firecracker-microvm / firectl Goto Github PK

View Code? Open in Web Editor NEW

471.0 22.0 73.0 307 KB

firectl is a command-line tool to run Firecracker microVMs

License: Apache License 2.0

Makefile 4.07% Go 95.93%

cli virtual-machine golang aws firecracker firecracker-vm

firectl's People

Contributors

Stargazers

Watchers

Forkers

nmeyerhans xibz arun-gupta ircody whalesalad westonsteimel avaussant s8sg bgammill galaxyblack samuelkarp luxas rnelsonmwg hakejam rsardinas isgasho mbrukman duzhanyuan aojea forkkit zyqsempai aehren begleybrothers msgpo dreadl0ck devplayer0 an0nym0u5101 simonis kzys combust-labs suryatmodulus luminitavoicu acpana alakesh angristan stjordanis doytsujin kern-- crt-fork franklinharry henry118 liayan defhacks randalloveson vvejell1 turan18 ronak877 joffref tamalsaha aws-aolutions-architect-apprenticeship kyleconroy scratchadams codyro pathcl bryanchance edgeforge ejko36 thedigitaloctopus shakahl iq-scm mecsimcalc fangn2 swagatbora90 thi-startup flyingnnn polomarkodev ellie sheeeng pawelbeza austinvazquez

firectl's Issues

firectl uses a hardcoded firecracker API socket path

Firectl uses ./firecracker.sock as the firecracker API socket path. This is hardcoded and there's no mechanism for overriding it. This should be fixed:

The default API socket should be located in a proper temporary location.
The user should be able to override the default behavior and provide a specific name if desired.

Can't build on latest ArchLinux

Any clue ?
% yay -Sy --needed --noconfirm firectl
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
:: Checking for conflicts...
:: Checking for inner conflicts...
[Aur:1] firectl-0.1.0-1

1 firectl (Build Files Exist)
==> Packages to cleanBuild?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==>
:: PKGBUILD up to date, Skipping (1/0): firectl
1 firectl (Build Files Exist)
==> Diffs to show?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==>
:: (1/1) Parsing SRCINFO: firectl
==> Making package: firectl 0.1.0-1 (Mon May 16 19:35:21 2022)
==> Retrieving sources...
-> Found firectl-0.1.0.tar.gz
==> Validating source files with b2sums...
firectl-0.1.0.tar.gz ... Passed
==> Making package: firectl 0.1.0-1 (Mon May 16 19:35:21 2022)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found firectl-0.1.0.tar.gz
==> Validating source files with b2sums...
firectl-0.1.0.tar.gz ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
-> Extracting firectl-0.1.0.tar.gz with bsdtar
==> Starting prepare()...
github.com/firecracker-microvm/firectl tested by
github.com/firecracker-microvm/firectl.test: package github.com/firecracker-microvm/firectl imports github.com/go-openapi/strfmt from implicitly required module; to add missing requirements, run:
go get github.com/go-openapi/[email protected]
==> ERROR: A failure occurred in prepare().
Aborting...
-> error making: firectl

% go get github.com/go-openapi/[email protected]
go: go.mod file not found in current directory or any parent directory.
'go get' is no longer supported outside a module.
To build and install a command, use 'go install' with a version,
like 'go install example.com/cmd@latest'
For more information, see https://golang.org/doc/go-get-install-deprecation
or run 'go help get' or 'go help install'.

% go install github.com/go-openapi/[email protected]
package github.com/go-openapi/strfmt is not a main package

Update to Firecracker v0.19

There is a new release of Firecracker should't we update this tool also, after firecracker-go-sdk will be updated?

Support building with Podman: make build-in-podman

Support building with Podman:

make build-in-podman

libvirt provider: firectl

This question arose after reading issue #20:

If I understand firectl correctly it appears that firectl is more natural fit as a libvirt provider.
Some benefit would come from that: Such as immediately being available to the world of applications using libvirt, one such sizeable group are Vagrant developers via the Vagrant libvirt provider.

Has libvirt been considered and rejected?

firecracker api is not synced with firectl

When running:

> firectl --firecracker-binary ~/firecracker/firecracker  --kernel ~/hello-vmlinux.bin   --root-drive ~/hello-rootfs.ext4  -t --cpu-template=C3   --firecracker-log=/tmp/firecracker-vmm.log   --kernel-opts="console=ttyS0 noapic reboot=k panic=1 pci=off nomodules rw" --vmm-log-fifo=""  --tap-device 'tap0/AA:FC:00:00:00:01'   --metadata='{"foo":"bar"}'   -s /tmp/fire.sock

I get the following error:

INFO[0000] Called startVMM(), setting up a VMM on /tmp/fire.sock
2020-09-22T10:04:39.366701738 [anonymous-instance:ERROR:src/api_server/src/lib.rs:169] An error occurred when deserializing the json body of a request: unknown field `log_fifo`, expected one of `log_path`, `level`, `show_level`, `show_log_origin` at line 1 column 27.
WARN[0000] setupLogging() returned [PUT /logger][400] putLoggerBadRequest  &{FaultMessage:An error occurred when deserializing the json body of a request: unknown field `log_fifo`, expected one of `log_path`, `level`, `show_level`, `show_log_origin` at line 1 column 27.}. Continuing anyway.
2020-09-22T10:04:39.367103565 [anonymous-instance:ERROR:src/api_server/src/lib.rs:169] Missing mandatory fields.
ERRO[0000] PutMachineConfiguration returned [PUT /machine-config][204] putMachineConfigurationNoContent
WARN[0000] Failed handler "fcinit.CreateMachine": [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:Missing mandatory fields.}
FATA[0000] Failed to start machine: [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:Missing mandatory fields.}

firectl jailer support

I was wondering is there a way to launch a jailed firecracker instance using firectl?

support loading MMDS from file

Hi, MMDS json might be large and also might contain secrets, which should not be visible in command line parameters. Please support loading mmds from file.

Add DCO requirement to documentation

We require commits to have the linux foundation's developer certificate of origin, but we don't mention this requirement anywhere except for buildkite failures in PRs. We should add details about this to CONTRIBUTING.md and possibly a mention in the readme to reduce some of the back and forth for new contributors.

MMDS json might be large and sensitive - support loading it from file

Hi, MMDS json might be large and also might contain secrets, which should not be visible in command line parameters. Please support loading mmds from file.

Clean external shutdown of the guest VM

Is it possible to implement a proper externally triggered shutdown similar to the virsh shutdown functionality in libvirt?

Getting putMachineConfigurationNoContent when I use --disable-hyperthreading

My command:

./firectl \
  --kernel=hello-vmlinux.bin \
  --root-drive=hello-rootfs.ext4  \
  --ncpus=8 \
  --memory=50000 \
  --tap-device=tap0/AA:FC:00:00:00:01

runs fine but when I disable hyperthreading with:

./firectl \
  --kernel=hello-vmlinux.bin \
  --root-drive=rootfs.ext4  \
  --ncpus=8 \
  --memory=50000 \
  --tap-device=tap0/AA:FC:00:00:00:01 \
  -t

I get this error:

INFO[0000] Called startVMM(), setting up a VMM on /home/jayavanth/.firecracker.sock-16505-81 
INFO[0000] VMM logging and metrics disabled.            
2020-07-27T22:10:58.602820013 [anonymous-instance:ERROR:src/api_server/src/lib.rs:225] Missing mandatory fields.
ERRO[0000] PutMachineConfiguration returned [PUT /machine-config][204] putMachineConfigurationNoContent  
WARN[0000] Failed handler "fcinit.CreateMachine": [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:Missing mandatory fields.} 
FATA[0000] Failed to start machine: [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:Missing mandatory fields.}

Debug Output: https://pastebin.com/hYDcTHvN

firectl does not pass socket options to firecracker process

By default, firecracker uses an API socket at /tmp/firecracker.socket. Firectl attempts to override this default and create a unique socket path in a temp directory. From the --help output:

  -s, --socket-path=            path to use for firecracker socket, defaults to a unique file in in the first existing

However, the socket path does not seem to be getting passed to the firecracker process:

$ ./firectl --kernel=~/vmlinux --root-drive=~/image-debootstrap.img
INFO[0000] Called startVMM(), setting up a VMM on /home/admin/.firecracker.sock-35004-81 
2019-02-26T01:51:42.408071099 [anonymous-instance:ERROR:src/main.rs:49] Panic occurred: PanicInfo { payload: Any, message: Some(Cannot create VMM.: Kvm(Error(13))), location: Location { file: "libcore/result.rs", line: 1009, col: 5 } }
2019-02-26T01:51:42.427743984 [anonymous-instance:ERROR:src/main.rs:53] stack backtrace:
   0:           0x55268c - backtrace::backtrace::trace::h7636f2037a19752b
   1:           0x57d8b2 - firecracker::main::{{closure}}::h9c4455b40f8ff3d1
   2:           0x5542fb - std::panicking::rust_panic_with_hook::h7d39a7695d8da98f
                        at libstd/panicking.rs:481
   3:           0x55413d - std::panicking::continue_panic_fmt::ha287897123d4a956
                        at libstd/panicking.rs:391
   4:           0x5566b5 - rust_begin_unwind
                        at libstd/panicking.rs:326
   5:           0x56da9b - core::panicking::panic_fmt::h2155aa66b67fe83c
                        at libcore/panicking.rs:77
   6:           0x459a42 - core::result::unwrap_failed::hcc02818eb22281d3
   7:           0x451c44 - std::sys_common::backtrace::__rust_begin_short_backtrace::h3c840c9c993b2e45
   8:           0x45010d - <F as alloc::boxed::FnBox<A>>::call_box::h0f514b8e7e095144
   9:           0x556f91 - std::sys::unix::thread::Thread::new::thread_start::hbd34cf20156b5b37
                        at liballoc/boxed.rs:656
2019-02-26T01:51:42.427803140 [anonymous-instance:ERROR:src/main.rs:57] Failed to log metrics while panicking: Logger was not initialized.
WARN[0000] firecracker exited: signal: aborted          
INFO[0000] VMM logging and metrics disabled.            
ERRO[0000] PutMachineConfiguration returned [PUT /machine-config][204] putMachineConfigurationNoContent  
WARN[0000] Failed handler "fcinit.CreateMachine": Put http://localhost/machine-config: dial unix /home/admin/.firecracker.sock-35004-81: connect: no such file or directory 
FATA[0000] Failed to start machine: Put http://localhost/machine-config: dial unix /home/admin/.firecracker.sock-35004-81: connect: no such file or directory

Note the last line indicating that firectl wasn't able to communicate with firecracker on /home/admin/.firecracker.sock-35004-81 due to that file not existing.

Investigating somewhat deeper reveals that firecracker is not being given the --socket-path option at all:

$ strace -f -e execve ./firectl --kernel=~/vmlinux --root-drive=~/image-debootstrap.img
...
[pid 35093] execve("/usr/local/bin/firecracker", ["firecracker"], [/* 24 vars */]) = 0
...
FATA[0000] Failed to start machine: Put http://localhost/machine-config: dial unix /home/admin/.firecracker.sock-35075-81: connect: no such file or directory

If we tell firectl to use a socket path that matches firecracker's default, then machine launch is successful:

$ ./firectl --kernel=~/vmlinux --root-drive=~/image-debootstrap.img -s /tmp/firecracker.socket
...
INFO[0000] startInstance successful: [PUT /actions][204] createSyncActionNoContent
...

Create firectl release

In order to get started with firectl, it needs to be built:

sudo yum install -y git
git clone https://github.com/firecracker-microvm/firectl
sudo amazon-linux-extras install -y golang1.11
cd firectl
make

It would be very helpful to have a release, this will make it easy to get started.

Compile firectl statically?

Hi, thanks for this great tool!

I wonder, is there a specific reason firectl is not statically linked? (i.e. specific imports)
Otherwise, I think it'd be good as a general best practice to compile it statically to reduce deps :)

Resolve GitHub actions workflow warnings

Upgrade actions packages, e.g. actions/setup-go, actions/checkout, from v2 to v3 to resolve NodeJS 12 warnings in CI workflow.

Build Error

I am new to go lang.
To install go in my Ubuntu 19.04 system, I used

sudo apt install golang-go

Then after cloning the firectl repository and running make, I got this error.

go build
main.go:24:2: cannot find package "github.com/firecracker-microvm/firecra:
	/usr/lib/go-1.10/src/github.com/firecracker-microvm/firecracker-g)
	/home/madhav/go/src/github.com/firecracker-microvm/firecracker-go)
options.go:28:2: cannot find package "github.com/firecracker-microvm/fire:
	/usr/lib/go-1.10/src/github.com/firecracker-microvm/firecracker-g)
	/home/madhav/go/src/github.com/firecracker-microvm/firecracker-go)
main.go:25:2: cannot find package "github.com/jessevdk/go-flags" in any o:
	/usr/lib/go-1.10/src/github.com/jessevdk/go-flags (from $GOROOT)
	/home/madhav/go/src/github.com/jessevdk/go-flags (from $GOPATH)
options.go:29:2: cannot find package "github.com/pkg/errors" in any of:
	/usr/lib/go-1.10/src/github.com/pkg/errors (from $GOROOT)
	/home/madhav/go/src/github.com/pkg/errors (from $GOPATH)
main.go:26:2: cannot find package "github.com/sirupsen/logrus" in any of:
	/usr/lib/go-1.10/src/github.com/sirupsen/logrus (from $GOROOT)
	/home/madhav/go/src/github.com/sirupsen/logrus (from $GOPATH)
make: *** [Makefile:24: firectl] Error 1

Please help me on what to do.

Remove pkg/errors

https://github.com/pkg/errors has been archived. We can use fmt.Errorf instead.

ARM build of firectl?

Now that firecracker ships ARM builds (https://github.com/firecracker-microvm/firecracker/releases), can we also get an ARM build of firectl added to the releases page?

In the meantime, I can confirm the firectl build works without errors on ARM64:

$ go version
go version go1.13.5 linux/arm64
$ go build
$ ./firectl

Rename master branch to main

We're making changes across the firecracker-microvm org to use inclusive language in documentation, code and branch naming.

This issue tracks renaming https://github.com/firecracker-microvm/firectl master branch to main.

Extract kernel and cmdline from guest disk

As firecracker itself requires the kernel to be provided from the host, firectl relays this requirement. This is okay for environments where either one controls both the hypervisor and the guest, or where it is not desired that the VM itself may provide a kernel[1].

I would however like to be able to pass only a root drive to firectl and have it extract the kernel and/or cmdline from a well-defined path (e. g. /boot/vmlinux and /boot/cmdline). For example, I stumbled upon this issue when I created a VM with the kernel configured as per the sample config, and it wouldn’t mount my XFS root.

I am going to implement this anyway, but I’m glad to submit a patch if you’re not opposed to this feature per se.

[1]: I’m not sure whether kexec would work from inside, though …

Use JailerCommandBuilder instead of JailerConfig directly

The JailerConfig direct usage does not allow setting the netNS which can be set using the JailerCommandBuilder.WithNetNS. Would you consider accepting a PR addressing this?

Update getting started section for 0.2.0

The current section is outdated https://github.com/firecracker-microvm/firectl#getting-started-on-aws. I got it working here, but those changes aren't the best #104

Compatibility with firecracker 1.0

Certain examples fail with an error about the ht_ field:

As per the 1.0 notes:

Renamed /machine-config ht_enabled to smt.
smt field is now optional on PUT /machine-config, defaulting to
false.

The renaming of ht_enabled to smt is a breaking change, so firectl doesn't work out of the box with firecracker 1.0 at the moment.

I'd suggest updating it.

root@firecracker-hacking:~/debian-firecracker# firectl --kernel=debian-vmlinux --root-drive=debian.ext4 --kernel-opts="init=/bin/systemd noapic reboot=k panic=1 pci=off nomodules console=ttyS0"
INFO[0000] Called startVMM(), setting up a VMM on /root/.firecracker.sock-80256-81 
INFO[0000] VMM logging and metrics disabled.            
2022-03-01T16:30:10.007433263 [anonymous-instance:fc_api:ERROR:src/api_server/src/lib.rs:270] An error occurred when deserializing the json body of a request: unknown field `ht_enabled`, expected one of `vcpu_count`, `mem_size_mib`, `smt`, `cpu_template`, `track_dirty_pages` at line 1 column 13.
ERRO[0000] PutMachineConfiguration returned [PUT /machine-config][204] putMachineConfigurationNoContent  
WARN[0000] Failed handler "fcinit.CreateMachine": [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:An error occurred when deserializing the json body of a request: unknown field `ht_enabled`, expected one of `vcpu_count`, `mem_size_mib`, `smt`, `cpu_template`, `track_dirty_pages` at line 1 column 13.} 
FATA[0000] Failed to start machine: [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:An error occurred when deserializing the json body of a request: unknown field `ht_enabled`, expected one of `vcpu_count`, `mem_size_mib`, `smt`, `cpu_template`, `track_dirty_pages` at line 1 column 13.} 
root@firecracker-hacking:~/debian-firecracker#

Adding --disable-hyperthreading works as a workaround whilst we're waiting on a code change / new release here.

document need update

The readme document not work

irectl \
  --kernel=hello-vmlinux.bin \
  --root-drive=hello-rootfs.ext4
INFO[0000] Called startVMM(), setting up a VMM on /root/.firecracker.sock-573867-81 
INFO[0000] VMM logging disabled.                        
INFO[0000] VMM metrics disabled.                        
ERRO[0000] PutMachineConfiguration returned [PUT /machine-config][204] putMachineConfigurationNoContent  
WARN[0000] Failed handler "fcinit.CreateMachine": [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:unknown field `smt`, expected one of `vcpu_count`, `mem_size_mib`, `ht_enabled`, `cpu_template` at line 1 column 25} 
FATA[0000] Failed to start machine: [PUT /machine-config][400] putMachineConfigurationBadRequest  &{FaultMessage:unknown field `smt`, expected one of `vcpu_count`, `mem_size_mib`, `ht_enabled`, `cpu_template` at line 1 column 25}

Go compiler support policy

This thread is to host some discussion on compiler support for the firectl tool.

Simplify firectl invoke

firectl invocation can be simplified with the following defaults:

pick up the latest firecracker binary
pick up the default uncompressed Linux kernel image
pick up the default root filesystem image