Tutorial: Getting Started with Firecracker on VMware Fusion

This is the second part of the Firecracker article published last week. Having covered the basic architecture, I will walk you through the steps involved in setting up and configuring Firecracker on your local development machine.
The simplest way to explore Firecracker is to install it in an Ubuntu VM running on top of VMware Fusion. The first step is to configure VMware Fusion for Nested Virtualization.
Setting up an Ubuntu 16.04 VM with Nested Virtualization
Download and install VMware Fusion for Mac or Windows trial from VMware website. If you need a pre-configured Ubuntu 16.04 image, grab the VMDK from OSBoxes.org.
After installing Fusion, import the VMDK and create a new VM but don’t launch it yet. Access the settings to enable Intel-VTx support available under Processors and Memory configuration.
Since Firecracker needs KVM, we need to emulate hypervisor for the VM. The above configuration enables nested virtualization to run KVM on top of Fusion.
Start the Ubuntu VM and login with the username and password – osboxes andosboxes.org. Install VMware Tools, and optionally OpenSSH Server.
Install CPU Checker to ensure KVM is ready for use.
1 |
$ sudo apt-get install cpu-checker |
In less than 10 minutes, we have the testbed ready to experiment with Firecracker.
Note: Firecracker should work with VirtualBox and Hyper-V with the nested virtualization setting enabled. I have not tested those environments yet.
Installing and Verifying Firecracker VMM
Firecracker requires read/write access to KVM. Run the below command to enable it:
1 |
$ sudo setfacl -m u:${USER}:rw /dev/kvm |
The script below will verify that the system is ready for Firecracker.
1 2 3 4 5 6 7 8 9 10 |
err=""; \ [ "$(uname) $(uname -m)" = "Linux x86_64" ] \ || err="ERROR: your system is not Linux x86_64."; \ [ -r /dev/kvm ] && [ -w /dev/kvm ] \ || err="$err\nERROR: /dev/kvm is innaccessible."; \ (( $(uname -r | cut -d. -f1)*1000 + $(uname -r | cut -d. -f2) >= 4014 )) \ || err="$err\nERROR: your kernel version ($(uname -r)) is too old."; \ dmesg | grep -i "hypervisor detected" \ && echo "WARNING: you are running in a virtual machine. Firecracker is not well tested under nested virtualization."; \ [ -z "$err" ] && echo "Your system looks ready for Firecracker!" || echo -e "$err" |
Let’s download the Firecracker binary.
1 |
$ curl -LOJ https://github.com/firecracker-microvm/firecracker/releases/download/v0.11.0/firecracker-v0.11.0 |
1 |
$ mv firecracker-v0.11.0 firecracker |
1 |
$ chmod +x ./firecracker |
1 |
$ sudo mv ./firecracker /usr/local/bin/ |
Check the version of Firecracker to verify the installation.
1 |
$ firecracker --version |
Launching and Accessing Your First Firecracker VM
Open a new terminal and launch Firecracker. Before that, let’s make sure Firecracker can create its API socket.
1 2 |
$ rm -f /tmp/firecracker.socket $ firecracker --api-sock /tmp/firecracker.socket |
Firecracker is now ready to serve the API.
In the second terminal, run the below commands to download the kernel and rootfs from an S3 bucket.
1 2 3 |
$ curl -fsSL -o hello-vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/hello/kernel/hello-vmlinux.bin $ curl -fsSL -o hello-rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/hello/fsfiles/hello-rootfs.ext4 |
Start the guest kernel by passing the image and path and boot arguments
1 2 3 4 5 6 7 8 |
$ curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/boot-source' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "kernel_image_path": "./hello-vmlinux.bin", "boot_args": "console=ttyS0 reboot=k panic=1 pci=off" }' |
Set the guest filesystem by pointing it to the ext4 file that we downloaded.
1 2 3 4 5 6 7 8 9 10 |
$ curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/drives/rootfs' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "drive_id": "rootfs", "path_on_host": "./hello-rootfs.ext4", "is_root_device": true, "is_read_only": false }' |
We also need to configure the VM through the number of vCPUs and RAM.
1 2 3 4 5 6 7 8 |
$ curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/machine-config' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "vcpu_count": 1, "mem_size_mib": 512 }' |
Finally, let’s start the VM.
1 2 3 4 5 6 7 |
$ curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/actions' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d '{ "action_type": "InstanceStart" }' |
You should see the login prompt in the first terminal window where we started the socket. Login with user root and password root.
Congratulations! You just launched your first Firecracker VM.
Let’s play with the API to explore the machine configuration.
1 2 3 4 5 6 7 |
$ curl -s --unix-socket /tmp/firecracker.socket \ -X GET 'http://localhost/machine-config' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' |
It’s interesting to see that the Firecracker VM is just a process with an assigned PID.
Type reboot within the Firecracker VM to halt it.
You can easily launch multiple Firecracker VMs with a simple loop.
1 2 3 4 5 6 7 |
$ for ((i=0; i<100; i++)); do rm -f /tmp/firecracker-$i.socket firecracker --api-sock /tmp/firecracker-$i.socket & done |
Each VM runs in a separate process with a dedicated socket.
Next Steps
While it’s certainly fun to see Firecracker running locally, I couldn’t get past the basic steps of launching and terminating VMs. My goal is to attach a virtual NIC to a VM, and run a basic web server.
Firecracker VMs support EC2-style metadata which can be set and queried from an external API client. I am also trying to get that working.
Firecracker’s integration with containerd is in pipeline. As soon as that becomes stable, Kubernetes can control the lifecycle of Firecracker VMs. I am eagerly waiting for that to happen.
As I discover new capabilities and use cases, I will share the findings with you. Stay tuned.