[Fedora-spins] [spin-kickstarts/f22] tested refinements to non-atomic vagrant

Matthew Miller mattdm at fedoraproject.org
Mon Apr 6 18:08:25 UTC 2015 

commit e171dabdc57d208b08a5fca5351989ccf50197a7
Author: Ian McLeod <imcleod at redhat.com>
Date:   Wed Apr 1 22:15:39 2015 -0500

    tested refinements to non-atomic vagrant

 fedora-cloud-base-vagrant.ks |   29 +++++++++++++++++++++++++++++
 1 files changed, 29 insertions(+), 0 deletions(-)
---
diff --git a/fedora-cloud-base-vagrant.ks b/fedora-cloud-base-vagrant.ks
index 6cf04ca..38d54fa 100644
--- a/fedora-cloud-base-vagrant.ks
+++ b/fedora-cloud-base-vagrant.ks
@@ -5,8 +5,31 @@
 
 services --disabled=cloud-init,cloud-init-local,cloud-config,cloud-final
 
+# So, to be clear, this gaping security hole is an integral part of how
+# Vagrant works - These images are _not_ supposed to be run in any public-
+# Internet facing way - They are for use on developer setups, almost always
+# with NAT
 user --name=vagrant --password=vagrant
 
+# Suggestion from @purpleidea that most/many vagrant boxes also set root PW
+# to "vagrant" for ease of use.  Again, see comments above.
+rootpw vagrant
+
+# The addition of the net.ifnames=0 and biosdevnames=0 option ensures that
+# even on VirtualBox virt, we get a primary network device with "eth0" as the name
+# This simplifies things and allows a single disk image for both supported Vagrant
+# platforms (virtualbox and kvm)
+bootloader --timeout=1 --append="no_timer_check console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0" --extlinux
+
+%packages
+# The default koji Vagrantfile configuration uses rsync to sync files between
+# the vagrant host and the guest.  It uses yum to verify that rsync is present
+# and/or install it if it is not.  It will fail without adding the yum compat
+# layer for dnf
+# TODO: Teach vagrant about dnf
+dnf-yum
+%end
+
 %post --erroronfail
 
 # Work around cloud-init being both disabled and enabled; need
@@ -24,5 +47,11 @@ EOKEYS
 chmod 600 ~vagrant/.ssh/authorized_keys
 chown -R vagrant:vagrant ~vagrant/.ssh/
 
+# Further suggestion from @purpleidea (James Shubin) - extend key to root users as well
+mkdir -m 0700 -p /root/.ssh
+cp /home/vagrant/.ssh/authorized_keys /root/.ssh/authorized_keys
+chmod 600 /root/.ssh/authorized_keys
+chown -R root:root /root/.ssh
+
 %end

More information about the spins mailing list