Creating a Vagrant base box: some important details

10 Nov 2015, by Pang Yan Han

If you have not done this before

Instead of reinventing the wheel, I highly recommend that you read Nicholas Cerminara’s excellent tutorial titled “How to Create a Vagrant Base Box from an Existing One”.

Once you’ve done that, continue reading my post for some important details.

NOTE: Please finish reading this tutorial before you start creating your base box. You will be saving yourself a lot of time especially if you need to run a lot of provisioning scripts.

Some terminology

\( A \) - the box that we will be using to create the base box

\( B \) - the base box. This will be imported using vagrant box add so we can vagrant up and vagrant provision boxes based on it

\( C \) - a box that is based on the base box \( B \)

Before you create the Vagrant box

Before you use vagrant up to create box \( A \), ensure that you have this line of code into your Vagrantfile:

config.ssh.insert_key = false

If this line is not inside your Vagrantfile, I believe that Vagrant will generate an SSH keypair instead of using the default insecure keypair. If we provision box \( A \) using a generated SSH keypair instead of the insecure keypair, any box \( C \) that is based on base box \( B \) will encounter SSH connection issues during the vagrant up step.

After provisioning box \( A \) but before you do a vagrant package to create the base box \( B \)

Follow mtchavez’s advice here and run the following code as the vagrant user inside box \( A \):

wget -O .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
chown -R vagrant:vagrant .ssh

This will make the insecure public key an authorized key. I believe that by doing so, when we create boxes \( C \) based on the base box \( B \), Vagrant will be able to connect to box \( C \) via SSH, detect the presence of this insecure key and go on to generate a new SSH keypair - which is exactly what we want.

For a good explanation as to why you need to do all that

Read Rustem’s explanation.


comments powered by Disqus