From 5321f058896fbc97c01a7c4e6ab90dd1b491e09c Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Thu, 25 Jul 2024 17:59:41 +0530
Subject: [PATCH 1/4] EC2: Add config option 'EC2_HYPERVISOR_URI'

---
 content/en/references/configuration.md | 1 +
 content/en/user-guide/aws/ec2/index.md | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/content/en/references/configuration.md b/content/en/references/configuration.md
index 3fe31681b3..827c4fa3a8 100644
--- a/content/en/references/configuration.md
+++ b/content/en/references/configuration.md
@@ -147,6 +147,7 @@ This section covers configuration options that are specific to certain AWS servi
 | `EC2_DOCKER_INIT` | `0`\|`1` (default) | Start container instances with docker-init system, learn more [here](https://docs.docker.com/reference/cli/docker/container/run/#init). Disable this if you want to use a custom init system. |
 | `EC2_DOWNLOAD_DEFAULT_IMAGES` | `0`\|`1` (default) | At startup, LocalStack Pro downloads latest Ubuntu images from Docker Hub for use as AMIs. This can be disabled for security reasons. |
 | `EC2_EBS_MAX_VOLUME_SIZE` | `1000` (default) | Maximum size (in MiBs) of user-specified EBS block devices mounted into EC2 container instances. |
+| `EC2_HYPERVISOR_URI` | `qemu:///system` (default) | [Libvirt connection URI](https://libvirt.org/uri.html#remote-uris) that indicates the hypervisor host |
 | `EC2_MOUNT_BLOCK_DEVICES` | `1`\|`0` (default) | Whether to create and mount user-specified EBS block devices into EC2 container instances. |
 | `EC2_REMOVE_CONTAINERS` | `0`\|`1` (default) | Controls whether created Docker containers are removed at instance termination or LocalStack shuts down. Disable this if there is a need to examine the container filesystem for debugging. |
 | `EC2_VM_MANAGER` | `docker`(default)\|`libvirt`\|`mock` | Emulation method to use in LocalStack Pro. This option is not available in LocalStack community. |
diff --git a/content/en/user-guide/aws/ec2/index.md b/content/en/user-guide/aws/ec2/index.md
index e5d23ff54a..3ebc33da57 100644
--- a/content/en/user-guide/aws/ec2/index.md
+++ b/content/en/user-guide/aws/ec2/index.md
@@ -426,7 +426,7 @@ You may also need to enable virtualization support at hardware level.
 This is often labelled as 'Virtualization Technology', 'VT-d' or 'VT-x' in UEFI/BIOS setups.
 {{< /callout >}}
 
-LocalStack requires the Libvirt socket on the host to be mounted inside the container.
+If the Docker host and Libvirt host is the same, the Libvirt socket on the host to be mounted inside the LocalStack container.
 This can be done by including the volume mounts when the LocalStack container is started.
 If you are using the [Docker Compose template]({{< ref "installation#starting-localstack-with-docker-compose" >}}), include the following line in `services.localstack.volumes` list:
 
@@ -440,8 +440,10 @@ If you are using [Docker CLI]({{< ref "installation#starting-localstack-with-doc
 -v /var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock
 ```
 
+If you are using a remote Libvirt hypervisor, you can set the [`EC2_HYPERVISOR_URI`]({{< ref "configuration#ec2" >}}) config option with a connection URI.
+
 The Libvirt VM manager currently does not have full support for persistence.
-Underlying virtual machines and volumes are not persisted, instead only their mock respresentations are.
+Underlying virtual machines and volumes are not persisted, only their mock respresentations are.
 
 ### AMIs
 

From 3b483ecba078eb6fed088847fb3d257a8219daa7 Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Thu, 25 Jul 2024 18:01:06 +0530
Subject: [PATCH 2/4] Fix typo

---
 content/en/user-guide/aws/ec2/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/en/user-guide/aws/ec2/index.md b/content/en/user-guide/aws/ec2/index.md
index 3ebc33da57..63e0077d08 100644
--- a/content/en/user-guide/aws/ec2/index.md
+++ b/content/en/user-guide/aws/ec2/index.md
@@ -426,7 +426,7 @@ You may also need to enable virtualization support at hardware level.
 This is often labelled as 'Virtualization Technology', 'VT-d' or 'VT-x' in UEFI/BIOS setups.
 {{< /callout >}}
 
-If the Docker host and Libvirt host is the same, the Libvirt socket on the host to be mounted inside the LocalStack container.
+If the Docker host and Libvirt host is the same, the Libvirt socket on the host must be mounted inside the LocalStack container.
 This can be done by including the volume mounts when the LocalStack container is started.
 If you are using the [Docker Compose template]({{< ref "installation#starting-localstack-with-docker-compose" >}}), include the following line in `services.localstack.volumes` list:
 

From b6656fa1edd63697439a3c5d2e4f0433986811cb Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Thu, 25 Jul 2024 18:03:40 +0530
Subject: [PATCH 3/4] Note about only supporting the QEMU driver

---
 content/en/references/configuration.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/en/references/configuration.md b/content/en/references/configuration.md
index 827c4fa3a8..d379433933 100644
--- a/content/en/references/configuration.md
+++ b/content/en/references/configuration.md
@@ -147,7 +147,7 @@ This section covers configuration options that are specific to certain AWS servi
 | `EC2_DOCKER_INIT` | `0`\|`1` (default) | Start container instances with docker-init system, learn more [here](https://docs.docker.com/reference/cli/docker/container/run/#init). Disable this if you want to use a custom init system. |
 | `EC2_DOWNLOAD_DEFAULT_IMAGES` | `0`\|`1` (default) | At startup, LocalStack Pro downloads latest Ubuntu images from Docker Hub for use as AMIs. This can be disabled for security reasons. |
 | `EC2_EBS_MAX_VOLUME_SIZE` | `1000` (default) | Maximum size (in MiBs) of user-specified EBS block devices mounted into EC2 container instances. |
-| `EC2_HYPERVISOR_URI` | `qemu:///system` (default) | [Libvirt connection URI](https://libvirt.org/uri.html#remote-uris) that indicates the hypervisor host |
+| `EC2_HYPERVISOR_URI` | `qemu:///system` (default) | [Libvirt connection URI](https://libvirt.org/uri.html#remote-uris) that indicates the hypervisor host. Only QEMU drivers are supported at this time. |
 | `EC2_MOUNT_BLOCK_DEVICES` | `1`\|`0` (default) | Whether to create and mount user-specified EBS block devices into EC2 container instances. |
 | `EC2_REMOVE_CONTAINERS` | `0`\|`1` (default) | Controls whether created Docker containers are removed at instance termination or LocalStack shuts down. Disable this if there is a need to examine the container filesystem for debugging. |
 | `EC2_VM_MANAGER` | `docker`(default)\|`libvirt`\|`mock` | Emulation method to use in LocalStack Pro. This option is not available in LocalStack community. |

From 483678981512d42b53d878beb7511593a4c4af0c Mon Sep 17 00:00:00 2001
From: Viren Nadkarni <viren.nadkarni@gmail.com>
Date: Fri, 26 Jul 2024 17:18:39 +0530
Subject: [PATCH 4/4] Add workaround for network access to LS from VM

---
 content/en/user-guide/aws/ec2/index.md | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/content/en/user-guide/aws/ec2/index.md b/content/en/user-guide/aws/ec2/index.md
index 63e0077d08..9e6682997a 100644
--- a/content/en/user-guide/aws/ec2/index.md
+++ b/content/en/user-guide/aws/ec2/index.md
@@ -265,7 +265,7 @@ The execution log is generated at `/var/log/cloud-init-output.log` in the contai
 ### Networking
 
 {{< callout "note" >}}
-Network access to EC2 instance is not possible on macOS.
+Network access from host to EC2 instance containers is not possible on macOS.
 This is because Docker Desktop on macOS does not expose the bridge network to the host system.
 See [Docker Desktop Known Limitations](https://docs.docker.com/desktop/networking/#known-limitations).
 {{< /callout >}}
@@ -545,6 +545,29 @@ You can then use a compatible VNC client (e.g. [TigerVNC](https://tigervnc.org/)
 Currently all instances are behind a NAT network.
 Instances can access the internet but are inaccessible from the host machine.
 
+It is possible to allow network access to the LocalStack container from within the virtualised instance.
+This is done by configuring the Docker daemon to use the KVM network.
+Use the following configuration at `/etc/docker/daemon.json` on the host machine:
+
+```json
+{
+  "bridge": "virbr0",
+  "iptables": false
+}
+```
+
+Then restart the Docker daemon:
+
+{{< command >}}
+$ sudo systemctl restart docker
+{{< /command >}}
+
+You can now start the LocalStack container, obtain its IP address and use it from the virtualised instance.
+
+{{< command >}}
+$ docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' localstack_main
+{{< /command >}}
+
 ### Elastic Block Stores
 
 LocalStack clones the AMI into an EBS volume when the instance is initialised.