[{"data":1,"prerenderedAt":1127},["ShallowReactive",2],{"navigation":3,"search":14,"content-\u002Fposts\u002Ffirecracker-minimal-startup":51},[4],{"title":5,"path":6,"stem":7,"children":8,"page":13},"Posts","\u002Fposts","posts",[9],{"title":10,"path":11,"stem":12},"Firecracker 最小化启动指南","\u002Fposts\u002Ffirecracker-minimal-startup","posts\u002Ffirecracker-minimal-startup",false,[15,19,25,30,35,41,46],{"id":11,"title":10,"titles":16,"content":17,"level":18},[],"一个极其简单的 Firecracker 启动指南 Firecracker 只能在启用了 KVM 的 Linux 系统下运行。\n具体支持请参阅：支持文档。\n此教程适用于 x86_64 架构的 Linux 系统。 你可以阅读 ArchLinux Wiki - KVM 了解如何开启 KVM。",1,{"id":20,"title":21,"titles":22,"content":23,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#什么是-firecracker","什么是 Firecracker",[10],"Firecracker 是一种开源虚拟化技术，专为创建和管理安全的多租户容器和功能服务而设计，这些服务提供无服务器运行模型。\nFirecracker 在 MicroVMs 中运行工作负载，这些虚拟机结合了硬件虚拟化技术提供的安全性和隔离特性，以及容器的速度和灵活性。",2,{"id":26,"title":27,"titles":28,"content":29,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#安装-firecracker","安装 Firecracker",[10],"# 没错就这么点\nsudo pacman -S firecracker --needed\nARCH=\"$(uname -m)\"\n\n# 启动 Docker\nsudo systemctl start docker\n\n# 克隆 Firecracker 仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker_src\n\n# 构建 Firecracker\n#\n# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n#\n# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n#\nsudo .\u002Ffirecracker_src\u002Ftools\u002Fdevtool build\n\n# 重命名可执行文件为 \"firecracker\"\nsudo cp .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F${ARCH}-unknown-linux-musl\u002Fdebug\u002Ffirecracker firecracker\nARCH=\"$(uname -m)\"\n\nrelease_url=\"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases\"\nlatest=$(basename $(curl -fsSLI -o \u002Fdev\u002Fnull -w  %{url_effective} ${release_url}\u002Flatest))\ncurl -L ${release_url}\u002Fdownload\u002F${latest}\u002Ffirecracker-${latest}-${ARCH}.tgz \\\n| tar -xz\n\n# 重命名可执行文件为 \"firecracker\"\nmv release-${latest}-$(uname -m)\u002Ffirecracker-${latest}-${ARCH} firecracker",{"id":31,"title":32,"titles":33,"content":34,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#构建-rootfs-和-kernel-镜像","构建 RootFS 和 Kernel 镜像",[10],"你可以参阅 官方构建指南 更全面的了解这一过程。构建 RootFS 需要 docker，请提前安装。",{"id":36,"title":37,"titles":38,"content":39,"level":40},"\u002Fposts\u002Ffirecracker-minimal-startup#创建-kernel-镜像","创建 Kernel 镜像",[10,32],"# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git linux.git --depth=1\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker.git --depth=1\ncd linux.git\n\n## 2. 配置内核\ncp ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config .\u002F.config\nmake olddefconfig\n\n# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\nmake menuconfig\n\n## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\nmake vmlinux -j$(nproc) 执行上述步骤后，Kernel 镜像将会生成在 linux.git\u002Fvmlinux 文件中。（文件大小约为 30MB）",3,{"id":42,"title":43,"titles":44,"content":45,"level":40},"\u002Fposts\u002Ffirecracker-minimal-startup#创建-rootfs-镜像","创建 RootFS 镜像",[10,32],"为了标准化 RootFS 中的内容，我建议你使用 Dockerfile 构建镜像并导出。 FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n\n# Install utils\nRUN apk add openrc \\\n    && apk add util-linux\n\n# Setup agetty\nRUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n    && rc-update add agetty.ttyS0 default\n\n# Setup openrc\nRUN rc-update add devfs boot \\\n    && rc-update add procfs boot \\\n    && rc-update add sysfs boot\n\n# Set root password\nRUN echo \"root:root\" | chpasswd # 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n#    大小最少需要 30MB\ndd if=\u002Fdev\u002Fzero of=rootfs.ext4 bs=1M count=50\n\n# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\nmkfs.ext4 rootfs.ext4\n\n# 3. 挂载 RootFS\nmkdir \u002Ftmp\u002Fmy-rootfs\nsudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chmod 777 \u002Ftmp\u002Fmy-rootfs # 方便起见，使用 777 权限（允许读写）\n\n# 4. 构建 Docker 镜像\ndocker build --tag=rootfs --file Dockerfile .\ndocker create --name rootfs rootfs\ndocker export rootfs -o rootfs.tar\ndocker rm rootfs\n\n# 你可以删除 Docker 镜像\n# docker rmi rootfs\n\n# 5. 导出到 RootFS\ntar -xf rootfs.tar -C \u002Ftmp\u002Fmy-rootfs\n\n# 6. 卸载 RootFS\nsudo umount \u002Ftmp\u002Fmy-rootfs",{"id":47,"title":48,"titles":49,"content":50,"level":24},"\u002Fposts\u002Ffirecracker-minimal-startup#运行-firecracker","运行 Firecracker",[10],"方便起见，我们使用 firectl 作为运行 Firecracker 的工具。\n在 ArchLinux 发行版中，你可以安装 firectl AUR 包。 # 使用 ttyS0 串口，Panic 时重启\nfirectl --root-drive=rootfs.ext4 --kernel=vmlinux --kernel-opts=\"console=ttyS0 reboot=k panic=1\" 如果出现了登陆提示符，那么恭喜你，Firecracker 已经可以成功运行了。\n你可以执行 reboot 退出并销毁 MicroVM。（在最小化配置下，reboot 是最可靠的退出方式）。\n如果你无法登陆系统，请 pkill firectl 停止 firectl，并挂载 RootFS 镜像（rootfs.ext4），chroot 进去，接着使用 passwd 修改密码： sudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chroot \u002Ftmp\u002Fmy-rootfs \u002Fbin\u002Fsh\npasswd\nexit\nsudo umount \u002Ftmp\u002Fmy-rootfs 如果 MicroVM 立即结束运行，没有出现登陆提示符（终端上会出现 Kernel panic 的信息），你需要仔细检查上面的步骤，确保没有错误，因为发生了 Kernel Panic。 目前为止，Firecracker 已经可以正常启动，但是无法访问网络。 html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",{"id":52,"title":10,"body":53,"date":1121,"description":1122,"extension":1123,"meta":1124,"navigation":167,"path":11,"seo":1125,"stem":12,"__hash__":1126},"content\u002Fposts\u002Ffirecracker-minimal-startup.md",{"type":54,"value":55,"toc":1112},"minimark",[56,73,85,89,91,94,500,503,521,525,649,656,659,662,755,984,987,999,1029,1051,1096,1103,1108],[57,58,61],"callout",{"color":59,"icon":60},"warning","i-lucide-info",[62,63,64,65,72],"p",{},"Firecracker 只能在启用了 KVM 的 Linux 系统下运行。\n具体支持请参阅：",[66,67,71],"a",{"href":68,"rel":69},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Fblob\u002Fmain\u002Fdocs\u002Fkernel-policy.md",[70],"nofollow","支持文档","。\n此教程适用于 x86_64 架构的 Linux 系统。",[57,74,76],{"color":75,"icon":60},"info",[62,77,78,79,84],{},"你可以阅读 ",[66,80,83],{"href":81,"rel":82},"https:\u002F\u002Fwiki.archlinux.org\u002Ftitle\u002FKVM",[70],"ArchLinux Wiki - KVM"," 了解如何开启 KVM。",[86,87,21],"h2",{"id":88},"什么是-firecracker",[62,90,23],{},[86,92,27],{"id":93},"安装-firecracker",[95,96,97,135,306],"code-group",{},[98,99,105],"pre",{"className":100,"code":101,"filename":102,"language":103,"meta":104,"style":104},"language-bash shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","# 没错就这么点\nsudo pacman -S firecracker --needed\n","使用 Pacman 安装（推荐）","bash","",[106,107,108,116],"code",{"__ignoreMap":104},[109,110,112],"span",{"class":111,"line":18},"line",[109,113,115],{"class":114},"sHwdD","# 没错就这么点\n",[109,117,118,122,126,129,132],{"class":111,"line":24},[109,119,121],{"class":120},"sBMFI","sudo",[109,123,125],{"class":124},"sfazB"," pacman",[109,127,128],{"class":124}," -S",[109,130,131],{"class":124}," firecracker",[109,133,134],{"class":124}," --needed\n",[98,136,139],{"className":100,"code":137,"filename":138,"language":103,"meta":104,"style":104},"ARCH=\"$(uname -m)\"\n\n# 启动 Docker\nsudo systemctl start docker\n\n# 克隆 Firecracker 仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker_src\n\n# 构建 Firecracker\n#\n# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n#\n# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n#\nsudo .\u002Ffirecracker_src\u002Ftools\u002Fdevtool build\n\n# 重命名可执行文件为 \"firecracker\"\nsudo cp .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F${ARCH}-unknown-linux-musl\u002Fdebug\u002Ffirecracker firecracker\n","从源码构建",[106,140,141,163,169,174,188,193,199,214,219,225,231,237,242,248,254,259,270,275,281],{"__ignoreMap":104},[109,142,143,147,151,154,157,160],{"class":111,"line":18},[109,144,146],{"class":145},"sTEyZ","ARCH",[109,148,150],{"class":149},"sMK4o","=",[109,152,153],{"class":149},"\"$(",[109,155,156],{"class":120},"uname",[109,158,159],{"class":124}," -m",[109,161,162],{"class":149},")\"\n",[109,164,165],{"class":111,"line":24},[109,166,168],{"emptyLinePlaceholder":167},true,"\n",[109,170,171],{"class":111,"line":40},[109,172,173],{"class":114},"# 启动 Docker\n",[109,175,177,179,182,185],{"class":111,"line":176},4,[109,178,121],{"class":120},[109,180,181],{"class":124}," systemctl",[109,183,184],{"class":124}," start",[109,186,187],{"class":124}," docker\n",[109,189,191],{"class":111,"line":190},5,[109,192,168],{"emptyLinePlaceholder":167},[109,194,196],{"class":111,"line":195},6,[109,197,198],{"class":114},"# 克隆 Firecracker 仓库\n",[109,200,202,205,208,211],{"class":111,"line":201},7,[109,203,204],{"class":120},"git",[109,206,207],{"class":124}," clone",[109,209,210],{"class":124}," https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker",[109,212,213],{"class":124}," firecracker_src\n",[109,215,217],{"class":111,"line":216},8,[109,218,168],{"emptyLinePlaceholder":167},[109,220,222],{"class":111,"line":221},9,[109,223,224],{"class":114},"# 构建 Firecracker\n",[109,226,228],{"class":111,"line":227},10,[109,229,230],{"class":114},"#\n",[109,232,234],{"class":111,"line":233},11,[109,235,236],{"class":114},"# 可以通过传递参数 \"-l gnu\" 来构建 GNU 版本\n",[109,238,240],{"class":111,"line":239},12,[109,241,230],{"class":114},[109,243,245],{"class":111,"line":244},13,[109,246,247],{"class":114},"# 这将在以下位置生成 firecracker 和 jailer 二进制文件：\n",[109,249,251],{"class":111,"line":250},14,[109,252,253],{"class":114},"# `.\u002Ffirecracker\u002Fbuild\u002Fcargo_target\u002F${toolchain}\u002Fdebug`\n",[109,255,257],{"class":111,"line":256},15,[109,258,230],{"class":114},[109,260,262,264,267],{"class":111,"line":261},16,[109,263,121],{"class":120},[109,265,266],{"class":124}," .\u002Ffirecracker_src\u002Ftools\u002Fdevtool",[109,268,269],{"class":124}," build\n",[109,271,273],{"class":111,"line":272},17,[109,274,168],{"emptyLinePlaceholder":167},[109,276,278],{"class":111,"line":277},18,[109,279,280],{"class":114},"# 重命名可执行文件为 \"firecracker\"\n",[109,282,284,286,289,292,295,297,300,303],{"class":111,"line":283},19,[109,285,121],{"class":120},[109,287,288],{"class":124}," cp",[109,290,291],{"class":124}," .\u002Ffirecracker_src\u002Fbuild\u002Fcargo_target\u002F",[109,293,294],{"class":149},"${",[109,296,146],{"class":145},[109,298,299],{"class":149},"}",[109,301,302],{"class":124},"-unknown-linux-musl\u002Fdebug\u002Ffirecracker",[109,304,305],{"class":124}," firecracker\n",[98,307,310],{"className":100,"code":308,"filename":309,"language":103,"meta":104,"style":104},"ARCH=\"$(uname -m)\"\n\nrelease_url=\"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases\"\nlatest=$(basename $(curl -fsSLI -o \u002Fdev\u002Fnull -w  %{url_effective} ${release_url}\u002Flatest))\ncurl -L ${release_url}\u002Fdownload\u002F${latest}\u002Ffirecracker-${latest}-${ARCH}.tgz \\\n| tar -xz\n\n# 重命名可执行文件为 \"firecracker\"\nmv release-${latest}-$(uname -m)\u002Ffirecracker-${latest}-${ARCH} firecracker\n\n","从 Github Release 下载",[106,311,312,326,330,346,391,437,448,452,456],{"__ignoreMap":104},[109,313,314,316,318,320,322,324],{"class":111,"line":18},[109,315,146],{"class":145},[109,317,150],{"class":149},[109,319,153],{"class":149},[109,321,156],{"class":120},[109,323,159],{"class":124},[109,325,162],{"class":149},[109,327,328],{"class":111,"line":24},[109,329,168],{"emptyLinePlaceholder":167},[109,331,332,335,337,340,343],{"class":111,"line":40},[109,333,334],{"class":145},"release_url",[109,336,150],{"class":149},[109,338,339],{"class":149},"\"",[109,341,342],{"class":124},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Freleases",[109,344,345],{"class":149},"\"\n",[109,347,348,351,354,357,360,363,366,369,372,375,378,381,383,385,388],{"class":111,"line":176},[109,349,350],{"class":145},"latest",[109,352,353],{"class":149},"=$(",[109,355,356],{"class":120},"basename",[109,358,359],{"class":149}," $(",[109,361,362],{"class":120},"curl",[109,364,365],{"class":124}," -fsSLI",[109,367,368],{"class":124}," -o",[109,370,371],{"class":124}," \u002Fdev\u002Fnull",[109,373,374],{"class":124}," -w",[109,376,377],{"class":124},"  %{url_effective}",[109,379,380],{"class":149}," ${",[109,382,334],{"class":145},[109,384,299],{"class":149},[109,386,387],{"class":124},"\u002Flatest",[109,389,390],{"class":149},"))\n",[109,392,393,395,398,400,402,404,407,409,411,413,416,418,420,422,425,427,429,431,434],{"class":111,"line":190},[109,394,362],{"class":120},[109,396,397],{"class":124}," -L",[109,399,380],{"class":149},[109,401,334],{"class":145},[109,403,299],{"class":149},[109,405,406],{"class":124},"\u002Fdownload\u002F",[109,408,294],{"class":149},[109,410,350],{"class":145},[109,412,299],{"class":149},[109,414,415],{"class":124},"\u002Ffirecracker-",[109,417,294],{"class":149},[109,419,350],{"class":145},[109,421,299],{"class":149},[109,423,424],{"class":124},"-",[109,426,294],{"class":149},[109,428,146],{"class":145},[109,430,299],{"class":149},[109,432,433],{"class":124},".tgz",[109,435,436],{"class":145}," \\\n",[109,438,439,442,445],{"class":111,"line":195},[109,440,441],{"class":149},"|",[109,443,444],{"class":120}," tar",[109,446,447],{"class":124}," -xz\n",[109,449,450],{"class":111,"line":201},[109,451,168],{"emptyLinePlaceholder":167},[109,453,454],{"class":111,"line":216},[109,455,280],{"class":114},[109,457,458,461,464,466,468,470,472,475,477,479,482,484,486,488,490,492,494,496,498],{"class":111,"line":221},[109,459,460],{"class":120},"mv",[109,462,463],{"class":124}," release-",[109,465,294],{"class":149},[109,467,350],{"class":145},[109,469,299],{"class":149},[109,471,424],{"class":124},[109,473,474],{"class":149},"$(",[109,476,156],{"class":120},[109,478,159],{"class":124},[109,480,481],{"class":149},")",[109,483,415],{"class":124},[109,485,294],{"class":149},[109,487,350],{"class":145},[109,489,299],{"class":149},[109,491,424],{"class":124},[109,493,294],{"class":149},[109,495,146],{"class":145},[109,497,299],{"class":149},[109,499,305],{"class":124},[86,501,32],{"id":502},"构建-rootfs-和-kernel-镜像",[57,504,505,514],{"color":75,"icon":60},[62,506,507,508,513],{},"你可以参阅 ",[66,509,512],{"href":510,"rel":511},"https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker\u002Fblob\u002Fmain\u002Fdocs\u002Frootfs-and-kernel-setup.md",[70],"官方构建指南"," 更全面的了解这一过程。",[62,515,516,517,520],{},"构建 RootFS 需要 ",[106,518,519],{},"docker","，请提前安装。",[522,523,37],"h3",{"id":524},"创建-kernel-镜像",[98,526,529],{"className":100,"code":527,"filename":528,"language":103,"meta":104,"style":104},"# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git linux.git --depth=1\ngit clone https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker firecracker.git --depth=1\ncd linux.git\n\n## 2. 配置内核\ncp ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config .\u002F.config\nmake olddefconfig\n\n# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\nmake menuconfig\n\n## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\nmake vmlinux -j$(nproc)\n","Terminal",[106,530,531,536,551,564,573,577,582,593,601,605,610,615,622,626,631],{"__ignoreMap":104},[109,532,533],{"class":111,"line":18},[109,534,535],{"class":114},"# 1. 克隆仓库\n",[109,537,538,540,542,545,548],{"class":111,"line":24},[109,539,204],{"class":120},[109,541,207],{"class":124},[109,543,544],{"class":124}," https:\u002F\u002Fgithub.com\u002Ftorvalds\u002Flinux.git",[109,546,547],{"class":124}," linux.git",[109,549,550],{"class":124}," --depth=1\n",[109,552,553,555,557,559,562],{"class":111,"line":40},[109,554,204],{"class":120},[109,556,207],{"class":124},[109,558,210],{"class":124},[109,560,561],{"class":124}," firecracker.git",[109,563,550],{"class":124},[109,565,566,570],{"class":111,"line":176},[109,567,569],{"class":568},"s2Zo4","cd",[109,571,572],{"class":124}," linux.git\n",[109,574,575],{"class":111,"line":190},[109,576,168],{"emptyLinePlaceholder":167},[109,578,579],{"class":111,"line":195},[109,580,581],{"class":114},"## 2. 配置内核\n",[109,583,584,587,590],{"class":111,"line":201},[109,585,586],{"class":120},"cp",[109,588,589],{"class":124}," ..\u002Ffirecracker.git\u002Fresources\u002Fguest_configs\u002Fmicrovm-kernel-ci-x86_64-6.1.config",[109,591,592],{"class":124}," .\u002F.config\n",[109,594,595,598],{"class":111,"line":216},[109,596,597],{"class":120},"make",[109,599,600],{"class":124}," olddefconfig\n",[109,602,603],{"class":111,"line":221},[109,604,168],{"emptyLinePlaceholder":167},[109,606,607],{"class":111,"line":227},[109,608,609],{"class":114},"# 你可以在这一步配置内核选项，配置方法不仅限执行 `make menuconfig`\n",[109,611,612],{"class":111,"line":233},[109,613,614],{"class":114},"# 你可以将 PCI 支持打开，官方也推荐启用 PCI 确保 MicroVM 的性能与安全性（方便起见，本教程不启用 PCI）\n",[109,616,617,619],{"class":111,"line":239},[109,618,597],{"class":120},[109,620,621],{"class":124}," menuconfig\n",[109,623,624],{"class":111,"line":244},[109,625,168],{"emptyLinePlaceholder":167},[109,627,628],{"class":111,"line":250},[109,629,630],{"class":114},"## 3. 编译内核（可能超过 3 分钟，这取决于 CPU 的性能）\n",[109,632,633,635,638,641,643,646],{"class":111,"line":256},[109,634,597],{"class":120},[109,636,637],{"class":124}," vmlinux",[109,639,640],{"class":124}," -j",[109,642,474],{"class":149},[109,644,645],{"class":120},"nproc",[109,647,648],{"class":149},")\n",[62,650,651,652,655],{},"执行上述步骤后，Kernel 镜像将会生成在 ",[106,653,654],{},"linux.git\u002Fvmlinux"," 文件中。（文件大小约为 30MB）",[522,657,43],{"id":658},"创建-rootfs-镜像",[62,660,661],{},"为了标准化 RootFS 中的内容，我建议你使用 Dockerfile 构建镜像并导出。",[98,663,667],{"className":664,"code":665,"filename":666,"language":666,"meta":104,"style":104},"language-Dockerfile shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n\n# Install utils\nRUN apk add openrc \\\n    && apk add util-linux\n\n# Setup agetty\nRUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n    && rc-update add agetty.ttyS0 default\n\n# Setup openrc\nRUN rc-update add devfs boot \\\n    && rc-update add procfs boot \\\n    && rc-update add sysfs boot\n\n# Set root password\nRUN echo \"root:root\" | chpasswd\n\n","Dockerfile",[106,668,669,674,678,683,688,693,697,702,707,712,717,721,726,731,736,741,745,750],{"__ignoreMap":104},[109,670,671],{"class":111,"line":18},[109,672,673],{},"FROM docker.io\u002Flibrary\u002Falpine:3.23.3\n",[109,675,676],{"class":111,"line":24},[109,677,168],{"emptyLinePlaceholder":167},[109,679,680],{"class":111,"line":40},[109,681,682],{},"# Install utils\n",[109,684,685],{"class":111,"line":176},[109,686,687],{},"RUN apk add openrc \\\n",[109,689,690],{"class":111,"line":190},[109,691,692],{},"    && apk add util-linux\n",[109,694,695],{"class":111,"line":195},[109,696,168],{"emptyLinePlaceholder":167},[109,698,699],{"class":111,"line":201},[109,700,701],{},"# Setup agetty\n",[109,703,704],{"class":111,"line":216},[109,705,706],{},"RUN ln -s agetty \u002Fetc\u002Finit.d\u002Fagetty.ttyS0 \\\n",[109,708,709],{"class":111,"line":221},[109,710,711],{},"    && echo ttyS0 > \u002Fetc\u002Fsecuretty \\\n",[109,713,714],{"class":111,"line":227},[109,715,716],{},"    && rc-update add agetty.ttyS0 default\n",[109,718,719],{"class":111,"line":233},[109,720,168],{"emptyLinePlaceholder":167},[109,722,723],{"class":111,"line":239},[109,724,725],{},"# Setup openrc\n",[109,727,728],{"class":111,"line":244},[109,729,730],{},"RUN rc-update add devfs boot \\\n",[109,732,733],{"class":111,"line":250},[109,734,735],{},"    && rc-update add procfs boot \\\n",[109,737,738],{"class":111,"line":256},[109,739,740],{},"    && rc-update add sysfs boot\n",[109,742,743],{"class":111,"line":261},[109,744,168],{"emptyLinePlaceholder":167},[109,746,747],{"class":111,"line":272},[109,748,749],{},"# Set root password\n",[109,751,752],{"class":111,"line":277},[109,753,754],{},"RUN echo \"root:root\" | chpasswd\n",[98,756,758],{"className":100,"code":757,"filename":528,"language":103,"meta":104,"style":104},"# 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n#    大小最少需要 30MB\ndd if=\u002Fdev\u002Fzero of=rootfs.ext4 bs=1M count=50\n\n# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\nmkfs.ext4 rootfs.ext4\n\n# 3. 挂载 RootFS\nmkdir \u002Ftmp\u002Fmy-rootfs\nsudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chmod 777 \u002Ftmp\u002Fmy-rootfs # 方便起见，使用 777 权限（允许读写）\n\n# 4. 构建 Docker 镜像\ndocker build --tag=rootfs --file Dockerfile .\ndocker create --name rootfs rootfs\ndocker export rootfs -o rootfs.tar\ndocker rm rootfs\n\n# 你可以删除 Docker 镜像\n# docker rmi rootfs\n\n# 5. 导出到 RootFS\ntar -xf rootfs.tar -C \u002Ftmp\u002Fmy-rootfs\n\n# 6. 卸载 RootFS\nsudo umount \u002Ftmp\u002Fmy-rootfs\n",[106,759,760,765,770,791,795,800,808,812,817,825,837,853,857,862,881,897,911,920,924,929,935,940,946,963,968,974],{"__ignoreMap":104},[109,761,762],{"class":111,"line":18},[109,763,764],{"class":114},"# 1. 准备一个合适大小的文件，示例中可用大小为 50MB，你可以通过修改后面的 `50` 来修改文件大小\n",[109,766,767],{"class":111,"line":24},[109,768,769],{"class":114},"#    大小最少需要 30MB\n",[109,771,772,775,778,781,784,787],{"class":111,"line":40},[109,773,774],{"class":120},"dd",[109,776,777],{"class":124}," if=\u002Fdev\u002Fzero",[109,779,780],{"class":124}," of=rootfs.ext4",[109,782,783],{"class":124}," bs=1M",[109,785,786],{"class":124}," count=",[109,788,790],{"class":789},"sbssI","50\n",[109,792,793],{"class":111,"line":176},[109,794,168],{"emptyLinePlaceholder":167},[109,796,797],{"class":111,"line":190},[109,798,799],{"class":114},"# 2. 创建 ext4 文件系统（不能使用 btrfs、xfs 等其他文件系统，Firecracker 只支持 ext4）\n",[109,801,802,805],{"class":111,"line":195},[109,803,804],{"class":120},"mkfs.ext4",[109,806,807],{"class":124}," rootfs.ext4\n",[109,809,810],{"class":111,"line":201},[109,811,168],{"emptyLinePlaceholder":167},[109,813,814],{"class":111,"line":216},[109,815,816],{"class":114},"# 3. 挂载 RootFS\n",[109,818,819,822],{"class":111,"line":221},[109,820,821],{"class":120},"mkdir",[109,823,824],{"class":124}," \u002Ftmp\u002Fmy-rootfs\n",[109,826,827,829,832,835],{"class":111,"line":227},[109,828,121],{"class":120},[109,830,831],{"class":124}," mount",[109,833,834],{"class":124}," rootfs.ext4",[109,836,824],{"class":124},[109,838,839,841,844,847,850],{"class":111,"line":233},[109,840,121],{"class":120},[109,842,843],{"class":124}," chmod",[109,845,846],{"class":789}," 777",[109,848,849],{"class":124}," \u002Ftmp\u002Fmy-rootfs",[109,851,852],{"class":114}," # 方便起见，使用 777 权限（允许读写）\n",[109,854,855],{"class":111,"line":239},[109,856,168],{"emptyLinePlaceholder":167},[109,858,859],{"class":111,"line":244},[109,860,861],{"class":114},"# 4. 构建 Docker 镜像\n",[109,863,864,866,869,872,875,878],{"class":111,"line":250},[109,865,519],{"class":120},[109,867,868],{"class":124}," build",[109,870,871],{"class":124}," --tag=rootfs",[109,873,874],{"class":124}," --file",[109,876,877],{"class":124}," Dockerfile",[109,879,880],{"class":124}," .\n",[109,882,883,885,888,891,894],{"class":111,"line":256},[109,884,519],{"class":120},[109,886,887],{"class":124}," create",[109,889,890],{"class":124}," --name",[109,892,893],{"class":124}," rootfs",[109,895,896],{"class":124}," rootfs\n",[109,898,899,901,904,906,908],{"class":111,"line":261},[109,900,519],{"class":120},[109,902,903],{"class":124}," export",[109,905,893],{"class":124},[109,907,368],{"class":124},[109,909,910],{"class":124}," rootfs.tar\n",[109,912,913,915,918],{"class":111,"line":272},[109,914,519],{"class":120},[109,916,917],{"class":124}," rm",[109,919,896],{"class":124},[109,921,922],{"class":111,"line":277},[109,923,168],{"emptyLinePlaceholder":167},[109,925,926],{"class":111,"line":283},[109,927,928],{"class":114},"# 你可以删除 Docker 镜像\n",[109,930,932],{"class":111,"line":931},20,[109,933,934],{"class":114},"# docker rmi rootfs\n",[109,936,938],{"class":111,"line":937},21,[109,939,168],{"emptyLinePlaceholder":167},[109,941,943],{"class":111,"line":942},22,[109,944,945],{"class":114},"# 5. 导出到 RootFS\n",[109,947,949,952,955,958,961],{"class":111,"line":948},23,[109,950,951],{"class":120},"tar",[109,953,954],{"class":124}," -xf",[109,956,957],{"class":124}," rootfs.tar",[109,959,960],{"class":124}," -C",[109,962,824],{"class":124},[109,964,966],{"class":111,"line":965},24,[109,967,168],{"emptyLinePlaceholder":167},[109,969,971],{"class":111,"line":970},25,[109,972,973],{"class":114},"# 6. 卸载 RootFS\n",[109,975,977,979,982],{"class":111,"line":976},26,[109,978,121],{"class":120},[109,980,981],{"class":124}," umount",[109,983,824],{"class":124},[86,985,48],{"id":986},"运行-firecracker",[57,988,989],{"color":75,"icon":60},[62,990,991,992,995,996,998],{},"方便起见，我们使用 ",[106,993,994],{},"firectl"," 作为运行 Firecracker 的工具。\n在 ArchLinux 发行版中，你可以安装 ",[106,997,994],{}," AUR 包。",[98,1000,1002],{"className":100,"code":1001,"filename":528,"language":103,"meta":104,"style":104},"# 使用 ttyS0 串口，Panic 时重启\nfirectl --root-drive=rootfs.ext4 --kernel=vmlinux --kernel-opts=\"console=ttyS0 reboot=k panic=1\"\n",[106,1003,1004,1009],{"__ignoreMap":104},[109,1005,1006],{"class":111,"line":18},[109,1007,1008],{"class":114},"# 使用 ttyS0 串口，Panic 时重启\n",[109,1010,1011,1013,1016,1019,1022,1024,1027],{"class":111,"line":24},[109,1012,994],{"class":120},[109,1014,1015],{"class":124}," --root-drive=rootfs.ext4",[109,1017,1018],{"class":124}," --kernel=vmlinux",[109,1020,1021],{"class":124}," --kernel-opts=",[109,1023,339],{"class":149},[109,1025,1026],{"class":124},"console=ttyS0 reboot=k panic=1",[109,1028,345],{"class":149},[62,1030,1031,1032,1035,1036,1038,1039,1042,1043,1046,1047,1050],{},"如果出现了登陆提示符，那么恭喜你，Firecracker 已经可以成功运行了。\n你可以执行 ",[106,1033,1034],{},"reboot"," 退出并销毁 MicroVM。（在最小化配置下，",[106,1037,1034],{}," 是最可靠的退出方式）。\n如果你无法登陆系统，请 ",[106,1040,1041],{},"pkill firectl"," 停止 firectl，并挂载 RootFS 镜像（",[106,1044,1045],{},"rootfs.ext4","），chroot 进去，接着使用 ",[106,1048,1049],{},"passwd"," 修改密码：",[98,1052,1054],{"className":100,"code":1053,"filename":528,"language":103,"meta":104,"style":104},"sudo mount rootfs.ext4 \u002Ftmp\u002Fmy-rootfs\nsudo chroot \u002Ftmp\u002Fmy-rootfs \u002Fbin\u002Fsh\npasswd\nexit\nsudo umount \u002Ftmp\u002Fmy-rootfs\n",[106,1055,1056,1066,1078,1083,1088],{"__ignoreMap":104},[109,1057,1058,1060,1062,1064],{"class":111,"line":18},[109,1059,121],{"class":120},[109,1061,831],{"class":124},[109,1063,834],{"class":124},[109,1065,824],{"class":124},[109,1067,1068,1070,1073,1075],{"class":111,"line":24},[109,1069,121],{"class":120},[109,1071,1072],{"class":124}," chroot",[109,1074,849],{"class":124},[109,1076,1077],{"class":124}," \u002Fbin\u002Fsh\n",[109,1079,1080],{"class":111,"line":40},[109,1081,1082],{"class":120},"passwd\n",[109,1084,1085],{"class":111,"line":176},[109,1086,1087],{"class":568},"exit\n",[109,1089,1090,1092,1094],{"class":111,"line":190},[109,1091,121],{"class":120},[109,1093,981],{"class":124},[109,1095,824],{"class":124},[62,1097,1098,1099,1102],{},"如果 MicroVM 立即结束运行，没有出现登陆提示符（终端上会出现 ",[106,1100,1101],{},"Kernel panic"," 的信息），你需要仔细检查上面的步骤，确保没有错误，因为发生了 Kernel Panic。",[57,1104,1105],{"color":75,"icon":60},[62,1106,1107],{},"目前为止，Firecracker 已经可以正常启动，但是无法访问网络。",[1109,1110,1111],"style",{},"html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .sBMFI, html code.shiki .sBMFI{--shiki-light:#E2931D;--shiki-default:#FFCB6B;--shiki-dark:#FFCB6B}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}",{"title":104,"searchDepth":24,"depth":24,"links":1113},[1114,1115,1116,1120],{"id":88,"depth":24,"text":21},{"id":93,"depth":24,"text":27},{"id":502,"depth":24,"text":32,"children":1117},[1118,1119],{"id":524,"depth":40,"text":37},{"id":658,"depth":40,"text":43},{"id":986,"depth":24,"text":48},"2026-06-02","一个极其简单的 Firecracker 启动指南","md",{},{"title":10,"description":1122},"ROEl80WzX9E_9d4dSFXoryHZVjSNdG3kCd7A-7cHpwQ",1773755573940]