vz: add support for nested virtualization #2530
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abiosoft
force-pushed
the
vz-nested-virtualization
branch
from
1fd7d72 to
b946be0
Compare
abiosoft
force-pushed
the
vz-nested-virtualization
branch
from
b946be0 to
25bd2b7
Compare
Testing Instructions
For those willing to try this out, these are the steps. 1. Clone the sourceClone my fork of Lima and checkout 2. Build LimaFrom the root directory of Lima, perform a build. PS: You might need to unlink Brew version if previously installed with Brew. 3. Start Lima with nested virtualization enabledUse VZ driver and enabled nested virtualization. The vmType: vz
nestedVirtualization: true4. Validate nested virtualization in Lima VMEnter the Lima VM with If the VM is running Ubuntu, you can install |
abiosoft
force-pushed
the
vz-nested-virtualization
branch
from
25bd2b7 to
bc39aed
Compare
nirs
reviewed
Sep 17, 2024
|
|
||
| if macOSProductVersion.LessThan(*semver.New("15.0.0")) { | ||
| return fmt.Errorf("nested virtualization requires macOS 15 or newer") | ||
| } |
There was a problem hiding this comment.
It will be little nicer to add a helper like isNestedVirtualiztionAvailable() with these checks. This can also be implemented for linux, so it can be a common interface for all platforms.
|
I was able to create a Lima VM with KVM support with your testing instructions. Very cool. Thank you for working on this. |
|
CI is failing https://github.com/lima-vm/lima/actions/runs/10903645853/job/30258186834?pr=2530 |
Yes, that is because the upstream PR is not yet merged and that is why I made it a draft PR. |
abiosoft
force-pushed
the
vz-nested-virtualization
branch
4 times, most recently
from
b5f9998 to
eb784b8
Compare
abiosoft
force-pushed
the
vz-nested-virtualization
branch
from
eb784b8 to
ddefc80
Compare
|
Code-Hex/vz#159 remains still unreviewed, maybe the repo should be forked? |
|
abiosoft
force-pushed
the
vz-nested-virtualization
branch
2 times, most recently
from
c574b0b to
d0a8131
Compare
Signed-off-by: Abiola Ibrahim <[email protected]>
abiosoft
force-pushed
the
vz-nested-virtualization
branch
from
d0a8131 to
10a60fe
Compare
|
The failing test does not appear related to the code change and it appears to run Lima successfully https://github.com/lima-vm/lima/actions/runs/11231643603/job/31221517661?pr=2530#step:10:1133. 😕 |
This unfortunately happens all the time, and we are retriggering failed test many times each day. 😞 |
|
CI is green on the master, but this PR seems failing 4 times. Maybe the failure is caused by another recent change in vz? |
|
CI is now green, let's merge it |
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
Dec 13, 2024
⚠️ **CAUTION: this is a major update, indicating a breaking change!**⚠️ This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lima-vm/lima](https://github.com/lima-vm/lima) | major | `v0.23.2` -> `v1.0.2` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lima-vm/lima (lima-vm/lima)</summary> ### [`v1.0.2`](https://github.com/lima-vm/lima/releases/tag/v1.0.2) [Compare Source](lima-vm/lima@v1.0.1...v1.0.2) #### Changes - DNS: - Fixed the host resolver regression in v1.0.0 [#​2939](lima-vm/lima#2939) ([#​2964](lima-vm/lima#2964)) - `limactl create`: - Fixed races during parallel downloads ([#​2903](lima-vm/lima#2903), thanks to [@​nirs](https://github.com/nirs)) - Optimized qcow2-to-raw conversion for vz mode ([#​2933](lima-vm/lima#2933), thanks to [@​nirs](https://github.com/nirs)) - `limactl start-at-login`: - Fixed the support for Linux hosts (systemd) ([#​2943](lima-vm/lima#2943), thanks to [@​kachick](https://github.com/kachick)) - nerdctl: - Updated to [v2.0.1](https://github.com/containerd/nerdctl/releases/tag/v2.0.1) ([#​2966](lima-vm/lima#2966)) - Templates: - Updated to the latest revisions ([#​2936](lima-vm/lima#2936) [#​2953](lima-vm/lima#2953), thanks to [@​tcooper](https://github.com/tcooper)) - Web site: - Added an example of running Lima on GitHub Actions to run commands on non-Ubuntu ([#​2954](lima-vm/lima#2954)): https://lima-vm.io/docs/examples/gha/ - Project: - Invite Nir Soffer ([@​nirs](https://github.com/nirs)) as a Reviewer ([#​2916](lima-vm/lima#2916), thanks to [@​jandubois](https://github.com/jandubois)) Full changes: https://github.com/lima-vm/lima/milestone/51?closed=1 Thanks to [@​SpiffyEight77](https://github.com/SpiffyEight77) [@​alexandear](https://github.com/alexandear) [@​jandubois](https://github.com/jandubois) [@​kachick](https://github.com/kachick) [@​nirs](https://github.com/nirs) [@​norio-nomura](https://github.com/norio-nomura) [@​tamird](https://github.com/tamird) [@​tcooper](https://github.com/tcooper) #### Usage ```console [macOS]$ limactl create [macOS]$ limactl start ... INFO[0029] READY. Run `lima` to open the shell. [macOS]$ lima uname Linux ``` *** The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/12134682585 The sha256sum of the SHA256SUMS file itself is `02ef78494c498ca4180915ba78d5e2fc471ed401f63dfb2b5864c3711f3c0fb2` . *** Release manager: [@​AkihiroSuda](https://github.com/AkihiroSuda) ### [`v1.0.1`](https://github.com/lima-vm/lima/releases/tag/v1.0.1) [Compare Source](lima-vm/lima@v1.0.0...v1.0.1) Reverted the default port forwarder from gRPC to SSH for the stability reason ([#​2864](lima-vm/lima#2864)). This reversion fixes several regressions related to `docker run -p` in Lima v1.0.0 ([#​2859](lima-vm/lima#2859)). Although the gRPC forwarder is faster and has an advanced feature (UDP support), it turned out to be still immature. Set `LIMA_SSH_PORT_FORWARDER=false` to opt-in to the gRPC forwarder. See <https://lima-vm.io/docs/config/port/>. Full changes: https://github.com/lima-vm/lima/milestone/50?closed=1 Thanks to [@​alexandear](https://github.com/alexandear) [@​jandubois](https://github.com/jandubois) [@​norio-nomura](https://github.com/norio-nomura) #### Usage ```console [macOS]$ limactl create [macOS]$ limactl start ... INFO[0029] READY. Run `lima` to open the shell. [macOS]$ lima uname Linux ``` *** The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/11735352652 The sha256sum of the SHA256SUMS file itself is `f5c12d003e25dc46291803a8acae9e9d325a45eca0c1f9f40bd6852ec8ed9be1` . *** Release manager: [@​AkihiroSuda](https://github.com/AkihiroSuda) ### [`v1.0.0`](https://github.com/lima-vm/lima/releases/tag/v1.0.0) [Compare Source](lima-vm/lima@v0.23.2...v1.0.0) With the support from 110+ contributors in 3+ years, the Lima project has finally reached v1.0. 🎉 This release introduces several breaking changes, such as switching the default machine driver from QEMU to VZ for better filesystem performance. The `limactl` CLI is designed to print hints when the user hits those breaking changes. e.g., `limactl create template://experimental/vz` now fails with a hint that suggests using `limactl create --vm-type=vz template://default` instead. 🔴 = Major breaking changes 🟡 = Minor breaking changes - VZ: - Graduate VZ machine driver from experimental ([#​2758](lima-vm/lima#2758)) - 🔴 Use VZ by default for new instances on macOS >= 13.5 ([#​1951](lima-vm/lima#1951)) - Support nested virtualization on M3 ([#​2530](lima-vm/lima#2530), thanks to [@​abiosoft](https://github.com/abiosoft)) - Optimize qcow2-to-raw image conversion (lima-vm/go-qcow2reader@v0.1.2...v0.4.0 , thanks to [@​nirs](https://github.com/nirs)) - Support specifying a custom kernel ([#​2562](lima-vm/lima#2562), thanks to [@​norio-nomura](https://github.com/norio-nomura)) - QEMU: - Graduate 9p mount driver from experimental ([#​2758](lima-vm/lima#2758)) - 🔴 Use 9p by default for most templates ([#​1953](lima-vm/lima#1953), [#​2822](lima-vm/lima#2822)) - riscv64: switch from u-boot to EDK2 ([#​2592](lima-vm/lima#2592)) - Network: - Graduate user-v2 network driver from experimental ([#​2758](lima-vm/lima#2758)) - Support UDP port forwarding ([#​2411](lima-vm/lima#2411), thanks to [@​balajiv113](https://github.com/balajiv113)) - 🔴 Strictly require `socket_vmnet` binary to be owned by root ([#​2734](lima-vm/lima#2734)) - SSH: - 🟡 Disable `ssh.loadDotSSHPubKeys` by default ([#​2706](lima-vm/lima#2706)) - YAML: - Support generating jsonschema ([#​2306](lima-vm/lima#2306), thanks to [@​afbjorklund](https://github.com/afbjorklund)) - Support specifying `param` for provisioning scripts ([#​2570](lima-vm/lima#2570), thanks to [@​jandubois](https://github.com/jandubois)) - Support specifying `minimumLimaVersion` and `vmOpts.qemu.minimumVersion` ([#​2659](lima-vm/lima#2659), thanks to [@​jandubois](https://github.com/jandubois)) - Support template expansion in mounts ([#​2588](lima-vm/lima#2588), thanks to [@​norio-nomura](https://github.com/norio-nomura)) - `limactl` CLI: - Add `limactl tunnel` command so as to allow the host to join the guest network ([#​2710](lima-vm/lima#2710)) - Add `--log-format=json` ([#​2584](lima-vm/lima#2584), thanks to [@​nirs](https://github.com/nirs)) - `limactl prune`: Add `--keep-referred` ([#​2569](lima-vm/lima#2569), thanks to [@​norio-nomura](https://github.com/norio-nomura)) - nerdctl: - Updated to [v2.0.0](https://github.com/containerd/nerdctl/releases/tag/v2.0.0) ([#​2178](lima-vm/lima#2178)) - rootless: allocate 1G subuids from 524288 (0x80000) for new users ([#​2725](lima-vm/lima#2725)) - Templates: - 🔴 `experimental/vz`: Merged into the `default` template ([#​2730](lima-vm/lima#2730), [#​2736](lima-vm/lima#2736)) - 🟡 `experimental/{riscv64, armv7l}`: Merged into the `default` template ([#​2730](lima-vm/lima#2730), [#​2736](lima-vm/lima#2736)) - 🔴 `vmnet`: Removed in favor of `limactl create --network=lima:shared template://default` ([#​2736](lima-vm/lima#2736)) - 🟡 `experimental/net-user-v2`: Removed in favor of `limactl create --network=lima:user-v2 template://default` ([#​2736](lima-vm/lima#2736)) - 🔴 `experimental/9p`: Removed in favor of `limactl create --mount-type=9p template://default` ([#​2736](lima-vm/lima#2736)) - 🟡 `experimental/virtiofs-linux`: Removed in favor of `limactl create --mount-type=virtiofs template://default` ([#​2736](lima-vm/lima#2736)) - 🔴 `alpine`: Renamed to `alpine-iso` ([#​2704](lima-vm/lima#2704)) - 🔴 `alpine-image`: Renamed to `alpine` ([#​2704](lima-vm/lima#2704)) - `archlinux`: Demoted from Tier 1 to Tier 2 ([#​2717](lima-vm/lima#2717), [#​2823](lima-vm/lima#2823)) - `default`, `ubuntu`, ...: Updated to Ubuntu 24.10. The older versions are available as `ubuntu-20.04`, `ubuntu-22.04`, and `ubuntu-24.04` ([#​2755](lima-vm/lima#2755), [#​2795](lima-vm/lima#2795)) - `fedora`: Updated to Fedora 41 ([#​2821](lima-vm/lima#2821), [#​2822](lima-vm/lima#2822), thanks to [@​subpop](https://github.com/subpop)) - `opensuse`: Renamed to `opensuse-leap`. Still aliased as `opensuse` ([#​2612](lima-vm/lima#2612), thanks to [@​afbjorklund](https://github.com/afbjorklund)) - `experimental/opensuse-tumbleweed`: Support aarch64 ([#​2613](lima-vm/lima#2613), thanks to [@​afbjorklund](https://github.com/afbjorklund)) - `hack/update-template.sh` is added for automating updates ([#​1347](lima-vm/lima#1347), thanks to [@​norio-nomura](https://github.com/norio-nomura)) - Project: - Invite Norio Nomura ([@​norio-nomura](https://github.com/norio-nomura)) as a Reviewer ([#​2567](lima-vm/lima#2567)) Full changes: https://github.com/lima-vm/lima/milestone/47?closed=1 Thanks to [@​AdamKorcz](https://github.com/AdamKorcz) [@​Mr-Sunglasses](https://github.com/Mr-Sunglasses) [@​SmartManoj](https://github.com/SmartManoj) [@​YorikSar](https://github.com/YorikSar) [@​abiosoft](https://github.com/abiosoft) [@​afbjorklund](https://github.com/afbjorklund) [@​alexandear](https://github.com/alexandear) [@​balajiv113](https://github.com/balajiv113) [@​hasan4791](https://github.com/hasan4791) [@​jandubois](https://github.com/jandubois) [@​nirs](https://github.com/nirs) [@​norio-nomura](https://github.com/norio-nomura) [@​pvdvreede](https://github.com/pvdvreede) [@​subpop](https://github.com/subpop) [@​tsukasaI](https://github.com/tsukasaI) #### Usage ```console [macOS]$ limactl create [macOS]$ limactl start ... INFO[0029] READY. Run `lima` to open the shell. [macOS]$ lima uname Linux ``` *** The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/11695321667 The sha256sum of the SHA256SUMS file itself is `4bd200a163111fe78c6f3e6de405113d416053802fe1507597f9a42f89a98c90` . *** Release manager: [@​AkihiroSuda](https://github.com/AkihiroSuda) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
|
Hi all, |
|
Already available since v1.0.0 (last November) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for nested virtualization for the VZ driver via the
nestedVirtualizationyaml config.It is dependent on upstream PR Code-Hex/vz#159 getting merged.VZ has been forked lima-vm/vz#1.Nested virtualization is currently limited to m3 devices running macOS 15 or newer.