Skip to content

Instantly share code, notes, and snippets.

@ihcsim

ihcsim/config.toml

Last active April 8, 2026 22:14
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ihcsim/7906fd3f6a9899804dc0d7f326a4a3d6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ihcsim/7906fd3f6a9899804dc0d7f326a4a3d6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
config.toml
version = 2
disabled_plugins = ["io.containerd.grpc.v1.cri"]
root = "/var/lib/firecracker-containerd/containerd"
state = "/run/firecracker-containerd"
[grpc]
address = "/run/firecracker-containerd/containerd.sock"
[plugins]
[plugins."io.containerd.snapshotter.v1.devmapper"]
pool_name = "fc-dev-thinpool"
base_image_size = "10GB"
root_path = "/var/lib/firecracker-containerd/snapshotter/devmapper"
[debug]
level = "debug"
Raw
devmapper.sh
#!/bin/bash
# Sets up a devicemapper thin pool with loop devices in
# /var/lib/firecracker-containerd/snapshotter/devmapper
set -ex
DIR=/var/lib/firecracker-containerd/snapshotter/devmapper
POOL=fc-dev-thinpool
if [[ ! -f "${DIR}/data" ]]; then
touch "${DIR}/data"
truncate -s 100G "${DIR}/data"
fi
if [[ ! -f "${DIR}/metadata" ]]; then
touch "${DIR}/metadata"
truncate -s 2G "${DIR}/metadata"
fi
DATADEV="$(losetup --output NAME --noheadings --associated ${DIR}/data)"
if [[ -z "${DATADEV}" ]]; then
DATADEV="$(losetup --find --show ${DIR}/data)"
fi
METADEV="$(losetup --output NAME --noheadings --associated ${DIR}/metadata)"
if [[ -z "${METADEV}" ]]; then
METADEV="$(losetup --find --show ${DIR}/metadata)"
fi
SECTORSIZE=512
DATASIZE="$(blockdev --getsize64 -q ${DATADEV})"
LENGTH_SECTORS=$(bc <<< "${DATASIZE}/${SECTORSIZE}")
DATA_BLOCK_SIZE=128 # see https://www.kernel.org/doc/Documentation/device-mapper/thin-provisioning.txt
LOW_WATER_MARK=32768 # picked arbitrarily
THINP_TABLE="0 ${LENGTH_SECTORS} thin-pool ${METADEV} ${DATADEV} ${DATA_BLOCK_SIZE} ${LOW_WATER_MARK} 1 skip_block_zeroing"
echo "${THINP_TABLE}"
if ! $(dmsetup reload "${POOL}" --table "${THINP_TABLE}"); then
dmsetup create "${POOL}" --table "${THINP_TABLE}"
fi
Raw
docker.sources
Types: deb
URIs: https://download.docker.com/linux/ubuntu
Suites: $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}")
Components: stable
Architectures: $(dpkg --print-architecture)
Signed-By: /etc/apt/keyrings/docker.asc
Raw
fcnet.conflist
# ./tools/demo/fcnet.conflist
# make demo-network
{
"cniVersion": "1.0.0",
"name": "fcnet",
"plugins": [
{
"type": "bridge",
"bridge": "fc-br0",
"isDefaultGateway": true,
"forceAddress": false,
"ipMasq": true,
"hairpinMode": true,
"mtu": 1500,
"ipam": {
"type": "host-local",
"subnet": "192.168.1.0/24",
"resolvConf": "/etc/resolv.conf"
},
"dns": {
"nameservers": ["128.110.156.4", "1.1.1.1", "8.8.8.8"]
}
},
{
"type": "firewall"
},
{
"type": "tc-redirect-tap"
},
{
"type": "loopback"
}
]
}
Raw
firecracker-runtime.json
{
"firecracker_binary_path": "/usr/local/bin/firecracker",
"kernel_image_path": "/var/lib/firecracker-containerd/runtime/hello-vmlinux.bin",
"kernel_args": "console=ttyS0 noapic reboot=k panic=1 pci=off nomodules ro systemd.unified_cgroup_hierarchy=0 systemd.journald.forward_to_console systemd.unit=firecracker.target init=/sbin/overlay-init",
"root_drive": "/var/lib/firecracker-containerd/runtime/default-rootfs.img",
"cpu_template": "T2",
"log_fifo": "fc-logs.fifo",
"log_levels": ["debug"],
"metrics_fifo": "fc-metrics.fifo",
"default_network_interfaces": [
{
"CNIConfig": {
"NetworkName": "fcnet",
"InterfaceName": "veth0"
}
}
]
}
Raw
makefile
FC_CONTAINERD_SOCK = /run/firecracker-containerd/containerd.sock
FC_RUNTIME_ARG = aws.firecracker
DM_SNAPSHOTTER_ARG = devmapper
NAMESPACE = fc
CONFIG_DIR ?= /etc/firecracker-containerd
DEVMAPPER_DIR ?= /var/lib/firecracker-containerd/snapshotter/devmapper
RUNTIME_DIR ?= /var/lib/firecracker-containerd/runtime
CONTAINERD_DIR ?= /etc/containerd
.PHONY: dirs
dirs:
sudo mkdir -p "$(RUNTIME_DIR)"
sudo mkdir -p "$(CONFIG_DIR)"
sudo mkdir -p "$(DEVMAPPER_DIR)"
init: libs docker golang
libs:
sudo apt install -y git gcc
# for building firecracker
docker:
sudo apt update
sudo apt install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
sudo cp docker.sources /etc/apt/sources.list.d/docker.sources
sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl enable docker
sudo usermod -aG docker $(USER)
golang:
curl -sSLO https://go.dev/dl/go1.26.2.linux-amd64.tar.gz
sudo tar -C /usr/local -xvf go1.26.2.linux-amd64.tar.gz
rm go1.26.2.linux-amd64.tar.gz
fc-containerd: dirs
git clone --recurse-submodules https://github.com/firecracker-microvm/firecracker-containerd
$(MAKE) -C firecracker-containerd all
sudo PATH="$(PATH)" $(MAKE) -C firecracker-containerd install
sudo cp ./config.toml $(CONFIG_DIR)/config.toml
sudo cp ./firecracker-runtime.json $(CONTAINERD_DIR)/firecracker-runtime.json
fc:
$(MAKE) -C firecracker-containerd firecracker
sudo PATH="$(PATH)" $(MAKE) -C firecracker-containerd install-firecracker
# to build newer glibc-compatible images, see https://github.com/firecracker-microvm/firecracker-containerd/issues/827
guest: dirs
sudo curl -fsSL -o "$(RUNTIME_DIR)"/hello-vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/quickstart_guide/x86_64/kernels/vmlinux.bin
$(MAKE) -C firecracker-containerd image
sudo cp firecracker-containerd/tools/image-builder/rootfs.img "$(RUNTIME_DIR)"/default-rootfs.img
devmapper:
sudo ./devmapper.sh
cni:
sudo PATH="$(PATH)" $(MAKE) -C firecracker-containerd demo-network
start:
sudo PATH="$(PATH)" firecracker-containerd --config "$(CONFIG_DIR)"/config.toml
ns:
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" namespaces create "$(NAMESPACE)"
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" namespaces label "$(NAMESPACE)" \
containerd.io/defaults/runtime="$(FC_RUNTIME)" \
containerd.io/defaults/snapshotter="$(DM_SNAPSHOTTER)"
busybox:
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" images pull --snapshotter devmapper docker.io/library/busybox:latest
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" run \
--snapshotter "$(DM_SNAPSHOTTER_ARG)" \
--runtime "$(FC_RUNTIME_ARG)" \
--rm --net-host \
docker.io/library/busybox:latest busybox-test ping -c 4 8.8.8.8
nginx:
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" images pull --snapshotter devmapper docker.io/library/nginx:latest
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" run \
--snapshotter "$(DM_SNAPSHOTTER_ARG)" \
--runtime "$(FC_RUNTIME_ARG)" \
--rm --net-host \
docker.io/library/nginx:latest nginx-demo
debian:
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" images pull --snapshotter devmapper docker.io/library/debian:latest
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" run \
--snapshotter "$(DM_SNAPSHOTTER_ARG)" \
--runtime "$(FC_RUNTIME_ARG)" \
--rm --tty --net-host \
docker.io/library/debian:latest debian-demo
curl:
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" images pull --snapshotter devmapper docker.io/curlimages/curl:latest
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" run \
--snapshotter "$(DM_SNAPSHOTTER_ARG)" \
--runtime "$(FC_RUNTIME_ARG)" \
--rm \
docker.io/curlimages/curl:latest curl-demo curl -L -v https://curl.se
snapshot-clean:
sudo firecracker-ctr --address "$(FC_CONTAINERD_SOCK)" snapshots --snapshotter="$(DM_SNAPSHOTTER)" rm $(SNAPSHOT_NAME)"

Comments are disabled for this gist.