thaloco/banger
1
Fork 0
Code Pull requests Releases Packages Activity Actions

Harden kill script and DNS config

Browse source
This commit is contained in:
Thales Maciel 2026-01-29 16:49:54 -03:00
parent 68cf5f2cbb
commit e10a51558e
No known key found for this signature in database
GPG key ID: 33112E6833C34679
3 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -25,7 +25,6 @@ Minimal Firecracker launcher.
- `--vcpu`: defaults to 2, max 16. - `--vcpu`: defaults to 2, max 16.
- `--ram`: MiB, defaults to 1024, max 32768. - `--ram`: MiB, defaults to 1024, max 32768.
- `--disk-size`: M/G suffixes supported; must be >= base `rootfs.ext4` size. Requires `resize2fs`. - `--disk-size`: M/G suffixes supported; must be >= base `rootfs.ext4` size. Requires `resize2fs`.
- `DNS_SERVERS`: optional env var for resolv.conf (default: `1.1.1.1`). Requires `debugfs`.
## SSH ## SSH
``` ```

10
kill.sh
View file

@ -77,10 +77,20 @@ fi
INFO_FILE="$(find_vm_info "$QUERY")" INFO_FILE="$(find_vm_info "$QUERY")"
PID="$(get_prop "$INFO_FILE" "pid")" PID="$(get_prop "$INFO_FILE" "pid")"
API_SOCK="$(get_prop "$INFO_FILE" "api_sock")"
if [[ -z "$PID" ]]; then if [[ -z "$PID" ]]; then
log "pid not found in $INFO_FILE" log "pid not found in $INFO_FILE"
exit 1 exit 1
fi fi
if [[ -z "$API_SOCK" ]]; then
log "api_sock not found in $INFO_FILE"
exit 1
fi
if ! ps -p "$PID" -o comm=,args= 2>/dev/null | rg -q "firecracker.*--api-sock $API_SOCK"; then
log "pid $PID does not match a running VM"
exit 1
fi
log "sending SIG$SIGNAL to pid $PID" log "sending SIG$SIGNAL to pid $PID"
sudo kill "-$SIGNAL" "$PID" sudo kill "-$SIGNAL" "$PID"

9
run.sh
View file

@ -42,7 +42,7 @@ MAX_VCPU=16
MIN_RAM=256 MIN_RAM=256
MAX_RAM=32768 MAX_RAM=32768
MAX_DISK_BYTES=$((128 * 1024 * 1024 * 1024)) MAX_DISK_BYTES=$((128 * 1024 * 1024 * 1024))
DNS_SERVERS="${DNS_SERVERS:-1.1.1.1}" DNS_SERVER="1.1.1.1"
VCPU_COUNT="$DEFAULT_VCPU" VCPU_COUNT="$DEFAULT_VCPU"
RAM_MIB="$DEFAULT_RAM" RAM_MIB="$DEFAULT_RAM"
@ -266,10 +266,7 @@ if ! command -v debugfs >/dev/null 2>&1; then
exit 1 exit 1
fi fi
RESOLV_TMP="$VM_DIR/resolv.conf" RESOLV_TMP="$VM_DIR/resolv.conf"
printf '' >"$RESOLV_TMP" printf 'nameserver %s\n' "$DNS_SERVER" >"$RESOLV_TMP"
for ns in ${DNS_SERVERS//,/ }; do
printf 'nameserver %s\n' "$ns" >>"$RESOLV_TMP"
done
debugfs -w -R "write $RESOLV_TMP /etc/resolv.conf" "$DISK_PATH" >/dev/null 2>&1 || { debugfs -w -R "write $RESOLV_TMP /etc/resolv.conf" "$DISK_PATH" >/dev/null 2>&1 || {
log "failed to write /etc/resolv.conf into rootfs" log "failed to write /etc/resolv.conf into rootfs"
exit 1 exit 1
@ -340,7 +337,7 @@ log "configuring machine"
# Boot source # Boot source
log "configuring boot source" log "configuring boot source"
KCMD="console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw ip=${GUEST_IP}::${BR_IP}:255.255.255.0::eth0:off hostname=${VM_NAME}" KCMD="console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw ip=${GUEST_IP}::${BR_IP}:${DNS_SERVER}:255.255.255.0::eth0:off hostname=${VM_NAME}"
"${CURL_CMD[@]}" --unix-socket "$API_SOCK" -X PUT http://localhost/boot-source \ "${CURL_CMD[@]}" --unix-socket "$API_SOCK" -X PUT http://localhost/boot-source \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \