Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

limactl: add tunnel command (experimental) #2710

Merged
merged 2 commits into from
Oct 28, 2024
Merged

limactl: add tunnel command (experimental) #2710

merged 2 commits into from
Oct 28, 2024

Conversation

AkihiroSuda
Copy link
Member 

$ limactl tunnel --help
Create a tunnel for Lima

Create a SOCKS tunnel so that the host can join the guest network.

Usage:
  limactl tunnel [flags] INSTANCE

Flags:
  -h, --help             help for tunnel
      --socks-port int   SOCKS port, defaults to a random port
      --type string      Tunnel type, currently only "socks" is implemented (default "socks")

Global Flags:
      --debug               debug mode
      --log-format string   Set the logging format [text, json] (default "text")
      --log-level string    Set the logging level [trace, debug, info, warn, error]
      --tty                 Enable TUI interactions such as opening an editor. Defaults to true when stdout is a terminal. Set to false for automation. (default true)

$ limactl tunnel default
Open <System Settings> → <Network> → <Wi-Fi> (or whatever) → <Details> → <Proxies> → <SOCKS proxy>,
and specify the following configuration:
- Server: 127.0.0.1
- Port: 54940
The instance can be connected from the host as <http://lima-default.internal> via a web browser.

$ curl --proxy socks5h://127.0.0.1:54940 http://lima-default.internal
<!DOCTYPE html>
[...]

@AkihiroSuda AkihiroSuda added the area/cli limactl CLI user experience label Oct 9, 2024
@AkihiroSuda AkihiroSuda added this to the v1.0 milestone Oct 9, 2024
@balajiv113
Copy link
Member

Does this also allows connecting to other VM in case of user-v2 network ?

@AkihiroSuda
Copy link
Member Author

Does this also allows connecting to other VM in case of user-v2 network ?

Yes

@AkihiroSuda AkihiroSuda requested review from a team and jandubois October 15, 2024 07:41
balajiv113
balajiv113 reviewed Oct 21, 2024
View reviewed changes
Copy link
Member

@balajiv113 balajiv113 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes looks good for me for now.

I was thinking if providing 1 tunnel for every instance is confusing. Rather shouldn't we provide 1 for every network instance (like user-v2).

@AkihiroSuda
Copy link
Member Author

The changes looks good for me for now.

I was thinking if providing 1 tunnel for every instance is confusing. Rather shouldn't we provide 1 for every network instance (like user-v2).

Yes, but its implementation might not be straightforward.
I guess I should take some portion from my previous project https://norouter.io

@AkihiroSuda AkihiroSuda removed this from the v1.0 milestone Oct 21, 2024
@AkihiroSuda AkihiroSuda marked this pull request as draft October 21, 2024 14:16
@AkihiroSuda AkihiroSuda mentioned this pull request Oct 22, 2024
Draft
@AkihiroSuda
Copy link
Member Author

The changes looks good for me for now.

I was thinking if providing 1 tunnel for every instance is confusing. Rather shouldn't we provide 1 for every network instance (like user-v2).

I wrote a POC, but seems much worse

Usage:

curl \
  --proxy socks5h://localhost/$HOME/.lima/_networks/user-v2/user-v2_socks.sock \
  192.168.104.4

This is similar to the limactl tunnel proposal (PR #2710). While PR #2710 creates a proxy per an instance, this commit creates a proxy per a user-v2 network.

Remarks:

Overall, PR #2710 might be better than this commit, as PR #2710 works for any network driver, does not need an additional DNS resolver, and does not incur additional go.mod deps.

@AkihiroSuda AkihiroSuda marked this pull request as ready for review October 22, 2024 18:52
@AkihiroSuda
Copy link
Member Author

Maybe limactl tunnel may have limactl tunnel --target=instance INSTANCE (default?) and limactl tunnel --target=network NETWORK to support the both concepts

@AkihiroSuda AkihiroSuda added this to the v1.0 milestone Oct 22, 2024
balajiv113
balajiv113 reviewed Oct 25, 2024
View reviewed changes
cmd/limactl/tunnel.go
fmt.Fprintf(stdout, "The instance can be connected from the host as <http://lima-%s.internal> via a web browser.\n", inst.Name)

// TODO: show the port in `limactl list --json` ?
// TODO: add `--stop` flag to shut down the tunnel
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we planning to address these todo now or later release ??

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Later.
So probably this should be marked as experimental

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the PR to mark the command experimental

@AkihiroSuda
hostagent: split pkg/freeport
7a1d74a 
Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda
limactl: add tunnel command
b34267c 
```console
$ limactl tunnel default
Open <System Settings> → <Network> → <Wi-Fi> (or whatever) → <Details> → <Proxies> → <SOCKS proxy>,
and specify the following configuration:
- Server: 127.0.0.1
- Port: 54940
The instance can be connected from the host as <http://lima-default.internal> via a web browser.

$ curl --proxy socks5h://127.0.0.1:54940 http://lima-default.internal
<!DOCTYPE html>
[...]
```

Signed-off-by: Akihiro Suda <[email protected]>
@AkihiroSuda AkihiroSuda changed the title limactl: add tunnel command limactl: add tunnel command (experimental) Oct 25, 2024
balajiv113
balajiv113 approved these changes Oct 25, 2024
View reviewed changes
Copy link
Member

@balajiv113 balajiv113 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@AkihiroSuda AkihiroSuda merged commit 1f5b94d into lima-vm:master Oct 28, 2024
28 checks passed
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Dec 13, 2024
@tmeijn
build(deps): update lima-vm/lima to v1
f5eeb8e 
⚠️ **CAUTION: this is a major update, indicating a breaking change!** ⚠️

This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [lima-vm/lima](https://github.com/lima-vm/lima) | major | `v0.23.2` -> `v1.0.2` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>lima-vm/lima (lima-vm/lima)</summary>

### [`v1.0.2`](https://github.com/lima-vm/lima/releases/tag/v1.0.2)

[Compare Source](lima-vm/lima@v1.0.1...v1.0.2)

#### Changes

-   DNS:
    -   Fixed the host resolver regression in v1.0.0 [#&#8203;2939](lima-vm/lima#2939) ([#&#8203;2964](lima-vm/lima#2964))

-   `limactl create`:
    -   Fixed races during parallel downloads ([#&#8203;2903](lima-vm/lima#2903), thanks to [@&#8203;nirs](https://github.com/nirs))
    -   Optimized qcow2-to-raw conversion for vz mode ([#&#8203;2933](lima-vm/lima#2933), thanks to [@&#8203;nirs](https://github.com/nirs))

-   `limactl start-at-login`:
    -   Fixed the support for Linux hosts (systemd) ([#&#8203;2943](lima-vm/lima#2943), thanks to [@&#8203;kachick](https://github.com/kachick))

-   nerdctl:
    -   Updated to [v2.0.1](https://github.com/containerd/nerdctl/releases/tag/v2.0.1) ([#&#8203;2966](lima-vm/lima#2966))

-   Templates:
    -   Updated to the latest revisions ([#&#8203;2936](lima-vm/lima#2936) [#&#8203;2953](lima-vm/lima#2953), thanks to [@&#8203;tcooper](https://github.com/tcooper))

-   Web site:
    -   Added an example of running Lima on GitHub Actions to run commands on non-Ubuntu ([#&#8203;2954](lima-vm/lima#2954)): https://lima-vm.io/docs/examples/gha/

-   Project:
    -   Invite Nir Soffer ([@&#8203;nirs](https://github.com/nirs)) as a Reviewer ([#&#8203;2916](lima-vm/lima#2916), thanks to [@&#8203;jandubois](https://github.com/jandubois))

Full changes: https://github.com/lima-vm/lima/milestone/51?closed=1
Thanks to [@&#8203;SpiffyEight77](https://github.com/SpiffyEight77) [@&#8203;alexandear](https://github.com/alexandear) [@&#8203;jandubois](https://github.com/jandubois) [@&#8203;kachick](https://github.com/kachick) [@&#8203;nirs](https://github.com/nirs) [@&#8203;norio-nomura](https://github.com/norio-nomura) [@&#8203;tamird](https://github.com/tamird) [@&#8203;tcooper](https://github.com/tcooper)

#### Usage

```console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux
```

***

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/12134682585

The sha256sum of the SHA256SUMS file itself is `02ef78494c498ca4180915ba78d5e2fc471ed401f63dfb2b5864c3711f3c0fb2` .

***

Release manager: [@&#8203;AkihiroSuda](https://github.com/AkihiroSuda)

### [`v1.0.1`](https://github.com/lima-vm/lima/releases/tag/v1.0.1)

[Compare Source](lima-vm/lima@v1.0.0...v1.0.1)

Reverted the default port forwarder from gRPC to SSH for the stability reason ([#&#8203;2864](lima-vm/lima#2864)).
This reversion fixes several regressions related to `docker run -p` in Lima v1.0.0 ([#&#8203;2859](lima-vm/lima#2859)).

Although the gRPC forwarder is faster and has an advanced feature (UDP support), it turned out to be still immature.
Set `LIMA_SSH_PORT_FORWARDER=false` to opt-in to the gRPC forwarder.
See <https://lima-vm.io/docs/config/port/>.

Full changes: https://github.com/lima-vm/lima/milestone/50?closed=1
Thanks to [@&#8203;alexandear](https://github.com/alexandear) [@&#8203;jandubois](https://github.com/jandubois) [@&#8203;norio-nomura](https://github.com/norio-nomura)

#### Usage

```console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux
```

***

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/11735352652

The sha256sum of the SHA256SUMS file itself is `f5c12d003e25dc46291803a8acae9e9d325a45eca0c1f9f40bd6852ec8ed9be1` .

***

Release manager: [@&#8203;AkihiroSuda](https://github.com/AkihiroSuda)

### [`v1.0.0`](https://github.com/lima-vm/lima/releases/tag/v1.0.0)

[Compare Source](lima-vm/lima@v0.23.2...v1.0.0)

With the support from 110+ contributors in 3+ years, the Lima project has finally reached v1.0. 🎉

This release introduces several breaking changes, such as switching the default machine driver from QEMU to VZ for better filesystem performance.

The `limactl` CLI is designed to print hints when the user hits those breaking changes.
e.g., `limactl create template://experimental/vz` now fails with a hint that suggests using `limactl create --vm-type=vz template://default` instead.

🔴 = Major breaking changes
🟡 = Minor breaking changes

-   VZ:
    -   Graduate VZ machine driver from experimental ([#&#8203;2758](lima-vm/lima#2758))
    -   🔴 Use VZ by default for new instances on macOS >= 13.5 ([#&#8203;1951](lima-vm/lima#1951))
    -   Support nested virtualization on M3 ([#&#8203;2530](lima-vm/lima#2530), thanks to [@&#8203;abiosoft](https://github.com/abiosoft))
    -   Optimize qcow2-to-raw image conversion (lima-vm/go-qcow2reader@v0.1.2...v0.4.0 , thanks to [@&#8203;nirs](https://github.com/nirs))
    -   Support specifying a custom kernel ([#&#8203;2562](lima-vm/lima#2562), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   QEMU:
    -   Graduate 9p mount driver from experimental ([#&#8203;2758](lima-vm/lima#2758))
    -   🔴 Use 9p by default for most templates ([#&#8203;1953](lima-vm/lima#1953), [#&#8203;2822](lima-vm/lima#2822))
    -   riscv64: switch from u-boot to EDK2 ([#&#8203;2592](lima-vm/lima#2592))

-   Network:
    -   Graduate user-v2 network driver from experimental ([#&#8203;2758](lima-vm/lima#2758))
    -   Support UDP port forwarding ([#&#8203;2411](lima-vm/lima#2411), thanks to [@&#8203;balajiv113](https://github.com/balajiv113))
    -   🔴 Strictly require `socket_vmnet` binary to be owned by root ([#&#8203;2734](lima-vm/lima#2734))

-   SSH:
    -   🟡 Disable `ssh.loadDotSSHPubKeys` by default ([#&#8203;2706](lima-vm/lima#2706))

-   YAML:
    -   Support generating jsonschema ([#&#8203;2306](lima-vm/lima#2306), thanks to [@&#8203;afbjorklund](https://github.com/afbjorklund))
    -   Support specifying `param` for provisioning scripts ([#&#8203;2570](lima-vm/lima#2570), thanks to [@&#8203;jandubois](https://github.com/jandubois))
    -   Support specifying `minimumLimaVersion` and `vmOpts.qemu.minimumVersion` ([#&#8203;2659](lima-vm/lima#2659), thanks to [@&#8203;jandubois](https://github.com/jandubois))
    -   Support template expansion in mounts ([#&#8203;2588](lima-vm/lima#2588), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   `limactl` CLI:
    -   Add `limactl tunnel` command so as to allow the host to join the guest network ([#&#8203;2710](lima-vm/lima#2710))
    -   Add `--log-format=json` ([#&#8203;2584](lima-vm/lima#2584), thanks to [@&#8203;nirs](https://github.com/nirs))
    -   `limactl prune`: Add `--keep-referred` ([#&#8203;2569](lima-vm/lima#2569), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   nerdctl:
    -   Updated to [v2.0.0](https://github.com/containerd/nerdctl/releases/tag/v2.0.0) ([#&#8203;2178](lima-vm/lima#2178))
    -   rootless: allocate 1G subuids from 524288 (0x80000) for new users ([#&#8203;2725](lima-vm/lima#2725))

-   Templates:
    -   🔴 `experimental/vz`: Merged into the `default` template ([#&#8203;2730](lima-vm/lima#2730), [#&#8203;2736](lima-vm/lima#2736))
    -   🟡 `experimental/{riscv64, armv7l}`: Merged into the `default` template ([#&#8203;2730](lima-vm/lima#2730), [#&#8203;2736](lima-vm/lima#2736))
    -   🔴 `vmnet`: Removed in favor of `limactl create --network=lima:shared template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🟡 `experimental/net-user-v2`: Removed in favor of `limactl create --network=lima:user-v2 template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🔴 `experimental/9p`: Removed in favor of `limactl create --mount-type=9p template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🟡 `experimental/virtiofs-linux`: Removed in favor of `limactl create --mount-type=virtiofs template://default` ([#&#8203;2736](lima-vm/lima#2736))
    -   🔴 `alpine`: Renamed to `alpine-iso` ([#&#8203;2704](lima-vm/lima#2704))
    -   🔴 `alpine-image`: Renamed to `alpine` ([#&#8203;2704](lima-vm/lima#2704))
    -   `archlinux`: Demoted from Tier 1 to Tier 2 ([#&#8203;2717](lima-vm/lima#2717), [#&#8203;2823](lima-vm/lima#2823))
    -   `default`, `ubuntu`, ...: Updated to Ubuntu 24.10. The older versions are available as `ubuntu-20.04`, `ubuntu-22.04`, and `ubuntu-24.04` ([#&#8203;2755](lima-vm/lima#2755), [#&#8203;2795](lima-vm/lima#2795))
    -   `fedora`: Updated to Fedora 41 ([#&#8203;2821](lima-vm/lima#2821), [#&#8203;2822](lima-vm/lima#2822), thanks to [@&#8203;subpop](https://github.com/subpop))
    -   `opensuse`: Renamed to `opensuse-leap`. Still aliased as `opensuse` ([#&#8203;2612](lima-vm/lima#2612), thanks to [@&#8203;afbjorklund](https://github.com/afbjorklund))
    -   `experimental/opensuse-tumbleweed`: Support aarch64 ([#&#8203;2613](lima-vm/lima#2613), thanks to [@&#8203;afbjorklund](https://github.com/afbjorklund))
    -   `hack/update-template.sh` is added for automating updates ([#&#8203;1347](lima-vm/lima#1347), thanks to [@&#8203;norio-nomura](https://github.com/norio-nomura))

-   Project:
    -   Invite Norio Nomura ([@&#8203;norio-nomura](https://github.com/norio-nomura)) as a Reviewer ([#&#8203;2567](lima-vm/lima#2567))

Full changes: https://github.com/lima-vm/lima/milestone/47?closed=1
Thanks to [@&#8203;AdamKorcz](https://github.com/AdamKorcz) [@&#8203;Mr-Sunglasses](https://github.com/Mr-Sunglasses) [@&#8203;SmartManoj](https://github.com/SmartManoj) [@&#8203;YorikSar](https://github.com/YorikSar) [@&#8203;abiosoft](https://github.com/abiosoft) [@&#8203;afbjorklund](https://github.com/afbjorklund) [@&#8203;alexandear](https://github.com/alexandear) [@&#8203;balajiv113](https://github.com/balajiv113) [@&#8203;hasan4791](https://github.com/hasan4791) [@&#8203;jandubois](https://github.com/jandubois) [@&#8203;nirs](https://github.com/nirs) [@&#8203;norio-nomura](https://github.com/norio-nomura) [@&#8203;pvdvreede](https://github.com/pvdvreede) [@&#8203;subpop](https://github.com/subpop) [@&#8203;tsukasaI](https://github.com/tsukasaI)

#### Usage

```console
[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux
```

***

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/11695321667

The sha256sum of the SHA256SUMS file itself is `4bd200a163111fe78c6f3e6de405113d416053802fe1507597f9a42f89a98c90` .

***

Release manager: [@&#8203;AkihiroSuda](https://github.com/AkihiroSuda)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiXX0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balajiv113 balajiv113 balajiv113 approved these changes

@jandubois jandubois Awaiting requested review from jandubois

Assignees
No one assigned
Labels
area/cli limactl CLI user experience
Projects
None yet
Milestone
v1.0
Development

Successfully merging this pull request may close these issues.
2 participants
@AkihiroSuda @balajiv113