This PR allows selecting mount type, as "9p"

The default mount type is still as it was before.

~~Add mount option variable, for "rw" vs "ro"~~

Add mount type, for "reverse-sshfs" vs "9p"

Issue #20

~~QEMU with 9p-darwin patches available here:~~ ~~https://github.com/afbjorklund/homebrew-core/blob/qemu-9p-darwin/Formula/qemu.rb~~ ~~Patches from: https://github.com/willcohen/qemu/commits/v6.2.0-9p-darwin (or use HEAD)~~ ~~You can also use the latest/greatest QEMU HEAD.~~

EDIT: The qemu in brew now supports virtfs, also for darwin systems.

Example mount when booting with "sshfs":

:/tmp/lima on /tmp/lima type fuse.sshfs (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,allow_other)

Example mount when booting with "9p":

mount1 on /tmp/lima type 9p (rw,sync,dirsync,relatime,access=client,msize=131072,trans=virtio)

This MR allows you create VMs using CentOS 7

My centos7.yaml file:

images:
- location: "https://cloud.centos.org/altarch/7/images/CentOS-7-x86_64-GenericCloud-2009.qcow2"
  arch: "x86_64"
  digest: "sha256:e38bab0475cc6d004d2e17015969c659e5a308111851b0e2715e84646035bdd3"
- location: "https://cloud.centos.org/altarch/7/images/CentOS-7-aarch64-GenericCloud-2009.qcow2"
  arch: "aarch64"
  digest: "sha256:51c0222aa4bc7d966fc044eb6ce9182993a1dc398eaa595e58abd0d361439baf"
containerd:
  system: false
  user: false
mounts:
- location: "~"
- location: "/tmp/lima"
  writable: true
firmware:
  legacyBIOS: true
cpuType:
  # Workaround for "vmx_write_mem: mmu_gva_to_gpa XXXXXXXXXXXXXXXX failed" on Intel Mac
  # https://bugs.launchpad.net/qemu/+bug/1838390
  x86_64: "Haswell-v4

EDIT by @AkihiroSuda

Update (Mar 14, 2022)

:warning: Running recent Linux guests on M1 macOS needs Homebrew's QEMU 6.2.0_1 or later.

Run brew upgrade to upgrade QEMU.

Intel macOS users are NOT affected by this issue.

For the further information, see https://github.com/lima-vm/lima/pull/734 and https://github.com/Homebrew/homebrew-core/pull/96743 .

(~/.lima/default/serial.log)
...
EFI stub: Booting Linux Kernel...
EFI stub: ERROR: FIRMWARE BUG: kernel image not aligned on 64k boundary
EFI stub: Using DTB from configuration table
EFI stub: Exiting boot services and installing virtual address map...
SetUefiImageMemoryAttributes - 0x000000013F500000 - 0x0000000000040000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013C190000 - 0x0000000000040000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013C140000 - 0x0000000000040000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013F4C0000 - 0x0000000000030000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013C0F0000 - 0x0000000000040000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013BCB0000 - 0x0000000000040000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013BB00000 - 0x0000000000030000 (0x0000000000000008)
SetUefiImageMemoryAttributes - 0x000000013BAC0000 - 0x0000000000030000 (0x0000000000000008)
(hangs here)

sudo apt-mark hold linux-image-$(uname -r)

export QEMU_SYSTEM_AARCH64="qemu-system-aarch64 -display cocoa"

Below is the original post by @mateka

Description

Today I was working in lima VM (Ubuntu 20.04; Mac M1). After a while, it has lost connection (as it often does), so I had tried to restart it. Old VM and even brand new will not start and return an error after:

Waiting for the essential requirement 1 of 5: "ssh"

limactl --debug start VM-name prints:

DEBU[0171] [hostagent] executing ssh for script "ssh": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile="/Users/matek/.lima/_config/user" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers="^[email protected],[email protected]" -o User=matek -o ControlMaster=auto -o ControlPath="/Users/matek/.lima/test/ssh.sock" -o ControlPersist=5m -p 52070 127.0.0.1 -- /bin/bash] DEBU[0246] [hostagent] stdout="", stderr="kex_exchange_identification: read: Connection reset by peer\r\nConnection reset by 127.0.0.1 port 52070\r\n", err=failed to execute script "ssh": stdout="", stderr="kex_exchange_identification: read: Connection reset by peer\r\nConnection reset by 127.0.0.1 port 52070\r\n": exit status 255

Rancher Desktop seems to work.

Running limactl start foo.yml automatically sets the instance name to foo. It would be nice to be able to set a name different than the file name. Ex. running limactl start foo.yml --name bar would create an instance named bar.

This PR provides support for using Virtualization.Framework as a optional driver.

The following are the changes done related to using drivers,

• [x] Driver interface
• [x] Migrate current QEMU implementation to driver
• [x] New driver vz for Virtualization.Framework

The following are the features of lima, the vz driver should provide support for below,

• [x] Running VM (Using both disk img and iso)*
• [x] Slirp network for guest to host communication (uses gvisor-tap-vsock)
• [x] Host to guest network (uses vz NAT gateway)*
• [x] Directory sharing, supports reverse-sshfs and virtiofs (newly added)
• [x] Port forwarding
• [x] Host DNS resolver
• [ ] Display (Deferring it for now as it requires runtime.LockOsThread() to be called in the beginning of hostagent start cmd)

Notes

• Vz driver internally converts qcow to raw image using (qemu-img convert). This is because vz only supports raw disk
• Need to provide yaml configuration for NAT

Know Issues

• Serial log doesn't contain system boot logs
• Gvisor-tap-vsock will throw some errors like [e.connection](tcpproxy:) during start-up (This is because of port 22 Forwards being tried before VM is ready) [Not a failure/blocker just info message thrown, but we can look into fixing in a follow-up to call ssh forward manually]
• When vz vm stops, it doesn't trigger hostagent stop [Fixed]

Testing Tested the following templates with driver: vz. All test are done on macOS 13 intel as of now.

• [x] almalinux.yaml
• [x] alpine.yaml
• [x] apptainer.yaml
• [ ] archlinux.yaml
• [x] buildkit.yaml
• [ ] centos-stream.yaml
• [x] debian.yaml
• [x] docker.yaml
• [x] faasd.yaml
• [x] fedora.yaml
• [x] k3s.yaml
• [x] k8s.yaml
• [x] nomad.yaml
• [ ] opensuse.yaml
• [ ] oraclelinux.yaml
• [x] podman.yaml
• [ ] rocky.yaml
• [x] ubuntu.yaml
• [x] vmnet.yaml

A note though - host.lima.internal should be defined inside running containers. That's what docker desktop has always done, it provides that name resolution. People don't really want to get to the host just from inside the lima container, they want to get to the host from inside containers they're running.

Originally posted by @rfay in https://github.com/lima-vm/lima/discussions/389#discussioncomment-1855625

🔴 Current blocker: nls_utf8.ko is missing in openSUSE 15.3 https://bugzilla.opensuse.org/show_bug.cgi?id=1190797 🔴 I also have to rewrite this PR to make Samba non-default (https://github.com/lima-vm/lima/pull/188#discussion_r718677030)

Replace previous PR #118 Fix #20 (Filesystem sharing)

See the changes of docs/internal.md for the design.

• On macOS hosts, /usr/local/sbin/samba-dot-org-smbd is used as the smbd binary. This binary can be installed with brew install samba. Apple's version of /usr/sbin/smbd cannot be used. The binary path can be overridden with $SMBD env var.

• smbd is connected to QEMU via smb's stdio. The samba address 192.168.5.4:445 is only accessible from the guest, not from the host.

• When the host's hostname is not present in /etc/hosts on the host filesystem, the Lima hostagent launches a mDNS to help looking up the hostname. Otherwise starting Samba takes 25 secs with "getaddrinfo failed" error. See the pkg/samba/getaddrinfoworkaround package for the further information.

It's not fully clear how to add containerd to alpine, since the scripts require systemd:

ERRO[0018] [1 error occurred:
	* failed to satisfy the optional requirement 1 of 2 "systemd must be available": systemd is required to run containerd, but does not seem to be available.
Make sure that you use an image that supports systemd. If you do not want to run
containerd, please make sure that both 'container.system' and 'containerd.user'
are set to 'false' in the config file.

Installing containerd is quite simple, but packages for "nerdctl" and "buildkit" are missing...

provision:
  - mode: system
    script: |
      #!/bin/bash
      set -eux -o pipefail
      command -v containerd >/dev/null 2>&1 && exit 0
      apk add runc containerd cni-plugins
      sudo rc-update add containerd default
      sudo service containerd start

They can be added from the tarballs, but there doesn't seem to be any support available ?

That is, the current support is for nerdctl-full only (and not for nerdctl and buildkit archives)

Would it be better to make custom aports, or perhaps to add support for extra archives ?

containerd

• https://github.com/containerd/containerd/archive/v1.5.8.tar.gz
• https://github.com/alpinelinux/aports/tree/3.14-stable/community/containerd

nerdctl

• nerdctl-0.15.0-linux-amd64.tar.gz
• nerdctl-0.15.0-linux-arm64.tar.gz

buildkit

• buildkit-v0.9.3.linux-amd64.tar.gz
• buildkit-v0.9.3.linux-arm64.tar.gz
• buildkit.confd
• buildkit.initd

Both lima sudo nerdctl run and lima sudo nerdctl build seem to be doing just fine...

init-+-acpid
     |-7*[getty]
     |-sshd.pam---sshd.pam---sshd.pam-+-pstree
     |                                `-2*[sshfs---3*[{sshfs}]]
     |-supervise-daemo---lima-guestagent---7*[{lima-guestagent}]
     |-supervise-daemo---containerd---10*[{containerd}]
     |-supervise-daemo---buildkitd---8*[{buildkitd}]
     |-syslogd
     |-udevd
     `-udhcpc

socket_vmnet is similar to vde_vmnet but does not depend on VDE.

https://github.com/lima-vm/socket_vmnet

See docs/network.md for how to create networks.yaml with socketVMNet. When both socketVMNet and vdeVMNet (deprecated) are present in the YAML, socketVMNet is chosen.

iperf3 benchmark (host -> guest)

Mode | Shared (NAT) | Bridged ---------------|--------------|---------- socket_vmnet | 0.66 Gbps | 1.23 Gbps vde_vmnet | 0.27 Gbps | 0.31 Gbps

Tested on MacBook Pro 2020 (Intel), macOS 12 Lima commit 8db31e8087272da1c848d5d6d23f680004ad7d45 , socket_vmnet v1.0.0-alpha.0, vde_vmnet v0.6.0

Known issue: the throughput of the Shared (NAT) interface can be slower when both the Shared (NAT) and the Bridged interfaces are configured

Help wanted for testing https://github.com/lima-vm/lima/pull/703 on M1 macOS

1. Install Lima v0.9.0-beta.0 or later (brew install --HEAD lima, or git clone https://github.com/lima-vm/lima.git && cd lima && make && make install)
2. Install QEMU v6.2.0 (brew install qemu)
3. Create instances with the following memory: 8 GiB, 4 GiB, 2 GiB.

$ limactl start
? Creating an instance "default"  [Use arrows to move, type to filter]
  Proceed with the current configuration
> Open an editor to review or modify the current configuration
  Choose another example (docker, podman, archlinux, fedora, ...)
  Exit

(Change "memory: null" to "memory: 8 GiB" in the editor, and confirm that the instance works)
$ limactl delete -f defaut

4. Install QEMU master (brew install --HEAD qemu)
5. Repeat the step 3

The diffdisk starts out small, but grows quickly as users create and delete container images. This can become an issue on laptops with limited free space.

I tried to enable trim support just for Alpine, for testing, but couldn't get it to work. Here is the patch I tried:

--- pkg/cidata/cidata.TEMPLATE.d/boot/05-persistent-data-volume.sh
+++ pkg/cidata/cidata.TEMPLATE.d/boot/05-persistent-data-volume.sh
@@ -14,7 +14,7 @@ DATADIRS="/etc /home /tmp /usr/local /var/lib"
 if [ "$(awk '$2 == "/" {print $3}' /proc/mounts)" == "tmpfs" ]; then
        mkdir -p /mnt/data
        if [ -e /dev/disk/by-label/data-volume ]; then
-               mount -t ext4 /dev/disk/by-label/data-volume /mnt/data
+               mount -t ext4 -o discard /dev/disk/by-label/data-volume /mnt/data
        else
                # Find an unpartitioned disk and create data-volume
                DISKS=$(lsblk --list --noheadings --output name,type | awk '$2 == "disk" {print $1}')
@@ -32,7 +32,7 @@ if [ "$(awk '$2 == "/" {print $3}' /proc/mounts)" == "tmpfs" ]; then
                                echo 'type=83' | sfdisk --label dos /dev/"${DISK}"
                                PART=$(lsblk --list /dev/"${DISK}" --noheadings --output name,type | awk '$2 == "part" {prin
                                mkfs.ext4 -L data-volume /dev/"${PART}"
-                               mount -t ext4 /dev/disk/by-label/data-volume /mnt/data
+                               mount -t ext4 -o discard /dev/disk/by-label/data-volume /mnt/data
                                for DIR in ${DATADIRS}; do
                                        DEST="/mnt/data$(dirname "${DIR}")"
                                        mkdir -p "${DIR}" "${DEST}"
--- pkg/qemu/qemu.go
+++ pkg/qemu/qemu.go
@@ -261,7 +261,7 @@ func Cmdline(cfg Config) (string, []string, error) {
                args = appendArgsIfNoConflict(args, "-boot", "order=c,splash-time=0,menu=on")
        }
        if diskSize, _ := units.RAMInBytes(cfg.LimaYAML.Disk); diskSize > 0 {
-               args = append(args, "-drive", fmt.Sprintf("file=%s,if=virtio", diffDisk))
+               args = append(args, "-drive", fmt.Sprintf("file=%s,if=virtio,discard=unmap", diffDisk))
        } else if !isBaseDiskCDROM {
                args = append(args, "-drive", fmt.Sprintf("file=%s,if=virtio", baseDisk))
        }

I've created some files via dd if=/dev/urandom of=1.bin bs=64M count=64 iflag=fullblock etc and verified the growth in diffdisk size.

I then deleted the *.bin files and ran:

lima-alpine:~$ sudo fstrim -v /mnt/data
/mnt/data: 105074479104 bytes trimmed
lima-alpine:~$ sudo fstrim -v /mnt/data
/mnt/data: 0 bytes trimmed

But the size of the disk never shrinks.

I wonder if this is a macOS limitation, that qemu doesn't implement the sparse file logic for APFS.

Thoughts?

Description

Once upon a time, there was something called Docker Machine and it was running on VirtualBox.

It did have some other drivers, like qemu, but the virtualbox driver was the portable and default...

Now that Lima has a driver framework, it could be useful to have a "vbox" driver next to the "qemu" ?

It does support features like host networking and shared folders, that QEMU is still struggling with.

Pros: might run on more platforms, such as legacy releases or other operating systems

Cons: only supports Intel images, no support for COW images (resulting in larger files)

But the biggest advantage is having another driver that also works on non-Mac hosts.

And it can help to improve the driver API, if testing with more different implementations

Description

Actual Behavior

When I continue to execute nslookup/ping/dig or any other DNS name resolution operations within Lima, Lima get stuck after a certain number of times (lasting about 4 minutes). This issue also occurs inside Docker container when using Rancher Desktop, so this is critial issue for any system that uses container linking, like Apache+PHP and MySQL.

Steps to Reproduce

1. Login to Lima and keep running nslookup.

$ rdctl shell
lima-rancher-desktop:/Users/xxx$ while true; do nslookup www.google.co.jp; done

2. While the above process is running, show a list of UDP open files that qemu-system-aarch64 handles on host OS.

$ lsof -p $(pgrep qemu-system-aarch64) | grep "UDP"
...
qemu-syst 6788 xxxx  119u  IPv4 0x2c6ecf140850ff5f         0t0                 UDP *:63544
qemu-syst 6788 xxxx  120u  IPv4 0x2c6ecf140851762f         0t0                 UDP *:63398

3. A number of UDP open files keep increasing and after it reaches to FD=1024u, Lima get stuck.

$ lsof -p $(pgrep qemu-system-aarch64) | grep "UDP"
...
qemu-syst 6788 xxxx  1023u  IPv4 0x2c6ecf14085191bf         0t0                 UDP *:54486
qemu-syst 6788 xxxx  1024u  IPv4 0x2c6ecf140852088f         0t0                 UDP *:62934

4. If you wait about 4 minutes, all UDP open files get released and Lima starts running again.

Workaround

If you set hostResolver.enabled=false , this issue doesn't occur.

hostResolver:
  enabled: false

Versions

• Lima 0.14.2
• Rancher Desktop 1.7.0

Operating System / Build Version / CPU

• MacOS Monterey 12.6 (M1 2020)
• MacOS Ventura 13.0.1 (Intel Core i5, 2019)

Description

On Windows hosts host agent should be linked as a GUI application for correct background processing, but limactl should still be console application.

Example of this could be found here.

Example of the actual issue. If Ctrl-C is sent to the terminal, where limactl was launched, which in order started limactl host agent, it will kill the host agent. Or if you close the console window it will also terminate the HA, which is not expected behavior.

Related to https://github.com/lima-vm/lima/issues/909

Noticed that limactl inspect --format json and limactl ls --format json produces the exactly same output now.

Probably, limactl ls isn't expected to print the config field?

Originally posted by @AkihiroSuda in https://github.com/lima-vm/lima/issues/1249#issuecomment-1372978716

This is a legacy driver for Oracle VirtualBox, x86_64 only.

It also has support for shared folders and hostonly networks, but they are not implemented just yet (sshfs and nat only)

Deletion does not work properly, due to the VM "registry".

Description

We (w/@dentrax) thought it'd be good to create a sub-command like stats which would display the VM statistics in real-time as the docker's stats command.

# can take a VM name as an argument or will list all the VM stats if no VM name is given
$ limactl stats <VM>
NAME     CPUS    MEMORY    DISK
vbox     %13     %27       %31