1. 1. 什么是Lima
    1. 1. 功能
  2. 2. 快速开始
    1. 1. 安装
  3. 3. Intel Mac
    1. 1. Debian自定义配置
    2. 2. 启动lima虚拟机
    3. 3. 容器使用
      1. 1. 运行容器
  4. 4. 类似docker run
  5. 5. 类型docker ps
    1. 1. 其他
    2. 2. 附录
      1. 1. 配置说明
  6. 6. /Users/ysicing/.lima/default/lima.yaml
  7. 7. ===================================================================== #
  8. 8. BASIC CONFIGURATION
  9. 9. ===================================================================== #
  10. 10. Arch: "default", "x86_64", "aarch64".
  11. 11. "default" corresponds to the host architecture.
  12. 12. An image must support systemd and cloud-init.
  13. 13. Ubuntu and Fedora are known to work.
  14. 14. Default: none (must be specified)
  15. 15. Try to use a local image first.
  16. 16. Download the file from the internet when the local file is missing.
  17. 17. Hint: run `limactl prune` to invalidate the "current" cache
  18. 18. CPUs: if you see performance issues, try limiting cpus to 1.
  19. 19. Default: 4
  20. 20. Memory size
  21. 21. Default: "4GiB"
  22. 22. Disk size
  23. 23. Default: "100GiB"
  24. 24. Expose host directories to the guest
  25. 25. Default: none
  26. 26. A localhost port of the host. Forwarded to port 22 of the guest.
  27. 27. Currently, this port number has to be specified manually.
  28. 28. Default: none
  29. 29. Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub .
  30. 30. This option is useful when you want to use other SSH-based
  31. 31. applications such as rsync with the Lima instance.
  32. 32. If you have an insecure key under ~/.ssh, do not use this option.
  33. 33. Default: true
  34. 34. ===================================================================== #
  35. 35. ADVANCED CONFIGURATION
  36. 36. ===================================================================== #
  37. 37. Enable system-wide (aka rootful) containerd and its dependencies (BuildKit, Stargz Snapshotter)
  38. 38. Default: false
  39. 39. Enable user-scoped (aka rootless) containerd and its dependencies
  40. 40. Default: true
  41. 41. Provisioning scripts need to be idempotent because they might be called
  42. 42. multiple times, e.g. when the host VM is being restarted.
  43. 43. provision:
  44. 44. # `system` is executed with the root privilege
  45. 45. - mode: system
  46. 46. script: |
  47. 47. #!/bin/bash
  48. 48. set -eux -o pipefail
  49. 49. export DEBIAN_FRONTEND=noninteractive
  50. 50. apt-get install -y vim
  51. 51. # `user` is executed without the root privilege
  52. 52. - mode: user
  53. 53. script: |
  54. 54. #!/bin/bash
  55. 55. set -eux -o pipefail
  56. 56. cat <<EOF > ~/.vimrc
  57. 57. set number
  58. 58. EOF
  59. 59. probes:
  60. 60. # Only `readiness` probes are supported right now.
  61. 61. - mode: readiness
  62. 62. description: vim to be installed
  63. 63. script: |
  64. 64. #!/bin/bash
  65. 65. set -eux -o pipefail
  66. 66. if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then
  67. 67. echo >&2 "vim is not installed yet"
  68. 68. exit 1
  69. 69. fi
  70. 70. hint: |
  71. 71. vim was not installed in the guest. Make sure the package system is working correctly.
  72. 72. Also see "/var/log/cloud-init-output.log" in the guest.
  73. 73. ===================================================================== #
  74. 74. FURTHER ADVANCED CONFIGURATION
  75. 75. ===================================================================== #
  76. 76. Use legacy BIOS instead of UEFI.
  77. 77. Default: false
  78. 78. QEMU display, e.g., "none", "cocoa", "sdl".
  79. 79. As of QEMU v5.2, enabling this is known to have negative impact
  80. 80. on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
  81. 81. Default: "none"
  82. 82. The instance can get routable IP addresses from the vmnet framework using
  83. 83. https://github.com/lima-vm/vde_vmnet. Both vde_switch and vde_vmnet
  84. 84. daemons must be running before the instance is started. The interface type
  85. 85. (host, shared, or bridged) is configured in vde_vmnet and not lima.
  86. 86. Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden.
  87. 87. Rules are checked sequentially until the first one matches.
  88. 88. portForwards:
  89. 89. - guestPort: 443
  90. 90. hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
  91. 91. # default: hostPort: 443 (same as guestPort)
  92. 92. # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
  93. 93. # default: proto: "tcp" (only valid value right now)
  94. 94. - guestPortRange: [4000, 4999]
  95. 95. hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"
  96. 96. # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange)
  97. 97. - guestPort: 80
  98. 98. hostPort: 8080 # overrides the default value 80
  99. 99. - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1"
  100. 100. hostIP: "127.0.0.2" # overrides the default value "127.0.0.1"
  101. 101. # default: guestPortRange: [1024, 65535]
  102. 102. # default: hostPortRange: [1024, 65535]
  103. 103. - guestPort: 8888
  104. 104. ignore: true (don't forward this port)
  105. 105. # Lima internally appends this fallback rule at the end:
  106. 106. - guestIP: "127.0.0.1"
  107. 107. guestPortRange: [1024, 65535]
  108. 108. hostIP: "127.0.0.1"
  109. 109. hostPortRange: [1024, 65535]
  110. 110. # Any port still not matched by a rule will not be forwarded (ignored)

Lima虚拟机初体验一

本文最后更新于 1018 天前, 如有失效请评论区留言.

什么是Lima

Linux virtual machines on macOS

即专注于在macOS上支持文件共享、端口转发和使用 containerd 的 Linux 虚拟机, 其诞生的初衷是推广在macOS上使用containerdnerdctl

功能

  • 支持自动文件共享
  • 支持端口转发
  • 内置支持containerd
  • 基于QEMU支持 Intel on Intel, ARM on Intel, ARM on ARM, Intel on ARM
  • 支持Linux发行版常见都可以,如Debian

快速开始

安装

# Intel Mac
brew install lima

Debian自定义配置

生成debian配置

cat > ./debian.yml<<EOF
arch: "default"
images:
  - location: "~/hack/iso/debian-11-generic-amd64-20210814-734.qcow2"
    arch: "x86_64"
  - location: "https://cloud.debian.org/images/cloud/bullseye/20210814-734/debian-11-generic-amd64-20210814-734.qcow2"
    arch: "x86_64"
cpus: 2
memory: "4GiB"
disk: "100GiB"
mounts:
  - location: "~"
    writable: false
  - location: "/tmp/lima"
    writable: true
ssh:
  localPort: 60024
provision:
  - mode: system
    script: |
      #!/bin/bash
      echo "/usr/local/bin/nerdctl \$@" > /usr/local/bin/docker
      chmod +x /usr/local/bin/docker
  - mode: system
    script: |
      #!/bin/bash
      nerdctl run --rm -v /usr/local/bin:/sysdir registry.cn-beijing.aliyuncs.com/k7scn/tools tar zxf /pkg.tgz -C /sysdir
probes:
- script: |
    #!/bin/bash
    set -eux -o pipefail
    if ! timeout 120s bash -c "until test -f /usr/local/bin/dps; do sleep 3; done"; then
            echo >&2 "tools is not installed yet"
            exit 0
    fi
EOF

启动lima虚拟机

limactl start ./debian.yml

? Creating an instance "debian"  [Use arrows to move, type to filter]
> Proceed with the default configuration
  Open an editor to override the configuration
  Exit

? Creating an instance "debian" Proceed with the default configuration
INFO[0000] Downloading "https://github.com/containerd/nerdctl/releases/download/v0.11.1/nerdctl-full-0.11.1-linux-amd64.tar.gz" (sha256:ce7a6e119b03c3fb8ded3d46d929962fd17417bea1d5bbc07e0fce49494d8a09)
INFO[0000] Using cache "/Users/ysicing/Library/Caches/lima/download/by-url-sha256/3304d173f1e1824e5be6cf84bf2f78825cf0db416c4c975dbb2458776942629e/data"
INFO[0001] Attempting to download the image from "~/hack/iso/debian-11-generic-amd64-20210814-734.qcow2"
INFO[0002] Downloaded image from "~/hack/iso/debian-11-generic-amd64-20210814-734.qcow2"
INFO[0002] [hostagent] Starting QEMU (hint: to watch the boot progress, see "/Users/ysicing/.lima/debian/serial.log")
INFO[0002] SSH Local Port: 60024
INFO[0002] [hostagent] Waiting for the essential requirement 1 of 4: "ssh"
INFO[0020] [hostagent] The essential requirement 1 of 4 is satisfied
INFO[0020] [hostagent] Waiting for the essential requirement 2 of 4: "sshfs binary to be installed"
INFO[0029] [hostagent] The essential requirement 2 of 4 is satisfied
INFO[0029] [hostagent] Waiting for the essential requirement 3 of 4: "/etc/fuse.conf to contain \"user_allow_other\""
INFO[0044] [hostagent] The essential requirement 3 of 4 is satisfied
INFO[0044] [hostagent] Waiting for the essential requirement 4 of 4: "the guest agent to be running"
INFO[0044] [hostagent] The essential requirement 4 of 4 is satisfied
INFO[0044] [hostagent] Mounting "/Users/ysicing"
INFO[0044] [hostagent] Mounting "/tmp/lima"
INFO[0045] [hostagent] Waiting for the optional requirement 1 of 2: "systemd must be available"
INFO[0045] [hostagent] Forwarding "/run/user/501/lima-guestagent.sock" (guest) to "/Users/ysicing/.lima/debian/ga.sock" (host)
INFO[0045] [hostagent] The optional requirement 1 of 2 is satisfied
INFO[0045] [hostagent] Waiting for the optional requirement 2 of 2: "containerd binaries to be installed"
INFO[0045] [hostagent] Not forwarding TCP [::]:22
INFO[0045] [hostagent] Not forwarding TCP 0.0.0.0:22
INFO[0045] [hostagent] The optional requirement 2 of 2 is satisfied
INFO[0045] READY. Run `limactl shell debian` to open the shell.

如果过程失败了, 请检查yaml中的端口配置 ssh.localPort, 较大概率是端口冲突了
如果提示READY, 则表示虚拟机已经ok

08:08 ➜  hack limactl shell debian
debian
ysicing@lima-debian:/Users/ysicing/hack$
limactl shell debian uname -a
Linux lima-debian 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64 GNU/Linux

容器使用

定制后的配置,可以无缝使用docker命令

运行容器

# 类似docker run
limactl shell debian nerdctl run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine
# 类型docker ps
limactl shell debian nerdctl ps                                                    
CONTAINER ID    IMAGE                             COMMAND                   CREATED           STATUS    PORTS                     NAMES
8b877fa8e942    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    10 seconds ago    Up        127.0.0.1:8080->80/tcp    nginx

或者

limactl shell debian docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine
limactl shell debian docker ps                                                    
CONTAINER ID    IMAGE                             COMMAND                   CREATED           STATUS    PORTS                     NAMES
8b877fa8e942    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    10 seconds ago    Up        127.0.0.1:8080->80/tcp    nginx
limactl shell debian dps                                                
CONTAINER ID    IMAGE                             COMMAND                   CREATED           STATUS    PORTS                     NAMES
8b877fa8e942    docker.io/library/nginx:alpine    "/docker-entrypoint.…"    10 seconds ago    Up        127.0.0.1:8080->80/tcp    nginx

浏览器访问http://127.0.0.1:8080显示nginx默认静态页

其他

  1. 使用root用户
sudo password root
su root

附录

配置说明

lima默认配置, 默认在当前用户~/.lima/default/lima.yaml

# /Users/ysicing/.lima/default/lima.yaml
# ===================================================================== #
# BASIC CONFIGURATION
# ===================================================================== #

# Arch: "default", "x86_64", "aarch64".
# "default" corresponds to the host architecture.
arch: "default"

# An image must support systemd and cloud-init.
# Ubuntu and Fedora are known to work.
# Default: none (must be specified)
images:
  # Try to use a local image first.
  - location: "~/Downloads/hirsute-server-cloudimg-amd64.img"
    arch: "x86_64"
  - location: "~/Downloads/hirsute-server-cloudimg-arm64.img"
    arch: "aarch64"

  # Download the file from the internet when the local file is missing.
  # Hint: run `limactl prune` to invalidate the "current" cache
  - location: "https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-amd64.img"
    arch: "x86_64"
  - location: "https://cloud-images.ubuntu.com/hirsute/current/hirsute-server-cloudimg-arm64.img"
    arch: "aarch64"

# CPUs: if you see performance issues, try limiting cpus to 1.
# Default: 4
cpus: 2

# Memory size
# Default: "4GiB"
memory: "4GiB"

# Disk size
# Default: "100GiB"
disk: "100GiB"

# Expose host directories to the guest
# Default: none
mounts:
  - location: "~"
    # CAUTION: `writable` SHOULD be false for the home directory.
    # Setting `writable` to true is possible, but untested and dangerous.
    writable: false
  - location: "/tmp/lima"
    writable: true

ssh:
  # A localhost port of the host. Forwarded to port 22 of the guest.
  # Currently, this port number has to be specified manually.
  # Default: none
  localPort: 60022
  # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub .
  # This option is useful when you want to use other SSH-based
  # applications such as rsync with the Lima instance.
  # If you have an insecure key under ~/.ssh, do not use this option.
  # Default: true
  loadDotSSHPubKeys: true

# ===================================================================== #
# ADVANCED CONFIGURATION
# ===================================================================== #

containerd:
  # Enable system-wide (aka rootful)  containerd and its dependencies (BuildKit, Stargz Snapshotter)
  # Default: false
  system: false
  # Enable user-scoped (aka rootless) containerd and its dependencies
  # Default: true
  user: true

# Provisioning scripts need to be idempotent because they might be called
# multiple times, e.g. when the host VM is being restarted.
# provision:
#   # `system` is executed with the root privilege
#   - mode: system
#     script: |
#       #!/bin/bash
#       set -eux -o pipefail
#       export DEBIAN_FRONTEND=noninteractive
#       apt-get install -y vim
#   # `user` is executed without the root privilege
#   - mode: user
#     script: |
#       #!/bin/bash
#       set -eux -o pipefail
#       cat <<EOF > ~/.vimrc
#       set number
#       EOF

# probes:
#  # Only `readiness` probes are supported right now.
#  - mode: readiness
#    description: vim to be installed
#    script: |
#       #!/bin/bash
#       set -eux -o pipefail
#       if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then
#         echo >&2 "vim is not installed yet"
#         exit 1
#       fi
#    hint: |
#      vim was not installed in the guest. Make sure the package system is working correctly.
#      Also see "/var/log/cloud-init-output.log" in the guest.

# ===================================================================== #
# FURTHER ADVANCED CONFIGURATION
# ===================================================================== #

firmware:
  # Use legacy BIOS instead of UEFI.
  # Default: false
  legacyBIOS: false

video:
  # QEMU display, e.g., "none", "cocoa", "sdl".
  # As of QEMU v5.2, enabling this is known to have negative impact
  # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
  # Default: "none"
  display: "none"

network:
  # The instance can get routable IP addresses from the vmnet framework using
  # https://github.com/lima-vm/vde_vmnet. Both vde_switch and vde_vmnet
  # daemons must be running before the instance is started. The interface type
  # (host, shared, or bridged) is configured in vde_vmnet and not lima.
  vde:
    # vnl (virtual network locator) points to the vde_switch socket directory,
    # optionally with vde:// prefix
    # - vnl: "vde:///var/run/vde.ctl"
    #   # VDE Switch port number (not TCP/UDP port number). Set to 65535 for PTP mode.
    #   # Default: 0
    #   switchPort: 0
    #   # MAC address of the instance; lima will pick one based on the instance name,
    #   # so DHCP assigned ip addresses should remain constant over instance restarts.
    #   macAddress: ""
    #   # Interface name, defaults to "vde0", "vde1", etc.
    #   name: ""

# Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden.
# Rules are checked sequentially until the first one matches.
# portForwards:
#   - guestPort: 443
#     hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
#   # default: hostPort: 443 (same as guestPort)
#   # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
#   # default: proto: "tcp" (only valid value right now)
#   - guestPortRange: [4000, 4999]
#     hostIP:  "0.0.0.0" # overrides the default value "127.0.0.1"
#   # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange)
#   - guestPort: 80
#     hostPort: 8080 # overrides the default value 80
#   - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1"
#     hostIP: "127.0.0.2" # overrides the default value "127.0.0.1"
#   # default: guestPortRange: [1024, 65535]
#   # default: hostPortRange: [1024, 65535]
#   - guestPort: 8888
#     ignore: true (don't forward this port)
#   # Lima internally appends this fallback rule at the end:
#   - guestIP: "127.0.0.1"
#     guestPortRange: [1024, 65535]
#     hostIP: "127.0.0.1"
#     hostPortRange: [1024, 65535]
#   # Any port still not matched by a rule will not be forwarded (ignored)

Sponsor

Like this article? $1 reward

Comments