Assemble templates using the new base setting
#3072
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This PR still needs some integration tests, but I wanted to create it before 2024 was over. 😄 |
jandubois
force-pushed
the
based-on
branch
3 times, most recently
from
757d8f3 to
4303fd9
Compare
AkihiroSuda
reviewed
Jan 1, 2025
AkihiroSuda
reviewed
Jan 1, 2025
jandubois
force-pushed
the
based-on
branch
4 times, most recently
from
b029e31 to
d1fe948
Compare
jandubois
changed the title
base setting
jandubois
force-pushed
the
based-on
branch
6 times, most recently
from
14b6902 to
4174183
Compare
|
@AkihiroSuda I believe I've addressed all your code review feedback so far, as well as all the implications from our discussion about digest support (the schema has been updated, but the digest computation/checking is left for a future PR). I've rebased this PR since you originally reviewed it, but any further changes are all in separate commits. I've not yet squashed them, in case it makes it easier for you to continue the review; but let me know if you prefer that I squash them now! |
AkihiroSuda
reviewed
Feb 18, 2025
|
I will briefly to turn this into Draft mode again because I think there is another condition in |
jandubois
force-pushed
the
based-on
branch
2 times, most recently
from
71b28dd to
af64433
Compare
|
I had to rebase the PR to resolve the merge conflict with recent changes to |
|
Let's merge, after another rebase to add the licensing boilerplate |
Rebased and copyright headers added... |
It allows a template to be constructed by merging values from one or more base templates together. This merge process will maintain all comments from both the template and the bases. The template is assembled before an instance is created, and only the combined template is stored as lima.yaml in the instance directory. There merging semantics are otherwise similar to how lima.yaml is combined with override.yaml, defaults.yaml, and the builtin default values. Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
The default `copy --embed` option will no longer embed template:// urls. Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Instead of `base: template.yaml` the user can write: ```yaml base: - url: template.yaml digest: decafbad ``` Same thing for `file` properties of provisoning scripts and probes. The digest values are currently being ignored; verification will happen in a later PR. Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
This is an integration test for the `base:` mechanism, and also updates the images used by `test-misc` to match the latest updates. Unrelated: also adds a test for setting the user shell Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
because digest validation is not yet implemented.
Also adds missing unmarshalling for `base: {file: URL}` and related tests.
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
Signed-off-by: Jan Dubois <jan.dubois@suse.com>
|
Created |
This was referenced Apr 18, 2025
tmeijn
pushed a commit
to tmeijn/dotfiles
that referenced
this pull request
May 23, 2025
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [lima-vm/lima](https://github.com/lima-vm/lima) | minor | `v1.0.7` -> `v1.1.1` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>lima-vm/lima (lima-vm/lima)</summary> ### [`v1.1.1`](https://github.com/lima-vm/lima/releases/tag/v1.1.1) [Compare Source](lima-vm/lima@v1.1.0...v1.1.1) #### Changes - Fixed the guestagent path issues with Homebrew ([#​3566](lima-vm/lima#3566), thanks to [@​jandubois](https://github.com/jandubois)) - Documentation for disk management https://lima-vm.io/docs/config/disk/ ([#​3539](lima-vm/lima#3539), thanks to [@​Sonichigo](https://github.com/Sonichigo)) #### Usage ```console [macOS]$ limactl create [macOS]$ limactl start ... INFO[0029] READY. Run `lima` to open the shell. [macOS]$ lima uname Linux ``` *** The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/15178234655 The sha256sum of the SHA256SUMS file itself is `0d2d3fb073c8e26df163937dd605e9f2b9f227814a697411cc2b8879347bdd7f` . *** Release manager: [@​AkihiroSuda](https://github.com/AkihiroSuda) ### [`v1.1.0`](https://github.com/lima-vm/lima/releases/tag/v1.1.0) [Compare Source](lima-vm/lima@v1.0.7...v1.1.0) > \[!IMPORTANT] > Package maintainers should refer to "Hint for package maintainers" below Highlights: - Simplification of YAMLs - New port forwarder implementation by default - DragonflyBSD hosts - S390X and PPC64LE guests - Smaller binary packages #### Changes - Build system: - Split `lima-additional-guestagents-*.tar.gz` from `lima-*.tar.gz` ([#​3503](lima-vm/lima#3503)) - Set `CONFIG_GUESTAGENT_COMPRESS=y` by default ([#​3529](lima-vm/lima#3529)) - YAML: - Support inheritance ([#​3072](lima-vm/lima#3072), thanks to [@​jandubois](https://github.com/jandubois)) - Deprecate provision mode `ansible` ([#​3451](lima-vm/lima#3451), thanks to [@​afbjorklund](https://github.com/afbjorklund)) - Add new provision mode `data` ([#​3302](lima-vm/lima#3302), thanks to [@​jandubois](https://github.com/jandubois)) - QEMU: - Support DragonflyBSD hosts ([#​3356](lima-vm/lima#3356), thanks to [@​tuxillo](https://github.com/tuxillo)) - Support S390X guests ([#​3319](lima-vm/lima#3319)) - Support PPC64LE guests ([#​3488](lima-vm/lima#3488)) - TCG: change the default CPU from `qemu64` (x86-64 v1) to `max` ([#​3487](lima-vm/lima#3487)) - Bump up the minimum QEMU version to v8.2.1 on ARM Mac. On Linux/x86\_64, QEMU v6.2.0 is still supported. ([#​3491](lima-vm/lima#3491)) - WSL2: - Lots of improvements (several MRs, thanks to [@​arixmkii](https://github.com/arixmkii)) - Port forwarding: - Enable faster gRPC implementation by default ([#​3046](lima-vm/lima#3046)) - `limactl` CLI: - Add `--yes` flag as an alias of `--tty=false` ([#​3342](lima-vm/lima#3342), thanks to [@​suryaaprakassh](https://github.com/suryaaprakassh)) - Support resizing disk in `limactl edit` ([#​3437](lima-vm/lima#3437), [#​3533](lima-vm/lima#3533), thanks to [@​songponssw](https://github.com/songponssw)) - Add `limactl disk import` command ([#​3439](lima-vm/lima#3439), thanks to [@​songponssw](https://github.com/songponssw)) - Rootless Containers: - Allow UID >= 524288 ([#​3435](lima-vm/lima#3435)) - nerdctl: - Update from v2.0.4 to [v2.1.2](https://github.com/containerd/nerdctl/releases/tag/v2.1.2). ([#​3483](lima-vm/lima#3483), [#​3534](lima-vm/lima#3534), [#​3560](lima-vm/lima#3560)) See also the release notes of [v2.0.5](https://github.com/containerd/nerdctl/releases/tag/v2.0.5), [v2.1.0](https://github.com/containerd/nerdctl/releases/tag/v2.1.0), [v2.1.1](https://github.com/containerd/nerdctl/releases/tag/v2.1.1). - nerdctl v2.1.1 included in Lima v1.1.0-rc.0 had a vulnerability of containerd CVE-2025-47290 (GHSA-cm76-qm8v-3j95). Other versions of Lima are not affected. - Templates: - `ubuntu-25.04`: New template ([#​3445](lima-vm/lima#3445)). The `default` template still refers to Ubuntu 24.10, as `ubuntu-25.04` needs the very recent release of macOS on Intel Mac by default (see the note below). - `fedora-42`: New template ([#​3434](lima-vm/lima#3434)) - `linuxbrew`: New template ([#​3454](lima-vm/lima#3454)) - `almalinux-kitten-10`: New template ([#​3084](lima-vm/lima#3084), thanks to [@​afbjorklund](https://github.com/afbjorklund)) - `oraclelinux-8`: Fix virtiofs support ([#​3441](lima-vm/lima#3441)) > \[!NOTE] > On Intel Mac with `--vm-type=vz`, macOS 15.5 or later is needed to boot `ubuntu-25.04` and `fedora-42` Full changes: https://github.com/lima-vm/lima/milestone/26?closed=1 Thanks to [@​KGB33](https://github.com/KGB33) [@​Nino-K](https://github.com/Nino-K) [@​afbjorklund](https://github.com/afbjorklund) [@​alexandear](https://github.com/alexandear) [@​apachex692](https://github.com/apachex692) [@​arixmkii](https://github.com/arixmkii) [@​cakemanny](https://github.com/cakemanny) [@​jandubois](https://github.com/jandubois) [@​jonas-peter](https://github.com/jonas-peter) [@​kairveeehh](https://github.com/kairveeehh) [@​liangyuanpeng](https://github.com/liangyuanpeng) [@​nirs](https://github.com/nirs) [@​shenki](https://github.com/shenki) [@​songponssw](https://github.com/songponssw) [@​unsuman](https://github.com/unsuman) [@​ycdzj](https://github.com/ycdzj) #### Hint for package maintainers Starting with v1.1, the official binary packages of Lima are split to two files for the each of the host OS and the architectures to save the disk space: 1. `lima-<VERSION>-Darwin-arm64.tar.gz`: (Built with `make native`) - The core components (`bin/lima`, `bin/limactl`, `share/lima/templates`, ...) - The guest agent for the native architecture (`share/lima/lima-guestagent.Linux-aarch64.gz`) 2. `lima-additional-guestagents-<VERSION>-Darwin-arm64.tar.gz`: (Built with `make additional-guestagents`) - The guest agents for emulating non-native architectures (`share/lima/lima-guestagent.Linux-{armv7l,ppc64le,riscv64,s390x,x86_64}.gz)`) For compatibility reason, `make` still builds the guest agents for all the architectures by default. Package maintainers are suggested to split their `lima` package to `lima` (`make native`) and `lima-additional-guestagents` (`make additional-guestagents`). #### Usage ```console [macOS]$ limactl create [macOS]$ limactl start ... INFO[0029] READY. Run `lima` to open the shell. [macOS]$ lima uname Linux ``` *** The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/15154830653 The sha256sum of the SHA256SUMS file itself is `4391505a7f833c8245497b29fec65743abb1561a275037f6d268026284883c8a` . *** Release manager: [@​AkihiroSuda](https://github.com/AkihiroSuda) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4yMS4wIiwidXBkYXRlZEluVmVyIjoiNDAuMjMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR creates initial support for multi-file templates, mostly based on the suggestions I gave in #2520 (reply in thread).
Instance create vs. start stages
The basic idea behind "template embedding" is that when an instance is created, the
lima.yamlthat is stored in the instance directory will embed settings from additionalbase template(s) and external scripts into a single composite document.
Once the instance is created, there are no longer external references and the instance can be started while offline, even if it was created from online template fragments.
Merging default settings from base templates
Merging of templates is controlled by the new
baseproperty, which takes the name ofa base template, e.g.
It is expected that in most instances only a single base template is needed, but it is possible to provide a list:
The base template can in turn have their own base templates. For example
my.yamlinstance may be based ontemplate://docker, which in turn could be based ontemplate://ubuntu.Merging is performed by copying every property from the base template that does not yet exist in the main template. For list properties the lists are appended. More details and exceptions are documented below.
Embedding of external provisioning scripts
Both provisioning scripts and probe scripts can now be located with the new
fileproperty specifying a template locator (details below). The file will be loaded and inlined under thescriptproperty. Thereforefileandscriptare mutually exclusive.Relative template locators
The values of the
baseandfileproperties are "template locators". They are the usual local filenames orfile://,https://, ortemplate://URLs.In addition they can also be relative locators: names that don't have a URL scheme and don't start with a
/. These names are resolved relative to the template in which they occur (similar to relativehrefproperties in HTML).If this template is loaded as
templates/main.yaml, then the referenced template files will be fetched fromtemplates/base.yamlandtemplates/script.sh.If the template is loaded as
template://main, then the files will betemplate://base.yamlandtemplate://script.sh.This means a template using relative locators will always fetch dependencies from the same (relative) location regardless of how it was loaded itself.
To make this work
template://base.yamlneeds to be equivalent totemplate://base. And it must be possible to use other file extensions, sotemplate://script.shloads the script and doesn't look forscript.sh.yaml.limactl template command
This PR adds new options to the
limactl template copysubcommand.--verbatimcopies a file exactly as is.--embedwill merge in all external base templates and shell scripts.--embed-allwill also merge in templates and files referenced bytemplate://URLs.--fillwill applyoverride.yaml,default.yaml, and builtin defaults.Without additional options the
copycommand will copy the file, but turn any relative locators into absolute locators. So the copy of the template will continue to reference the same base templates and scripts. Use the--verbatimoption if you intend to copy those files locally as well.Examples
Embedding a script
Merging in
template://defaultDetailed merging algorithm
Each template will recusively embed all dependencies in its base templates before merging them in.
Then each property, that does not exist in the main template will be copied over from the base template.
Properties that are lists are appended.
For
provisionandprobesthe order is reversed: the base entries are inserted before the main template entries, so that latter are executed last (see #2932 for discussion).Special rules
The
dnsentries are not merged. The entries from a base template are only copied when the main template list is empty.mountTypesSupportedwill have any duplicate entries removed.The
baseproperty is removed if the base template has been embedded.For
provisionandprobesthefileproperty is removed, and the actual content of the script is stored in the usualscriptproperty.For
minimumLimaVersionandvmOpts.qemy.minimumVersionthe values are compared. and the base version is only copied when it is greater than the main version.Combining list entries
Three list properties (
additionalDisks,mounts, andnetworks) use combining logic based on a unique key (disk name, mount point, and interface name, respectively).If a latter entry matches the key of an earlier entry, then any missing fields in the earlier entry are filled in from the latter entry, which is then deleted. This matches the logic already used for merging
override.yamlanddefault.yaml.There is a new wildcard feature now, where
*will match any existing key, so can be used to provide defaults for all entries. This is mostly in preparation to use this mechanism for the builtin defaults.For the combining list mechanism to work, all base templates must be merged (so all lists must contain the complete set of entries). Otherwise the key matching mechanism wouldn't work globally, but only for the parent template at each level.