Releases: firecracker-microvm/firecracker
Releases · firecracker-microvm/firecracker
Firecracker v0.13.0
Added
- Documentation for Logger API Requests in
docs/api_requests/logger.md
. - Documentation for Actions API Requests in
docs/api_requests/actions.md
. - Documentation for MMDS in
docs/mmds.md
. - Flush metrics on request via a PUT
/actions
with theaction_type
field set toFlushMetrics
.
Changed
- Updated the swagger definition of the
Logger
to specify the required fields
and provide default values for optional fields. - Default
seccomp-level
is2
(was previously 0). - API Resource IDs can only contain alphanumeric characters and underscores.
Fixed
- Seccomp filters are now applied to all Firecracker threads.
- Enforce minimum length of 1 character for the jailer ID.
- Exit with error code when starting the jailer process fails.
Removed
- Removed
InstanceHalt
from the list of possible actions.
Firecracker v0.12.0
Added
- The
/logger
API has a new field calledoptions
. This is an array of
strings that specify additional logging configurations. The only supported
value isLogDirtyPages
. - When the
LogDirtyPages
option is configured viaPUT /logger
, a new metric
calledmemory.dirty_pages
is computed as the number of pages dirtied by the
guest since the last time the metric was flushed. - Log messages on both graceful and forceful termination.
- Availability of the list of dependencies for each commit inside the code base.
- Documentation on vsock experimental feature and host setup recommendations.
Changed
PUT
requests on/mmds
always return 204 on success.PUT
operations on/network-interfaces
API resources no longer accept
the previously requiredstate
parameter.- The jailer starts with
--seccomp-level=2
(was previously 0) by default. - Log messages use
anonymous-instance
as instance id if none is specified.
Fixed
- Fixed crash upon instance start on hosts without 1GB huge page support.
- Fixed "fault_message" inconsistency between Open API specification and code base.
- Ensure MMDS compatibility with C5's IMDS implementation.
- Corrected the swagger specification to ensure
OpenAPI 2.0
compatibility.
Firecracker v0.11.0
Added
- Apache-2.0 license
- Docs:
- Experimental vhost-based vsock implementation.
Changed
- Improved MMDS network stack performance
- If the logging system is not yet initialized (via
PUT /logger
), log events
are now sent to stdout/stderr. - Moved the
instance_info_fails
metric underget_api_requests
- Improved readme and added links to more detailed information,
now featured in subject-specific docs.
Fixed
- Fixed bug in the MMDS network stack, that caused some RST packets to be sent
without a destination. - Fixed bug in
PATCH /drives
, whereby the ID in the path was not checked
against the ID in the body.
Firecracker v0.10.1
Fixed
- The Swagger definition was corrected.
Firecracker v0.10.0
Added
- Each Firecracker process has an associated microVM Metadata Store (MMDS). Its
contents can be configured using the/mmds
API resource.
Changed
- The boot source is specified only with the
kernel_image_path
and
the optional parameterboot_args
. All other fields are removed. - The
path_on_host
property in the drive specification is now marked as
mandatory. - PATCH drive only allows patching/changing the
path_on_host
property. - All PUT and PATCH requests return the status code 204.
- CPUID brand string (aka model name) now includes the host CPU frequency.
- API requests which add guest network interfaces have an additional parameter,
allow_mmds_requests
which defaults tofalse
. - Stopping the guest (e.g. using the
reboot
command) also terminates the
Firecracker process. When the Firecracker process ends for any reason,
(other thankill -9
), metrics are flushed at the very end. - On startup
jailer
closes all inherited file descriptors based on
sysconf(_SC_OPEN_MAX)
except input, output and error. - The microVM ID prefixes each Firecracker log line. This ID also appears
in the processcmdline
so it's now possible tops | grep <ID>
for it.
Firecracker v0.9.0
Added
- Seccomp filtering is configured via the
--seccomp-level
jailer parameter. - Firecracker logs the starting addresses of host memory areas provided as guest
memory slots to KVM. - The metric
panic_count
gets incremented to signal that a panic has occurred. - Firecracker logs a backtrace when it crashes following a panic.
- Added basic instrumentation support for measuring boot time.
Changed
StartInstance
is a synchronous API request (it used to be an asynchronous
request).
Fixed
- Ensure that fault messages sent by the API have valid JSON bodies.
- Use HTTP response code 500 for internal Firecracker errors, and 400 for user
errors on InstanceStart. - Serialize the machine configuration fields to the correct data types (as specified
in the Swagger definition). - NUMA node assignment is properly enforced by the jailer.
- The
is_root_device
andis_read_only
properties are now marked as required
in the Swagger definition ofDrive
object properties.
Removed
GET
requests on the/actions
API resource are no longer supported.- The metrics associated with asynchronous actions have been removed.
- Remove the
action_id
parameter forInstanceStart
, both from the URI and the
JSON request body.
Firecracker v0.7.0
Added
- Rate limiting functionality allows specifying an initial one time
burst size. - Firecracker can now boot from an arbitrary boot partition by specifying
its unique id in the drive's API call. - Block device rescan is triggered via a PUT
/actions
with the drive ID in the
action body'spayload
field and theaction_type
field set to
BlockDeviceRescan
.
Changed
- Removed
noapic
from the default guest kernel command line. - The
action_id
parameter is no longer required for synchronous PUT requests
to/actions
. - PUT requests are no longer allowed on
/drives
resources after the guest
has booted.
Fixed
- Fixed guest instance kernel loader to accelerate vCPUs launch and consequently
guest kernel boot. - Fixed network emulation to improve IO performance.
Firecracker-v0.6.0
Added
- Firecracker uses two different named pipes to record human readable logs and metrics, respectively.
Changed
- Seccomp filtering can be enabled via setting the
USE_SECCOMP
environment variable. - It is possible to supply only a partial specification when attaching a rate limiter (i.e. just the bandwidth or ops parameter).
- Errors related to guest network interfaces are now more detailed.
Fixed
- Fixed a bug that was causing Firecracker to panic whenever a PUT request was sent on an existing network interface.
- The id parameter of the jailer is required to be an RFC 4122-compliant UUID.
- Fixed an issue which caused the network RX rate limiter to be more restrictive than intended.
- API requests which contain unknown fields will generate an error.
- Fixed an issue related to high CPU utilization caused by improper KVM PIT configuration.
- It is now possible to create more than one network tun/tap interface inside a jailed Firecracker.
Firecracker-v0.5.0
Added
- Added metrics for API requests, VCPU and device actions for the serial console (UART), keyboard (i8042), block and network devices. Metrics are logged every 60 seconds.
- A CPU features template for C3 is available, in addition to the one for T2.
- Seccomp filters restrict Firecracker from calling any other system calls than the minimum set it needs to function properly. The filters are enabled by setting the
USE_SECCOMP
environment variable to 1 before running Firecracker. - Firecracker can be started by a new binary called
jailer
. The jailer takes as command line arguments a unique ID, the path to the Firecracker binary, the NUMA node that Firecracker will be assigned to and a uid and gid for Firecracker to run under. It sets up a chroot environment and a cgroup and calls exec to morph into Firecracker.
Changed
- In case of failure, the metrics and the panic location are logged before aborting.
- Metric values are reset with every flush.
CPUTemplate
is now calledCpuTemplate
in order to work seamlessly with the swagger code generator for Go.firecracker-beta.yaml
is now calledfirecracker.yaml
.
Fixed
- Handling was added for several untreated KVM exit scenarios, which could have led to panic.
- Fixed a bug that caused Firecracker to crash when attempting to disable the IA32_DEBUG_INTERFACE MSR flag in the T2 CPU features.
Removed
- Removed a leftover file generated by the logger unit tests.
- Removed
firecracker-v1.0.yaml
.
Firecracker-v0.4.0
Added
- The CPU Template can be set with an API call on PUT /machine-config. The only available template is T2.
- Hyperthreading can be enabled/disabled with an API call on PUT /machine-config. By default, hyperthreading is disabled.
- Added boot time performance test (tests/performance/test_boottime.py).
- Added Rate Limiter for Virtio block and net devices. The Rate Limiter uses two token buckets to limit rate on bytes/s and ops/s. The rate limiter can be (optionally) configured per drive with a PUT on /drives/{drive_id} and per network interface with a PUT on /network-interface/{iface_id}.
- Implemented pre-boot PUT updates for /boot-source, /drives, /network-interfaces and /vsock.
- Added integration tests for PUT updates.
Changed
- Moved the API definition (swagger/firecracker-beta.yaml) to the api_server crate.
- Removed "console=ttyS0" and added "8250.nr_uarts=0" to the default kernel command line to decrease the boot time.
- Changed the CPU topology to have all logical CPUs on a single socket.
- Removed the upper bound on CPU count as with musl there is no good way to get the total number of logical processors on a host.
- Build time tests now print the full output of commands.
- Disabled the Performance Monitor Unit and the Turbo Boost.
- Check the expected KVM capabilities before starting the VM.
- Logs now have timestamps.
Fixed
- testrun.sh can run on platforms with more than one package manager by setting the package manager via a command line parameter (-p).
- Allow correct set up of multiple network-interfaces with autogenerated MAC.
- Fixed sporadic bug in virtio which was causing lost packages.
- Don't allow PUT requests with empty body on /machine-config.
- Deny PUT operations after the microvm boots (exception: the temporarily fix for live resize of block devices).
Removed
- Removed examples crate. This used to have a Python example of starting Firecracker. This is replaced by test_api.py integration tests.
- Removed helper scripts for getting coverage and coding style errors. These were replaced by test_coverage.py and test_style.py test integration tests.
- Removed --vmm-no-api command line option. Firecracker can only be started via the API.