go/firecracker-netns
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feature: script to build my own kernel and rootf

Browse Source
This commit is contained in:
RouxAntoine 2024-01-05 14:01:20 +01:00
parent 99ca371839
commit 26107fca27
Signed by: antoine
GPG Key ID: 098FB66FC0475E70
8 changed files with 300 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -1,4 +1,4 @@
.PHONY: build run ci get-alpine-rootfs .PHONY: build run ci
.EXPORT_ALL_VARIABLES: .EXPORT_ALL_VARIABLES:
GOARCH=amd64 GOARCH=amd64
@ -11,7 +11,7 @@ GOBUILDFLAGS=-tags dev
EXEC=out/main EXEC=out/main
build: out/alpine-minirootfs-3.19.0-x86_64.tar.gz $(EXEC) build: $(EXEC)
run: $(EXEC) run: $(EXEC)
@chmod +x $(EXEC) @chmod +x $(EXEC)
@ -20,8 +20,6 @@ run: $(EXEC)
ci: ci:
golangci-lint run --fix golangci-lint run --fix
get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz
publish: publish:
scp $(EXEC) sf314:~/firecracker/ scp $(EXEC) sf314:~/firecracker/
@ -32,6 +30,3 @@ dependencies:
$(EXEC): cmd/main.go dependencies $(EXEC): cmd/main.go dependencies
@echo "build for os $$GOOS and arch $$GOARCH" @echo "build for os $$GOOS and arch $$GOARCH"
go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $< go build -o $@ -ldflags="$(LDFLAGS)" $(GOBUILDFLAGS) $<
out/alpine-minirootfs-3.19.0-x86_64.tar.gz:
wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz

22
cmd/main.go
View File

@ -109,6 +109,12 @@ func setupEnv() int {
StaticConfiguration: &firecracker.StaticNetworkConfiguration{ StaticConfiguration: &firecracker.StaticNetworkConfiguration{
MacAddress: "06:00:AC:10:00:02", MacAddress: "06:00:AC:10:00:02",
HostDevName: tap.Link.Attrs().Name, HostDevName: tap.Link.Attrs().Name,
/* IPConfiguration: &firecracker.IPConfiguration{
IPAddr: tapNetwork,
Gateway: firstIpTapNetwork,
Nameservers: []string{"1.1.1.1"},
IfName: "net1",
},*/
}, },
}, },
}, },
@ -125,6 +131,9 @@ func setupEnv() int {
firecracker.VMCommandBuilder{}. firecracker.VMCommandBuilder{}.
WithBin("firecracker"). WithBin("firecracker").
WithSocketPath("/tmp/firecracker.socket"). WithSocketPath("/tmp/firecracker.socket").
//WithStdin(os.Stdin).
//WithStdout(os.Stdout).
//WithStderr(os.Stderr).
Build(ctx), Build(ctx),
), ),
firecracker.WithLogger(logrus.NewEntry(log)), firecracker.WithLogger(logrus.NewEntry(log)),
@ -149,6 +158,19 @@ func setupEnv() int {
return 1 return 1
} }
/* cmd := exec.Command("/bin/sh")
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Env = []string{"PS1=-[ns-process]- # "}
if err := cmd.Run(); err != nil {
fmt.Printf("Error running the /bin/sh command - %s\n", err)
os.Exit(1)
}*/
return 0 return 0
} }

6
rootf-kernel/Makefile Normal file
View File

@ -0,0 +1,6 @@
.PHONY: get-alpine-rootfs
get-alpine-rootfs: out/alpine-minirootfs-3.19.0-x86_64.tar.gz
out/alpine-minirootfs-3.19.0-x86_64.tar.gz:
wget -O $@ https://dl-cdn.alpinelinux.org/alpine/v3.19/releases/x86_64/alpine-minirootfs-3.19.0-x86_64.tar.gz

2
rootf-kernel/kernel-config/fs.config Normal file
View File

@ -0,0 +1,2 @@
CONFIG_EXT4_FS=y
CONFIG_OVERLAY_FS=y

158
rootf-kernel/kernel-config/net.config Normal file
View File

@ -0,0 +1,158 @@
CONFIG_VETH=y
CONFIG_BRIDGE=y
CONFIG_VXLAN=y
CONFIG_IP_SET=y
CONFIG_IP_SET_BITMAP_IP=y
CONFIG_IP_SET_BITMAP_IPMAC=y
CONFIG_IP_SET_BITMAP_PORT=y
CONFIG_IP_SET_HASH_IP=y
CONFIG_IP_SET_HASH_IPMARK=y
CONFIG_IP_SET_HASH_IPPORT=y
CONFIG_IP_SET_HASH_IPPORTIP=y
CONFIG_IP_SET_HASH_IPPORTNET=y
CONFIG_IP_SET_HASH_IPMAC=y
CONFIG_IP_SET_HASH_MAC=y
CONFIG_IP_SET_HASH_NETPORTNET=y
CONFIG_IP_SET_HASH_NET=y
CONFIG_IP_SET_HASH_NETNET=y
CONFIG_IP_SET_HASH_NETPORT=y
CONFIG_IP_SET_HASH_NETIFACE=y
CONFIG_IP_SET_LIST_SET=y
CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_NETFILTER_INGRESS=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_FAMILY_BRIDGE=y
CONFIG_NETFILTER_FAMILY_ARP=y
CONFIG_NETFILTER_NETLINK_ACCT=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_NETLINK_OSF=y
CONFIG_NETFILTER_CONNCOUNT=y
CONFIG_NETFILTER_NETLINK_GLUE_CT=y
CONFIG_NETFILTER_SYNPROXY=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_NETFILTER_XT_CONNMARK=y
CONFIG_NETFILTER_XT_SET=y
CONFIG_NETFILTER_XT_TARGET_AUDIT=y
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
CONFIG_NETFILTER_XT_TARGET_CT=y
CONFIG_NETFILTER_XT_TARGET_DSCP=y
CONFIG_NETFILTER_XT_TARGET_HL=y
CONFIG_NETFILTER_XT_TARGET_HMARK=y
CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
CONFIG_NETFILTER_XT_TARGET_LED=y
CONFIG_NETFILTER_XT_TARGET_LOG=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_NAT=y
CONFIG_NETFILTER_XT_TARGET_NETMAP=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y
CONFIG_NETFILTER_XT_TARGET_NOTRACK=y
CONFIG_NETFILTER_XT_TARGET_RATEEST=y
CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
CONFIG_NETFILTER_XT_TARGET_TEE=y
CONFIG_NETFILTER_XT_TARGET_TPROXY=y
CONFIG_NETFILTER_XT_TARGET_TRACE=y
CONFIG_NETFILTER_XT_TARGET_SECMARK=y
CONFIG_NETFILTER_XT_TARGET_TCPMSS=y
CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y
CONFIG_NETFILTER_XT_MATCH_BPF=y
CONFIG_NETFILTER_XT_MATCH_CGROUP=y
CONFIG_NETFILTER_XT_MATCH_CLUSTER=y
CONFIG_NETFILTER_XT_MATCH_COMMENT=y
CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_CPU=y
CONFIG_NETFILTER_XT_MATCH_DCCP=y
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y
CONFIG_NETFILTER_XT_MATCH_DSCP=y
CONFIG_NETFILTER_XT_MATCH_ECN=y
CONFIG_NETFILTER_XT_MATCH_ESP=y
CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y
CONFIG_NETFILTER_XT_MATCH_HELPER=y
CONFIG_NETFILTER_XT_MATCH_HL=y
CONFIG_NETFILTER_XT_MATCH_IPCOMP=y
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
CONFIG_NETFILTER_XT_MATCH_IPVS=y
CONFIG_NETFILTER_XT_MATCH_L2TP=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_NFACCT=y
CONFIG_NETFILTER_XT_MATCH_OSF=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_NETFILTER_XT_MATCH_POLICY=y
CONFIG_NETFILTER_XT_MATCH_PHYSDEV=y
CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y
CONFIG_NETFILTER_XT_MATCH_QUOTA=y
CONFIG_NETFILTER_XT_MATCH_RATEEST=y
CONFIG_NETFILTER_XT_MATCH_REALM=y
CONFIG_NETFILTER_XT_MATCH_RECENT=y
CONFIG_NETFILTER_XT_MATCH_SCTP=y
CONFIG_NETFILTER_XT_MATCH_SOCKET=y
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NETFILTER_XT_MATCH_STATISTIC=y
CONFIG_NETFILTER_XT_MATCH_STRING=y
CONFIG_NETFILTER_XT_MATCH_TCPMSS=y
CONFIG_NETFILTER_XT_MATCH_TIME=y
CONFIG_NETFILTER_XT_MATCH_U32=y
CONFIG_NF_NAT=y
CONFIG_NF_NAT_NEEDED=y
CONFIG_NF_TABLES=y
CONFIG_NF_TABLES_SET=y
CONFIG_NF_TABLES_INET=y
CONFIG_NF_TABLES_NETDEV=y
CONFIG_NF_DUP_NETDEV=y
CONFIG_NF_FLOW_TABLE_INET=y
CONFIG_NF_FLOW_TABLE=y
CONFIG_NF_DEFRAG_IPV4=y
CONFIG_NF_TABLES_IPV4=y
CONFIG_NF_TABLES_ARP=y
CONFIG_NF_FLOW_TABLE_IPV4=y
CONFIG_NF_DUP_IPV4=y
CONFIG_NF_REJECT_IPV4=y
CONFIG_NF_NAT_IPV4=y
CONFIG_NF_NAT_MASQUERADE_IPV4=y
CONFIG_NF_TABLES_BRIDGE=y
CONFIG_NF_CONNTRACK=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_RPFILTER=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_SYNPROXY=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_CLUSTERIP=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_SECURITY=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_NFT_BRIDGE_REJECT=y
CONFIG_BRIDGE_NETFILTER=y

16
rootf-kernel/kernel-config/virtio.config Normal file
View File

@ -0,0 +1,16 @@
CONFIG_BLK_MQ_VIRTIO=y
CONFIG_VIRTIO_BLK=y
CONFIG_VIRTIO_BLK_SCSI=y
CONFIG_SCSI_VIRTIO=y
CONFIG_VIRTIO_NET=y
CONFIG_VIRTIO_CONSOLE=y
CONFIG_HW_RANDOM_VIRTIO=y
CONFIG_VIRTIO=y
CONFIG_VIRTIO_MENU=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_PCI_LEGACY=y
CONFIG_VIRTIO_BALLOON=y
CONFIG_VIRTIO_INPUT=y
CONFIG_VIRTIO_MMIO=y
CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y
CONFIG_CRYPTO_DEV_VIRTIO=y

47
rootf-kernel/kernel.sh Normal file
View File

@ -0,0 +1,47 @@
#!/usr/bin/env bash
# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-kernel.sh
KERNEL_VERSION=5.11.2
mkdir -p build
cd build
## Install build tools
# pacman -Syu base-devel bc pahole --ignore linux-firmware
## Get kernel source
curl -o linux.tar.xz "https://mirrors.tuna.tsinghua.edu.cn/kernel/v5.x/linux-$KERNEL_VERSION.tar.xz"
tar xf linux.tar.xz
cd linux-$KERNEL_VERSION/
## Get Archlinux kernel config
curl -o .config https://git.archlinux.org/svntogit/packages.git/plain/trunk/config?h=packages/linux
## Disable modules
sed 's/\(.*\)=m/#\1 is not set/g' -i .config
sed 's/\(.*\)MOUSE\(.*\)=y/\1MOUSE\2=n/g' -i .config
sed 's/\(.*\)USB\(.*\)=y/\1USB\2=n/g' -i .config
sed 's/\(.*\)TOUCHSCREEN\(.*\)=y/\1TOUCHSCREEN\2=n/g' -i .config
sed 's/\(.*\)HID\(.*\)=y/\1HID\2=n/g' -i .config
sed 's/\(.*\)GPU\(.*\)=y/\1GPU\2=n/g' -i .config
sed 's/\(.*\)GPIO\(.*\)=y/\1GPIO\2=n/g' -i .config
sed 's/\(.*\)NVDIMM\(.*\)=y/\1NVDIMM\2=n/g' -i .config
sed 's/\(.*\)MFD\(.*\)=y/\1MFD\2=n/g' -i .config
sed 's/\(.*\)XEN\(.*\)=y/\1XEN\2=n/g' -i .config
sed 's/\(.*\)VIDEO\(.*\)=y/\1VIDEO\2=n/g' -i .config
# sed 's/\(.*\)PCI\(.*\)=y/\1PCI\2=n/g' -i .config
sed 's/\(.*\)WLAN\(.*\)=y/\1WLAN\2=n/g' -i .config
sed 's/\(.*\)DRM\(.*\)=y/\1DRM\2=n/g' -i .config
cat ../../config/virtio.config >> .config
cat ../../config/fs.config >> .config
cat ../../config/net.config >> .config
## Add KVM guest support
make kvm_guest.config
make -j$(nproc)
./scripts/extract-vmlinux ./arch/x86_64/boot/bzImage > ../../output/arch-vmlinux.bin

47
rootf-kernel/rootfs.sh Normal file
View File

@ -0,0 +1,47 @@
#!/usr/bin/env bash
# inspired by https://github.com/oraoto/archlinux-firecracker/blob/master/scripts/build-arch-rootfs.sh
DISK_SIZE=4G
DISK_FILE=../output/arch-rootfs.ext4
DISK_ROOT=../output/mount
cd $(dirname "${BASH_SOURCE[0]}")
# Allocate rootfs disk
fallocate -l 4G $DISK_FILE
mkfs.ext4 $DISK_FILE
# Mount rootfs to mount
mkdir -p $DISK_ROOT
sudo mount $DISK_FILE $DISK_ROOT
yes y | sudo pacstrap -i -c $DISK_ROOT bash filesystem systemd-sysvcompat pacman iproute2
echo "nameserver 1.1.1.1" | sudo tee $DISK_ROOT/etc/resolv.conf
sudo tee $DISK_ROOT/etc/systemd/system/firecracker-network.service <<-'EOF'
[Unit]
Description=Firecracker Network
[Service]
Type=oneshot
ExecStart=ip link set eth0 up
ExecStart=ip addr add 172.16.0.2/24 dev eth0
ExecStart=ip route add default via 172.16.0.1 dev eth0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
sudo ln -s /etc/systemd/system/firecracker-network.service $DISK_ROOT/etc/systemd/system/multi-user.target.wants/
# Remove default (locked) root password
# See https://github.com/archlinux/svntogit-packages/commit/0320c909f3867d47576083e853543bab1705185b
sudo sed 's/^root:.*/root::14871::::::/' -i $DISK_ROOT/etc/shadow
sudo umount $DISK_ROOT
rmdir $DISK_ROOT