lima-vm / alpine-lima Goto Github PK

Hello! We run lots of Docker containers using Colima, which AFAIK uses this Alpine image.

Our machines struggle with free ram when running many containers, and its my understanding that ZRAM is zero overhead until kernel needs it to free up ram space.

If ZRAM isn't enabled by default, could we perhaps turn it on?

All the official Lima templates except Alpine uses hard drive images, and it is hard to maintain ISO booting specifically for Alpine

Especially get rid of the awk code that is hard to understand/maintain.

Interesting links: SIOCSIFNAME in Go instead of C and vishvananda/netlink: Simple netlink library for go.

Some runtimes expect /etc/localtime to be present...

Maybe it can be created, to match the output of date ?

Something similar to this workaround:

echo UTC | sudo tee /etc/localtime

Looked at singularity as well, but it is currently awaiting the release and packaging of "Apptainer 1.0.0"

apk add singularity

The current apk version in 3.14 is singularity 3.8

Upgrading requires the new Go version, from Alpine 3.15

checking: host Go compiler (at least version 1.16.12)... not found! (the available system version is 1.16.10-r0)

From #34 (comment)

This would allow just doing apk add buildkit, with init script and all.

It would also move the files, from /usr/local/bin to /usr/bin.

Like for containerd today.

Hi,

Sadly, Alpine does not keep the installed packages after a new start. Ist this an intended behavior? Files and dirs in the linux home dir survive, though.

Done with the regular alpine.yaml template on Macbook Pro M1 with macOS 12.

Best

PR

That's how it works for all other distros, and it allows updating of nerdctl without making a new alpine-lima release.

At the very least Lima should be able to update nerdctl to a newer version, even if the ISO already includes an older version.

Description

IIUC, Lima uses a Ubuntu distro.

Ubuntu has a kernel config file that includes the value of all of the kernel source configuration entries.
Ubuntu puts that file at /boot/config-$(uname -r).

Pixie (px.dev) reads this config file at runtime, to determine the right configuration entry for compiling C code to BPF byte code using BCC.

Let me know if I could help with any changes.

PR to come

I would like to know if there is anything else to consider with making an aarch64 version of this image.

I was able to build the aarch64 version and everything looks fine. Though the syslinux package is not available but it works fine without it.

Can I go ahead and create a PR?

Boot provisioning scripts have been added in lima-vm/lima#1094

They need additional support in lima-init.

This probably means that pam_env is not loaded correctly.

See: rancher-sandbox/rancher-desktop#2771

This could be implemented as a LIMA_INSTALL_GIT option used by the "rd" edition which adds the git apk and any dependencies.

On my M1 Mac, if I run the following, dig will loop for a while, and then sort of hang with qemu at 100%. This doesn't happen if I use the ubuntu template.

limactl start --name feh template://alpine
limactl shell feh
sudo apk add --update bind-tools

while true; do dig host.docker.internal ; done

host.docker.internal doesn't resolve to anything, but if I just let that command sit for a few minutes, eventually the id value will stop changing in the dig output. qemu-system-aarch will sit at 100% cpu usage in Activity Monitor, and I won't be able to connect to the VM with limactl shell feh

A few minutes later, the VM comes back to life, printing dig output and goes back to consuming 31% CPU in Activity Monitor.

versions:

~ ❯❯❯ lima --version
limactl version 0.15.0
~ ❯❯❯ qemu-system-aarch64 --version
QEMU emulator version 7.2.1
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers

This seems to be what I'm running into with rancher-sandbox/rancher-desktop#2811

Looks like some part of the build is not pinned down, making the builds non-reproducible.

Check if there are PRs in the downstream repo that should have been made to upstream first!

Triggered by discovering that rancher-sandbox#15 was not in upstream (will be fixed by #124).

But maybe there are more?

Also remove the rd edition and supporting code from upstream and keep it separate in the downstream repo.

This issue was automatically created by Allstar.

Security Policy Violation
PR Approvals not configured for branch main

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Similar to:

• #37

For running:

apk add nerdctl

From #34 (comment)

Mostly for completeness, I guess you could make a boot2docker alternative out of it.

Basically: pkg add docker

lima-vm/lima#783 added support for ca-certs to lima.yaml. It uses cloud-init, so needs corresponding support in lima-init.

Alpine 3.19 has been released earlier this month and includes newer versions of containerd and docker.

This should be a minimal change:

--- Makefile
+++ Makefile
@@ -1,4 +1,4 @@
-ALPINE_VERSION ?= 3.18.0
+ALPINE_VERSION ?= 3.19.0
 REPO_VERSION ?= $(shell echo "$(ALPINE_VERSION)" | sed -E 's/^([0-9]+\.[0-9]+).*/v\1/')

Unfortunately this breaks ssh support in Lima:

$ make EDITION=std lima
ALPINE_VERSION=3.19.0 EDITION=std ARCH=x86_64 ./lima.sh
WARN[0000] Ignoring non-existent instance "std"
[...]
INFO[0001] SSH Local Port: 40022
INFO[0001] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0029] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0039] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0049] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0059] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"

Using the QEMU display running ssh -vvvv localhost from inside the VM works just fine (I think, I didn't actually generate a key to login, but I see all the ssh logging and eventually the password prompt).

Using the new VZ driver lima-vm/lima#1147, the data disk is not getting mounted. It however works fine with Ubuntu iso.

Steps to Reproduce

Select the Alpine template

limactl start template://alpine

Use the vz driver

+ vmType: vz
+ mountType: virtiofs
- firmware:
-   legacyBIOS: true

Check the disks, the default 100G mount is missing.

$ limactl shell alpine
lima-alpine:/Users/abiola$ df -h
Filesystem                Size      Used Available Use% Mounted on
devtmpfs                 10.0M         0     10.0M   0% /dev
shm                       1.9G         0      1.9G   0% /dev/shm
/dev/sda                 62.8M     62.8M         0 100% /media/sda
tmpfs                     1.9G     53.8M      1.9G   3% /
tmpfs                   785.6M    288.0K    785.3M   0% /run
/dev/loop0               11.9M     11.9M         0 100% /.modloop
/dev/disk/by-label/cidata
                          6.7M      6.7M         0 100% /mnt/lima-cidata
mount0                  228.3G    208.2G     20.1G  91% /Users/abiola
mount1                  228.3G    208.2G     20.1G  91% /tmp/lima
cgroup_root              10.0M         0     10.0M   0% /sys/fs/cgroup

Expected

Using the experimental/vz template, the mounts include the 100G disk as /dev/vdb1.

abiola@lima-vz:/Users/abiola$ df -h
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           392M  1.1M  391M   1% /run
/dev/vdb1        97G  2.0G   95G   3% /
tmpfs           2.0G     0  2.0G   0% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
/dev/vdb15       98M  5.1M   93M   6% /boot/efi
mount0          229G  211G   18G  93% /Users/abiola
mount1          229G  211G   18G  93% /tmp/lima
/dev/vda        195M  195M     0 100% /mnt/lima-cidata
tmpfs           392M  8.0K  392M   1% /run/user/501

Shutting down the default Ubuntu client takes 2 seconds, whereas shutting down an alpine client takes about 80 seconds.

Ubuntu

{"level":"info","msg":"Received SIGINT, shutting down the host agent","time":"2021-08-06T15:34:33-07:00"}
{"level":"info","msg":"Shutting down the host agent","time":"2021-08-06T15:34:33-07:00"}
{"level":"info","msg":"Unmounting \"/Users/jan\"","time":"2021-08-06T15:34:33-07:00"}
{"level":"info","msg":"Unmounting \"/tmp/lima\"","time":"2021-08-06T15:34:33-07:00"}
{"level":"debug","msg":"shutting down the SSH master","time":"2021-08-06T15:34:33-07:00"}
{"error":"unexpected EOF","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:34:33-07:00"}
{"level":"info","msg":"Shutting down QEMU with ACPI","time":"2021-08-06T15:34:33-07:00"}
{"level":"info","msg":"Sending QMP system_powerdown command","time":"2021-08-06T15:34:33-07:00"}
{"error":null,"level":"info","msg":"QEMU has exited","time":"2021-08-06T15:34:35-07:00"}

[  OK  ] Removed slice system-modprobe.slice.
[  OK  ] Stopped target Cloud-init target.
[  OK  ] Stopped target Graphical Interface.
[  OK  ] Stopped target Host and Network Name Lookups.
[  OK  ] Stopped target Timers.
[  OK  ] Stopped Daily apt upgrade and clean activities.
[  OK  ] Stopped Daily apt download activities.
[  OK  ] Stopped Periodic ext4 Onli…ata Check for All Filesystems.
[  OK  ] Stopped Discard unused blocks once a week.
[  OK  ] Stopped Refresh fwupd metadata regularly.
[  OK  ] Stopped Daily rotation of log files.
[  OK  ] Stopped Daily man-db regeneration.
[  OK  ] Stopped Message of the Day.
[  OK  ] Stopped Daily Cleanup of Temporary Directories.
[  OK  ] Stopped Ubuntu Advantage update messaging.
[  OK  ] Stopped Download data for …ailed at package install time.
[  OK  ] Stopped Check to see wheth…w version of Ubuntu available.
[  OK  ] Stopped target System Time Synchronized.
[  OK  ] Stopped target System Time Set.
[  OK  ] Closed LVM2 poll daemon socket.
[  OK  ] Closed Load/Save RF Kill Switch Status /dev/rfkill Watch.
         Stopping Accounts Service...
         Stopping Availability of block devices...
[  OK  ] Stopped Execute cloud user/final scripts.
[  OK  ] Stopped target Multi-User System.
[  OK  ] Stopped target Login Prompts.
         Stopping LSB: automatic crash report generation...
[  OK  ] Stopped Apply the settings specified in cloud-config.
[  OK  ] Stopped target Cloud-config availability.
[  OK  ] Stopped target Network is Online.
         Stopping Regular background program processing daemon...
         Stopping Create final runt…dir for shutdown pivot root...
         Stopping Getty on tty1...
[  OK  ] Stopped Record successful boot for GRUB.
         Stopping irqbalance daemon...
         Stopping Dispatcher daemon for systemd-networkd...
         Stopping PackageKit Daemon...
[  OK  ] Stopped Terminate Plymouth Boot Screen.
         Stopping Authorization Manager...
         Stopping System Logging Service...
         Stopping Serial Getty on ttyS0...
[  OK  ] Stopped Wait until snapd is fully seeded.
         Stopping Snap Daemon...
         Stopping OpenBSD Secure Shell server...
         Stopping User Login Management...
[  OK  ] Stopped Commit a transient machine-id on disk.
         Stopping Load/Save Random Seed...
         Stopping Disk Manager...
         Stopping User Manager for UID 501...
[  OK  ] Stopped Accounts Service.
[  OK  ] Stopped Regular background program processing daemon.
[  OK  ] Stopped irqbalance daemon.
[  OK  ] Stopped Dispatcher daemon for systemd-networkd.
[  OK  ] Stopped System Logging Service.
[  OK  ] Stopped Snap Daemon.
[  OK  ] Stopped Serial Getty on ttyS0.
[  OK  ] Stopped Getty on tty1.
[  OK  ] Stopped Disk Manager.
[  OK  ] Stopped Authorization Manager.
[  OK  ] Stopped OpenBSD Secure Shell server.
[  OK  ] Stopped User Manager for UID 501.
[  OK  ] Stopped PackageKit Daemon.
[  OK  ] Stopped Availability of block devices.
[  OK  ] Stopped Load/Save Random Seed.
[  OK  ] Removed slice system-getty.slice.
[  OK  ] Removed slice system-serial\x2dgetty.slice.
[  OK  ] Stopped Hold until boot process finishes up.
         Stopping User Runtime Directory /run/user/501...
[  OK  ] Stopped User Login Management.
[  OK  ] Unmounted /run/user/501.
[  OK  ] Stopped LSB: automatic crash report generation.
[  OK  ] Stopped User Runtime Directory /run/user/501.
[  OK  ] Removed slice User Slice of UID 501.
         Stopping Permit User Sessions...
[  OK  ] Stopped Permit User Sessions.
[  OK  ] Stopped target Basic System.
[  OK  ] Stopped target Network.
[  OK  ] Stopped target User and Group Name Lookups.
[  OK  ] Stopped target Paths.
[  OK  ] Stopped target Remote File Systems.
[  OK  ] Stopped target Remote File Systems (Pre).
[  OK  ] Stopped target Slices.
[  OK  ] Removed slice User and Session Slice.
[  OK  ] Stopped target Sockets.
[  OK  ] Closed Open-iSCSI iscsid Socket.
[  OK  ] Closed Socket unix for snap application lxd.daemon.
[  OK  ] Closed Socket activation for snappy daemon.
[  OK  ] Closed Syslog Socket.
[  OK  ] Closed UUID daemon activation socket.
[  OK  ] Stopped target System Initialization.
[  OK  ] Stopped target Local Encrypted Volumes.
[  OK  ] Stopped Dispatch Password …ts to Console Directory Watch.
[  OK  ] Stopped Forward Password R…uests to Wall Directory Watch.
[  OK  ] Stopped Initial cloud-init…ob (metadata service crawler).
[  OK  ] Stopped Wait for Network to be Configured.
         Stopping Network Name Resolution...
         Stopping Network Time Synchronization...
         Stopping Update UTMP about System Boot/Shutdown...
[  OK  ] Stopped Network Name Resolution.
         Stopping Network Service...
[  OK  ] Stopped Update UTMP about System Boot/Shutdown.
[  OK  ] Stopped Network Time Synchronization.
[  OK  ] Stopped Create Volatile Files and Directories.
[  OK  ] Stopped Network Service.
[  OK  ] Stopped target Network (Pre).
[  OK  ] Stopped Initial cloud-init job (pre-networking).
[  OK  ] Stopped Apply Kernel Variables.
[  OK  ] Stopped Load Kernel Modules.
[  OK  ] Stopped Create final runtime dir for shutdown pivot root.
[  OK  ] Stopped target Local File Systems.
         Unmounting /boot/efi...
         Unmounting /mnt/lima-cidata...
         Unmounting /run/snapd/ns/lxd.mnt...
         Unmounting Mount unit for core18, revision 2066...
         Unmounting Mount unit for lxd, revision 20684...
         Unmounting Mount unit for snapd, revision 12159...
[  OK  ] Unmounted /boot/efi.
[  OK  ] Unmounted /run/snapd/ns/lxd.mnt.
[  OK  ] Unmounted /mnt/lima-cidata.
         Unmounting /run/snapd/ns...
[  OK  ] Stopped File System Check on /dev/disk/by-label/UEFI.
[  OK  ] Removed slice system-systemd\x2dfsck.slice.
[  OK  ] Unmounted /run/snapd/ns.
[  OK  ] Unmounted Mount unit for core18, revision 2066.
[  OK  ] Stopped target Swap.
[  OK  ] Unmounted Mount unit for lxd, revision 20684.
[  OK  ] Unmounted Mount unit for snapd, revision 12159.
[  OK  ] Stopped target Local File Systems (Pre).
[  OK  ] Reached target Unmount All Filesystems.
         Stopping Monitoring of LVM…meventd or progress polling...
         Stopping Device-Mapper Multipath Device Controller...
[  OK  ] Stopped Create Static Device Nodes in /dev.
[  OK  ] Stopped Create System Users.
[  OK  ] Stopped Remount Root and Kernel File Systems.
[  OK  ] Stopped File System Check on Root Device.
[  OK  ] Stopped Device-Mapper Multipath Device Controller.
[  OK  ] Stopped Monitoring of LVM2… dmeventd or progress polling.
[  OK  ] Reached target Shutdown.
[  OK  ] Reached target Final Step.
[  OK  ] Finished Power-Off.
[  OK  ] Reached target Power-Off.

Alpine

{"level":"info","msg":"Received SIGINT, shutting down the host agent","time":"2021-08-06T15:29:05-07:00"}
{"level":"info","msg":"Shutting down the host agent","time":"2021-08-06T15:29:05-07:00"}
{"level":"info","msg":"Unmounting \"/Users/jan\"","time":"2021-08-06T15:29:05-07:00"}
{"level":"info","msg":"Unmounting \"/tmp/lima\"","time":"2021-08-06T15:29:05-07:00"}
{"level":"debug","msg":"shutting down the SSH master","time":"2021-08-06T15:29:05-07:00"}
{"error":"unexpected EOF","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:29:05-07:00"}
{"level":"info","msg":"Shutting down QEMU with ACPI","time":"2021-08-06T15:29:05-07:00"}
{"level":"info","msg":"Sending QMP system_powerdown command","time":"2021-08-06T15:29:05-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:15-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:15-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:29:16-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:26-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:26-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:29:26-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:36-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:36-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:29:36-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:46-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:46-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:29:46-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:56-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:29:56-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:29:56-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:30:06-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:30:06-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:30:06-07:00"}
{"level":"info","msg":"Forwarding \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:30:16-07:00"}
{"error":"failed to run [ssh -i /Users/jan/.lima/_config/user -i /Users/jan/.ssh/[email protected] -i /Users/jan/.ssh/[email protected] -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -F /dev/null -l jan -o ControlMaster=auto -o ControlPath=/Users/jan/.lima/std/ssh.sock -o ControlPersist=5m -T -O forward -L /Users/jan/.lima/std/ga.sock:/run/user/501/lima-guestagent.sock -N -f -p 40022 127.0.0.1 --]: \"\": exit status 255","level":"warning","msg":"failed to setting up forward from \"/run/user/501/lima-guestagent.sock\" (guest) to \"/Users/jan/.lima/std/ga.sock\" (host)","time":"2021-08-06T15:30:16-07:00"}
{"error":"stat /Users/jan/.lima/std/ga.sock: no such file or directory","level":"warning","msg":"connection to the guest agent was closed unexpectedly","time":"2021-08-06T15:30:16-07:00"}
{"error":null,"level":"info","msg":"QEMU has exited","time":"2021-08-06T15:30:23-07:00"}

Welcome to Alpine Linux 3.13
^MKernel 5.10.38-0-virt on an x86_64 (/dev/ttyS0)

^Mlima-std login:  * Stopping sshd ... [ ok ]
 * Shutting down ssh connections ... * sshd: caught SIGTERM, aborting
 [ ok ]
 * Stopping busybox syslog ... [ ok ]
 * Unregistering QEMU binaries in binfmt misc ... [ ok ]
 * Stopping busybox acpid ... [ ok ]
 * Unmounting loop devices
 *   Remounting /.modloop read only ... *   in use but fuser finds nothing
 [ !! ]
 * Unmounting filesystems
 *   Unmounting /var/lib ... [ ok ]
 *   Unmounting /usr/local ... *   Unmounting /tmp ... [ ok ]
 *   Unmounting /home ... [ ok ]
 *   Unmounting /etc ... [ ok ]
 *   Unmounting /mnt/data ... [ ok ]
 *   Unmounting /mnt/lima-cidata ... [ ok ]
 *   Unmounting /.modloop ... *   in use but fuser finds nothing
 [ !! ]
 *   Unmounting /media/cdrom ... *   in use but fuser finds nothing
 [ !! ]
 * Setting hardware clock using the system clock [UTC] ... [ ok ]
 * Stopping udev ... [ ok ]
 * Unmounting /.modloop ... [ ok ]
 * Terminating remaining processes ... [ ok ]
 * Killing remaining processes ... [ ok ]
 * Saving dependency cache ... [ ok ]
 [ ok ]
 * Remounting remaining filesystems read-only ... *   Remounting /usr/local read only ... [ ok ]
 *   Remounting / read only ... [ ok ]
 *   Remounting /media/cdrom read only ... [ ok ]
 [ ok ]
^MThe system is going down NOW!
^MSent SIGTERM to all processes
^MSent SIGKILL to all processes
^MRequesting system poweroff

Also include the release tag in the filenames, e.g. alpine-lima-v0.1.1-std-3.13.5-x86_64.iso

It is recommended by (and will be used automatically by) lima-vm/sshocker#26.

When using the alpine-lima-std images, provisioning scripts don't seem to execute whereas they run fine on the old alpine-lima-ci images.

Try adding these provisioning scripts to Lima VMs running both the std and the ci versions:

provision:
  - mode: system
    script: &setup-cache-and-repos |-
      #!/bin/sh
      set -eux -o pipefail
      setup-apkcache /Users/simjnd/.lima/_mounts/apk-cache
      cat <<EOF > /etc/apk/repositories
      http://alpine.42.fr/v3.13/main
      http://alpine.42.fr/v3.13/community
      http://alpine.42.fr/edge/main
      http://alpine.42.fr/edge/community
      http://alpine.42.fr/edge/testing
      EOF

  - mode: system
    script: &install-dependencies |-
      #!/bin/sh
      set -eux -o pipefail
      apk update
      apk add podman

After starting the std version, trying to run podman returns sudo: podman: command not found whereas the ci version returns Error: missing command 'podman COMMAND'. Try 'podman --help' for more information. indicating that podman has indeed been installed.

I assume in the title that this is due to the custom lima-init that is used instead of cloud-init?

I made some "editions" of alpine-lima, that installs the regular packages:

• #34
• #43
• #45

These apk are now available upstream, making the installation smoother.

Only added some refactoring, to make using "nerdctl-full" more explicit:

• #105
• #106

To make "nerdctl" mean only nerdctl, and call the bundle "nerdctl-full"

Podman is a container runtime, that can operate without any long-living daemons.

So there is no dockerd or containerd or buildkitd (unless you want there to be*)

https://podman.io/

Instead, there are background processes (like conmon and pause) started while running...

It can be an interesting comparison for running and building, so making another edition for it.

* for podman.sock

Basically: pkg add podman

This is required for Lima to be unregister the qemu binfmt handler and register rosetta instead.

lima-init declares that it needs to run after qemu-binfmt. Maybe patching qemu-binfmt to run before cloud-init and before lima-init will work.

Note that aed9360 can be reverted if qemu-binfmt is guaranteed to run before cloud-init or lima-init because it will make sure the binfmt filesystem is mounted.

Right now for the x86_64 image it is mounted under /media/sr0 and for the aarch64 image under /media/vda. There is nothing mounted at /media/cdrom at all.

This would help pixie to locate the /boot/config-virt file: pixie-io/pixie#447

It can be started manually (via the console) with rc-service ssh start. Not sure why it is in "stopped" state.

This issue was automatically created by Allstar.

Security Policy Violation
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.

To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/lima-vm/alpine-lima/security/policy to enable.

For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

This means all images built with lima-init must package all optional dependencies that the lima boot scripts might try to install because a network install will fail.

lima-init should run once the network is up. If that is not possible (e.g. because the network configuration must happen before the interfaces are upped, then lima-init must be split into multiple phases, the way cloud-init also does it).

From lima-vm/lima#489

https://github.com/lima-vm/lima/blob/master/examples/alpine.yaml

containerd:
  system: false
  user: false

The lima nerdctl provisioning doesn't work without systemd installed

• lima-vm/lima#310

One approach would be to create a separate ISO, with containerd installed.

And then add nerdctl and buildctl/buildkitd from the nerdctl-full tarball, like lima.

To bump containerd from 1.5.11 to 1.6.4

Versions involved:

• Lima v0.11.3
• Alpine-lima v0.2.20 (alpine-lima-std-3.16.0-x86_64.iso)
• Host: x86_64 macOS Catalina 10.15.7

Steps to reproduce:

• Start the alpine example lima configuration from lima.
• The rest of the steps occur in the VM.
• Download https://dl-cdn.alpinelinux.org/alpine/v3.16/main/aarch64/musl-1.2.3-r0.apk (it's a tar.gz file) and extract lib/ld-musl-aarch64.so.1 (to /lib/ld-musl-aarch64.so.1).
• Download https://dl-cdn.alpinelinux.org/alpine/v3.16/main/aarch64/busybox-1.35.0-r17.apk and extract bin/busybox somewhere.
• Create a symbolic link called uname pointing to the freshly-extracted bin/busybox
• Run ./uname -a

Expected results:

Linux lima-alpine 5.15.57-0-virt #1-Alpine SMP Fri, 29 Jul 2022 07:15:20 +0000 aarch64 Linux

Actual results:

a: applet not found

Additional Information

I believe tonistiigi/binfmt@c5e2139 added a patch to the qemu in use to assume the preserve-argv flag in binfmt_misc when no flags are found; I assume that code is somehow being triggered.

Workaround (and likely fix): Add binfmt_flags="POCF" to /etc/conf.d/qemu-binfmt.

References: rancher-sandbox/rancher-desktop#2668 / rancher-sandbox/rancher-desktop#2659