[]: {{{1
File : README.md
Maintainer : Felix C. Stegerman <flx@obfusk.net>
Date : 2013-06-12
[]: }}}1
This README describes how I created a precise64-flx vagrant base box. It is meant to be more secure and contain some useful tools.
You should still use a firewall on your host computer to prevent access to the forwarded ssh port of the VM.
This base box has 2 users: in addition to the vagrant user, there is an ubuntu user. You should login as the ubuntu user yourself, leaving the (less secure) vagrant user for vagrant only.
[]: {{{1
- Install virtualbox and vagrant.
- Download ubuntu-12.04.2-server-amd64.iso.
- Create a VM precise64-flx with 360MB ram, a 40 GB dynamic VMDK hdd, and everything unnecessary (like audio and usb) disabled.
- Install ubuntu on the VM in expert mode with user ubuntu and a decent password.
- Create a host-only network, add a host-only network adapter to the VM (temporarily).
vm$ sudo dhclient eth0
vm$ sudo aptitude install openssh-server
host$ VM='<ip-address-of-vm>'
host$ mkdir -p ~/tmp/vagrant/precise64-flx
host$ cd ~/tmp/vagrant/precise64-flx
host$ ssh-keygen -f key -C precise64 # create keypair
host$ ssh-copy-id -i key.pub ubuntu@$VM
host$ ssh-add key
host$ ssh ubuntu@$VM
[]: }}}1
[]: {{{1
$ sudo aptitude update && sudo aptitude safe-upgrade
$ sudo aptitude install virtualbox-guest-utils \
virtualbox-guest-x11-
$ sudo aptitude install build-essential byobu curl git grc htop \
tree vim
$ sudo aptitude install ruby1.9.1-full
$ sudo aptitude install puppet
$ sudo update-alternatives --config ruby
$ sudo update-alternatives --config editor
[]: }}}1
[]: {{{1
$ sudo aptitude install etckeeper
$ sudo vim /etc/etckeeper/etckeeper.conf # VCS=git
$ cd /etc
$ sudo etckeeper init
$ sudo git status
$ sudo git commit -m init
$ sudo git gc
[]: }}}1
[]: {{{1
$ mkdir -p ~/opt/src && cd ~/opt/src
$ git clone https://gist.github.com/4260039.git sh-config
$ git clone https://github.com/obfusk/dev-misc.git
$ cd
$ ln -s opt/src/dev-misc/screenrc .screenrc_
$ ln -s opt/src/dev-misc/vimrc .vimrc
$ vim -p .bashrc .profile # --> sh-config/ + LC_ALL=C
[]: }}}1
[]: {{{1
$ byobu-select-backend && byobu-ctrl-a
$ git config --global user.name ...
$ git config --global user.email ...
$ git config --global color.ui true
[]: }}}1
[]: {{{1
$ cd /etc/ssh
$ sudo vim sshd_config # PasswordAuthentication no
$ sudo git commit -m 'no password auth'
$ sudo service ssh restart
[]: }}}1
[]: {{{1
$ sudo adduser --system --group --shell /bin/bash \
--disabled-password vagrant
$ sudo visudo # vagrant ALL=(ALL) NOPASSWD: ALL
$ sudo -H -u vagrant bash -l
vagrant$ mkdir ~/.ssh && vim ~/.ssh/authorized_keys # add key.pub
host$ ssh vagrant@$VM sudo echo OK
[]: }}}1
Depending on your needs, install e.g. chef as well.
vm$ sudo aptitude clean
vm$ sudo poweroff
Now remove the temporary host-only network adapter from the VM.
host$ vagrant package --base precise64-flx \
--vagrantfile Vagrantfile --include key,key.pub
You may not want to include the Vagrantfile and/or private key in the box. If you do include the private key, be careful with file permissions -- maybe set a umask.
[]: {{{1
If you plan to share the base box with others, you should use a dummy password and create a dummy ssh keypair when creating the base box; share the dummy keypair and password along with the base box.
Before anyone (including you) uses the base box, they should change
the password and create a new keypair for themselves, then add it to
~/.ssh/authorized_keys for the ubuntu and vagrant users, replacing
the dummy key.
You should probably also regenerate your ssh host keys:
vm$ sudo rm /etc/ssh/ssh_host_*key*
vm$ sudo dpkg-reconfigure openssh-server
Now you can repackage the box, if you want to use it more than once:
host$ vagrant package \
--vagrantfile Vagrantfile --include key,key.pub
[]: }}}1
[]: ! ( vim: set tw=70 sw=2 sts=2 et fdm=marker : )
When using multiple network interfaces, you may need to edit
/etc/udev/rules.d/70-persistent-net.rules.