Trellis on M1 Pro: vm start (Failed to connect to the host via ssh)

Hey all :slight_smile: I’d appreciate some help getting started. I’m new to Trellis and trying to get the local dev environment working on my M1 Pro.

I’m using the lima setup, seen as Vagrant requires Parallels on apple silicon and I don’t want to use that if I don’t have to! So I have python 3.9.6, limactl version 0.20.1, and trellis 1.11.1. Here’s the steps I’m taking:

  1. trellis new domain.com
  2. cd domain.com
  3. trellis init
  4. trellis vm start

At this point I get this error:

PLAY [WordPress Server: Install LEMP Stack with PHP and MariaDB MySQL] *********

TASK [Gathering Facts] *********************************************************
[WARNING]: Unhandled error in Python interpreter discovery for host default:
Failed to connect to the host via ssh: username@127.0.0.1: Permission denied
(publickey).
fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"127.0.0.1\". Make sure this host can be reached over ssh: username@127.0.0.1: Permission denied (publickey).\r\n", "unreachable": true}

I’m not sure what I’m doing wrong, nor what the problem is. Any assistance would be greatly appreciated.

Thanks!

@Jack_Kudla - I see you posted asking if I Had fixed it, but have now deleted the post. I was unable to fix it. Have you managed to figure it out?

Generate new key add to keychain, cleared hosts and deleted the vm started a new one

Were you able to get it working?

Since I upgraded from Intel to M3 Pro/macOS 14.4.1 I also had a lot of issues (both with lima and parallels, which is another topic).

I found out that you need to disable the firewall to get it working properly.
My steps to reproduce, even though I am not sure you have the same problem.

Start VM (failing)

trellis vm start failed with Could not determine IP address for VM instance: no IP address could be matched in the ip route output.

Full output
$ trellis vm start
Running command => limactl start example
INFO[0000] Using the existing instance "example"   
INFO[0000] Starting the instance "example" with VM driver "vz" 
INFO[0000] [hostagent] hostagent socket created at /Users/user/.lima/pinotandrock/ha.sock 
INFO[0000] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/user/.lima/example/serial*.log") 
INFO[0000] [hostagent] new connection from  to          
INFO[0000] SSH Local Port: 52445                        
INFO[0000] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0000] [hostagent] [VZ] - vm state change: running  
INFO[0009] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0009] [hostagent] The essential requirement 1 of 2 is satisfied 
INFO[0009] [hostagent] Waiting for the essential requirement 2 of 2: "user session is ready for ssh" 
INFO[0012] [hostagent] The essential requirement 2 of 2 is satisfied 
INFO[0013] [hostagent] Waiting for the guest agent to be running 
INFO[0013] [hostagent] Guest agent is running           
INFO[0013] [hostagent] Waiting for the final requirement 1 of 1: "boot scripts must have finished" 
INFO[0013] [hostagent] Not forwarding TCP 127.0.0.53:53 
INFO[0013] [hostagent] Forwarding TCP from 127.0.0.1:3306 to 127.0.0.1:3306 
INFO[0013] [hostagent] The final requirement 1 of 1 is satisfied 
INFO[0013] READY. Run `limactl shell example` to open the shell. 
Error starting VM.
Could not determine IP address for VM instance: no IP address could be matched in the ip route output

I could access the vm via limactl shell example, but i could not access it in the browser.

I noticed that /etc/hosts was not updated.
I used trellis vm sudoers | sudo tee /etc/sudoers.d/trellis, but it did not change anything.

Manually edited /etc/hosts

So, I added the entry myself:

127.0.0.1 example.test www.example.test

Provision

Then, I ran trellis provision development.
Now I can access the site via the browser.

Disable firewall

This issue helped a lot:

I disabled my firewall, now the output is the following:

Full output
$ trellis vm start
Running command => limactl start example
INFO[0000] Using the existing instance "example"   
INFO[0000] Starting the instance "example" with VM driver "vz" 
INFO[0000] [hostagent] hostagent socket created at /Users/user/.lima/example/ha.sock 
INFO[0000] [hostagent] Starting VZ (hint: to watch the boot progress, see "/Users/user/.lima/example/serial*.log") 
INFO[0000] [hostagent] new connection from  to          
INFO[0000] SSH Local Port: 52514                        
INFO[0000] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0000] [hostagent] [VZ] - vm state change: running  
INFO[0010] [hostagent] Waiting for the essential requirement 1 of 2: "ssh" 
INFO[0010] [hostagent] The essential requirement 1 of 2 is satisfied 
INFO[0010] [hostagent] Waiting for the essential requirement 2 of 2: "user session is ready for ssh" 
INFO[0010] [hostagent] The essential requirement 2 of 2 is satisfied 
INFO[0010] [hostagent] Waiting for the guest agent to be running 
INFO[0010] [hostagent] Guest agent is running           
INFO[0010] [hostagent] Waiting for the final requirement 1 of 1: "boot scripts must have finished" 
INFO[0010] [hostagent] Forwarding TCP from 127.0.0.1:3306 to 127.0.0.1:3306 
INFO[0010] [hostagent] The final requirement 1 of 1 is satisfied 
INFO[0010] [hostagent] Forwarding TCP from 0.0.0.0:80 to 127.0.0.1:80 
INFO[0010] READY. Run `limactl shell example` to open the shell. 

Updating /etc/hosts file (sudo may be required, see `trellis vm sudoers` for more details)

Your Trellis VM is ready to use!

* Composer and WP-CLI commands need to be run on the virtual machine for any post-provision modifications.
* You can SSH into the machine with 'trellis vm shell'
* Then navigate to your WordPress sites at '/srv/www'

The /etc/hosts file was updated automatically:

## trellis-start-example
192.168.106.2 example.test www.example.test
## trellis-end-example

Note the different IP address. 127.0.0.1 was working for me, at least sometimes :smiley:
I deleted my manual entry.

To make the VM start correctly while having the macOS firewall enabled, this worked for me:

/usr/libexec/ApplicationFirewall/socketfilterfw --add /usr/libexec/bootpd
/usr/libexec/ApplicationFirewall/socketfilterfw --unblock /usr/libexec/bootpd

Source: GitHub - lima-vm/socket_vmnet: vmnet.framework support for unmodified rootless QEMU (no dependency on VDE)

2 Likes

I need to do this once after every reboot (before starting the vm). Do other people have the same problem? I am still on Sonoma, will rereport after updating.

I used to have this issue with Lima pretty consistently, but it seems to have been a lot more stable as of this summer

FWIW I was also on Sonoma until fairly recently