Trellis on M1 Pro: vm start (Failed to connect to the host via ssh)

conorseed · March 2, 2024, 5:00am

Hey all I’d appreciate some help getting started. I’m new to Trellis and trying to get the local dev environment working on my M1 Pro.

I’m using the lima setup, seen as Vagrant requires Parallels on apple silicon and I don’t want to use that if I don’t have to! So I have python 3.9.6, limactl version 0.20.1, and trellis 1.11.1. Here’s the steps I’m taking:

trellis new domain.com
cd domain.com
trellis init
trellis vm start

At this point I get this error:

PLAY [WordPress Server: Install LEMP Stack with PHP and MariaDB MySQL] *********

TASK [Gathering Facts] *********************************************************
[WARNING]: Unhandled error in Python interpreter discovery for host default:
Failed to connect to the host via ssh: username@127.0.0.1: Permission denied
(publickey).
fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"127.0.0.1\". Make sure this host can be reached over ssh: username@127.0.0.1: Permission denied (publickey).\r\n", "unreachable": true}

I’m not sure what I’m doing wrong, nor what the problem is. Any assistance would be greatly appreciated.

Thanks!

conorseed · April 22, 2024, 8:59pm

@Jack_Kudla - I see you posted asking if I Had fixed it, but have now deleted the post. I was unable to fix it. Have you managed to figure it out?

Jack_Kudla · April 22, 2024, 9:42pm

Generate new key add to keychain, cleared hosts and deleted the vm started a new one

Jack_Kudla · April 25, 2024, 3:11pm

Were you able to get it working?

luke · April 26, 2024, 5:21pm

Since I upgraded from Intel to M3 Pro/macOS 14.4.1 I also had a lot of issues (both with lima and parallels, which is another topic).

I found out that you need to disable the firewall to get it working properly.
My steps to reproduce, even though I am not sure you have the same problem.

Start VM (failing)

trellis vm start failed with Could not determine IP address for VM instance: no IP address could be matched in the ip route output.

Full output

$ trellis vm start
Running command => limactl start example
INFO[0000] Using the existing instance "example"   
INFO[0000] Starting the instance "example" with VM driver "vz" 
INFO[0000] [hostagent] hostagent socket created at /Users/user/.lima/pinotandrock/ha.sock 
INFO[0000] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/user/.lima/example/serial*.log") 
INFO[0000] [hostagent] new connection from  to          
INFO[0000] SSH Local Port: 52445                        
INFO[0000] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0000] [hostagent] [VZ] - vm state change: running  
INFO[0009] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0009] [hostagent] The essential requirement 1 of 2 is satisfied 
INFO[0009] [hostagent] Waiting for the essential requirement 2 of 2: "user session is ready for ssh" 
INFO[0012] [hostagent] The essential requirement 2 of 2 is satisfied 
INFO[0013] [hostagent] Waiting for the guest agent to be running 
INFO[0013] [hostagent] Guest agent is running           
INFO[0013] [hostagent] Waiting for the final requirement 1 of 1: "boot scripts must have finished" 
INFO[0013] [hostagent] Not forwarding TCP 127.0.0.53:53 
INFO[0013] [hostagent] Forwarding TCP from 127.0.0.1:3306 to 127.0.0.1:3306 
INFO[0013] [hostagent] The final requirement 1 of 1 is satisfied 
INFO[0013] READY. Run `limactl shell example` to open the shell. 
Error starting VM.
Could not determine IP address for VM instance: no IP address could be matched in the ip route output

I could access the vm via limactl shell example, but i could not access it in the browser.

I noticed that /etc/hosts was not updated.
I used trellis vm sudoers | sudo tee /etc/sudoers.d/trellis, but it did not change anything.

Manually edited /etc/hosts

So, I added the entry myself:

127.0.0.1 example.test www.example.test

Provision

Then, I ran trellis provision development.
Now I can access the site via the browser.

Disable firewall

This issue helped a lot:

github.com/abiosoft/colima

Error starting with --network-address

opened 02:04PM - 27 Oct 22 UTC

liaden

### Description Attempting to start `--network-address` fails. Additional start…s without the flag fail with a different error message. Removing `~/.colima` allows for a successful start, without the network address. ### Version Colima Version: 0.4.6 Lima Version: 0.12.0, 0.13.0 Qemu Version: 7.1.0 ### Operating System - [ ] macOS Intel - [X] macOS M1 - [ ] Linux ### Reproduction Steps 1. `colima start --network-address` ### Expected behaviour Colima starts correctly. ### Additional context ### First start: ``` INFO[0000] starting colima INFO[0000] runtime: docker INFO[0000] preparing network ... context=vm WARN[0015] error starting network: error at 'preparing network': error running [/opt/homebrew/bin/colima daemon status default], output: "time=\"2022-10-27T09:57:15-04:00\" level=fatal msg=\"pid file not found: stat /Users/joel.johnson/.colima/default/daemon/daemon.pid: no such file or directory\"", err: "exit status 1" context=vm INFO[0015] creating and starting ... context=vm WARN[0015] error setting up routable IP address: vmnet ptp socket file not found: stat /Users/joel.johnson/.colima/default/daemon/vmnet.ptp: no such file or directory > Using cache "/Users/joel.johnson/Library/Caches/lima/download/by-url-sha256/e9bac04e9bdb31be4d3de1506d97eb60d59d9ad1a2d97f2b21f760e06f3e4408/data" > [hostagent] Starting QEMU (hint: to watch the boot progress, see "/Users/joel.johnson/.lima/colima/serial.log") > SSH Local Port: 57347 > [hostagent] Waiting for the essential requirement 1 of 5: "ssh" > [hostagent] QEMU has exited > exiting, status={Running:false Degraded:false Exiting:true Errors:[] SSHLocalPort:0} (hint: see "/Users/joel.johnson/.lima/colima/ha.stderr.log") FATA[0017] error starting vm: error at 'creating and starting': exit status 1 ``` ha.stderr.log: ``` {"level":"debug","msg":"Creating iso file /Users/joel.johnson/.lima/colima/cidata.iso","time":"2022-10-27T09:57:15-04:00"} {"level":"debug","msg":"Using /var/folders/1n/fvnyc01554s0240g36s382jh6nvfqs/T/diskfs_iso413631167 as workspace","time":"2022-10-27T09:57:15-04:00"} {"level":"debug","msg":"firmware candidates = [/Users/joel.johnson/.local/share/qemu/edk2-aarch64-code.fd /Users/joel.johnson/.colima/_wrapper/3a9197e1ca3cd2da076da2b473d7a7eb118e2cca/share/qemu/edk2-aarch64-code.fd /usr/share/AAVMF/AAVMF_CODE.fd /usr/share/qemu-efi-aarch64/QEMU_EFI.fd]","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"OpenSSH version 8.6.1 detected","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"AES accelerator seems available, prioritizing aes128-gcm@openssh.com and aes256-gcm@openssh.com","time":"2022-10-27T09:57:17-04:00"} {"level":"info","msg":"Starting QEMU (hint: to watch the boot progress, see \"/Users/joel.johnson/.lima/colima/serial.log\")","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"qCmd.Args: [/Users/joel.johnson/.colima/_wrapper/3a9197e1ca3cd2da076da2b473d7a7eb118e2cca/bin/qemu-system-aarch64 -m 2048 -cpu host -machine virt,accel=hvf,highmem=off -smp 2,sockets=1,cores=2,threads=1 -drive if=pflash,format=raw,readonly=on,file=/Users/joel.johnson/.colima/_wrapper/3a9197e1ca3cd2da076da2b473d7a7eb118e2cca/share/qemu/edk2-aarch64-code.fd -boot order=d,splash-time=0,menu=on -drive file=/Users/joel.johnson/.lima/colima/basedisk,media=cdrom,readonly=on -drive file=/Users/joel.johnson/.lima/colima/diffdisk,if=virtio,discard=on -cdrom /Users/joel.johnson/.lima/colima/cidata.iso -netdev user,id=net0,net=192.168.5.0/24,dhcpstart=192.168.5.15,hostfwd=tcp:127.0.0.1:57347-:22 -device virtio-net-pci,netdev=net0,mac=52:55:55:56:07:0a -device virtio-rng-pci -display none -vga none -device ramfb -device qemu-xhci,id=usb-bus -device usb-kbd,bus=usb-bus.0 -device usb-mouse,bus=usb-bus.0 -parallel none -chardev socket,id=char-serial,path=/Users/joel.johnson/.lima/colima/serial.sock,server=on,wait=off,logfile=/Users/joel.johnson/.lima/colima/serial.log -serial chardev:char-serial -chardev socket,id=char-qmp,path=/Users/joel.johnson/.lima/colima/qmp.sock,server=on,wait=off -qmp chardev:char-qmp -name lima-colima -pidfile /Users/joel.johnson/.lima/colima/qemu.pid]","time":"2022-10-27T09:57:17-04:00"} {"level":"info","msg":"Waiting for the essential requirement 1 of 5: \"ssh\"","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"qemu[stderr]: time=\"2022-10-27T09:57:17-04:00\" level=fatal msg=\"dial unix /Users/joel.johnson/.colima/default/daemon/gvproxy.sock: connect: no such file or directory\"","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"executing script \"ssh\"","time":"2022-10-27T09:57:17-04:00"} {"error":"exit status 1","level":"info","msg":"QEMU has exited","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"executing ssh for script \"ssh\": /usr/bin/ssh [ssh -F /dev/null -o IdentityFile=\"/Users/joel.johnson/.lima/_config/user\" -o IdentityFile=\"/Users/joel.johnson/.ssh/id_ed25519\" -o IdentityFile=\"/Users/joel.johnson/.ssh/id_rsa\" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o NoHostAuthenticationForLocalhost=yes -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o Compression=no -o BatchMode=yes -o IdentitiesOnly=yes -o Ciphers=\"^aes128-gcm@openssh.com,aes256-gcm@openssh.com\" -o User=lima -o ControlMaster=auto -o ControlPath=\"/Users/joel.johnson/.lima/colima/ssh.sock\" -o ControlPersist=5m -p 57347 127.0.0.1 -- /bin/bash]","time":"2022-10-27T09:57:17-04:00"} {"level":"debug","msg":"stdout=\"\", stderr=\"ssh: connect to host 127.0.0.1 port 57347: Connection refused\\r\\n\", err=failed to execute script \"ssh\": stdout=\"\", stderr=\"ssh: connect to host 127.0.0.1 port 57347: Connection refused\\r\\n\": exit status 255","time":"2022-10-27T09:57:17-04:00"} ``` ### Second start: ``` INFO[0000] starting colima INFO[0000] runtime: docker INFO[0000] preparing network ... context=vm WARN[0015] error starting network: error at 'preparing network': error running [/opt/homebrew/bin/colima daemon status default], output: "time=\"2022-10-27T10:01:35-04:00\" level=fatal msg=\"pid file not found: stat /Users/joel.johnson/.colima/default/daemon/daemon.pid: no such file or directory\"", err: "exit status 1" context=vm WARN[0015] error setting up routable IP address: vmnet ptp socket file not found: stat /Users/joel.johnson/.colima/default/daemon/vmnet.ptp: no such file or directory INFO[0015] starting ... context=vm > Using the existing instance "colima" > [hostagent] Starting QEMU (hint: to watch the boot progress, see "/Users/joel.johnson/.lima/colima/serial.log") > SSH Local Port: 57370 > [hostagent] QEMU has exited > exiting, status={Running:false Degraded:false Exiting:true Errors:[] SSHLocalPort:0} (hint: see "/Users/joel.johnson/.lima/colima/ha.stderr.log") FATA[0017] error starting vm: error at 'starting': exit status 1 ``` which is obviously due to the colima.yaml being updated with the `--network-address` flag.

I disabled my firewall, now the output is the following:

Full output

$ trellis vm start
Running command => limactl start example
INFO[0000] Using the existing instance "example"   
INFO[0000] Starting the instance "example" with VM driver "vz" 
INFO[0000] [hostagent] hostagent socket created at /Users/user/.lima/example/ha.sock 
INFO[0000] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/user/.lima/example/serial*.log") 
INFO[0000] [hostagent] new connection from  to          
INFO[0000] SSH Local Port: 52514                        
INFO[0000] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0000] [hostagent] [VZ] - vm state change: running  
INFO[0010] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0010] [hostagent] The essential requirement 1 of 2 is satisfied 
INFO[0010] [hostagent] Waiting for the essential requirement 2 of 2: "user session is ready for ssh" 
INFO[0010] [hostagent] The essential requirement 2 of 2 is satisfied 
INFO[0010] [hostagent] Waiting for the guest agent to be running 
INFO[0010] [hostagent] Guest agent is running           
INFO[0010] [hostagent] Waiting for the final requirement 1 of 1: "boot scripts must have finished" 
INFO[0010] [hostagent] Forwarding TCP from 127.0.0.1:3306 to 127.0.0.1:3306 
INFO[0010] [hostagent] The final requirement 1 of 1 is satisfied 
INFO[0010] [hostagent] Forwarding TCP from 0.0.0.0:80 to 127.0.0.1:80 
INFO[0010] READY. Run `limactl shell example` to open the shell. 

Updating /etc/hosts file (sudo may be required, see `trellis vm sudoers` for more details)

Your Trellis VM is ready to use!

* Composer and WP-CLI commands need to be run on the virtual machine for any post-provision modifications.
* You can SSH into the machine with 'trellis vm shell'
* Then navigate to your WordPress sites at '/srv/www'

The /etc/hosts file was updated automatically:

## trellis-start-example
192.168.106.2 example.test www.example.test
## trellis-end-example

Note the different IP address. 127.0.0.1 was working for me, at least sometimes
I deleted my manual entry.

luke · July 30, 2024, 10:36am

To make the VM start correctly while having the macOS firewall enabled, this worked for me:

/usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd
/usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd

Source: GitHub - lima-vm/socket_vmnet: vmnet.framework support for unmodified rootless QEMU (no dependency on VDE)