Categorygithub.com/firecracker-microvm/firecracker-go-sdk
modulepackage
1.0.0
Repository: https://github.com/firecracker-microvm/firecracker-go-sdk.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
34
Dependents
28
Files
3.2k SLOC

# README

A basic Go interface to the Firecracker API

Build status GoDoc

This package is a Go library to interact with the Firecracker API. It is designed as an abstraction of the OpenAPI-generated client that allows for convenient manipulation of Firecracker VM from Go programs.

There are some Firecracker features that are not yet supported by the SDK. These are tracked as GitHub issues with the firecracker-feature label . Contributions to address missing features are welcomed.

Developing

Please see HACKING

Building

This library requires Go 1.11 and Go modules to build. A Makefile is provided for convenience, but is not required. When using the Makefile, you can pass additional flags to the Go compiler via the EXTRAGOARGS make variable.

Tools

There's a firectl tool that provides a simple command-line interface to launching a firecracker VM. It also serves as an example client of this SDK.

Network configuration

Firecracker, by design, only supports Linux tap devices. The SDK provides facilities to:

  • Attach a pre-created tap device, optionally with static IP configuration, to the VM. This is referred to as a "static network interface".
  • Create a tap device via CNI plugins, which will then be attached to the VM automatically by the SDK. This is referred to as a "CNI-configured network interface"

CNI

If a VM is configured with a CNI-configured network interface, by default CNI configuration files will be sought from /etc/cni/conf.d and CNI plugins will be sought under /opt/cni/bin (both of these values can be overridden via API fields). CNI network lists must be specified in a configuration file at this time.

It's currently highly recommended to use CNI configuration that includes tc-redirect-tap as a chained plugin. This will allow you to adapt pre-existing CNI plugins/configuration to a tap device usable by a Firecracker VM.

Example

With the following file at /etc/cni/conf.d/fcnet.conflist:

{
  "name": "fcnet",
  "cniVersion": "0.3.1",
  "plugins": [
    {
      "type": "ptp",
      "ipMasq": true,
      "ipam": {
        "type": "host-local",
        "subnet": "192.168.127.0/24",
        "resolvConf": "/etc/resolv.conf"
      }
    },
    {
      "type": "firewall"
    },
    {
      "type": "tc-redirect-tap"
    }
  ]
}

and the ptp, host-local, firewall, and tc-redirect-tap CNI plugin binaries installed under /opt/cni/bin, you can specify, in the Go SDK API, a Machine with the following NetworkInterface:

{
  NetworkInterfaces: []firecracker.NetworkInterface{{
    CNIConfiguration: &firecracker.CNIConfiguration{
      NetworkName: "fcnet",
      IfName: "veth0",
    },
  }}
}

Note that NetworkName in the CNIConfiguration of the API matches the name field specified inside the /etc/cni/conf.d/fcnet.conflist file.

With the above configuration, when the Firecracker VM is started the SDK will invoke CNI and place the final VM inside the resultant network namespace. The end result being:

  • Outside the network namespace, a single veth endpoint created by the ptp plugin will exist with a static IP from the host-local plugin (i.e. 192.168.127.1)
    • Users can obtain the IP address and other static network configuration generated for their machine via CNI by inspecting the network interface's StaticConfiguration field, which will be automatically filled out after the machine has been started.
    • The IP address, for example, can be obtained at NetworkInterfaces[0].StaticConfiguration.IPConfiguration.IPAddr after a call to the machine object's Start method succeeds.
  • Inside the VM's network namespace:
    • The other side of the veth device will exist with name veth0, as specified by the IfName parameter above, and a different IP (i.e. 192.168.127.2)
    • The tap device created by tc-redirect-tap, which will not have an IP but will have all of its traffic mirrored with the veth0 device
  • Inside the actual Firecracker VM guest:
    • A network interface with the same IP as that of veth0 (i.e. 192.168.127.2)
    • Traffic sent on this device will be mirrored with the external veth0 device, so from a practical perspective the VM's internal network interface will externally appear the same as veth0
    • The internal name of the interface is determined by the Guest OS, not the Firecracker Go SDK.

Note that the ptp and host-local plugins are not required, they are just used in this example. The tc-redirect-tap plugin can be chained after any CNI plugin that creates a network interface. It will setup the tap device to be mirrored with the IfName device created by any previous plugin. Any IP configuration on that IfName device will be applied statically to the VM's internal network interface on boot.

Also note that use of CNI-configured network interfaces will require the SDK to be running with at least CAP_SYS_ADMIN and CAP_NET_ADMIN Linux capabilities (in order to have the ability to create and configure network namespaces).

Network Setup Limitations

These limitations are a result of the current implementation and may be lifted in the future:

  • For a given VM, if a CNI-configured network interface is specified or a static interface that includes IP configuration is specified, the VM can only have a single network interface, not multiple.
    • Users can specify multiple static interfaces as long as none of them include IP configuration.
  • DNS nameserver settings will only be effective if the VM's rootfs makes /etc/resolv.conf be a symlink to /proc/net/pnp.
  • Only up to 2 DNS nameservers can be configured within the VM internally.
    • If a static network interface specifies more than 2, an error will be returned.
    • If a CNI-configured network interface receives more than 2 nameservers from the CNI invocation result, the nameservers after the second will be ignored without error (in order to be compatible with pre-existing CNI plugins/configuration).

Questions?

Please use GitHub issues to report problems, discuss roadmap items, or make feature requests.

If you've discovered an issue that may have security implications to users or developers of this software, please do not report it using GitHub issues, but instead follow Firecracker's security reporting guidelines.

Other discussion: For general discussion, please join us in the #general channel on the Firecracker Slack.

License

This library is licensed under the Apache 2.0 License.

# Packages

No description provided by the author
No description provided by the author
Copyright Amazon.com, Inc.
No description provided by the author

# Functions

Bool will return a pointer value of the given parameter.
BoolValue will return a boolean value.
Int will return a pointer value of the given parameters.
Int64 will return a pointer value of the given parameter.
Int64Value will return an int64 value.
IntValue will return an int value.
LinkFilesHandler creates a new link files handler that will link files to the rootfs.
NewBalloonDevice will return a new BalloonDevice.
NewClient creates a Client.
NewCreateBalloonHandler is a named handler that put a memory balloon into the firecracker process.
NewDrivesBuilder will return a new DrivesBuilder with a given rootfs.
NewJailerCommandBuilder will return a new jailer command builder with the proper default value initialized.
NewMachine initializes a new Machine instance and performs validation of the provided Config.
NewNaiveChrootStrategy returns a new NaivceChrootStrategy.
NewRateLimiter will construct a new RateLimiter with given parameters.
NewSetMetadataHandler is a named handler that puts the metadata into the firecracker process.
NewUnixSocketTransport creates a new clientTransport configured at the specified Unix socketPath.
String will return a pointer value of the given parameter.
StringValue will return a string value.
WithCacheType sets the cache strategy for the block device.
WithClient will use the client in place rather than the client constructed during bootstrapping of the machine.
WithDriveID sets the ID of the drive.
WithIoEngine sets the io engine of the drive Defaults to Sync, Async is in developer preview at the moment https://github.com/firecracker-microvm/firecracker/blob/v1.1.0/docs/api_requests/block-io-engine.md.
WithLogger will allow for the Machine to use the provided logger.
WithOpsClient will return a functional option and replace the operations client.
WithPartuuid sets the unique ID of the boot partition.
WithProcessRunner will allow for a specific command to be run instead of the default firecracker command.
WithRateLimiter sets the rate limitter of the drive.
WithReadOnly sets the drive read-only.
WithSnapshot will allow for the machine to start using a given snapshot.
WithStatsPollingIntervals is a functional option which sets the time in seconds between refreshing statistics.

# Constants

Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
No description provided by the author
No description provided by the author
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Handler name constants.
Version represents the current version of the SDK.

# Variables

AddVsocksHandler is a named handler that adds vsocks to the firecracker process.
AttachDrivesHandler is a named handler that will attach all drives for the firecracker process.
BootstrapLoggingHandler is a named handler that will set up fifo logging of firecracker process.
ConfigMmdsHandler is a named handler that puts the MMDS config into the firecracker process.
ConfigValidationHandler is used to validate that required fields are present.
CreateBootSourceHandler is a named handler that will set up the booting process of the firecracker process.
CreateLogFilesHandler is a named handler that will create the fifo log files.
CreateMachineHandler is a named handler that will "create" the machine and upload any necessary configuration to the firecracker process.
CreateNetworkInterfacesHandler is a named handler that registers network interfaces with the Firecracker VMM.
ErrAlreadyStarted signifies that the Machine has already started and cannot be started again.
ErrMissingJailerConfig will occur when entering jailer logic but the jailer config had not been specified.
ErrRequiredHandlerMissing occurs when a required handler is not present in the handler list.
JailerConfigValidationHandler is used to validate that required fields are present.
LoadSnapshotConfigValidationHandler is used to validate that required fields are present.
LoadSnapshotHandler is a named handler that loads a snapshot from the specified filepath.
No description provided by the author
SetupKernelArgsHandler is a named handler that will update any kernel boot args being provided to the VM based on the other configuration provided, if needed.
SetupNetworkHandler is a named handler that will setup the network namespace and network interface configuration prior to the Firecracker VMM starting.
StartVMMHandler is a named handler that will handle starting of the VMM.

# Structs

BalloonDevice is a builder that will create a balloon used to set up the firecracker microVM.
Client is a client for interacting with the Firecracker API.
CNIConfiguration specifies the CNI parameters that will be used to generate the network namespace and tap device used by a Firecracker interface.
Config is a collection of user-configurable VMM settings.
DrivesBuilder is a builder that will build an array of drives used to set up the firecracker microVM.
Handler represents a named handler that contains a name and a function which is used to execute during the initialization process of a machine.
HandlerList represents a list of named handler that can be used to execute a flow of instructions for a given machine.
Handlers is a container that houses categories of handler lists.
IPConfiguration specifies an IP, a gateway and DNS Nameservers that should be configured automatically within the VM upon boot.
JailerCommandBuilder will build a jailer command.
JailerConfig is jailer specific configuration needed to execute the jailer.
Machine is the main object for manipulating Firecracker microVMs.
NaiveChrootStrategy will simply hard link all files, drives and kernel image, to the root drive.
NetworkInterface represents a Firecracker microVM's network interface.
RateLimiterSet represents a pair of RateLimiters (inbound and outbound).
SeccompConfig contains seccomp settings for firecracker vmm.
No description provided by the author
StaticNetworkConfiguration allows a network interface to be defined via static parameters (as contrasted with parameters autogenerated from CNI).
TokenBucketBuilder is a builder that allows of building components of the models.RateLimiter structure.
VMCommandBuilder is a utility for building an exec.Cmd that represents how to start the Firecracker VMM.
VsockDevice represents a vsock connection between the host and the guest microVM.

# Interfaces

HandlersAdapter is an interface used to modify a given set of handlers.
MachineIface can be used for mocking and testing of the Machine.

# Type aliases

No description provided by the author
ClientOpt is a functional option used to modify the client after construction.
CreateSnapshotOpt is a functional option to be used for the CreateSnapshot API in setting any additional optional fields.
CreateSyncActionOpt is a functional option to be used for the CreateSyncAction API in setting any additional optional fields.
DescribeInstanceOpt is a functional option to be used for the DescribeInstance API for any additional optional fields.
DriveOpt represents an optional function used to allow for specific customization of the models.Drive structure.
No description provided by the author
GetFirecrackerVersionOpt is a functional option to be used for the GetFirecrackerVersion API in setting any additional optional fields.
GetMachineConfigurationOpt is a functional option to be used for the GetMachineConfiguration API in setting any additional optional fields.
GetMmdsOpt is a functional option to be used for the GetMmds API in setting any additional optional fields.
LoadSnapshotOpt is a functional option to be used for the LoadSnapshot API in setting any additional optional fields.
No description provided by the author
NetworkInterfaces is a slice of NetworkInterface objects that a VM will be configured to use.
Opt represents a functional option to help modify functionality of a Machine.
PatchBalloonOpt is a functional option to be used for the PatchBalloon API in setting any additional optional fields.
PatchBalloonStatsIntervalOpt is a functional option to be used for the PatchBalloonStatsInterval API in setting any additional optional fields.
PatchGuestDriveByIDOpt is a functional option to be used for the PutMmds API in setting any additional optional fields.
PatchGuestNetworkInterfaceByIDOpt is a functional option to be used for the PatchGuestNetworkInterfaceByID API in setting any additional optional fields.
PatchMmdsOpt is a functional option to be used for the GetMmds API in setting any additional optional fields.
PatchVMOpt is a functional option to be used for the PatchVM API in setting any additional optional fields.
PutBalloonOpt is a functional option to be used for the PutBalloon API in setting any additional optional fields.
PutGuestBootSourceOpt is a functional option to be used for the PutGuestBootSource API in setting any additional optional fields.
PutGuestDriveByIDOpt is a functional option to be used for the PutGuestDriveByID API in setting any additional optional fields.
PutGuestNetworkInterfaceByIDOpt is a functional option to be used for the PutGuestNetworkInterfaceByID API in setting any additional optional fields.
PutGuestVsockOpt is a functional option to be used for the PutGuestVsock API in setting any additional optional fields.
PutLoggerOpt is a functional option to be used for the PutLogger API in setting any additional optional fields.
PutMachineConfigurationOpt is a functional option to be used for the PutMachineConfiguration API in setting any additional optional fields.
PutMetricsOpt is a functional option to be used for the PutMetrics API in setting any additional optional fields.
PutMmdsOpt is a functional option to be used for the PutMmds API in setting any additional optional fields.
RateLimiterOpt represents a functional option for rate limiting construction.
WithSnapshotOpt allows configuration of the snapshot config to be passed to LoadSnapshot.