[Windows Please] #909
Comments
AkihiroSuda
added
enhancement
I don't see how we could improve on the performance of WSL and Hyper-V on Windows. So unless somebody else has ideas, and the ability to implement them, this is unlikely to happen. |
|
I think you can use the QEMU binaries with the WHPX acceleration, along with any available ISO, to see the "baseline" performance. If that is not enough, I guess this is more a request for running Windows containers (like Docker) ? https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/ I would be OK with being able to run VMs the same way on Windows, that is available on Mac and Linux today (i.e. QEMU). We had this with But I don't run Windows myself, and when I do it is with something like MSYS |
|
There are some The "lockutil" are just missing some nerdctl code available. The syscall needs wrapping... https://github.com/containerd/nerdctl/tree/master/pkg/lockutil EDIT: added:
|
|
Something like: (see MSYS2, and https://www.alpinelinux.org/downloads/) $ /c/Program\ Files/qemu/qemu-system-x86_64 -m 512 -smp 1 \
-accel whpx,kernel-irqchip=off -cdrom alpine-virt-3.16.0-x86_64.iso
Windows Hypervisor Platform accelerator is operational
The display looks broken (no input), but EDIT: The kernel-irqchip thing was a workaround for a startup error:
And with "almost works", I mean this console has some weird issues: localhost:~# apk add containerd
pk add containerd
-ash: pk: not foundEDIT:
Here the console interaction works better. |
|
So lima "works", and qemu "works". Left to do is making them work together, and add some documentation. 😃 Accelerator: https://docs.microsoft.com/en-us/virtualization/api/hypervisor-platform/hypervisor-platform (WHPX)
The main difference between WSL2 and Lima, is that lima uses a new virtual machine for each instance... It is possible to start one Linux distribution (like Alpine), and then start system containers for Ubuntu or whatever. |
|
Almost got it to run, final hurdle is converting paths for qemu (dos, argh) and scripts for ssh (don't ask) Fixes (PRs):
Verified:
Fallbacks:
Workarounds:
User needs to add qemu, and regular tools - either MSYS2 or Git for Windows (MinGW) would work... It's all normal programs, so it would be possible to install Using the "whpx" accelerator requires Windows with Hyper-V (Pro?), falling back to "haxm" would be possible. Will make a PR for the fallbacks, but the rest needs a design decision - or to wait for At this point it is just a proof-of-concept or technical demo, users are still recommended to use WSL2. Note: this does not improve the performance (with Hyper-V), but it should be on par with the Mac version ? I assume that all developers will be using Unix, and will not set up anything for PowerShell or DOS etc. |
@afbjorklund are you aware if there is any activity enabling |
|
Sorry, I don't know anything about it. The information I stumbled upon so far looked more like "gross hacks" than anything else. https://cygwin.com/pipermail/cygwin/2020-June/245088.html I will assume that Unix sockets are unavailable on Windows |
|
Afaik, Podman only uses Unix sockets for legacy (pre 18.09) Docker clients ? The other clients use SSH directly |
|
Podman machine uses unix socket for qmp at least And looks like for virtio-serial device These are extracts from podman machine start command line running on MacOS. |
|
Oh, I thought you meant for the podman connection... |
|
No. I was talking about |
|
For the PoC, I just used Didn't bother creating a qmp Monitor for Unix though, "left as an exercise" |
|
But otherwise, I would be happy enough if
https://pkg.go.dev/os/exec#Command
|
|
Turns out that qemu doesn't start up correctly with The WHPX accelerator is not compatible with Using Wine is too unstable to do anything but run unit tests, even with The path issues were related to that In case your home directory is This affects the default $LIMA_HOME and ~/.ssh, so probably needs some $HOME workaround/fallback <sigh>. |
|
More random whpx failures: Come and go, mysteriously... It seems to mostly affect the default (ubuntu) image, even though only the ISO / URL changes ?. Not the alpine (alpine-lima) image, but unfortunately it does not include any nerdctl/containerd. |
|
Unfortunately, the terminal detection and signal handling is all messed up. If you terminate the |
|
In theory, this would be the way to fix the home:
In practice, this is the only workaround that works:
Probably want to flip these internal paths back to regular again, before displaying them to the user ? Ironically, this seems to be done using EDIT: Added PR, instead of hardcoded string: |
|
Basic operation on Windows 10, when using Alpine with a custom containerd + nerdctl installation.
$ limactl ls
NAME STATUS SSH ARCH CPUS MEMORY DISK DIR
alpine Running 127.0.0.1:51129 x86_64 4 4GiB 100GiB C:\Users\ANDERS~1\.lima\alpine
$ uname
MINGW64_NT-10.0-19044
$ lima uname
Linux
$ lima sudo nerdctl version
Client:
Version: v0.21.0
OS/Arch: linux/amd64
Git commit: 9ddf5226eabcbb7b4b43987f3b0f8d53d86d3bca
Server:
containerd:
Version: v1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1Note: no mounts, until the host/guest path situation is sorted out
Note: no virtfs on windows, which means no 9p only sshfs mounts
Ubuntu template is still broken, MSYS2 terminal is still broken ("invalid quotes") hostagent/useragent uses insecure ports, and qmp/serial sockets are disabled... |
|
This is the EFI bug, turns out alpine still uses BIOS: https://gitlab.com/qemu-project/qemu/-/issues/513 Seems like a workaround is to use EDIT: Indeed, that was it (with a custom OVMF.fd)
So now both images are working OK, with WHPX. |
|
Fixed the quoting issues for MSYS, so now all three consoles should work (with
Will push "port" and "pipe" up as drafts, and rebase and clear up the home directory...
|
|
Typical output: MSYS2
MinGW64
cmd.exe
|
|
Thanks a lot @afbjorklund
This is fine until |
I know, that is why I left it in draft. It's the same status as Docker's port 2375 - ok for testing development, but needs port 2376 for deployment production. Same thing with the named pipes unfortunately, currently it is using "null" instead of "pipe" in qemu. Anyway, I will put the code up there for reading - hopefully there is some reasonable implementation to add tls to it (?), and hopefully there is some easy fix / patch to qemu for windows to allow it to still boot even when given the pipe option. Investing some weird panic with the dns server as well, commented it out - but need to find out why it won't start... logrus.Debugf("Start %v server listening on: %v", network, addr)
if e := s.ListenAndServe(); e != nil {
panic(e)
}So it remains in the "proof of concept" status, reason for pushing it is so that any Windows developer can help out. |
|
@afbjorklund Thank you for your PRs. 👍 I will explore what was the progress. |
|
OpenSSH MUX is going to be tricky. Even in msys2 or cygwin environments it works only with proxy mode, because passing FDs is not supported on Windows. But native port of OpenSSH for Windows rn is missing AF_UNIX support (haven't checked yet if this is due to compiler settings or missing bits in code). |
|
Another show stopper for now. QEMU needs this patch (I will update my builds) https://lists.gnu.org/archive/html/qemu-devel/2022-07/msg04837.html So, before for the moment my experiments are limited to deprecated/centos-7 as the only template using legacy bios. |
|
Custom built QEMUwith 2 patches. Default box with UEFI. OpenSSH from msys2. Running default nginx. Automatic forwarding didn't happen, so, had to trigger it over ssh manually. File mounts were disabled during this experiments - they are the next ones after I will solve port forwarding issues. Unix socker (ga.sock) forwarding through ssh is done via ssh to random local tcp and then random local tcp to unix socket with gocat. SSH multiplexing was switched to proxy mode as FD forwarding doesn't work on Windows (even in cygwin/msys2).
|
Port forwarding is ok now. Next priorities
Further down the road:
|
|
Thanks @arixmkii
TCP sockets are dangerous even on localhost, so this has to be protected with mTLS or something similar. |
Indeed they are. If the handshake will become a part of proxying app then at least it would isolate the main lima code base from supporting TCP based GA client. But this is somehow distant. For now I will better focus on patches for making lima more windows compatible. I will start opening issues covering identified isolated topics in the coming days. Update: If ever MS fork of OpenSSH will start supporting AF_UNIX and ContolPath options, many things would be solved automagically (dreaming here a bit). |
|
SSHFS looks pretty dead to me. Will try 9pfs first and if this works, then will not even try sshfs, probably. |
Yes, there are active forks though |
|
It seems that sshfs binary is needed only for guest OS. 😌 |
|
Another take on "bad" paths issue func toCygpath(p string) string {
if runtime.GOOS == "windows" {
cp, _ := call([]string{"cygpath", "-u", p}, nil)
cd := path.Dir(cp)
cf := path.Base(cp)
h := sha256.New()
h.Write([]byte(cd))
sha256_hash := hex.EncodeToString(h.Sum(nil))
td := path.Join("/tmp", sha256_hash)
_, err := call([]string{"test", "-d", td}, nil)
if err == nil {
return path.Join(td, cf)
}
_, err = call([]string{"ln", "-s", cd, td}, []string{"MSYS=winsymlinks:nativestrict"})
if err == nil {
return path.Join(td, cf)
}
return cp
}
return p
}This utilized symlinks. So, we will create a symlink of good path to "bad" one. Good is constructed as "/tmp/SHA256VALUEOFBADONE". The problem is that symlink operation on Windwos host requires either elevation or developer mode settings in the OS. And obviously running limactl and all children in elevated mode is not a great idea. So, we are here left with a developer mode, which is kinda okay-ish as I consider Lima as a development tool, but not everyone would agree. The solution would be to provide the script, which user could run elevated, which will create all symlinks for the specific user is advance and then the code if detects one will just use that link via path substitution. Would be much better if ssh ControlPath would just accept all valid paths (I think it is the only place, where it rejects paths with whitespaces, not so sure with full unicode support). Update 1: the good part is that we only need this magic around SSH commands, all other tools should work with Windows paths. |
|
Status updates:
Regarding 9pfs. It did work only RO, when I tried it with Podman, so, it is consistent at least, but let's see what response I will get about that issue, because annotation to the patchset mentions Write as supported. Will work on creating separate issues for the code parts, which needs improvements to support Windows. |
|
Tested this workaround #909 (comment) with cygwin. This works with cygwin symlinks, which doesn't require any sort of elevation or development mode. So, in this aspect cygwin has its edge over msys2 option. |
|
Published QEMU build with 9pfs and pflash/UEFI patches (functionally equal to what I used for my experiments, but now built with CI) https://github.com/arixmkii/qcw/releases/tag/v0.0.8 |
|
Hey folks! I'm working on a book, and as someone completely enamored with the Lima experience on the Mac for demonstrating Linux system programming, it would be wonderful to see parity of experience for Windows users. Respect for all the open source contributors here -- the effort I see in this thread alone to make this happen is nothing short of amazing, so how unrealistic am I to hope that this is something that might be achieved by early 2024? |
|
Another possibility for Windows users, besides using the portable QEMU, would be a Hyper-V driver... But I have not payed attention to what the current status is, the PoC was "working" but had security issues. |
|
Since #1721 got merged, what's the status now? Does the docs mention how to install limactl on Windows or WSL2? |
No docs yet (contribution is wanted), but it is installed and tested in the CI like this lima/.github/workflows/test.yml Lines 84 to 137 in 4e1cfac |
|
I returned to experimenting with Lima + QEMU on Windows. Previous big no-goes were lack of mTLS (because of intermediated TCP between cygwinish runtimes and native Windows) and mux behaving differently (breaking some commands and taking it ugly). There were hopes that AF_UNIX would come to OpenSSH Windows builds, but there was barely any progress and mux support was not even in the first batch to be added. Since then I changed concept how this could be achieved. Instead of cygwin/msys2/git shell going full Linux with a minimalist Alpine based VM with WSL2 mirrored networking mode (to have full localhost magic). This small distro will cover all networking stuff and utilities (like Why WSL2 VM instead of cygwin:
It is sort of stupid to have a lightweight VM next to a full sized VM, but if that actually works may be it is not that stupid. I got some successes - running web server with port forwarding and lima shell operational, now will move to checking if reverse-sshfs will be a troublemaker. |
|
I think that containers work quite well in the "new" WSL of Windows 11, now that it has both cgroups v2 and systemd*. But it would still be nice to have QEMU support on all platforms, and some kind of simple Hyper-V VM driver (without WSL) * it even supports KVM and GUI, which was a bit surprising Probably need the driver framework to be in place, though? |
|
This arixmkii@16467b4 got me usable QEMU setup with port forwarding, 9p, reverse-sshfs. To hide the complexity of WSL hosted tools I wrote this tool https://github.com/arixmkii/go-wsllinks So, under
The Lima can use them almost the same way as native tools (path translation is added, where required). I still need to finalized build scripts for WSL distro (for tests I manually imported Alpine and installed all tools). What still requires work - AF_UNIX socket forwarding. I checked that it is still possible to implement through intermediate TCP transport, but this will not be good w/o mTLS, I hope to figure out another way. I also need to test WSL driver support, I definitely broke this, so, this will need fixing. I plan to finalize WSL distro stuff and then setup CI to create at least one test build for sharing. Then I will do another round evaluating options for AF_UNIX forwarding support. |
No doubts here. From my point of view the powerful VM provisioning provided by Lima is as great as containers experience it gives. Having this option available would be beneficial. |
|
I built very first artifact version from my experimental code with CI and it is available here: https://github.com/arixmkii/qcw/releases/tag/v0.0.28 They are highly experimental and for evaluation purposes only, don't try it on your production/important systems. People interested should consult the README file for instructions. The list of code changes applied on top of Lima sources is arixmkii@f97d2c5 |
|
Resolved blocking issues with WSL2 machine type in my rebuilds (containerd is experiencing issues after setup, this is yet to be investigated). Updated versions will be published here https://github.com/arixmkii/qcw/releases/tag/v0.0.29 It is important to delete previous version of lima-infra WSL instance and install the new one. The build is still for evaluation purposes only and not production ready. Submitted some quick win fixes:
And created a backlog for other required changes:
Some other planned activities - test/evaluate with msys2 userland instead on WSL2, add at least basic testing to the current CI builds (CI part basics are done for WSL flavor, I will add some QEMU variants, when the thing runs against upstream QEMU - needs #3176). |
Description
Hi ,
This is such a great work , hoping for the Windows version
WSL is good but very slow in most cases , i prefer to have this in windows , :) hope that this will be available soon.
Thanks
The text was updated successfully, but these errors were encountered: