Merge branch 'main' into main

.buildkite/common.py

@@ -13,21 +13,26 @@
 import subprocess
 from pathlib import Path
 
-DEFAULT_INSTANCES = {
-    "c5n.metal": "x86_64",  # Intel Skylake
-    "m5n.metal": "x86_64",  # Intel Cascade Lake
-    "m6i.metal": "x86_64",  # Intel Icelake
-    "m6a.metal": "x86_64",  # AMD Milan
-    "m6g.metal": "aarch64",  # Graviton2
-    "m7g.metal": "aarch64",  # Graviton3
-}
+DEFAULT_INSTANCES = [
+    "c5n.metal",  # Intel Skylake
+    "m5n.metal",  # Intel Cascade Lake
+    "m6i.metal",  # Intel Icelake
+    "m6a.metal",  # AMD Milan
+    "m6g.metal",  # Graviton2
+    "m7g.metal",  # Graviton3
+]
 
 DEFAULT_PLATFORMS = [
     ("al2", "linux_5.10"),
     ("al2023", "linux_6.1"),
 ]
 
 
+def get_arch_for_instance(instance):
+    """Return instance architecture"""
+    return "x86_64" if instance[2] != "g" else "aarch64"
+
+
 def overlay_dict(base: dict, update: dict):
     """Overlay a dict over a base one"""
     base = base.copy()
@@ -145,7 +150,7 @@ def __call__(self, parser, namespace, value, option_string=None):
     "--instances",
     required=False,
     nargs="+",
-    default=DEFAULT_INSTANCES.keys(),
+    default=DEFAULT_INSTANCES,
 )
 COMMON_PARSER.add_argument(
     "--platforms",
@@ -288,7 +293,7 @@ def _adapt_group(self, group):
             step["command"] = prepend + step["command"]
             if self.shared_build is not None:
                 step["depends_on"] = self.build_key(
-                    DEFAULT_INSTANCES[step["agents"]["instance"]]
+                    get_arch_for_instance(step["agents"]["instance"])
                 )
         return group
 
@@ -323,7 +328,7 @@ def build_group_per_arch(self, label, *args, **kwargs):
         if set_key:
             for step in grp["steps"]:
                 step["key"] = self.build_key(
-                    DEFAULT_INSTANCES[step["agents"]["instance"]]
+                    get_arch_for_instance(step["agents"]["instance"])
                 )
         return self.add_step(grp, depends_on_build=depends_on_build)
 

.buildkite/pipeline_cpu_template.py

@@ -34,7 +34,7 @@ class BkStep(str, Enum):
             "tools/devtool -y test --no-build -- -m no_block_pr integration_tests/functional/test_cpu_template_helper.py -k test_guest_cpu_config_change",
         ],
         BkStep.LABEL: "🖐️ fingerprint",
-        "instances": DEFAULT_INSTANCES.keys(),
+        "instances": DEFAULT_INSTANCES,
         "platforms": DEFAULT_PLATFORMS,
     },
     "cpuid_wrmsr": {

.buildkite/pipeline_cross.py

@@ -21,10 +21,12 @@
     instances_x86_64 = ["c5n.metal", "m5n.metal", "m6i.metal", "m6a.metal"]
     instances_aarch64 = ["m7g.metal"]
     commands = [
-        "./tools/devtool -y sh ./tools/create_snapshot_artifact/main.py",
-        "mkdir -pv snapshots/{instance}_{kv}",
-        "sudo chown -Rc $USER: snapshot_artifacts",
-        "mv -v snapshot_artifacts/* snapshots/{instance}_{kv}",
+        "./tools/devtool -y test --no-build -- -m nonci -n4 integration_tests/functional/test_snapshot_phase1.py",
+        # punch holes in mem snapshot tiles and tar them so they are preserved in S3
+        "find test_results/test_snapshot_phase1 -type f -name mem |xargs -P4 -t -n1 fallocate -d",
+        "mv -v test_results/test_snapshot_phase1 snapshot_artifacts",
+        "mkdir -pv snapshots",
+        "tar cSvf snapshots/{instance}_{kv}.tar snapshot_artifacts",
     ]
     pipeline.build_group(
         "📸 create snapshots",
@@ -80,10 +82,10 @@
         k_val = pytest_keyword_for_instance.get(dst_instance, "")
         step = {
             "command": [
-                f"buildkite-agent artifact download snapshots/{src_instance}_{src_kv}/* .",
-                f"mv -v snapshots/{src_instance}_{src_kv} snapshot_artifacts",
+                f"buildkite-agent artifact download snapshots/{src_instance}_{src_kv}.tar .",
+                f"tar xSvf snapshots/{src_instance}_{src_kv}.tar",
                 *pipeline.devtool_test(
-                    pytest_opts=f"-m nonci {k_val} integration_tests/functional/test_snapshot_restore_cross_kernel.py",
+                    pytest_opts=f"-m nonci -n4 {k_val} integration_tests/functional/test_snapshot_restore_cross_kernel.py",
                 ),
             ],
             "label": f"🎬 {src_instance} {src_kv} ➡️ {dst_instance} {dst_kv}",

README.md

@@ -132,7 +132,7 @@ We test all combinations of:
 
 | Instance  | Host OS & Kernel  | Guest Rootfs | Guest Kernel |
 | :-------- | :---------------- | :----------- | :----------- |
-| c5n.metal | al2    linux_5.10 | ubuntu 22.04 | linux_5.10   |
+| c5n.metal | al2    linux_5.10 | ubuntu 24.04 | linux_5.10   |
 | m5n.metal | al2023 linux_6.1  |              | linux_6.1    |
 | m6i.metal |                   |              |              |
 | m6a.metal |                   |              |              |

docs/getting-started.md

@@ -9,7 +9,7 @@ You can check if your system meets the requirements by running
 `firecracker/tools/devtool checkenv`.
 
 An opinionated way to run Firecracker is to launch an
-[EC2](https://aws.amazon.com/ec2/) `c5.metal` instance with Ubuntu 22.04.
+[EC2](https://aws.amazon.com/ec2/) `c5.metal` instance with Ubuntu 24.04.
 
 Firecracker requires [the KVM Linux kernel module](https://www.linux-kvm.org/)
 to perform its virtualization and emulation tasks.
@@ -95,24 +95,26 @@ For simplicity, this guide will not use the [`jailer`](../src/jailer/).
 
 To successfully start a microVM, you will need an uncompressed Linux kernel
 binary, and an ext4 file system image (to use as rootfs). This guide uses a 5.10
-kernel image with a Ubuntu 22.04 rootfs from our CI:
+kernel image with a Ubuntu 24.04 rootfs from our CI:
 
 ```bash
 ARCH="$(uname -m)"
 
-latest=$(wget "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/v1.10/x86_64/vmlinux-5.10&list-type=2" -O - 2>/dev/null | grep "(?<=<Key>)(firecracker-ci/v1.10/x86_64/vmlinux-5\.10\.[0-9]{3})(?=</Key>)" -o -P)
+latest=$(wget "http://spec.ccfc.min.s3.amazonaws.com/?prefix=firecracker-ci/v1.10/$ARCH/vmlinux-5.10&list-type=2" -O - 2>/dev/null | grep -oP "(?<=<Key>)(firecracker-ci/v1.10/$ARCH/vmlinux-5\.10\.[0-9]{1,3})(?=</Key>)")
 
 # Download a linux kernel binary
 wget "https://s3.amazonaws.com/spec.ccfc.min/${latest}"
 
 # Download a rootfs
-wget "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.10/${ARCH}/ubuntu-22.04.ext4"
-
-# Download the ssh key for the rootfs
-wget "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.10/${ARCH}/ubuntu-22.04.id_rsa"
-
-# Set user read permission on the ssh key
-chmod 400 ./ubuntu-22.04.id_rsa
+wget -O ubuntu-24.04.squashfs.upstream "https://s3.amazonaws.com/spec.ccfc.min/firecracker-ci/v1.10/${ARCH}/ubuntu-24.04.squashfs"
+
+# Create an ssh key for the rootfs
+unsquashfs ubuntu-24.04.squashfs.upstream
+ssh-keygen -f id_rsa -N ""
+cp -v id_rsa.pub squashfs-root/root/.ssh/authorized_keys
+mv -v id_rsa ./ubuntu-24.04.id_rsa
+# re-squash
+mksquashfs squashfs-root ubuntu-24.04.squashfs -all-root -noappend -comp zstd
 ```
 
 ### Getting a Firecracker Binary
@@ -238,7 +240,7 @@ sudo curl -X PUT --unix-socket "${API_SOCKET}" \
     }" \
     "http://localhost/boot-source"
 
-ROOTFS="./ubuntu-22.04.ext4"
+ROOTFS="./ubuntu-24.04.ext4"
 
 # Set rootfs
 sudo curl -X PUT --unix-socket "${API_SOCKET}" \
@@ -280,13 +282,13 @@ sudo curl -X PUT --unix-socket "${API_SOCKET}" \
 sleep 2s
 
 # Setup internet access in the guest
-ssh -i ./ubuntu-22.04.id_rsa [email protected]  "ip route add default via 172.16.0.1 dev eth0"
+ssh -i ./ubuntu-24.04.id_rsa [email protected]  "ip route add default via 172.16.0.1 dev eth0"
 
 # Setup DNS resolution in the guest
-ssh -i ./ubuntu-22.04.id_rsa [email protected]  "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"
+ssh -i ./ubuntu-24.04.id_rsa [email protected]  "echo 'nameserver 8.8.8.8' > /etc/resolv.conf"
 
 # SSH into the microVM
-ssh -i ./ubuntu-22.04.id_rsa [email protected]
+ssh -i ./ubuntu-24.04.id_rsa [email protected]
 
 # Use `root` for both the login and password.
 # Run `reboot` to exit.

docs/snapshotting/snapshot-support.md

@@ -642,8 +642,8 @@ booting, to avoid this issue.
 
 We have a mechanism in place to experiment with snapshot compatibility across
 supported host kernel versions by generating snapshot artifacts through
-[this tool](../../tools/create_snapshot_artifact) and checking devices'
-functionality using
+[this test](../../tests/integration_tests/functional/test_snapshot_phase1.py)
+and checking devices' functionality using
 [this test](../../tests/integration_tests/functional/test_snapshot_restore_cross_kernel.py).
 The test restores the snapshot and ensures that all the devices set-up (network
 devices, disk, vsock, balloon and MMDS) are operational post-load.