Compute

Managed virtual machines on bare metal — backed by QEMU/KVM and libvirt, with cloud-init, security groups, and VPC networking.

Compute

The Compute service provides managed virtual machines running on bare-metal servers via QEMU/KVM and libvirt. The Compute Agent handles VM creation, networking, security groups, and lifecycle management.

Instance Types

TypevCPUsMemoryDescription
c1.small11 GBDevelopment and testing
c2.medium24 GBSmall workloads
c4.large48 GBGeneral purpose
c4.xlarge416 GBMemory-intensive apps
c8.2xlarge832 GBProduction workloads
c16.4xlarge1664 GBHigh-performance computing
## Available Images
  • ubuntu-22.04 — Ubuntu 22.04 LTS
  • ubuntu-24.04 — Ubuntu 24.04 LTS
  • debian-12 — Debian 12 (Bookworm)
  • rocky-9 — Rocky Linux 9

Features

  • cloud-init — pass user data scripts for automated instance configuration at boot
  • Security groups — stateful firewall rules applied via nftables on the host
  • VPC networking — place instances inside VPCs for isolated, private networking via WireGuard
  • Live status monitoring — the Compute Agent continuously checks VM health and reports status

Create via CLI

agentmetal instance create \
  --name web \
  --type c4.large \
  --image ubuntu-22.04 \
  --vpc prod

Create via API

curl -X POST http://localhost:8080/v1/instances \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "web",
    "spec": {
      "type": "c4.large",
      "image": "ubuntu-22.04",
      "vpc": "prod",
      "securityGroups": ["web-sg"],
      "userData": "#!/bin/bash\napt-get update && apt-get install -y nginx"
    }
  }'

What the Agent Manages

The Compute Agent performs the following operations automatically:

  1. VM creation — selects an appropriate bare-metal host, creates a QEMU/KVM virtual machine via libvirt, and allocates resources
  2. Networking setup — attaches the VM to the specified VPC via WireGuard, assigns a private IP from the subnet IPAM, and configures DNS records
  3. Security group rules — translates security group definitions into nftables rules on the host and applies them
  4. Health monitoring — periodically checks that the VM is running, responsive, and has network connectivity
  5. Self-healing — if a VM becomes unresponsive, the agent attempts to restart it; if the host has failed, it migrates the VM to a healthy host

Security Groups

Define inbound and outbound rules:

agentmetal sg create --name web-sg --vpc prod \
  --inbound "tcp:80:0.0.0.0/0" \
  --inbound "tcp:443:0.0.0.0/0" \
  --inbound "tcp:22:10.0.0.0/16"

Rules are applied as nftables chains on the host and updated in real time when you modify the security group.