Skip to content

Instantly share code, notes, and snippets.

@PauloMigAlmeida

PauloMigAlmeida/client.sh

Last active May 21, 2025 10:18
Show Gist options
  • Save PauloMigAlmeida/4765013df9e914c72e47609edc4bf1eb to your computer and use it in GitHub Desktop.
Save PauloMigAlmeida/4765013df9e914c72e47609edc4bf1eb to your computer and use it in GitHub Desktop.
Download ZIP
Firecracker Setup
Raw
client.sh
#!/bin/bash
# Configure machine size
curl --unix-socket /tmp/firecracker.sock -i \
-X PUT 'http://localhost/machine-config' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "vcpu_count": 4, "mem_size_mib": 16384}'
# configure kernel path at firecracker
curl --unix-socket /tmp/firecracker.sock -i \
-X PUT 'http://localhost/boot-source' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "kernel_image_path": "./vmlinux-5.10.198", "boot_args": "console=ttyS0 reboot=k panic=1 pci=off" }'
# configure root fs at firecracker
curl --unix-socket /tmp/firecracker.sock -i \
-X PUT 'http://localhost/drives/rootfs' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "drive_id": "rootfs", "path_on_host": "./rootfs.ext4", "is_root_device": true, "is_read_only": false }'
# Configure network
#sudo ip tuntap add tap0 mode tap
#sudo ip addr add 172.16.0.1/30 dev tap0
#sudo ip link set tap0 up
#echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
#curl --unix-socket /tmp/firecracker.sock -i \
# -X PUT 'http://localhost/network-interfaces/eth0' \
# -H 'Accept: application/json' \
# -H 'Content-Type: application/json' \
# -d '{
# "iface_id": "eth0",
# "guest_mac": "06:00:AC:10:00:02",
# "host_dev_name": "tap0"
# }'
# starting instance
curl --unix-socket /tmp/firecracker.sock -i \
-X PUT 'http://localhost/actions' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "action_type": "InstanceStart" }'
Raw
creating_rootfs.sh
#!/bin/bash
dd if=/dev/zero of=rootfs.ext4 bs=1M count=500
mkfs.ext4 rootfs.ext4
mkdir -p /tmp/my-rootfs
sudo mount rootfs.ext4 /tmp/my-rootfs
docker run -it --rm -v /tmp/my-rootfs:/my-rootfs alpine
# inside the container session
apk add openrc
apk add util-linux
apk add openjdk11
apk add sudo
# change password for root
echo "root:root" | sudo chpasswd
# Set up a login terminal on the serial console (ttyS0):
ln -s agetty /etc/init.d/agetty.ttyS0
echo ttyS0 > /etc/securetty
rc-update add agetty.ttyS0 default
# Make sure special file systems are mounted on boot:
rc-update add devfs boot
rc-update add procfs boot
rc-update add sysfs boot
# Then, copy the newly configured system to the rootfs image:
for d in bin etc lib root sbin usr; do tar c "/$d" | tar x -C /my-rootfs; done
# The above command may trigger the following message:
# tar: Removing leading "/" from member names
# However, this is just a warning, so you should be able to
# proceed with the setup process.
for dir in dev proc run sys var; do mkdir /my-rootfs/${dir}; done
cat <<EOF > /my-rootfs/Main.java
import java.util.Random;
public class Main {
public static void main(String[] args) {
Random random = new Random();
byte[] mem = new byte[2147483546]; // ~4 GB
var i = 0;
while (true) {
// don't let JVM optimise stuff
mem[random.nextInt(mem.length -1)] = (byte)random.nextInt(127);
System.out.printf(
"[uid: %d pid: %d] count: %d\n",
new com.sun.security.auth.module.UnixSystem().getUid(),
ProcessHandle.current().pid(),
i);
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
// do nothing
}
i++;
}
}
}
EOF
# All done, exit docker shell.
exit
# umount
sudo umount /tmp/my-rootfs
Raw
restore.sh
#!/bin/bash
# loading snapshot
time curl --unix-socket /tmp/firecracker.sock -i \
-X PUT 'http://localhost/snapshot/load' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"snapshot_path": "./snapshot_file",
"mem_backend": {
"backend_path": "./mem_file",
"backend_type": "File"
},
"enable_diff_snapshots": true,
"resume_vm": true
}'
Raw
setup.sh
#!/bin/bash
sudo setfacl -m u:${USER}:rw /dev/kvm
curl -L https://github.com/firecracker-microvm/firecracker/releases/download/v1.11.0/firecracker-v1.11.0-x86_64.tgz --output firecracker-v1.11.0-x86_64.tgz
tar zxvf firecracker-v1.11.0-x86_64.tgz
export PATH=$(pwd)/release-v1.11.0-x86_64:$PATH
ln -s ~/release-v1.11.0-x86_64/firecracker-v1.11.0-x86_64 ~/release-v1.11.0-x86_64/firecracker
# Download docker - needed to build the rootfs image
sudo dnf install -y docker
sudo service docker start
sudo usermod -a -G docker ec2-user
exit
# log back again
# Initiate firecracker listener
firecracker --api-sock /tmp/firecracker.sock
Raw
snapshot.sh
#!/bin/bash
curl --unix-socket /tmp/firecracker.sock -i \
-X PATCH 'http://localhost/vm' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"state": "Paused"
}'
time curl --unix-socket /tmp/firecracker.sock -i \
-X PUT 'http://localhost/snapshot/create' \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"snapshot_type": "Full",
"snapshot_path": "./snapshot_file",
"mem_file_path": "./mem_file"
}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment