Link List for Lab-ONE (Vagrant)


###Intro for starters:

Plugins or “providers” & OpenNebula

Template Requirements (Default key, User, PW)

What needs to be adjusted in a ONE template to be a proper Vagrant Box.

What’s rarely mentioned, you are also supposed to set root pw to “linux”. Should you chose to do that, make sure that VNC is protected!

SSH settings

Not all settings work reliably, i.e. agent forwarding. Keep that in mind if you try out some.

patch skytap (retry)

There’s a big issue when SSH gets back a net unreachable (seems this is in NAT scenarios). Vagrant doesn’t have any working error handling for this. Use the following plugin and overload the builtin one in action.rb (see my slides for that!)


How to NAT?
Easy NATting with a dedicated bridge. This means the VM’s stay a bit more “private” like a normal VirtualBox VM. Don’t go crazy with adding port forwards though, instead use a VPN, see next step.

With a VPN
Don’t forget to push your route or set it up in the VPN Client.

Importing Template (vboxmanage!)

A base “feature” of Vagrant which devs loved it for is being able to download insecure, untested and dangerous images off the internet. This is not easily possible - we just give them a template name/ID but we don’t allow downloading images.
But ACTUALLY it would be possible. The boxes are just Virtualbox images so one could download them on the Frontend, mount them & install ONE-context.

An example can be found here: ?

If you want to support your devs’ workflow you might as well go the full way and make a tool for them to download the box on the server & try to autoconvert it.
(don’t make them SCP around, it’s supposed to be FASTER after all)

Personally, I don’t want to use any of those premade images.


Open Topics

Naming conventions (how to differentiate vagrant and normal images)!

I think the safest way is to make the images as hybrids, but you would need to make sure the “vagrant insecure SSH key” is only active IF the VM was created using a Vagrant user!
Otherwise it would not be replaced by a safe one!

Conflicts with one-context

  • don’t set your hostname twice
  • check your VM’s /etc/hosts is fine

other plugins

(can’t use spaces!)

Other approaches

Normally Vagrant requires a pre-setup of the Vagrant user and SSH key (as described in the links above).
Today I learned about adding boot scripts in ONE and wondered if they can be used for this.

Turns out: Yes. Here’s a bootscript which should mostly work for CentOS/Debian/Ubuntu and sets up the important parts.
Just, please MAKE SURE you click “Encode Script in Base64”.

useradd vagrant
mkdir -p /home/vagrant/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key" >    /home/vagrant/.ssh/authorized_keys
chown -Rh vagrant: /home/vagrant
chmod -R 700 /home/vagrant
chmod 600 /home/vagrant/.ssh/authorized_keys
sed -i 's/#UseDNS.*yes/UseDNS no/' 's/.*GSSAPIAuthentication yes/GSSAPIAuthentication no/' /etc/ssh/sshd_config\
&& systemctl restart sshd

echo "%vagrant ALL=NOPASSWD:ALL" > /etc/sudoers.d/vagrant

If you find you need something more robust for this script, let me know.
One thing I know is that the UseDNS/GSSApi regex might not work on all distros, or the service name might differ. But for that case you can just slightly modify your scripts.
For now, I would say it is good enough, but there’s no warranties ever :slight_smile: