gruchalski.com

firebuild prerequisites

Read this first before reading about firebuild
 390  2 mins

This article describes the prerequisites to the Introducing firebuild.

§install Firecracker and Jailer on the host

Firecracker works only on Linux. You can use this program to install and link the binaries on your system.

§install and configure golang 1.16+

The tc-redirect-tap CNI plugin (mentioned below) requires golang to build, as does firebuild. firebuild requires golang 1.16+ so install it:

1
2
3
4

rm -rf /usr/local/go && tar -C /usr/local -xzf go1.16.2.linux-amd64.tar.gz
mkdir -p $HOME/dev/golang/{bin,src}
export PATH=$PATH:/usr/local/go/bin:$HOME/dev/golang/bin
export GOPATH=$HOME/dev/golang

The most recent version can be downloaded from golang website.

§install CNI plugins

firebuild assumes CNI availability. Installing the plugins is very straightforward. Create /opt/cni/bin/ directory and download the plugins:

1
2
3

mkdir -p /opt/cni/bin
curl -O -L https://github.com/containernetworking/plugins/releases/download/v0.9.1/cni-plugins-linux-amd64-v0.9.1.tgz
tar -C /opt/cni/bin -xzf cni-plugins-linux-amd64-v0.9.1.tgz

Firecracker requires also the tc-redirect-tap plugin. Unfortunately, this one does not offer downloadable binaries and has to be built from sources.

1
2
3
4

mkdir -p $GOPATH/src/github.com/awslabs/tc-redirect-tap
cd $GOPATH/src/github.com/awslabs/tc-redirect-tap
git clone https://github.com/awslabs/tc-redirect-tap.git .
make install

§create CNI network configurations

The article assumes two different CNI networks:

  • one for machine builds
  • one for running machines

CNI network config lists are stored in /etc/cni/conf.d. Create both like this:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

mkdir -p /etc/cni/conf.d

cat <<EOF > /etc/cni/conf.d/machines.conflist
{
    "name": "machines",
    "cniVersion": "0.4.0",
    "plugins": [
        {
            "type": "bridge",
            "name": "machines-bridge",
            "bridge": "machines0",
            "isDefaultGateway": true,
            "ipMasq": true,
            "hairpinMode": true,
            "ipam": {
                "type": "host-local",
                "subnet": "192.168.127.0/24",
                "resolvConf": "/etc/resolv.conf"
            }
        },
        {
            "type": "firewall"
        },
        {
            "type": "tc-redirect-tap"
        }
    ]
}
EOF

cat <<EOF > /etc/cni/conf.d/machine-builds.conflist
{
    "name": "machine-builds",
    "cniVersion": "0.4.0",
    "plugins": [
        {
            "type": "bridge",
            "name": "machine-builds-bridge",
            "bridge": "builds0",
            "isDefaultGateway": true,
            "ipMasq": true,
            "hairpinMode": true,
            "ipam": {
                "type": "host-local",
                "subnet": "192.168.128.0/24",
                "resolvConf": "/etc/resolv.conf"
            }
        },
        {
            "type": "firewall"
        },
        {
            "type": "tc-redirect-tap"
        }
    ]
}
EOF

§build and install firebuild from sources

At this moment, there are no binaries for firebuild. It must be built from sources:

1
2
3
4

mkdir -p $GOPATH/src/github.com/combust-labs/firebuild
cd $GOPATH/src/github.com/combust-labs/firebuild
git clone https://github.com/combust-labs/firebuild .
go install

§make the $GOPATH system wide

1

echo \$GOPATH=$GOPATH >> /etc/profile

That’s it.

See Also: