HTTP-controlled NBD-export multiplexer for a small lab (boot Linux images over the network with overlayfs+tmpfs writes)
Project description
nbdmux
HTTP-controlled NBD-export multiplexer for a small lab. Register local
disk-image files as named NBD exports over an HTTP control plane; nbdmux
keeps an nbd-server subprocess alive that serves all registered
exports on a single TCP port. Targets nbd-client against that port
from an initramfs and boot the image with overlayfs over tmpfs for
writes (see bty's ramboot boot mode for the canonical consumer).
Designed as a peer to withcache: small lab, single sidecar container, no third-party Python deps. Operationally:
[ bty-web ] --HTTP--> [ nbdmux ] --supervises--> [ nbd-server ]
| |
| TCP 10809
| |
v v
SQLite state [ target's
(exports table) nbd-client ]
Components
| Path | What it is |
|---|---|
src/nbdmux/server.py |
The daemon. HTTP control plane + nbd-server subprocess management + operator UI (Bootstrap 5 + Bootstrap Icons + HTMX, matches bty's chrome) |
src/nbdmux/client.py |
Stdlib-only Python client library for other tools |
deploy/Containerfile |
Single-image deploy (Python + nbd-server) |
deploy/compose.yml |
Reference compose stack |
System dependency
nbdmux runs nbd-server (from the classical nbd project) as a
subprocess. Install at the OS level:
# Debian / Ubuntu
sudo apt install nbd-server
# Fedora
sudo dnf install nbd
The container deploy bundles it. Also make sure the nbd kernel
module + nbd-client are available on the consuming Linux box (the
target you're booting); they're in the same nbd package.
Install
pipx install nbdmux # or: uv tool install nbdmux
Run the daemon (development; the container deploy is the recommended production path):
nbdmux-server --data-dir ./data --port 8082 --nbd-port 10809
Register an image. Two body shapes are accepted:
Pre-warmed -- point at a file the operator has already placed on disk:
curl -X POST http://localhost:8082/exports \
-H 'Content-Type: application/json' \
-d '{"name": "debian-sysdev", "file": "/path/to/debian-sysdev.img", "readonly": true}'
Warm via withcache -- nbdmux fetches src_url through the
configured withcache, decompresses on the fly (gzip / zstd / xz),
and lands the raw .img under <images-dir>/<name>.img. Requires
NBDMUX_WITHCACHE_URL set on the daemon:
curl -X POST http://localhost:8082/exports \
-H 'Content-Type: application/json' \
-d '{"name": "debian-sysdev", "src_url": "https://catalog/debian-sysdev.img.zst", "readonly": true}'
Then on a target Linux box:
modprobe nbd
nbd-client <nbdmux-host> 10809 -name debian-sysdev /dev/nbd0
fdisk -l /dev/nbd0 # the .img's partition table
HTTP control plane
| Method | Path | Body | Returns |
|---|---|---|---|
| GET | /exports |
- | array of exports |
| POST | /exports |
{name, file, readonly?: bool} (pre-warmed) OR {name, src_url} (warm via withcache) |
the new export |
| DELETE | /exports/{name} |
- | 204 (warm-created also unlinks the .img) |
| POST | /admin/create_export |
form-encoded name=...&src_url=... |
303 to / (dashboard) |
| GET | /healthz |
- | ok (200) when nbd-server is up, nbd-server not running (503) when down |
| GET | / |
- | operator dashboard |
POST /admin/create_export is what the operator UI's New Export
subnav form submits to; it's the form-encoded counterpart of the
JSON POST /exports {name, src_url} warm path. Validation
failures 303 back to /?err=<kind> and the dashboard renders an
alert banner with a friendly reason.
Operator UI
The dashboard at http://<host>:8082/ is a one-page view of the
nbd-server process, all registered exports, and (top-right of the
sub-navigation strip) a New Export form. It uses Bootstrap 5 +
Bootstrap Icons + HTMX bundled offline; the same chrome as bty and
withcache, only the primary hue differs (magenta -- the terminus of
the trio's navy -> dark-magenta -> magenta gradient) so operators
tell the three consoles apart at a glance.
Auth
Single-tenant, server-signed cookie -- same pattern as withcache. Set
NBDMUX_ADMIN_PASSWORD to gate the operator UI + the HTTP control
plane; unset = open with a startup warning.
NBDMUX_SESSION_SECRET pins the HMAC key that signs session cookies.
Unset (or blank) = the daemon generates a fresh 64-hex key at first
start and persists it under <data-dir>/session-secret. Set it
explicitly to keep cookies valid across a container rebuild that
wipes the data volume, or to rotate the secret on demand.
The NBD port itself is unauthenticated (nbd-server's classical model); LAN-only assumption, firewall is the operator's responsibility.
License
BSD-3-Clause.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file nbdmux-0.2.15.tar.gz.
File metadata
- Download URL: nbdmux-0.2.15.tar.gz
- Upload date:
- Size: 421.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1b6b47df355fad1550b7991ef6deef593d07bf4069dc6568418935a0254ed4da
|
|
| MD5 |
d5a9b1c5dd53eb91ffd4b38edb929475
|
|
| BLAKE2b-256 |
65886822ddb6b844b8d8c98952824c99718c90e77406aabf79831fb0187b8d35
|
Provenance
The following attestation bundles were made for nbdmux-0.2.15.tar.gz:
Publisher:
ci-cd.yml on safl/nbdmux
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nbdmux-0.2.15.tar.gz -
Subject digest:
1b6b47df355fad1550b7991ef6deef593d07bf4069dc6568418935a0254ed4da - Sigstore transparency entry: 2066703377
- Sigstore integration time:
-
Permalink:
safl/nbdmux@5880754df8fee67a5e1eb23a8b68586738658c83 -
Branch / Tag:
refs/tags/v0.2.15 - Owner: https://github.com/safl
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci-cd.yml@5880754df8fee67a5e1eb23a8b68586738658c83 -
Trigger Event:
push
-
Statement type:
File details
Details for the file nbdmux-0.2.15-py3-none-any.whl.
File metadata
- Download URL: nbdmux-0.2.15-py3-none-any.whl
- Upload date:
- Size: 406.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
28c7bafe16e876f4e46f32c891ed97bb077adc5df077feb6e91e6d8cbfe4cdbd
|
|
| MD5 |
5c5e0d4f03730b17e39d2b01eecfffc4
|
|
| BLAKE2b-256 |
0af94e1a68e67dfaa63928a73e61a9c421cfbd2ef71de0f119fa30061f6d77ac
|
Provenance
The following attestation bundles were made for nbdmux-0.2.15-py3-none-any.whl:
Publisher:
ci-cd.yml on safl/nbdmux
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
nbdmux-0.2.15-py3-none-any.whl -
Subject digest:
28c7bafe16e876f4e46f32c891ed97bb077adc5df077feb6e91e6d8cbfe4cdbd - Sigstore transparency entry: 2066703483
- Sigstore integration time:
-
Permalink:
safl/nbdmux@5880754df8fee67a5e1eb23a8b68586738658c83 -
Branch / Tag:
refs/tags/v0.2.15 - Owner: https://github.com/safl
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci-cd.yml@5880754df8fee67a5e1eb23a8b68586738658c83 -
Trigger Event:
push
-
Statement type: