Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/arun-gupta/firecracker-firstlook

First Look at Firecracker
https://github.com/arun-gupta/firecracker-firstlook

containers fargate firecracker kata-containers kvm-hypervisor lambda qemu virtualization virtualization-based-security

Last synced: 3 months ago
JSON representation

First Look at Firecracker

Awesome Lists containing this project

README 

          
= First Look at Firecracker

:toc:



= Video 1: What is Firecracker



**Slides**



. What is Firecracker?

. Benefits of Firecracker

. Firecracker Design Principles



= Video 2: Firecracker Design



**Slides**



. Firecracker Design

. REST API



= Video 3: Firecracker and Lambda



**Slides**



= Video 4: Firecracker and Fargate



**Slides**



= Video 5: Getting Started with Firecracker



**Prep Work**



. Create an `m5.metal` instance using Amazon Linux 2 on EC2 and login:



    ssh -i ~/.ssh/arun-us-east1.pem ec2-user@



**Code**



. Clone and build `firectl`:



    sudo yum install -y git

    git clone https://github.com/firecracker-microvm/firectl

    sudo amazon-linux-extras install -y golang1.11

    cd firectl

    make



. Firecracker uses KVM and needs read/write access that can be granted as shown below:



    sudo setfacl -m u:${USER}:rw /dev/kvm



. Download the Firecracker binary:



    curl -LOJ https://github.com/firecracker-microvm/firecracker/releases/download/v0.15.2/firecracker-v0.15.2

    chmod +x firecracker-v0.15.2

    sudo mv firecracker-v0.15.2 /usr/local/bin/firecracker



. Download an Alpine Linux-based test kernel and a root filesystem:



    curl -fsSL -o hello-vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/hello/kernel/hello-vmlinux.bin

    curl -fsSL -o hello-rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/hello/fsfiles/hello-rootfs.ext4



. Create microVM:



    ./firectl \

      --kernel=hello-vmlinux.bin \

      --root-drive=hello-rootfs.ext4



. Terminal 1 shows a login prompt:



    Welcome to Alpine Linux 3.8

    Kernel 4.14.55-84.37.amzn2.x86_64 on an x86_64 (ttyS0)

    localhost login:



. Log in as `root` with password `root`

. Show the filesystem:



    ls /



. Shutdown the machine:



    reboot



= Video 6: Access the microVM using REST API



. Start the machine again:



    sudo setfacl -m u:${USER}:rw /dev/kvm

    ./firectl \

      --kernel=hello-vmlinux.bin \

      --root-drive=hello-rootfs.ext4



. In another terminal, login to the same EC2 instance:



   ssh -i ~/.ssh/arun-us-east1.pem ec2-user@

 

. Query the microVM:



    $ curl --unix-socket ~/.firecracker.sock-* http://localhost/

    {"id":"anonymous-instance","state":"Running","vmm_version":"0.15.2"}



. Get more details about the microVM:

+

    $ curl --unix-socket ~/.firecracker.sock-* http://localhost/machine-config

    { "vcpu_count": 1, "mem_size_mib": 512,  "ht_enabled": true,  "cpu_template": "Uninitialized" }

+

Show the vCPU and memory size.

+

. Try to update the vCPU:



    $ curl --unix-socket ~/.firecracker.sock-* -X PUT http://localhost/machine-config -d '{ "vcpu_count": 2}'

    {

    "fault_message": "The update operation is not allowed after boot."

    }



. Try to shutdown the VM using by sending `SendCtrlAltDel` action:

+

    curl --unix-socket ~/.firecracker.sock-* -X PUT http://localhost/actions -d '{ "action_type": "SendCtrlAltDel" }'

+

Explain that this will not work. Firecracker emulates a standard AT keyboard, connected via an i8042 controller. The required device drivers are not enabled in this kernel.

+

. Download a Ubuntu-based test kernel and Xenial root filesystem, that has the device drivers enabled:



    curl -fsSL -o vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/ubuntu_with_ssh/kernel/vmlinux.bin

    curl -fsSL -o xenial.rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/ubuntu_with_ssh/fsfiles/xenial.rootfs.ext4



. Start a new microVM using new kernel and filesystem:



    sudo setfacl -m u:${USER}:rw /dev/kvm

    ./firectl \

      --kernel=vmlinux.bin \

      --root-drive=xenial.rootfs.ext4



. Query the microVM again:



    curl --unix-socket ~/.firecracker.sock-* http://localhost/machine-config



. Shutdown the microVM using an action:



    curl --unix-socket ~/.firecracker.sock-* -X PUT http://localhost/actions -d '{ "action_type": "SendCtrlAltDel" }'



= Video 7: Firecracker and Container Integration



**Slides**



. Firecracker and Containerd

. Firecracker and Kata Containers



**Code**



Waiting for https://github.com/aws/containers-roadmap/issues/24.



https://github.com/kata-containers/packaging/tree/master/kata-deploy#kubernetes-quick-start



. Install eksctl CLI:



    brew tap weaveworks/tap

    brew install weaveworks/tap/eksctl



. Create EKS cluster:



    eksctl create cluster --name kata --nodes 4



. Install Kata:



    kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/kata-rbac.yaml

    kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/kata-deploy.yaml



. Deploy a pod using `kata-fc` runtime:



    kubectl apply -f https://raw.githubusercontent.com/kata-containers/packaging/master/kata-deploy/examples/test-deploy-kata-fc.yaml



. Get pod details:



    kubectl describe pod <>



= Video 8: Next Steps with Firecracker



. https://firecracker-microvm.github.io/

. https://github.com/rust-vmm

. Slack channel: https://tinyurl.com/firecracker-microvm

. Good First Issue: https://github.com/firecracker-microvm/firecracker/issues?q=is%3Aopen+is%3Aissue+label%3A%22Contribute%3A+Good+First+Issue%22