# Worker plane ## Worker manager TODO ## Manual fc vm installation Add the firecracker binary to your system. Download a vmlinux* that has the virtio etc installed in itself and not as modules. For example, AWS seems to have one readymade, from the firecracker docs: ``` ARCH="$(uname -m)" release_url="https://github.com/firecracker-microvm/firecracker/releases" latest_version=$(basename $(curl -fsSLI -o /dev/null -w %{url_effective} ${release_url}/latest)) CI_VERSION=${latest_version%.*} latest_kernel_key=$(curl "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/$CI_VERSION/$ARCH/vmlinux-&list-type=2" \ | grep -oP "(?<=)(firecracker-ci/$CI_VERSION/$ARCH/vmlinux-[0-9]+\.[0-9]+\.[0-9]{1,3})(?=)" \ | sort -V | tail -1) # Download a linux kernel binary wget "https://s3.amazonaws.com/spec.ccfc.min/${latest_kernel_key}" ``` Add the following network rules to your system (not necessary at this stage of the project but good to have) ``` TAP_DEV="tap0" TAP_IP="172.16.0.1" MASK_SHORT="/30" HOST_IFACE=$(ip -j route list default | jq -r '.[0].dev') # Setup network interface on the host sudo ip link del "$TAP_DEV" 2> /dev/null || true sudo ip tuntap add dev "$TAP_DEV" mode tap sudo ip addr add "${TAP_IP}${MASK_SHORT}" dev "$TAP_DEV" sudo ip link set dev "$TAP_DEV" up # Enable IP forwarding and masquerading sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" sudo iptables -P FORWARD ACCEPT sudo iptables -t nat -A POSTROUTING -o "$HOST_IFACE" -j MASQUERADE ``` Allow execution (chmod +x) on the create_alpine_rootfs.sh, then run it. Download the firecracker binary ``` ARCH="$(uname -m)" release_url="https://github.com/firecracker-microvm/firecracker/releases" latest=$(basename $(curl -fsSLI -o /dev/null -w %{url_effective} ${release_url}/latest)) curl -L ${release_url}/download/${latest}/firecracker-${latest}-${ARCH}.tgz \ | tar -xz mv release-${latest}-$(uname -m)/firecracker-${latest}-${ARCH} firecracker ``` or compile it from source. `touch firecracker.log` Finally, to run the image: `sudo rm -f /tmp/firecracker.socket && sudo ./firecracker --api-sock /tmp/firecracker.socket --config-file firecracker-config.json` The username and password is root and root. Change that in the create_alpine_rootfs.sh file if you want. To exit the tty you'll have to `shutdown` or `reboot`. If you want to wire up the networking, complete the guest side of the host networking that we added on the host earlier: ``` ip addr add 172.16.0.2/30 dev eth0 ip link set eth0 up ip route add default via 172.16.0.1 dev eth0 echo "nameserver 8.8.8.8" > /etc/resolv.conf ``` ### TODO: prod machines that dynamically assign internal IPs on rootfs creation time Add to /etc/network/interfaces ``` auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 172.16.0.2 netmask 255.255.255.252 gateway 172.16.0.1 ``` and at startup ``` rc-update add networking boot rc-service networking start ``` Hmm.. also should do something for ipv6 too.