Orchestrator for running Tart Virtual Machines on a cluster of Apple Silicon devices

Go to file

Nikolay Edigaryev c5e0d68a3d API: introduce ability to watch a VM (#351 ) * API: introduce ability to watch a VM * Document ?watch=true for GET /vms/{name} in the OpenAPI specification * WatchVM: ensure that goroutine is terminated on early return with error * WatchVM: close channels on goroutine exit * WatchVM: ensure that we wait for the goroutine after additional barriers * WatchVM: ignore unexpected keys instead of throwing an error * WatchVM: perform context-aware writes to a bounded channel * WatchVM: don't forget to close errCh on goroutine exit too * WatchVM: don't close readyCh in goroutine to avoid ambiguity * WatchVM: filter out spurious KVs that signify VM deletion		2025-10-03 21:34:53 +04:00
.github	Dependabot: group all updates to avoid multiple PRs noise (#293 )	2025-04-03 22:10:22 +04:00
api	API: introduce ability to watch a VM (#351 )	2025-10-03 21:34:53 +04:00
cmd/orchard	Orchard Controller: implement an SSH server that acts as a jump host (#179 )	2024-06-11 19:32:45 +04:00
docs	Move documentation to Tart's website (#199 )	2024-09-03 21:08:11 +04:00
internal	API: introduce ability to watch a VM (#351 )	2025-10-03 21:34:53 +04:00
packaging	orchard-controller .deb/.rpm package: install systemd service (#204 )	2024-09-05 20:42:36 +04:00
pkg	API: introduce ability to watch a VM (#351 )	2025-10-03 21:34:53 +04:00
rpc	API endpoint and associated RPC changes to resolve VMs IP's (#188 )	2024-07-03 22:56:43 +04:00
.cirrus.star	Use golangci-lint (#15 )	2023-01-31 22:22:28 +04:00
.cirrus.yml	Introduce WebSocket-based RPC v2 (#239 )	2025-01-30 17:33:32 +04:00
.gitignore	Better state syncing and other improvements (#24 )	2023-03-01 11:42:16 -05:00
.golangci.yml	.golangci.yml: support golangci-lint 2.0 (#289 )	2025-03-24 23:58:47 +04:00
.goreleaser.yml	Fix #221 by bumping Go. (#223 )	2024-11-20 14:02:39 +04:00
DEVELOPMENT.md	Move documentation to Tart's website (#199 )	2024-09-03 21:08:11 +04:00
Dockerfile	orchard controller run: create a default bootstrap context (#291 )	2025-03-27 18:48:04 +04:00
LICENSE	Prepare for release (#37 )	2023-03-20 15:28:24 -04:00
README.md	Work around Sequoia's "Local Network" permission with a helper process (#302 )	2025-04-10 18:01:19 +04:00
buf.gen.yaml	Port forwarding support (#30 )	2023-03-14 11:31:13 -04:00
buf.work.yaml	Port forwarding support (#30 )	2023-03-14 11:31:13 -04:00
go.mod	Worker: automatically scrape logical cores and memory size (#341 )	2025-09-17 00:13:42 +04:00
go.sum	Worker: automatically scrape logical cores and memory size (#341 )	2025-09-17 00:13:42 +04:00

README.md

Orchard

[!IMPORTANT]

macOS 15 (Sequoia)

The newly introduced "Local Network" permission in macOS Sequoia requires accepting a GUI pop-up on each host machine that runs the Orchard Worker.

To work around this, upgrade your workers to Orchard 0.32.0 or newer and invoke the orchard worker run as root with an additional --user command-line argument, which takes a name of your regular, non-privileged user on the host machine.

This will cause the Orchard Worker to start a small orchard localnetworkhelper process in the background and then drop the privileges to the specified user.

The helper process is privileged and needed to establish network connections on behalf of the Orchard Worker without triggering a GUI pop-up.

This approach is more secure than simply running orchard worker run as root, because only a small part of Orchard Worker runs privileged and the only functionality that this part has is establishing new connections.

Orchard is an orchestration system for Tart. Create a cluster of bare-metal Apple Silicon machines and manage dozens of VMs with ease!

Usage

The fastest way to get started with Orchard is to use a local development mode:

brew install cirruslabs/cli/orchard
orchard dev

This will start Orchard Controller and a single Orchard Worker on your local machine.

You can interact with the newly created cluster using the orchard CLI or programmatically, through the built-in REST API server.

Please check out the official documentation for more information and/or feel free to use issues for the remaining questions.