• Stars
    star
    472
  • Rank 93,034 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created almost 6 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

firectl is a command-line tool to run Firecracker microVMs

firectl

Build status

Firectl is a basic command-line tool that lets you run arbitrary Firecracker MicroVMs via the command line. This lets you run a fully functional Firecracker MicroVM, including console access, read/write access to filesystems, and network connectivity.

Building

The default Makefile rule executes go build and relies on the Go toolchain installed on your computer. We use go modules, and building requires Go 1.14 or newer.

If you do not have a new-enough Go toolchain installed, you can use make build-in-docker. This rule creates a temporary Docker container which builds and copies the binary to your current directory.

Usage

You'll need to have a firecracker build, as well as an uncompressed Linux kernel image (vmlinux) and root filesystem image.

By default, firectl searches PATH for the firecracker binary. The location of the kernel and filesystem image must be provided explicitly.

Usage:
  firectl [OPTIONS]

Application Options:
      --firecracker-binary=     Path to firecracker binary
      --kernel=                 Path to the kernel image (default: ./vmlinux)
      --kernel-opts=            Kernel commandline (default: ro console=ttyS0 noapic reboot=k panic=1 pci=off nomodules)
      --root-drive=             Path to root disk image, optionally suffixed with :ro or :rw
      --root-partition=         Root partition UUID
      --add-drive=              Path to additional drive, suffixed with :ro or :rw, can be specified multiple times
      --tap-device=             NIC info, specified as DEVICE/MAC
      --vsock-device=           Vsock interface, specified as PATH:CID. Multiple OK
      --vmm-log-fifo=           FIFO for firecracker logs
      --log-level=              vmm log level (default: Debug)
      --metrics-fifo=           FIFO for firecracker metrics
  -t, --disable-smt             Disable CPU Simultaneous Multithreading
  -c, --ncpus=                  Number of CPUs (default: 1)
      --cpu-template=           Firecracker CPU Template (C3 or T2)
  -m, --memory=                 VM memory, in MiB (default: 512)
      --metadata=               Firecracker Metadata for MMDS (json)
  -l, --firecracker-log=        pipes the fifo contents to the specified file
  -s, --socket-path=            path to use for firecracker socket, defaults to a unique file in in the first existing directory from {$HOME, $TMPDIR, or /tmp}
  -d, --debug                   Enable debug output

Help Options:
  -h, --help                    Show this help message

Example

firectl \
  --kernel=~/bin/vmlinux \
  --root-drive=/images/image-debootstrap.img -t \
  --cpu-template=T2 \
  --firecracker-log=~/firecracker-vmm.log \
  --kernel-opts="console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw" \
  --vsock-device=root:3 \
  --metadata='{"foo":"bar"}'

Getting Started on AWS

  • Create an m5d.metal instance using Amazon Linux 2

  • Get firectl binary:

    curl -Lo firectl https://firectl-release.s3.amazonaws.com/firectl-v0.1.0
    curl -Lo firectl.sha256 https://firectl-release.s3.amazonaws.com/firectl-v0.1.0.sha256
    sha256sum -c firectl.sha256
    chmod +x firectl
    
  • Get Firecracker binary:

    curl -Lo firecracker https://github.com/firecracker-microvm/firecracker/releases/download/v0.16.0/firecracker-v0.16.0
    chmod +x firecracker
    sudo mv firecracker /usr/local/bin/firecracker
    
  • Give read/write access to KVM:

    sudo setfacl -m u:${USER}:rw /dev/kvm
    
  • Download kernel and root filesystem:

    curl -fsSL -o hello-vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/hello/kernel/hello-vmlinux.bin
    curl -fsSL -o hello-rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/hello/fsfiles/hello-rootfs.ext4
    
  • Create microVM:

    ./firectl \
      --kernel=hello-vmlinux.bin \
      --root-drive=hello-rootfs.ext4
    

Testing

By default the tests require the firectl binary to be built and a kernel image to be present. The integration tests look for the binary and kernel image in the root directory. By default it will look for vmlinux kernel image. This can be overwritten by setting the environment variable KERNELIMAGE to the desired path. To disable these tests simply set the environment variable SKIP_INTEG_TEST=1.

Questions?

Please use GitHub issues to report problems, discuss roadmap items, or make feature requests.

If you've discovered an issue that may have security implications to users or developers of this software, please do not report it using GitHub issues, but instead follow Firecracker's security reporting guidelines.

Other discussion: For general discussion, please join us in the #general channel on the Firecracker Slack.