Closed raduweiss closed 2 years ago
xref: https://github.com/firecracker-microvm/firecracker/issues/208 it'd be nice to see initrd support in the roadmap
I would like to see a mechanism to capture traffic between the VM and the link-local address and route it over a secure channel to something running on the host. See issue #833 for context.
@luxas, @rgooch, thanks for the suggestions, we've noted them down. We'll be discussing these and, then post back here.
Also, we'll keep this issue open until the end of the month. If there are proposals that can be better clarified verbally, we may also set up a conference call in the last week of June.
Something else I'd like to see is the ability to freeze and save a VM (including RAM and CPU state) to persistent storage (with a specified encryption key) and later restore the VM so that all processes within the VM resume where they left off. This would allow rebooting the Hypervisor without having to restart the VMs.
There might be good ways to do this already (pardon me if I missed it), but an easy way to monitor the guest VM's CPU/memory/disk utilization would be really nice for instrumentation tooling integrations (like Prometheus).
@luxas for CPU and Memory, you should be able to do that via the cgroups that the jailer creates. For disk I guess it depends on what kind of backing file and guest file system you use, but there should be tools that tell you that either way.
Everyone, thank you for your suggestions. We're working through the triage, and will update this post once we're done (we think it's going to take about 10 more days).
There might be good ways to do this already (pardon me if I missed it), but an easy way to monitor the guest VM's CPU/memory/disk utilization would be really nice for instrumentation tooling integrations (like Prometheus).
@luxas Virtual Machine Monitors do not typically track memory usage or disk usage. This is because the VMM does not understand disk formats and memory is completely managed by the operating system running inside the VM, and not visibile to the VMM. The way to typically gather that data is to run something like collectd inside the virtual machine itself.
@luxas for memory utilization we have a metric called dirty_pages. This is computed using KVM_GET_DIRTY_LOG
.
Cool, thank you everyone for the responses and clarifications :smile:
Also add https://github.com/firecracker-microvm/firecracker/issues/1180 to the roadmap?
Hi everyone!
It's time to conclude on this Roadmap RFC :), we've taken in all the suggestions, discussed them, prioritized them, in some cases asked you for feedback directly, and in some cases created prototypes to see how things would work out. Thank you for all the ideas/contributions!
There's now a GitHub project called "Roadmap" in this repository to keep track of the features status, from Researching
, all the way to Shipped
.
I'm also reproducing the outcome below. But before that, we also want to say that this is in no way a closed roadmap. We will always be open to discuss new ideas, and to expand our roadmap with features that add value for serverless-type function and container use-cases.
Below is the current snapshot of the Roadmap project. Each section starts with a description of what that section means.
Feature requests/ideas that users have asked for or that we think users will like, and that fit Firecracker’s charter, but that we haven’t nailed down the design for:
We want these in Firecracker, but it’s not something that the maintainer team expects to get around to in the next year or so (contributions are of course also welcome for all other feature requests):
We want these in Firecracker, and it’s something that the maintainer team expects to get around to in the next year or so.
[TODO]
: List specific improvements we target for 2019. Related issues: #973.[TODO]
: List specific crates we plan to use in 2019/2020.Work towards these features is in progress:
You can test this feature out, but don’t use it in production. Feedback very much welcomed!
Fit for production usage.
This is the time of the year when we plan for 2020, and we're eager to take in proposals from everyone in the open source community. So tell us what you want to see in Firecracker by adding your ideas, asks, and use cases to this issue. We've already given the existing feature requests some thought, but we'll be happy if you come up with more! While we encourage everyone to think big, we will ensure that the resulting roadmap aligns with our mission of enabling secure, multi-tenant, minimal-overhead execution of container and function workloads.
Below is a starting (unsorted) list of items that we're likely to work on. We're keen on hearing your feedback on all of the items below. Let's also add to it!
Roadmap Proposals/Ideas
[TBD]
; however, GPU pass-through conflicts with Firecracker microVM memory overcommitment.musl
andglibc
issue system calls this is a very brittle and labor-intensive process. Solution:[TBD]
; we’d like to move beyond a hand crafted syscall whitelist towards automated generation of "to manually review" syscall differences between releases, and potentially a "blacklist" set of known exploitable syscalls, that we never whitelist.[TBD]
. Ideas so far include reproducible builds and snap packages. Related Issues: #1075.[TBD]
.stdin
, or command line argument (before microVM boot). Related Issues: #923.Collected Feature Request Issues
We'll update al of these once we triage the roadmap, but for clarity, these are the issues that feature request issues we found and discussed:
208 Discussion about adding support for
initrd_path
752 RISC-V support
813 Proposal: Use Docker CE as jailer
833 MMDS: Support callout mechanism for some/all paths
886 Create RW disk snapshots of running Firecracker microVMs
923 Passing configuration as file instead of using API calls
973 PR status checks hard to interpret
998 Add support for customized CPU models
1035 Support Checkpoint/Restore in Firecracker
1075 Snap Package Support