
Multipass 1.0 – Mini-cloud on Mac or Windows workstation - popey
https://multipass.run/
======
programd
Worth noting that Multipass does not support launching VMs with bridged
networking. See this issue for details:

[https://github.com/canonical/multipass/issues/118](https://github.com/canonical/multipass/issues/118)

This means that your VMs won't be able to get IP addresses on your LAN via
DHCP. Kind of a fundamental omission for this kind of product I would think.
Curious that it's not a high priority issue for them.

Also, what's the IPv6 story here? I didn't see anything in the docs addressing
that, unless I'm missing something.

~~~
freedomben
Maybe we have very different use cases, but I almost never use bridged
networking. Typically what I want is all outgoing connections to be NATed
through the host.

That said I agree, it should be an option. There are certainly use cases for
it.

~~~
kenny_r
They're marketing this as a "mini-cloud". If it can only network through NAT,
that eliminates all use cases where the VM instances would act as a server.

I'm a sysadmin, so I like tools like this to test out provisioning of servers
with configuration management such as Ansible or Puppet.

Running tests at the end where I actually test the endpoints of the deployed
services would be really nice to have, but impossible to do through NAT.

I guess that's a niche use case for this because Vagrant had the same issue
for a long time, where setting up a bridged network was not possible or
required some hacks.

~~~
tomjakubowski
I'm missing something - even without bridged networking, the VMs should still
be able to network with each other, and the VM host should also be able to
reach each VM. So I don't see how the lack of bridged networking prevents you
from testing the deployed VMs. Do you need to control the tests from somewhere
outside the VM host?

~~~
jsjohnst
NAT networking does not imply the host running Multipass can access ports
exposed on the VMs, quite the opposite. Host only would imply that, but not
typical NAT in a virtual machine. Not saying it’s not possible with Multipass,
just saying it shouldn’t be assumed it does.

~~~
mlyle
Generally if you are on a router performing NAT, you have routes to the hosts
behind the NAT. Whenever I've used VMs with NAT I've been able to interact
with the NAT'd network from the actual hypervisor host.

~~~
jsjohnst
Which hypervisor are you using?

As one example, VirtualBox[0] only allows host -> VM via port forwards when
using NAT networking.

[0] see table 6.1 here:
[https://www.virtualbox.org/manual/ch06.html](https://www.virtualbox.org/manual/ch06.html)

~~~
mlyle
Yes, VirtualBox is an exception, because it does its own weird NAT.

VMware:

> The host computer has an adapter on the NAT network (identical to the host-
> only adapter on the host-only network). This adapter allows the host and the
> virtual machines to communicate with each other for such purposes as file
> sharing. The NAT never forwards traffic from the host adapter.

Libvirt/KVM:

> By default, guests that are connected via a virtual network with <forward
> mode='nat'/> can make any outgoing network connection they like. Incoming
> connections are allowed from the host, and from other guests connected to
> the same libvirt network, but all other incoming connections are blocked by
> iptables rules.

Hyper-V lets you connect from host to NAT'd guests, though the documentation
doesn't explicitly say this. Parallels works this way too. Xen is a weird one,
because it doesn't really do the NAT itself; if you follow the Linux
instructions it'll work the way I describe.

~~~
jsjohnst
While I agree, some hypervisors act differently, but my original comment
stands as due to at least one major hypervisor not allowing direct host access
to NAT’d VMs, you can’t assume it works given no context.

Either way, thanks for the research. I stopped after checking VMware.

------
amanzi
This actually looks great, installing it now to try out.

But the title of this HN post doesn't really explain what it is, since a
"mini-cloud" implies a lot more than just Ubuntu VMs. The actual headline of
the target page is: "Instant Ubuntu VMs", with a subtitle of: "A mini-cloud on
your Mac or Windows workstation." And the title of the page is: "Multipass
orchestrates virtual Ubuntu instances" which makes much more sense.

This really is great - after installing it's as simple as "multipass launch"
to create and start a new instance, and then "multipass shell" to get a shell
prompt. In the background it uses the native Hyper-V hypervisor to run the
VMs.

~~~
kenny_r
I've been playing around with it for a bit, but I don't really see what it has
to offer that Vagrant doesn't already do.

"multipass launch" and "multipass shell" do the same as "vagrant up" and
"vagrant ssh".

Vagrant has been around since 2010 and is super mature by now. Multipass seems
to be limited to LTS Ubuntu releases, for now at least. There are Vagrant
boxes for all Ubuntu releases but also Debian, CentOS or whatever else you
would want to run.

~~~
amanzi
The advantage over Vagrant is that it's a lot less complex. I've tried Vagrant
on Windows before and really struggled with it, when all I wanted was a quick
and easy way to launch lots of VMs.

------
ltbarcly3
I appreciate the Fifth Element reference, but what does running a mini cloud
have to do with an identification card? Shouldn't 'Multipass' be used for some
kind of oauth library or something? Not a great name for a personal cloud.

Or is it 'MultiPASS, multiple platforms as a service'? Still doesn't make
sense, presumably this is a personal PASS, since it isn't multiple platforms
as a service, it's a single platform as a service provider, different from
other PASS providers in that you can run it on your laptop.

~~~
FpUser
Oh sweet memories. I loved that movie

~~~
nickthegreek
I recommend checking out the UHD bluray. One of the best 4k's out.

------
stephenr
I'm confused what this offers, over say vagrant.

It mentions "run linux VMs" at least once but then seems to only be about
Ubuntu VMs.

~~~
moondev
vagrant

* try to find a solid reliable "box" to launch

* ensure your virt provider is supported and configured

* create a vagrant file and configure it

* "vagrant up" and more vagrant-specific provisioning in the vagrantfile.

* Destroy the vm and then have to toil through provisioning again if you didn't export your "box"

multipass (same on macos/linux/windows)

multipass launch -n my-machine -c 2 -m 4G -d 20G bionic --cloud-init my-cloud-
init.yaml

~~~
stephenr
So besides the fact that this tool has exactly the same “problems” you
describe in the first two points (see another sub thread for MacOS vs Linux
host running this tool - different images are available; and you’re just
trusting that “bionic” is a “solid reliable” image to use), the rest of your
complaint is: “I don’t want a file that defines my one or 100 vm setup so I
can commit it to the project. I want to run a command and define the same
attributes over and over again every time any person on the project needs to
use it”.

Also I don’t know why you mentioned “vagrant destroy” and then went on about
“toil through your provisioning”.

If you want to use cloud init, there is a vagrant provisioner that supports
it. If you don’t, you can use another one like shell scripts or chef or salt
or puppet or Ansible or whatever.

If you destroy the machine the provisioning will need to run again - yes. But
why would you destroy the machine if you don’t want it to start from scratch?
But what toiling is there? Once the provisioners are defined, you just let
them run - how is that different than a cloud init provisioned vm?

~~~
moondev
> If you want to use cloud init, there is a vagrant provisioner that supports
> it

Are you referring to this? Looks like it only works for virtualbox provider.
[https://github.com/jameskeane/vagrant-
cloudinit](https://github.com/jameskeane/vagrant-cloudinit)

My main point is simplicity wins. No need to mess with providers and plugins
and tooling/provider/plugin specific provisioning logistics.

Cloud-init is becoming the de-facto machine provisioning format, it's great to
be able to hack on it locally and get the same results elsewhere. Sharing it
is great as well, install multipass and point to the cloud-config. Done.

> If you destroy the machine the provisioning will need to run again - yes.
> But why would you destroy the machine if you don’t want it to start from
> scratch? But what toiling is there? Once the provisioners are defined, you
> just let them run - how is that different than a cloud init provisioned vm?

Fair enough! I agree which you here it was probably a bad example on my part.

> Once the provisioners are defined, you just let them run - how is that
> different than a cloud init provisioned vm?

Which provisioner for which provider? And what plugins does it need? cloud-
init is just more simple and portable to use IMO.

~~~
teilo
> My main point is simplicity wins.

Not true. The moment you need to do anything too complex for a simplistic
tool, simplicity loses. Multipass doesn't do CentOS, for example. Therfore,
for some of my use cases, multipass's simplicity loses.

Furthermore, with multipass, as soon as you need to do anything beyond
launching a default image, it's no longer simple. It's just as complicated as
Vagrant. Someone has to write your cloud-config.yaml file, just as someone has
to write an Ansible playbook.

~~~
moondev
Multipass on Linux does CentOS and any other cloud-init enabled image.

It currently does not support this for some reason on macos which really
sucks! Hopefully it will eventually.

I also want to say that I enjoy using Vagrant as well. It certainly has it's
advantages for certain use-cases. For my personal most common use-case, I
prefer multipass. That's all! Glad to see there are multiple options
continuing to evolve in this space!

------
farisjarrah
Great to see this project maturing! I love testing out random command line
utilities and programs with this. IMO, this is a much nicer tool for
evaluating CLI tools then docker containers because its a full VM and behaves
a lot more like my laptop then a docker container.

~~~
kccqzy
Docker containers can be as like your laptop as you wish them to be in terms
of user land. You can install all the usual stuff present on your laptop into
the container.

------
wenc
For folks who have used this and WSL, how does this compare to WSL? (Windows
Subsystem for Linux)

Has anyone tried to run production(ish) workloads on WSL? Multipass?

~~~
simosx
Currently, you can only use WSL1 in Windows. WSL1 is emulation and has way too
few features compared to a proper virtual machine. WSL2 currently is available
only through the Windows Insider Program, which is something that you will NOT
setup on a work machine.

WSL2 is still work in progress. Currently it misses many features and the
provided Linux kernel does not include many kernel modules (several for
networking are missing). For example, WSL2 currently does not support bridge
networking.

~~~
pletnes
In my experience, WSL1 is also very, very slow and cannot run all programs. A
while ago, no haskell programs would run, for instance. Not sure about the
current status though.

Another limitation in WSL1 is that it cannot run docker. And so on.

It still might be an OK way to obtain *nix based software, and can «see» your
windows directory tree without any mounting/configuration. And no VM is
needed.

~~~
whycombagator
> In my experience, WSL1 is also very, very slow

I've commented this in the past, but WSL1 is much faster than WSL2 when
interoping with the Windows file system[0]

[0][https://github.com/microsoft/WSL/issues/4197](https://github.com/microsoft/WSL/issues/4197)

------
4bpp
Is there something comparable to this that is offered as a native $distro
(Debian in particular) package, rather than a Snap? I'm slightly allergic to
running parallel package managers.

~~~
stephenr
Vagrant?

~~~
4bpp
Looks fairly comparable, but the writeup at
[https://docs.cumulusnetworks.com/cumulus-vx/Development-
Envi...](https://docs.cumulusnetworks.com/cumulus-vx/Development-
Environments/Vagrant-and-Libvirt-with-KVM-or-QEMU/) makes me think it might
not quite treat "standard Linux-world solutions" as first class citizens. (Not
to mention "vagrant plugin install ..." also looks a lot like a parallel
package manager.)

------
herewego
I’ve used Multipass extensively and I can honestly say, while it’s a great
start, it’s not even remotely ready for prime time on MacOS. I have lost tons
of VMs that get stuck shutting down and are never able to come back up due to
corruption. Still, it’s worth checking back in at a later date. Docker
continues to be my go-to for now.

------
buckhx
Multipass was the only way I could get a local k8s install that didn't shred
my laptop. Albeit I/O perf was bad, but would build containers on the host and
put them in a spot containerd could pick them up in the VM. Worked pretty
well, but a bit hairy to set up.

------
ballen
If by chance someone is looking for a VM management software around hyperkit,
I've been working on
[https://github.com/bensallen/hkmgr](https://github.com/bensallen/hkmgr) in my
spare time.

------
riffic
How does this fit in with other vm tooling such as vagrant?

------
moondev
Anyone know if there is a way to launch custom qcow2 images with this on
macOS? last time I tried this it only worked on Linux.

~~~
simosx
On MacOS, Multipass uses the native VM software provided by the operating
system. And you use Multipass to launch Ubuntu virtual machines. I do not
think that Multipass would be able to directly launch custom qcow2 images.

However, your question is actually whether on MacOS you can have nested
virtualization. Because, if MacOS (and Multipass support) it, then this is
what you need.

~~~
moondev
> I do not think that Multipass would be able to directly launch custom qcow2
> images.

It absolutely does on linux (which uses the qemu driver). <url> is a custom
image URL that is in [http://](http://), [https://](https://), or file://
format.

As long as the image is a "cloud" image with cloud-init installed it works
fine. I tested this with a fedora image on linux.

> However, your question is actually whether on MacOS you can have nested
> virtualization. Because, if MacOS (and Multipass support) it, then this is
> what you need.

This was not my question, but I don't believe nested virt is supported on
macOS with multipass. Someone correct me if i'm wrong but I think nested virt
is only available via VMware Fusion on macOS, multipass uses
hypervisor.framework via hyperkit

~~~
simosx
Thanks for the correction.

Indeed, you can launch many more images than those you get when you run
"multipass find".

There is a post about this at [https://discourse.ubuntu.com/t/new-way-to-
launch-images-othe...](https://discourse.ubuntu.com/t/new-way-to-launch-
images-other-than-cloud-images-from-simplestreams/6282)

~~~
moondev
Right, "multipass find" only lists the curated ubuntu LTS images on macos.
Attempting to launch a qcow2 or img on macos shows "launch failed: http and
file based images are not supported" which leads back to my original question.

qcow2/img launching indeed works fine on linux

~~~
simosx
multipass supports two hard-coded remotes, `release:` and `snapcraft:`. It
should be feasible to be able to launch any of the VM images from LXD (i.e.
[https://us.images.linuxcontainers.org/](https://us.images.linuxcontainers.org/)),
as long as there was a way to add a new _remote_.

edit: there is a pending issue
[https://github.com/canonical/multipass/issues/307](https://github.com/canonical/multipass/issues/307)

------
alexellisuk
This is like what Docker Desktop did for Virtualbox and docker-machine. Lean
UX, faster hypervisor. Don't need the complexity of Vagrant when one command
gets me what I need - a fresh Ubuntu VM with our without my custom cloud-init.

I just don't get what's closed source and open and why they had to write it in
C++

------
kstenerud
I've been using multipass for some time now, and I'm super happy to see it
finally released!

It's basically like LXD, except for VMs instead of containers. Launching
fully-functional virtual machines is a breeze.

~~~
locusm
I was hoping this was LXD for Win/OSX

~~~
simosx
There is already LXD for Win/OSX, [https://ubuntu.com/blog/lxd-client-on-
windows-and-macos](https://ubuntu.com/blog/lxd-client-on-windows-and-macos)

That is, you get a native LXD client, and then configure the appropriate
`remote:` to connect to the VM that has LXD running.

------
nickthemagicman
Don't containers only use one process? I.e. you would need some orchestration
tool to use nginx and python at the same time for example when using
containers. Whereas this would allow both to run on the same instance due to
being a VM? Am I conceptualizing the differences correctly?

------
me551ah
How does this compare to WSL 2 on windows? Launching WSL based linux distros
is a breeze and they are lightweight due to lack of full virtualization
overhead. Since these use Hyper-V/VBox I'm guessing they would be heavier.

------
ridruejo
Looks pretty nice and reminds me of Docker desktop. Are there any plans to
make it easy to consume other non Ubuntu vms? We built something similar for
Mac for Bitnami VMs and would be great to extend it to Windows and Linux

------
thepill__
Might be naiv, but why not just run a docker container? Or am i missing
something?

~~~
freedomben
Depends what you are doing. Docker is just containers so shares the host
kernel, and isn't quite as secure as a VM. This actually spins up guest VMs
running their own kernel, isolated via hypervisor.

If you are running anything that requires kernel changes, containers won't
really work (there are ways around it but I feel it's hacky. I could be
convinced however). If you're running potentially evil software, VM is also
much more the way to go.

------
sneak
Docker Desktop for Mac and Windows is not free software; it is proprietary and
closed source. I am glad to see something like this (which is free software)
being made available as an alternative.

------
unameit
on my mac when i type in 'multipass stop ubuntu-lts' the system shuts down
instantly and i had to reboot. pretty cool software though.

------
syntaxing
Can anyone explain what "mini-cloud" means? I searched for it online and can't
seem to find anything that relates to it.

------
AlexeyBrin
How can I start a http server in a multipass instance and access it from the
host ? Is this even possible ?

~~~
simosx
This is a typical use-case scenario for using Multipass. You just use the IP
address of the Multipass VM on your browser at the host and it will work.

------
iudqnolq
Does this provide security? Can I use it to build and run untrusted old
software I download?

~~~
simosx
You get a virtual machine, so you can build and run untrusted software. If you
have very specific old software (for example, something that runs on Ubuntu
12.04 LTS), then you can install LXD inside a Multipass VM, and from LXD
create a system container with Ubuntu 12.04.

While Multipass supports LTS versions of Ubuntu and recent development
versions of Ubuntu, with LXD you get container images for many more versions
and other distributions. See the list at
[https://us.images.linuxcontainers.org/](https://us.images.linuxcontainers.org/)

~~~
moondev
I can't wait for all these images to be ported for lxd vm support!

------
elchin
How does this compare to Vagrant?

~~~
amanzi
At first glance it seems to be much simpler, less complex, and therefore less
features than Vagrant. Depending on your requirements, Vagrant may be a better
option, but for me Multipass looks great.

~~~
moondev
All that is missing for me is a active library of machine images like vagrant
cloud. That would be amazing!

~~~
amanzi
Looks like it supports launching custom images, but you'd need to build up
your own library of images.

[https://multipass.run/docs/launch-command](https://multipass.run/docs/launch-
command)

------
iamwpj
I've used vagrant for a few years -- this looks like it might be a little
better!

------
keyle
Is this some sort of OKD/OpenShift alternative?

------
captn3m0
What exactly is it?

>A mini-cloud on your Mac or Windows workstation.

doesn't really mean anything to me.

~~~
dsamarin
"Instant Ubuntu VMs" means something to me.

------
johnklos
Cloud? You keep using that word. I do not think it means what you think it
means.

~~~
stephenr
It means something whispy that looks nice from far away but you can’t actually
touch and it will disappear at a moments notice ;-)

