forked from firecracker-microvm/firecracker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirecracker.yaml
868 lines (831 loc) · 25.9 KB
/
firecracker.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
swagger: "2.0"
info:
title: Firecracker API
description: RESTful public-facing API.
The API is accessible through HTTP calls on specific URLs
carrying JSON modeled data.
The transport medium is a Unix Domain Socket.
version: 0.21.0
termsOfService: ""
contact:
email: "[email protected]"
license:
name: "Apache 2.0"
url: "http://www.apache.org/licenses/LICENSE-2.0.html"
host: "localhost"
basePath: "/"
schemes:
- http
consumes:
- application/json
produces:
- application/json
paths:
/:
get:
summary: Returns general information about an instance.
operationId: describeInstance
responses:
200:
description: The instance information
schema:
$ref: "#/definitions/InstanceInfo"
default:
description: Internal Server Error
schema:
$ref: "#/definitions/Error"
/actions:
put:
summary: Creates a synchronous action.
operationId: createSyncAction
parameters:
- name: info
in: body
required: true
schema:
$ref: "#/definitions/InstanceActionInfo"
responses:
204:
description: The update was successful
400:
description: The action cannot be executed due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal Server Error
schema:
$ref: "#/definitions/Error"
/boot-source:
put:
summary: Creates or updates the boot source. Pre-boot only.
description:
Creates new boot source if one does not already exist, otherwise updates it.
Will fail if update is not possible.
operationId: putGuestBootSource
parameters:
- name: body
in: body
description: Guest boot source properties
required: true
schema:
$ref: "#/definitions/BootSource"
responses:
204:
description: Boot source created/updated
400:
description: Boot source cannot be created due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/drives/{drive_id}:
put:
summary: Creates or updates a drive. Pre-boot only.
description:
Creates new drive with ID specified by drive_id path parameter.
If a drive with the specified ID already exists, updates its state based on new input.
Will fail if update is not possible.
operationId: putGuestDriveByID
parameters:
- name: drive_id
in: path
description: The id of the guest drive
required: true
type: string
- name: body
in: body
description: Guest drive properties
required: true
schema:
$ref: "#/definitions/Drive"
responses:
204:
description: Drive created/updated
400:
description: Drive cannot be created/updated due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error.
schema:
$ref: "#/definitions/Error"
patch:
summary: Updates the properties of a drive. Post-boot only.
description:
Updates the properties of the drive with the ID specified by drive_id path parameter.
Will fail if update is not possible.
operationId: patchGuestDriveByID
parameters:
- name: drive_id
in: path
description: The id of the guest drive
required: true
type: string
- name: body
in: body
description: Guest drive properties
required: true
schema:
$ref: "#/definitions/PartialDrive"
responses:
204:
description: Drive updated
400:
description: Drive cannot be updated due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error.
schema:
$ref: "#/definitions/Error"
/logger:
put:
summary: Initializes the logger by specifying a named pipe or a file for the logs output.
operationId: putLogger
parameters:
- name: body
in: body
description: Logging system description
required: true
schema:
$ref: "#/definitions/Logger"
responses:
204:
description: Logger created.
400:
description: Logger cannot be initialized due to bad input.
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error.
schema:
$ref: "#/definitions/Error"
/machine-config:
get:
summary: Gets the machine configuration of the VM.
description:
Gets the machine configuration of the VM. When called before the PUT operation, it
will return the default values for the vCPU count (=1), memory size (=128 MiB).
By default Hyperthreading is disabled and there is no CPU Template.
operationId: getMachineConfiguration
responses:
200:
description: OK
schema:
$ref: "#/definitions/MachineConfiguration"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
put:
summary: Updates the Machine Configuration of the VM. Pre-boot only.
description:
Updates the Virtual Machine Configuration with the specified input.
Firecracker starts with default values for vCPU count (=1) and memory size (=128 MiB).
With Hyperthreading enabled, the vCPU count is restricted to be 1 or an even number,
otherwise there are no restrictions regarding the vCPU count.
If any of the parameters has an incorrect value, the whole update fails.
operationId: putMachineConfiguration
parameters:
- name: body
in: body
description: Machine Configuration Parameters
schema:
$ref: "#/definitions/MachineConfiguration"
responses:
204:
description: Machine Configuration created/updated
400:
description: Machine Configuration cannot be updated due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
patch:
summary: Partially updates the Machine Configuration of the VM. Pre-boot only.
description:
Partially updates the Virtual Machine Configuration with the specified input.
If any of the parameters has an incorrect value, the whole update fails.
operationId: patchMachineConfiguration
parameters:
- name: body
in: body
description: A subset of Machine Configuration Parameters
schema:
$ref: "#/definitions/MachineConfiguration"
responses:
204:
description: Machine Configuration created/updated
400:
description: Machine Configuration cannot be updated due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/metrics:
put:
summary: Initializes the metrics system by specifying a named pipe or a file for the metrics output.
operationId: putMetrics
parameters:
- name: body
in: body
description: Metrics system description
required: true
schema:
$ref: "#/definitions/Metrics"
responses:
204:
description: Metrics system created.
400:
description: Metrics system cannot be initialized due to bad input.
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error.
schema:
$ref: "#/definitions/Error"
/mmds:
put:
summary: Creates a MMDS (Microvm Metadata Service) data store.
parameters:
- name: body
in: body
description: The MMDS data store as JSON.
schema:
type: object
responses:
204:
description: MMDS data store created/updated.
400:
description: MMDS data store cannot be created due to bad input.
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
patch:
summary: Updates the MMDS data store.
parameters:
- name: body
in: body
description: The MMDS data store patch JSON.
schema:
type: object
responses:
204:
description: MMDS data store updated.
400:
description: MMDS data store cannot be updated due to bad input.
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
get:
summary: Get the MMDS data store.
responses:
200:
description: The MMDS data store JSON.
schema:
type: object
404:
description: The MMDS data store content can not be found.
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/mmds/config:
put:
summary: Set MMDS configuration. Pre-boot only.
description:
Creates MMDS configuration to be used by the MMDS network stack.
parameters:
- name: body
in: body
description: The MMDS configuration as JSON.
required: true
schema:
$ref: "#/definitions/MmdsConfig"
responses:
204:
description: MMDS configuration was created/updated.
400:
description: MMDS configuration cannot be updated due to bad input.
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/network-interfaces/{iface_id}:
put:
summary: Creates a network interface. Pre-boot only.
description:
Creates new network interface with ID specified by iface_id path parameter.
operationId: putGuestNetworkInterfaceByID
parameters:
- name: iface_id
in: path
description: The id of the guest network interface
required: true
type: string
- name: body
in: body
description: Guest network interface properties
required: true
schema:
$ref: "#/definitions/NetworkInterface"
responses:
204:
description: Network interface created/updated
400:
description: Network interface cannot be created due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
patch:
summary: Updates the rate limiters applied to a network interface. Post-boot only.
description:
Updates the rate limiters applied to a network interface.
operationId: patchGuestNetworkInterfaceByID
parameters:
- name: iface_id
in: path
description: The id of the guest network interface
required: true
type: string
- name: body
in: body
description: A subset of the guest network interface properties
required: true
schema:
$ref: "#/definitions/PartialNetworkInterface"
responses:
204:
description: Network interface updated
400:
description: Network interface cannot be updated due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/snapshot/create:
put:
summary: Creates a full or diff snapshot. Post-boot only.
description:
Creates a snapshot of the microVM state. The microVM should be
in the `Paused` state.
operationId: createSnapshot
parameters:
- name: body
in: body
description: The configuration used for creating a snaphot.
required: true
schema:
$ref: "#/definitions/SnapshotCreateParams"
responses:
204:
description: Snapshot created
400:
description: Snapshot cannot be created due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/snapshot/load:
put:
summary: Loads a snapshot. Pre-boot only.
description:
Loads the microVM state from a snapshot.
Only accepted on a fresh Firecracker process (before configuring
any resource other than the Logger).
operationId: loadSnapshot
parameters:
- name: body
in: body
description: The configuration used for loading a snaphot.
required: true
schema:
$ref: "#/definitions/SnapshotLoadParams"
responses:
204:
description: Snapshot loaded
400:
description: Snapshot cannot be loaded due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/vm:
patch:
summary: Updates the microVM state.
description:
Sets the desired state (Paused or Resumed) for the microVM.
operationId: patchVm
parameters:
- name: body
in: body
description: The microVM state
required: true
schema:
$ref: "#/definitions/Vm"
responses:
204:
description: Vm state updated
400:
description: Vm state cannot be updated due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
/vsock:
put:
summary: Creates/updates a vsock device. Pre-boot only.
description:
The first call creates the device with the configuration specified
in body. Subsequent calls will update the device configuration.
May fail if update is not possible.
operationId: putGuestVsock
parameters:
- name: body
in: body
description: Guest vsock properties
required: true
schema:
$ref: "#/definitions/Vsock"
responses:
204:
description: Vsock created/updated
400:
description: Vsock cannot be created due to bad input
schema:
$ref: "#/definitions/Error"
default:
description: Internal server error
schema:
$ref: "#/definitions/Error"
definitions:
BootSource:
type: object
required:
- kernel_image_path
description:
Boot source descriptor.
properties:
boot_args:
type: string
description: Kernel boot arguments
initrd_path:
type: string
description: Host level path to the initrd image used to boot the guest
kernel_image_path:
type: string
description: Host level path to the kernel image used to boot the guest
CpuTemplate:
type: string
description:
The CPU Template defines a set of flags to be disabled from the microvm so that
the features exposed to the guest are the same as in the selected instance type.
enum:
- C3
- T2
Drive:
type: object
required:
- drive_id
- is_read_only
- is_root_device
- path_on_host
properties:
drive_id:
type: string
is_read_only:
type: boolean
is_root_device:
type: boolean
partuuid:
type: string
description:
Represents the unique id of the boot partition of this device. It is
optional and it will be taken into account only if the is_root_device
field is true.
path_on_host:
type: string
description: Host level path for the guest drive
rate_limiter:
$ref: "#/definitions/RateLimiter"
Error:
type: object
properties:
fault_message:
type: string
description: A description of the error condition
readOnly: true
InstanceActionInfo:
type: object
description:
Variant wrapper containing the real action.
required:
- action_type
properties:
action_type:
description: Enumeration indicating what type of action is contained in the payload
type: string
enum:
- FlushMetrics
- InstanceStart
- SendCtrlAltDel
InstanceInfo:
type: object
description:
Describes MicroVM instance information.
required:
- id
- state
- vmm_version
properties:
app_name:
description: Application name.
type: string
id:
description: MicroVM / instance ID.
type: string
state:
description:
The current detailed state of the Firecracker instance.
This value is read-only for the control-plane.
type: string
enum:
- Uninitialized
- Starting
- Running
vmm_version:
description: MicroVM hypervisor build version.
type: string
Logger:
type: object
description:
Describes the configuration option for the logging capability.
required:
- log_path
properties:
level:
type: string
description: Set the level.
enum: [Error, Warning, Info, Debug]
default: Warning
log_path:
type: string
description: Path to the named pipe or file for the human readable log output.
show_level:
type: boolean
description: Whether or not to output the level in the logs.
default: false
show_log_origin:
type: boolean
description: Whether or not to include the file path and line number of the log's origin.
default: false
MachineConfiguration:
type: object
description:
Describes the number of vCPUs, memory size, Hyperthreading capabilities and
the CPU template.
required:
- ht_enabled
- mem_size_mib
- vcpu_count
properties:
cpu_template:
$ref: "#/definitions/CpuTemplate"
ht_enabled:
type: boolean
description: Flag for enabling/disabling Hyperthreading
mem_size_mib:
type: integer
description: Memory size of VM
track_dirty_pages:
type: boolean
description:
Enable dirty page tracking. If this is enabled, then incremental guest memory
snapshots can be created. These belong to diff snapshots, which contain, besides
the microVM state, only the memory dirtied since a previous snapshot. Full snapshots
each contain a full copy of the guest memory.
vcpu_count:
type: integer
minimum: 1
maximum: 32
description: Number of vCPUs (either 1 or an even number)
Metrics:
type: object
description:
Describes the configuration option for the metrics capability.
required:
- metrics_path
properties:
metrics_path:
type: string
description: Path to the named pipe or file where the JSON-formatted metrics are flushed.
MmdsConfig:
type: object
description:
Defines the MMDS configuration.
properties:
ipv4_address:
type: string
format: "169.254.([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-4]).([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"
default: "169.254.169.254"
description: A valid IPv4 link-local address.
NetworkInterface:
type: object
description:
Defines a network interface.
required:
- host_dev_name
- iface_id
properties:
allow_mmds_requests:
type: boolean
description:
If this field is set, the device model will reply to HTTP GET
requests sent to the MMDS address via this interface. In this case,
both ARP requests for 169.254.169.254 and TCP segments heading to the
same address are intercepted by the device model, and do not reach
the associated TAP device.
guest_mac:
type: string
host_dev_name:
type: string
description: Host level path for the guest network interface
iface_id:
type: string
rx_rate_limiter:
$ref: "#/definitions/RateLimiter"
tx_rate_limiter:
$ref: "#/definitions/RateLimiter"
PartialDrive:
type: object
required:
- drive_id
- path_on_host
properties:
drive_id:
type: string
path_on_host:
type: string
description: Host level path for the guest drive
PartialNetworkInterface:
type: object
description:
Defines a partial network interface structure, used to update the rate limiters
for that interface, after microvm start.
required:
- iface_id
properties:
iface_id:
type: string
rx_rate_limiter:
$ref: "#/definitions/RateLimiter"
tx_rate_limiter:
$ref: "#/definitions/RateLimiter"
RateLimiter:
type: object
description:
Defines an IO rate limiter with independent bytes/s and ops/s limits.
Limits are defined by configuring each of the _bandwidth_ and _ops_ token buckets.
properties:
bandwidth:
$ref: "#/definitions/TokenBucket"
description: Token bucket with bytes as tokens
ops:
$ref: "#/definitions/TokenBucket"
description: Token bucket with operations as tokens
SnapshotCreateParams:
type: object
required:
- mem_file_path
- snapshot_path
properties:
mem_file_path:
type: string
description: Path to the file that will contain the guest memory.
snapshot_path:
type: string
description: Path to the file that will contain the microVM state.
snapshot_type:
type: string
enum:
- Full
- Diff
description:
Type of snapshot to create. It is optional and by default, a full
snapshot is created.
version:
type: string
description:
The microVM version for which we want to create the snapshot.
It is optional and it defaults to the current version.
SnapshotLoadParams:
type: object
required:
- mem_file_path
- snapshot_path
properties:
enable_diff_snapshots:
type: boolean
description:
Enable support for incremental (diff) snapshots by tracking dirty guest pages.
mem_file_path:
type: string
description: Path to the file that contains the guest memory to be loaded.
snapshot_path:
type: string
description: Path to the file that contains the microVM state to be loaded.
TokenBucket:
type: object
description:
Defines a token bucket with a maximum capacity (size), an initial burst size
(one_time_burst) and an interval for refilling purposes (refill_time).
The refill-rate is derived from size and refill_time, and it is the constant
rate at which the tokens replenish. The refill process only starts happening after
the initial burst budget is consumed.
Consumption from the token bucket is unbounded in speed which allows for bursts
bound in size by the amount of tokens available.
Once the token bucket is empty, consumption speed is bound by the refill_rate.
required:
- refill_time
- size
properties:
one_time_burst:
type: integer
format: int64
description: The initial size of a token bucket.
minimum: 0
refill_time:
type: integer
format: int64
description: The amount of milliseconds it takes for the bucket to refill.
minimum: 0
size:
type: integer
format: int64
description: The total number of tokens this bucket can hold.
minimum: 0
Vm:
type: object
description:
Defines the microVM running state. It is especially useful in the snapshotting context.
required:
- state
properties:
state:
type: string
enum:
- Paused
- Resumed
Vsock:
type: object
description:
Defines a vsock device, backed by a set of Unix Domain Sockets, on the host side.
For host-initiated connections, Firecracker will be listening on the Unix socket
identified by the path `uds_path`. Firecracker will create this socket, bind and
listen on it. Host-initiated connections will be performed by connection to this
socket and issuing a connection forwarding request to the desired guest-side vsock
port (i.e. `CONNECT 52\n`, to connect to port 52).
For guest-initiated connections, Firecracker will expect host software to be
bound and listening on Unix sockets at `uds_path_<PORT>`.
E.g. "/path/to/host_vsock.sock_52" for port number 52.
required:
- guest_cid
- uds_path
- vsock_id
properties:
guest_cid:
type: integer
minimum: 3
description: Guest Vsock CID
uds_path:
type: string
description: Path to UNIX domain socket, used to proxy vsock connections.
vsock_id:
type: string