Skip to content

Firecracker v1.0.0

Compare
Choose a tag to compare
@luminitavoicu luminitavoicu released this 31 Jan 08:00
· 2715 commits to main since this release

Added

  • Added jailer option --parent-cgroup <relative_path> to allow the placement
    of microvm cgroups in custom cgroup nested hierarchies. The default value is
    <exec-file> which is backwards compatible to the behavior before this
    change.
  • Added jailer option --cgroup-version <1|2> to support running the jailer
    on systems that have cgroup-v2. Default value is 1 which means that if
    --cgroup-version is not specified, the jailer will try to create cgroups
    on cgroup-v1 hierarchies only.
  • Added --http-api-max-payload-size parameter to configure the maximum payload
    size for PUT and PATCH requests.
  • Limit MMDS data store size to --http-api-max-payload-size.
  • Cleanup all environment variables in Jailer.
  • Added metrics for accesses to deprecated HTTP and command line API endpoints.
  • Added permanent HTTP endpoint for GET on /version for getting the
    Firecracker version.
  • Added --metadata parameter to enable MMDS content to be supplied from a file
    allowing the MMDS to be used when using --no-api to disable the API server.
  • Checksum file for the release assets.
  • Added support for custom headers to MMDS requests. Accepted headers are:
    X-metadata-token, which accepts a string value that provides a session
    token for MMDS requests; and X-metadata-token-ttl-seconds, which
    specifies the lifetime of the session token in seconds.
  • Support and validation for host and guest kernel 5.10.
  • A kernel support policy.
  • Added io_engine to the pre-boot block device configuration.
    Possible values: Sync (the default option) or Async (only available for
    kernels newer than 5.10.51). The Async variant introduces a block device
    engine that uses io_uring for executing requests asynchronously, which is in
    developer preview (NOT for production use).
    See docs/api_requests/block-io-engine.md.
  • Added block.io_engine_throttled_events metric for measuring the number of
    virtio events throttled because of the IO engine.
  • New optional version field to PUT requests towards /mmds/config to
    configure MMDS version. Accepted values are V1 and V2 and default is
    V1. MMDS V2 is developer preview only (NOT for production use) and
    it does not currently work after snapshot load.
  • Mandatory network_interfaces field to PUT requests towards
    /mmds/config which contains a list of network interface IDs capable of
    forwarding packets to MMDS.

Changed

  • Removed the --node jailer parameter.
  • Deprecated vsock_id body field in PUTs on /vsock.
  • Removed the deprecated the --seccomp-level parameter.
  • GET requests to MMDS require a session token to be provided through
    X-metadata-token header when using V2.
  • Allow PUT requests to MMDS in order to generate a session token
    to be used for future GET requests when version 2 is used.
  • Remove allow_mmds_requests field from the request body that attaches network
    interfaces. Specifying interfaces that allow forwarding requests to MMDS is done
    by adding the network interface's ID to the network_interfaces field of PUT
    /mmds/config request's body.
  • Renamed /machine-config ht_enabled to smt.
  • smt field is now optional on PUT /machine-config, defaulting to
    false.
  • Configuring smt: true on aarch64 via the API is forbidden.

Fixed

  • Fixed incorrect propagation of init parameters in kernel commandline.
    Related to:
    #2709.
  • Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously
    masking some CPU features of the host or emulated by KVM, introduced in more
    recent kernels: umip, vmx, avx512_vnni.
  • Fix jailer's cgroup implementation to accept properties that contain multiple
    dots.