[{"data":1,"prerenderedAt":1128},["ShallowReactive",2],{"navigation":3,"search":14,"content-all":51},[4],{"title":5,"path":6,"stem":7,"children":8,"page":13},"Posts","\u002Fposts","posts",[9],{"title":10,"path":11,"stem":12},"Firecracker 最小化启动指南","\u002Fposts\u002Ffirecracker-minimal-startup","posts\u002Ffirecracker-minimal-startup",false,[15,19,25,30,35,41,46],{"id":11,"title":10,"titles":16,"content":17,"level":18},[],"一个极其简单的 Firecracker 启动指南 Firecracker 只能在启用了 KVM 的 Linux 系统下运行。\n具体支持请参阅：支持文档。\n此教程适用于 x86_64 架构的 Linux 系统。 你可以阅读 ArchLinux Wiki - KVM 了解如何开启 KVM。",1,{"id":20,"title":21,"titles":22,"content":23,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#什么是-firecracker","什么是 Firecracker",[10],"Firecracker 是一种开源虚拟化技术，专为创建和管理安全的多租户容器和功能服务而设计，这些服务提供无服务器运行模型。\nFirecracker 在 MicroVMs 中运行工作负载，这些虚拟机结合了硬件虚拟化技术提供的安全性和隔离特性，以及容器的速度和灵活性。",2,{"id":26,"title":27,"titles":28,"content":29,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#安装-firecracker","安装 Firecracker",[10],"# 没错就这么点\nsudo pacman -S firecracker --needed\nARCH=\"$(uname -m)\"\n\n# 启动 Docker\nsudo systemctl start docker\n\n# 克隆 Firecracker 仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker_src\n\n# 构建 Firecracker\n#\n# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n#\n# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n#\nsudo .\u002Ffirecracker_src\u002Ftools\u002Fdevtool build\n\n# 重命名可执行文件为 \"firecracker\"\nsudo cp .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F${ARCH}-unknown-linux-musl\u002Fdebug\u002Ffirecracker firecracker\nARCH=\"$(uname -m)\"\n\nrelease_url=\"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases\"\nlatest=$(basename $(curl -fsSLI -o \u002Fdev\u002Fnull -w  %{url_effective} ${release_url}\u002Flatest))\ncurl -L ${release_url}\u002Fdownload\u002F${latest}\u002Ffirecracker-${latest}-${ARCH}.tgz \\\n| tar -xz\n\n# 重命名可执行文件为 \"firecracker\"\nmv release-${latest}-$(uname -m)\u002Ffirecracker-${latest}-${ARCH} firecracker",{"id":31,"title":32,"titles":33,"content":34,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#构建-rootfs-和-kernel-镜像","构建 RootFS 和 Kernel 镜像",[10],"你可以参阅 官方构建指南 更全面的了解这一过程。构建 RootFS 需要 docker，请提前安装。",{"id":36,"title":37,"titles":38,"content":39,"level":40},"\u002Fposts\u002Ffirecracker-minimal-startup#创建-kernel-镜像","创建 Kernel 镜像",[10,32],"# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git linux.git --depth=1\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker.git --depth=1\ncd linux.git\n\n## 2. 配置内核\ncp ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config .\u002F.config\nmake olddefconfig\n\n# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\nmake menuconfig\n\n## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\nmake vmlinux -j$(nproc) 执行上述步骤后，Kernel 镜像将会生成在 linux.git\u002Fvmlinux 文件中。（文件大小约为 30MB）",3,{"id":42,"title":43,"titles":44,"content":45,"level":40},"\u002Fposts\u002Ffirecracker-minimal-startup#创建-rootfs-镜像","创建 RootFS 镜像",[10,32],"为了标准化 RootFS 中的内容，我建议你使用 Dockerfile 构建镜像并导出。 FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n\n# Install utils\nRUN apk add openrc \\\n    && apk add util-linux\n\n# Setup agetty\nRUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n    && rc-update add agetty.ttyS0 default\n\n# Setup openrc\nRUN rc-update add devfs boot \\\n    && rc-update add procfs boot \\\n    && rc-update add sysfs boot\n\n# Set root password\nRUN echo \"root:root\" | chpasswd # 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n#    大小最少需要 30MB\ndd if=\u002Fdev\u002Fzero of=rootfs.ext4 bs=1M count=50\n\n# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\nmkfs.ext4 rootfs.ext4\n\n# 3. 挂载 RootFS\nmkdir \u002Ftmp\u002Fmy-rootfs\nsudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chmod 777 \u002Ftmp\u002Fmy-rootfs # 方便起见，使用 777 权限（允许读写）\n\n# 4. 构建 Docker 镜像\ndocker build --tag=rootfs --file Dockerfile .\ndocker create --name rootfs rootfs\ndocker export rootfs -o rootfs.tar\ndocker rm rootfs\n\n# 你可以删除 Docker 镜像\n# docker rmi rootfs\n\n# 5. 导出到 RootFS\ntar -xf rootfs.tar -C \u002Ftmp\u002Fmy-rootfs\n\n# 6. 卸载 RootFS\nsudo umount \u002Ftmp\u002Fmy-rootfs",{"id":47,"title":48,"titles":49,"content":50,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#运行-firecracker","运行 Firecracker",[10],"方便起见，我们使用 firectl 作为运行 Firecracker 的工具。\n在 ArchLinux 发行版中，你可以安装 firectl AUR 包。 # 使用 ttyS0 串口，Panic 时重启\nfirectl --root-drive=rootfs.ext4 --kernel=vmlinux --kernel-opts=\"console=ttyS0 reboot=k panic=1\" 如果出现了登陆提示符，那么恭喜你，Firecracker 已经可以成功运行了。\n你可以执行 reboot 退出并销毁 MicroVM。（在最小化配置下，reboot 是最可靠的退出方式）。\n如果你无法登陆系统，请 pkill firectl 停止 firectl，并挂载 RootFS 镜像（rootfs.ext4），chroot 进去，接着使用 passwd 修改密码： sudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chroot \u002Ftmp\u002Fmy-rootfs \u002Fbin\u002Fsh\npasswd\nexit\nsudo umount \u002Ftmp\u002Fmy-rootfs 如果 MicroVM 立即结束运行，没有出现登陆提示符（终端上会出现 Kernel panic 的信息），你需要仔细检查上面的步骤，确保没有错误，因为发生了 Kernel Panic。 目前为止，Firecracker 已经可以正常启动，但是无法访问网络。 html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",[52],{"id":53,"title":10,"body":54,"date":1122,"description":1123,"extension":1124,"meta":1125,"navigation":168,"path":11,"seo":1126,"stem":12,"__hash__":1127},"content\u002Fposts\u002Ffirecracker-minimal-startup.md",{"type":55,"value":56,"toc":1113},"minimark",[57,74,86,90,92,95,501,504,522,526,650,657,660,663,756,985,988,1000,1030,1052,1097,1104,1109],[58,59,62],"callout",{"color":60,"icon":61},"warning","i-lucide-info",[63,64,65,66,73],"p",{},"Firecracker 只能在启用了 KVM 的 Linux 系统下运行。\n具体支持请参阅：",[67,68,72],"a",{"href":69,"rel":70},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Fblob\u002Fmain\u002Fdocs\u002Fkernel-policy.md",[71],"nofollow","支持文档","。\n此教程适用于 x86_64 架构的 Linux 系统。",[58,75,77],{"color":76,"icon":61},"info",[63,78,79,80,85],{},"你可以阅读 ",[67,81,84],{"href":82,"rel":83},"https:\u002F\u002Fwiki.archlinux.org\u002Ftitle\u002FKVM",[71],"ArchLinux Wiki - KVM"," 了解如何开启 KVM。",[87,88,21],"h2",{"id":89},"什么是-firecracker",[63,91,23],{},[87,93,27],{"id":94},"安装-firecracker",[96,97,98,136,307],"code-group",{},[99,100,106],"pre",{"className":101,"code":102,"filename":103,"language":104,"meta":105,"style":105},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","# 没错就这么点\nsudo pacman -S firecracker --needed\n","使用 Pacman 安装（推荐）","bash","",[107,108,109,117],"code",{"__ignoreMap":105},[110,111,113],"span",{"class":112,"line":18},"line",[110,114,116],{"class":115},"sHwdD","# 没错就这么点\n",[110,118,119,123,127,130,133],{"class":112,"line":24},[110,120,122],{"class":121},"sBMFI","sudo",[110,124,126],{"class":125},"sfazB"," pacman",[110,128,129],{"class":125}," -S",[110,131,132],{"class":125}," firecracker",[110,134,135],{"class":125}," --needed\n",[99,137,140],{"className":101,"code":138,"filename":139,"language":104,"meta":105,"style":105},"ARCH=\"$(uname -m)\"\n\n# 启动 Docker\nsudo systemctl start docker\n\n# 克隆 Firecracker 仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker_src\n\n# 构建 Firecracker\n#\n# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n#\n# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n#\nsudo .\u002Ffirecracker_src\u002Ftools\u002Fdevtool build\n\n# 重命名可执行文件为 \"firecracker\"\nsudo cp .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F${ARCH}-unknown-linux-musl\u002Fdebug\u002Ffirecracker firecracker\n","从源码构建",[107,141,142,164,170,175,189,194,200,215,220,226,232,238,243,249,255,260,271,276,282],{"__ignoreMap":105},[110,143,144,148,152,155,158,161],{"class":112,"line":18},[110,145,147],{"class":146},"sTEyZ","ARCH",[110,149,151],{"class":150},"sMK4o","=",[110,153,154],{"class":150},"\"$(",[110,156,157],{"class":121},"uname",[110,159,160],{"class":125}," -m",[110,162,163],{"class":150},")\"\n",[110,165,166],{"class":112,"line":24},[110,167,169],{"emptyLinePlaceholder":168},true,"\n",[110,171,172],{"class":112,"line":40},[110,173,174],{"class":115},"# 启动 Docker\n",[110,176,178,180,183,186],{"class":112,"line":177},4,[110,179,122],{"class":121},[110,181,182],{"class":125}," systemctl",[110,184,185],{"class":125}," start",[110,187,188],{"class":125}," docker\n",[110,190,192],{"class":112,"line":191},5,[110,193,169],{"emptyLinePlaceholder":168},[110,195,197],{"class":112,"line":196},6,[110,198,199],{"class":115},"# 克隆 Firecracker 仓库\n",[110,201,203,206,209,212],{"class":112,"line":202},7,[110,204,205],{"class":121},"git",[110,207,208],{"class":125}," clone",[110,210,211],{"class":125}," https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker",[110,213,214],{"class":125}," firecracker_src\n",[110,216,218],{"class":112,"line":217},8,[110,219,169],{"emptyLinePlaceholder":168},[110,221,223],{"class":112,"line":222},9,[110,224,225],{"class":115},"# 构建 Firecracker\n",[110,227,229],{"class":112,"line":228},10,[110,230,231],{"class":115},"#\n",[110,233,235],{"class":112,"line":234},11,[110,236,237],{"class":115},"# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n",[110,239,241],{"class":112,"line":240},12,[110,242,231],{"class":115},[110,244,246],{"class":112,"line":245},13,[110,247,248],{"class":115},"# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n",[110,250,252],{"class":112,"line":251},14,[110,253,254],{"class":115},"# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n",[110,256,258],{"class":112,"line":257},15,[110,259,231],{"class":115},[110,261,263,265,268],{"class":112,"line":262},16,[110,264,122],{"class":121},[110,266,267],{"class":125}," .\u002Ffirecracker_src\u002Ftools\u002Fdevtool",[110,269,270],{"class":125}," build\n",[110,272,274],{"class":112,"line":273},17,[110,275,169],{"emptyLinePlaceholder":168},[110,277,279],{"class":112,"line":278},18,[110,280,281],{"class":115},"# 重命名可执行文件为 \"firecracker\"\n",[110,283,285,287,290,293,296,298,301,304],{"class":112,"line":284},19,[110,286,122],{"class":121},[110,288,289],{"class":125}," cp",[110,291,292],{"class":125}," .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F",[110,294,295],{"class":150},"${",[110,297,147],{"class":146},[110,299,300],{"class":150},"}",[110,302,303],{"class":125},"-unknown-linux-musl\u002Fdebug\u002Ffirecracker",[110,305,306],{"class":125}," firecracker\n",[99,308,311],{"className":101,"code":309,"filename":310,"language":104,"meta":105,"style":105},"ARCH=\"$(uname -m)\"\n\nrelease_url=\"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases\"\nlatest=$(basename $(curl -fsSLI -o \u002Fdev\u002Fnull -w  %{url_effective} ${release_url}\u002Flatest))\ncurl -L ${release_url}\u002Fdownload\u002F${latest}\u002Ffirecracker-${latest}-${ARCH}.tgz \\\n| tar -xz\n\n# 重命名可执行文件为 \"firecracker\"\nmv release-${latest}-$(uname -m)\u002Ffirecracker-${latest}-${ARCH} firecracker\n\n","从 Github Release 下载",[107,312,313,327,331,347,392,438,449,453,457],{"__ignoreMap":105},[110,314,315,317,319,321,323,325],{"class":112,"line":18},[110,316,147],{"class":146},[110,318,151],{"class":150},[110,320,154],{"class":150},[110,322,157],{"class":121},[110,324,160],{"class":125},[110,326,163],{"class":150},[110,328,329],{"class":112,"line":24},[110,330,169],{"emptyLinePlaceholder":168},[110,332,333,336,338,341,344],{"class":112,"line":40},[110,334,335],{"class":146},"release_url",[110,337,151],{"class":150},[110,339,340],{"class":150},"\"",[110,342,343],{"class":125},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases",[110,345,346],{"class":150},"\"\n",[110,348,349,352,355,358,361,364,367,370,373,376,379,382,384,386,389],{"class":112,"line":177},[110,350,351],{"class":146},"latest",[110,353,354],{"class":150},"=$(",[110,356,357],{"class":121},"basename",[110,359,360],{"class":150}," $(",[110,362,363],{"class":121},"curl",[110,365,366],{"class":125}," -fsSLI",[110,368,369],{"class":125}," -o",[110,371,372],{"class":125}," \u002Fdev\u002Fnull",[110,374,375],{"class":125}," -w",[110,377,378],{"class":125},"  %{url_effective}",[110,380,381],{"class":150}," ${",[110,383,335],{"class":146},[110,385,300],{"class":150},[110,387,388],{"class":125},"\u002Flatest",[110,390,391],{"class":150},"))\n",[110,393,394,396,399,401,403,405,408,410,412,414,417,419,421,423,426,428,430,432,435],{"class":112,"line":191},[110,395,363],{"class":121},[110,397,398],{"class":125}," -L",[110,400,381],{"class":150},[110,402,335],{"class":146},[110,404,300],{"class":150},[110,406,407],{"class":125},"\u002Fdownload\u002F",[110,409,295],{"class":150},[110,411,351],{"class":146},[110,413,300],{"class":150},[110,415,416],{"class":125},"\u002Ffirecracker-",[110,418,295],{"class":150},[110,420,351],{"class":146},[110,422,300],{"class":150},[110,424,425],{"class":125},"-",[110,427,295],{"class":150},[110,429,147],{"class":146},[110,431,300],{"class":150},[110,433,434],{"class":125},".tgz",[110,436,437],{"class":146}," \\\n",[110,439,440,443,446],{"class":112,"line":196},[110,441,442],{"class":150},"|",[110,444,445],{"class":121}," tar",[110,447,448],{"class":125}," -xz\n",[110,450,451],{"class":112,"line":202},[110,452,169],{"emptyLinePlaceholder":168},[110,454,455],{"class":112,"line":217},[110,456,281],{"class":115},[110,458,459,462,465,467,469,471,473,476,478,480,483,485,487,489,491,493,495,497,499],{"class":112,"line":222},[110,460,461],{"class":121},"mv",[110,463,464],{"class":125}," release-",[110,466,295],{"class":150},[110,468,351],{"class":146},[110,470,300],{"class":150},[110,472,425],{"class":125},[110,474,475],{"class":150},"$(",[110,477,157],{"class":121},[110,479,160],{"class":125},[110,481,482],{"class":150},")",[110,484,416],{"class":125},[110,486,295],{"class":150},[110,488,351],{"class":146},[110,490,300],{"class":150},[110,492,425],{"class":125},[110,494,295],{"class":150},[110,496,147],{"class":146},[110,498,300],{"class":150},[110,500,306],{"class":125},[87,502,32],{"id":503},"构建-rootfs-和-kernel-镜像",[58,505,506,515],{"color":76,"icon":61},[63,507,508,509,514],{},"你可以参阅 ",[67,510,513],{"href":511,"rel":512},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Fblob\u002Fmain\u002Fdocs\u002Frootfs-and-kernel-setup.md",[71],"官方构建指南"," 更全面的了解这一过程。",[63,516,517,518,521],{},"构建 RootFS 需要 ",[107,519,520],{},"docker","，请提前安装。",[523,524,37],"h3",{"id":525},"创建-kernel-镜像",[99,527,530],{"className":101,"code":528,"filename":529,"language":104,"meta":105,"style":105},"# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git linux.git --depth=1\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker.git --depth=1\ncd linux.git\n\n## 2. 配置内核\ncp ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config .\u002F.config\nmake olddefconfig\n\n# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\nmake menuconfig\n\n## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\nmake vmlinux -j$(nproc)\n","Terminal",[107,531,532,537,552,565,574,578,583,594,602,606,611,616,623,627,632],{"__ignoreMap":105},[110,533,534],{"class":112,"line":18},[110,535,536],{"class":115},"# 1. 克隆仓库\n",[110,538,539,541,543,546,549],{"class":112,"line":24},[110,540,205],{"class":121},[110,542,208],{"class":125},[110,544,545],{"class":125}," https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git",[110,547,548],{"class":125}," linux.git",[110,550,551],{"class":125}," --depth=1\n",[110,553,554,556,558,560,563],{"class":112,"line":40},[110,555,205],{"class":121},[110,557,208],{"class":125},[110,559,211],{"class":125},[110,561,562],{"class":125}," firecracker.git",[110,564,551],{"class":125},[110,566,567,571],{"class":112,"line":177},[110,568,570],{"class":569},"s2Zo4","cd",[110,572,573],{"class":125}," linux.git\n",[110,575,576],{"class":112,"line":191},[110,577,169],{"emptyLinePlaceholder":168},[110,579,580],{"class":112,"line":196},[110,581,582],{"class":115},"## 2. 配置内核\n",[110,584,585,588,591],{"class":112,"line":202},[110,586,587],{"class":121},"cp",[110,589,590],{"class":125}," ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config",[110,592,593],{"class":125}," .\u002F.config\n",[110,595,596,599],{"class":112,"line":217},[110,597,598],{"class":121},"make",[110,600,601],{"class":125}," olddefconfig\n",[110,603,604],{"class":112,"line":222},[110,605,169],{"emptyLinePlaceholder":168},[110,607,608],{"class":112,"line":228},[110,609,610],{"class":115},"# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n",[110,612,613],{"class":112,"line":234},[110,614,615],{"class":115},"# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\n",[110,617,618,620],{"class":112,"line":240},[110,619,598],{"class":121},[110,621,622],{"class":125}," menuconfig\n",[110,624,625],{"class":112,"line":245},[110,626,169],{"emptyLinePlaceholder":168},[110,628,629],{"class":112,"line":251},[110,630,631],{"class":115},"## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\n",[110,633,634,636,639,642,644,647],{"class":112,"line":257},[110,635,598],{"class":121},[110,637,638],{"class":125}," vmlinux",[110,640,641],{"class":125}," -j",[110,643,475],{"class":150},[110,645,646],{"class":121},"nproc",[110,648,649],{"class":150},")\n",[63,651,652,653,656],{},"执行上述步骤后，Kernel 镜像将会生成在 ",[107,654,655],{},"linux.git\u002Fvmlinux"," 文件中。（文件大小约为 30MB）",[523,658,43],{"id":659},"创建-rootfs-镜像",[63,661,662],{},"为了标准化 RootFS 中的内容，我建议你使用 Dockerfile 构建镜像并导出。",[99,664,668],{"className":665,"code":666,"filename":667,"language":667,"meta":105,"style":105},"language-Dockerfile shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n\n# Install utils\nRUN apk add openrc \\\n    && apk add util-linux\n\n# Setup agetty\nRUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n    && rc-update add agetty.ttyS0 default\n\n# Setup openrc\nRUN rc-update add devfs boot \\\n    && rc-update add procfs boot \\\n    && rc-update add sysfs boot\n\n# Set root password\nRUN echo \"root:root\" | chpasswd\n\n","Dockerfile",[107,669,670,675,679,684,689,694,698,703,708,713,718,722,727,732,737,742,746,751],{"__ignoreMap":105},[110,671,672],{"class":112,"line":18},[110,673,674],{},"FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n",[110,676,677],{"class":112,"line":24},[110,678,169],{"emptyLinePlaceholder":168},[110,680,681],{"class":112,"line":40},[110,682,683],{},"# Install utils\n",[110,685,686],{"class":112,"line":177},[110,687,688],{},"RUN apk add openrc \\\n",[110,690,691],{"class":112,"line":191},[110,692,693],{},"    && apk add util-linux\n",[110,695,696],{"class":112,"line":196},[110,697,169],{"emptyLinePlaceholder":168},[110,699,700],{"class":112,"line":202},[110,701,702],{},"# Setup agetty\n",[110,704,705],{"class":112,"line":217},[110,706,707],{},"RUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n",[110,709,710],{"class":112,"line":222},[110,711,712],{},"    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n",[110,714,715],{"class":112,"line":228},[110,716,717],{},"    && rc-update add agetty.ttyS0 default\n",[110,719,720],{"class":112,"line":234},[110,721,169],{"emptyLinePlaceholder":168},[110,723,724],{"class":112,"line":240},[110,725,726],{},"# Setup openrc\n",[110,728,729],{"class":112,"line":245},[110,730,731],{},"RUN rc-update add devfs boot \\\n",[110,733,734],{"class":112,"line":251},[110,735,736],{},"    && rc-update add procfs boot \\\n",[110,738,739],{"class":112,"line":257},[110,740,741],{},"    && rc-update add sysfs boot\n",[110,743,744],{"class":112,"line":262},[110,745,169],{"emptyLinePlaceholder":168},[110,747,748],{"class":112,"line":273},[110,749,750],{},"# Set root password\n",[110,752,753],{"class":112,"line":278},[110,754,755],{},"RUN echo \"root:root\" | chpasswd\n",[99,757,759],{"className":101,"code":758,"filename":529,"language":104,"meta":105,"style":105},"# 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n#    大小最少需要 30MB\ndd if=\u002Fdev\u002Fzero of=rootfs.ext4 bs=1M count=50\n\n# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\nmkfs.ext4 rootfs.ext4\n\n# 3. 挂载 RootFS\nmkdir \u002Ftmp\u002Fmy-rootfs\nsudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chmod 777 \u002Ftmp\u002Fmy-rootfs # 方便起见，使用 777 权限（允许读写）\n\n# 4. 构建 Docker 镜像\ndocker build --tag=rootfs --file Dockerfile .\ndocker create --name rootfs rootfs\ndocker export rootfs -o rootfs.tar\ndocker rm rootfs\n\n# 你可以删除 Docker 镜像\n# docker rmi rootfs\n\n# 5. 导出到 RootFS\ntar -xf rootfs.tar -C \u002Ftmp\u002Fmy-rootfs\n\n# 6. 卸载 RootFS\nsudo umount \u002Ftmp\u002Fmy-rootfs\n",[107,760,761,766,771,792,796,801,809,813,818,826,838,854,858,863,882,898,912,921,925,930,936,941,947,964,969,975],{"__ignoreMap":105},[110,762,763],{"class":112,"line":18},[110,764,765],{"class":115},"# 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n",[110,767,768],{"class":112,"line":24},[110,769,770],{"class":115},"#    大小最少需要 30MB\n",[110,772,773,776,779,782,785,788],{"class":112,"line":40},[110,774,775],{"class":121},"dd",[110,777,778],{"class":125}," if=\u002Fdev\u002Fzero",[110,780,781],{"class":125}," of=rootfs.ext4",[110,783,784],{"class":125}," bs=1M",[110,786,787],{"class":125}," count=",[110,789,791],{"class":790},"sbssI","50\n",[110,793,794],{"class":112,"line":177},[110,795,169],{"emptyLinePlaceholder":168},[110,797,798],{"class":112,"line":191},[110,799,800],{"class":115},"# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\n",[110,802,803,806],{"class":112,"line":196},[110,804,805],{"class":121},"mkfs.ext4",[110,807,808],{"class":125}," rootfs.ext4\n",[110,810,811],{"class":112,"line":202},[110,812,169],{"emptyLinePlaceholder":168},[110,814,815],{"class":112,"line":217},[110,816,817],{"class":115},"# 3. 挂载 RootFS\n",[110,819,820,823],{"class":112,"line":222},[110,821,822],{"class":121},"mkdir",[110,824,825],{"class":125}," \u002Ftmp\u002Fmy-rootfs\n",[110,827,828,830,833,836],{"class":112,"line":228},[110,829,122],{"class":121},[110,831,832],{"class":125}," mount",[110,834,835],{"class":125}," rootfs.ext4",[110,837,825],{"class":125},[110,839,840,842,845,848,851],{"class":112,"line":234},[110,841,122],{"class":121},[110,843,844],{"class":125}," chmod",[110,846,847],{"class":790}," 777",[110,849,850],{"class":125}," \u002Ftmp\u002Fmy-rootfs",[110,852,853],{"class":115}," # 方便起见，使用 777 权限（允许读写）\n",[110,855,856],{"class":112,"line":240},[110,857,169],{"emptyLinePlaceholder":168},[110,859,860],{"class":112,"line":245},[110,861,862],{"class":115},"# 4. 构建 Docker 镜像\n",[110,864,865,867,870,873,876,879],{"class":112,"line":251},[110,866,520],{"class":121},[110,868,869],{"class":125}," build",[110,871,872],{"class":125}," --tag=rootfs",[110,874,875],{"class":125}," --file",[110,877,878],{"class":125}," Dockerfile",[110,880,881],{"class":125}," .\n",[110,883,884,886,889,892,895],{"class":112,"line":257},[110,885,520],{"class":121},[110,887,888],{"class":125}," create",[110,890,891],{"class":125}," --name",[110,893,894],{"class":125}," rootfs",[110,896,897],{"class":125}," rootfs\n",[110,899,900,902,905,907,909],{"class":112,"line":262},[110,901,520],{"class":121},[110,903,904],{"class":125}," export",[110,906,894],{"class":125},[110,908,369],{"class":125},[110,910,911],{"class":125}," rootfs.tar\n",[110,913,914,916,919],{"class":112,"line":273},[110,915,520],{"class":121},[110,917,918],{"class":125}," rm",[110,920,897],{"class":125},[110,922,923],{"class":112,"line":278},[110,924,169],{"emptyLinePlaceholder":168},[110,926,927],{"class":112,"line":284},[110,928,929],{"class":115},"# 你可以删除 Docker 镜像\n",[110,931,933],{"class":112,"line":932},20,[110,934,935],{"class":115},"# docker rmi rootfs\n",[110,937,939],{"class":112,"line":938},21,[110,940,169],{"emptyLinePlaceholder":168},[110,942,944],{"class":112,"line":943},22,[110,945,946],{"class":115},"# 5. 导出到 RootFS\n",[110,948,950,953,956,959,962],{"class":112,"line":949},23,[110,951,952],{"class":121},"tar",[110,954,955],{"class":125}," -xf",[110,957,958],{"class":125}," rootfs.tar",[110,960,961],{"class":125}," -C",[110,963,825],{"class":125},[110,965,967],{"class":112,"line":966},24,[110,968,169],{"emptyLinePlaceholder":168},[110,970,972],{"class":112,"line":971},25,[110,973,974],{"class":115},"# 6. 卸载 RootFS\n",[110,976,978,980,983],{"class":112,"line":977},26,[110,979,122],{"class":121},[110,981,982],{"class":125}," umount",[110,984,825],{"class":125},[87,986,48],{"id":987},"运行-firecracker",[58,989,990],{"color":76,"icon":61},[63,991,992,993,996,997,999],{},"方便起见，我们使用 ",[107,994,995],{},"firectl"," 作为运行 Firecracker 的工具。\n在 ArchLinux 发行版中，你可以安装 ",[107,998,995],{}," AUR 包。",[99,1001,1003],{"className":101,"code":1002,"filename":529,"language":104,"meta":105,"style":105},"# 使用 ttyS0 串口，Panic 时重启\nfirectl --root-drive=rootfs.ext4 --kernel=vmlinux --kernel-opts=\"console=ttyS0 reboot=k panic=1\"\n",[107,1004,1005,1010],{"__ignoreMap":105},[110,1006,1007],{"class":112,"line":18},[110,1008,1009],{"class":115},"# 使用 ttyS0 串口，Panic 时重启\n",[110,1011,1012,1014,1017,1020,1023,1025,1028],{"class":112,"line":24},[110,1013,995],{"class":121},[110,1015,1016],{"class":125}," --root-drive=rootfs.ext4",[110,1018,1019],{"class":125}," --kernel=vmlinux",[110,1021,1022],{"class":125}," --kernel-opts=",[110,1024,340],{"class":150},[110,1026,1027],{"class":125},"console=ttyS0 reboot=k panic=1",[110,1029,346],{"class":150},[63,1031,1032,1033,1036,1037,1039,1040,1043,1044,1047,1048,1051],{},"如果出现了登陆提示符，那么恭喜你，Firecracker 已经可以成功运行了。\n你可以执行 ",[107,1034,1035],{},"reboot"," 退出并销毁 MicroVM。（在最小化配置下，",[107,1038,1035],{}," 是最可靠的退出方式）。\n如果你无法登陆系统，请 ",[107,1041,1042],{},"pkill firectl"," 停止 firectl，并挂载 RootFS 镜像（",[107,1045,1046],{},"rootfs.ext4","），chroot 进去，接着使用 ",[107,1049,1050],{},"passwd"," 修改密码：",[99,1053,1055],{"className":101,"code":1054,"filename":529,"language":104,"meta":105,"style":105},"sudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chroot \u002Ftmp\u002Fmy-rootfs \u002Fbin\u002Fsh\npasswd\nexit\nsudo umount \u002Ftmp\u002Fmy-rootfs\n",[107,1056,1057,1067,1079,1084,1089],{"__ignoreMap":105},[110,1058,1059,1061,1063,1065],{"class":112,"line":18},[110,1060,122],{"class":121},[110,1062,832],{"class":125},[110,1064,835],{"class":125},[110,1066,825],{"class":125},[110,1068,1069,1071,1074,1076],{"class":112,"line":24},[110,1070,122],{"class":121},[110,1072,1073],{"class":125}," chroot",[110,1075,850],{"class":125},[110,1077,1078],{"class":125}," \u002Fbin\u002Fsh\n",[110,1080,1081],{"class":112,"line":40},[110,1082,1083],{"class":121},"passwd\n",[110,1085,1086],{"class":112,"line":177},[110,1087,1088],{"class":569},"exit\n",[110,1090,1091,1093,1095],{"class":112,"line":191},[110,1092,122],{"class":121},[110,1094,982],{"class":125},[110,1096,825],{"class":125},[63,1098,1099,1100,1103],{},"如果 MicroVM 立即结束运行，没有出现登陆提示符（终端上会出现 ",[107,1101,1102],{},"Kernel panic"," 的信息），你需要仔细检查上面的步骤，确保没有错误，因为发生了 Kernel Panic。",[58,1105,1106],{"color":76,"icon":61},[63,1107,1108],{},"目前为止，Firecracker 已经可以正常启动，但是无法访问网络。",[1110,1111,1112],"style",{},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",{"title":105,"searchDepth":24,"depth":24,"links":1114},[1115,1116,1117,1121],{"id":89,"depth":24,"text":21},{"id":94,"depth":24,"text":27},{"id":503,"depth":24,"text":32,"children":1118},[1119,1120],{"id":525,"depth":40,"text":37},{"id":659,"depth":40,"text":43},{"id":987,"depth":24,"text":48},"2026-06-02","一个极其简单的 Firecracker 启动指南","md",{},{"title":10,"description":1123},"ROEl80WzX9E_9d4dSFXoryHZVjSNdG3kCd7A-7cHpwQ",1773755573940]