VM Management¶
Compute providers manage virtual machines through the vm.Manager interface. The production implementation uses Lima (Linux virtual machines via QEMU) to create isolated Ubuntu 24.04 VMs with SSH access. VMs are provisioned on lease acceptance and torn down on settlement. Boot time is approximately 21 seconds from lease acceptance to a running VM with SSH.
Manager interface¶
type Manager interface {
Provision(leaseHash string, res Resources, accessPubKey string) (*Info, error)
Teardown(leaseHash string) error
Exec(leaseHash string, command string) (*ExecResult, error)
DialSSH(leaseHash string) (net.Conn, error)
Get(leaseHash string) (*Info, error)
List() []*Info
}
| Method | Description |
|---|---|
Provision |
Create and start a VM with the specified resources. Injects the consumer's SSH public key via cloud-init. Returns VM info including the SSH local port. |
Teardown |
Stop and delete the VM via limactl delete --force. Called automatically on lease settlement. |
Exec |
Execute a shell command inside the VM via limactl shell. Returns exit code, stdout, and stderr. |
DialSSH |
Open a TCP connection to the VM's SSH port on localhost. Used by the tunnel protocol to proxy SSH sessions from remote consumers. |
Get |
Retrieve the current state of a VM by lease hash from the in-memory map. |
List |
Return all VMs managed by this provider. |
Lima implementation¶
The LimaManager (vm/lima_manager.go) manages QEMU-based VMs using the limactl CLI tool from the Lima project.
Architecture¶
xe-node process (provider)
│
├── LimaManager
│ ├── limactl create (from YAML template)
│ ├── limactl start (boots QEMU VM)
│ ├── limactl shell (exec commands)
│ └── limactl delete --force (teardown)
│
└── QEMU processes (one per active lease)
├── xe-<leaseHash[:12]> → Ubuntu 24.04 VM
└── xe-<leaseHash[:12]> → Ubuntu 24.04 VM
Initialisation¶
When a provider node starts with --provide, the LimaManager is created:
- LIMA_HOME is set to
{dataDir}/lima— all VM state, disk images, and sockets live here - Template directory is
{dataDir}/lima-templates— YAML templates are written here beforelimactl create - Images directory is
{dataDir}/images— the Ubuntu cloud image is cached here - On startup,
limactl --versionis executed to verify the tool is available - If the Ubuntu cloud image is not present locally, it is downloaded automatically from the upstream Ubuntu cloud images server (~600 MB)
- The manager logs the Lima version and advertised resource capacity
VM naming convention¶
VMs are named xe-{leaseHash[:12]} — the first 12 hex characters of the lease block hash. This keeps names short while avoiding collisions. For example, lease hash 6226fb52501a9052b533... creates a VM named xe-6226fb52501a.
Provision flow¶
When Provision(leaseHash, resources, accessPubKey) is called:
-
Convert access key — the
accessPubKey(ed25519 public key as 64-char hex string) is converted to SSHauthorized_keysformat. This is the consumer's key for SSH access to the VM. -
Render template — a Lima YAML template is generated referencing the local Ubuntu 24.04 cloud image with the requested resources and SSH key:
vmType: "qemu" images: - location: "file:///var/lib/xe-node/images/ubuntu-24.04-x86_64.img" arch: "x86_64" cpus: 1 memory: "512MiB" disk: "5GiB" mounts: [] containerd: system: false user: false provision: - mode: system script: | #!/bin/bash mkdir -p /root/.ssh && chmod 700 /root/.ssh echo '<ssh-ed25519 key>' >> /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config sed -i 's/#PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config systemctl restart sshdThe image is referenced via
file://from the local cache at{dataDir}/images/. SSH is pre-installed in the Ubuntu cloud image — the provision script only injects the consumer's key and restarts sshd. -
Write template — saved to
{dataDir}/lima-templates/{vmName}.yaml -
Create VM —
limactl create --name={vmName} {templatePath}uses the cached Ubuntu cloud image as a copy-on-write backing file (instant, no download) -
Start VM —
limactl start {vmName}boots QEMU with KVM acceleration. Ubuntu boots in ~15 seconds, cloud-init injects the SSH key, and Lima confirms SSH readiness. Total: ~21 seconds. -
Wait for SSH — polls
limactl list --jsonevery 2 seconds for up to 2 minutes until the VM reports an SSH port. This port is on127.0.0.1and is the tunnel target. -
Store state — the VM info (lease hash, SSH port, status, resources) is stored in the in-memory
vmsmap
Resource constraints¶
| Resource | Minimum | Default | Description |
|---|---|---|---|
| vCPUs | 1 | From lease | QEMU -smp parameter |
| Memory | 512 MiB | From lease | QEMU -m parameter |
| Disk | 5 GiB | From lease | QCOW2 disk image size |
If the lease requests less than the minimum, the minimum is used.
Teardown¶
When Teardown(leaseHash) is called (triggered by lease settlement):
- Execute
limactl delete --force {vmName}— this stops the QEMU process and removes all VM artifacts (disk, sockets, logs) - Delete the template file from
{dataDir}/lima-templates/ - Remove the entry from the in-memory
vmsmap
Command execution¶
Exec(leaseHash, command) runs commands inside the VM via Lima's shell mechanism:
Returns an ExecResult with:
- ExitCode — the command's exit code
- Stdout — captured standard output
- Stderr — captured standard error
SSH connection¶
DialSSH(leaseHash) opens a raw TCP connection to the VM's SSH port:
This is used by the tunnel protocol to proxy SSH sessions from remote consumers through libp2p streams to the VM's local SSH server.
Data types¶
Resources¶
type Resources struct {
VCPUs uint64 `json:"vcpus"`
MemoryMB uint64 `json:"memory_mb"`
DiskGB uint64 `json:"disk_gb"`
}
Info¶
type Info struct {
LeaseHash string `json:"lease_hash"`
Status string `json:"status"`
Resources *Resources `json:"resources,omitempty"`
CreatedAt int64 `json:"created_at"`
Error string `json:"error,omitempty"`
}
VM status values¶
| Status | Description |
|---|---|
provisioning |
VM is being created (limactl create/start in progress) |
running |
VM is active, SSH port is available, accepting commands and tunnel connections |
stopped |
VM has been torn down after lease settlement |
error |
VM encountered a fatal error during provisioning or execution |
ExecResult¶
type ExecResult struct {
ExitCode int `json:"exit_code"`
Stdout string `json:"stdout"`
Stderr string `json:"stderr"`
}
VM lifecycle¶
lease_accept confirmed
│
▼
┌──────────────┐ vm_credentials ┌──────────┐
│ Provision │ ──────────────────────►│ Consumer │
│ (limactl │ (direct msg) └──────────┘
│ create+start)│
└──────────────┘
│
▼
┌──────────────┐
│ Running │ ◄── SSH tunnel from consumer (via libp2p)
│ (Ubuntu VM) │ ◄── Exec commands via API or messaging
└──────────────┘
│
│ lease expires + settle
▼
┌──────────────┐
│ Teardown │
│ (limactl │
│ delete) │
└──────────────┘
- Provision — triggered by
autoAcceptLease()after thelease_acceptblock is confirmed (~21 seconds). Lima creates an Ubuntu 24.04 VM from the cached cloud image with the consumer's SSH key injected via cloud-init. - Credential delivery — the provider sends a
vm_credentialsdirect message to the consumer with the VM's SSH connection details. - Running — the consumer can access the VM via:
- SSH tunnel through the SSH gateway (remote access via libp2p)
- Exec API via
POST /vms/{lease}/exec(HTTP API) - Direct messaging via the
vm_execprotocol (libp2p)
- Teardown — triggered by
settleLease()after thelease_settleblock is confirmed. The VM is deleted and its resources freed.
VM access methods¶
SSH gateway (recommended)¶
The SSH gateway provides transparent remote access to VMs. The consumer connects via standard SSH:
The gateway authenticates using the AccessPubKey from the lease block, then tunnels the session through libp2p to the provider node, which proxies to the VM's local SSH server. See SSH Gateway & Tunnel Protocol for full details.
HTTP exec API¶
For programmatic access, the provider exposes an exec endpoint:
Response:
{
"exit_code": 0,
"stdout": "Linux lima-xe-6226fb52501a 6.8.0-106-generic #106-Ubuntu SMP ...\n",
"stderr": ""
}
Direct messaging (vm_exec)¶
Consumers can also execute commands via the libp2p messaging protocol:
Consumer Provider
│ │
│ vm_exec {lease, cmd} │
│──────────────────────────►│
│ │ verify consumer identity
│ │ limactl shell {vm} -- sh -c {cmd}
│ ExecResult {code, out} │
│◄──────────────────────────│
The provider node verifies the requesting peer owns the consumer account before executing.
Message handlers¶
The node registers VM-related message handlers:
| Message | Direction | Description |
|---|---|---|
identify |
Any | Returns the node's account address |
vm_credentials |
Provider → Consumer | Delivers VM SSH connection info after provisioning |
vm_exec |
Consumer → Provider | Executes a command in the VM via limactl shell |
vm_status |
Consumer → Provider | Returns current VM info |
Provider node flags¶
Providers enable compute leasing with the following CLI flags:
| Flag | Type | Default | Description |
|---|---|---|---|
-provide |
bool | false | Enable provider mode |
-vcpus |
int | 2 | Number of vCPUs available for leasing |
-memory |
int | 2048 | Memory in MB available for leasing |
-disk |
int | 20 | Disk in GB available for leasing |
-ssh-port |
int | 0 | SSH gateway listen port (0 = disabled) |
-limactl-path |
string | limactl | Path to limactl binary |
When -provide is set, the node:
- Initialises the
LimaManagerwith the configuredlimactlpath. - Sets up the tunnel protocol handler for incoming SSH tunnel requests.
- Advertises available resources via marketplace gossip every 5 minutes.
- Watches for incoming lease blocks every 5 seconds and automatically accepts them.
- Runs the
settleLoop()to auto-settle expired leases every 10 seconds.
Marketplace discovery¶
Providers and consumers find each other through the marketplace gossip topic (xe/marketplace):
- Consumer publishes a
ResourceRequestwith desired vCPUs, memory, disk, and duration. - Provider receives the request, checks available resources, and replies with a
ResourceOfferincluding the computed cost. - Consumer receives the offer and creates the lease block.
The entire negotiation happens over gossip before any on-chain blocks are created.
Infrastructure requirements¶
Lima uses QEMU as its virtualisation backend. The host must have:
- QEMU installed (
qemu-system-x86_64) - Lima installed (
limactlv1.0.6+) - KVM support — Lima requires
/dev/kvm(hardware virtualisation extensions: Intel VT-x or AMD-V). Hosts without KVM (most cloud VPS) cannot run Lima VMs. - KVM permissions — the
xeuser must be able to access/dev/kvm. Since pm2'suid/gidsetting drops supplementary groups, add a udev rule: - Non-root execution — Lima refuses to run as root. The node process must run as a non-root user (e.g., the
xeservice user). - Disk space — the Ubuntu cloud image is ~600 MB. Each running VM uses additional disk for its QCOW2 overlay (copy-on-write from the shared base image).
KVM requirement
Standard cloud VPS instances typically do not expose hardware virtualisation. Bare-metal servers or VPS with nested virtualisation enabled are required for Lima VM support. Without KVM, the lease lifecycle (creation, acceptance, attestation, settlement) still works — only the actual VM boot fails.