### Install Google Cloud SDK Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/dev-machine-setup.md Installs the Google Cloud SDK on a Debian/Ubuntu system. This command sequence adds the repository, imports the key, and installs the SDK. ```bash $ export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" $ echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" \ | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list $ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \ | sudo apt-key add - $ sudo apt-get update && sudo apt-get install -y google-cloud-sdk ``` -------------------------------- ### Configure Firecracker Network Interface and Start Instance Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/getting-started.md Set up the guest network interface with a MAC address and host device name, then start the Firecracker microVM instance. A small delay is included to ensure configuration is applied before starting. ```bash # The IP address of a guest is derived from its MAC address with # `fcnet-setup.sh`, this has been pre-configured in the guest rootfs. It is # important that `TAP_IP` and `FC_MAC` match this. FC_MAC="06:00:AC:10:00:02" # Set network interface sudo curl -X PUT --unix-socket "${API_SOCKET}" \ --data "{ \"iface_id\": \"net1\", \"guest_mac\": \"$FC_MAC\", \"host_dev_name\": \"$TAP_DEV\" }" \ "http://localhost/network-interfaces/net1" # API requests are handled asynchronously, it is important the configuration is # set, before `InstanceStart`. sleep 0.015s # Start microVM sudo curl -X PUT --unix-socket "${API_SOCKET}" \ --data "{ \"action_type\": \"InstanceStart\" }" \ "http://localhost/actions" ``` -------------------------------- ### Install OpenRC and Utilities Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/rootfs-and-kernel-setup.md Inside the Docker container, install the OpenRC init system and essential utilities like 'util-linux'. ```bash apk add openrc apk add util-linux ``` -------------------------------- ### InstanceStart Action Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/api_requests/actions.md Powers on the microVM and starts the guest OS. This action does not have a payload and can only be successfully called once. ```APIDOC ## InstanceStart Action ### Description Powers on the microVM and starts the guest OS. This action does not have a payload and can only be successfully called once. ### Method PUT ### Endpoint /actions ### Request Body - **action_type** (string) - Required - Must be set to "InstanceStart". ### Request Example ```bash curl --unix-socket ${socket} -i \ -X PUT "http://localhost/actions" \ -d '{ "action_type": "InstanceStart" }' ``` ``` -------------------------------- ### Start Firecracker Instance Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/api_requests/actions.md Use this action to power on the microVM and start the guest OS. This action has no payload and can only be successfully called once. ```bash curl --unix-socket ${socket} -i \ -X PUT "http://localhost/actions" \ -d '{ "action_type": "InstanceStart" }' ``` -------------------------------- ### Install Balloon Device via API Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Installs a balloon device by sending a PUT request to the /balloon endpoint. This must be done before starting the virtual machine. ```APIDOC ## PUT /balloon ### Description Installs a balloon device for the virtual machine. This operation must be performed before the VM starts. ### Method PUT ### Endpoint /balloon ### Parameters #### Request Body - **amount_mib** (integer) - Required - The target size of the balloon in MiB. - **deflate_on_oom** (boolean) - Optional - If true, the balloon will attempt to deflate when the guest is out of memory. - **stats_polling_interval_s** (integer) - Optional - The interval in seconds at which balloon statistics are polled. ### Request Example ```json { "amount_mib": 1024, "deflate_on_oom": true, "stats_polling_interval_s": 10 } ``` ### Response #### Success Response (200) Returns a JSON object with the same structure as the request body, confirming the configuration. #### Response Example ```json { "amount_mib": 1024, "deflate_on_oom": true, "stats_polling_interval_s": 10 } ``` ``` -------------------------------- ### Run Vhost-User Backend Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/api_requests/block-vhost-user.md Start the vhost-user block device backend service. Ensure the backend supports the VIRTIO_BLK_F_RO feature for read-only configurations. ```bash vhost-user-blk --socket-path=${backend_socket} --blk-file=${drive_path} ``` -------------------------------- ### Configure Guest Nameserver Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/network-setup.md Add a nameserver entry to the guest's `/etc/resolv.conf` file to enable DNS resolution. This example uses `192.168.1.1` as the nameserver. ```bash # cat /etc/resolv.conf nameserver 192.168.1.1 ``` -------------------------------- ### Install Git and Clone FreeBSD Source Tree Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/rootfs-and-kernel-setup.md Installs git and clones the FreeBSD source tree to the specified directory. This is a prerequisite for building the FreeBSD kernel and rootfs for Firecracker. ```bash pkg install -y git git clone https://git.freebsd.org/src.git /usr/src ``` -------------------------------- ### Guest-initiated connection setup Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md Steps for establishing a connection initiated from the guest VM to the host. This involves the host creating and listening on a specific AF_UNIX socket, and the guest connecting to the host CID and port. ```text HOST_CID (i.e. integer value 2) ``` -------------------------------- ### Start Alpine Docker Container Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/rootfs-and-kernel-setup.md Start an Alpine Linux Docker container, bind-mounting the prepared rootfs image to '/my-rootfs'. This allows modifying the rootfs from within the container. ```bash docker run -it --rm -v /tmp/my-rootfs:/my-rootfs alpine ``` -------------------------------- ### Setting Multiple Resource Limits with Jailer Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/jailer.md Example demonstrating how to set multiple resource limits for a process managed by the jailer, such as file size and open file descriptors. ```bash --resource-limit fsize=250000000 --resource-limit no-file=1024 ``` -------------------------------- ### Configure Guest Network and Access MicroVM via SSH Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/getting-started.md After starting the microVM, wait for it to initialize, then configure its internal routing and DNS settings via SSH. Finally, establish an SSH connection to the microVM. ```bash # API requests are handled asynchronously, it is important the microVM has been # started before we attempt to SSH into it. sleep 2s KEY_NAME=./$(ls *.id_rsa | tail -1) # Setup internet access in the guest ssh -i $KEY_NAME root@172.16.0.2 "ip route add default via 172.16.0.1 dev eth0" # Setup DNS resolution in the guest ssh -i $KEY_NAME root@172.16.0.2 "echo 'nameserver 8.8.8.8' > /etc/resolv.conf" # SSH into the microVM ssh -i $KEY_NAME root@172.16.0.2 # Use `root` for both the login and password. # Run `reboot` to exit. ``` -------------------------------- ### Configure virtio-mem via JSON Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/memory-hotplug.md Add this configuration to your VM's JSON configuration file to set up virtio-mem. This configuration is applied when the VM starts. ```json { "memory-hotplug": { "total_size_mib": 1024, "block_size_mib": 2, "slot_size_mib": 128 } } ``` -------------------------------- ### Start Firecracker Sandbox Source: https://github.com/firecracker-microvm/firecracker/blob/main/tests/README.md Launch the Firecracker sandbox environment, which provides an IPython REPL for interacting with a microVM. Use 'tools/devtool sandbox -- --help' for available options. ```sh tools/devtool -y sandbox ``` -------------------------------- ### Configure virtio-pmem Rate Limiter at Creation Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/pmem.md Configure the virtio-pmem device with a rate limiter during its creation. This example sets limits for bandwidth and operations per second. ```json "pmem": [ { "id": "pmem0", "path_on_host": "./backing_file_256m", "rate_limiter": { "bandwidth": { "size": 268435456, "refill_time": 1000 }, "ops": { "size": 10, "refill_time": 1000 } } } ] ``` -------------------------------- ### Secure MicroVM Snapshot Usage Example Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-support.md Demonstrates a secure workflow where a microVM terminates after creating a snapshot, and a new microVM resumes from that snapshot. This ensures unique identifiers and tokens are used only once. ```console Boot microVM A -> ... -> Create snapshot S -> Terminate -> Load S in microVM B -> Resume -> ... ``` -------------------------------- ### Interact with MicroVM in Sandbox Source: https://github.com/firecracker-microvm/firecracker/blob/main/tests/README.md Example commands to interact with a microVM within the Firecracker sandbox IPython REPL. These include logging, metrics retrieval, SSH commands, and snapshotting. ```python uvm.help.print_log() uvm.get_all_metrics() uvm.ssh.run("ls") snap = uvm.snapshot_full() uvm.help.tmux_ssh() ``` -------------------------------- ### Start GDB and Connect to Firecracker Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/gdb-debugging.md Initiate GDB, load kernel symbols, and establish a remote connection to the Firecracker GDB socket. This allows for debugging the guest kernel. ```bash gdb vmlinux ``` ```gdb (gdb) target remote /tmp/gdb.socket ``` -------------------------------- ### Example Commit Message Format Source: https://github.com/firecracker-microvm/firecracker/blob/main/CONTRIBUTING.md Illustrates the recommended format for commit messages, including a descriptive title and a concise body, followed by sign-off and co-authored-by lines. ```text A descriptive title of 72 characters or fewer A concise description where each line is 72 characters or fewer. Signed-off-by: Co-authored-by: ``` -------------------------------- ### Configure virtio-mem via API Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/memory-hotplug.md Use this PUT request to configure the virtio-mem device with total size, block size, and slot size. This must be done before starting the VM. ```bash socket_location=/run/firecracker.microvm.sock curl --unix-socket $socket_location -i \ -X PUT 'http://localhost/hotplug/memory' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"total_size_mib\": 1024, \"block_size_mib\": 2, \"slot_size_mib\": 128 }" ``` -------------------------------- ### Launch Firecracker VM with Jailer Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/jailer.md Use this command to start a Firecracker MicroVM. It configures cgroups, network namespace, and daemonizes the process. Ensure paths and IDs match your environment. ```bash /usr/bin/jailer --id 551e7604-e35c-42b3-b825-416853441234 --cgroup cpuset.mems=0 --cgroup cpuset.cpus=$(cat /sys/devices/system/node/node0/cpulist) --exec-file /usr/bin/firecracker --uid 123 --gid 100 \ --netns /var/run/netns/my_netns --daemonize ``` -------------------------------- ### Configure Balloon Device with Free Page Hinting Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md This example shows how to enable free page hinting when creating or configuring the balloon device. The `free_page_hinting` attribute must be set to `true` in the JSON payload. ```APIDOC ## Configure Balloon Device with Free Page Hinting ### Description Enables the free page hinting feature for the Virtio balloon device. When enabled, the guest driver can report unused memory ranges to the host for reclamation. ### Method PUT ### Endpoint /balloon ### Parameters #### Request Body - **amount_mib** (integer) - Required - The amount of memory in MiB to be managed by the balloon device. - **deflate_on_oom** (boolean) - Required - Whether to deflate the balloon when the guest is out of memory. - **stats_polling_interval_s** (integer) - Required - The interval in seconds for polling statistics. - **free_page_hinting** (boolean) - Required - Set to `true` to enable free page hinting. ### Request Example ```json { "amount_mib": 1024, "deflate_on_oom": true, "stats_polling_interval_s": 1, "free_page_hinting": true } ``` ### Response #### Success Response (200) - **None** - Typically returns an empty body on success. #### Response Example (No specific response body is detailed for this configuration endpoint in the provided text.) ``` -------------------------------- ### Configure Network Interface via API Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/network-setup.md Use this cURL command to configure a network interface for a Firecracker VM using its Unix socket API. Ensure the guest MAC address corresponds to the guest's IP address if using the rootfs from the getting started guide. ```bash curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/network-interfaces/my_network0' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "iface_id": "my_network0", "guest_mac": "06:00:AC:10:00:02", "host_dev_name": "tap0" }' ``` -------------------------------- ### Install cURL on Ubuntu VM Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/dev-machine-setup.md Installs the cURL utility on an Ubuntu virtual machine. This is a prerequisite for further Firecracker setup. ```bash sudo apt install curl -y ``` -------------------------------- ### Install Test Dependencies (Ubuntu/Debian) Source: https://github.com/firecracker-microvm/firecracker/blob/main/tests/README.md Install necessary Python packages for running Firecracker tests outside of Docker on Ubuntu-based systems. Ensure Python 3 and pip are installed. ```sh # replace with yum in Fedora/AmazonLinux sudo apt install python3-pip sudo pip3 install pytest ipython requests psutil tenacity filelock "urllib3<2.0" requests_unixsocket aws_embedded_metrics pytest-json-report pytest-timeout ``` -------------------------------- ### Configure Block Device with Sync IO Engine Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/api_requests/block-io-engine.md This example shows how to configure a block device using the synchronous IO engine via the PUT /drives API. Ensure the socket path and drive path are correctly set. ```bash curl --unix-socket ${socket} -i \ -X PUT "http://localhost/drives/rootfs" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ -d "{ \"drive_id\": \"rootfs\", \"path_on_host\": \"${drive_path}\", \"is_root_device\": true, \"is_read_only\": false, \"io_engine\": \"Sync\" }" ``` -------------------------------- ### Get Balloon Device Configuration (GET) Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Retrieve the current configuration of the balloon device by sending a GET request to the '/balloon' endpoint. This command uses cURL with a specified socket location. ```bash socket_location=... curl --unix-socket $socket_location -i \ -X GET 'http://localhost/balloon' \ -H 'Accept: application/json' ``` -------------------------------- ### Example Metadata JSON Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/mmds/mmds-user-guide.md This is an example of the JSON structure for metadata stored in MMDS. ```json { "latest": { "meta-data": { "ami-id": "ami-87654321", "reservation-id": "r-79054aef" } } } ``` -------------------------------- ### Host-initiated connection setup Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md Steps for establishing a connection initiated from the host to a guest VM using the virtio-vsock device. This involves configuring the device with a UDS path, listening on the guest vsock port, connecting to the host UDS, and sending a CONNECT command. ```text CONNECT PORT\n ``` ```text OK PORT\n ``` -------------------------------- ### Get Balloon Device Configuration Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Retrieves the current configuration of the balloon device by sending a GET request to the /balloon endpoint. ```APIDOC ## GET /balloon ### Description Retrieves the current configuration of the installed balloon device. ### Method GET ### Endpoint /balloon ### Response #### Success Response (200) - **amount_mib** (integer) - The target size of the balloon in MiB. - **deflate_on_oom** (boolean) - Indicates if the balloon deflates on OOM. - **stats_polling_interval_s** (integer) - The interval in seconds for polling balloon statistics. #### Response Example ```json { "amount_mib": 1024, "deflate_on_oom": true, "stats_polling_interval_s": 10 } ``` ``` -------------------------------- ### Configure Logger via Command Line (Advanced) Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/logger.md Configure the logger on startup with specific levels and origin display settings using additional command-line parameters. ```bash ./firecracker --api-sock /tmp/firecracker.socket --log-path logs.fifo --level Error --show-level --show-log-origin ``` -------------------------------- ### Configure MicroVM with a JSON File Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/getting-started.md Boot a guest microVM without using the API socket by providing a configuration file. This JSON file must include guest kernel and rootfs configuration. ```bash sudo ./firecracker --api-sock /tmp/firecracker.socket --config-file ``` -------------------------------- ### Install Balloon Device via JSON Configuration Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Insert this JSON object into your Firecracker configuration file to install the balloon device. Configure 'amount_mib', 'deflate_on_oom', and 'stats_polling_interval_s' as needed. ```json "balloon": { "amount_mib": 0, "deflate_on_oom": false, "stats_polling_interval_s": 1 } ``` -------------------------------- ### Install Test Dependencies (Amazon Linux 2) Source: https://github.com/firecracker-microvm/firecracker/blob/main/tests/README.md Install Python packages for running Firecracker tests on Amazon Linux 2. This command should be run after configuring the correct Python version. ```sh sudo pip3 install pytest ipython requests psutil tenacity filelock "urllib3<2.0" requests_unixsocket ``` -------------------------------- ### Configure Logger via Command Line (Basic) Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/logger.md Configure the logger on startup using the --log-path command-line parameter. Other logger fields will use default values. ```bash ./firecracker --api-sock /tmp/firecracker.socket --log-path ``` -------------------------------- ### Get Virtio Balloon Statistics Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Retrieve the latest virtio balloon statistics by sending a GET request to the /balloon/statistics endpoint. Ensure stats_polling_interval_s is set to a non-zero value in the balloon configuration. ```bash socket_location=... curl --unix-socket $socket_location -i \ -X GET 'http://localhost/balloon/statistics' \ -H 'Accept: application/json' ``` -------------------------------- ### Initialize gcloud CLI Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/dev-machine-setup.md Initializes the gcloud CLI, prompting for authentication and default project selection. Follow the console prompts to complete the authentication process. ```bash $ gcloud init --console-only ``` -------------------------------- ### Enable Guest Network Interface Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/network-setup.md Activate the guest's network interface (`eth0`) after assigning an IP address. ```bash ip link set eth0 up ``` -------------------------------- ### Get Virtio Balloon Statistics Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Retrieve the latest Virtio balloon statistics by issuing a GET request on the /balloon/statistics endpoint. Statistics are enabled by setting `stats_polling_interval_s` in the balloon configuration to a non-zero value. ```APIDOC ## GET /balloon/statistics ### Description Retrieves the latest Virtio balloon statistics, including target and actual balloon sizes, and traditional virtio memory balloon statistics. ### Method GET ### Endpoint /balloon/statistics ### Parameters None ### Request Example ```console socket_location=... curl --unix-socket $socket_location -i \ -X GET 'http://localhost/balloon/statistics' \ -H 'Accept: application/json' ``` ### Response #### Success Response (200) - **target_pages** (integer) - The target size of the balloon, in 4K pages. - **actual_pages** (integer) - The number of 4K pages the device is currently holding. - **target_mib** (integer) - The target size of the balloon, in MiB. - **actual_mib** (integer) - The number of MiB the device is currently holding. - **VIRTIO_BALLOON_S_SWAP_IN** (integer) - The amount of memory that has been swapped in (in bytes). - **VIRTIO_BALLOON_S_SWAP_OUT** (integer) - The amount of memory that has been swapped out to disk (in bytes). - **VIRTIO_BALLOON_S_MAJFLT** (integer) - The number of major page faults that have occurred. - **VIRTIO_BALLOON_S_MINFLT** (integer) - The number of minor page faults that have occurred. - **VIRTIO_BALLOON_S_MEMFREE** (integer) - The amount of memory not being used for any purpose (in bytes). - **VIRTIO_BALLOON_S_MEMTOT** (integer) - The total amount of memory available (in bytes). - **VIRTIO_BALLOON_S_AVAIL** (integer) - An estimate of how much memory is available (in bytes) for starting new applications, without pushing the system to swap. - **VIRTIO_BALLOON_S_CACHES** (integer) - The amount of memory, in bytes, that can be quickly reclaimed without additional I/O. - **VIRTIO_BALLOON_S_HTLB_PGALLOC** (integer) - The number of successful hugetlb page allocations in the guest. - **VIRTIO_BALLOON_S_HTLB_PGFAIL** (integer) - The number of failed hugetlb page allocations in the guest. - **VIRTIO_BALLOON_S_OOM_KILL** (integer) - OOM killer invocations, indicating critical memory pressure (Linux v6.12+). - **VIRTIO_BALLOON_S_ALLOC_STALL** (integer) - Counter of Allocation enter a slow path to gain more memory page (Linux v6.12+). - **VIRTIO_BALLOON_S_ASYNC_SCAN** (integer) - Amount of memory scanned asynchronously (Linux v6.12+). - **VIRTIO_BALLOON_S_DIRECT_SCAN** (integer) - Amount of memory scanned directly (Linux v6.12+). - **VIRTIO_BALLOON_S_ASYNC_RECLAIM** (integer) - Amount of memory reclaimed asynchronously (Linux v6.12+). - **VIRTIO_BALLOON_S_DIRECT_RECLAIM** (integer) - Amount of memory reclaimed directly (Linux v6.12+). #### Response Example ```json { "target_pages": 1024, "actual_pages": 512, "target_mib": 4096, "actual_mib": 2048, "VIRTIO_BALLOON_S_SWAP_IN": 0, "VIRTIO_BALLOON_S_SWAP_OUT": 0, "VIRTIO_BALLOON_S_MAJFLT": 100, "VIRTIO_BALLOON_S_MINFLT": 500, "VIRTIO_BALLOON_S_MEMFREE": 1073741824, "VIRTIO_BALLOON_S_MEMTOT": 4294967296, "VIRTIO_BALLOON_S_AVAIL": 2147483648, "VIRTIO_BALLOON_S_CACHES": 536870912, "VIRTIO_BALLOON_S_HTLB_PGALLOC": 0, "VIRTIO_BALLOON_S_HTLB_PGFAIL": 0, "VIRTIO_BALLOON_S_OOM_KILL": 0, "VIRTIO_BALLOON_S_ALLOC_STALL": 0, "VIRTIO_BALLOON_S_ASYNC_SCAN": 0, "VIRTIO_BALLOON_S_DIRECT_SCAN": 0, "VIRTIO_BALLOON_S_ASYNC_RECLAIM": 0, "VIRTIO_BALLOON_S_DIRECT_RECLAIM": 0 } ``` ``` -------------------------------- ### Install Balloon Device via API (PUT) Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md Use this cURL command to install the balloon device by sending a PUT request to the Firecracker API. Ensure the socket location and balloon parameters are correctly set. ```bash socket_location=... amount_mib=... deflate_on_oom=... polling_interval=... curl --unix-socket $socket_location -i \ -X PUT 'http://localhost/balloon' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"amount_mib\": $amount_mib, \ \"deflate_on_oom\": $deflate_on_oom, \ \"stats_polling_interval_s\": $polling_interval }" ``` -------------------------------- ### Configure and Update a Block Device Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/api_requests/patch-block.md This sequence demonstrates configuring a microVM with an initial block device and then updating it with a new backing file and size. Ensure the guest does not mount the device before the update. ```bash # Create and set up a block device. touch ${ro_drive_path} curl --unix-socket ${socket} -i \ -X PUT "http://localhost/drives/scratch" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ -d "{ \"drive_id\": \"scratch\", \"path_on_host\": \"${ro_drive_path}\", \"is_root_device\": false, \"is_read_only\": true \"rate_limiter\": { \"bandwidth\": { \"size\": 100000, \"one_time_burst\": 4096, \"refill_time\": 150 }, \"ops\": { \"size\": 10, \"refill_time\": 250 } } }" # Finish configuring and start the microVM. Wait for the guest to boot. # Before mounting the block device in the guest: # Use another backing file of different size to effectively resize the # vm block device. touch ${updated_ro_drive_path} truncate --size ${new_size}M ${updated_ro_drive_path} # Create a filesystem in it. mkfs.ext4 ${updated_ro_drive_path} # PATCH the block device to use the new backing file. curl --unix-socket ${socket} -i \ -X PATCH "http://localhost/drives/scratch" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ -d "{ \"drive_id\": \"scratch\", \"path_on_host\": \"${updated_ro_drive_path}\" }" # It's now safe to mount the block device in the guest and use it # with the updated backing file. ``` -------------------------------- ### Commit Signing with DCO Source: https://github.com/firecracker-microvm/firecracker/blob/main/CONTRIBUTING.md Example of the required 'Signed-off-by' line for DCO compliance in commit messages. ```git Signed-off-by: Jane Smith ``` -------------------------------- ### Configure Block Device with Writeback Cache Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/api_requests/block-caching.md Use this example to configure a block device with the 'Writeback' cache type. This ensures data is committed to disk upon flush requests, enhancing data integrity at the expense of performance. ```bash curl --unix-socket ${socket} -i \ -X PUT "http://localhost/drives/dummy" \ -H "accept: application/json" \ -H "Content-Type: application/json" \ -d "{ \"drive_id\": \"dummy\", \"path_on_host\": \"${drive_path}\", \"is_root_device\": false, \"is_read_only\": false, \"cache_type\": \"Writeback\" }" ``` -------------------------------- ### Configure Guest Networking Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/network-setup.md These commands configure the IP address, bring up the network interface, and set the default gateway within the guest VM. Ensure the IP address and gateway match your host setup. ```bash ip addr add 172.16.0.2/30 dev eth0 ip link set eth0 up ip route add default via 172.16.0.1 dev eth0 ``` -------------------------------- ### Get VMState File Version Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-editor.md Prints the version of the provided vmstate file. Requires the path to the vmstate file. ```bash snapshot-editor info-vmstate version --vmstate-path ``` ```bash ./snapshot-editor info-vmstate version --vmstate-path ./vmstate_file ``` -------------------------------- ### Connect from Guest to Host VSOCK Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md On the guest, create an AF_VSOCK socket and connect it to the specified host port (CID=2). This initiates a connection from the guest to the host. ```bash socat - VSOCK-CONNECT:2:52 ``` -------------------------------- ### POST /snapshot/create Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-support.md Creates a diff snapshot of the microVM. The microVM must be in a Paused state. If track_dirty_pages is enabled, KVM's dirty page log is used. Otherwise, the mincore(2) syscall is used, which requires swap to be disabled. ```APIDOC ## POST /snapshot/create ### Description Creates a diff snapshot of the microVM. The microVM must be in a Paused state. If track_dirty_pages is enabled, KVM's dirty page log is used. Otherwise, the mincore(2) syscall is used, which requires swap to be disabled. ### Method PUT ### Endpoint /snapshot/create ### Parameters #### Request Body - **snapshot_type** (string) - Required - Type of snapshot to create. Use "Diff" for a diff snapshot. Defaults to "Full". - **snapshot_path** (string) - Required - Path to save the snapshot. - **mem_file_path** (string) - Required - Path to save the memory file. ### Request Example ```json { "snapshot_type": "Diff", "snapshot_path": "./snapshot_file", "mem_file_path": "./mem_file" } ``` ### Response #### Success Response (200) - **snapshot_path** (string) - Path to the created snapshot file. - **mem_file_path** (string) - Path to the created memory file. #### Response Example ```json { "snapshot_path": "./snapshot_file", "mem_file_path": "./mem_file" } ``` ``` -------------------------------- ### GET /hotplug/memory Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/memory-hotplug.md Retrieves the current status and configuration of the virtio-mem device. This is useful for monitoring the progress of memory hotplugging operations. ```APIDOC ## GET /hotplug/memory ### Description Queries the current status of the virtio-mem device, including total, plugged, and requested memory sizes. ### Method GET ### Endpoint /hotplug/memory ### Parameters #### Query Parameters None #### Request Body None ### Response #### Success Response (200) - **total_size_mib** (integer) - Maximum hotpluggable memory size in MiB. - **block_size_mib** (integer) - Block size used by the device in MiB. - **slot_size_mib** (integer) - Slot size used by Firecracker in MiB. - **plugged_size_mib** (integer) - Currently plugged (available) memory by the guest in MiB. - **requested_size_mib** (integer) - Target memory size set by the host in MiB. ### Response Example ```json { "total_size_mib": 1024, "block_size_mib": 64, "slot_size_mib": 128, "plugged_size_mib": 512, "requested_size_mib": 512 } ``` ``` -------------------------------- ### Create Bridge Interface Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/network-setup.md Command to create a new bridge interface on the host system. This is part of the bridge-based routing setup. ```bash sudo ip link add name br0 type bridge ``` -------------------------------- ### Create a Full Snapshot Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-support.md Create a full snapshot of a paused microVM. This command saves the device and emulation state, as well as a complete copy of the guest memory. Files specified by snapshot_path and mem_file_path will be created or overwritten. ```bash curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/snapshot/create' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "snapshot_type": "Full", "snapshot_path": "./snapshot_file", "mem_file_path": "./mem_file" }' ``` -------------------------------- ### Interactive Rebase to Squash Commits Source: https://github.com/firecracker-microvm/firecracker/wiki/How-to-squash-commits Use this command to start an interactive rebase session. Ensure your branch is up-to-date with master before running. ```bash git rebase -i master ``` -------------------------------- ### Retrieve AMI ID in JSON Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/mmds/mmds-user-guide.md Fetches the 'latest/meta-data/ami-id' resource specifically in JSON format. This command is useful for getting a single metadata value. ```bash MMDS_IPV4_ADDR=169.254.170.2 RESOURCE_POINTER_STR=latest/meta-data/ami-id curl -s -H "Accept: application/json" "http://${MMDS_IPV4_ADDR}/${RESOURCE_POINTER_STR}" ``` -------------------------------- ### Configure Guest Driver for virtio-mem (memory_hotplug.memmap_on_memory) Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/memory-hotplug.md Use 'memory_hotplug.memmap_on_memory=1' and 'memhp_default_state=online' when hot-removal is not required and the hotpluggable memory area can be significantly larger than normal memory. ```text memory_hotplug.memmap_on_memory=1 memhp_default_state=online ``` -------------------------------- ### Build Firecracker from Source Source: https://github.com/firecracker-microvm/firecracker/blob/main/README.md Clone the Firecracker repository and build the project using the provided development tools. Ensure Docker is running and bash is installed. ```bash git clone https://github.com/firecracker-microvm/firecracker cd firecracker tools/devtool build toolchain="$(uname -m)-unknown-linux-musl" ``` -------------------------------- ### Dump Guest CPU Configuration Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/cpu_templates/cpu-template-helper.md Retrieves the guest CPU configuration for a specific CPU model. This is the first step in creating a custom CPU template. ```bash cpu-template-helper template dump ``` -------------------------------- ### Create Network Namespace Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/network-for-clones.md Use this command to create a new network namespace for a Firecracker clone. The namespace must exist before starting a clone within it. ```bash sudo ip netns add fc0 ``` -------------------------------- ### Create and Configure Tap Device for MicroVM Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/network-setup.md Use these commands to create a new tap device, assign it an IP address from a /30 subnet, and bring it up. This is a prerequisite for adding a new microVM. ```bash sudo ip tuntap add tap1 mode tap sudo ip addr add 172.16.0.5/30 dev tap1 sudo ip link set tap1 up ``` -------------------------------- ### Load Snapshot with File Memory Backend Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/snapshotting/snapshot-support.md Use this command to load a snapshot using the 'File' memory backend, where the kernel handles page faults. Ensure the snapshot and memory files exist. ```bash curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/snapshot/load' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "snapshot_path": "./snapshot_file", "mem_backend": { "backend_path": "./mem_file", "backend_type": "File" }, "track_dirty_pages": true, "resume_vm": false }' ``` -------------------------------- ### Enable Interactive Console and Spawn MicroVM Source: https://github.com/firecracker-microvm/firecracker/blob/main/tests/README.md Enable the microVM console interactively before spawning the Firecracker process. This setup is necessary for interactive console access. ```python uvm.help.enable_console() uvm.spawn() uvm.basic_config() uvm.start() ... ``` -------------------------------- ### Connect from Host to Guest VSOCK Source: https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md On the host, connect to the AF_UNIX socket and issue a CONNECT command for the desired guest port. This establishes the connection from host to guest. ```bash $ socat - UNIX-CONNECT:./v.sock CONNECT 52 ``` -------------------------------- ### Run Firecracker Integration Tests (Ubuntu/Debian) Source: https://github.com/firecracker-microvm/firecracker/blob/main/tests/README.md Execute Firecracker integration tests using pytest after installing dependencies. Note: This command runs tests as root. ```sh cd tests sudo env /usr/local/bin/pytest integration_tests/functional/test_api.py ```