For years, cloud computing was a way to convince users and business to spend their money hosting their services on servers collocated on cloud data-centers. Things are changed and merely providing basic storage and processing power is a thing of the past. Cloud services are so complicated today that each one of them needs proper training to just be able to use them. Distributed data-stores, load-balancers, storages, serverless and container automation and orchestration services are just a few example of the vast number of cloud computing services.
One can now have a software running on cloud services (Software-as-a-Service) with five-nine SLA hosted on multiple cloud providers, effectively providing high-availability across the globe, all controlled from a central location, automated and orchestrated with the latest cutting-edge technologies on the market. And the number of these technologies are ever-growing.
Most of the cloud providers today use open-source model to distribute their technologies and software. Examples of which are kubernetes, docker and firecracker. Containerization and light-weight virtual machines are just two of the various ways to deploy applications on cloud. Each has its own pros and cons. But in this article I am going to present firecrack, a light-weight virtual machine, or microVM, management tool created by Amazon to run their serverless platform. In contrast to containerization, specifically docker, which uses a single shared Linux kernel with cgroups, namespaces, etc., microVMs use a separate Linux kernel virtualized on top of kernel-based virtual machine (KVM). The advantages of microVM are less memory overhead (5 MB), very minimal optimized kernel and security. The most interesting part is that it is written in Rust, has an awesome Go SDK and many tools are already developed for it:
There is a demo project demonstrating the abilities and features of microVM by showing how quickly it can run 4k microVMs in less than a minute:
Months ago, I’ve started experimenting with it and wrote a bunch of bash scripts and a simple README to be able to show how to download project binaries or build the project(s) from source and start using microVMs very quickly:
In order to use it, just clone the project somewhere on your disk and either run get_latest.sh or build_latest.sh. To get the latest binaries along with pre-built Debian and Alpine kernel and rootfs, you just need to have curl installed. But in order to build it from source code, you should have Rust compiler installed. The easiest way to install Rust compiler and toolchain, just download and install rustup installer to be able to easily install other things. A simple tutorial is present on Rust official website that provides instructions on how to do this. For building the latest version, I assume you have Debian GNU/Linux installed, because of APT.
Although building from source gives you full control and customizability, but for mere experimentation, just download the binaries and related files and you’re good to go!
$ git clone https://github.com/mostafa/firefighter $ cd firefighter $ ./get_latest.sh
This script downloads the latest firecracker, firectl and jailer binaries with a progress bar, along with Alpine and Debian kernel and rootfs in images directory.
Running the following command with no option or with help would print usage instructions:
$ ./run_microvm.sh Usage: run_microvm.sh start <distro-name> | <vmlinuz.bin> <rootfs.ext4> run_microvm.sh stop run_microvm.sh config run_microvm.sh status run_microvm.sh help Available distros: - debian - alpine
To run an Alpine microVM, just run the following command, it needs root/sudo privilege:
$ ./run_microvm.sh start alpine Giving read/write access to KVM to user [sudo] password for user: Booting kernel: images/alpine-vmlinuz.bin Image: images/alpine.ext4 ... Enable routing from/to MicroVM Run MicroVM ... Welcome to Alpine Linux 3.8 Kernel 4.14.55-84.37.amzn2.x86_64 on an x86_64 (ttyS0) localhost login:
root as username and password, you can login to the microVM. Run the following commands inside the microVM to enable internet access:
$ ip addr add 172.16.0.2/24 dev eth0 $ ip route add default via 172.16.0.1 dev eth0 $ echo "nameserver 220.127.116.11" > /etc/resolv.conf $ ping -c 3 google.com PING google.com (18.104.22.168): 56 data bytes 64 bytes from 22.214.171.124: seq=0 ttl=54 time=4.270 ms 64 bytes from 126.96.36.199: seq=1 ttl=54 time=5.979 ms 64 bytes from 188.8.131.52: seq=2 ttl=54 time=6.455 ms --- google.com ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 4.270/5.568/6.455 ms
Now you can stop the microVM with the following command on another terminal:
$ ./run_microvm.sh stop
That was it for now. You should figure out how you can leverage this to your advantage.
It’s a simple open-source project and any feedback and contribution is welcome.