## 下载 firecracker 和 kernel, rootfs ```bash mkdir -p ~/opt/firecracker && cd ~/opt/firecracker wget https://github.com/firecracker-microvm/firecracker/releases/download/v1.14.0/firecracker-v1.14.0-x86_64.tgz tar -xzf firecracker-v1.14.0-x86_64.tgz wget "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.14/x86_64/vmlinux-5.10.245" -O vmlinux wget "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.14/x86_64/ubuntu-24.04.squashfs" -O ubuntu.squashfs ``` ## squashfs 转 ext4 ```bash sudo apt-get install squashfs-tools sudo unsquashfs -d /tmp/rootfs ubuntu.squashfs dd if=/dev/zero of=rootfs.ext4 bs=1M count=1024 mkfs.ext4 rootfs.ext4 sudo mkdir -p /mnt/rootfs sudo mount rootfs.ext4 /mnt/rootfs sudo cp -a /tmp/rootfs/* /mnt/rootfs/ sudo umount /mnt/rootfs sudo rm -rf /tmp/rootfs ``` ## 配置宿主机网络 ```bash sudo ip tuntap add ftap0 mode tap sudo ip addr add 172.16.0.1/24 dev ftap0 sudo ip link set ftap0 up sudo sysctl -w net.ipv4.ip_forward=1 # 配置 NAT 将虚拟机流量转发到宿主机 # eth0 替换为你的出口网卡名 IFNAME=eth0 sudo iptables -t nat -A POSTROUTING -o $IFNAME -j MASQUERADE sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i ftap0 -o $IFNAME -j ACCEPT ``` ## 使用纯命令行启动 ### 启动 firecracker 单独开一个终端执行 ```bash cd ~/opt/firecracker/release-v1.14.0-x86_64 sudo rm -f /tmp/firecracker.socket sudo ./firecracker-v1.14.0-x86_64 --api-sock /tmp/firecracker.socket ``` ### 配置 firecracker 在另一个终端执行(工作目录为 `~/opt/firecracker`): ```bash cd ~/opt/firecracker # 1. 配置 kernel sudo curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/boot-source' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"kernel_image_path\": \"$(pwd)/vmlinux\", \"boot_args\": \"console=ttyS0 reboot=k panic=1 pci=off\" }" # 2. 配置 rootfs sudo curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/drives/rootfs' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"drive_id\": \"rootfs\", \"path_on_host\": \"$(pwd)/rootfs.ext4\", \"is_root_device\": true, \"is_read_only\": false }" # 3. 配置网络 sudo curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/network-interfaces/eth0' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"iface_id\": \"eth0\", \"guest_mac\": \"AA:FC:00:00:00:01\", \"host_dev_name\": \"ftap0\" }" # 4. 配置 CPU/内存 sudo curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/machine-config' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"vcpu_count\": 2, \"mem_size_mib\": 1024 }" # 5. 启动 VM sudo curl --unix-socket /tmp/firecracker.socket -i \ -X PUT 'http://localhost/actions' \ -H 'Accept: application/json' \ -H 'Content-Type: application/json' \ -d "{ \"action_type\": \"InstanceStart\" }" ``` 即可看到下面的日志,说明虚拟机启动成功
点击展开完整启动日志 ```bash sudo ./firecracker-v1.14.0-x86_64 --api-sock /tmp/firecracker.socket 2025-11-10T00:13:01.288687176 [anonymous-instance:main] Running Firecracker v1.14.0 2025-11-10T00:13:01.288766187 [anonymous-instance:main] Listening on API socket ("/tmp/firecracker.socket"). 2025-11-10T00:13:01.288926911 [anonymous-instance:fc_api] API server started. 2025-11-10T00:13:17.378996570 [anonymous-instance:fc_api] The API server received a Put request on "/boot-source" with body "{\n \"kernel_image_path\": \"/home/jimyag/opt/firecracker/vmlinux\",\n \"boot_args\": \"console=ttyS0 reboot=k pa nic=1 pci=off\"\n }". 2025-11-10T00:13:17.379062983 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content. 2025-11-10T00:13:26.586882471 [anonymous-instance:fc_api] The API server received a Put request on "/drives/rootfs" with body "{\n \"drive_id\": \"rootfs\",\n \"path_on_host\": \"/home/jimyag/opt/firecracker/rootfs.ext4\",\n \"is _root_device\": true,\n \"is_read_only\": false\n }". 2025-11-10T00:13:26.586969164 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content. 2025-11-10T00:14:46.896458486 [anonymous-instance:fc_api] The API server received a Put request on "/network-interfaces/eth0" with body "{\n \"iface_id\": \"eth0\",\n \"guest_mac\": \"AA:FC:00:00:00:01\",\n \"host_dev_name\": \"f tap0\"\n }". 2025-11-10T00:14:46.896751257 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content. 2025-11-10T00:14:55.442272434 [anonymous-instance:fc_api] The API server received a Put request on "/machine-config" with body "{\n \"vcpu_count\": 2,\n \"mem_size_mib\": 1024\n }". 2025-11-10T00:14:55.442336395 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content. 2025-11-10T00:15:02.280946172 [anonymous-instance:fc_api] The API server received a Put request on "/actions" with body "{\n \"action_type\": \"InstanceStart\"\n }". 2025-11-10T00:15:02.288572636 [anonymous-instance:main] Artificially kick devices 2025-11-10T00:15:02.288590016 [anonymous-instance:fc_vcpu 0] Received a VcpuEvent::Resume message with immediate_exit enabled. immediate_exit was disabled before proceeding 2025-11-10T00:15:02.288604153 [anonymous-instance:fc_vcpu 1] Received a VcpuEvent::Resume message with immediate_exit enabled. immediate_exit was disabled before proceeding 2025-11-10T00:15:02.288655403 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content. [ 0.000000] Linux version 5.10.245 (root@0e0250f7f2f2) (gcc (Ubuntu 11.4.0-1ubuntu1~22.04.2) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #1 SMP Tue Nov 18 09:17:32 UTC 2025 [ 0.000000] Command line: console=ttyS0 reboot=k panic=1 pci=off pci=off root=/dev/vda rw virtio_mmio.device=4K@0xc0001000:6 virtio_mmio.device=4K@0xc0002000:7 [ 0.000000] KASLR disabled [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003fffffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000eec00000-0x00000000febfffff] reserved [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] DMI not present or invalid. [ 0.000000] Hypervisor detected: KVM [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000000] kvm-clock: cpu 0, msr 24e7001, primary cpu clock [ 0.000000] kvm-clock: using sched offset of 9766771 cycles [ 0.000006] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns [ 0.000018] tsc: Detected 2903.964 MHz processor [ 0.000113] last_pfn = 0x40000 max_arch_pfn = 0x400000000 [ 0.000162] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.000200] found SMP MP-table at [mem 0x0009fc00-0x0009fc0f] [ 0.000244] check: Scanning 1 areas for low memory corruption [ 0.000256] Using GB pages for direct mapping [ 0.000348] ACPI: Early table checksum verification disabled [ 0.000376] ACPI: RSDP 0x00000000000E0000 000024 (v02 FIRECK) [ 0.000382] ACPI: XSDT 0x00000000000A0203 00003C (v01 FIRECK FCMVXSDT 00000000 FCAT 20240119) [ 0.000392] ACPI: FACP 0x00000000000A006B 000114 (v06 FIRECK FCVMFADT 00000000 FCAT 20240119) [ 0.000382] ACPI: XSDT 0x00000000000A0203 00003C (v01 FIRECK FCMVXSDT 00000000 FCAT 20240119) 00:15:02 [407/478] [ 0.000392] ACPI: FACP 0x00000000000A006B 000114 (v06 FIRECK FCVMFADT 00000000 FCAT 20240119) [ 0.000398] ACPI: DSDT 0x000000000009FD44 000327 (v02 FIRECK FCVMDSDT 00000000 FCAT 20240119) [ 0.000401] ACPI: APIC 0x00000000000A017F 000048 (v06 FIRECK FCVMMADT 00000000 FCAT 20240119) [ 0.000403] ACPI: MCFG 0x00000000000A01C7 00003C (v01 FIRECK FCMVMCFG 00000000 FCAT 20240119) [ 0.000406] ACPI: Reserving FACP table memory at [mem 0xa006b-0xa017e] [ 0.000407] ACPI: Reserving DSDT table memory at [mem 0x9fd44-0xa006a] [ 0.000407] ACPI: Reserving APIC table memory at [mem 0xa017f-0xa01c6] [ 0.000408] ACPI: Reserving MCFG table memory at [mem 0xa01c7-0xa0202] [ 0.000467] No NUMA configuration found [ 0.000468] Faking a node at [mem 0x0000000000000000-0x000000003fffffff] [ 0.000477] NODE_DATA(0) allocated [mem 0x3ffd6000-0x3fffffff] [ 0.000625] Zone ranges: [ 0.000627] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.000629] DMA32 [mem 0x0000000001000000-0x000000003fffffff] [ 0.000630] Normal empty [ 0.000631] Device empty [ 0.000632] Movable zone start for each node [ 0.000633] Early memory node ranges [ 0.000634] node 0: [mem 0x0000000000001000-0x000000000009efff] [ 0.000635] node 0: [mem 0x0000000000100000-0x000000003fffffff] [ 0.000638] Initmem setup node 0 [mem 0x0000000000001000-0x000000003fffffff] [ 0.000656] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.000820] On node 0, zone DMA: 97 pages in unavailable ranges [ 0.003272] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23 [ 0.003275] Using ACPI (MADT) for SMP configuration information [ 0.003278] TSC deadline timer available [ 0.003280] smpboot: Allowing 2 CPUs, 0 hotplug CPUs [ 0.003294] kvm-guest: KVM setup pv remote TLB flush [ 0.003300] kvm-guest: setup PV sched yield [ 0.003311] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.003312] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x000fffff] [ 0.003314] [mem 0x40000000-0xeebfffff] available for PCI devices [ 0.003316] Booting paravirtualized kernel on KVM [ 0.003319] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns [ 0.003321] setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:2 nr_node_ids:1 [ 0.004528] percpu: Embedded 46 pages/cpu s156184 r0 d32232 u1048576 [ 0.004557] kvm-guest: KVM setup async PF for cpu 0 [ 0.004561] kvm-guest: stealtime: cpu 0, msr 3ec1af80 [ 0.004565] kvm-guest: PV spinlocks enabled [ 0.004570] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear) [ 0.004578] Built 1 zonelists, mobility grouping on. Total pages: 257929 [ 0.004579] Policy zone: DMA32 [ 0.004580] Kernel command line: console=ttyS0 reboot=k panic=1 pci=off pci=off root=/dev/vda rw virtio_mmio.device=4K@0xc0001000:6 virtio_mmio.device=4K@0xc0002000:7 [ 0.004686] Fallback order for Node 0: 0 [ 0.005269] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear) [ 0.005581] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear) [ 0.005629] mem auto-init: stack:off, heap alloc:off, heap free:off [ 0.006693] Memory: 238836K/1048184K available (12292K kernel code, 1187K rwdata, 1944K rodata, 3628K init, 1204K bss, 41168K reserved, 0K cma-reserved) [ 0.007222] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1 [ 0.007430] rcu: Hierarchical RCU implementation. [ 0.007432] rcu: RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=2. [ 0.007433] Tracing variant of Tasks RCU enabled. [ 0.007435] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies. [ 0.007436] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2 [ 0.007442] NR_IRQS: 4352, nr_irqs: 424, preallocated irqs: 0 [ 0.007514] random: crng init done [ 0.007576] Console: colour dummy device 80x25 [ 0.079419] printk: console [ttyS0] enabled [ 0.079951] ACPI: Core revision 20200925 [ 0.080464] APIC: Switch to symmetric I/O mode setup [ 0.081198] x2apic enabled [ 0.081690] Switched APIC routing to physical x2apic. [ 0.082283] kvm-guest: setup PV IPIs [ 0.082740] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x29dbe3ac58d, max_idle_ns: 440795279358 ns [ 0.083968] Calibrating delay loop (skipped) preset value.. 5807.92 BogoMIPS (lpj=11615856) [ 0.085015] x86/cpu: User Mode Instruction Prevention (UMIP) activated [ 0.085809] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8 [ 0.086449] Last level dTLB entries: 4KB 64, 2MB 32, 4MB 32, 1GB 4 [ 0.087189] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 0.087966] Spectre V2 : Mitigation: Enhanced / Automatic IBRS [ 0.087966] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch [ 0.087966] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT [ 0.087966] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch 00:15:02 [336/478] [ 0.087966] Spectre V2 : Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT [ 0.087966] RETBleed: Mitigation: Enhanced IBRS [ 0.087966] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier [ 0.087966] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp [ 0.087966] MMIO Stale Data: Mitigation: Clear CPU buffers [ 0.087966] SRBDS: Unknown: Dependent on hypervisor status [ 0.087966] active return thunk: its_return_thunk [ 0.087966] ITS: Mitigation: Aligned branch/return thunks [ 0.087966] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.087966] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.087966] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.087966] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers' [ 0.087966] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR' [ 0.087966] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.087966] x86/fpu: xstate_offset[3]: 832, xstate_sizes[3]: 64 [ 0.087966] x86/fpu: xstate_offset[4]: 896, xstate_sizes[4]: 64 [ 0.087966] x86/fpu: Enabled xstate features 0x1f, context size is 960 bytes, using 'compacted' format. [ 0.087966] Freeing SMP alternatives memory: 36K [ 0.087966] pid_max: default: 32768 minimum: 301 [ 0.087966] LSM: Security Framework initializing [ 0.087966] SELinux: Initializing. [ 0.087966] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) [ 0.087966] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear) [ 0.087966] smpboot: CPU0: Intel(R) Xeon(R) Processor @ 2.90GHz (family: 0x6, model: 0xa5, stepping: 0x3) [ 0.087966] Performance Events: unsupported p6 CPU model 165 no PMU driver, software events only. [ 0.087966] rcu: Hierarchical SRCU implementation. [ 0.087966] NMI watchdog: Perf NMI watchdog permanently disabled [ 0.087966] smp: Bringing up secondary CPUs ... [ 0.088112] x86: Booting SMP configuration: 2025-11-10T00:15:02.418400451 [anonymous-instance:fc_vcpu 0] vcpu: IO write @ 0x70:0x1 failed: bus_error: MissingAddressRange 2025-11-10T00:15:02.418414934 [anonymous-instance:fc_vcpu 0] vcpu: IO write @ 0x71:0x1 failed: bus_error: MissingAddressRange [ 0.088614] .... node #0, CPUs: #1 2025-11-10T00:15:02.419109564 [anonymous-instance:fc_vcpu 0] vcpu: IO write @ 0x70:0x1 failed: bus_error: MissingAddressRange 2025-11-10T00:15:02.419119922 [anonymous-instance:fc_vcpu 0] vcpu: IO write @ 0x71:0x1 failed: bus_error: MissingAddressRange [ 0.080474] kvm-clock: cpu 1, msr 24e7041, secondary cpu clock [ 0.089352] kvm-guest: KVM setup async PF for cpu 1 [ 0.089352] kvm-guest: stealtime: cpu 1, msr 3ed1af80 [ 0.089851] smp: Brought up 1 node, 2 CPUs [ 0.089851] smpboot: Max logical packages: 1 [ 0.091971] smpboot: Total of 2 processors activated (11615.85 BogoMIPS) [ 0.097108] node 0 deferred pages initialised in 4ms [ 0.097739] devtmpfs: initialized [ 0.097739] x86/mm: Memory block size: 128MB [ 0.097739] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns [ 0.097739] futex hash table entries: 512 (order: 3, 32768 bytes, linear) [ 0.100110] NET: Registered protocol family 16 [ 0.100688] audit: initializing netlink subsys (disabled) [ 0.101329] audit: type=2000 audit(1767975302.314:1): state=initialized audit_enabled=0 res=1 [ 0.101329] thermal_sys: Registered thermal governor 'fair_share' [ 0.101329] thermal_sys: Registered thermal governor 'step_wise' [ 0.103971] thermal_sys: Registered thermal governor 'user_space' [ 0.104826] cpuidle: using governor ladder [ 0.106044] cpuidle: using governor menu [ 0.106594] ACPI: bus type PCI registered [ 0.107099] PCI: Fatal: No config space access function found [ 0.111838] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages [ 0.111974] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages [ 0.119616] ACPI: Added _OSI(Module Device) [ 0.119974] ACPI: Added _OSI(Processor Device) [ 0.120511] ACPI: Added _OSI(Processor Aggregator Device) [ 0.121150] ACPI: Added _OSI(Linux-Dell-Video) [ 0.121688] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio) [ 0.122320] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics) [ 0.122999] ACPI: 1 ACPI AML tables successfully acquired and loaded [ 0.123843] ACPI: Interpreter enabled [ 0.123994] ACPI: (supports S0) [ 0.124373] ACPI: Using IOAPIC for interrupt routing [ 0.124988] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 0.126685] vgaarb: loaded [ 0.126685] SCSI subsystem initialized [ 0.126685] pps_core: LinuxPPS API ver. 1 registered [ 0.127968] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 0.126685] pps_core: LinuxPPS API ver. 1 registered 00:15:02 [265/478] [ 0.127968] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 0.128087] PTP clock support registered [ 0.128087] NetLabel: Initializing [ 0.128087] NetLabel: domain hash size = 128 [ 0.128087] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 0.128087] NetLabel: unlabeled traffic allowed by default [ 0.132068] PCI: Using ACPI for IRQ routing [ 0.132470] PCI: System does not support PCI [ 0.133070] clocksource: Switched to clocksource kvm-clock [ 0.133070] VFS: Disk quotas dquot_6.6.0 [ 0.133202] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 0.134060] pnp: PnP ACPI init [ 0.134536] pnp: PnP ACPI: found 5 devices [ 0.135941] NET: Registered protocol family 2 [ 0.136671] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear) [ 0.138006] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear) [ 0.139017] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 0.139951] TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear) [ 0.140901] TCP: Hash tables configured (established 8192 bind 8192) [ 0.141763] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear) [ 0.142648] UDP hash table entries: 512 (order: 2, 16384 bytes, linear) [ 0.143436] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear) [ 0.144300] NET: Registered protocol family 1 [ 0.144929] RPC: Registered named UNIX socket transport module. [ 0.145852] RPC: Registered udp transport module. [ 0.146588] RPC: Registered tcp transport module. [ 0.147328] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 0.148325] NET: Registered protocol family 44 [ 0.149028] PCI: CLS 0 bytes, default 64 [ 0.149730] virtio-mmio: Registering device virtio-mmio.0 at 0xc0001000-0xc0001fff, IRQ 6. [ 0.151022] virtio-mmio: Registering device virtio-mmio.1 at 0xc0002000-0xc0002fff, IRQ 7. [ 0.152315] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer [ 0.153607] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x29dbe3ac58d, max_idle_ns: 440795279358 ns [ 0.155184] clocksource: Switched to clocksource tsc [ 0.155969] platform rtc_cmos: registered platform RTC device (no PNP device found) 2025-11-10T00:15:02.490067880 [anonymous-instance:fc_vcpu 1] vcpu: IO read @ 0x87:0x1 failed: bus_error: MissingAddressRange [ 0.157293] check: Scanning for low memory corruption every 60 seconds [ 0.158828] Initialise system trusted keyrings [ 0.159370] Key type blacklist registered [ 0.159888] workingset: timestamp_bits=36 max_order=18 bucket_order=0 [ 0.161381] zbud: loaded [ 0.161878] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 0.162675] NFS: Registering the id_resolver key type [ 0.163283] Key type id_resolver registered [ 0.163789] Key type id_legacy registered [ 0.164287] nfs4filelayout_init: NFSv4 File Layout Driver Registering... [ 0.165138] SGI XFS with ACLs, security attributes, quota, no debug enabled [ 0.166346] Key type asymmetric registered [ 0.166854] Asymmetric key parser 'x509' registered [ 0.167443] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248) [ 0.168354] io scheduler mq-deadline registered [ 0.168912] io scheduler kyber registered [ 0.169414] io scheduler bfq registered [ 0.170235] virtio-mmio virtio-mmio.0: can't request region for resource [mem 0xc0001000-0xc0001fff] [ 0.171409] virtio-mmio: probe of virtio-mmio.0 failed with error -16 [ 0.172274] virtio-mmio virtio-mmio.1: can't request region for resource [mem 0xc0002000-0xc0002fff] [ 0.173402] virtio-mmio: probe of virtio-mmio.1 failed with error -16 [ 0.174241] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled [ 0.175168] 00:00: ttyS0 at I/O 0x3f8 (irq = 27, base_baud = 115200) is a 16550A [ 0.308524] loop: module loaded [ 0.309218] virtio_blk virtio0: [vda] 2097152 512-byte logical blocks (1.07 GB/1.00 GiB) [ 0.310216] vda: detected capacity change from 0 to 1073741824 [ 0.324648] Loading iSCSI transport class v2.0-870. [ 0.325340] iscsi: registered transport (tcp) [ 0.326424] i8042: PNP: PS/2 Controller [PNP0303:PS2] at 0x60,0x64 irq 29 [ 0.327258] i8042: PNP: PS/2 appears to have AUX port disabled, if this is incorrect please boot with i8042.nopnp [ 0.328666] serio: i8042 KBD port at 0x60,0x64 irq 29 [ 0.329413] vmclock AMZNC10C:00: vmclock0: registered miscdev [ 0.330105] intel_pstate: CPU model not supported [ 0.330709] hid: raw HID events driver (C) Jiri Kosina [ 0.331562] Initializing XFRM netlink socket [ 0.332170] NET: Registered protocol family 10 [ 0.331562] Initializing XFRM netlink socket 00:15:03 [194/478] [ 0.332170] NET: Registered protocol family 10 [ 0.333149] Segment Routing with IPv6 [ 0.334720] bpfilter: Loaded bpfilter_umh pid 617 [ 0.335314] NET: Registered protocol family 17 [ 0.335872] Bridge firewalling registered [ 0.336387] Key type dns_resolver registered [ 0.337008] NET: Registered protocol family 40 [ 0.337587] IPI shorthand broadcast: enabled [ 0.338174] sched_clock: Marking stable (260498941, 76474453)->(379050311, -42076917) [ 0.339251] registered taskstats version 1 [ 0.340895] Loading compiled-in X.509 certificates [ 0.341616] zswap: loaded using pool lzo/zbud [ 0.342289] Key type .fscrypt registered [ 0.342788] Key type fscrypt-provisioning registered [ 0.343549] Key type encrypted registered [ 0.344102] clk: Disabling unused clocks [ 0.849010] input: AT Raw Set 2 keyboard as /devices/platform/i8042/serio0/input/input0 [ 0.850920] EXT4-fs (vda): mounted filesystem with ordered data mode. Opts: (null) [ 0.851838] VFS: Mounted root (ext4 filesystem) on device 254:0. [ 0.852759] devtmpfs: mounted [ 0.853666] Freeing unused kernel image (initmem) memory: 3628K [ 0.868571] Write protecting the kernel read-only data: 16384k [ 0.870304] Freeing unused kernel image (text/rodata gap) memory: 2040K [ 0.871324] Freeing unused kernel image (rodata/data gap) memory: 104K [ 0.872235] Run /sbin/init as init process SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.33: No such file or directory libbpf: failed to find valid kernel BTF libbpf: Error loading vmlinux BTF: -3 libbpf: failed to load object 'iterators_bpf' libbpf: failed to load BPF skeleton 'iterators_bpf': -3 Failed load could be due to wrong endianness [ 0.892368] systemd[1]: systemd 255.4-1ubuntu8.11 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY + P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVINIT default-hierarchy=unified) [ 0.896883] systemd[1]: Detected virtualization kvm. [ 0.897598] systemd[1]: Detected architecture x86-64. Welcome to Ubuntu 24.04.3 LTS! [ 0.899438] systemd[1]: Hostname set to . [ 0.960687] systemd[1]: Queued start job for default target graphical.target. [ 0.962318] systemd[1]: Created slice system-getty.slice - Slice /system/getty. [ OK ] Created slice system-getty.slice - Slice /system/getty. [ 0.964255] systemd[1]: Created slice system-modprobe.slice - Slice /system/modprobe. [ OK ] Created slice system-modprobe.slice - Slice /system/modprobe. [ 0.966283] systemd[1]: Created slice system-serial\x2dgetty.slice - Slice /system/serial-getty. [ OK ] Created slice system-serial\x2dget…slice - Slice /system/serial-getty. [ 0.968445] systemd[1]: Created slice user.slice - User and Session Slice. [ OK ] Created slice user.slice - User and Session Slice. [ 0.970161] systemd[1]: Started systemd-ask-password-console.path - Dispatch Password Requests to Console Directory Watch. [ OK ] Started systemd-ask-password-conso…equests to Console Directory Watch. [ 0.972450] systemd[1]: Started systemd-ask-password-wall.path - Forward Password Requests to Wall Directory Watch. [ OK ] Started systemd-ask-password-wall.…d Requests to Wall Directory Watch. [ 0.975013] systemd[1]: Set up automount proc-sys-fs-binfmt_misc.automount - Arbitrary Executable File Formats File System Automount Point. [ OK ] Set up automount proc-sys-fs-binfm…ormats File System Automount Point. [ 0.978078] systemd[1]: Expecting device dev-ttyS0.device - /dev/ttyS0... Expecting device dev-ttyS0.device - /dev/ttyS0... [ 0.979681] systemd[1]: Reached target cryptsetup.target - Local Encrypted Volumes. [ OK ] Reached target cryptsetup.target - Local Encrypted Volumes. [ 0.981684] systemd[1]: Reached target integritysetup.target - Local Integrity Protected Volumes. [ OK ] Reached target integritysetup.targ… Local Integrity Protected Volumes. [ 0.983923] systemd[1]: Reached target paths.target - Path Units. [ OK ] Reached target paths.target - Path Units. [ 0.985505] systemd[1]: Reached target remote-fs.target - Remote File Systems. [ OK ] Reached target remote-fs.target - Remote File Systems. [ 0.987336] systemd[1]: Reached target slices.target - Slice Units. [ OK ] Reached target slices.target - Slice Units. [ 0.988734] systemd[1]: Reached target swap.target - Swaps. [ OK ] Reached target swap.target - Swaps. [ 0.989988] systemd[1]: Reached target veritysetup.target - Local Verity Protected Volumes. [ OK ] Reached target veritysetup.target - Local Verity Protected Volumes. [ 0.991870] systemd[1]: Listening on systemd-initctl.socket - initctl Compatibility Named Pipe. [ OK ] Listening on systemd-initctl.socke…- initctl Compatibility Named Pipe. [ 0.991870] systemd[1]: Listening on systemd-initctl.socket - initctl Compatibility Named Pipe. 00:15:03 [123/478] [ OK ] Listening on systemd-initctl.socke…- initctl Compatibility Named Pipe. [ 0.993853] systemd[1]: Listening on systemd-journald-dev-log.socket - Journal Socket (/dev/log). [ OK ] Listening on systemd-journald-dev-…socket - Journal Socket (/dev/log). [ 0.996034] systemd[1]: Listening on systemd-journald.socket - Journal Socket. [ OK ] Listening on systemd-journald.socket - Journal Socket. [ 0.998040] systemd[1]: systemd-pcrextend.socket - TPM2 PCR Extension (Varlink) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 1.000542] systemd[1]: Listening on systemd-udevd-control.socket - udev Control Socket. [ OK ] Listening on systemd-udevd-control.socket - udev Control Socket. [ 1.002891] systemd[1]: Listening on systemd-udevd-kernel.socket - udev Kernel Socket. [ OK ] Listening on systemd-udevd-kernel.socket - udev Kernel Socket. [ 1.005783] systemd[1]: Mounting dev-hugepages.mount - Huge Pages File System... Mounting dev-hugepages.mount - Huge Pages File System... [ 1.008170] systemd[1]: Mounting dev-mqueue.mount - POSIX Message Queue File System... Mounting dev-mqueue.mount - POSIX Message Queue File System... [ 1.012124] systemd[1]: Mounting sys-kernel-debug.mount - Kernel Debug File System... Mountin[ 1.013523] systemd[1]: sys-kernel-tracing.mount - Kernel Trace File System was skipped because of an unmet condition check (ConditionPathExists=/sys/kernel/tracing). g sys-kernel-debug.mount - Kernel Debug File System... [ 1.018731] systemd[1]: Mounting tmp.mount - Temporary Directory /tmp... Mounting tmp.mount - Temporary Directory /tmp... [ 1.021841] systemd[1]: Mounting var-lib-systemd.mount - /var/lib/systemd... Mounting var-lib-systemd.mount - /var/lib/systemd... [ 1.024652] systemd[1]: Starting systemd-journald.service - Journal Service... Starting systemd-journald.service - Journal Service... [ 1.026257] systemd[1]: kmod-static-nodes.service - Create List of Static Device Nodes was skipped because of an unmet condition check (ConditionFileNotEmpty=/lib/modules/5.10.245/modules.devname). [ 1.028882] systemd[1]: Starting modprobe@configfs.service - Load Kernel Module configfs... Starting modprobe@configfs.service - Load Kernel Module configfs... [ 1.039112] systemd-journald[651]: Collecting audit messages is disabled. [ 1.040578] systemd[1]: Starting modprobe@dm_mod.service - Load Kernel Module dm_mod... Starting modprobe@dm_mod.service - Load Kernel Module dm_mod... [ 1.043143] systemd[1]: Starting modprobe@drm.service - Load Kernel Module drm... Starting modprobe@drm.service - Load Kernel Module drm... [ 1.047949] systemd[1]: Starting modprobe@efi_pstore.service - Load Kernel Module efi_pstore... Starting modprobe@efi_pstore.servi… - Load Kernel Module efi_pstore... [ 1.050697] systemd[1]: Starting modprobe@fuse.service - Load Kernel Module fuse... Starting modprobe@fuse.service - Load Kernel Module fuse... [ 1.053177] systemd[1]: Starting modprobe@loop.service - Load Kernel Module loop... Starting modprobe@loop.service - Load Kernel Module loop... [ 1.056791] systemd[1]: Starting systemd-modules-load.service - Load Kernel Modules... Starting systemd-modules-load.service - Load Kernel Modules... [ 1.058576] systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 1.062171] systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems... Starting systemd-remount-fs.servic…unt Root and Kernel File Systems... [ 1.066252] systemd[1]: Starting systemd-tmpfiles-setup-dev-early.service - Create Static Device Nodes in /dev gracefully... Starting systemd-tmpfiles-setup-de… Device Nodes in /dev gracefully... [ 1.069033] systemd[1]: systemd-tpm2-setup-early.service - TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 1.071714] systemd[1]: Starting systemd-udev-trigger.service - Coldplug All udev Devices... Starting systemd-udev-trigger.service - Coldplug All udev Devices... [ 1.074629] systemd[1]: Started systemd-journald.service - Journal Service. [ OK ] Started systemd-journald.service - Journal Service. [ OK ] Mounted dev-hugepages.mount - Huge Pages File System. [ OK ] Mounted dev-mqueue.mount - POSIX Message Queue File System. [ OK ] Mounted sys-kernel-debug.mount - Kernel Debug File System. [ OK ] Mounted tmp.mount - Temporary Directory /tmp. [ OK ] Mounted var-lib-systemd.mount - /var/lib/systemd. [ OK ] Finished modprobe@configfs.service - Load Kernel Module configfs. [ OK ] Finished modprobe@dm_mod.service - Load Kernel Module dm_mod. [ OK ] Finished modprobe@drm.service - Load Kernel Module drm. [ OK ] Finished modprobe@efi_pstore.service - Load Kernel Module efi_pstore. [ OK ] Finished modprobe@fuse.service - Load Kernel Module fuse. [ OK ] Finished modprobe@loop.service - Load Kernel Module loop. [ OK ] Finished systemd-modules-load.service - Load Kernel Modules. [ OK ] Finished systemd-remount-fs.servic…mount Root and Kernel File Systems. [ OK ] Finished systemd-tmpfiles-setup-de…ic Device Nodes in /dev gracefully. Starting systemd-journal-flush.ser…sh Journal to Persistent Storage... [ 1.108608] systemd-journald[651]: Received client request to flush runtime journal. Starting systemd-random-seed.service - Load/Save OS Random Seed... Starting systemd-sysctl.service - Apply Kernel Variables... Starting systemd-sysusers.service - Create System Users... [ OK ] Finished systemd-udev-trigger.service - Coldplug All udev Devices. [ OK ] Finished systemd-journal-flush.ser…lush Journal to Persistent Storage. [ OK ] Finished systemd-random-seed.service - Load/Save OS Random Seed. [ OK ] Finished systemd-sysctl.service - Apply Kernel Variables. [ OK ] Finished systemd-random-seed.service - Load/Save OS Random Seed. 00:15:35 [52/478] [ OK ] Finished systemd-sysctl.service - Apply Kernel Variables. [ OK ] Finished systemd-sysusers.service - Create System Users. Starting systemd-tmpfiles-setup-de…eate Static Device Nodes in /dev... [ OK ] Finished systemd-tmpfiles-setup-de…Create Static Device Nodes in /dev. [ OK ] Reached target local-fs-pre.target…Preparation for Local File Systems. [ OK ] Reached target local-fs.target - Local File Systems. [ OK ] Listening on systemd-sysext.socket…tension Image Management (Varlink). Starting ldconfig.service - Rebuild Dynamic Linker Cache... Starting systemd-binfmt.service - Set Up Additional Binary Formats... Starting systemd-tmpfiles-setup.se…e Volatile Files and Directories... Starting systemd-udevd.service - R…ager for Device Events and Files... [ OK ] Finished systemd-tmpfiles-setup.se…ate Volatile Files and Directories. Starting systemd-journal-catalog-u…ervice - Rebuild Journal Catalog... Starting systemd-update-utmp.servi…ord System Boot/Shutdown in UTMP... Mounting proc-sys-fs-binfmt_misc.m…cutable File Formats File System... [ OK ] Finished ldconfig.service - Rebuild Dynamic Linker Cache. [ OK ] Finished systemd-journal-catalog-u….service - Rebuild Journal Catalog. [ OK ] Mounted proc-sys-fs-binfmt_misc.mo…xecutable File Formats File System. [ OK ] Finished systemd-binfmt.service - Set Up Additional Binary Formats. Starting systemd-update-done.service - Update is Completed... [ OK ] Finished systemd-update-utmp.servi…ecord System Boot/Shutdown in UTMP. [ OK ] Started systemd-udevd.service - Ru…anager for Device Events and Files. [ OK ] Found device dev-ttyS0.device - /dev/ttyS0. [ OK ] Finished systemd-update-done.service - Update is Completed. [ OK ] Reached target sysinit.target - System Initialization. [ OK ] Started systemd-tmpfiles-clean.tim…y Cleanup of Temporary Directories. [ OK ] Reached target timers.target - Timer Units. [ OK ] Listening on ssh.socket - OpenBSD Secure Shell server socket. [ OK ] Reached target sockets.target - Socket Units. [ OK ] Reached target basic.target - Basic System. Starting fcnet.service... Starting getty-static.service - ge…bus and logind are not available... Starting systemd-user-sessions.service - Permit User Sessions... [ OK ] Finished systemd-user-sessions.service - Permit User Sessions. [ OK ] Finished getty-static.service - ge… dbus and logind are not available. [ OK ] Started getty@tty1.service - Getty on tty1. [ OK ] Started getty@tty2.service - Getty on tty2. [ OK ] Started getty@tty3.service - Getty on tty3. [ OK ] Started getty@tty4.service - Getty on tty4. [ OK ] Started getty@tty5.service - Getty on tty5. [ OK ] Started getty@tty6.service - Getty on tty6. [ OK ] Started serial-getty@ttyS0.service - Serial Getty on ttyS0. [ OK ] Reached target getty.target - Login Prompts. [ OK ] Reached target multi-user.target - Multi-User System. [ OK ] Reached target graphical.target - Graphical Interface. Starting systemd-update-utmp-runle…- Record Runlevel Change in UTMP... [ OK ] Finished systemd-update-utmp-runle…e - Record Runlevel Change in UTMP. [ OK ] Finished fcnet.service. Ubuntu 24.04.3 LTS ubuntu-fc-uvm ttyS0 ubuntu-fc-uvm login: root (automatic login) Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 5.10.245 x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/pro This system has been minimized by removing packages and content that are not required on a system that users do not log into. To restore this content, you can run the 'unminimize' command. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. ubuntu-fc-uvm login: root (automatic login) [0/478] Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 5.10.245 x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/pro This system has been minimized by removing packages and content that are not required on a system that users do not log into. To restore this content, you can run the 'unminimize' command. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@ubuntu-fc-uvm:~# root@ubuntu-fc-uvm:~# root@ubuntu-fc-uvm:~# ls root@ubuntu-fc-uvm:~# cat /etc/os-release PRETTY_NAME="Ubuntu 24.04.3 LTS" NAME="Ubuntu" VERSION_ID="24.04" VERSION="24.04.3 LTS (Noble Numbat)" VERSION_CODENAME=noble ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=noble LOGO=ubuntu-logo ```
### Guest 内网络配置 在 Guest 内执行 ```bash # 配置 IP ip addr add 172.16.0.2/24 dev eth0 # 配置网关 ip route add default via 172.16.0.1 # 配置 DNS echo "nameserver 8.8.8.8" > /etc/resolv.conf # 验证 ping baidu.com ``` ### 清理 ```bash # 在 vm 内执行 sudo poweroff # 在宿主机上删除 tap 设备 sudo ip link del ftap0 # 清理 iptables 规则 # 在宿主机上清理 iptables 规则 IFNAME=eth0 sudo iptables -t nat -D POSTROUTING -o $IFNAME -j MASQUERADE sudo iptables -D FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -D FORWARD -i ftap0 -o $IFNAME -j ACCEPT ``` ## 使用配置文件启动 ```bash mkdir -p ~/opt/firecracker/vm && cat > ~/opt/firecracker/vm/config.json << 'EOF' { "boot-source": { "kernel_image_path": "~/opt/firecracker/vmlinux", "boot_args": "console=ttyS0 reboot=t panic=1 pci=off" }, "drives": [{ "drive_id": "rootfs", "path_on_host": "~/opt/firecracker/rootfs.ext4", "is_root_device": true, "is_read_only": false }], "network-interfaces": [{ "iface_id": "eth0", "host_dev_name": "ftap0", "guest_mac": "AA:FC:00:00:00:01" }], "machine-config": { "vcpu_count": 2, "mem_size_mib": 1024 } } EOF sudo ~/opt/firecracker/release-v1.14.0-x86_64/firecracker-v1.14.0-x86_64 --id vm-1 --boot-timer --no-api --config-file ~/opt/firecracker/vm/config.json ```