commit 1564226c334da60cf97349af90e22c3c047e2a8a Author: Ian McLeod imcleod@redhat.com Date: Wed Apr 1 22:15:39 2015 -0500

tested refinements to non-atomic vagrant

fedora-cloud-base-vagrant.ks | 29 +++++++++++++++++++++++++++++ 1 files changed, 29 insertions(+), 0 deletions(-) --- diff --git a/fedora-cloud-base-vagrant.ks b/fedora-cloud-base-vagrant.ks index 6cf04ca..38d54fa 100644 --- a/fedora-cloud-base-vagrant.ks +++ b/fedora-cloud-base-vagrant.ks @@ -5,8 +5,31 @@

services --disabled=cloud-init,cloud-init-local,cloud-config,cloud-final

+# So, to be clear, this gaping security hole is an integral part of how +# Vagrant works - These images are _not_ supposed to be run in any public- +# Internet facing way - They are for use on developer setups, almost always +# with NAT user --name=vagrant --password=vagrant

+# Suggestion from @purpleidea that most/many vagrant boxes also set root PW +# to "vagrant" for ease of use. Again, see comments above. +rootpw vagrant + +# The addition of the net.ifnames=0 and biosdevnames=0 option ensures that +# even on VirtualBox virt, we get a primary network device with "eth0" as the name +# This simplifies things and allows a single disk image for both supported Vagrant +# platforms (virtualbox and kvm) +bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0" --extlinux + +%packages +# The default koji Vagrantfile configuration uses rsync to sync files between +# the vagrant host and the guest. It uses yum to verify that rsync is present +# and/or install it if it is not. It will fail without adding the yum compat +# layer for dnf +# TODO: Teach vagrant about dnf +dnf-yum +%end + %post --erroronfail

# Work around cloud-init being both disabled and enabled; need @@ -24,5 +47,11 @@ EOKEYS chmod 600 ~vagrant/.ssh/authorized_keys chown -R vagrant:vagrant ~vagrant/.ssh/

+# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well +mkdir -m 0700 -p /root/.ssh +cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys +chmod 600 /root/.ssh/authorized_keys +chown -R root:root /root/.ssh + %end