This repository has been archived by the owner on Jan 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
run_microvm.sh
executable file
·139 lines (120 loc) · 3.15 KB
/
run_microvm.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/bash
script=$(basename $0)
command_usage () {
echo "Usage:"
echo "${script} start <distro-name> | <vmlinuz.bin> <rootfs.ext4>"
echo "${script} stop"
echo "${script} config"
echo "${script} status"
echo
echo "Available distros:"
echo " - debian"
echo " - alpine"
}
_start () {
# command parameters
kernel=$1
rootfs=$2
echo "Giving read/write access to KVM to ${USER}"
sudo setfacl -m u:${USER}:rw /dev/kvm
if [ -z $1 ]
then
command_usage
exit -1
elif [ -n $1 ] && [ -z $2 ]
then
case $1 in
debian)
kernel=images/debian-vmlinuz.bin
rootfs=images/debian.ext4
;;
alpine)
kernel=images/alpine-vmlinuz.bin
rootfs=images/alpine.ext4
;;
*)
esac
fi
echo "Booting kernel: $kernel"
echo "Image: $rootfs"
if [ -r /dev/kvm ] && [ -w /dev/kvm ]
then
echo "Create TAP device"
sudo ip tuntap add tap0 mode tap
echo "Save MAC address of the TAP device"
tap0_address=`cat /sys/class/net/tap0/address`
echo "TAP MAC address: $tap0_address"
echo "Set IP address on TAP device and set mode to UP"
sudo ip addr add 172.16.0.1/24 dev tap0
sudo ip link set tap0 up
echo "Save IP forwarding and enable it"
sudo cat /proc/sys/net/ipv4/ip_forward > ./.ip_forward.old
sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'
echo "Find default network interface with internet access"
inet_iface=$(sudo ip route | grep default | awk '{print $5}')
echo "Internet-facing interface: $inet_iface"
echo "Enable routing from/to MicroVM"
sudo iptables -t nat -A POSTROUTING -o $inet_iface -j MASQUERADE
sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i tap0 -o $inet_iface -j ACCEPT
echo "Run MicroVM"
sudo ./firectl \
--firecracker-binary=./firecracker \
--kernel=$kernel \
--root-drive=$rootfs \
--cpu-template=T2 \
--firecracker-log=./.firecracker-vmm.log \
--kernel-opts="console=ttyS0 noapic reboot=k panic=1 pci=off nomodules ro" \
-c 2 \
-m 512 \
--tap-device=tap0/$tap0_address \
--socket-path=./firecracker.socket
fi
}
_stop () {
echo "Kill firecracker"
sudo killall firecracker >/dev/null 2>&1
echo "Stop and remove TAP device"
sudo ip link set tap0 down >/dev/null 2>&1
sudo ip link del tap0 >/dev/null 2>&1
echo "Find default network interface with internet access"
inet_iface=$(sudo ip route | grep default | awk '{print $5}')
echo "Internet-facing interface: $inet_iface"
echo "Disable routing from/to MicroVM"
sudo iptables -t nat -D POSTROUTING -o $inet_iface -j MASQUERADE
sudo iptables -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -D FORWARD -i tap0 -o $inet_iface -j ACCEPT
if [ -f ./.iptables.rules.old ]; then
sudo iptables-restore < ./.iptables.rules.old
fi
}
_status () {
echo "Status:"
sudo curl --unix-socket firecracker.socket http://localhost/
}
_config () {
echo "Machine config:"
sudo curl --unix-socket firecracker.socket http://localhost/machine-config
}
if [ -z $1 ]
then
command_usage
exit -1
elif [ -n $1 ]
then
case $1 in
start)
_start $2 $3
;;
stop)
_stop
;;
config)
_config
;;
status)
_status
;;
*)
esac
fi