShift openshift
  • Oracle Cloud Infrastructure oci
  • Oracle VM VirtualBox vbox
  • Proxmox VE proxmox
See further instructions about the cloud provider in dedicated documentation page.
{
"CloudConfig": {
"Platform": "gcp"
}
}

ProjectID

ProjectID is used in some cloud providers to identify a workspace.
{
"CloudConfig": {
"ProjectID": "proj-1000"
}
}

SecurityGroup

SecurityGroup allows an instance to use an existing security group in the cloud provider.
On AWS, both the name and the id of the security group may be used as value.
{
"CloudConfig": {
"SecurityGroup": "sg-1000"
}
}

Subnet

Subnet allows an instance to use an existing subnet in the cloud provider.
On AWS, both the name and the id of the subnet may be used as value.
{
"CloudConfig": {
"Subnet": "sb-1000"
}
}

Tags

Tags is a list of keys and values to provide more context about an instance or an image. There are a set of pre-defined tags to identify the resources created by ops.
{
"CloudConfig": {
"Tags": [
{
"key": "instance-owner",
"value": "joe-smith"
},
{
"key": "function",
"value": "web-server"
}
]
}
}

VPC

VPC allows instance to use an existing vpc in the cloud provider.
On AWS, both the name and the id of the vpc may be used as value.
{
"CloudConfig": {
"VPC": "vpc-1000"
}
}

Zone

Zone is used in some cloud providers to identify the location where cloud resources are stored.
{
"CloudConfig": {
"Zone": "us-west1-b"
}
}

Dirs

Dirs defines an array of directory locations to include into the image.
{
"Dirs": ["myapp/static"]
}
File layout on local host machine:
-myapp
app
-static
-example.html
-stylesheet
-main.css
File layout on VM:
/myapp
app
/static
-example.html
/stylesheet
-main.css

Env

Env defines a map of environment variables to specify for the image runtime.
{
"Env": {
"Environment": "development",
"NODE_DEBUG": "*"
}
}

Files

Files defines an array of file locations to include into the image.
{
"Files": ["ex.js"]
}

Kernel

Kernel sets the path of kernel image file.
{
"Kernel": "nanos/output/platform/pc/bin/kernel.img"
}

KlibDir

KlibDir sets the host directory where kernel libs are located.
{
"KlibDir": "nanos/output/klib/bin"
}

MapDirs

MapDirs sets map of a local directory to a different path on the guest VM. For example the below adds all files under /etc/ssl/certs on host to /usr/lib/ssl/certs on VM.
{
"MapDirs": {"/etc/ssl/certs/*": "/usr/lib/ssl/certs" },
}

Mounts

Mounts is used to mount a volume in an instance. See further instructions about volumes in dedicated documentation page.
{
"Mounts": {
"vol": "/files"
}
}

NameServers

NameServers is an array of DNS servers to use for DNS resolution. By default it is Google's 8.8.8.8.
{
"NameServers": ["10.8.0.1"]
}

NanosVersion

NanosVersion sets nanos version to be used on image manifest.
{
"NanosVersion": ["nightly"]
}

NightlyBuild

NightlyBuild flag forces the use of latest dev builds.
{
"NightlyBuild": true
}

NoTrace

NoTrace is an array of syscalls to mute tracing for.
{
"NoTrace": ["syscall-here"]
}

Program

Program specifies the path of the program to refer to on attach/detach.
{
"Program":"lua_5.2.4/lua"
}

ProgramPath

ProgramPath specifies the original path of the program to refer to on attach/detach.
{
"Program":"/ops_apps/lua_5.2.4/lua"
}

RebootOnExit

RebootOnExit reboot your application immediately if it crashes (exit code is not 0). Is turned off by default, but you can enable it.
{
"RebootOnExit": true
}
same as
{
"Debugflags": ["reboot_on_exit"]
}

LocalFilesParentDirectory

LocalFilesParentDirectory is the parent directory of the files/directories specified in Files and Dirs. The default value is the directory from where the ops command is running
{
"LocalFilesParentDirectory": "."
}

TargetRoot

TargetRoot TODO
{
"TargetRoot": "unix"
}

VolumesDir

VolumesDir is the directory used to store and fetch volumes.
{
"VolumesDir": ""
}

PackageBaseURL

PackageBaseURL provides the URL for downloading the packages.
{
"PackageBaseURL": "https://repo.ops.city/v2/packages"
}

PackageManifestURL

PackageManifestURL provides the URL to download the manifest file that stores info about all packages.
{
"PackageManifestURL": "https://repo.ops.city/v2/manifest.json"
}

Version

Version ops package version. Like docker if the user doesn't provide version of the image we consider "latest" as the version.
{
"Version": "v18.9.0"
}

Language

Language ops package language.
{
"Language": "javascript"
}

Runtime

Runtime ops package runtime.
{
"Runtime": "node"
}

Description

Description ops package description.
{
"Description": "node.js runtime"
}

TargetConfig

TargetConfig provides a limited support to adding cloud provider specific config. This is done as to not overload the other configuration settings.
Currently only the proxmox target has support here. For example:
{
"TargetConfig": {
"isoStorageName": "local",
"Arch": "x86_64",
"Machine": "q35",
"Sockets": "1",
"Cores": "1",
"Numa": "0",
"Memory": "512M",
"StorageName": "local-lvm",
"BridgePrefix": "vmbr",
"Onboot": "0",
"Protection": "0"
}
}

RunConfig

The RunConfig configures various attributes about the runtime of the ops instance, such as allocated memory and exposed ports.

Accel

Defines whether hardware acceleration should be enabled in qemu. This option is enabled by default, but will be disabled when Debug is set to true.
{
"RunConfig": {
"Accel": true
}
}

Bridged

Connects the unikernel network interface to a bridge with the name br0. The bridge name may be overriden with the property BridgeName.
{
"RunConfig": {
"Bridged": true
}
}

BridgeName

Connects the unikernel network interface to a bridge with the name specified. If the bridge does not exist in host machine it is created.
{
"RunConfig": {
"BridgeName": "br1"
}
}

CanIPForward

Enable IP forwarding when creating an instance. Only GCP provider.
{
"RunConfig": {
"CanIPForward": true
}
}

CPUs

Specifies the number of CPU cores the unikernel is allowed to use.
{
"RunConfig": {
"CPUs": 2
}
}

GPUs

Specifies the number of GPUs the unikernel is allowed to use. Only GCP provider.
{
"RunConfig": {
"GPUs": 1,
"GPUType": "nvidia-tesla-t4"
}
}

GPUType

Specifies the type of GPU available. Only GCP provider.
{
"RunConfig": {
"GPUs": 1,
"GPUType": "nvidia-tesla-t4"
}
}

Debug

Opens a port in unikernel to allow a connection with the GDB debugger. See further instructions in Debugging. If debug is set to true the hardware acceleration Accel is disabled.
{
"RunConfig": {
"Debug": true
}
}

Gateway

Defines the default gateway IP of the network interface.
{
"RunConfig": {
"Gateway": "192.168.1.255"
}
}

GdbPort

Define the gdb debugger port. It only takes effect if debug is enabled. By default the GdbPort is 1234.
{
"RunConfig": {
"GdbPort": 1234,
"Debug": true
}
}

Imagename

Sets the name of the image file.
{
"RunConfig": {
"Imagename": "web-server"
}
}

InstanceName

Sets the name of the instance.
{
"RunConfig": {
"InstanceName": "web-server-instance"
}
}

InstanceGroup

Sets the group of the instance.
{
"RunConfig": {
"InstanceGroup": "my-autoscale-service"
}
}

IPAddress

Defines the IP address of the network interface.
{
"RunConfig": {
"IPAddress": "192.168.1.75"
}
}
The IP address has to be specified along with the netmask and the gateway, so the unikernel can assign the IP address to the network interface.
{
"RunConfig": {
"IPAddress": "192.168.1.75",
"NetMask": "255.255.255.0",
"Gateway": "192.168.1.1"
}
}

IPv6Address

Defines the static IPv6 address of the network interface.
{
"RunConfig": {
"IPv6Address": "FE80::46F:65FF:FE9C:4861"
}
}

Klibs

Defines a list of klibs to include. For example to run the NTP klib (eg: ntpd):
{
"RunConfig":{
"Klibs":["ntp"]
}
}

Memory

Configures the amount of memory to allocated to qemu. Default is 128 MiB. Optionally, a suffix of "M" or "G" can be used to signify a value in megabytes or gigabytes respectively.
{
"RunConfig": {
"Memory": "2G"
}
}

Vga

Defines whether to emulate a VGA output device in qemu.
{
"RunConfig": {
"Vga": false
}
}

Mounts

Defines a list of directories paths in the host machine whose data will be copied to the unikernel.
{
"RunConfig": {
"Mounts": ["./files","./assets"]
}
}

NetMask

Defines the netmask of the network interface.
{
"RunConfig": {
"NetMask": "255.255.255.0"
}
}

Nics

Is a list of pre-configured network cards.Meant to eventually deprecate the existing single-nic configuration. Currently only supported for Proxmox
{
"Nics": [
{
"IPAddress": "192.168.1.75",
"NetMask": "255.255.255.0",
"Gateway": "192.168.1.1",
"BridgeName": "br1"
}
]
}

Background

Starts unikernels in background. You can stop the unikernel using the onprem instances stop command.
{
"RunConfig": {
"Background": true
}
}

Ports

A list of ports to expose. Alternatively, you can also use -p in the command line.
{
"RunConfig": {
"Ports": ["80", "8008"],
}
}

ShowDebug

Enables printing more details about what ops is doing at the moment. Also, enables the printing of warnings and errors.
{
"RunConfig": {
"ShowDebug": true,
}
}

ShowErrors

Enables printing errors with more details.
{
"RunConfig": {
"ShowErrors": true,
}
}

ShowWarnings

Enables printing warnings details.
{
"RunConfig": {
"ShowWarnings": true,
}
}

TapName

Connects the unikernel to a network interface with the name specified. If the tap does not exist in host machine it is created.
{
"RunConfig": {
"TapName": "tap0"
}
}

UDPPorts

Opens ports that use UDP protocol.
{
"RunConfig": {
"UDPPorts": ["60", "70-80", "6006"],
}
}

Verbose

Enables verbose logging for the runtime environment. As of now, it prints the command used to start qemu.
{
"RunConfig": {
"Verbose": true
}
}

VolumeSizeInGb

This property is only used by cloud provider openstack and sets the instance volume size. Default size is 1 GB.
{
"RunConfig": {
"VolumeSizeInGb": 2
}
}

ManifestPassthrough

There is the concept of the manifest in Nanos where there exists many other config options that don't boil up to ops configuration, however, sometimes you still wish to pass these settings down to the manifest. Certain klibs, in particular, have variables that need to be set. To set them do this:
{
"ManifestPassthrough": {
"my_manifest_setting": "some_value"
}
}

Exec Protection

Nanos has an 'exec protection' feature that prevents the kernel from executing any code outside the main executable and other 'trusted' files explicitly marked. The program is further limited from modifying the executable file and creating new ones. This flag may also be used on individual files within the children tuple. This prevents the application from exec-mapping anything that is not explicitly mapped as executable.
This is not on by default, however, as many JITs won't work with it turned on.
{