1.5 Use Lima to install a customised Fedora VM

Fedora Cloud@2x.png

Why customise a Lima-based Fedora VM?

Basically there is nothing really sacrosanct about this virtual machine in terms of using it to make it easier and more secure to manage a metal Fedora Server. There is a bit of config that can be done to the

etc/hosts

file to make it easier to quickly us the Lima VM to navigate to the Metal Fedora Server and other VMs so automating the install by adding a few packages into the process and some basis configuration will save time and eliminate a few tedious steps.

The initial downloaded image creates a sparse and small VM.

Getting under the hood

You wouldn’t have it any other way! In a contradictory fashion, the developers have produced an install of Lima that requires a bit of fiddling to customise. Linux comes with over 40 templates in YAML format which are easy to read and modify. But they are stored in a hidden folder. In addition, the virtual machines themselves, which can easily become bigger than 2 gigabytes, while stored in a different location –

/Users/home/.lima

– than the templates, are also in a hidden folder. Any modifications to templates or additions made to the templates folder will be wiped out every time Lima is updated through Brew.

Working with Lima templates

On an ARM64 Mac, Lima templates are stores at:

/opt/homebrew/Cellar/lima/0.19.0/share/lima/templates

But I just ran a Brew upgrade and now that it has finished Lima will be at a new location:
/opt/homebrew/Cellar/lima/0.19.1/share/lima/templates

This is something to keep in mind of something breaks in the future.
Some Brew dependencies could fail if they are hard coded to a specific version of the dependency.
When Lima was installed, [[1.3 Getting started with Lima (Linux Machines)]] , I also installed:
brew install socket_vmnet
. The location of socket_vmnet is hard coded in the VM’s folder. More on updating this and exploring other VM specific files in a future post .
The default
fedora.yaml
is very simple. Lima determines which Mac processor is present – Intal or Apple Silicon – and will download the appraise image from Fedora‘s site.
# This template requires Lima v0.7.0 or later.
images:
  - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/39/Cloud/x86_64/images/Fedora-Cloud-Base-39-1.5.x86_64.qcow2"
    arch: "x86_64"
    digest: "sha256:ab5be5058c5c839528a7d6373934e0ce5ad6c8f80bd71ed3390032027da52f37"
  - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/39/Cloud/aarch64/images/Fedora-Cloud-Base-39-1.5.aarch64.qcow2"
    arch: "aarch64"
    digest: "sha256:765996d5b77481ca02d0ac06405641bf134ac920cfc1e60d981c64d7971162dc"
mounts:
  - location: "~"
  - location: "/tmp/lima"
    writable: true

Modify Lima’s Fedora template
Below is a continuation of the above template that I created which will install and configure a whole bunch of stuff at the same time Lima installs the initial VM. This template will do the following:
  1. Fedora
    1. Update
    2. Install several Fedora group packages
    3. Install additional Cockpit packages
    4. Enable and start several packages and add services to the firewall
    5. Setup a root password and permit root login to Cockpit
  2. Network: uncomment
    - lima: bridged
     to turn on networking
  3. Hardware config: While I keep the VM running on my MBA M2 as power efficient as possible with just 2 CPUs and 4GiB of RAM, the VM running on my I7 Mac mini has 4 CPUs and 12GiB of RAM.
  4. VNC: I do not use the VNC functions of Lima. Instead I install TigerVNC and the lightweight XFCE desktop. VNC configuration is not contained in this script. This will be covered in a future post. Access to a desktop running in a Fedora VM on Lima opens up additional possibilities for connecting to the server and its VMs.
Keep in mind…
  1. Any changes to files in the template folder will be deleted the next time Lima is updated. Best to keep a backup. The directory paths for both Intel and Apple Silicon Macs are listed above
  2. Immediately after the installation is finished, it is necessary to comment out the bash script segment of the YAML that is created – and is essentially of the template – when the VM is created. The TAML file is located at ~/.lima/[VM Name]/lima.yaml
provision:
- mode: system
  script: |
   #!/bin/bash
   dnf -y update --refresh
   dnf -y groupinstall "Headless Management"  --with-optional 
   dnf -y install cockpit-navigator cockpit-pcp
   dnf -y install firewalld
   dnf -y install neofetch 
   systemctl enable cockpit.socket
   systemctl start cockpit.socket
   systemctl unmask firewalld
   systemctl start firewalld
   systemctl enable firewalld
   firewall-cmd --permanent --add-service=ssh
   firewall-cmd --permanent --add-service=cockpit
   firewall-cmd --permanent --add-service=vnc-server
   firewall-cmd --reload
   sed -i '2s/^/# /' /etc/cockpit/disallowed-users
   echo "[root password]" | passwd --stdin root
   dnf -y groupinstall Virtualization --with-optional
   dnf -y groupinstall xfce "Applications for the Xfce Desktop"
   dnf -y groupinstall "Extra plugins for the Xfce panel"
   dnf -y install tigervnc*
networks:
  # The instance can get routable IP addresses from the vmnet framework using
  # https://github.com/lima-vm/socket_vmnet (since Lima v0.12) or
  # https://github.com/lima-vm/vde_vmnet (deprecated) .
  #
  # Available networks are defined in
  # $LIMA_HOME/_config/networks.yaml. Supported network types are "host",
  # "shared", or "bridged".
  #
  # Interface "lima0": shared mode  (IP is assigned by macOS's bootpd)
  #- lima: shared
  # Interface "lima1": bridged mode (IP is assigned by a DHCP server on the physical network)
  - lima: bridged
# CPUs
# 🟢 Builtin default: min(4, host CPU cores)
cpus: 2
# Memory size
# 🟢 Builtin default: min("4GiB", half of host memory)
memory: 4GiB
video:
  # QEMU display, e.g., "none", "cocoa", "sdl", "gtk", "vnc", "default".
  # Choosing "none" will hide the video output, and not show any window.
  # Choosing "vnc" will use a network server, and not show any window.
  # Choosing "default" will pick the first available of: gtk, sdl, cocoa.
  # As of QEMU v6.2, enabling anything but none or vnc is known to have negative impact
  # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
  # 🟢 Builtin default: "none"
  # display: null
#  display: vnc
  # VNC (Virtual Network Computing) is a platform-independent graphical
  # desktop-sharing system that uses the Remote Frame Buffer protocol (RFB)
#  vnc:
    # VNC display, e.g.,"to=L", "host:d", "unix:path", "none"
    # By convention the TCP port is 5900+d, connections from any host.
    # 🟢 Builtin default: "127.0.0.1:0,to=9"
#    display: null

More discussion »

Leave a Reply