Vagrant
###Intro for starters:
Plugins or “providers” & OpenNebula
Template Requirements (Default key, User, PW)
What needs to be adjusted in a ONE template to be a proper Vagrant Box.
What’s rarely mentioned, you are also supposed to set root pw to “linux”. Should you chose to do that, make sure that VNC is protected!
SSH settings
Not all settings work reliably, i.e. agent forwarding. Keep that in mind if you try out some.
patch skytap (retry)
There’s a big issue when SSH gets back a net unreachable (seems this is in NAT scenarios). Vagrant doesn’t have any working error handling for this. Use the following plugin and overload the builtin one in action.rb (see my slides for that!)
- https://github.com/mitchellh/vagrant-aws/issues/74
- http://www.rubydoc.info/gems/vagrant-skytap/0.1.8/VagrantPlugins/Skytap/Action/WaitForCommunicator
Networking
How to NAT?
http://lists.opennebula.org/pipermail/users-opennebula.org/2013-November/042655.html
Easy NATting with a dedicated bridge. This means the VM’s stay a bit more “private” like a normal VirtualBox VM. Don’t go crazy with adding port forwards though, instead use a VPN, see next step.
With a VPN
https://wiki.debian.org/OpenVPN
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
Don’t forget to push your route or set it up in the VPN Client.
Importing Template (vboxmanage!)
A base “feature” of Vagrant which devs loved it for is being able to download insecure, untested and dangerous images off the internet. This is not easily possible - we just give them a template name/ID but we don’t allow downloading images.
But ACTUALLY it would be possible. The boxes are just Virtualbox images so one could download them on the Frontend, mount them & install ONE-context.
An example can be found here:
https://github.com/kraksoft/vagrant-box-debian/releases/download/8.1.0/debian-8.1.0-amd64.box ?
If you want to support your devs’ workflow you might as well go the full way and make a tool for them to download the box on the server & try to autoconvert it.
(don’t make them SCP around, it’s supposed to be FASTER after all)
Personally, I don’t want to use any of those premade images.
SSHFS
- sshfs forward and remote (sftp)
https://fedoramagazine.org/vagrant-sharing-folders-vagrant-sshfs/ - sshfs remote host + key
https://github.com/dustymabe/vagrant-sshfs#options-specific-to-arbitrary-host-mounting - sshfs + user home chroot
This is a suggestion: If you SSHFS-mount a special fileserver, you can chroot the users on it so the Vagrant access gets really limited to what everyone wants to see in their own VMs.
Open Topics
Naming conventions (how to differentiate vagrant and normal images)!
I think the safest way is to make the images as hybrids, but you would need to make sure the “vagrant insecure SSH key” is only active IF the VM was created using a Vagrant user!
Otherwise it would not be replaced by a safe one!
Conflicts with one-context
- don’t set your hostname twice
- check your VM’s /etc/hosts is fine
other plugins
- Vagrant --provider flag?
http://lists.opennebula.org/pipermail/users-opennebula.org/2014-July/045612.html
issues
http://lists.ceph.com/pipermail/users-opennebula.org/2013-December/043159.html
(can’t use spaces!)