hardpass-vm 0.3.1

A small, reliable Ubuntu cloud-image VM manager built on QEMU.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

# Hardpass

`hardpass` is a small Rust CLI for managing local Ubuntu cloud-image VMs with QEMU.

It exists for people who want a simpler, more predictable local VM workflow than Multipass:
- macOS and Linux hosts
- Ubuntu guest images only
- host-native guest architecture by default, with optional cross-architecture TCG emulation
- QEMU user networking
- stable per-VM SSH port forwarding

## Commands

- `doctor` checks for required local tools and firmware.
- `image prefetch` downloads and verifies a cloud image into the local cache.
- `create` creates a named VM.
- `start` boots a named VM and waits for SSH.
- `stop` gracefully stops a named VM.
- `delete` stops and removes a named VM.
- `list` shows known VMs.
- `info [--json]` prints VM details.
- `ssh` opens an interactive SSH session.
- `exec` runs a remote command over SSH.

## Install

From crates.io:

```bash
cargo install hardpass-vm
```

That installs the `hp` executable.

From the GitHub repository:

```bash
cargo install --git https://github.com/peterdelevoryas/hardpass
```

From a local checkout:

```bash
cargo install --path .
```

That installs `hp` into Cargo's bin directory so the examples below can be run directly.

## Quick Start

```bash
hp doctor
hp image prefetch
hp create dev
hp start dev
hp list
hp info dev
hp ssh dev
hp exec dev -- uname -a
hp stop dev
hp delete dev
```

`create` defaults to Ubuntu `24.04` on the host-native guest architecture with `2` vCPUs, `8192` MiB RAM, and a `16` GiB disk. You can override VM size, acceleration, guest arch, and forwarding when needed:

```bash
hp create test \
  --release 24.04 \
  --cpus 4 \
  --memory-mib 16384 \
  --disk-gib 100 \
  --forward 8080:8080

hp start test
```

Use `--accel tcg` when you want slower emulated guests, including cross-architecture experiments such as `--arch amd64` on an arm64 host.

If you want to warm the image cache before the first VM boot:

```bash
hp image prefetch
hp image prefetch --release 24.04 --arch amd64
```

Use `info --json` when another tool needs machine-readable state:

```bash
hp info dev --json
```

The JSON payload includes `ssh.alias`, so other tools can discover the SSH alias directly.

## State and SSH

Hardpass stores state under `~/.hardpass` by default. Set `HARDPASS_HOME` if you want a different root.

When using the default `~/.hardpass` root, Hardpass automatically:

- adds `Include ~/.hardpass/ssh/config` to `~/.ssh/config`
- rewrites `~/.hardpass/ssh/config` to match the current VM aliases

Each VM name becomes an SSH alias with the stored loopback port and identity file:

```bash
ssh dev
```

With the default `~/.hardpass` root, `hp create` and `hp delete` keep the alias file up to date automatically.

## Host Requirements

- `qemu-img`
- `qemu-system-x86_64` or `qemu-system-aarch64`
- `ssh`
- `ssh-keygen`
- Linux hosts need `/dev/kvm` for `--accel auto` or `--accel kvm`; `--accel tcg` is also supported but slower
- AArch64 hosts also need discoverable UEFI firmware for QEMU

Run `hp doctor` to confirm the local environment before creating a VM.

## Security Notes

- SSH connections disable host key checking and known-host persistence for loopback convenience.
- The default cloud-init config creates an `ubuntu` user with passwordless sudo.
- Guest networking uses QEMU user networking, not bridged networking.

## Testing

```bash
cargo fmt --check
cargo clippy --all-targets -- -D warnings
cargo test
```

The real-QEMU integration smoke test is opt-in:

```bash
HARDPASS_REAL_QEMU_TEST=1 cargo test --test library_api_smoke -- --ignored
```

The heavier GitHub Actions e2e test is also opt-in locally on macOS and Linux hosts:

```bash
HARDPASS_REAL_QEMU_TEST=1 cargo test --test e2e_vm_stress -- --ignored --nocapture
```

Both real-QEMU tests use the current `HOME` and the normal Hardpass state at `~/.hardpass`, so they share the default image cache and exercise the same SSH-config behavior a user would get in CI. While they run, you can inspect them with ordinary `cargo run -- list`, `cargo run -- info <name>`, and `cargo run -- ssh <name>`.

In GitHub Actions, the e2e workflow requires `/dev/kvm` and intentionally fails instead of falling back to TCG.

Set `HARDPASS_E2E_PROFILE=stress` to run the 2-VM profile locally.