Draft
Conversation
Replace Firecracker microVMs with QEMU q35+KVM as an alternative VM backend. The worker selects the backend via OPENSANDBOX_VM_BACKEND env var (default: "qemu"). New internal/qemu/ package: - QMP client for VM lifecycle control (stop/cont/quit/migrate) - AF_VSOCK agent communication (replaces Firecracker's UDS+CONNECT protocol) - Hibernate/wake via QMP migrate (single state file vs Firecracker's mem+vmstate) - TAP networking with iptables DNAT/masquerade (same as Firecracker) - Manager implementing sandbox.Manager interface Key changes: - cmd/worker/main.go: backend selection switch (qemu vs firecracker) - internal/worker/autosave.go: SyncFSer interface decouples from Firecracker - internal/config/config.go: VMBackend and QEMUBin config fields - deploy/azure/: deployment and host setup scripts for Azure VMs Tested on Azure Standard_D48as_v6 (AMD EPYC): - test-exec.ts: 23/23 passed - test-commands.ts: 28/29 passed - test-file-ops.ts: 24/24 passed Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Fixes 8 issues encountered during initial QEMU deployment: - Use host's generic Ubuntu kernel instead of dead S3 URL - Extract guest kernel modules (vsock, overlay) for rootfs - Fix rootfs build args and module patching in deploy script - Fix DB seed (correct table name, UUID IDs, key_prefix column) - Stop services before binary copy to avoid "text file busy" - Fix systemd LimitNPROC=unlimited to LimitNPROC=infinity - Use X-API-Key header instead of Authorization: Bearer for tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
internal/qemu/package as an alternative VM backend to Firecracker, using QEMU q35 machine type with KVM accelerationOPENSANDBOX_VM_BACKENDenv var ("qemu"or"firecracker", default:"qemu")deploy/azure/) for quick dev testing on D-series VMsWorkspaceAutosaverfrom Firecracker viaSyncFSerinterfaceWhat's in the QEMU package
qmp.goagent_client.gomanager.gosandbox.Managerimplementation — create, kill, list, hibernate/wakesnapshot.go-incoming, cold boot fallbacknetwork.gorootfs.goKey differences from Firecracker
root=/dev/vda rwand nopci=off(virtio-pci needs PCI bus)Tested on Azure Standard_D48as_v6 (AMD EPYC 9V74)
test-exec.ts: 23/23 passed — exec.run, streaming, kill, file write/read, network, apt-gettest-commands.ts: 28/29 passed — stderr, exit codes, 10K line output, env vars, pipes, 10 concurrent commandstest-file-ops.ts: 24/24 passed — 1MB files, special chars, nested dirs, delete, listingTest plan
GOOS=linux go vet ./internal/qemu/...passes/exec/run)exec.startwith WebSocket)🤖 Generated with Claude Code