⚠️ This content has been written a long time ago. As such, it might not reflect my current thoughts anymore. I keep this page online because it might still contain valid information.

Installing Vagrant in a restricted environment

2022-04-19 // I proofread this article and fixed some links.

Lately, I had to install Vagrant in a restricted environment. By that, I mean an infrastructure with restricted permissions for our users, disk quotas, NFS volumes and a stable operating system: Debian Squeeze32. This work has been done in collaboration with the sysadmin of my University.

Installation

At the time of writing, Vagrant needs VirtualBox 4.0 or upper, but the latest VirtualBox version available for Debian stable is 3.2.10 OSE. Fortunately, Debian Backports provide VirtualBox 4.0.x:

# /etc/apt/sources.list
deb http://backports.debian.org/debian-backports squeeze-backports main

Installing VirtualBox becomes easy:

apt-get -t squeeze-backports install virtualbox virtualbox-dkms

The virtualbox-dkms package is required to compile the module. If you want a graphical user interface, you should install virtualbox-qt too.

Also, if you use a virtualization solution (KVM for instance), you should unload its module (rmmod(8) is your friend).

Now, let’s install Vagrant. Last stable version is 1.0.5, and you can find packages at: downloads.vagrantup.com/tags/v1.0.5 (this link no longer works).

wget http://files.vagrantup.com/packages/be0bc66efc0c5919e92d8b79e973d9911f2a511f/vagrant_1.0.5_i686.deb
dpkg -i vagrant_1.0.5_i686.deb

Customizing the default directories

As I said in the introduction, users have disk quotas (500Mo) and they can’t easily use Vagrant for two reasons:

  • VirtualBox stores its VMs in ~/VirtualBox VMs/ by default
  • Vagrant stores its boxes in ~/.vagrant.d/ by default

The solution is to change these two directories. Thanksfully, Vagrant provides a VAGRANT_HOME environment variable. You can easily change the default Vagrant directory with:

export VAGRANT_HOME=/path/to/vagrant

In our case, we used /usr/local/vagrant as the main Vagrant directory and we set it for all users. That allowed us to import a set of boxes for our users.

Let’s do the same thing for VirtualBox! Err… no. There is no environment variable defined for VirtualBox but we can still configure VirtualBox using vboxmanage:

vboxmanage setproperty machinefolder /path/to/virtualbox

VBoxManage setproperty is useful to change global settings. The command above changes the default machine folder (~/VirtualBox VMs by default).

We created a tiny shell script named vagrant, located in the PATH of our users, to run this command and then forward the other arguments to Vagrant. The reason is quite simple, there is no way to run VBoxManage using Vagrant before everything else. I opened an issue for that (see: #1247).

To avoid conflicts, you can use $USER to define a machine folder per user:

vboxmanage setproperty machinefolder "/usr/local/virtualbox/$USER"

So far so good, our users can run Vagrant to install VMs.

The initramfs prompt (of death)

We tried the lucid32 Vagrant box, which is an official box, but that didn’t work. This was an issue related to the box itself. VirtualBox couldn’t boot it and an initramfs prompt was displayed. Most of the time, this prompt appears because no disk can be found.

That’s why we tried to change the disk controller. We removed the SATA controller and attached the disk to the IDE controller. With this configuration, we were able to boot the image, and to log in. This has been reported as well.

The “fix” was to switch from a SATA controller to an IDE controller. Then again, it can be done using VBoxManage:

vboxmanage storagectl <UUID> --name "SATA Controller" --remove
vboxmanage storageattach <UUID> --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium /path/to/box-disk1.vmdk

Vagrant provides a way to customize a VM thanks to the config.vm.customize parameter:

config.vm.customize ["modifyvm", :id, "--memory", 1024]

However, we decided to patch the boxes instead of using this parameter. One reason was that we didn’t know how to get the path to the vmdk file.

We were able to boot a lucid32 VM but a new issue appeared: NFS. In order to share the current working directory with the VM, we used this configuration in the Vagrantfile:

config.vm.share_folder("v-root", "/vagrant", ".", :nfs => true)

It worked fine without NFS set to true but it was quite slow. Thus, NFS was a requirement.

The surprise

I dug into the code to understand how NFS was managed and why it was asking for admin credentials. I was really suprised while reading the code. There was no way to configure Vagrant to control the NFS part and, sadly, it was asking the root password because of a call to sudo su root.

There is no way to give the root password to our users (mainly students). We ended up patching Vagrant to use exportfs and a shell script to perform sed. nfsd is always up so there is no need to restart it and exportfs does a decent job. Since /etc is not writable for everyone, we used a shell script to change the content of /etc/exports using a simple sed -i -e. Now, both commands are sudoable.

And, that’s it! Our users can use Vagrant as usual.

Useful tips

Debugging Vagrant can be really useful, especially when you start playing with VM customization. To enable logging, use the VAGRANT_LOG environment variable:

VAGRANT_LOG=INFO vagrant up

Hardware virtualization should be enabled if you want to run 64-bit VMs on a 32-bit host. The VirtualBox documentation isn’t super clear about that in the chapter about hardware vs software virtualization.

Conclusion

Vagrant needs some improvements to be more easily configurable and a bit safer in my opinion. However, workarounds exist. In the end, Vagrant is a great tool and it just works!

Feel free to fork and edit this post if you find a typo, thank you so much! This post is licensed under the Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Recent articles

Comments

No comments here. You can get in touch with me on Mastodon or send me an email if you prefer.