- 1. What is Cloud Hypervisor?
- 2. Getting Started
- 3. Status
- 4. Relationship with Rust VMM Project
- 5. Community
Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of the KVM hypervisor and the Microsoft Hypervisor (MSHV).
The project focuses on running modern, Cloud Workloads, on specific, common, hardware architectures. In this case Cloud Workloads refers to those that are run by customers inside a Cloud Service Provider. This means modern operating systems with most I/O handled by paravirtualised devices (e.g. virtio), no requirement for legacy devices, and 64-bit CPUs.
Cloud Hypervisor is implemented in Rust and is based on the Rust VMM crates.
- Runs on KVM or MSHV
- Minimal emulation
- Low latency
- Low memory footprint
- Low complexity
- High performance
- Small attack surface
- 64-bit support only
- CPU, memory, PCI hotplug
- Machine to machine migration
Cloud Hypervisor supports the x86-64 and AArch64 architectures. There are
minor differences in functionality between the two architectures
(see #1125).
Cloud Hypervisor supports 64-bit Linux and Windows 10/Windows Server 2019.
The following sections describe how to build and run Cloud Hypervisor.
- AArch64 servers (recommended) or development boards equipped with the GICv3 interrupt controller.
For required KVM functionality and adequate performance the recommended host kernel version is 5.13. The majority of the CI currently tests with kernel version 5.15.
The recommended approach to getting started with Cloud Hypervisor is by using a
pre-built binary. Binaries are available for the latest
release.
Use cloud-hypervisor-static for x86-64 or cloud-hypervisor-static-aarch64
for AArch64 platform.
For convenience, packages are also available targeting some popular Linux distributions. This is thanks to the Open Build Service. The OBS README explains how to enable the repository in a supported Linux distribution and install Cloud Hypervisor and accompanying packages. Please report any packaging issues in the obs-packaging repository.
Please see the instructions for building from source if you do not wish to use the pre-built binaries.
Cloud Hypervisor supports direct kernel boot (the x86-64 kernel requires the kernel
built with PVH support or a bzImage) or booting via a firmware (either Rust Hypervisor
Firmware or an
edk2 UEFI firmware called CLOUDHV / CLOUDHV_EFI.)
Binary builds of the firmware files are available for the latest release of Rust Hypervisor Firmware and our edk2 repository
The choice of firmware depends on your guest OS choice; some experimentation may be required.
Cloud Hypervisor supports booting disk images containing all needed components to run cloud workloads, a.k.a. cloud images.
The following sample commands will download an Ubuntu Cloud image, converting it into a format that Cloud Hypervisor can use and a firmware to boot the image with.
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw
$ wget https://github.com/cloud-hypervisor/rust-hypervisor-firmware/releases/download/0.4.2/hypervisor-fwThe Ubuntu cloud images do not ship with a default password so it necessary to
use a cloud-init disk image to customise the image on the first boot. A basic
cloud-init image is generated by this script.
This seeds the image with a default username/password of cloud/cloud123. It
is only necessary to add this disk image on the first boot. Script also assigns
default IP address using test_data/cloud-init/ubuntu/local/network-config details
with --net "mac=12:34:56:78:90:ab,tap=" option. Then the matching mac address
interface will be enabled as per network-config details.
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor
$ ./create-cloud-init.sh
$ ./cloud-hypervisor \
--kernel ./hypervisor-fw \
--disk path=focal-server-cloudimg-amd64.raw path=/tmp/ubuntu-cloudinit.img \
--cpus boot=4 \
--memory size=1024M \
--net "tap=,mac=,ip=,mask="If access to the firmware messages or interaction with the boot loader (e.g.
GRUB) is required then it necessary to switch to the serial console instead of
virtio-console.
$ ./cloud-hypervisor \
--kernel ./hypervisor-fw \
--disk path=focal-server-cloudimg-amd64.raw path=/tmp/ubuntu-cloudinit.img \
--cpus boot=4 \
--memory size=1024M \
--net "tap=,mac=,ip=,mask=" \
--serial tty \
--console offCloud Hypervisor also supports direct kernel boot. For x86-64, a vmlinux ELF kernel (compiled with PVH support) or a regular bzImage are supported. In order to support development there is a custom branch; however provided the required options are enabled any recent kernel will suffice.
To build the kernel:
# Clone the Cloud Hypervisor Linux branch
$ git clone --depth 1 https://github.com/cloud-hypervisor/linux.git -b ch-6.2 linux-cloud-hypervisor
$ pushd linux-cloud-hypervisor
# Use the x86-64 cloud-hypervisor kernel config to build your kernel for x86-64
$ wget https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/main/resources/linux-config-x86_64
# Use the AArch64 cloud-hypervisor kernel config to build your kernel for AArch64
$ wget https://raw.githubusercontent.com/cloud-hypervisor/cloud-hypervisor/main/resources/linux-config-aarch64
$ cp linux-config-x86_64 .config # x86-64
$ cp linux-config-aarch64 .config # AArch64
# Do native build of the x86-64 kernel
$ KCFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc`
# Do native build of the AArch64 kernel
$ make -j `nproc`
$ popdFor x86-64, the vmlinux kernel image will then be located at
linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin.
For AArch64, the Image kernel image will then be located at
linux-cloud-hypervisor/arch/arm64/boot/Image.
For the disk image the same Ubuntu image as before can be used. This contains
an ext4 root filesystem.
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img # x86-64
$ wget https://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-arm64.img # AArch64
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-amd64.img focal-server-cloudimg-amd64.raw # x86-64
$ qemu-img convert -p -f qcow2 -O raw focal-server-cloudimg-arm64.img focal-server-cloudimg-arm64.raw # AArch64These sample commands boot the disk image using the custom kernel whilst also supplying the desired kernel command line.
- x86-64
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor
$ ./create-cloud-init.sh
$ ./cloud-hypervisor \
--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
--disk path=focal-server-cloudimg-amd64.raw path=/tmp/ubuntu-cloudinit.img \
--cmdline "console=hvc0 root=/dev/vda1 rw" \
--cpus boot=4 \
--memory size=1024M \
--net "tap=,mac=,ip=,mask="- AArch64
$ sudo setcap cap_net_admin+ep ./cloud-hypervisor
$ ./create-cloud-init.sh
$ ./cloud-hypervisor \
--kernel ./linux-cloud-hypervisor/arch/arm64/boot/Image \
--disk path=focal-server-cloudimg-arm64.raw path=/tmp/ubuntu-cloudinit.img \
--cmdline "console=hvc0 root=/dev/vda1 rw" \
--cpus boot=4 \
--memory size=1024M \
--net "tap=,mac=,ip=,mask="If earlier kernel messages are required the serial console should be used instead of virtio-console.
- x86-64
$ ./cloud-hypervisor \
--kernel ./linux-cloud-hypervisor/arch/x86/boot/compressed/vmlinux.bin \
--console off \
--serial tty \
--disk path=focal-server-cloudimg-amd64.raw \
--cmdline "console=ttyS0 root=/dev/vda1 rw" \
--cpus boot=4 \
--memory size=1024M \
--net "tap=,mac=,ip=,mask="- AArch64
$ ./cloud-hypervisor \
--kernel ./linux-cloud-hypervisor/arch/arm64/boot/Image \
--console off \
--serial tty \
--disk path=focal-server-cloudimg-arm64.raw \
--cmdline "console=ttyAMA0 root=/dev/vda1 rw" \
--cpus boot=4 \
--memory size=1024M \
--net "tap=,mac=,ip=,mask="Cloud Hypervisor is under active development. The following stability guarantees are currently made:
-
The API (including command line options) will not be removed or changed in a breaking way without a minimum of 2 major releases notice. Where possible warnings will be given about the use of deprecated functionality and the deprecations will be documented in the release notes.
-
Point releases will be made between individual releases where there are substantial bug fixes or security issues that need to be fixed. These point releases will only include bug fixes.
Currently the following items are not guaranteed across updates:
- Snapshot/restore is not supported across different versions
- Live migration is not supported across different versions
- The following features are considered experimental and may change substantially between releases: TDX, vfio-user, vDPA.
Further details can be found in the release documentation.
As of 2023-01-03, the following cloud images are supported:
- Ubuntu Focal (focal-server-cloudimg-{amd64,arm64}.img)
- Ubuntu Jammy (jammy-server-cloudimg-{amd64,arm64}.img )
- Fedora 36 (Fedora-Cloud-Base-36-1.5.x86_64.raw.xz / Fedora-Cloud-Base-36-1.5.aarch64.raw.xz)
Direct kernel boot to userspace should work with a rootfs from most distributions although you may need to enable exotic filesystem types in the reference kernel configuration (e.g. XFS or btrfs.)
Cloud Hypervisor supports hotplug of CPUs, passthrough devices (VFIO),
virtio-{net,block,pmem,fs,vsock} and memory resizing. This
document details how to add devices to a running VM.
Details of the device model can be found in this documentation.
The project roadmap is tracked through a GitHub project.
In order to satisfy the design goal of having a high-performance, security-focused hypervisor the decision was made to use the Rust programming language. The language's strong focus on memory and thread safety makes it an ideal candidate for implementing VMMs.
Instead of implementing the VMM components from scratch, Cloud Hypervisor is importing the Rust VMM crates, and sharing code and architecture together with other VMMs like e.g. Amazon's Firecracker and Google's crosvm.
Cloud Hypervisor embraces the Rust VMM project's goals, which is to be able to share and re-use as many virtualization crates as possible.
A large part of the Cloud Hypervisor code is based on either the Firecracker or the crosvm project's implementations. Both of these are VMMs written in Rust with a focus on safety and security, like Cloud Hypervisor.
The goal of the Cloud Hypervisor project differs from the aforementioned projects in that it aims to be a general purpose VMM for Cloud Workloads and not limited to container/serverless or client workloads.
The Cloud Hypervisor community thanks the communities of both the Firecracker and crosvm projects for their excellent work.
The Cloud Hypervisor project follows the governance, and community guidelines described in the Community repository.
The project strongly believes in building a global, diverse and collaborative community around the Cloud Hypervisor project. Anyone who is interested in contributing to the project is welcome to participate.
Contributing to a open source project like Cloud Hypervisor covers a lot more than just sending code. Testing, documentation, pull request reviews, bug reports, feature requests, project improvement suggestions, etc, are all equal and welcome means of contribution. See the CONTRIBUTING document for more details.
Get an invite to our Slack channel, join us on Slack, and participate in our community activities.
Please report bugs using the GitHub issue tracker but for broader community discussions you may use our mailing list.
Please contact the maintainers listed in the MAINTAINERS.md file with security issues.
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent