For years, cloud computing was a way to convince users and business to spend their money hosting their services on servers collocated on cloud data-centers. Things are changed and merely providing basic storage and processing power is a thing of the past. Cloud services are so complicated today that each one of them needs proper training to just be able to use them. Distributed data-stores, load-balancers, storages, serverless and container automation and orchestration services are just a few example of the vast number of cloud computing services.
One can now have a software running on cloud services (Software-as-a-Service) with five-nine SLA hosted on multiple cloud providers, effectively providing high-availability across the globe, all controlled from a central location, automated and orchestrated with the latest cutting-edge technologies on the market. And the number of these technologies are ever-growing.
Most of the cloud providers today use open-source model to distribute their technologies and software. Examples of which are kubernetes, docker and firecracker. Containerization and light-weight virtual machines are just two of the various ways to deploy applications on cloud. Each has its own pros and cons. But in this article I am going to present firecrack, a light-weight virtual machine, or microVM, management tool created by Amazon to run their serverless platform. In contrast to containerization, specifically docker, which uses a single shared Linux kernel with cgroups, namespaces, etc., microVMs use a separate Linux kernel virtualized on top of kernel-based virtual machine (KVM). The advantages of microVM are less memory overhead (5 MB), very minimal optimized kernel and security. The most interesting part is that it is written in Rust, has an awesome Go SDK and many tools are already developed for it:
Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read…
Automation Status Tests Lint This repository enables the use of a container runtime, containerd, to manage Firecracker…
This package is a Go library to interact with the Firecracker API. It is designed as an abstraction of the…
Firectl is a basic command-line tool that lets you run arbitrary Firecracker MicroVMs via the command line. This lets…
Weave Ignite is an open source Virtual Machine (VM) manager with a container UX and built-in GitOps management…
There is a demo project demonstrating the abilities and features of microVM by showing how quickly it can run 4k microVMs in less than a minute:
This demo showcases Firecracker's agility and high-density capabilities. It's been run on an EC2 I3.metal host (the…
Months ago, I’ve started experimenting with it and wrote a bunch of bash scripts and a simple README to be able to show how to download project binaries or build the project(s) from source and start using microVMs very quickly:
Firefighter is, for now, as set of scripts to download or build from source the firecracker and the firectl, download…
In order to use it, just clone the project somewhere on your disk and either run
build_latest.sh. To get the latest binaries along with pre-built Debian and Alpine kernel and rootfs, you just need to have curl installed. But in order to build it from source code, you should have Rust compiler installed. The easiest way to install Rust compiler and toolchain, just download and install rustup installer to be able to easily install other things. A simple tutorial is present on Rust official website that provides instructions on how to do this. For building the latest version, I assume you have Debian GNU/Linux installed, because of APT.
Using rustup (Recommended) It looks like you're running macOS, Linux, or another Unix-like OS. To download Rustup and…
Although building from source gives you full control and customizability, but for mere experimentation, just download the binaries and related files and you’re good to go!
$ git clone https://github.com/mostafa/firefighter
$ cd firefighter
This script downloads the latest firecracker, firectl and jailer binaries with a progress bar, along with Alpine and Debian kernel and rootfs in
Running the following command with no option or with
help would print usage instructions:
run_microvm.sh start <distro-name> | <vmlinuz.bin> <rootfs.ext4>
run_microvm.sh helpAvailable distros:
To run an Alpine microVM, just run the following command, it needs root/sudo privilege:
$ ./run_microvm.sh start alpine
Giving read/write access to KVM to user
[sudo] password for user:
Booting kernel: images/alpine-vmlinuz.bin
Enable routing from/to MicroVM
Welcome to Alpine Linux 3.8
Kernel 4.14.55-84.37.amzn2.x86_64 on an x86_64 (ttyS0)localhost login:
root as username and password, you can login to the microVM. Run the following commands inside the microVM to enable internet access:
$ ip addr add 172.16.0.2/24 dev eth0
$ ip route add default via 172.16.0.1 dev eth0
$ echo "nameserver 22.214.171.124" > /etc/resolv.conf
$ ping -c 3 google.com
PING google.com (126.96.36.199): 56 data bytes
64 bytes from 188.8.131.52: seq=0 ttl=54 time=4.270 ms
64 bytes from 184.108.40.206: seq=1 ttl=54 time=5.979 ms
64 bytes from 220.127.116.11: seq=2 ttl=54 time=6.455 ms--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 4.270/5.568/6.455 ms
Now you can stop the microVM with the following command on another terminal:
$ ./run_microvm.sh stop
That was it for now. You should figure out how you can leverage this to your advantage.
It’s a simple open-source project and any feedback and contribution is welcome.