search

hashicorp / vagrant

Vagrant is a tool for building and distributing development environments.
https://www.vagrantup.com
Other
26.24k stars 4.44k forks source link

Not possible to run without Shared Network Adapter #8601

Closed noaho closed 6 years ago

noaho commented 7 years ago

Hi,

I have several use cases where I would like to run without a Shared Network Adapter. For example, I would like to model an isolated network segment where the VMs must connect through a router to get internet access. With a shared network interface, it doesn't matter if other private interfaces exist, the VM will always get internet access, and my tests will always pass, instead of going through the router VM. (and failing, if the router VM fails to provide internet).

Is it possible to remove the requirement of a Shared Network Adapter. I am happy to tie this to a requirement of providing an address where the VM can be contacted through the config.ssh.host option. If the VM can be contacted through config.ssh.host's IP address, I don't understand the requirement for a Shared Network adapter?

Thanks, Noah

Vagrant version

Vagrant 1.9.2

Host operating system

macOS 10.12.4

Guest operating system

Ubuntu 16.04

Expected behavior

I would like to be able to run a VM with only a Host-only network interface, and provide vagrant with an SSH IP.

Actual behavior

Shared network adapter was not found in your virtual machine configuration. It is required to communicate with VM and forward ports. Please check network configuration in your Vagrantfile.

srenfo commented 7 years ago

(Not a Vagrant dev, just a user)

Instead of removing the interface you can remove the default route. Run route -n on your guest and you'll see something like 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 enp0s3

were 10.0.2.2 (in my case) is the gateway VirtualBox provides by default on your "Shared Network Adapter" (here: enp0s3). I can remove the route with say route del default and add a new one with similar commands. Vagrant even has some fledgling support for this stuff built-in with :gateway and :use_dhcp_assigned_default_route which might work for you but was pretty much broken for us.

If removing the default route is not sufficient then there is a way to make Vagrant use an arbitrary interface. I'm hesitant to share the actual code because it relies on undocumented internal behavior i.e. Vagrant is free to break it in any future release. The gist of it is that (at least on our specific VirtualBox setup) Vagrant only requires that the SSH port forwarding rule be configured and that you can reconfigure the default adapter by setting adapter: 1 in the call to config.vm.network (or by using vbox.customize of course).

We use this hack because Vagrant's handling of such network setups is lacking and/or broken but it's slowly getting better, see for example #8591, #8575, #6768, #8059. I have my own thoughts on this issue but that's going way off topic for your issue at hand.

noaho commented 7 years ago

Would love to hear about your custom hacks.. I need the VM to be fully isolated (even from the local shared network interface) for my tests to work properly.

Eg, if my other vagrant VMs also require a shared network, then everything is on the one subnet, breaking the isolation and stopping me from testing that the router does it's job.

srenfo commented 7 years ago

Before you go down our route you could also use iptables to virtually shut off that interface. Or use ifdown or such. I'm stressing this because it'll likely make your life easier in the long run to work with Vagrant rather than to subvert it. ;)

I don't know what exactly you want to do so I'll give a few examples from our Vagrantfile. Note we use VirtualBox and that I've had to adapt some examples, so they're not tested verbatim.

You can reconfigure the "shared" interface by setting adapter: 1 like this:

node.vm.network "private_network", ip: "192.168.33.10", adapter: 1

or you can use vbox.customize to say configure it as a NAT adapter (which Vagrant currently won't let you do natively):

node.vm.provider "virtualbox" do |vbox|
    vbox.customize ["modifyvm", :id, "--nic1", "nat"]
end

If you just want to turn off the interface this should work:

node.vm.network "private_network", auto_config: false, adapter: 1

The adapter would still exist but would not be brought up by the guest, i.e. not be functional.

For Vagrant's SSH to work you'll want to set config.ssh.host as you mentioned. AFAICT Vagrant doesn't even care about the guest's IP address. Instead, it'll try to connect to host 127.0.0.1 (presumably) and port config.ssh.host. You need to make sure that port goes to the right place.

We have adapter 4 set up as NAT, make Vagrant go through that and repurpose adapter 1. The port forwarding is done as such:

node.vm.provider "virtualbox" do |vbox|
    vbox.customize ["modifyvm", :id, "--natpf4", "ssh,tcp,127.0.0.1," + node.ssh.port.to_s + ",,22"]
end

Prior to that we reconfigure adapter 1 as host-only, which doesn't support port forwarding. I assume VirtualBox removes Vagrant's port forwarding rule at that time. Depending on how you configure your adapter 1 you may have to delete the port forwarding rule manually. Check out VirtualBox's documentation for your specific needs.

chrisroberts commented 6 years ago

Hi there,

It looks like you can accomplish what you need without any modifications to Vagrant itself, so I'm going to close this up. Cheers!

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.