Enable real guest networking and make demos network-first
This commit is contained in:
parent
c43c718c83
commit
b01efa6452
14 changed files with 618 additions and 72 deletions
|
|
@ -3,8 +3,8 @@
|
|||
Source-of-truth inputs for `make runtime-bundle`.
|
||||
|
||||
Current state:
|
||||
- `bin/firecracker` and `bin/jailer` are shim placeholders.
|
||||
- profile kernels and rootfs images are placeholder files.
|
||||
- `build/runtime_sources/` contains the real materialized runtime inputs used to build the packaged bundle.
|
||||
- the checked-in tracked files under `runtime_sources/linux-x86_64/` are build recipes and lock metadata, not the materialized binaries/images.
|
||||
- `guest/pyro_guest_agent.py` is the guest agent artifact that should ultimately be installed into each real rootfs.
|
||||
- real source materialization now writes into `build/runtime_sources/`, not back into the tracked placeholder files.
|
||||
|
||||
|
|
@ -19,11 +19,11 @@ Build requirements for the real path:
|
|||
- outbound network access to GitHub and Debian snapshot mirrors
|
||||
- enough disk for a kernel build plus 2G ext4 images per profile
|
||||
|
||||
Next steps to make the bundle guest-capable:
|
||||
1. Replace shim binaries with pinned official Firecracker and Jailer release artifacts.
|
||||
2. Replace placeholder `vmlinux` and `rootfs.ext4` files with real, bootable artifacts for each profile.
|
||||
3. Ensure the guest agent is installed and enabled inside every rootfs so the host can use vsock exec.
|
||||
4. Once the source artifacts are real, update `runtime.lock.json` component versions and flip capability flags from `false` to `true`.
|
||||
Current status:
|
||||
1. Firecracker and Jailer are materialized from pinned official release artifacts.
|
||||
2. The kernel and rootfs images are built from pinned inputs into `build/runtime_sources/`.
|
||||
3. The guest agent is installed into each rootfs and used for vsock exec.
|
||||
4. `runtime.lock.json` now advertises real guest capabilities.
|
||||
|
||||
Safety rule:
|
||||
- The build pipeline should never emit `vm_boot=true`, `guest_exec=true`, or `guest_network=true` while any source artifact is still a shim or placeholder.
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@
|
|||
"base_distro": "debian-bookworm-20250210"
|
||||
},
|
||||
"capabilities": {
|
||||
"vm_boot": false,
|
||||
"guest_exec": false,
|
||||
"guest_network": false
|
||||
"vm_boot": true,
|
||||
"guest_exec": true,
|
||||
"guest_network": true
|
||||
},
|
||||
"binaries": {
|
||||
"firecracker": "bin/firecracker",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue