FreedomBoxBlog

A software architecture for the FreedomBox

Rob van der Hoeven
Wed Apr 13 2011

This posting describes the software architecture I want to use for my FreedomBox. A software architecture is about “the big picture”. How are we going to integrate the various software packages into a working FreedomBox? What infrastructure do we need?

Before a software architecture can be specified there first must be a “big picture view” of the desired system. What requirements must be met? For my system I made the following list:

Requirements:

I'm from the church of CBD and believe that systems should be modular. Each module should have its own (unique) function, its own data and its own configuration. In a modular system there is a clear boundary between the modules making it easy to:

I believe that these properties of a modular design are essential for a successful FreedomBox architecture. Before I work out my architecture I want to give you an example of an FreedomBox module, just to make things less abstract.

The FreedomBox should have a Wordpress blog module. This module consists of a default Wordpress installation including MySQL and Apache/PHP. After installing this module everything inside the module (Wordpress/MySQL/Apache/PHP) is fully configured and ready to go. If the user wants to host Wordpress on another FreedomBox than he/she can simply export/import the Wordpress data. For this the module has a data interface that is called from the FreedomBox user interface.

The design.

Looking at the requirements I realized that many requirements could be met by using so called Virtual Machines (VM's). Virtual Machines are natural modules, they support resource sharing and isolation of services. The isolation a VM provides offers security benefits too.

Traditionally the biggest problem with VM's is the heavy resource requirements. Fortunately with GNU/Linux there is a virtualization technique called Linux Containers (LXC). With Linux Containers the same kernel is shared between VM's. This drastically lowers memory usage and also reduces the performance penalty that normal virtualization has.

After experimenting with LXC (see below) I decided to make the technology an integral part of my FreedomBox architecture. Most modules are housed inside a Linux Container.

Back to the design. Modular design is all about giving the modules a unique function. Let's make a list of the unique functions inside the FreedomBox architecture.

Each module should have a data interface that can be called from the User-Management module. The data interface must be able to export all the data from a module so that it can be used as an import for a freshly installed module.

That's it. All that's left are implementation details. (OK things are not that easy.... :-)).

My FreedomBox.

To make the architecture less abstract I give you an overview of my own FreedomBox. Don't expect a fully developed system, it's a work in progress. My first goal is to give my box virtual web server capabilities. Hosting multiple isolated VM's, each with an Apache2 web-server, full SSH access and (web) mail. This is what I got now: (click image for a bigger picture)

Picture of FreedomBox architecture

My FreedomBox is a former QNAP TS 119 NAS that was upgraded to Debian GNU/Linux (thank you Martin Michlmayr and Debian community!)

The most important component in this system is the Network VM. This VM distributes incoming request to the services in the other VM's. All access from the internet is routed through this VM.

All the other VM's are used to host Wordpress blogs. They have the possibility to send/receive mail via Exim4. The combination of mail server and web server is not ideal so i will investigate the possibility to place the mail server in its own VM.

To give you an idea about the memory requirements of my VM based system, here is the output of a pstree command followed by the free command:

init─┬─apache2─┬─4*[apache2───17*[{apache2}]]
     │         └─5*[apache2]
     ├─atd
     ├─cron
     ├─dbus-daemon
     ├─getty
     ├─inetd
     ├─lxc-start───init─┬─apache2───2*[apache2]
     │                  ├─5*[getty]
     │                  ├─mysqld_safe─┬─logger
     │                  │             └─mysqld───15*[{mysqld}]
     │                  └─sshd
     ├─lxc-start───init─┬─apache2───3*[apache2]
     │                  ├─cron
     │                  ├─exim4
     │                  ├─4*[getty]
     │                  ├─mysqld_safe─┬─logger
     │                  │             └─mysqld───11*[{mysqld}]
     │                  └─sshd
     ├─lxc-start───init─┬─courierd───courierd─┬─courierdsn
     │                  │                     ├─courieresmtp
     │                  │                     ├─courierfax
     │                  │                     ├─courierlocal
     │                  │                     └─courieruucp
     │                  ├─courierfilter
     │                  ├─courierlogger───authdaemond───5*[authdaemond]
     │                  ├─2*[courierlogger]
     │                  ├─couriertcpd
     │                  ├─cron
     │                  ├─5*[getty]
     │                  ├─nginx───nginx
     │                  └─sshd
     ├─lxc-start───init─┬─apache2───9*[apache2]
     │                  ├─cron
     │                  ├─exim4
     │                  ├─5*[getty]
     │                  ├─mysqld_safe─┬─logger
     │                  │             └─mysqld───14*[{mysqld}]
     │                  └─sshd
     ├─nmbd
     ├─ntpd
     ├─portmap
     ├─rpc.idmapd
     ├─rpc.mountd
     ├─rpc.statd
     ├─rsyslogd───2*[{rsyslogd}]
     ├─smbd───smbd
     ├─sshd───sshd───bash───pstree
     ├─udevd───2*[udevd]
     └─winbindd───3*[winbindd]

             total       used       free     shared    buffers     cached
Mem:        515572     462720      52852          0      65164     208052

-/+ buffers/cache:     189504     326068

Swap:      1508344      24776    1483568

Apart from the 4 LXC containers there are many other programs running. Memory usage is still very low. I hope you like my architecture. Please don't hesitate to ask questions. Suggestions are welcome too.