Add runtime options and schema
This commit is contained in:
parent
e4039ca7e9
commit
eedc1fe1d8
4 changed files with 2034 additions and 24 deletions
|
|
@ -17,6 +17,15 @@ Minimal Firecracker launcher.
|
|||
./run.sh
|
||||
```
|
||||
|
||||
## Run Options
|
||||
```
|
||||
./run.sh --name calm_otter --vcpu 4 --ram 2048 --disk-size 6G
|
||||
```
|
||||
- `--name`: must be unique and match `[a-z0-9][a-z0-9_-]{0,63}`.
|
||||
- `--vcpu`: defaults to 2, max 16.
|
||||
- `--ram`: MiB, defaults to 1024, max 32768.
|
||||
- `--disk-size`: M/G suffixes supported; must be >= base `rootfs.ext4` size. Requires `resize2fs`.
|
||||
|
||||
## SSH
|
||||
```
|
||||
ssh -i "./id_ed25519" root@<guest_ip>
|
||||
|
|
|
|||
1786
firecracker-api.yaml
Normal file
1786
firecracker-api.yaml
Normal file
File diff suppressed because it is too large
Load diff
222
run.sh
222
run.sh
|
|
@ -5,9 +5,22 @@ log() {
|
|||
printf '[spawn] %s\n' "$*"
|
||||
}
|
||||
|
||||
usage() {
|
||||
cat <<'EOF'
|
||||
Usage: ./run.sh [options]
|
||||
|
||||
Options:
|
||||
--name <name> VM name (lowercase letters, digits, -, _)
|
||||
--vcpu <count> vCPU count (default: 2)
|
||||
--ram <mib> RAM in MiB (default: 1024)
|
||||
--disk-size <size> Root disk size (e.g. 4G, 10240M); must be >= base image
|
||||
-h, --help Show this help
|
||||
EOF
|
||||
}
|
||||
|
||||
log "starting"
|
||||
|
||||
DIR="$(pwd)"
|
||||
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
STATE="$DIR/state"
|
||||
mkdir -p "$STATE"
|
||||
|
||||
|
|
@ -15,18 +28,145 @@ FC_BIN="$DIR/firecracker"
|
|||
KERNEL="$DIR/vmlinux"
|
||||
ROOTFS="$DIR/rootfs.ext4"
|
||||
SSH_KEY="$DIR/id_ed25519"
|
||||
NAMEGEN="$DIR/namegen"
|
||||
|
||||
BR_DEV="br-fc"
|
||||
BR_IP="172.16.0.1"
|
||||
CIDR="24"
|
||||
|
||||
DEFAULT_VCPU=2
|
||||
DEFAULT_RAM=1024
|
||||
MAX_VCPU=16
|
||||
MAX_RAM=32768
|
||||
MAX_DISK_BYTES=$((128 * 1024 * 1024 * 1024))
|
||||
|
||||
VCPU_COUNT="$DEFAULT_VCPU"
|
||||
RAM_MIB="$DEFAULT_RAM"
|
||||
DISK_SIZE=""
|
||||
VM_NAME=""
|
||||
|
||||
shopt -s nullglob
|
||||
|
||||
name_taken() {
|
||||
local candidate="$1"
|
||||
local info existing_name
|
||||
for info in "$STATE"/vm-*/info; do
|
||||
existing_name="$(awk -F= '$1=="name"{print $2}' "$info")"
|
||||
if [[ "$existing_name" == "$candidate" ]]; then
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
parse_disk_size() {
|
||||
local raw="$1"
|
||||
if [[ "$raw" =~ ^([0-9]+)([KMG])?$ ]]; then
|
||||
local num="${BASH_REMATCH[1]}"
|
||||
local unit="${BASH_REMATCH[2]}"
|
||||
case "$unit" in
|
||||
K) echo $((num * 1024)) ;;
|
||||
M|"") echo $((num * 1024 * 1024)) ;;
|
||||
G) echo $((num * 1024 * 1024 * 1024)) ;;
|
||||
esac
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--name)
|
||||
VM_NAME="${2:-}"
|
||||
shift 2
|
||||
;;
|
||||
--vcpu)
|
||||
VCPU_COUNT="${2:-}"
|
||||
shift 2
|
||||
;;
|
||||
--ram)
|
||||
RAM_MIB="${2:-}"
|
||||
shift 2
|
||||
;;
|
||||
--disk-size)
|
||||
DISK_SIZE="${2:-}"
|
||||
shift 2
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
log "unknown option: $1"
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if ! [[ "$VCPU_COUNT" =~ ^[0-9]+$ ]]; then
|
||||
log "invalid --vcpu value: $VCPU_COUNT"
|
||||
exit 1
|
||||
fi
|
||||
if (( VCPU_COUNT < 1 || VCPU_COUNT > MAX_VCPU )); then
|
||||
log "vcpu must be between 1 and $MAX_VCPU"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [[ "$RAM_MIB" =~ ^[0-9]+$ ]]; then
|
||||
log "invalid --ram value: $RAM_MIB"
|
||||
exit 1
|
||||
fi
|
||||
if (( RAM_MIB < 256 || RAM_MIB > MAX_RAM )); then
|
||||
log "ram must be between 256 and $MAX_RAM MiB"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
DISK_BYTES=""
|
||||
if [[ -n "$DISK_SIZE" ]]; then
|
||||
if ! DISK_BYTES="$(parse_disk_size "$DISK_SIZE")"; then
|
||||
log "invalid --disk-size value: $DISK_SIZE"
|
||||
exit 1
|
||||
fi
|
||||
if (( DISK_BYTES > MAX_DISK_BYTES )); then
|
||||
log "disk-size exceeds max of $((MAX_DISK_BYTES / 1024 / 1024 / 1024))G"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z "$VM_NAME" ]]; then
|
||||
if [[ ! -x "$NAMEGEN" ]]; then
|
||||
log "name generator not found: $NAMEGEN"
|
||||
exit 1
|
||||
fi
|
||||
for _ in $(seq 1 20); do
|
||||
VM_NAME="$("$NAMEGEN")"
|
||||
if ! name_taken "$VM_NAME"; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ -z "$VM_NAME" ]]; then
|
||||
log "failed to generate a unique name"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [[ "$VM_NAME" =~ ^[a-z0-9][a-z0-9_-]{0,63}$ ]]; then
|
||||
log "invalid --name value: $VM_NAME"
|
||||
exit 1
|
||||
fi
|
||||
if name_taken "$VM_NAME"; then
|
||||
log "name already in use: $VM_NAME"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VM_ID="$(head -c 32 /dev/urandom | xxd -p -c 256)"
|
||||
VM_TAG="${VM_ID:0:8}"
|
||||
VM_NAME="$(./namegen)"
|
||||
VM_DIR="$STATE/vm-$VM_ID"
|
||||
mkdir -p "$VM_DIR"
|
||||
|
||||
API_SOCK="$VM_DIR/firecracker.sock"
|
||||
API_SOCK="$STATE/fc-$VM_TAG.sock"
|
||||
LOG_FILE="$VM_DIR/firecracker.log"
|
||||
TAP_DEV="tap-fc-$VM_TAG"
|
||||
|
||||
|
|
@ -37,10 +177,45 @@ GUEST_IP="172.16.0.$NEXT_IP"
|
|||
echo "$((NEXT_IP + 1))" > "$NEXT_IP_FILE"
|
||||
|
||||
log "vm id: $VM_ID"
|
||||
log "vm name: $VM_NAME"
|
||||
log "allocated guest ip: $GUEST_IP"
|
||||
|
||||
sudo -v
|
||||
|
||||
VM_STARTED=0
|
||||
CLEANUP_ON_EXIT=0
|
||||
KEEP_VM_DIR_ON_FAIL=1
|
||||
DISK_PATH="$ROOTFS"
|
||||
|
||||
cleanup() {
|
||||
local exit_code=$?
|
||||
if [[ "$VM_STARTED" -eq 1 && "$CLEANUP_ON_EXIT" -eq 0 ]]; then
|
||||
return
|
||||
fi
|
||||
log "cleaning up"
|
||||
if [[ -n "${FC_PID:-}" ]]; then
|
||||
sudo kill "$FC_PID" 2>/dev/null || true
|
||||
fi
|
||||
if [[ -n "${TAP_DEV:-}" ]]; then
|
||||
sudo ip link del "$TAP_DEV" 2>/dev/null || true
|
||||
fi
|
||||
rm -f "${API_SOCK:-}"
|
||||
if [[ -n "${VM_DIR:-}" && -d "$VM_DIR" ]]; then
|
||||
if [[ "$KEEP_VM_DIR_ON_FAIL" -eq 0 || "$VM_STARTED" -eq 1 || "$CLEANUP_ON_EXIT" -eq 1 ]]; then
|
||||
rm -rf "$VM_DIR"
|
||||
fi
|
||||
fi
|
||||
return "$exit_code"
|
||||
}
|
||||
|
||||
on_signal() {
|
||||
CLEANUP_ON_EXIT=1
|
||||
exit 1
|
||||
}
|
||||
|
||||
trap cleanup EXIT
|
||||
trap on_signal INT TERM
|
||||
|
||||
FC_USE_SUDO="${FC_USE_SUDO:-1}"
|
||||
FC_RUN=("$FC_BIN")
|
||||
CURL_CMD=(curl)
|
||||
|
|
@ -59,6 +234,25 @@ else
|
|||
log "setcap not available; firecracker may need root to open TAP"
|
||||
fi
|
||||
|
||||
if [[ -n "$DISK_BYTES" ]]; then
|
||||
if ! command -v resize2fs >/dev/null 2>&1; then
|
||||
log "resize2fs required for --disk-size"
|
||||
exit 1
|
||||
fi
|
||||
DISK_PATH="$VM_DIR/rootfs.ext4"
|
||||
cp --reflink=auto "$ROOTFS" "$DISK_PATH"
|
||||
BASE_BYTES="$(stat -c%s "$ROOTFS")"
|
||||
if (( DISK_BYTES < BASE_BYTES )); then
|
||||
log "disk-size must be >= base image size"
|
||||
exit 1
|
||||
fi
|
||||
if (( DISK_BYTES > BASE_BYTES )); then
|
||||
log "resizing rootfs to $DISK_SIZE"
|
||||
truncate -s "$DISK_BYTES" "$DISK_PATH"
|
||||
resize2fs "$DISK_PATH" >/dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
# Host bridge
|
||||
if ! ip link show "$BR_DEV" >/dev/null 2>&1; then
|
||||
log "creating host bridge $BR_DEV ($BR_IP/$CIDR)"
|
||||
|
|
@ -93,7 +287,14 @@ for _ in $(seq 1 200); do
|
|||
[[ -S "$API_SOCK" ]] && break
|
||||
sleep 0.02
|
||||
done
|
||||
[[ -S "$API_SOCK" ]] || { log "firecracker api socket not ready"; exit 1; }
|
||||
if [[ ! -S "$API_SOCK" ]]; then
|
||||
log "firecracker api socket not ready"
|
||||
if [[ -f "$LOG_FILE" ]]; then
|
||||
log "firecracker log (tail)"
|
||||
tail -n 20 "$LOG_FILE" || true
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
log "api socket ready"
|
||||
|
||||
if [[ "$FC_USE_SUDO" == "1" ]]; then
|
||||
|
|
@ -109,11 +310,11 @@ echo "$FC_PID" > "$VM_DIR/pid"
|
|||
log "configuring machine"
|
||||
"${CURL_CMD[@]}" --unix-socket "$API_SOCK" -X PUT http://localhost/machine-config \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{
|
||||
"vcpu_count": 2,
|
||||
"mem_size_mib": 1024,
|
||||
"smt": false
|
||||
}' >/dev/null
|
||||
-d "{
|
||||
\"vcpu_count\": $VCPU_COUNT,
|
||||
\"mem_size_mib\": $RAM_MIB,
|
||||
\"smt\": false
|
||||
}" >/dev/null
|
||||
|
||||
# Boot source
|
||||
log "configuring boot source"
|
||||
|
|
@ -132,7 +333,7 @@ log "attaching root filesystem"
|
|||
-H "Content-Type: application/json" \
|
||||
-d "{
|
||||
\"drive_id\": \"rootfs\",
|
||||
\"path_on_host\": \"$ROOTFS\",
|
||||
\"path_on_host\": \"$DISK_PATH\",
|
||||
\"is_root_device\": true,
|
||||
\"is_read_only\": false
|
||||
}" >/dev/null
|
||||
|
|
@ -151,6 +352,7 @@ log "starting virtual machine"
|
|||
"${CURL_CMD[@]}" --unix-socket "$API_SOCK" -X PUT http://localhost/actions \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{ "action_type": "InstanceStart" }' >/dev/null
|
||||
VM_STARTED=1
|
||||
|
||||
cat > "$VM_DIR/info" <<EOF
|
||||
vm_id=$VM_ID
|
||||
|
|
|
|||
21
verify.sh
21
verify.sh
|
|
@ -6,7 +6,9 @@ log() {
|
|||
}
|
||||
|
||||
cleanup() {
|
||||
if [[ -n "${VM_INFO:-}" && -f "$VM_INFO" ]]; then
|
||||
if [[ -z "${VM_INFO:-}" || ! -f "$VM_INFO" ]]; then
|
||||
return
|
||||
fi
|
||||
# shellcheck disable=SC1090
|
||||
source "$VM_INFO"
|
||||
if [[ -n "${pid:-}" ]]; then
|
||||
|
|
@ -18,15 +20,21 @@ cleanup() {
|
|||
if [[ -n "${vm_dir:-}" ]]; then
|
||||
rm -rf "$vm_dir"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
trap cleanup EXIT
|
||||
|
||||
log "starting VM"
|
||||
./run.sh
|
||||
if ! ./run.sh; then
|
||||
log "run.sh failed"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VM_DIR="$(ls -dt state/vm-* | head -n 1)"
|
||||
VM_DIR="$(find state -maxdepth 1 -type d -name 'vm-*' -printf '%T@ %p\n' 2>/dev/null | sort -nr | head -n 1 | awk '{print $2}')"
|
||||
if [[ -z "$VM_DIR" ]]; then
|
||||
log "no VM state directory found"
|
||||
exit 1
|
||||
fi
|
||||
VM_INFO="$VM_DIR/info"
|
||||
if [[ ! -f "$VM_INFO" ]]; then
|
||||
log "info file not found: $VM_INFO"
|
||||
|
|
@ -37,6 +45,11 @@ fi
|
|||
source "$VM_INFO"
|
||||
vm_dir="$VM_DIR"
|
||||
|
||||
if [[ -z "${name:-}" || -z "${created_at:-}" || -z "${guest_ip:-}" ]]; then
|
||||
log "missing name or created_at in info file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
log "asserting VM is reachable via SSH"
|
||||
ssh -i "./id_ed25519" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
|
||||
"root@${guest_ip}" "uname -a" >/dev/null
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue