[{"data":1,"prerenderedAt":1128},["ShallowReactive",2],{"content-index":3,"navigation":1093,"search":1101},[4],{"id":5,"title":6,"body":7,"date":1085,"description":1086,"extension":1087,"meta":1088,"navigation":126,"path":1089,"seo":1090,"stem":1091,"__hash__":1092},"content\u002Fposts\u002Ffirecracker-minimal-startup.md","Firecracker 最小化启动指南",{"type":8,"value":9,"toc":1076},"minimark",[10,27,39,44,47,51,460,464,482,487,611,618,622,625,718,947,951,963,993,1015,1060,1067,1072],[11,12,15],"callout",{"color":13,"icon":14},"warning","i-lucide-info",[16,17,18,19,26],"p",{},"Firecracker 只能在启用了 KVM 的 Linux 系统下运行。\n具体支持请参阅：",[20,21,25],"a",{"href":22,"rel":23},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Fblob\u002Fmain\u002Fdocs\u002Fkernel-policy.md",[24],"nofollow","支持文档","。\n此教程适用于 x86_64 架构的 Linux 系统。",[11,28,30],{"color":29,"icon":14},"info",[16,31,32,33,38],{},"你可以阅读 ",[20,34,37],{"href":35,"rel":36},"https:\u002F\u002Fwiki.archlinux.org\u002Ftitle\u002FKVM",[24],"ArchLinux Wiki - KVM"," 了解如何开启 KVM。",[40,41,43],"h2",{"id":42},"什么是-firecracker","什么是 Firecracker",[16,45,46],{},"Firecracker 是一种开源虚拟化技术，专为创建和管理安全的多租户容器和功能服务而设计，这些服务提供无服务器运行模型。\nFirecracker 在 MicroVMs 中运行工作负载，这些虚拟机结合了硬件虚拟化技术提供的安全性和隔离特性，以及容器的速度和灵活性。",[40,48,50],{"id":49},"安装-firecracker","安装 Firecracker",[52,53,54,94,266],"code-group",{},[55,56,62],"pre",{"className":57,"code":58,"filename":59,"language":60,"meta":61,"style":61},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","# 没错就这么点\nsudo pacman -S firecracker --needed\n","使用 Pacman 安装（推荐）","bash","",[63,64,65,74],"code",{"__ignoreMap":61},[66,67,70],"span",{"class":68,"line":69},"line",1,[66,71,73],{"class":72},"sHwdD","# 没错就这么点\n",[66,75,77,81,85,88,91],{"class":68,"line":76},2,[66,78,80],{"class":79},"sBMFI","sudo",[66,82,84],{"class":83},"sfazB"," pacman",[66,86,87],{"class":83}," -S",[66,89,90],{"class":83}," firecracker",[66,92,93],{"class":83}," --needed\n",[55,95,98],{"className":57,"code":96,"filename":97,"language":60,"meta":61,"style":61},"ARCH=\"$(uname -m)\"\n\n# 启动 Docker\nsudo systemctl start docker\n\n# 克隆 Firecracker 仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker_src\n\n# 构建 Firecracker\n#\n# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n#\n# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n#\nsudo .\u002Ffirecracker_src\u002Ftools\u002Fdevtool build\n\n# 重命名可执行文件为 \"firecracker\"\nsudo cp .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F${ARCH}-unknown-linux-musl\u002Fdebug\u002Ffirecracker firecracker\n","从源码构建",[63,99,100,122,128,134,148,153,159,174,179,185,191,197,202,208,214,219,230,235,241],{"__ignoreMap":61},[66,101,102,106,110,113,116,119],{"class":68,"line":69},[66,103,105],{"class":104},"sTEyZ","ARCH",[66,107,109],{"class":108},"sMK4o","=",[66,111,112],{"class":108},"\"$(",[66,114,115],{"class":79},"uname",[66,117,118],{"class":83}," -m",[66,120,121],{"class":108},")\"\n",[66,123,124],{"class":68,"line":76},[66,125,127],{"emptyLinePlaceholder":126},true,"\n",[66,129,131],{"class":68,"line":130},3,[66,132,133],{"class":72},"# 启动 Docker\n",[66,135,137,139,142,145],{"class":68,"line":136},4,[66,138,80],{"class":79},[66,140,141],{"class":83}," systemctl",[66,143,144],{"class":83}," start",[66,146,147],{"class":83}," docker\n",[66,149,151],{"class":68,"line":150},5,[66,152,127],{"emptyLinePlaceholder":126},[66,154,156],{"class":68,"line":155},6,[66,157,158],{"class":72},"# 克隆 Firecracker 仓库\n",[66,160,162,165,168,171],{"class":68,"line":161},7,[66,163,164],{"class":79},"git",[66,166,167],{"class":83}," clone",[66,169,170],{"class":83}," https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker",[66,172,173],{"class":83}," firecracker_src\n",[66,175,177],{"class":68,"line":176},8,[66,178,127],{"emptyLinePlaceholder":126},[66,180,182],{"class":68,"line":181},9,[66,183,184],{"class":72},"# 构建 Firecracker\n",[66,186,188],{"class":68,"line":187},10,[66,189,190],{"class":72},"#\n",[66,192,194],{"class":68,"line":193},11,[66,195,196],{"class":72},"# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n",[66,198,200],{"class":68,"line":199},12,[66,201,190],{"class":72},[66,203,205],{"class":68,"line":204},13,[66,206,207],{"class":72},"# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n",[66,209,211],{"class":68,"line":210},14,[66,212,213],{"class":72},"# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n",[66,215,217],{"class":68,"line":216},15,[66,218,190],{"class":72},[66,220,222,224,227],{"class":68,"line":221},16,[66,223,80],{"class":79},[66,225,226],{"class":83}," .\u002Ffirecracker_src\u002Ftools\u002Fdevtool",[66,228,229],{"class":83}," build\n",[66,231,233],{"class":68,"line":232},17,[66,234,127],{"emptyLinePlaceholder":126},[66,236,238],{"class":68,"line":237},18,[66,239,240],{"class":72},"# 重命名可执行文件为 \"firecracker\"\n",[66,242,244,246,249,252,255,257,260,263],{"class":68,"line":243},19,[66,245,80],{"class":79},[66,247,248],{"class":83}," cp",[66,250,251],{"class":83}," .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F",[66,253,254],{"class":108},"${",[66,256,105],{"class":104},[66,258,259],{"class":108},"}",[66,261,262],{"class":83},"-unknown-linux-musl\u002Fdebug\u002Ffirecracker",[66,264,265],{"class":83}," firecracker\n",[55,267,270],{"className":57,"code":268,"filename":269,"language":60,"meta":61,"style":61},"ARCH=\"$(uname -m)\"\n\nrelease_url=\"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases\"\nlatest=$(basename $(curl -fsSLI -o \u002Fdev\u002Fnull -w  %{url_effective} ${release_url}\u002Flatest))\ncurl -L ${release_url}\u002Fdownload\u002F${latest}\u002Ffirecracker-${latest}-${ARCH}.tgz \\\n| tar -xz\n\n# 重命名可执行文件为 \"firecracker\"\nmv release-${latest}-$(uname -m)\u002Ffirecracker-${latest}-${ARCH} firecracker\n\n","从 Github Release 下载",[63,271,272,286,290,306,351,397,408,412,416],{"__ignoreMap":61},[66,273,274,276,278,280,282,284],{"class":68,"line":69},[66,275,105],{"class":104},[66,277,109],{"class":108},[66,279,112],{"class":108},[66,281,115],{"class":79},[66,283,118],{"class":83},[66,285,121],{"class":108},[66,287,288],{"class":68,"line":76},[66,289,127],{"emptyLinePlaceholder":126},[66,291,292,295,297,300,303],{"class":68,"line":130},[66,293,294],{"class":104},"release_url",[66,296,109],{"class":108},[66,298,299],{"class":108},"\"",[66,301,302],{"class":83},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases",[66,304,305],{"class":108},"\"\n",[66,307,308,311,314,317,320,323,326,329,332,335,338,341,343,345,348],{"class":68,"line":136},[66,309,310],{"class":104},"latest",[66,312,313],{"class":108},"=$(",[66,315,316],{"class":79},"basename",[66,318,319],{"class":108}," $(",[66,321,322],{"class":79},"curl",[66,324,325],{"class":83}," -fsSLI",[66,327,328],{"class":83}," -o",[66,330,331],{"class":83}," \u002Fdev\u002Fnull",[66,333,334],{"class":83}," -w",[66,336,337],{"class":83},"  %{url_effective}",[66,339,340],{"class":108}," ${",[66,342,294],{"class":104},[66,344,259],{"class":108},[66,346,347],{"class":83},"\u002Flatest",[66,349,350],{"class":108},"))\n",[66,352,353,355,358,360,362,364,367,369,371,373,376,378,380,382,385,387,389,391,394],{"class":68,"line":150},[66,354,322],{"class":79},[66,356,357],{"class":83}," -L",[66,359,340],{"class":108},[66,361,294],{"class":104},[66,363,259],{"class":108},[66,365,366],{"class":83},"\u002Fdownload\u002F",[66,368,254],{"class":108},[66,370,310],{"class":104},[66,372,259],{"class":108},[66,374,375],{"class":83},"\u002Ffirecracker-",[66,377,254],{"class":108},[66,379,310],{"class":104},[66,381,259],{"class":108},[66,383,384],{"class":83},"-",[66,386,254],{"class":108},[66,388,105],{"class":104},[66,390,259],{"class":108},[66,392,393],{"class":83},".tgz",[66,395,396],{"class":104}," \\\n",[66,398,399,402,405],{"class":68,"line":155},[66,400,401],{"class":108},"|",[66,403,404],{"class":79}," tar",[66,406,407],{"class":83}," -xz\n",[66,409,410],{"class":68,"line":161},[66,411,127],{"emptyLinePlaceholder":126},[66,413,414],{"class":68,"line":176},[66,415,240],{"class":72},[66,417,418,421,424,426,428,430,432,435,437,439,442,444,446,448,450,452,454,456,458],{"class":68,"line":181},[66,419,420],{"class":79},"mv",[66,422,423],{"class":83}," release-",[66,425,254],{"class":108},[66,427,310],{"class":104},[66,429,259],{"class":108},[66,431,384],{"class":83},[66,433,434],{"class":108},"$(",[66,436,115],{"class":79},[66,438,118],{"class":83},[66,440,441],{"class":108},")",[66,443,375],{"class":83},[66,445,254],{"class":108},[66,447,310],{"class":104},[66,449,259],{"class":108},[66,451,384],{"class":83},[66,453,254],{"class":108},[66,455,105],{"class":104},[66,457,259],{"class":108},[66,459,265],{"class":83},[40,461,463],{"id":462},"构建-rootfs-和-kernel-镜像","构建 RootFS 和 Kernel 镜像",[11,465,466,475],{"color":29,"icon":14},[16,467,468,469,474],{},"你可以参阅 ",[20,470,473],{"href":471,"rel":472},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Fblob\u002Fmain\u002Fdocs\u002Frootfs-and-kernel-setup.md",[24],"官方构建指南"," 更全面的了解这一过程。",[16,476,477,478,481],{},"构建 RootFS 需要 ",[63,479,480],{},"docker","，请提前安装。",[483,484,486],"h3",{"id":485},"创建-kernel-镜像","创建 Kernel 镜像",[55,488,491],{"className":57,"code":489,"filename":490,"language":60,"meta":61,"style":61},"# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git linux.git --depth=1\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker.git --depth=1\ncd linux.git\n\n## 2. 配置内核\ncp ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config .\u002F.config\nmake olddefconfig\n\n# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\nmake menuconfig\n\n## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\nmake vmlinux -j$(nproc)\n","Terminal",[63,492,493,498,513,526,535,539,544,555,563,567,572,577,584,588,593],{"__ignoreMap":61},[66,494,495],{"class":68,"line":69},[66,496,497],{"class":72},"# 1. 克隆仓库\n",[66,499,500,502,504,507,510],{"class":68,"line":76},[66,501,164],{"class":79},[66,503,167],{"class":83},[66,505,506],{"class":83}," https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git",[66,508,509],{"class":83}," linux.git",[66,511,512],{"class":83}," --depth=1\n",[66,514,515,517,519,521,524],{"class":68,"line":130},[66,516,164],{"class":79},[66,518,167],{"class":83},[66,520,170],{"class":83},[66,522,523],{"class":83}," firecracker.git",[66,525,512],{"class":83},[66,527,528,532],{"class":68,"line":136},[66,529,531],{"class":530},"s2Zo4","cd",[66,533,534],{"class":83}," linux.git\n",[66,536,537],{"class":68,"line":150},[66,538,127],{"emptyLinePlaceholder":126},[66,540,541],{"class":68,"line":155},[66,542,543],{"class":72},"## 2. 配置内核\n",[66,545,546,549,552],{"class":68,"line":161},[66,547,548],{"class":79},"cp",[66,550,551],{"class":83}," ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config",[66,553,554],{"class":83}," .\u002F.config\n",[66,556,557,560],{"class":68,"line":176},[66,558,559],{"class":79},"make",[66,561,562],{"class":83}," olddefconfig\n",[66,564,565],{"class":68,"line":181},[66,566,127],{"emptyLinePlaceholder":126},[66,568,569],{"class":68,"line":187},[66,570,571],{"class":72},"# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n",[66,573,574],{"class":68,"line":193},[66,575,576],{"class":72},"# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\n",[66,578,579,581],{"class":68,"line":199},[66,580,559],{"class":79},[66,582,583],{"class":83}," menuconfig\n",[66,585,586],{"class":68,"line":204},[66,587,127],{"emptyLinePlaceholder":126},[66,589,590],{"class":68,"line":210},[66,591,592],{"class":72},"## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\n",[66,594,595,597,600,603,605,608],{"class":68,"line":216},[66,596,559],{"class":79},[66,598,599],{"class":83}," vmlinux",[66,601,602],{"class":83}," -j",[66,604,434],{"class":108},[66,606,607],{"class":79},"nproc",[66,609,610],{"class":108},")\n",[16,612,613,614,617],{},"执行上述步骤后，Kernel 镜像将会生成在 ",[63,615,616],{},"linux.git\u002Fvmlinux"," 文件中。（文件大小约为 30MB）",[483,619,621],{"id":620},"创建-rootfs-镜像","创建 RootFS 镜像",[16,623,624],{},"为了标准化 RootFS 中的内容，我建议你使用 Dockerfile 构建镜像并导出。",[55,626,630],{"className":627,"code":628,"filename":629,"language":629,"meta":61,"style":61},"language-Dockerfile shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n\n# Install utils\nRUN apk add openrc \\\n    && apk add util-linux\n\n# Setup agetty\nRUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n    && rc-update add agetty.ttyS0 default\n\n# Setup openrc\nRUN rc-update add devfs boot \\\n    && rc-update add procfs boot \\\n    && rc-update add sysfs boot\n\n# Set root password\nRUN echo \"root:root\" | chpasswd\n\n","Dockerfile",[63,631,632,637,641,646,651,656,660,665,670,675,680,684,689,694,699,704,708,713],{"__ignoreMap":61},[66,633,634],{"class":68,"line":69},[66,635,636],{},"FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n",[66,638,639],{"class":68,"line":76},[66,640,127],{"emptyLinePlaceholder":126},[66,642,643],{"class":68,"line":130},[66,644,645],{},"# Install utils\n",[66,647,648],{"class":68,"line":136},[66,649,650],{},"RUN apk add openrc \\\n",[66,652,653],{"class":68,"line":150},[66,654,655],{},"    && apk add util-linux\n",[66,657,658],{"class":68,"line":155},[66,659,127],{"emptyLinePlaceholder":126},[66,661,662],{"class":68,"line":161},[66,663,664],{},"# Setup agetty\n",[66,666,667],{"class":68,"line":176},[66,668,669],{},"RUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n",[66,671,672],{"class":68,"line":181},[66,673,674],{},"    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n",[66,676,677],{"class":68,"line":187},[66,678,679],{},"    && rc-update add agetty.ttyS0 default\n",[66,681,682],{"class":68,"line":193},[66,683,127],{"emptyLinePlaceholder":126},[66,685,686],{"class":68,"line":199},[66,687,688],{},"# Setup openrc\n",[66,690,691],{"class":68,"line":204},[66,692,693],{},"RUN rc-update add devfs boot \\\n",[66,695,696],{"class":68,"line":210},[66,697,698],{},"    && rc-update add procfs boot \\\n",[66,700,701],{"class":68,"line":216},[66,702,703],{},"    && rc-update add sysfs boot\n",[66,705,706],{"class":68,"line":221},[66,707,127],{"emptyLinePlaceholder":126},[66,709,710],{"class":68,"line":232},[66,711,712],{},"# Set root password\n",[66,714,715],{"class":68,"line":237},[66,716,717],{},"RUN echo \"root:root\" | chpasswd\n",[55,719,721],{"className":57,"code":720,"filename":490,"language":60,"meta":61,"style":61},"# 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n#    大小最少需要 30MB\ndd if=\u002Fdev\u002Fzero of=rootfs.ext4 bs=1M count=50\n\n# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\nmkfs.ext4 rootfs.ext4\n\n# 3. 挂载 RootFS\nmkdir \u002Ftmp\u002Fmy-rootfs\nsudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chmod 777 \u002Ftmp\u002Fmy-rootfs # 方便起见，使用 777 权限（允许读写）\n\n# 4. 构建 Docker 镜像\ndocker build --tag=rootfs --file Dockerfile .\ndocker create --name rootfs rootfs\ndocker export rootfs -o rootfs.tar\ndocker rm rootfs\n\n# 你可以删除 Docker 镜像\n# docker rmi rootfs\n\n# 5. 导出到 RootFS\ntar -xf rootfs.tar -C \u002Ftmp\u002Fmy-rootfs\n\n# 6. 卸载 RootFS\nsudo umount \u002Ftmp\u002Fmy-rootfs\n",[63,722,723,728,733,754,758,763,771,775,780,788,800,816,820,825,844,860,874,883,887,892,898,903,909,926,931,937],{"__ignoreMap":61},[66,724,725],{"class":68,"line":69},[66,726,727],{"class":72},"# 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n",[66,729,730],{"class":68,"line":76},[66,731,732],{"class":72},"#    大小最少需要 30MB\n",[66,734,735,738,741,744,747,750],{"class":68,"line":130},[66,736,737],{"class":79},"dd",[66,739,740],{"class":83}," if=\u002Fdev\u002Fzero",[66,742,743],{"class":83}," of=rootfs.ext4",[66,745,746],{"class":83}," bs=1M",[66,748,749],{"class":83}," count=",[66,751,753],{"class":752},"sbssI","50\n",[66,755,756],{"class":68,"line":136},[66,757,127],{"emptyLinePlaceholder":126},[66,759,760],{"class":68,"line":150},[66,761,762],{"class":72},"# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\n",[66,764,765,768],{"class":68,"line":155},[66,766,767],{"class":79},"mkfs.ext4",[66,769,770],{"class":83}," rootfs.ext4\n",[66,772,773],{"class":68,"line":161},[66,774,127],{"emptyLinePlaceholder":126},[66,776,777],{"class":68,"line":176},[66,778,779],{"class":72},"# 3. 挂载 RootFS\n",[66,781,782,785],{"class":68,"line":181},[66,783,784],{"class":79},"mkdir",[66,786,787],{"class":83}," \u002Ftmp\u002Fmy-rootfs\n",[66,789,790,792,795,798],{"class":68,"line":187},[66,791,80],{"class":79},[66,793,794],{"class":83}," mount",[66,796,797],{"class":83}," rootfs.ext4",[66,799,787],{"class":83},[66,801,802,804,807,810,813],{"class":68,"line":193},[66,803,80],{"class":79},[66,805,806],{"class":83}," chmod",[66,808,809],{"class":752}," 777",[66,811,812],{"class":83}," \u002Ftmp\u002Fmy-rootfs",[66,814,815],{"class":72}," # 方便起见，使用 777 权限（允许读写）\n",[66,817,818],{"class":68,"line":199},[66,819,127],{"emptyLinePlaceholder":126},[66,821,822],{"class":68,"line":204},[66,823,824],{"class":72},"# 4. 构建 Docker 镜像\n",[66,826,827,829,832,835,838,841],{"class":68,"line":210},[66,828,480],{"class":79},[66,830,831],{"class":83}," build",[66,833,834],{"class":83}," --tag=rootfs",[66,836,837],{"class":83}," --file",[66,839,840],{"class":83}," Dockerfile",[66,842,843],{"class":83}," .\n",[66,845,846,848,851,854,857],{"class":68,"line":216},[66,847,480],{"class":79},[66,849,850],{"class":83}," create",[66,852,853],{"class":83}," --name",[66,855,856],{"class":83}," rootfs",[66,858,859],{"class":83}," rootfs\n",[66,861,862,864,867,869,871],{"class":68,"line":221},[66,863,480],{"class":79},[66,865,866],{"class":83}," export",[66,868,856],{"class":83},[66,870,328],{"class":83},[66,872,873],{"class":83}," rootfs.tar\n",[66,875,876,878,881],{"class":68,"line":232},[66,877,480],{"class":79},[66,879,880],{"class":83}," rm",[66,882,859],{"class":83},[66,884,885],{"class":68,"line":237},[66,886,127],{"emptyLinePlaceholder":126},[66,888,889],{"class":68,"line":243},[66,890,891],{"class":72},"# 你可以删除 Docker 镜像\n",[66,893,895],{"class":68,"line":894},20,[66,896,897],{"class":72},"# docker rmi rootfs\n",[66,899,901],{"class":68,"line":900},21,[66,902,127],{"emptyLinePlaceholder":126},[66,904,906],{"class":68,"line":905},22,[66,907,908],{"class":72},"# 5. 导出到 RootFS\n",[66,910,912,915,918,921,924],{"class":68,"line":911},23,[66,913,914],{"class":79},"tar",[66,916,917],{"class":83}," -xf",[66,919,920],{"class":83}," rootfs.tar",[66,922,923],{"class":83}," -C",[66,925,787],{"class":83},[66,927,929],{"class":68,"line":928},24,[66,930,127],{"emptyLinePlaceholder":126},[66,932,934],{"class":68,"line":933},25,[66,935,936],{"class":72},"# 6. 卸载 RootFS\n",[66,938,940,942,945],{"class":68,"line":939},26,[66,941,80],{"class":79},[66,943,944],{"class":83}," umount",[66,946,787],{"class":83},[40,948,950],{"id":949},"运行-firecracker","运行 Firecracker",[11,952,953],{"color":29,"icon":14},[16,954,955,956,959,960,962],{},"方便起见，我们使用 ",[63,957,958],{},"firectl"," 作为运行 Firecracker 的工具。\n在 ArchLinux 发行版中，你可以安装 ",[63,961,958],{}," AUR 包。",[55,964,966],{"className":57,"code":965,"filename":490,"language":60,"meta":61,"style":61},"# 使用 ttyS0 串口，Panic 时重启\nfirectl --root-drive=rootfs.ext4 --kernel=vmlinux --kernel-opts=\"console=ttyS0 reboot=k panic=1\"\n",[63,967,968,973],{"__ignoreMap":61},[66,969,970],{"class":68,"line":69},[66,971,972],{"class":72},"# 使用 ttyS0 串口，Panic 时重启\n",[66,974,975,977,980,983,986,988,991],{"class":68,"line":76},[66,976,958],{"class":79},[66,978,979],{"class":83}," --root-drive=rootfs.ext4",[66,981,982],{"class":83}," --kernel=vmlinux",[66,984,985],{"class":83}," --kernel-opts=",[66,987,299],{"class":108},[66,989,990],{"class":83},"console=ttyS0 reboot=k panic=1",[66,992,305],{"class":108},[16,994,995,996,999,1000,1002,1003,1006,1007,1010,1011,1014],{},"如果出现了登陆提示符，那么恭喜你，Firecracker 已经可以成功运行了。\n你可以执行 ",[63,997,998],{},"reboot"," 退出并销毁 MicroVM。（在最小化配置下，",[63,1001,998],{}," 是最可靠的退出方式）。\n如果你无法登陆系统，请 ",[63,1004,1005],{},"pkill firectl"," 停止 firectl，并挂载 RootFS 镜像（",[63,1008,1009],{},"rootfs.ext4","），chroot 进去，接着使用 ",[63,1012,1013],{},"passwd"," 修改密码：",[55,1016,1018],{"className":57,"code":1017,"filename":490,"language":60,"meta":61,"style":61},"sudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chroot \u002Ftmp\u002Fmy-rootfs \u002Fbin\u002Fsh\npasswd\nexit\nsudo umount \u002Ftmp\u002Fmy-rootfs\n",[63,1019,1020,1030,1042,1047,1052],{"__ignoreMap":61},[66,1021,1022,1024,1026,1028],{"class":68,"line":69},[66,1023,80],{"class":79},[66,1025,794],{"class":83},[66,1027,797],{"class":83},[66,1029,787],{"class":83},[66,1031,1032,1034,1037,1039],{"class":68,"line":76},[66,1033,80],{"class":79},[66,1035,1036],{"class":83}," chroot",[66,1038,812],{"class":83},[66,1040,1041],{"class":83}," \u002Fbin\u002Fsh\n",[66,1043,1044],{"class":68,"line":130},[66,1045,1046],{"class":79},"passwd\n",[66,1048,1049],{"class":68,"line":136},[66,1050,1051],{"class":530},"exit\n",[66,1053,1054,1056,1058],{"class":68,"line":150},[66,1055,80],{"class":79},[66,1057,944],{"class":83},[66,1059,787],{"class":83},[16,1061,1062,1063,1066],{},"如果 MicroVM 立即结束运行，没有出现登陆提示符（终端上会出现 ",[63,1064,1065],{},"Kernel panic"," 的信息），你需要仔细检查上面的步骤，确保没有错误，因为发生了 Kernel Panic。",[11,1068,1069],{"color":29,"icon":14},[16,1070,1071],{},"目前为止，Firecracker 已经可以正常启动，但是无法访问网络。",[1073,1074,1075],"style",{},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",{"title":61,"searchDepth":76,"depth":76,"links":1077},[1078,1079,1080,1084],{"id":42,"depth":76,"text":43},{"id":49,"depth":76,"text":50},{"id":462,"depth":76,"text":463,"children":1081},[1082,1083],{"id":485,"depth":130,"text":486},{"id":620,"depth":130,"text":621},{"id":949,"depth":76,"text":950},"2026-06-02","一个极其简单的 Firecracker 启动指南","md",{},"\u002Fposts\u002Ffirecracker-minimal-startup",{"title":6,"description":1086},"posts\u002Ffirecracker-minimal-startup","ROEl80WzX9E_9d4dSFXoryHZVjSNdG3kCd7A-7cHpwQ",[1094],{"title":1095,"path":1096,"stem":1097,"children":1098,"page":1100},"Posts","\u002Fposts","posts",[1099],{"title":6,"path":1089,"stem":1091},false,[1102,1105,1108,1112,1116,1120,1124],{"id":1089,"title":6,"titles":1103,"content":1104,"level":69},[],"一个极其简单的 Firecracker 启动指南 Firecracker 只能在启用了 KVM 的 Linux 系统下运行。\n具体支持请参阅：支持文档。\n此教程适用于 x86_64 架构的 Linux 系统。 你可以阅读 ArchLinux Wiki - KVM 了解如何开启 KVM。",{"id":1106,"title":43,"titles":1107,"content":46,"level":76},"\u002Fposts\u002Ffirecracker-minimal-startup#什么是-firecracker",[6],{"id":1109,"title":50,"titles":1110,"content":1111,"level":76},"\u002Fposts\u002Ffirecracker-minimal-startup#安装-firecracker",[6],"# 没错就这么点\nsudo pacman -S firecracker --needed\nARCH=\"$(uname -m)\"\n\n# 启动 Docker\nsudo systemctl start docker\n\n# 克隆 Firecracker 仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker_src\n\n# 构建 Firecracker\n#\n# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n#\n# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n#\nsudo .\u002Ffirecracker_src\u002Ftools\u002Fdevtool build\n\n# 重命名可执行文件为 \"firecracker\"\nsudo cp .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F${ARCH}-unknown-linux-musl\u002Fdebug\u002Ffirecracker firecracker\nARCH=\"$(uname -m)\"\n\nrelease_url=\"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases\"\nlatest=$(basename $(curl -fsSLI -o \u002Fdev\u002Fnull -w  %{url_effective} ${release_url}\u002Flatest))\ncurl -L ${release_url}\u002Fdownload\u002F${latest}\u002Ffirecracker-${latest}-${ARCH}.tgz \\\n| tar -xz\n\n# 重命名可执行文件为 \"firecracker\"\nmv release-${latest}-$(uname -m)\u002Ffirecracker-${latest}-${ARCH} firecracker",{"id":1113,"title":463,"titles":1114,"content":1115,"level":76},"\u002Fposts\u002Ffirecracker-minimal-startup#构建-rootfs-和-kernel-镜像",[6],"你可以参阅 官方构建指南 更全面的了解这一过程。构建 RootFS 需要 docker，请提前安装。",{"id":1117,"title":486,"titles":1118,"content":1119,"level":130},"\u002Fposts\u002Ffirecracker-minimal-startup#创建-kernel-镜像",[6,463],"# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git linux.git --depth=1\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker.git --depth=1\ncd linux.git\n\n## 2. 配置内核\ncp ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config .\u002F.config\nmake olddefconfig\n\n# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\nmake menuconfig\n\n## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\nmake vmlinux -j$(nproc) 执行上述步骤后，Kernel 镜像将会生成在 linux.git\u002Fvmlinux 文件中。（文件大小约为 30MB）",{"id":1121,"title":621,"titles":1122,"content":1123,"level":130},"\u002Fposts\u002Ffirecracker-minimal-startup#创建-rootfs-镜像",[6,463],"为了标准化 RootFS 中的内容，我建议你使用 Dockerfile 构建镜像并导出。 FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n\n# Install utils\nRUN apk add openrc \\\n    && apk add util-linux\n\n# Setup agetty\nRUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n    && rc-update add agetty.ttyS0 default\n\n# Setup openrc\nRUN rc-update add devfs boot \\\n    && rc-update add procfs boot \\\n    && rc-update add sysfs boot\n\n# Set root password\nRUN echo \"root:root\" | chpasswd # 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n#    大小最少需要 30MB\ndd if=\u002Fdev\u002Fzero of=rootfs.ext4 bs=1M count=50\n\n# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\nmkfs.ext4 rootfs.ext4\n\n# 3. 挂载 RootFS\nmkdir \u002Ftmp\u002Fmy-rootfs\nsudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chmod 777 \u002Ftmp\u002Fmy-rootfs # 方便起见，使用 777 权限（允许读写）\n\n# 4. 构建 Docker 镜像\ndocker build --tag=rootfs --file Dockerfile .\ndocker create --name rootfs rootfs\ndocker export rootfs -o rootfs.tar\ndocker rm rootfs\n\n# 你可以删除 Docker 镜像\n# docker rmi rootfs\n\n# 5. 导出到 RootFS\ntar -xf rootfs.tar -C \u002Ftmp\u002Fmy-rootfs\n\n# 6. 卸载 RootFS\nsudo umount \u002Ftmp\u002Fmy-rootfs",{"id":1125,"title":950,"titles":1126,"content":1127,"level":76},"\u002Fposts\u002Ffirecracker-minimal-startup#运行-firecracker",[6],"方便起见，我们使用 firectl 作为运行 Firecracker 的工具。\n在 ArchLinux 发行版中，你可以安装 firectl AUR 包。 # 使用 ttyS0 串口，Panic 时重启\nfirectl --root-drive=rootfs.ext4 --kernel=vmlinux --kernel-opts=\"console=ttyS0 reboot=k panic=1\" 如果出现了登陆提示符，那么恭喜你，Firecracker 已经可以成功运行了。\n你可以执行 reboot 退出并销毁 MicroVM。（在最小化配置下，reboot 是最可靠的退出方式）。\n如果你无法登陆系统，请 pkill firectl 停止 firectl，并挂载 RootFS 镜像（rootfs.ext4），chroot 进去，接着使用 passwd 修改密码： sudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chroot \u002Ftmp\u002Fmy-rootfs \u002Fbin\u002Fsh\npasswd\nexit\nsudo umount \u002Ftmp\u002Fmy-rootfs 如果 MicroVM 立即结束运行，没有出现登陆提示符（终端上会出现 Kernel panic 的信息），你需要仔细检查上面的步骤，确保没有错误，因为发生了 Kernel Panic。 目前为止，Firecracker 已经可以正常启动，但是无法访问网络。 html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",1773755572261]