You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added jailer option --parent-cgroup <relative_path> to allow the placement
of microvm cgroups in custom cgroup nested hierarchies. The default value is <exec-file> which is backwards compatible to the behavior before this
change.
Added jailer option --cgroup-version <1|2> to support running the jailer
on systems that have cgroup-v2. Default value is 1 which means that if --cgroup-version is not specified, the jailer will try to create cgroups
on cgroup-v1 hierarchies only.
Added --http-api-max-payload-size parameter to configure the maximum payload
size for PUT and PATCH requests.
Limit MMDS data store size to --http-api-max-payload-size.
Cleanup all environment variables in Jailer.
Added metrics for accesses to deprecated HTTP and command line API endpoints.
Added permanent HTTP endpoint for GET on /version for getting the
Firecracker version.
Added --metadata parameter to enable MMDS content to be supplied from a file
allowing the MMDS to be used when using --no-api to disable the API server.
Checksum file for the release assets.
Added support for custom headers to MMDS requests. Accepted headers are: X-metadata-token, which accepts a string value that provides a session
token for MMDS requests; and X-metadata-token-ttl-seconds, which
specifies the lifetime of the session token in seconds.
Support and validation for host and guest kernel 5.10.
Added io_engine to the pre-boot block device configuration.
Possible values: Sync (the default option) or Async (only available for
kernels newer than 5.10.51). The Async variant introduces a block device
engine that uses io_uring for executing requests asynchronously, which is in developer preview (NOT for production use).
See docs/api_requests/block-io-engine.md.
Added block.io_engine_throttled_events metric for measuring the number of
virtio events throttled because of the IO engine.
New optional version field to PUT requests towards /mmds/config to
configure MMDS version. Accepted values are V1 and V2 and default is V1. MMDS V2 is developer preview only (NOT for production use) and
it does not currently work after snapshot load.
Mandatory network_interfaces field to PUT requests towards /mmds/config which contains a list of network interface IDs capable of
forwarding packets to MMDS.
Changed
Removed the --node jailer parameter.
Deprecated vsock_id body field in PUTs on /vsock.
Removed the deprecated the --seccomp-level parameter.
GET requests to MMDS require a session token to be provided through X-metadata-token header when using V2.
Allow PUT requests to MMDS in order to generate a session token
to be used for future GET requests when version 2 is used.
Remove allow_mmds_requests field from the request body that attaches network
interfaces. Specifying interfaces that allow forwarding requests to MMDS is done
by adding the network interface's ID to the network_interfaces field of PUT /mmds/config request's body.
Renamed /machine-confight_enabled to smt.
smt field is now optional on PUT /machine-config, defaulting to false.
Configuring smt: true on aarch64 via the API is forbidden.
Fixed
Fixed incorrect propagation of init parameters in kernel commandline.
Related to: #2709.
Adapt T2 and C3 CPU templates for kernel 5.10. Firecracker was not previously
masking some CPU features of the host or emulated by KVM, introduced in more
recent kernels: umip, vmx, avx512_vnni.
Fix jailer's cgroup implementation to accept properties that contain multiple
dots.