Comments (4)
roypat
commented on June 11, 2024
Hi @chappie1998,
If you are using the guest kernel from our getting started guide, then you cannot use password based authentication to SSH into the guest. You'll need to use the SSH key that is also included in the guide, e.g.
# Download the ssh key for the rootfs
wget https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.8/${ARCH}/ubuntu-22.04.id_rsa
# Set user read permission on the ssh key
chmod 400 ./ubuntu-22.04.id_rsa
... follow rest of getting started guide to setup a Firecracker instance and boot a microVM ...
# SSH into the guest using SSH key
ssh -i ./ubuntu-22.04.id_rsa [email protected]from firecracker.
chappie1998
commented on June 11, 2024
Hi @roypat this is my rust script to launch my firecracker VM. I try to using the SSH key only but it still asking for password.
use std::thread;
use std::time::Duration;
fn main() {
// Configuration variables
let firecracker_path = "./bins/firecracker";
let kernel_image_path = "./bins/vmlinux-5.10.210";
let rootfs_path = "./bins/ubuntu-22.04.ext4";
let vcpu_count = 1;
let mem_size_mib = 512;
let tap_device = "tap0";
let guest_mac = "AA:FC:00:00:00:02";
let api_socket = "/tmp/firecracker.socket";
let logfile = "./firecracker.log";
// // sudo rm -rf "/tmp/firecracker.socket"
// // sudo ip link delete tap0
// // Set up networking on the host
let setup_network_cmds = format!(
"sudo ip link del {} 2> /dev/null || true && \
sudo ip tuntap add dev {} mode tap && \
sudo ip addr add 172.16.0.1/30 dev {} 30 && \
sudo ip link set dev {} up && \
sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' && \
sudo iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE || true && \
sudo iptables -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT || true && \
sudo iptables -D FORWARD -i {} -o eth0 -j ACCEPT || true && \
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && \
sudo iptables -I FORWARD 1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT && \
sudo iptables -I FORWARD 1 -i {} -o eth0 -j ACCEPT",
tap_device, tap_device, tap_device, tap_device, tap_device, tap_device
);
let setup_network = Command::new("bash")
.arg("-c")
.arg(&setup_network_cmds)
.output()
.expect("Failed to set up host networking");
if !setup_network.status.success() {
eprintln!(
"Error setting up host networking: {}",
String::from_utf8_lossy(&setup_network.stderr)
);
return;
}
// Launch Firecracker
let mut child = Command::new(firecracker_path)
.arg("--api-sock")
.arg(api_socket)
.spawn()
.expect("Failed to launch Firecracker");
// Wait for the API server to start
thread::sleep(Duration::from_secs(1));
// Set the boot source
let boot_source_config = format!(
r#"{{
"kernel_image_path": "{}",
"boot_args": "console=ttyS0 reboot=k panic=1 pci=off"
}}"#,
kernel_image_path
);
let curl = Command::new("curl")
.arg("-i")
.arg("--unix-socket")
.arg(api_socket)
.arg("-X")
.arg("PUT")
.arg("http://localhost/boot-source")
.arg("-H")
.arg("Content-Type: application/json")
.arg("-d")
.arg(&boot_source_config)
.output()
.expect("Failed to set boot source");
if !curl.status.success() {
eprintln!(
"Error setting boot source: {}",
String::from_utf8_lossy(&curl.stderr)
);
return;
}
// Set the machine configuration
let machine_config = format!(
r#"{{
"vcpu_count": {},
"mem_size_mib": {}
}}"#,
vcpu_count, mem_size_mib
);
let curl = Command::new("curl")
.arg("-i")
.arg("--unix-socket")
.arg(api_socket)
.arg("-X")
.arg("PUT")
.arg("http://localhost/machine-config")
.arg("-H")
.arg("Content-Type: application/json")
.arg("-d")
.arg(&machine_config)
.output()
.expect("Failed to set machine configuration");
if !curl.status.success() {
eprintln!(
"Error setting machine configuration: {}",
String::from_utf8_lossy(&curl.stderr)
);
return;
}
// Set the root filesystem
let rootfs_config = format!(
r#"{{
"drive_id": "rootfs",
"path_on_host": "{}",
"is_root_device": true,
"is_read_only": false
}}"#,
rootfs_path
);
let curl = Command::new("curl")
.arg("-i")
.arg("--unix-socket")
.arg(api_socket)
.arg("-X")
.arg("PUT")
.arg("http://localhost/drives/rootfs")
.arg("-H")
.arg("Content-Type: application/json")
.arg("-d")
.arg(&rootfs_config)
.output()
.expect("Failed to set root filesystem");
if !curl.status.success() {
eprintln!(
"Error setting root filesystem: {}",
String::from_utf8_lossy(&curl.stderr)
);
return;
}
// Set the network interface
let net_config = format!(
r#"{{
"iface_id": "eth0",
"guest_mac": "{}",
"host_dev_name": "{}"
}}"#,
guest_mac, tap_device
);
let curl = Command::new("curl")
.arg("-i")
.arg("--unix-socket")
.arg(api_socket)
.arg("-X")
.arg("PUT")
.arg("http://localhost/network-interfaces/eth0")
.arg("-H")
.arg("Content-Type: application/json")
.arg("-d")
.arg(&net_config)
.output()
.expect("Failed to set network interface");
if !curl.status.success() {
eprintln!(
"Error setting network interface: {}",
String::from_utf8_lossy(&curl.stderr)
);
return;
}
// Start the microVM
let curl = Command::new("curl")
.arg("-i")
.arg("--unix-socket")
.arg(api_socket)
.arg("-X")
.arg("PUT")
.arg("http://localhost/actions")
.arg("-H")
.arg("Content-Type: application/json")
.arg("-d")
.arg(r#"{"action_type": "InstanceStart"}"#)
.output()
.expect("Failed to start microVM");
if !curl.status.success() {
eprintln!(
"Error starting microVM: {}",
String::from_utf8_lossy(&curl.stderr)
);
return;
}
println!("Firecracker microVM started successfully.");
println!("You can SSH into the microVM using: ssh -i ./ubuntu-22.04.id_rsa [email protected]");
// Keep the Firecracker process running
let _ = child.wait();
}
from firecracker.
roypat
commented on June 11, 2024
In your screenshot, you're trying to connect to 172.16.0.1. Can you try connecting to 172.16.0.2, like the guide (and your println) mention?
from firecracker.
chappie1998
commented on June 11, 2024
@roypat
When I try to connect on 172.16.0.2, it says timeout.
from firecracker.
Related Issues (20)
- Use `core::mem::offset_of!()` macro (after moving to Rust 1.77.0)
- [Bug] Booting the VM kernel gives "Internal error: undefined instruction: 0 [#1] SMP" on Volterra HOT 2
- Implement a solution for unmapping guest memory from kernel address space
- Rustify Snapshot Module HOT 7
- Remove multi irq support for mmio devices HOT 2
- Refactoring of devices management
- Diff Snapshotting feature does not take into account full snapshots
- Ensure errors types make use of `displaydoc::Display` and`thiserror::Error` HOT 2
- Taking Diff Snapshots is not transactional HOT 2
- Refactor `vmm` builder code to simplify logic that creates the microVM to boot
- Use `u32` to describe descriptor chain lengths HOT 2
- Avoid IoVecBuffer allocations in the TX network data path HOT 1
- Error writing to file - write (28: No space left on device) [IP: 185.125.190.36 80] HOT 8
- [Feature Request] Core Scheduling HOT 2
- Interact with the MicroVM in jail environment and daemon mode. HOT 1
- This error cannot be resolved when I measure boot time๏ผ HOT 3
- no internet inside the VM HOT 2
- [Kernel Bug] io_uring_register() syscall exits with EBADF on 5.10.214
- Use `u32` to describe vsock related buffer sizes HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from firecracker.