2020-09-17 16:28:40 +00:00
- [1. What is Cloud Hypervisor? ](#1-what-is-cloud-hypervisor )
2020-10-08 16:49:40 +00:00
- [Objectives ](#objectives )
- [High Level ](#high-level )
- [Architectures ](#architectures )
- [Guest OS ](#guest-os )
2020-09-17 16:28:40 +00:00
- [2. Getting Started ](#2-getting-started )
2022-01-18 09:04:46 +00:00
- [Preparation ](#preparation )
2021-07-23 08:51:41 +00:00
- [Install prerequisites ](#install-prerequisites )
2020-10-08 16:49:40 +00:00
- [Clone and build ](#clone-and-build )
- [Containerized builds and tests ](#containerized-builds-and-tests )
- [Run ](#run )
- [Cloud image ](#cloud-image )
- [Custom kernel and disk image ](#custom-kernel-and-disk-image )
- [Building your kernel ](#building-your-kernel )
- [Disk image ](#disk-image )
- [Booting the guest VM ](#booting-the-guest-vm )
2020-09-17 16:28:40 +00:00
- [3. Status ](#3-status )
2020-10-08 16:49:40 +00:00
- [Hot Plug ](#hot-plug )
- [Device Model ](#device-model )
- [TODO ](#todo )
2020-09-17 16:28:40 +00:00
- [4. `rust-vmm` project dependency ](#4-rust-vmm-project-dependency )
2020-10-08 16:49:40 +00:00
- [Firecracker and crosvm ](#firecracker-and-crosvm )
2020-09-17 16:28:40 +00:00
- [5. Community ](#5-community )
2020-10-08 16:49:40 +00:00
- [Contribute ](#contribute )
- [Join us ](#join-us )
2021-07-23 08:51:41 +00:00
- [Security issues ](#security-issues )
2019-05-09 05:04:34 +00:00
# 1. What is Cloud Hypervisor?
2022-02-01 09:24:12 +00:00
Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on
top of [KVM ](https://www.kernel.org/doc/Documentation/virtual/kvm/api.txt )
hypervisor and Microsoft Hypervisor (MSHV).
2021-04-29 09:15:12 +00:00
2022-02-01 09:24:12 +00:00
The project focuses on exclusively running modern, cloud workloads, on top of
a limited set of hardware architectures and platforms. Cloud workloads refers
to those that are usually run by customers inside a cloud provider. For our
purposes this means modern operating systems with most I/O handled by
paravirtualised devices (i.e. virtio), no requirement for legacy devices, and
64-bit CPUs.
2019-05-09 05:04:34 +00:00
2022-02-01 09:24:12 +00:00
Cloud Hypervisor is implemented in [Rust ](https://www.rust-lang.org/ ) and is
based on the [rust-vmm ](https://github.com/rust-vmm ) crates.
2019-05-09 05:04:34 +00:00
## Objectives
### High Level
2021-04-29 09:15:12 +00:00
- Runs on KVM or MSHV
2020-10-08 16:49:40 +00:00
- Minimal emulation
- Low latency
- Low memory footprint
- Low complexity
- High performance
- Small attack surface
- 64-bit support only
- CPU, memory, PCI hotplug
- Machine to machine migration
2019-05-09 05:04:34 +00:00
### Architectures
2022-02-01 09:24:12 +00:00
Cloud Hypervisor supports the `x86-64` and `AArch64` architectures. There are
some small differences in functionality between the two architectures
(see [#1125 ](https://github.com/cloud-hypervisor/cloud-hypervisor/issues/1125 )).
2019-05-09 05:04:34 +00:00
### Guest OS
2021-04-29 09:15:12 +00:00
Cloud Hypervisor supports `64-bit Linux` and Windows 10/Windows Server 2019.
2019-05-09 05:04:34 +00:00
# 2. Getting Started
2021-12-01 03:25:28 +00:00
Below sections describe how to build and run Cloud Hypervisor on the `x86_64`
platform. For getting started on the `AArch64` platform, please refer to the
[Arm64 documentation ](docs/arm64.md ).
## Preparation
2019-05-09 05:04:34 +00:00
We create a folder to build and run `cloud-hypervisor` at `$HOME/cloud-hypervisor`
```shell
$ export CLOUDH=$HOME/cloud-hypervisor
$ mkdir $CLOUDH
```
2020-10-08 16:53:16 +00:00
## Install prerequisites
2022-02-01 09:24:12 +00:00
You need to install some prerequisite packages in order to build and test Cloud
Hypervisor. Here, all the steps are based on Ubuntu, for other Linux
distributions please replace the package manager and package name.
2020-10-08 16:53:16 +00:00
```shell
# Install git
$ sudo apt install git
# Install rust tool chain
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Install build-essential
$ sudo apt install build-essential
# If you want to build statically linked binary please add musl target
$ rustup target add x86_64-unknown-linux-musl
```
2019-05-09 05:04:34 +00:00
## Clone and build
First you need to clone and build the cloud-hypervisor repo:
```shell
$ pushd $CLOUDH
2019-11-21 10:05:30 +00:00
$ git clone https://github.com/cloud-hypervisor/cloud-hypervisor.git
2019-05-09 05:04:34 +00:00
$ cd cloud-hypervisor
$ cargo build --release
# We need to give the cloud-hypervisor binary the NET_ADMIN capabilities for it to set TAP interfaces up on the host.
$ sudo setcap cap_net_admin+ep ./target/release/cloud-hypervisor
2020-10-08 16:53:16 +00:00
# If you want to build statically linked binary
$ cargo build --release --target=x86_64-unknown-linux-musl --all
2019-05-09 05:04:34 +00:00
$ popd
```
2022-02-01 09:24:12 +00:00
This will build a `cloud-hypervisor` binary under
`$CLOUDH/cloud-hypervisor/target/release/cloud-hypervisor` .
2019-05-09 05:04:34 +00:00
2020-01-30 23:34:16 +00:00
### Containerized builds and tests
If you want to build and test Cloud Hypervisor without having to install all the
required dependencies (The rust toolchain, cargo tools, etc), you can also use
Cloud Hypervisor's development script: `dev_cli.sh` . Please note that upon its
first invocation, this script will pull a fairly large container image.
For example, to build the Cloud Hypervisor release binary:
```shell
$ pushd $CLOUDH
$ cd cloud-hypervisor
$ ./scripts/dev_cli.sh build --release
```
With `dev_cli.sh` , one can also run the Cloud Hypervisor CI locally. This can be
very convenient for debugging CI errors without having to fully rely on the
Cloud Hypervisor CI infrastructure.
For example, to run the Cloud Hypervisor unit tests:
```shell
2020-02-06 14:26:52 +00:00
$ ./scripts/dev_cli.sh tests --unit
2020-01-30 23:34:16 +00:00
```
Run the `./scripts/dev_cli.sh --help` command to view all the supported
development script commands and their related options.
2019-05-09 05:04:34 +00:00
## Run
2022-02-01 09:24:12 +00:00
You can run a guest VM by either using an existing cloud image or booting into
your own kernel and disk image.
2019-05-09 05:04:34 +00:00
### Cloud image
2020-09-17 14:21:52 +00:00
Cloud Hypervisor supports booting disk images containing all needed
2020-10-08 16:49:40 +00:00
components to run cloud workloads, a.k.a. cloud images. To do that we rely on
2019-05-22 13:58:57 +00:00
the [Rust Hypervisor
2022-02-01 09:24:12 +00:00
Firmware](https://github.com/cloud-hypervisor/rust-hypervisor-firmware) project
to provide an ELF formatted KVM firmware for `cloud-hypervisor` to directly
boot into.
2019-05-09 05:04:34 +00:00
2022-02-01 09:24:12 +00:00
We need to get the latest `rust-hypervisor-firmware` release and also a working
cloud image. Here we will use a Ubuntu image:
2019-05-09 05:04:34 +00:00
```shell
$ pushd $CLOUDH
2020-07-02 16:30:16 +00:00
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw
2021-07-23 08:52:01 +00:00
$ wget https://github.com/cloud-hypervisor/rust-hypervisor-firmware/releases/download/0.3.2/hypervisor-fw
2019-05-09 05:04:34 +00:00
$ popd
```
```shell
$ pushd $CLOUDH
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor/target/release/cloud-hypervisor
$ ./cloud-hypervisor/target/release/cloud-hypervisor \
--kernel ./hypervisor-fw \
2020-07-02 16:30:16 +00:00
--disk path=focal-server-cloudimg-amd64.raw \
2019-12-12 11:20:59 +00:00
--cpus boot=4 \
2019-07-10 16:20:44 +00:00
--memory size=1024M \
2022-01-06 00:54:47 +00:00
--net "tap=,mac=,ip=,mask="
2019-05-09 05:04:34 +00:00
$ popd
```
2019-10-03 21:41:25 +00:00
Multiple arguments can be given to the `--disk` parameter.
2019-05-22 13:58:57 +00:00
2019-05-09 05:04:34 +00:00
### Custom kernel and disk image
#### Building your kernel
2022-02-01 09:24:12 +00:00
Cloud Hypervisor also supports direct kernel boot into a `vmlinux` ELF kernel.
2022-02-01 09:26:40 +00:00
In order to support virtio-watchdog we have our own development branch. You are
2022-02-01 09:24:12 +00:00
of course able to use your own kernel but these instructions will continue with
the version that we develop and test against.
2020-01-23 10:40:52 +00:00
To build the kernel:
2019-05-09 05:04:34 +00:00
```shell
2020-01-23 10:40:52 +00:00
# Clone the Cloud Hypervisor Linux branch
2019-05-09 05:04:34 +00:00
$ pushd $CLOUDH
2022-01-04 16:34:01 +00:00
$ git clone --depth 1 https://github.com/cloud-hypervisor/linux.git -b ch-5.15.12 linux-cloud-hypervisor
2020-01-23 10:40:52 +00:00
$ pushd linux-cloud-hypervisor
2019-05-09 05:04:34 +00:00
# Use the cloud-hypervisor kernel config to build your kernel
2020-07-28 17:46:25 +00:00
$ cp $CLOUDH/cloud-hypervisor/resources/linux-config-x86_64 .config
2022-01-18 09:04:46 +00:00
$ KCFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc`
2019-05-09 05:04:34 +00:00
$ popd
```
2022-02-01 09:24:12 +00:00
The `vmlinux` kernel image will then be located at
`linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin` .
2019-05-09 05:04:34 +00:00
#### Disk image
2022-02-01 09:24:12 +00:00
For the disk image, we will use a Ubuntu cloud image that contains a root
partition:
2019-05-09 05:04:34 +00:00
```shell
$ pushd $CLOUDH
2020-07-02 16:30:16 +00:00
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw
2019-05-09 05:04:34 +00:00
$ popd
```
#### Booting the guest VM
2022-02-01 09:24:12 +00:00
Now we can directly boot into our custom kernel and make it use the Ubuntu root
partition. If we want to have 4 vCPUs and 1024 MBytes of memory:
2019-05-09 05:04:34 +00:00
```shell
$ pushd $CLOUDH
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor/target/release/cloud-hypervisor
$ ./cloud-hypervisor/target/release/cloud-hypervisor \
--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
2020-07-02 16:30:16 +00:00
--disk path=focal-server-cloudimg-amd64.raw \
--cmdline "console=hvc0 root=/dev/vda1 rw" \
2019-12-12 11:20:59 +00:00
--cpus boot=4 \
2019-07-24 13:20:39 +00:00
--memory size=1024M \
2022-01-06 00:54:47 +00:00
--net "tap=,mac=,ip=,mask="
2019-07-24 13:20:39 +00:00
```
The above example use the `virtio-console` device as the guest console, and this
device may not be enabled soon enough by the guest kernel to get early kernel
debug messages.
When in need for earlier debug messages, using the legacy serial device based
console is preferred:
```
$ ./cloud-hypervisor/target/release/cloud-hypervisor \
--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
--console off \
--serial tty \
2020-07-02 16:30:16 +00:00
--disk path=focal-server-cloudimg-amd64.raw \
--cmdline "console=ttyS0 root=/dev/vda1 rw" \
2019-12-12 11:20:59 +00:00
--cpus boot=4 \
2019-07-10 16:20:44 +00:00
--memory size=1024M \
2022-01-06 00:54:47 +00:00
--net "tap=,mac=,ip=,mask="
2019-05-09 05:04:34 +00:00
```
# 3. Status
2022-02-01 09:24:12 +00:00
Cloud Hypervisor is under active development. The following stability guarantees
are currently made:
2021-04-29 09:15:12 +00:00
* The API (including command line options) will not be removed or changed in a
breaking way without a minimum of 2 releases notice. Where possible warnings
will be given about the use of deprecated functionality and the deprecations
will be documented in the release notes.
* Point releases will be made between individual releases where there are
substantial bug fixes or security issues that need to be fixed.
Currently the following items are **not** guaranteed across updates:
* Snapshot/restore is not supported across different versions
* Live migration is not supported across different versions
* The following features are considered experimental and may change
substantially between releases: TDX, SGX.
2019-05-09 05:04:34 +00:00
2021-04-29 09:15:12 +00:00
As of 2021-04-29, the following cloud images are supported:
2020-10-08 16:49:40 +00:00
- [Ubuntu Bionic ](https://cloud-images.ubuntu.com/bionic/current/ ) (cloudimg)
- [Ubuntu Focal ](https://cloud-images.ubuntu.com/focal/current/ ) (cloudimg)
2021-04-29 09:15:12 +00:00
- [Ubuntu Groovy ](https://cloud-images.ubuntu.com/groovy/current/ ) (cloudimg)
- [Ubuntu Hirsute ](https://cloud-images.ubuntu.com/hirsute/current/ ) (cloudimg)
2019-12-12 11:55:09 +00:00
2022-02-01 09:24:12 +00:00
Direct kernel boot to userspace should work with a rootfs from most
distributions.
2019-05-09 05:04:34 +00:00
2019-12-12 16:44:49 +00:00
## Hot Plug
2022-02-01 09:24:12 +00:00
Cloud Hypervisor supports hotplug of CPUs, passthrough devices (VFIO),
`virtio-{net,block,pmem,fs,vsock}` and memory resizing. This
[document ](docs/hotplug.md ) details how to add devices to a running VM.
2019-12-12 16:44:49 +00:00
2019-11-18 21:31:41 +00:00
## Device Model
2022-02-01 09:24:12 +00:00
Details of the device model can be found in this
[documentation ](docs/device_model.md ).
2019-11-18 21:31:41 +00:00
2019-05-09 05:04:34 +00:00
## TODO
2022-02-01 09:24:12 +00:00
We are not tracking the Cloud Hypervisor TODO list from a specific git tracked
file but through
[github issues ](https://github.com/cloud-hypervisor/cloud-hypervisor/issues/new )
instead.
2019-05-09 05:04:34 +00:00
# 4. `rust-vmm` project dependency
2022-02-01 09:24:12 +00:00
In order to satisfy the design goal of having a high-performance,
security-focused hypervisor the decision was made to use the
[Rust ](https://www.rust-lang.org/ ) programming language. The language's strong
focus on memory and thread safety makes it an ideal candidate for implementing
VMMs.
Instead of implementing the VMM components from scratch, Cloud Hypervisor is
importing the [rust-vmm ](https://github.com/rust-vmm ) crates, and sharing code
and architecture together with other VMMs like e.g. Amazon's
[Firecracker ](https://firecracker-microvm.github.io/ ) and Google's
[crosvm ](https://chromium.googlesource.com/chromiumos/platform/crosvm/ ).
Cloud Hypervisor embraces the rust-vmm project goals, which is to be able to
share and re-use as many virtualization crates as possible. As such, the Cloud
Hypervisor relationship with the rust-vmm project is twofold:
1. It will use as much of the rust-vmm code as possible. Any new rust-vmm crate
that's relevant to the project goals will be integrated as soon as possible.
2. As it is likely that the rust-vmm project will lack some of the features that
Cloud Hypervisor needs (e.g. ACPI, VFIO, vhost-user, etc), we will be using
the Cloud Hypervisor VMM to implement and test them, and contribute them back
to the rust-vmm project.
2019-05-09 05:04:34 +00:00
## Firecracker and crosvm
2022-02-01 09:24:12 +00:00
A large part of the Cloud Hypervisor code is based on either the Firecracker or
the crosvm projects implementations. Both of these are VMMs written in Rust with
a focus on safety and security, like Cloud Hypervisor.
2019-05-09 05:04:34 +00:00
2022-02-01 09:24:12 +00:00
However we want to emphasize that the Cloud Hypervisor project is neither a fork
nor a reimplementation of any of those projects. The goals and use cases we're
trying to meet are different. We're aiming at supporting cloud workloads, i.e.
those modern, full Linux distribution images currently being run by Cloud
Service Provider (CSP) tenants.
2019-05-09 05:04:34 +00:00
2022-02-01 09:24:12 +00:00
Our primary target is not to support client or serverless use cases, and as such
our code base already diverges from the crosvm and Firecracker ones. As we add
more features to support our use cases, we believe that the divergence will
increase while at the same time sharing as much of the fundamental
virtualization code through the rust-vmm project crates as possible.
2019-05-09 05:04:34 +00:00
# 5. Community
2022-02-01 09:24:12 +00:00
The Cloud Hypervisor project follows the governance, and community guidelines
described in the [Community ](https://github.com/cloud-hypervisor/community )
repository.
2020-07-17 10:04:29 +00:00
## Contribute
2022-02-01 09:24:12 +00:00
We are working on building a global, diverse and collaborative community around
the Cloud Hypervisor project. Anyone who is interested in
[contributing ](CONTRIBUTING.md ) to the project is welcome to participate.
2019-05-09 05:04:34 +00:00
2022-02-01 09:24:12 +00:00
We believe that contributing to a open source project like Cloud Hypervisor
covers a lot more than just sending code. Testing, documentation, pull request
reviews, bug reports, feature requests, project improvement suggestions, etc,
are all equal and welcome means of contribution. See the
[CONTRIBUTING ](CONTRIBUTING.md ) document for more details.
2019-05-09 05:04:34 +00:00
## Join us
2019-09-25 11:57:26 +00:00
Get an [invite to our Slack channel ](https://join.slack.com/t/cloud-hypervisor/shared_invite/enQtNjY3MTE3MDkwNDQ4LWQ1MTA1ZDVmODkwMWQ1MTRhYzk4ZGNlN2UwNTI3ZmFlODU0OTcwOWZjMTkwZDExYWE3YjFmNzgzY2FmNDAyMjI )
2019-05-09 05:04:34 +00:00
and [join us on Slack ](https://cloud-hypervisor.slack.com/ ).
2021-04-08 14:28:48 +00:00
## Security issues
2022-02-15 15:37:15 +00:00
Please contact the maintainers listed in the MAINTAINERS.md file with security issues.