firecracker icon indicating copy to clipboard operation
firecracker copied to clipboard

Published 20 hours ago verified publisher icon firecracker-microvm

[Feature Request] Support changing the vsock CID on snapshot restore

Open simonis opened this issue 2 years ago • 1 comments

Feature Request

I'm aware of the vsock device limitations described in snapshot-support.md.

However there's no mentioning of how to support multiple clones of a snapshot with a configured vsock on the same host (they'll all share the same CID). For network interfaces, Network Connectivity for Clones describes pretty nicely how multiple clones can be run on the same host by using network namespaces. But to my knowledge, there's no network namespace support available for vsock sockets (I only found "vsock: support network namespace" which doesn't seem to have been finished yet).

I tried to configure a different vsock CID/path before restoring a snapshot, but in that case restoring fails with:

2022-12-30T20:46:38.507150111 [anonymous-instance:fc_api:ERROR:src/api_server/src/parsed_request.rs:190] Received Error. Status code: 400 Bad Request. Message: Loading a microVM snapshot not allowed after configuring boot-specific resources.

Describe the desired solution

The vsock man page mentions the following about "live migrations":

   Sockets are affected by live migration of virtual machines.
   Connected SOCK_STREAM sockets become disconnected when the
   virtual machine migrates to a new host.  Applications must
   reconnect when this happens.

   The local CID may change across live migration if the old CID is
   not available on the new host.  Bound sockets are automatically
   updated to the new CID.

I wonder if it wouldn't be possible to implement the vsock support in Firecracker such that the CID/socket path can be changed for a snapshot at restore time?

In addition to allowing multiple clones with configured vsockets, such a change would also make it possible to use the vsock device for obtaining a simple SysGenID (see #2546).

Please let me know if there's anything obvious that I'm missing?

Checks

  • [x] Have you searched the Firecracker Issues database for similar requests?
  • [x] Have you read all the existing relevant Firecracker documentation?
  • [x] Have you read and understood Firecracker's core tenets?

simonis avatar Dec 30 '22 21:12 simonis

Hi @simonis,

Thanks for logging the request. This is something we will need to look into and seems reasonable at first glance.

As a side thought, you made mention of SysGenID which seems like a particularly specific application between guest<->host communication. I'm not sure what use-case you are working with more specifically, but using MMDS may be worth considering as well.

mattschlebusch avatar Feb 06 '23 09:02 mattschlebusch