Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow overriding Lima YAML config #69

Open
scalp42 opened this issue Nov 25, 2021 · 15 comments
Open

Allow overriding Lima YAML config #69

scalp42 opened this issue Nov 25, 2021 · 15 comments

Comments

@scalp42
Copy link

scalp42 commented Nov 25, 2021

Hi there,

Thank you again for the project.

Would it be possible to allow passing a YAML to either completely replace the default Lima config or override (think merging with your YAML config)?

The issue is that there's no way to modify networks for example (and would not be a good idea imo to port to CLI args).

Let me know your thoughts.

Cheers

@abiosoft
Copy link
Owner

Hi, thanks for the suggestion.

May I know your use-case. Is there any reason you want to modify the network other than for an accessible IP address?

@scalp42
Copy link
Author

scalp42 commented Dec 1, 2021

Here's a generic use case:

  1. Spin up a VM in Parallels, say Ubuntu and install redis-cli.
  2. Spin a QEMU VM through Colima, pull and run a Redis container.
  3. Allow redis-cli inside Parallels VM to talk to redis server on Colima side pretty much.

Besides this simple example, in reality, we make heavy use of Test-Kitchen to drive the Parallels VMs:

  - name: client-with-acls-1
    run_list:
      - recipe[my-consul]
    driver:
      pre_create_command: docker-compose up -d consul-server-acl || true
      network:
        - ["private_network", { ip: "192.168.99.103" } ]
    attributes:
        discovery:
          type: manual
          manual:
            - <%= ENV.fetch('DOCKER_IP', '192.168.99.100') %>

In this simple example, on an Intel based macbook, it'd allow a Consul client running inside a Virtualbox VM to access a Consul server inside a container from a docker-machine VM (Virtualbox as well).

There are plenty of other settings that would be just too much to port to CLI flags but I'm hoping it makes sense

Let me know, thank you again.

@jandubois
Copy link

@scalp42 I'm currently working on a PR that allows you to override lima.yaml settings globally: lima-vm/lima#436

I think this would probably work for you, but a potential issue might be that these are overrides that apply to all VMs inside the same LIMA_HOME directory.

@abiosoft
Copy link
Owner

abiosoft commented Dec 1, 2021

@scalp42 I can understand better now.

And thanks @jandubois for the config override feature.

I will hold on a bit until the feature is merged upstream and explore the capabilities.

@scalp42
Copy link
Author

scalp42 commented Dec 1, 2021

Thanks for the quick update @jandubois, I think that'd be half the battle. Definitely better at this time than nothing.

The other thing we've considered is to "backport" some of the Go logic in Colima back to plain Lima with custom YAMLs if that makes sense and look into https://github.com/lima-vm/lima/blob/master/docs/network.md but haven't had the chance yet.

The end goal of all this is to be able to test configuration management cookbooks but still bootstrap/speed up some of the process by pulling Docker containers rather than installing everything inside the same VM. Gains in speed on the workflow are huge (say at scale).

At last, thank you for all the work, you're all appreciated behind the scenes ❤️

@jandubois
Copy link

"backport" some of the Go logic in Colima back to plain Lima with custom YAMLs if that makes sense

I would find it helpful if you could write up how you would like to see the networks functionality expanded, especially in the context of having multiple VMs sharing networks. I wrote the networks implementation in Lima and would like to discuss any changes you want to make before you spend the effort, to make sure it all works together in different scenarios.

@scalp42
Copy link
Author

scalp42 commented Dec 1, 2021

Sounds good, I'm hoping I can spend some time focusing on testing all-the-things (I'll be on PTO soon). I'm more in a "baby steps" mode as time is limited and I end up switching to Intel one and switching back to M1X once I'm done.

I'll definitely update once I find a solution that works well (and again https://github.com/lima-vm/vde_vmnet might be perfectly fine, I just need to find time to "hack" around the multi VMs issue and make it work).

@abiosoft
Copy link
Owner

abiosoft commented Dec 1, 2021

"backport" some of the Go logic in Colima back to plain Lima with custom YAMLs if that makes sense

I would find it helpful if you could write up how you would like to see the networks functionality expanded, especially in the context of having multiple VMs sharing networks. I wrote the networks implementation in Lima and would like to discuss any changes you want to make before you spend the effort, to make sure it all works together in different scenarios.

I am also interested in this. This could open up possibilities of many network related features e.g. clustering.

@kamazee
Copy link

kamazee commented Dec 21, 2021

Another use-case I have in mind: adding a provision section. I need to put a corporate CA certificate into virtual machine's certificate store because it's the only way to download images over https; lima's provision looks like just the right tool for the job.

@jandubois
Copy link

The override.yaml mechanism is available with lima v0.8.0 and will work fine for provisioning scripts. The scripts from override.yaml will be executed before any provisioning scripts from lima.yaml, so any installed certificates will already be in place for the regular provisioning scripts.

@kamazee
Copy link

kamazee commented Dec 28, 2021

Thanks, that's exactly what I ended up doing after some googling :)
The reason why I left a comment here is that I'm not sure that it's fine to manipulate lima directly which is kind of "under the hood" part of colima, so I'd probably be more confortable if colima provided a way to do it explicitly. I admit it's not a strong point, though; just a thought to share.

@marcindulak
Copy link

To understand this issue better: we refer to ~/.lima/colima/lima.yaml, created at colima start?

Will this override mechanism allow one also to change the hard-coded vm images from https://github.com/abiosoft/alpine-lima to something else? The change to https://github.com/abiosoft/alpine-lima happened in d99e306#diff-d08e8a0e6744830c2cdd1eca2e9bdb19b6e0b16ce4b1c41f6f6bae2bea92f05fL19-R21

@jandubois
Copy link

To understand this issue better: we refer to ~/.lima/colima/lima.yaml, created at colima start?

Yes

Will this override mechanism allow one also to change the hard-coded vm images from https://github.com/abiosoft/alpine-lima to something else?

Theoretically it does, but I suspect that colima will have dependencies on the images baked into the code, so it probably won't work. This is just conjecture from me; I'm not familiar with the colima code; just the lima base.

@abiosoft
Copy link
Owner

Will this override mechanism allow one also to change the hard-coded vm images from https://github.com/abiosoft/alpine-lima to something else? The change to https://github.com/abiosoft/alpine-lima happened in d99e306#diff-d08e8a0e6744830c2cdd1eca2e9bdb19b6e0b16ce4b1c41f6f6bae2bea92f05fL19-R21

@marcindulak Yeah, you can override that. However, successful startup is not guaranteed as some assumptions are made with the image.

If I may ask, what image do you want to use or what are you trying to achieve?

@marcindulak
Copy link

Will this override mechanism allow one also to change the hard-coded vm images from https://github.com/abiosoft/alpine-lima to something else? The change to https://github.com/abiosoft/alpine-lima happened in d99e306#diff-d08e8a0e6744830c2cdd1eca2e9bdb19b6e0b16ce4b1c41f6f6bae2bea92f05fL19-R21

@marcindulak Yeah, you can override that. However, successful startup is not guaranteed as some assumptions are made with the image.

If I may ask, what image do you want to use or what are you trying to achieve?

In some environments, fetching images from github won't be allowed. Only "known" images are accepted (Ubuntu as a vendor will be ok) when their digest is verified. This is to prevent launching of unknown images.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants