IT 3300 : Virtualization

Firecracker

What it is

Firecracker enables you to deploy workloads in lightweight virtual machines, called microVMs, which provide enhanced security and workload isolation over traditional VMs, while enabling the speed and resource efficiency of containers. Firecracker was developed at Amazon Web Services to improve the customer experience of services like AWS Lambda and AWS Fargate .

What it is

  • More or less a stripped down virtual machine
  • Fast startup times
    • Firecracker initiates user space or application code in as little as 125 ms and supports microVM creation rates of up to 150 microVMs per second per host.
  • Scale and efficiency
    • Each Firecracker microVM runs with a reduced memory overhead of less than 5 MiB, enabling a high density of microVMs to be packed on each server

What it is

  • Developed by AWS
    • For Lambda
  • A microvm is a lightweight vm
  • Any function or container workload can run inside of one.
  • It is ideal for running multiple high-performance and secure workloads concurrently on a single machine because it combines the security and isolation of traditional VMs with the resource efficiency of containers.

Differences

Maybe look at the chart on this page.

Howto

  • Make sure to create a VM with at least 8192 M Ram.
  • Also, make sure CPU is set to host
    • To verify do lsmod | grep kvm.
  • Follow the instructions here

Howto

To successfully start a microVM with you will need an uncompressed Linux kernel binary, and an ext4 file system image (to use as rootfs).

    ARCH="$(uname -m)"
    # Download a linux kernel binary
    wget https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.6/${ARCH}/vmlinux-5.10.198
    # Download a rootfs
    wget https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.6/${ARCH}/ubuntu-22.04.ext4
    # Download the ssh key for the rootfs
    wget https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.6/${ARCH}/ubuntu-22.04.id_rsa
    # Set user read permission on the ssh key
    chmod 400 ./ubuntu-22.04.id_rsa

Howto

  • What is a linux kernel?
  • What is a rootfs? (~300M)

Howto Download firecracker binary

    ARCH="$(uname -m)"
    release_url="https://github.com/firecracker-microvm/firecracker/releases"
    latest=$(basename $(curl -fsSLI -o /dev/null -w  %{url_effective} ${release_url}/latest))
    curl -L ${release_url}/download/${latest}/firecracker-${latest}-${ARCH}.tgz \
    | tar -xz
    
    # Rename the binary to "firecracker"
    mv release-${latest}-$(uname -m)/firecracker-${latest}-${ARCH} firecracker

Howto

  • Running firecracker will require two terminals, the first one running the firecracker binary, and a second one for communicating with the firecracker process via HTTP requests

Howto

  • Start firecracker running in one terminal like this: sudo ./firecracker --api-sock "/tmp/firecracker.socket". You may have to occasionally remove that file.
  • Download this file
  • Also download this file, chmod it, run it
  • Now you can hopefully launch a machine with ./firecracker --no-api --config-file vmconfig.json.

What can you do

  • Check out the vm and see what you can do.
  • Look at the vmconfig.json file for various changes we can make. You may have to edit to reflect your kernel and fs.

Networking

See this for networking information

A different image

Try these:

[ -e hello-vmlinux.bin ] || wget https://s3.amazonaws.com/spec.ccfc.min/img/hello/kernel/hello-vmlinux.bin
[ -e hello-rootfs.ext4 ] || wget -O hello-rootfs.ext4 https://github.com/firecracker-microvm/firecracker-demo/raw/fea3897ccfab0387ce5cd4fa2dd49d869729d612/xenial.rootfs.ext4
[ -e hello-id_rsa ] || wget -O hello-id_rsa https://raw.githubusercontent.com/firecracker-microvm/firecracker-demo/ec271b1e5ffc55bd0bf0632d5260e96ed54b5c0c/xenial.rootfs.id_rsa

Previous image networking

Do they work? Check out the vmconfig.json file

Modifying the image

  • Make a directory
  • Mount ext4 image to it
  • Make a change
  • See if you can boot again