Creating a Vagrant base box: some important details

10 Nov 2015, by Pang Yan Han

Disclaimer: Opinions expressed on this blog are solely my own and do not express the views or opinions of my employer(s), past or present.

If you have not done this before

Instead of reinventing the wheel, I highly recommend that you read Nicholas Cerminara’s excellent tutorial titled “How to Create a Vagrant Base Box from an Existing One”.

Once you’ve done that, continue reading my post for some important details.

NOTE: Please finish reading this tutorial before you start creating your base box. You will be saving yourself a lot of time especially if you need to run a lot of provisioning scripts.

Some terminology

\( A \) - the box that we will be using to create the base box

\( B \) - the base box. This will be imported using vagrant box add so we can vagrant up and vagrant provision boxes based on it

\( C \) - a box that is based on the base box \( B \)

Before you create the Vagrant box

Before you use vagrant up to create box \( A \), ensure that you have this line of code into your Vagrantfile:

config.ssh.insert_key = false

If this line is not inside your Vagrantfile, I believe that Vagrant will generate an SSH keypair instead of using the default insecure keypair. If we provision box \( A \) using a generated SSH keypair instead of the insecure keypair, any box \( C \) that is based on base box \( B \) will encounter SSH connection issues during the vagrant up step.

After provisioning box \( A \) but before you do a vagrant package to create the base box \( B \)

Follow mtchavez’s advice here and run the following code as the vagrant user inside box \( A \):

wget -O .ssh/authorized_keys
chmod 700 .ssh
chmod 600 .ssh/authorized_keys
chown -R vagrant:vagrant .ssh

This will make the insecure public key an authorized key. I believe that by doing so, when we create boxes \( C \) based on the base box \( B \), Vagrant will be able to connect to box \( C \) via SSH, detect the presence of this insecure key and go on to generate a new SSH keypair - which is exactly what we want.

For a good explanation as to why you need to do all that

Read Rustem’s explanation.


comments powered by Disqus