lewis.moe / lewiscloud
Demonstrating core cloud concepts, starting with CaaS. Not for production use.
fork atom
lewiscloud / worker-plane /
at main 1 folder 7 files
src
.env.example
.gitignore
Cargo.lock
Cargo.toml
README.md
create_alpine_rootfs.sh
firecracker-config.json
README.md

Worker plane#

Worker manager#

TODO

Manual fc vm installation#

Add the firecracker binary to your system.

Download a vmlinux* that has the virtio etc installed in itself and not as modules. For example, AWS seems to have one readymade, from the firecracker docs:

ARCH="$(uname -m)"
release_url="https://github.com/firecracker-microvm/firecracker/releases"
latest_version=$(basename $(curl -fsSLI -o /dev/null -w  %{url_effective} ${release_url}/latest))
CI_VERSION=${latest_version%.*}
latest_kernel_key=$(curl "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/$CI_VERSION/$ARCH/vmlinux-&list-type=2" \
    | grep -oP "(?<=<Key>)(firecracker-ci/$CI_VERSION/$ARCH/vmlinux-[0-9]+\.[0-9]+\.[0-9]{1,3})(?=</Key>)" \
    | sort -V | tail -1)

# Download a linux kernel binary
wget "https://s3.amazonaws.com/spec.ccfc.min/${latest_kernel_key}"

Add the following network rules to your system (not necessary at this stage of the project but good to have)

TAP_DEV="tap0"
TAP_IP="172.16.0.1"
MASK_SHORT="/30"
HOST_IFACE=$(ip -j route list default | jq -r '.[0].dev')

# Setup network interface on the host
sudo ip link del "$TAP_DEV" 2> /dev/null || true
sudo ip tuntap add dev "$TAP_DEV" mode tap
sudo ip addr add "${TAP_IP}${MASK_SHORT}" dev "$TAP_DEV"
sudo ip link set dev "$TAP_DEV" up

# Enable IP forwarding and masquerading
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo iptables -P FORWARD ACCEPT
sudo iptables -t nat -A POSTROUTING -o "$HOST_IFACE" -j MASQUERADE

Allow execution (chmod +x) on the create_alpine_rootfs.sh, then run it.

Download the firecracker binary

ARCH="$(uname -m)"
release_url="https://github.com/firecracker-microvm/firecracker/releases"
latest=$(basename $(curl -fsSLI -o /dev/null -w  %{url_effective} ${release_url}/latest))
curl -L ${release_url}/download/${latest}/firecracker-${latest}-${ARCH}.tgz \
| tar -xz

mv release-${latest}-$(uname -m)/firecracker-${latest}-${ARCH} firecracker

or compile it from source.

touch firecracker.log

Finally, to run the image:

sudo rm -f /tmp/firecracker.socket && sudo ./firecracker --api-sock /tmp/firecracker.socket --config-file firecracker-config.json

The username and password is root and root. Change that in the create_alpine_rootfs.sh file if you want.

To exit the tty you'll have to shutdown or reboot.

If you want to wire up the networking, complete the guest side of the host networking that we added on the host earlier:

ip addr add 172.16.0.2/30 dev eth0
ip link set eth0 up
ip route add default via 172.16.0.1 dev eth0
echo "nameserver 8.8.8.8" > /etc/resolv.conf

TODO: prod machines that dynamically assign internal IPs on rootfs creation time#

Add to /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 172.16.0.2
    netmask 255.255.255.252
    gateway 172.16.0.1

and at startup

rc-update add networking boot
rc-service networking start

Hmm.. also should do something for ipv6 too.