Flintlock

API docs and instructions on how to provision hardware to run Flintlock services.

API docs

Flintlock is a gRPC service with an HTTP gateway.

The proto API can be found here.

The HTTP API can be found here.

Server configuration

flintlockd can be run as a systemd service or directly/managed by another mechanism.

The service can be configured via flags or a yaml config file.

The minimum options required to run are:

containerd-socket: <path to containerd socket>
verbosity: <1-9>
parent-iface: <wired interface>

Flintlock can be configured and started by the provision.sh tool.

Adding SSH keys to MicroVMs

info

For instructions on how to add SSH keys to MicroVMs created via CAPMVM see this page.

If you are creating MicroVMs via the flintlock API directly, encode your keys in the cloud-init "user-data":

cat << EOF >userdata.txt
#cloud-config
hostname: mvm0
users:
    - name: root
      ssh_authorized_keys:
        - |
          ssh-ed25519 foobar
disable_root: false
package_update: false
final_message: The Liquid Metal booted system is good to go after $UPTIME seconds
runcmd:
    - dhclient -r
    - dhclient
EOF

cat userdata.txt | base64
# result

And add the result to the spec:

{
    "id": "mvm0",
    "namespace": "ns0",
    // ...
    "metadata": {
      "meta-data": "aW5zdGFuY2VfaWQ6IG5zMC9tdm0wCmxvY2FsX2hvc3RuYW1lOiBtdm0wCnBsYXRmb3JtOiBsaXF1aWRfbWV0YWwK",
      "user-data": "ENCODED RESULT"
    }
}

API docs​

Server configuration​

Adding SSH keys to MicroVMs​

API docs

Server configuration

Adding SSH keys to MicroVMs