External/SSH internal driver for all OS

[afbjorklund]

Similar to the docker-machine "generic" driver, bring your own virtual machine (or physical server)

Not so useful in itself, but not so bad when made into a real driver or wrapped with helper scripts...

NAME          STATUS     SSH                   VMTYPE    ARCH      CPUS    MEMORY    DISK      DIR
beaglebone    Running    192.168.7.2:22        ext       armv7l    1       512MiB    4GiB      ~/.lima/beaglebone
core          Stopped    127.0.0.1:0           qemu      x86_64    1       1GiB      100GiB    ~/.lima/core

vmType: ext

arch: "armv7l"
cpus: 1
memory: 512MiB
disk: 4GiB

# We do not have arm-v7 binaries of containerd
containerd:
  system: false
  user: false

ssh:
  address: 192.168.7.2

Requires:

• Restore guest agent unix socket functionality #2006

---

Installed lima-guestagent, and nerdctl from tarballs/binaries.

$ _output/bin/limactl shell beaglebone nerdctl version
Client:
 Version:	v1.7.0
 OS/Arch:	linux/arm
 Git commit:	e674fe7ba6e49f12e88cd9c6c442e7ea5232502c
 buildctl:
  Version:	v0.12.3
  GitCommit:	438f47256f0decd64cc96084e22d3357da494c27

Server:
 containerd:
  Version:	v1.7.6
  GitCommit:	091922f03c2762540fd057fba91260237ff86acb
 runc:
  Version:	1.1.9
  GitCommit:	v1.1.9-0-gccaecfc

limactl guest-install beaglebone

• Add hidden command to install the guest components #2028

---

Hardware

https://www.beagleboard.org/boards/beaglebone-black

You could also use a Raspberry Pi Zero*, or a cloud droplet.

* need the Zero 2, for arm-v7 (previous model was arm-v6)

https://www.raspberrypi.com/products/raspberry-pi-zero-2-w/

Discussion

• The Linux physical machines #2029

[afbjorklund]

The probes are somewhat annoying when not using cidata, but that was the same story on FreeBSD and others.

• Support for FreeBSD guests ? #1508 (comment)

Maybe there should be some fallback implementation, at least for ssh-ready/guestagent install/boot-done ?

sudo diff -q /run/lima-ssh-ready /mnt/lima-cidata/meta-data

install -m 755 /mnt/lima-cidata/lima-guestagent /usr/local/bin/lima-guestagent
sudo /usr/local/bin/lima-guestagent install-systemd

sudo diff -q /run/lima-boot-done /mnt/lima-cidata/meta-data

Like copying the lima-guestagent over the ssh connection (my workaround)

And keeping the instance meta-data (id) somewhere else, like in /etc ?

[afbjorklund]

Added support for hostnames, so that you can use nice features like avahi-daemon

NAME           STATUS     SSH                     VMTYPE    ARCH       CPUS    MEMORY    DISK      DIR
raspberrypi    Running    raspberrypi.local:22    ext       aarch64    4       512MiB    32GiB     ~/.lima/raspberrypi

anders@raspberrypi:~ $ sudo mkdir /mnt/lima-cidata
anders@raspberrypi:~ $ sudo touch /mnt/lima-cidata/meta-data
anders@raspberrypi:~ $ sudo touch /run/lima-ssh-ready
anders@raspberrypi:~ $ sudo touch /run/lima-boot-done

Previously I was assuming IP. Now, to have a nice way to install the lima-guestagent

[afbjorklund]

Added host key checking:

The authenticity of host 'raspberrypi.local (192.168.0.113)' can't be established.
ECDSA key fingerprint is SHA256:tKIRfOeWP1HeCFLpM0UT30CUWSDXpC7gxPsKHUnS+h4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

And shortened the timeout, for when the device is not connected. Resolves in 10ms, when cached (or ~250ms).

errors="[field `ssh.address` must be IP: lookup raspberrypi.local: i/o timeout]"

[afbjorklund]

Added provision scripts.

Using sudo for system.

[AkihiroSuda]

Maybe this should be called "external" to avoid confusion with "extended"

[afbjorklund]

In minikube we ended up calling the driver "ssh", but I don't think it's great

[AkihiroSuda]

ping @lima-vm/maintainers @lima-vm/reviewers RFC

I still feel "ext" is confusing.
Sounds like some sort of ext2/ext3/ext4 stuff.

[jandubois]

I think external is fine. unmanaged or raw could be alternatives, but I prefer external.

[AkihiroSuda]

ping @afbjorklund WDYT?

[AkihiroSuda]

What does localPort mean now for non-local address?

[afbjorklund]

It used as "port", but the old name is kept for compatibility.

If the port is zero, then for non-localhost it will be set to 22.
For localhost (127.0.0.1), it is still assigned to a random port.

Normally it is not set, and only the IP address is used for SSH.

[afbjorklund]

Rebased to lima v0.21.0 [RPi runs Debian GNU/Linux 12 (bookworm)]

$ _output/bin/limactl shell raspberrypi nerdctl version
Client:
 Version:	v1.7.5
 OS/Arch:	linux/arm64
 Git commit:	cffed372371dcbea3dc9a646ce5a913fc1c09513
 buildctl:
  Version:	v0.12.5
  GitCommit:	bac3f2b673f3f9d33e79046008e7a38e856b3dc6

Server:
 containerd:
  Version:	v1.7.14
  GitCommit:	dcf2847247e18caba8dce86522029642f60fe96b
 runc:
  Version:	1.1.12
  GitCommit:	v1.1.12-0-g51d5e946

Quite svelte, without the cidata etc: 44K /home/anders/.lima/raspberrypi

NAME           STATUS     SSH                     VMTYPE    ARCH       CPUS    MEMORY    DISK     DIR
raspberrypi    Running    raspberrypi.local:22    ext       aarch64    4       512MiB    32GiB    ~/.lima/raspberrypi

[AkihiroSuda]

Would it be possible to test this on CI?

[afbjorklund]

Would it be possible to test this on CI?

As long as it is possible to supply a VM, with access through host keys and authorized keys, that should be possible.

I should detail the required steps (with example log), especially now with the addition of the cloud-config generation.

• Generate cloud-config outside of cidata.iso too #2271

[afbjorklund]

Rebased to v2.0.0-alpha.0, only thing left to do is to find a driver name that is acceptable.

[afbjorklund]

These patches should be converted to driver features:

• warn about experimental driver
• skip creating the "basedisk" file
• skip creating the "cidata.iso" file
• run provisioning scripts over ssh
• skip running certain requirements
• allow instance without "images"
• validate ssh.address (and required)
• allow PID status check for HA only

[AkihiroSuda]

The idea of "external machines" can be easily confused with "external drivers", so this driver should not be called "ext" ("external").

Let's call this either "generic" or "ssh"

[AkihiroSuda]

If you want to put raspberrypi-specific config here, the file name should be probably "raspberrypi.yaml"

[AkihiroSuda]

Should this be compiled as an external driver? (w/ docs)

[afbjorklund]

Currently that is not possible, but might be an option (like the other built-in ones)

[AkihiroSuda]

Why not possible?

[AkihiroSuda]

Any mount type other than REVSSHFS should result in an error

[AkihiroSuda]

Can we have a smoke test ?
Maybe using an LXD/Incus instance on GHA

[afbjorklund]

I tried that, but it didn't work out... Help needed

#2000 (comment)

[AkihiroSuda]

What was the error?

[AkihiroSuda]

https://github.com/canonical/setup-lxd may work

I guess there is an equivalent of this for Incus too

[afbjorklund]

I think we will throw this one out of 2.0 as well (like with 1.0)