public_git
/
orchard
mirror of https://github.com/cirruslabs/orchard.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Orchestrator for running Tart Virtual Machines on a cluster of Apple Silicon devices
243 Commits 8 Branches 95 Tags 2.6 MiB
Go 98.7%
JavaScript 0.8%
Shell 0.4%
Dockerfile 0.1%
Go to file
Fedor Korotkov 310ff200ea Add VM-scoped temporary JWT access tokens 2026-02-05 22:58:18 +01:00
.github Dependabot: group all updates to avoid multiple PRs noise (#293) 2025-04-03 22:10:22 +04:00
api Add VM-scoped temporary JWT access tokens 2026-02-05 22:58:18 +01:00
cmd/orchard Orchard Controller: implement an SSH server that acts as a jump host (#179) 2024-06-11 19:32:45 +04:00
docs Move documentation to Tart's website (#199) 2024-09-03 21:08:11 +04:00
internal Add VM-scoped temporary JWT access tokens 2026-02-05 22:58:18 +01:00
packaging orchard-controller .deb/.rpm package: install systemd service (#204) 2024-09-05 20:42:36 +04:00
pkg Add VM-scoped temporary JWT access tokens 2026-02-05 22:58:18 +01:00
rpc API endpoint and associated RPC changes to resolve VMs IP's (#188) 2024-07-03 22:56:43 +04:00
test/load Fix Grafana k6 script to not consume all system's CPU (#396) 2026-02-04 22:50:57 +01:00
.cirrus.star Use golangci-lint (#15) 2023-01-31 22:22:28 +04:00
.cirrus.yml Introduce WebSocket-based RPC v2 (#239) 2025-01-30 17:33:32 +04:00
.gitignore Better state syncing and other improvements (#24) 2023-03-01 11:42:16 -05:00
.golangci.yml .golangci.yml: support golangci-lint 2.0 (#289) 2025-03-24 23:58:47 +04:00
.goreleaser.yml Fix #221 by bumping Go. (#223) 2024-11-20 14:02:39 +04:00
DEVELOPMENT.md Move documentation to Tart's website (#199) 2024-09-03 21:08:11 +04:00
Dockerfile orchard controller run: create a default bootstrap context (#291) 2025-03-27 18:48:04 +04:00
LICENSE Prepare for release (#37) 2023-03-20 15:28:24 -04:00
README.md Work around Sequoia's "Local Network" permission with a helper process (#302) 2025-04-10 18:01:19 +04:00
buf.gen.yaml Port forwarding support (#30) 2023-03-14 11:31:13 -04:00
buf.work.yaml Port forwarding support (#30) 2023-03-14 11:31:13 -04:00
go.mod Bump the all-updates group with 7 updates (#395) 2026-02-03 15:28:37 +01:00
go.sum Bump the all-updates group with 7 updates (#395) 2026-02-03 15:28:37 +01:00

README.md

Orchard

[!IMPORTANT]

macOS 15 (Sequoia)

The newly introduced "Local Network" permission in macOS Sequoia requires accepting a GUI pop-up on each host machine that runs the Orchard Worker.

To work around this, upgrade your workers to Orchard 0.32.0 or newer and invoke the orchard worker run as root with an additional --user command-line argument, which takes a name of your regular, non-privileged user on the host machine.

This will cause the Orchard Worker to start a small orchard localnetworkhelper process in the background and then drop the privileges to the specified user.

The helper process is privileged and needed to establish network connections on behalf of the Orchard Worker without triggering a GUI pop-up.

This approach is more secure than simply running orchard worker run as root, because only a small part of Orchard Worker runs privileged and the only functionality that this part has is establishing new connections.

Orchard is an orchestration system for Tart. Create a cluster of bare-metal Apple Silicon machines and manage dozens of VMs with ease!

Usage

The fastest way to get started with Orchard is to use a local development mode:

brew install cirruslabs/cli/orchard
orchard dev

This will start Orchard Controller and a single Orchard Worker on your local machine.

You can interact with the newly created cluster using the orchard CLI or programmatically, through the built-in REST API server.

Please check out the official documentation for more information and/or feel free to use issues for the remaining questions.