I am trying to use vagrant as a way of provisioning virtual machines (setting IP addresses, resources, etc) but I am also trying to decouple vagrant's dependency on ansible i.e. I just want to use vagrant to do a one-time provision using ansible where my own authorized user is set up, secure it, and then use Ansible separately to do further provisioning on these virtual machines. Then I still want to use vagrant (maybe there's better way for this) to bring up/down/suspend/destroy virtual machines using vagrant.
This is what I have so far:
vagrant up
- Create fresh VM instance using a vagrant box
builtin provisioner BP
that is run during vagrant up
- Add my new user (let's say
ansibleuser
) - Add my own public key to
ansibleuser's
.ssh
so thatansibleuser
can only login via private key (and disable password login accordingly). - Modify
/etc/sudoers
for passwordless sudo - [Doesn't currently work] Delete
vagrant
user, and change root password to make root inaccessible
The problems
I can't delete the
vagrant
user during theBP
provisioner because the provisioner is logged in as that user. I need to have a different provisioner run as a different user (ansibleuser
) to delete vagrant. Is there a better way to do this with a first-and-one-timevagrant up
commandIf I do
vagrant halt
and thenvagrant up
again, the process never completes because it tries to ssh as vagrant and getsWarning: Authentication failure. Retrying...
and it can't successfully "bring it up". Is there a way around that. A possible workaround would be to specify the user inconfig.ssh
but that there would need to be some conditional check depending on when I am invokingvagrant up
How can I solve the two problems? Is there a better way to do what I am trying to accomplish? Is there a better way to provision a secure and bare bones virtual machine with ssh set up so that I can use ansible to do whatever additional provisioning I want? I really like how easy it is to configure the virtual machine using a vagrant file i.e setting up shared_folders
, configuring CPU/RAM
resources, creating virtual NICs.