Closed raduweiss closed 4 years ago
With this feature, can the firecracker work with overlay-fs just like docker?
We don't know yet. The next step here will be to research the existing options and their trade-offs.
Basically, everything int he Researching
part of the roadmap has a "feature is desirable but design & plans TBD" status.
I think support kubernetes PV block is better...
VirioFS has been merged into mainline. I think support this driver would solve the sharing problem
Closing this for now as it doesn't look like a path we need to take Firecracker on. More detailed our line of reasoning reasoning in #1351 . @zmlcc thanks for the work on that PR, it eventually caused to to consider this carefully and reach a decision here.
I used configuration:
root@n192-191-015:~/opt/kata/share/defaults/kata-containers# cat /etc/kata-containers/configuration.toml
[hypervisor.firecracker]
path = "/root/opt/kata/bin/firecracker"
kernel = "/usr/share/kata-containers/vmlinux.container"
image = "/root/opt/kata/share/kata-containers/kata-containers.img"
rootfs_type="ext4"
enable_annotations = ["enable_iommu"]
valid_hypervisor_paths = ["/root/opt/kata/bin/firecracker"]
jailer_path = "/root/opt/kata/bin/jailer"
valid_jailer_paths = ["/root/opt/kata/bin/jailer"]
kernel_params = ""
default_vcpus = 1
default_bridges = 1
default_memory = 2048
default_maxmemory = 0
disable_block_device_use = false
shared_fs = "virtio-fs"
virtio_fs_daemon = "/root/opt/kata/libexec/virtiofsd"
valid_virtio_fs_daemon_paths = ["/root/opt/kata/libexec/virtiofsd"]
virtio_fs_cache_size = 0
virtio_fs_queue_size = 1024
virtio_fs_extra_args = ["--thread-pool-size=1", "-o", "announce_submounts"]
virtio_fs_cache = "auto"
block_device_driver = "virtio-scsi"
block_device_aio = "io_uring"
enable_iothreads = false
enable_vhost_user_store = false
vhost_user_store_path = "/var/run/kata-containers/vhost-user"
valid_vhost_user_store_paths = ["/var/run/kata-containers/vhost-user"]
vhost_user_reconnect_timeout_sec = 0
valid_file_mem_backends = [""]
pflashes = []
valid_entropy_sources = ["/dev/urandom","/dev/random",""]
disable_selinux=false
disable_guest_selinux=true
[factory]
[agent.kata]
kernel_modules=[]
[runtime]
internetworking_model="tcfilter"
disable_guest_seccomp=true
sandbox_cgroup_only=false
static_sandbox_resource_mgmt=true
disable_guest_empty_dir=false
experimental=[]
and got
root@n192-191-015:~/opt/kata/share/defaults/kata-containers# sudo ctr run --snapshotter devmapper --runtime io.containerd.run.kata-fc.v2 -t --rm docker.io/library/ubuntu:latest test
ctr: failed to create shim task: Timeout after 3s waiting for uevent ScsiBlockMatcher { search: "/0:0:0:0/block/" }: unknown
hi @wenhuizhang
Firstly, The configuration you posted seems to contain some virtio-fs
setup. Firecracker does not have support for that.
Secondly, the replication steps posted are specific to kata-container
setup and we, as the Firecracker maintainers, are not able to provide the proper expertise to help with that.
Thanks!
Firstly, The configuration you posted seems to contain some
virtio-fs
setup. Firecracker does not have support for that.
Is virtio-fs going to be supported?
Hello @alexandru0-dev
virtio-fs support is not currently on our roadmap as we answered on this comment. If you have specific use case requiring virtio-fs, feel free to share it with us.
Thanks!
@zulinx86 virtiofs would allow high performance for a shared filesystem with the host for when the host or multiple VMs. I agree on the decision to not add support to 9p.
Also rust-vmm should now support virtio-fs if I'm not mistaken.
I would be happy to discuss the topic.
As an alternative, https://github.com/cloud-hypervisor/cloud-hypervisor is a rust-vmm-based lightweight hypervisor that has virtio-fs support.
@paulbaumgart yeah in fact I was using that one for now but I was also interested in this project
This feature is in high demand, and we formerly rejected the p9-based implementation for security concerns. With the advent of things like virtio-fs and other ideas of how to achieve this functionality, we will need to research our options and revisit the threat model impact.
Related issues: #889