Bot releases are hidden (Show)
VcpuExit::MmioRead
, VcpuExit::MmioWrite
, VcpuExit::IoIn
and VcpuExit::IoOut
. The average for these VM exits is not emitted since it can be deduced from the available emitted metrics.--snapshot-version
flag to the Firecracker binary to see its supported snapshot version format. This change renders all previous Firecracker snapshots (up to Firecracker version v1.6.0) incompatible with the current Firecracker version.page_size_kib
field. See also the hugepages documentation.PATCH
requests to the /machine-config
endpoint transactional, meaning Firecracker's configuration will be unchanged if the request returns an error. This fixes a bug where a microVM with incompatible balloon and guest memory size could be booted, due to the check for this condition happening after Firecracker's configuration was updated.Published by pb8o 10 months ago
net
, each individual net device will emit metrics under the label "net_{iface_id}"
. E.g. the associated metrics for the endpoint "/network-interfaces/eth0"
will be available under "net_eth0"
in the metrics json object.block
, each individual block device will emit metrics under the label "block_{drive_id}"
. E.g. the associated metrics for the endpoint "/drives/{drive_id}"
will be available under "block_drive_id"
in the metrics json object.vm-state
subcommand to info-vmstate
command in the snapshot-editor
tool to print MicrovmState of vmstate snapshot file in a readable format. Also made the vcpu-states
subcommand available on x86_64."vhost_user_{device}_{drive_id}"
.--parent-cgroup
will move the process to that cgroup if no cgroup
options are provided.mem_file_path
to the path of the pre-existing full snapshot.rebase-snap
tool is now deprecated. Users should use snapshot-editor
for rebasing diff snapshots.--show-log-origin
option, preventing it from printing the source code file of the log messages.--no-api
.--level
option of logger to Pascal-cased values (e.g. accepting “Info”, but not “info”). It now ignores case again.mem_file_path
to be the path of the memory file from which the microvm was restored would result in both the microvm and the snapshot being corrupted. It now instead performs a “write-back” of all memory that was updated since the snapshot was originally loaded.Published by pb8o 11 months ago
--parent-cgroup
option, which results in it being ignored by the jailer. Refer to the jailer documentation for a workaround.--show-log-origin
option, preventing it from printing the source code file of the log messages.--no-api
.--level
option of logger to Pascal-cased values (e.g. accepting "Info", but not "info"). It now ignores case again.Published by roypat about 1 year ago
snapshot-editor
tool for modifications of snapshot files. It allows for rebasing of memory snapshot files, printing and removing aarch64 registers from the vmstate and obtaining snapshot version.vcpu_features
field allows modifications of vCPU features enabled during vCPU initialization. kvm_capabilities
field allows modifications of KVM capability checks that Firecracker performs during boot. If any of these fields are in use, minimal target snapshot version is restricted to 1.5.bitmap
for custom CPU templates to allow usage of '_' as a separator.cpu-template-helper
tool to operate bitwise.RLIMIT_NOFILE
many fds (or 2048 if no limit is set). This avoids the kernel reallocating the fdtable during Firecracker operations, resulting in a 30ms to 70ms reduction of snapshot restore times for medium to large microVMs with many devices attached.cpu-template-helper
tool not to enumerate program counter (PC) on ARM because it is determined by the given kernel image and it is useless in the custom CPU template context.version
body field in PUT
on /snapshot/create
request in deprecated.cpu_template
field in PUT
and PATCH
requests on /machine-config
API, which is used to set a static CPU template. Custom CPU templates added in v1.4.0 are available as an improved iteration of the static CPU templates. For more information about the transition from static CPU templates to custom CPU templates, please refer to this GitHub discussion.Warn
to Info
. This results in more logs being output by default.nomodule
param passed in the default kernel command line parameters. This is a breaking change for setups that use the default kernel command line which also depend on being able to load kernel modules at runtime. This may also break setups which use the default kernel command line and which use an init binary that inadvertently depends on the misspelled param ("nomodules") being present at the command line, since this param will no longer be passed.Published by sudanl0 about 1 year ago
Fixed
Published by ShadowCurse over 1 year ago
Added
virtio-rng
entropy device. The device is optional. A/entropy
endpoint.cpu-template-helper
tool for assisting with creating and managingChanged
Fixed
api_event_fd
.Published by kalyazin over 1 year ago
Fixed
Published by andreitraistaru over 1 year ago
Changed
Fixed
api_event_fd
.Published by andreitraistaru over 1 year ago
Fixed
api_event_fd
.Published by kalyazin over 1 year ago
Fixed
target_version = 1.3.0
failing with thePublished by zulinx86 over 1 year ago
Update 03-03: This release contains a bug when trying to snapshot with target_version=1.3.0
, which results in an error and no snapshot taken. To mitigate this bug, leave target_version
empty or use target_version=1.2.0
We are currently working on a fix.
Added
Changed
Fixed
Published by pb8o almost 2 years ago
Published by pb8o almost 2 years ago
T2S
. This exposes the same CPUID as T2
toARCH_CAPABILITIES
MSR to expose a reduced--metrics-path PATH
. It accepts a file parameter--exec-file
to fail if the filename does notfirecracker
to prevent from running non-firecrackerT2
template more robust by explicitly disabling additional/vm/config
boot_args
field of the JSON body of the PUT /boot-source
Published by pb8o almost 2 years ago
boot_args
field of the JSON body of the PUT /boot-source
Published by pb8o almost 2 years ago
boot_args
field of the JSON body of the PUT /boot-source
Published by dianpopa about 2 years ago
Published by dianpopa about 2 years ago
Published by alsrdn about 2 years ago
T2S
. This exposes the same CPUID as T2
ARCH_CAPABILITIES
MSR to expose aT2
template more robust by explicitly disabling additionalPublished by alsrdn over 2 years ago
PATCH
methods for machine-config
can now be used to resetcpu_template
to "None"
. Until this change there was no way tocpu_template
once it was set.rebase-snap
tool for rebasing a diff snapshot over a base--mmds-size-limit
for limiting the mmds data store size instead of--http-api-max-payload-size
. If left unconfigured it--http-api-max-payload-size
, to provide backwardsmem_backend
body field in PUT
requests on /snapshot/load
.mem_backend
parameter contains backend_type
and backend_path
requiredbackend_type
is an enum that can take either File
or Uffd
asbackend_path
field depends on the value ofbackend_type
. If File
, then the user must provide the path to file thatbackend_type
is Uffd
,backend_path
is the path to a unix domain socket where a custom pagePATCH
method for /machine-config
can be now used to changetrack_dirty_pages
on aarch64.mem_file_path
body field in PUT
on /snapshot/load
request.vcpu_count
and mem_size_mib
parameters formachine-config
although they are mandatory when configuring via the API.machine-config
in the JSONPUT
request on /machine-config
.cpu_template
smt
to True
in machine-config
when starting from aPUT
orPATCH
in the API. Now Firecracker will return an error on aarch64 if smt
True
or if cpu_template
is specified.PUT
method for /machine-config
thattrack_dirty_pages
parameter to false
if it was notcpu_template
PUT
request/machine-config
will reset all optional parameters (smt
,cpu_template
, track_dirty_pages
) to their default values if they arePUT
request./vm/config
endpoint.Published by luminitavoicu over 2 years ago
--parent-cgroup <relative_path>
to allow the placement<exec-file>
which is backwards compatible to the behavior before this--cgroup-version <1|2>
to support running the jailer1
which means that if--cgroup-version
is not specified, the jailer will try to create cgroups--http-api-max-payload-size
parameter to configure the maximum payload--http-api-max-payload-size
.GET
on /version
for getting the--metadata
parameter to enable MMDS content to be supplied from a file--no-api
to disable the API server.X-metadata-token
, which accepts a string value that provides a sessionX-metadata-token-ttl-seconds
, whichio_engine
to the pre-boot block device configuration.Sync
(the default option) or Async
(only available forAsync
variant introduces a block devicedocs/api_requests/block-io-engine.md
.block.io_engine_throttled_events
metric for measuring the number ofversion
field to PUT requests towards /mmds/config
toV1
and V2
and default isV1
. MMDS V2
is developer preview only (NOT for production use) andnetwork_interfaces
field to PUT requests towards/mmds/config
which contains a list of network interface IDs capable of--node
jailer parameter.vsock_id
body field in PUT
s on /vsock
.--seccomp-level parameter
.GET
requests to MMDS require a session token to be provided throughX-metadata-token
header when using V2.PUT
requests to MMDS in order to generate a session tokenGET
requests when version 2 is used.allow_mmds_requests
field from the request body that attaches networknetwork_interfaces
field of PUT/mmds/config
request's body./machine-config
ht_enabled
to smt
.smt
field is now optional on PUT /machine-config
, defaulting tofalse
.smt: true
on aarch64 via the API is forbidden.umip
, vmx
, avx512_vnni
.