-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CI: revamp rootfs artifacts #4858
base: main
Are you sure you want to change the base?
Changes from all commits
5a657c6
eea4899
6f78bc0
e19e463
d4da7f0
a784331
1954b6c
016afe2
5c16e02
de19595
6e3ab2c
e5e8659
a9b06ad
778e931
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,7 +9,7 @@ You can check if your system meets the requirements by running | |
`firecracker/tools/devtool checkenv`. | ||
|
||
An opinionated way to run Firecracker is to launch an | ||
[EC2](https://aws.amazon.com/ec2/) `c5.metal` instance with Ubuntu 22.04. | ||
[EC2](https://aws.amazon.com/ec2/) `c5.metal` instance with Ubuntu 24.04. | ||
|
||
Firecracker requires [the KVM Linux kernel module](https://www.linux-kvm.org/) | ||
to perform its virtualization and emulation tasks. | ||
|
@@ -95,24 +95,26 @@ For simplicity, this guide will not use the [`jailer`](../src/jailer/). | |
|
||
To successfully start a microVM, you will need an uncompressed Linux kernel | ||
binary, and an ext4 file system image (to use as rootfs). This guide uses a 5.10 | ||
kernel image with a Ubuntu 22.04 rootfs from our CI: | ||
kernel image with a Ubuntu 24.04 rootfs from our CI: | ||
|
||
```bash | ||
ARCH="$(uname -m)" | ||
|
||
latest=$(wget "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/v1.10/x86_64/vmlinux-5.10&list-type=2" -O - 2>/dev/null | grep "(?<=<Key>)(firecracker-ci/v1.10/x86_64/vmlinux-5\.10\.[0-9]{3})(?=</Key>)" -o -P) | ||
latest=$(wget "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/v1.10/$ARCH/vmlinux-5.10&list-type=2" -O - 2>/dev/null | grep -oP "(?<=<Key>)(firecracker-ci/v1.10/$ARCH/vmlinux-5\.10\.[0-9]{1,3})(?=</Key>)") | ||
|
||
# Download a linux kernel binary | ||
wget "https://s3.amazonaws.com/spec.ccfc.min/${latest}" | ||
|
||
# Download a rootfs | ||
wget "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.10/${ARCH}/ubuntu-22.04.ext4" | ||
|
||
# Download the ssh key for the rootfs | ||
wget "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.10/${ARCH}/ubuntu-22.04.id_rsa" | ||
|
||
# Set user read permission on the ssh key | ||
chmod 400 ./ubuntu-22.04.id_rsa | ||
wget -O ubuntu-24.04.squashfs.upstream "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.10/${ARCH}/ubuntu-24.04.squashfs" | ||
|
||
# Create an ssh key for the rootfs | ||
unsquashfs ubuntu-24.04.squashfs.upstream | ||
ssh-keygen -f id_rsa -N "" | ||
cp -v id_rsa.pub squashfs-root/root/.ssh/authorized_keys | ||
mv -v id_rsa ./ubuntu-24.04.id_rsa | ||
# re-squash | ||
mksquashfs squashfs-root ubuntu-24.04.squashfs -all-root -noappend -comp zstd | ||
``` | ||
|
||
### Getting a Firecracker Binary | ||
|
@@ -238,7 +240,7 @@ sudo curl -X PUT --unix-socket "${API_SOCKET}" \ | |
}" \ | ||
"http://localhost/boot-source" | ||
|
||
ROOTFS="./ubuntu-22.04.ext4" | ||
ROOTFS="./ubuntu-24.04.ext4" | ||
|
||
# Set rootfs | ||
sudo curl -X PUT --unix-socket "${API_SOCKET}" \ | ||
|
@@ -280,13 +282,13 @@ sudo curl -X PUT --unix-socket "${API_SOCKET}" \ | |
sleep 2s | ||
|
||
# Setup internet access in the guest | ||
ssh -i ./ubuntu-22.04.id_rsa [email protected] "ip route add default via 172.16.0.1 dev eth0" | ||
ssh -i ./ubuntu-24.04.id_rsa [email protected] "ip route add default via 172.16.0.1 dev eth0" | ||
|
||
# Setup DNS resolution in the guest | ||
ssh -i ./ubuntu-22.04.id_rsa [email protected] "echo 'nameserver 8.8.8.8' > /etc/resolv.conf" | ||
ssh -i ./ubuntu-24.04.id_rsa [email protected] "echo 'nameserver 8.8.8.8' > /etc/resolv.conf" | ||
|
||
# SSH into the microVM | ||
ssh -i ./ubuntu-22.04.id_rsa [email protected] | ||
ssh -i ./ubuntu-24.04.id_rsa [email protected] | ||
|
||
# Use `root` for both the login and password. | ||
# Run `reboot` to exit. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
CONFIG_IKCONFIG=y | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. if for some reason we need to disable a config option, would it work with this concat approach? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yep, both these styles work, and are normalized to the
|
||
CONFIG_IKCONFIG_PROC=y | ||
CONFIG_MSDOS_PARTITION=y | ||
CONFIG_SQUASHFS_ZSTD=y | ||
# aarch64 only TBD split into a separate file | ||
CONFIG_DEVMEM=y | ||
# CONFIG_ARM64_ERRATUM_3194386 is not set |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
CONFIG_FTRACE=y | ||
CONFIG_FUNCTION_TRACER=y | ||
CONFIG_FUNCTION_GRAPH_TRACER=y | ||
CONFIG_IRQSOFF_TRACER=y | ||
CONFIG_PREEMPT_TRACER=y | ||
CONFIG_SCHED_TRACER=y | ||
CONFIG_STACK_TRACER=y | ||
CONFIG_BLK_DEV_IO_TRACE=y | ||
CONFIG_FUNCTION_PROFILER=y | ||
CONFIG_FTRACE_MCOUNT_RECORD=y | ||
CONFIG_FTRACE_SYSCALLS=y |
This file was deleted.
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
curiosity: doesn't firecracker support writing sparse memory snapshots? I see everybody has implemented their own way of punching holes >.<
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't do it, but it could be a nice improvement and we probably wouldn't have to gate it under an option.