I-Amazon ishicilele ukukhishwa okubalulekile kwe-Virtual Machine Monitor yayo (VMM), i-Firecracker 1.0.0, eklanyelwe ukusebenzisa imishini ebonakalayo ene-overhead encane. I-Firecracker imfoloko yephrojekthi ye-CrosVM, esetshenziswa i-Google ukusebenzisa i-Linux nezinhlelo zokusebenza ze-Android ku-ChromeOS. I-Firecracker ithuthukiswa yi-Amazon Web Services ukuze ithuthukise ukusebenza nokusebenza kahle kwe-AWS Lambda kanye ne-AWS Fargate platform. Ikhodi ye-Firecracker ibhalwe ku-Rust futhi ilayisensi ngaphansi kwelayisensi ye-Apache 2.0.
I-Firecracker inikeza imishini ebonakalayo engasindi ebizwa ngama-microVM. Ukuze uthole ukuhlukaniswa okuphelele kwe-microVM, kusetshenziswe ubuchwepheshe be-hardware virtualization obusekelwe ku-hypervisor ye-KVM, kodwa ngesikhathi esifanayo ukusebenza nokuguquguquka kunikezwa ezingeni leziqukathi ezivamile. Uhlelo luyatholakala kuma-architecture we-x86_64 kanye ne-ARM64, futhi luhloliwe kuma-CPU avela ku-Intel Skylake, Intel Cascade Lake, AMD Zen2 kanye nomndeni we-ARM64 Neoverse N1. Amathuluzi ahlinzekwa ukuhlanganisa i-Firecracker kumasistimu okuqukatha esiqukathi sesikhathi sokusebenza njenge-Kata Containers, i-Weaveworks Ignite, kanye ne-contained (ehlinzekwa i-runtime firecracker-containerd).
Imvelo yesofthiwe esebenza ngaphakathi kwemishini ebonakalayo iyasuswa futhi iqukethe isethi encane yezingxenye. Ukuze ulondoloze inkumbulo, unciphise isikhathi sokuqalisa futhi ukhuphule ukuvikeleka ezindaweni, kwethulwa i-kernel ye-Linux ehlutshiwe (ama-kernel 4.14 no-5.10 asekelwa), lapho konke okungadingekile kukhishiwe, okuhlanganisa ukusebenza okuncishisiwe nokusekelwa kwedivayisi okususiwe.
Uma isebenza nge-kernel ehlutshiwe, ukusetshenziswa kwememori okwengeziwe uma kuqhathaniswa nesiqukathi kungaphansi kuka-5 MB. Ukubambezeleka kusukela ngesikhathi kwethulwa i-microVM kuya ekuqaleni kokufakwa kwesicelo kuthiwa kusukela ku-6 kuye ku-60 ms (isilinganiso esingu-12 ms), okuvumela ukwakhiwa kwemishini emisha ebonakalayo enamandla afinyelela kwezingu-180 ngomzuzwana kumsingathi. nama-CPU angu-36 cores.
Ukuze ulawule izindawo ezibonakalayo esikhaleni somsebenzisi, inqubo yangemuva Isiphathi Somshini Obonakalayo siyasebenza, sinikeza i-RESTful API esebenzisa imisebenzi efana nokumisa, ukuqala nokumisa i-microVM, ukukhetha izifanekiso ze-CPU (C3 noma i-T2), enquma inani lamaphrosesa abonakalayo (vCPU) kanye nosayizi wememori, ukwengeza ukuxhumana kwenethiwekhi nokuhlukaniswa kwediski, ukubeka imikhawulo ekuphumeni nasekuqineni kokusebenza, ukuhlinzeka ngenkumbulo eyengeziwe namandla e-CPU uma kunezinsiza ezinganele.
Ngaphezu kokusetshenziswa njengesendlalelo sokuhlukanisa esijulile seziqukathi, i-Firecracker iphinde ifanelekele ukunika amandla izinhlelo ze-FaaS (Function as a Service), ezinikeza imodeli yekhompuyutha engenasiphakeli lapho ukuthuthukiswa kwenziwa esigabeni sokulungiselela isethi yabantu abancane. imisebenzi, ngayinye ephethe umcimbi othize futhi eyenzelwe ukusebenza okukodwa ngaphandle kokubhekisela emvelweni (engenasimo, umphumela awuncikile esimweni sangaphambilini nokuqukethwe kohlelo lwefayela). Imisebenzi yethulwa kuphela uma kunesidingo futhi ngokushesha ngemuva kokucubungula umcimbi iqeda umsebenzi wayo. Inkundla ye-FaaS ngokwayo isingatha imisebenzi elungisiwe, ihlela ukuphatha futhi iqinisekise ukulinganiswa kwezindawo ezidingekayo ukuze kwenziwe imisebenzi elungisiwe.
Ukwengeza, singaphawula ukushicilelwa kwe-Intel ye-Cloud Hypervisor 21.0 hypervisor, eyakhelwe ngesisekelo sezingxenye zephrojekthi ehlangene ye-Rust-VMM, lapho, ngaphezu kwe-Intel, i-Alibaba, i-Amazon, i-Google ne-Red Hat nayo ibamba iqhaza. I-Rust-VMM ibhalwe ngolimi lwe-Rust futhi ikuvumela ukuthi udale ama-hypervisors aqondene nomsebenzi. I-Cloud Hypervisor ingesinye se-hypervisor esihlinzeka ngomshini wokuqapha wezinga eliphezulu (VMM) osebenza phezu kwe-KVM futhi olungiselelwe imisebenzi yamafu. Ikhodi yephrojekthi iyatholakala ngaphansi kwelayisensi ye-Apache 2.0.
I-Cloud Hypervisor igxile ekusebenziseni ukusabalalisa kwe-Linux yesimanje kusetshenziswa amadivaysi e-virtio-based paravirtualized. Phakathi kwezinjongo eziyinhloko ezishiwo yilezi: ukusabela okuphezulu, ukusetshenziswa kwememori okuphansi, ukusebenza okuphezulu, ukumisa okwenziwe lula kanye nokunciphisa ama-vectors okuhlasela okungenzeka. Ukwesekwa kokulingisa kugcinwa kukuncane futhi kugxilwe ku-paravirtualization. x86_64 kanye ne-AArch64 izakhiwo ziyasekelwa. Kuzinhlelo zezivakashi, kusekelwa kuphela ukwakhiwa kwe-Linux okungamabhithi angu-64. I-CPU, inkumbulo, i-PCI kanye ne-NVDIMM amisiwe esigabeni somhlangano. Kungenzeka ukuthutha imishini ebonakalayo phakathi kwamaseva.
Inguqulo entsha ye-Cloud Hypervisor ihlanganisa ikhono lokwenza ukuthuthela bukhoma kwendawo okuphumelelayo, okungasetshenziswa ukubuyekeza izindawo lapho undiza (Buka Bukhoma). Imodi entsha ihlukaniswa ngokukhubaza ukuqhathaniswa kwenkumbulo yomthombo nendawo okuqondiwe kuyo, okunciphisa isikhathi sokusebenza kokubuyekeza okuhamba ngezinyawo ukusuka kumasekhondi angu-3 ukuya ku-50 ms. I-Linux kernel enconyiwe ingu-5.15 (5.14 inezinkinga nge-virtio-net).
Source: opennet.ru