We replaced Firecracker with QEMU

409 点作者 hugodutka将近 2 年前

17 条评论

CompuIves将近 2 年前

At CodeSandbox we use Firecracker for hosting development environments, and I agree with the points. Though I don't think that means you should not use Firecracker for running long-lived workloads.We reclaim memory with a memory balloon device, for the disk trimming we discard (& compress) the disk, and for i/o speed we use io_uring (which we only use for scratch disks, the project disks are network disks).It's a tradeoff. It's more work and does require custom implementations. For us that made sense, because in return we get a lightweight VMM that we can more easily extend with functionality like memory snapshotting and live VM cloning [1][2].[1]: <a href="https://codesandbox.io/blog/how-we-clone-a-running-vm-in-2-seconds" rel="nofollow noreferrer">https://codesandbox.io/blog/how-we-clone-a-running-vm-in-2-s...</a>[2]: <a href="https://codesandbox.io/blog/cloning-microvms-using-userfaultfd" rel="nofollow noreferrer">https://codesandbox.io/blog/cloning-microvms-using-userfault...</a>

评论 #36675734 未加载

评论 #36674602 未加载

heavyset_go将近 2 年前

Someone posted this and then immediately deleted their comment: <a href="https://qemu.readthedocs.io/en/latest/system/i386/microvm.html" rel="nofollow noreferrer">https://qemu.readthedocs.io/en/latest/system/i386/microvm.ht...</a>I didn't know it existed until they posted, but QEMU has a Firecracker-inspired target:> microvm is a machine type inspired by Firecracker and constructed after its machine model.> It’s a minimalist machine type without PCI nor ACPI support, designed for short-lived guests. microvm also establishes a baseline for benchmarking and optimizing both QEMU and guest operating systems, since it is optimized for both boot time and footprint.

lessaligned将近 2 年前

"the fork was very very bad for eating soup - this is a story about how we migrated to a spoon"...firecracker does fine what it was designed to - short running fast start workloads.(oh, and the article starts by slightly misusing a bunch of technical terms, firecracker's not technically a hypervisor per se)

评论 #36673247 未加载

评论 #36667805 未加载

rgbrenner将近 2 年前

"Firecracker's RAM footprint starts low, but once a workload inside allocates RAM, Firecracker will never return it to the host system."Firecracker has a balloon device you can inflate (ie: acquire as much memory inside the VM as possible) and then deflate... returning the memory to the host. You can do this while the VM is running.<a href="https://github.com/firecracker-microvm/firecracker/blob/main/docs/ballooning.md">https://github.com/firecracker-microvm/firecracker/blob/main...</a>

评论 #36668081 未加载

评论 #36668004 未加载

评论 #36669562 未加载

londons_explore将近 2 年前

I really want VM's to integrate 'smarter' with the host.For example, if I'm running 5 VM's, there is a good chance that many of the pages are identical. Not only do I want those pages to be deduplicated, but I want them to be zero-copy (ie. not deduplicated after-the-fact by some daemon).To do that, the guest block cache needs to be integrated with the host block-cache, so that whenever some guest application tries to map data from disk, the host notices that another virtual machine has already caused this data to be loaded, so we can just map the same page of already loaded data into the VM that is asking.

评论 #36667096 未加载

评论 #36668733 未加载

评论 #36667239 未加载

评论 #36667378 未加载

评论 #36667871 未加载

评论 #36667156 未加载

评论 #36667379 未加载

评论 #36667144 未加载

评论 #36677638 未加载

评论 #36667637 未加载

amarshall将近 2 年前

No mention of Cloud Hypervisor [1]…perhaps they don’t know about it? It’s based in part on Firecracker and supports free page reporting, virtio-blk-pci, PCI passthrough, and (I believe) discard in virtio-blk.[1]: <a href="https://www.cloudhypervisor.org/" rel="nofollow noreferrer">https://www.cloudhypervisor.org/</a>

评论 #36667227 未加载

ComputerGuru将近 2 年前

The article did an ok job of explaining the firecracker limitations they ran into but it was extremely skimpy when it came to qemu and just rushed to the conclusion “we did a lot of work so try our product.”

评论 #36667884 未加载

wiradikusuma将近 2 年前

Fly uses Firecracker, and they host long-running processes. I wonder what's their opinion about it.

评论 #36667086 未加载

评论 #36668725 未加载

blinkingled将近 2 年前

> The main issue we've had with QEMU is that it has too many options you need to configure. For instance, enabling your VM to return unused RAM to the host requires at least three challenging tasksThis just works on Hyper-V Linux guests btw. For all the crap MS gets they do some things very right.

评论 #36667200 未加载

alpb将近 2 年前

Presumably this doesn't use the "microvm" machine type in QEMU? (also on front page right now <a href="https://news.ycombinator.com/item?id=36673945">https://news.ycombinator.com/item?id=36673945</a>)

jhatemyjob将近 2 年前

I came to the same conclusion as OP. QEMU is the most stable, hackable, well-supported VM hypervisor on the market. Setting it up is a pain, but once you get it set up with all your custom scripts, you never have to do it again. Ever. Even in your next project.

Havoc将近 2 年前

I toyed with it a bit and was delighted to get it running. Only to discover getting even basic networking going is another mission in itself.Light is cool but for many tasks that level of Spartan is overkillIf I’m investing time in light it might as well be wasm tech

favflam将近 2 年前

I know that Firecracker does not let you bind mount volumes, but QEMU does. So, we changed to QEMU from Firecracker. If you run the workloads in Kubernetes, you just have to change a single value in a yaml file to change the runtime.I would be scared to let unknown persons use QEMU that bind mounts volumes as that is a huge security risk. Firecracker, I think, was designed from the start to run un-sanitized workloads, hence, no bind mounting.

评论 #36673951 未加载

mgaunard将近 2 年前

I know a good way to make a process make the most of the hardware and play cooperatively with other processes: don't use virtualization.I will never understand the whole virtual machine and cloud craze. Your operating system is better than any hypervisor at sharing resources efficiently.

评论 #36675393 未加载

评论 #36673585 未加载

评论 #36675795 未加载

评论 #36675883 未加载

评论 #36674052 未加载

datadeft将近 2 年前

Tl;dr: We tried to misuse technology and we failed. If Firecracker was developed for a single binary executed fir a short period of time why do you try to use it for multiple executables running for a long time? Does it make any sense to even try?

评论 #36673830 未加载

评论 #36673150 未加载

gwd将近 2 年前

Listen people, Firecracker is NOT A HYPERVISOR. A hypervisor runs right on the hardware. KVM is a hypervisor. Firecracker is a process that controls KVM. If you want to call firecracker (and QEMU, when used in conjunction with KVM) a VMM ("virtual machine monitor") I won't complain. But please please please, we need a word for what KVM and Xen are, and "hypervisor" is the best fit. Stop using that word for a user-level process like Firecracker.

评论 #36668443 未加载

评论 #36667405 未加载

评论 #36667697 未加载

评论 #36668447 未加载

评论 #36667578 未加载

评论 #36669790 未加载

k__将近 2 年前

"Firecracker...'s excellent for running short-lived workloads...A little-known fact about Firecracker is its lack of support... for long-lived workloads."Okay.