microVM: Another Level of Abstraction for Serverless Computing

How to run a microVM in an unprivileged environment with Firefighter?

Mostafa Moradian
Dec 16, 2019 · 4 min read

For years, cloud computing was a way to convince users and business to spend their money hosting their services on servers collocated on cloud data-centers. Things are changed and merely providing basic storage and processing power is a thing of the past. Cloud services are so complicated today that each one of them needs proper training to just be able to use them. Distributed data-stores, load-balancers, storages, serverless and container automation and orchestration services are just a few example of the vast number of cloud computing services.

One can now have a software running on cloud services (Software-as-a-Service) with five-nine SLA hosted on multiple cloud providers, effectively providing high-availability across the globe, all controlled from a central location, automated and orchestrated with the latest cutting-edge technologies on the market. And the number of these technologies are ever-growing.

Most of the cloud providers today use open-source model to distribute their technologies and software. Examples of which are kubernetes, docker and firecracker. Containerization and light-weight virtual machines are just two of the various ways to deploy applications on cloud. Each has its own pros and cons. But in this article I am going to present firecrack, a light-weight virtual machine, or microVM, management tool created by Amazon to run their serverless platform. In contrast to containerization, specifically docker, which uses a single shared Linux kernel with cgroups, namespaces, etc., microVMs use a separate Linux kernel virtualized on top of kernel-based virtual machine (KVM). The advantages of microVM are less memory overhead (5 MB), very minimal optimized kernel and security. The most interesting part is that it is written in Rust, has an awesome Go SDK and many tools are already developed for it:

There is a demo project demonstrating the abilities and features of microVM by showing how quickly it can run 4k microVMs in less than a minute:

Months ago, I’ve started experimenting with it and wrote a bunch of bash scripts and a simple README to be able to show how to download project binaries or build the project(s) from source and start using microVMs very quickly:

In order to use it, just clone the project somewhere on your disk and either run get_latest.sh or build_latest.sh. To get the latest binaries along with pre-built Debian and Alpine kernel and rootfs, you just need to have curl installed. But in order to build it from source code, you should have Rust compiler installed. The easiest way to install Rust compiler and toolchain, just download and install rustup installer to be able to easily install other things. A simple tutorial is present on Rust official website that provides instructions on how to do this. For building the latest version, I assume you have Debian GNU/Linux installed, because of APT.

Although building from source gives you full control and customizability, but for mere experimentation, just download the binaries and related files and you’re good to go!

This script downloads the latest firecracker, firectl and jailer binaries with a progress bar, along with Alpine and Debian kernel and rootfs in images directory.

Running the following command with no option or with help would print usage instructions:

To run an Alpine microVM, just run the following command, it needs root/sudo privilege:

Using root as username and password, you can login to the microVM. Run the following commands inside the microVM to enable internet access:

Now you can stop the microVM with the following command on another terminal:

That was it for now. You should figure out how you can leverage this to your advantage.

It’s a simple open-source project and any feedback and contribution is welcome.

Mostafa Moradian
Software Engineer, InfoSec Consultant,
FOSS Advocate and Author, among other things
GitHub | LinkedIn | Twitter

Mostafa Moradian

Written by

Developer Advocate 🥑 — https://github.com/mostafa

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade