Add possibility to copy ConfigFile to host

This makes the configuration into a one-liner (variable/path).

The start command can do the "mkdir" and "cat" automatically.

Author: afbjorklund

examples/default.yaml

@@ -336,6 +336,16 @@ networks:
 #   hostPortRange: [1, 65535]
 # # Any port still not matched by a rule will not be forwarded (ignored)
 
+# Config files. Copied after provisioning scripts have been completed.
+# configFiles:
+# - guestFile: "/etc/myconfig.cfg"
+#   hostFile: myconfig
+# # default: mode: system
+# # "guestFile" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}.
+# # "hostFile" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}.
+# # "mode" can be "system" (with root) or "user" (without root), similar to provision
+# # Put configs into "{{.Dir}}/conf" to avoid collision with Lima internal configs!
+
 # Message. Information to be shown to the user, given as a Go template for the instance.
 # The same template variables as for listing instances can be used, for example {{.Dir}}.
 # You can view the complete list of variables using `limactl list --list-fields` command.

examples/k3s.yaml

@@ -5,8 +5,7 @@
 # It can be accessed from the host by exporting the kubeconfig file;
 # the ports are already forwarded automatically by lima:
 #
-# $ export KUBECONFIG=$PWD/kubeconfig.yaml
-# $ limactl shell k3s sudo cat /etc/rancher/k3s/k3s.yaml >$KUBECONFIG
+# $ export KUBECONFIG=$(limactl list k3s --format 'unix://{{.Dir}}/conf/kubeconfig.yaml')
 # $ kubectl get no
 # NAME       STATUS   ROLES                  AGE   VERSION
 # lima-k3s   Ready    control-plane,master   69s   v1.21.1+k3s1
@@ -54,11 +53,12 @@ probes:
     The k3s kubeconfig file has not yet been created.
     Run "limactl shell k3s sudo journalctl -u k3s" to check the log.
     If that is still empty, check the bottom of the log at "/var/log/cloud-init-output.log".
+configFiles:
+- guestFile: "/etc/rancher/k3s/k3s.yaml"
+  hostFile: "{{.Dir}}/conf/kubeconfig.yaml"
 message: |
   To run `kubectl` on the host (assumes kubectl is installed), run the following commands:
   ------
-  mkdir -p "{{.Dir}}/conf"
   export KUBECONFIG="{{.Dir}}/conf/kubeconfig.yaml"
-  limactl shell {{.Name}} sudo cat /etc/rancher/k3s/k3s.yaml >$KUBECONFIG
   kubectl ...
   ------

examples/k8s.yaml

@@ -5,8 +5,7 @@
 # It can be accessed from the host by exporting the kubeconfig file;
 # the ports are already forwarded automatically by lima:
 #
-# $ export KUBECONFIG=$PWD/kubeconfig.yaml
-# $ limactl shell k8s sudo cat /etc/kubernetes/admin.conf >$KUBECONFIG
+# $ export KUBECONFIG=$(limactl list k8s --format 'unix://{{.Dir}}/conf/kubeconfig.yaml')
 # $ kubectl get no
 # NAME       STATUS   ROLES                  AGE   VERSION
 # lima-k8s   Ready    control-plane,master   44s   v1.22.3
@@ -155,11 +154,12 @@ probes:
       echo >&2 "kubernetes cluster is not up and running yet"
       exit 1
     fi
+configFiles:
+- guestFile: "/etc/kubernetes/admin.conf"
+  hostFile: "{{.Dir}}/conf/kubeconfig.yaml"
 message: |
   To run `kubectl` on the host (assumes kubectl is installed), run the following commands:
   ------
-  mkdir -p "{{.Dir}}/conf"
   export KUBECONFIG="{{.Dir}}/conf/kubeconfig.yaml"
-  limactl shell {{.Name}} sudo cat /etc/kubernetes/admin.conf >$KUBECONFIG
   kubectl ...
   ------

pkg/hostagent/hostagent.go

@@ -356,6 +356,12 @@ func (a *HostAgent) startHostAgentRoutines(ctx context.Context) error {
 	if err := a.waitForRequirements(ctx, "final", a.finalRequirements()); err != nil {
 		mErr = multierror.Append(mErr, err)
 	}
+	// Copy all config files _after_ the requirements are done
+	for _, rule := range a.y.ConfigFiles {
+		if err := copyConfig(ctx, a.sshConfig, a.sshLocalPort, rule.HostFile, rule.GuestFile, rule.Mode); err != nil {
+			mErr = multierror.Append(mErr, err)
+		}
+	}
 	return mErr
 }
 
@@ -525,3 +531,34 @@ func forwardSSH(ctx context.Context, sshConfig *ssh.SSHConfig, port int, local,
 	}
 	return nil
 }
+
+func copyConfig(ctx context.Context, sshConfig *ssh.SSHConfig, port int, local, remote string, mode limayaml.ProvisionMode) error {
+	args := sshConfig.Args()
+	args = append(args,
+		"-p", strconv.Itoa(port),
+		"127.0.0.1",
+		"--",
+	)
+	if mode == limayaml.ProvisionModeSystem {
+		args = append(args,
+			"sudo",
+		)
+	}
+	args = append(args,
+		"cat",
+		remote,
+	)
+	logrus.Infof("Copying config from %s to %s", remote, local)
+	if err := os.MkdirAll(filepath.Dir(local), 0750); err != nil {
+		return fmt.Errorf("can't create directory for local file %q: %w", local, err)
+	}
+	cmd := exec.CommandContext(ctx, sshConfig.Binary(), args...)
+	out, err := cmd.Output()
+	if err != nil {
+		return fmt.Errorf("failed to run %v: %q: %w", cmd.Args, string(out), err)
+	}
+	if err := os.WriteFile(local, out, 0640); err != nil {
+		return fmt.Errorf("can't write to local file %q: %w", local, err)
+	}
+	return nil
+}

pkg/limayaml/defaults.go

@@ -315,6 +315,11 @@ func FillDefault(y, d, o *LimaYAML, filePath string) {
 		// After defaults processing the singular HostPort and GuestPort values should not be used again.
 	}
 
+	y.ConfigFiles = append(append(o.ConfigFiles, y.ConfigFiles...), d.ConfigFiles...)
+	for i := range y.ConfigFiles {
+		FillConfigFileDefaults(&y.ConfigFiles[i], instDir)
+	}
+
 	if y.HostResolver.Enabled == nil {
 		y.HostResolver.Enabled = d.HostResolver.Enabled
 	}
@@ -618,6 +623,29 @@ func FillPortForwardDefaults(rule *PortForward, instDir string) {
 	}
 }
 
+func FillConfigFileDefaults(rule *ConfigFile, instDir string) {
+	if rule.Mode == "" {
+		rule.Mode = ProvisionModeSystem
+	}
+	if rule.GuestFile != "" {
+		if out, err := processGuest(rule.GuestFile); err == nil {
+			rule.GuestFile = out.String()
+		} else {
+			logrus.WithError(err).Warnf("Couldn't process guestFile %q as a template", rule.GuestFile)
+		}
+	}
+	if rule.HostFile != "" {
+		if out, err := processHost(rule.HostFile, instDir); err == nil {
+			rule.HostFile = out.String()
+		} else {
+			logrus.WithError(err).Warnf("Couldn't process hostFile %q as a template", rule.HostFile)
+		}
+		if !filepath.IsAbs(rule.HostFile) {
+			rule.HostFile = filepath.Join(instDir, filenames.InstanceConfigDir, rule.HostFile)
+		}
+	}
+}
+
 func NewArch(arch string) Arch {
 	switch arch {
 	case "amd64":

pkg/limayaml/defaults_test.go

@@ -135,6 +135,12 @@ func TestFillDefault(t *testing.T) {
 				HostSocket:  "{{.Home}} | {{.Dir}} | {{.Name}} | {{.UID}} | {{.User}}",
 			},
 		},
+		ConfigFiles: []ConfigFile{
+			{
+				GuestFile: "{{.Home}} | {{.UID}} | {{.User}}",
+				HostFile:  "{{.Home}} | {{.Dir}} | {{.Name}} | {{.UID}} | {{.User}}",
+			},
+		},
 		Env: map[string]string{
 			"ONE": "Eins",
 		},
@@ -183,6 +189,10 @@ func TestFillDefault(t *testing.T) {
 		defaultPortForward,
 		defaultPortForward,
 	}
+	expect.ConfigFiles = []ConfigFile{
+		{},
+	}
+
 	// Setting GuestPort and HostPort for DeepEqual(), but they are not supposed to be used
 	// after FillDefault() has been called and the ...PortRange fields have been set.
 	expect.PortForwards[1].GuestPort = 80
@@ -197,6 +207,10 @@ func TestFillDefault(t *testing.T) {
 	expect.PortForwards[3].GuestSocket = fmt.Sprintf("%s | %s | %s", guestHome, user.Uid, user.Username)
 	expect.PortForwards[3].HostSocket = fmt.Sprintf("%s | %s | %s | %s | %s", hostHome, instDir, instName, user.Uid, user.Username)
 
+	expect.ConfigFiles[0].Mode = ProvisionModeSystem
+	expect.ConfigFiles[0].GuestFile = fmt.Sprintf("%s | %s | %s", guestHome, user.Uid, user.Username)
+	expect.ConfigFiles[0].HostFile = fmt.Sprintf("%s | %s | %s | %s | %s", hostHome, instDir, instName, user.Uid, user.Username)
+
 	expect.Env = y.Env
 
 	expect.CACertificates = CACertificates{
@@ -298,6 +312,9 @@ func TestFillDefault(t *testing.T) {
 			HostPortRange:  [2]int{80, 80},
 			Proto:          TCP,
 		}},
+		ConfigFiles: []ConfigFile{{
+			Mode: ProvisionModeUser,
+		}},
 		Env: map[string]string{
 			"ONE": "one",
 			"TWO": "two",
@@ -346,6 +363,7 @@ func TestFillDefault(t *testing.T) {
 	expect.Provision = append(y.Provision, d.Provision...)
 	expect.Probes = append(y.Probes, d.Probes...)
 	expect.PortForwards = append(y.PortForwards, d.PortForwards...)
+	expect.ConfigFiles = append(y.ConfigFiles, d.ConfigFiles...)
 	expect.Containerd.Archives = append(y.Containerd.Archives, d.Containerd.Archives...)
 	expect.AdditionalDisks = append(y.AdditionalDisks, d.AdditionalDisks...)
 
@@ -465,6 +483,9 @@ func TestFillDefault(t *testing.T) {
 			HostPortRange:  [2]int{8080, 8080},
 			Proto:          TCP,
 		}},
+		ConfigFiles: []ConfigFile{{
+			Mode: ProvisionModeUser,
+		}},
 		Env: map[string]string{
 			"TWO":   "deux",
 			"THREE": "trois",
@@ -481,6 +502,7 @@ func TestFillDefault(t *testing.T) {
 	expect.Provision = append(append(o.Provision, y.Provision...), d.Provision...)
 	expect.Probes = append(append(o.Probes, y.Probes...), d.Probes...)
 	expect.PortForwards = append(append(o.PortForwards, y.PortForwards...), d.PortForwards...)
+	expect.ConfigFiles = append(append(o.ConfigFiles, y.ConfigFiles...), d.ConfigFiles...)
 	expect.Containerd.Archives = append(append(o.Containerd.Archives, y.Containerd.Archives...), d.Containerd.Archives...)
 	expect.AdditionalDisks = append(append(o.AdditionalDisks, y.AdditionalDisks...), d.AdditionalDisks...)
 

pkg/limayaml/limayaml.go

@@ -24,6 +24,7 @@ type LimaYAML struct {
 	Containerd      Containerd      `yaml:"containerd,omitempty" json:"containerd,omitempty"`
 	Probes          []Probe         `yaml:"probes,omitempty" json:"probes,omitempty"`
 	PortForwards    []PortForward   `yaml:"portForwards,omitempty" json:"portForwards,omitempty"`
+	ConfigFiles     []ConfigFile    `yaml:"configFiles,omitempty" json:"configFiles,omitempty"`
 	Message         string          `yaml:"message,omitempty" json:"message,omitempty"`
 	Networks        []Network       `yaml:"networks,omitempty" json:"networks,omitempty"`
 	// `network` was deprecated in Lima v0.7.0, removed in Lima v0.14.0. Use `networks` instead.
@@ -179,6 +180,12 @@ type PortForward struct {
 	Ignore            bool   `yaml:"ignore,omitempty" json:"ignore,omitempty"`
 }
 
+type ConfigFile struct {
+	Mode      ProvisionMode `yaml:"mode" json:"mode"` // default: "system"
+	GuestFile string        `yaml:"guestFile,omitempty" json:"guestFile,omitempty"`
+	HostFile  string        `yaml:"hostFile,omitempty" json:"hostFile,omitempty"`
+}
+
 type Network struct {
 	// `Lima`, `Socket`, and `VNL` are mutually exclusive; exactly one is required
 	Lima string `yaml:"lima,omitempty" json:"lima,omitempty"`

pkg/limayaml/validate.go

@@ -249,6 +249,26 @@ func Validate(y LimaYAML, warn bool) error {
 		// Not validating that the various GuestPortRanges and HostPortRanges are not overlapping. Rules will be
 		// processed sequentially and the first matching rule for a guest port determines forwarding behavior.
 	}
+	for i, rule := range y.ConfigFiles {
+		field := fmt.Sprintf("ConfigFile[%d]", i)
+		switch rule.Mode {
+		case ProvisionModeSystem, ProvisionModeUser:
+		default:
+			return fmt.Errorf("field `%s.mode` must be either %q or %q",
+				field, ProvisionModeSystem, ProvisionModeUser)
+		}
+		if rule.GuestFile != "" {
+			if !path.IsAbs(rule.GuestFile) {
+				return fmt.Errorf("field `%s.guestFile` must be an absolute path", field)
+			}
+		}
+		if rule.HostFile != "" {
+			if !filepath.IsAbs(rule.HostFile) {
+				// should be unreachable because FillDefault() will prepend the instance directory to relative names
+				return fmt.Errorf("field `%s.hostFile` must be an absolute path, but is %q", field, rule.HostFile)
+			}
+		}
+	}
 
 	if y.HostResolver.Enabled != nil && *y.HostResolver.Enabled && len(y.DNS) > 0 {
 		return fmt.Errorf("field `dns` must be empty when field `HostResolver.Enabled` is true")

pkg/store/filenames/filenames.go

@@ -47,6 +47,9 @@ const (
 
 	// InstanceSocketDir is the default location for forwarded sockets with a relative path in HostSocket
 	InstanceSocketDir = "sock"
+
+	// InstanceConfigDir is the default location for config files with a relative path in HostFile
+	InstanceConfigDir = "conf"
 )
 
 // Filenames used under a disk directory