Firecrackerを使って実際にVMを起動してみる。Firecracker用と操作用に2枚のターミナルを開いておく必要がある。
イメージとしてはhost→Firecracker‐KVM→マイクロVMとなるので、そのため中での操作はKVMより外部に出ることはない。
次にFirecrackerを実際に動かしてみるため、Linuxカーネルとrootfsを、チュートリアルからダウンロードしてくる。
ARCH="$(uname -m)"
# カーネルのダウンロード
curl -fsSL -o hello-vmlinux.bin https://s3.amazonaws.com/spec.ccfc.min/img/quickstart_guide/$ARCH/kernels/vmlinux.bin
# ルートファイルシステム(ext4)のダウンロード
curl -fsSL -o hello-rootfs.ext4 https://s3.amazonaws.com/spec.ccfc.min/img/quickstart_guide/$ARCH/rootfs/bionic.rootfs.ext4別ターミナルでFirecrackerの起動
$ sudo firecracker.sh
2026-03-20T12:33:33.463790734 [anonymous-instance:main] Running Firecracker v1.14.3
2026-03-20T12:33:33.463999896 [anonymous-instance:main] Listening on API socket ("/run/firecracker.socket").
2026-03-20T12:33:33.464228603 [anonymous-instance:fc_api] API server started.以下のシェルを「run-hello-sh.sh」として操作用ターミナルで作成
#!/bin/bash
SOCK=/run/firecracker.socket
KERNEL="${PWD}/hello-vmlinux.bin"
ROOTFS="${PWD}/hello-rootfs.ext4"
sudo curl --unix-socket "$SOCK" -i \
-X PUT http://localhost/machine-config \
-H "Content-Type: application/json" \
-d '{
"vcpu_count": 1,
"mem_size_mib": 512,
"smt": false
}'
sudo curl --unix-socket "$SOCK" -i \
-X PUT http://localhost/boot-source \
-H "Content-Type: application/json" \
-d "{
\"kernel_image_path\": \"${KERNEL}\",
\"boot_args\": \"console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw init=/bin/bash\"
}"
sudo curl --unix-socket "$SOCK" -i \
-X PUT http://localhost/drives/rootfs \
-H "Content-Type: application/json" \
-d "{
\"drive_id\": \"rootfs\",
\"path_on_host\": \"${ROOTFS}\",
\"is_root_device\": true,
\"is_read_only\": false
}"
sudo curl --unix-socket "$SOCK" -i \
-X PUT http://localhost/actions \
-H "Content-Type: application/json" \
-d '{ "action_type": "InstanceStart" }'操作用ターミナルで起動
$ sh run-hello-sh.sh無事起動できることを確認できた。
Firecrackerのターミナル
$ sudo firecracker.sh
2026-03-20T12:49:50.826969996 [anonymous-instance:main] Running Firecracker v1.14.3
2026-03-20T12:49:50.827217491 [anonymous-instance:main] Listening on API socket ("/run/firecracker.socket").
2026-03-20T12:49:50.828544703 [anonymous-instance:fc_api] API server started.
2026-03-20T12:49:53.054589842 [anonymous-instance:fc_api] The API server received a Put request on "/machine-config" with body "{\n \"vcpu_count\": 1,\n \"mem_size_mib\": 512,\n \"smt\": false\n }".
2026-03-20T12:49:53.054978867 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content.
2026-03-20T12:49:53.078661578 [anonymous-instance:fc_api] The API server received a Put request on "/boot-source" with body "{\n \"kernel_image_path\": \"/home/user/code/fc/blog/hello-vmlinux.bin\",\n \"boot_args\": \"console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw init=/bin/bash\"\n }".
2026-03-20T12:49:53.078933172 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content.
2026-03-20T12:49:53.102410124 [anonymous-instance:fc_api] The API server received a Put request on "/drives/rootfs" with body "{\n \"drive_id\": \"rootfs\",\n \"path_on_host\": \"/home/user/code/fc/blog/hello-rootfs.ext4\",\n \"is_root_device\": true,\n \"is_read_only\": false\n }".
2026-03-20T12:49:53.102598987 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content.
2026-03-20T12:49:53.126857467 [anonymous-instance:fc_api] The API server received a Put request on "/actions" with body "{ \"action_type\": \"InstanceStart\" }".
2026-03-20T12:49:53.139793769 [anonymous-instance:main] Artificially kick devices
2026-03-20T12:49:53.140009736 [anonymous-instance:fc_vcpu 0] Received a VcpuEvent::Resume message with immediate_exit enabled. immediate_exit was disabled before proceeding
2026-03-20T12:49:53.140180905 [anonymous-instance:fc_api] The request was executed successfully. Status code: 204 No Content.
[ 0.000000] Linux version 4.14.174 (@57edebb99db7) (gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)) #2 SMP Wed Jul 14 11:47:24 UTC 2021
[ 0.000000] Command line: console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw init=/bin/bash pci=off root=/dev/vda rw virtio_mmio.device=4K@0xc0001000:6
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
[ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
[ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x00000000000dffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000001fffffff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000eec00000-0x00000000febfffff] reserved
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] DMI not present or invalid.
[ 0.000000] Hypervisor detected: KVM
[ 0.000000] tsc: Fast TSC calibration failed
[ 0.000000] tsc: Unable to calibrate against PIT
[ 0.000000] tsc: No reference (HPET/PMTIMER) available
[ 0.000000] e820: last_pfn = 0x20000 max_arch_pfn = 0x400000000
[ 0.000000] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT
[ 0.000000] found SMP MP-table at [mem 0x0009fc00-0x0009fc0f]
[ 0.000000] Scanning 1 areas for low memory corruption
[ 0.000000] No NUMA configuration found
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000001fffffff]
[ 0.000000] NODE_DATA(0) allocated [mem 0x1ffde000-0x1fffffff]
[ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
[ 0.000000] kvm-clock: cpu 0, msr 0:1ffdc001, primary cpu clock
[ 0.000000] kvm-clock: using sched offset of 426737084 cycles
[ 0.000000] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000000001000-0x0000000000ffffff]
[ 0.000000] DMA32 [mem 0x0000000001000000-0x000000001fffffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000000001000-0x000000000009efff]
[ 0.000000] node 0: [mem 0x0000000000100000-0x000000001fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000000001000-0x000000001fffffff]
[ 0.000000] Intel MultiProcessor Specification v1.4
[ 0.000000] MPTABLE: OEM ID: FC
[ 0.000000] MPTABLE: Product ID: 000000000000
[ 0.000000] MPTABLE: APIC at: 0xFEE00000
[ 0.000000] Processor #0 (Bootup-CPU)
[ 0.000000] IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-23
[ 0.000000] Processors: 1
[ 0.000000] smpboot: Allowing 1 CPUs, 0 hotplug CPUs
[ 0.000000] PM: Registered nosave memory: [mem 0x00000000-0x00000fff]
[ 0.000000] PM: Registered nosave memory: [mem 0x0009f000-0x0009ffff]
[ 0.000000] PM: Registered nosave memory: [mem 0x000a0000-0x000dffff]
[ 0.000000] PM: Registered nosave memory: [mem 0x000e0000-0x000fffff]
[ 0.000000] e820: [mem 0x20000000-0xeebfffff] available for PCI devices
[ 0.000000] Booting paravirtualized kernel on KVM
[ 0.000000] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[ 0.000000] random: get_random_bytes called from start_kernel+0x94/0x486 with crng_init=0
[ 0.000000] setup_percpu: NR_CPUS:128 nr_cpumask_bits:128 nr_cpu_ids:1 nr_node_ids:1
[ 0.000000] percpu: Embedded 41 pages/cpu s128600 r8192 d31144 u2097152
[ 0.000000] KVM setup async PF for cpu 0
[ 0.000000] kvm-stealtime: cpu 0, msr 1fc15040
[ 0.000000] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes)
[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 128905
[ 0.000000] Policy zone: DMA32
[ 0.000000] Kernel command line: console=ttyS0 reboot=k panic=1 pci=off root=/dev/vda rw init=/bin/bash pci=off root=/dev/vda rw virtio_mmio.device=4K@0xc0001000:6
[ 0.000000] PID hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.000000] Memory: 498072K/523896K available (8204K kernel code, 645K rwdata, 1480K rodata, 1324K init, 2792K bss, 25824K reserved, 0K cma-reserved)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[ 0.000000] Kernel/User page tables isolation: enabled
[ 0.004000] Hierarchical RCU implementation.
[ 0.004000] RCU restricting CPUs from NR_CPUS=128 to nr_cpu_ids=1.
[ 0.004000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1
[ 0.004000] NR_IRQS: 4352, nr_irqs: 48, preallocated irqs: 16
[ 0.004000] Console: colour dummy device 80x25
[ 0.004000] console [ttyS0] enabled
[ 0.004000] tsc: Detected 3605.658 MHz processor
[ 0.008601] Calibrating delay loop (skipped) preset value.. 7211.31 BogoMIPS (lpj=14422632)
[ 0.016037] pid_max: default: 32768 minimum: 301
[ 0.026439] Security Framework initialized
[ 0.032986] SELinux: Initializing.
[ 0.083492] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.109937] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
[ 0.116672] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.124638] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.173099] Last level iTLB entries: 4KB 512, 2MB 8, 4MB 8
[ 0.180037] Last level dTLB entries: 4KB 512, 2MB 32, 4MB 32, 1GB 0
[ 0.188069] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization
[ 0.196038] Spectre V2 : Mitigation: Full generic retpoline
[ 0.204036] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
[ 0.212036] Speculative Store Bypass: Vulnerable
[ 0.216395] MDS: Mitigation: Clear CPU buffers
[ 0.529136] Freeing SMP alternatives memory: 28K
[ 0.605718] smpboot: Max logical packages: 1
[ 0.616934] x2apic enabled
[ 0.620036] Switched APIC routing to physical x2apic.
[ 0.632000] ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1
[ 0.632000] smpboot: CPU0: Intel(R) Xeon(R) Processor @ 3.50GHz (family: 0x6, model: 0x3a, stepping: 0x9)
[ 0.637205] Performance Events: unsupported p6 CPU model 58 no PMU driver, software events only.
[ 0.644357] Hierarchical SRCU implementation.
[ 0.669992] smp: Bringing up secondary CPUs ...
[ 0.672049] smp: Brought up 1 node, 1 CPU
[ 0.676041] smpboot: Total of 1 processors activated (7211.31 BogoMIPS)
[ 0.690988] devtmpfs: initialized
[ 0.694027] x86/mm: Memory block size: 128MB
[ 0.705480] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
[ 0.708046] futex hash table entries: 256 (order: 2, 16384 bytes)
[ 0.729365] NET: Registered protocol family 16
[ 0.738640] cpuidle: using governor ladder
[ 0.740039] cpuidle: using governor menu
[ 0.856592] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[ 0.869472] SCSI subsystem initialized
[ 0.872359] pps_core: LinuxPPS API ver. 1 registered
[ 0.876038] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 0.880044] PTP clock support registered
[ 0.884367] dmi: Firmware registration failed.
[ 0.889763] NetLabel: Initializing
[ 0.892039] NetLabel: domain hash size = 128
[ 0.896038] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO
[ 0.901932] NetLabel: unlabeled traffic allowed by default
[ 0.905442] clocksource: Switched to clocksource kvm-clock
[ 0.911542] VFS: Disk quotas dquot_6.6.0
[ 0.916449] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.942885] NET: Registered protocol family 2
[ 0.951260] TCP established hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.961090] TCP bind hash table entries: 4096 (order: 4, 65536 bytes)
[ 0.972938] TCP: Hash tables configured (established 4096 bind 4096)
[ 0.986778] UDP hash table entries: 256 (order: 1, 8192 bytes)
[ 0.995387] UDP-Lite hash table entries: 256 (order: 1, 8192 bytes)
[ 1.004173] NET: Registered protocol family 1
[ 1.013958] virtio-mmio: Registering device virtio-mmio.0 at 0xc0001000-0xc0001fff, IRQ 6.
[ 1.024883] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x33f934427b6, max_idle_ns: 440795345966 ns
[ 1.037227] platform rtc_cmos: registered platform RTC device (no PNP device found)
[ 1.047152] Scanning for low memory corruption every 60 seconds
[ 1.056239] audit: initializing netlink subsys (disabled)
[ 1.068738] Initialise system trusted keyrings
[ 1.074291] Key type blacklist registered
[ 1.079438] audit: type=2000 audit(1773978596.084:1): state=initialized audit_enabled=0 res=1
[ 1.089977] workingset: timestamp_bits=36 max_order=17 bucket_order=0
[ 1.181853] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 1.198708] Key type asymmetric registered
[ 1.204058] Asymmetric key parser 'x509' registered
[ 1.210115] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
[ 1.219567] io scheduler noop registered (default)
[ 1.225585] io scheduler cfq registered
[ 1.231288] virtio-mmio virtio-mmio.0: Failed to enable 64-bit or 32-bit DMA. Trying to continue, but this might not work.
[ 1.245421] Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
[ 1.292789] serial8250: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a U6_16550A
[ 1.371915] loop: module loaded
[ 1.390753] Loading iSCSI transport class v2.0-870.
[ 1.408078] iscsi: registered transport (tcp)
[ 1.413842] tun: Universal TUN/TAP device driver, 1.6
2026-03-20T12:49:57.173330747 [anonymous-instance:fc_vcpu 0] Failed to trigger i8042 kbd interrupt (disabled by guest OS)
[ 1.447221] i8042: Failed to disable AUX port, but continuing anyway... Is this a SiS?
[ 1.457317] i8042: If AUX port is really absent please use the 'i8042.noaux' option
2026-03-20T12:49:57.217806781 [anonymous-instance:fc_vcpu 0] Failed to trigger i8042 kbd interrupt (disabled by guest OS)
[ 1.733110] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 1.756503] hidraw: raw HID events driver (C) Jiri Kosina
[ 1.775475] nf_conntrack version 0.5.0 (4096 buckets, 16384 max)
[ 1.795544] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 1.802536] Initializing XFRM netlink socket
[ 1.808489] NET: Registered protocol family 10
[ 1.829306] Segment Routing with IPv6
[ 1.834142] NET: Registered protocol family 17
[ 1.839807] Bridge firewalling registered
[ 1.845600] NET: Registered protocol family 40
[ 1.851912] sched_clock: Marking stable (1851201325, 0)->(4046771894, -2195570569)
[ 1.862514] registered taskstats version 1
[ 1.867676] Loading compiled-in X.509 certificates
[ 1.878101] Loaded X.509 cert 'Build time autogenerated kernel key: e98e9d271da5d0a322cc4d7bfaa8c2c4c3e46010'
[ 1.891714] Key type encrypted registered
[ 2.278726] input: AT Raw Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
[ 2.330756] EXT4-fs (vda): recovery complete
[ 2.337892] EXT4-fs (vda): mounted filesystem with ordered data mode. Opts: (null)
[ 2.347005] VFS: Mounted root (ext4 filesystem) on device 254:0.
[ 2.356482] devtmpfs: mounted
[ 2.407019] Freeing unused kernel memory: 1324K
[ 2.420616] Write protecting the kernel read-only data: 12288k
[ 2.592960] Freeing unused kernel memory: 2016K
[ 2.649394] Freeing unused kernel memory: 568K
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
[ 2.727891] random: fast init done
root@(none):/#
root@(none):/#
root@(none):/# ls
bin etc lib lost+found proc run srv tmp var
dev home lib64 opt root sbin sys usr
root@(none):/# 操作用コンソールのログ
$ sh run-hello-sh.sh
HTTP/1.1 204
Server: Firecracker API
Connection: keep-alive
HTTP/1.1 204
Server: Firecracker API
Connection: keep-alive
HTTP/1.1 204
Server: Firecracker API
Connection: keep-alive
HTTP/1.1 204
Server: Firecracker API
Connection: keep-alive