Provisioning in vagrant versus packer?

[prateepb]

Is there any particular rationale for doing most of the provisioning in the Vagrantfile instead of packer? I would have thought it made more sense to stick it all in packer so that vagrant can bring up a fully built box that is ready to go

[jbarnett-r7]

Yes, doing most of the work in Vagrant is intentional. The reasoning behind it is that we would eventually like the build to contain a lot of options. For example, we want it to be easy to only bring up select services or restrict certain ports using the firewall. You can see an example of the first steps of this in this PR.

Things that are essential to the box could be moved to Packer. Looking at the Windows VM, I actually would like chocolatey and boxstarter to be moved to the base box, but I ran into issues loading it up there. For some reason the .NET install that chocolatey performs would hang indefinitely when being provisioned in Packer, but when running through Vagrant it works fine. If a fix can be found for that issue we totally should move it over.

[prateepb]

Great. Thanks for the clarification. The option based provisioning you're suggesting may be better handled by Ansible or Puppet. Especially if the intention is to have this project support multiple operating systems. I'll raise a separate issue about that.

[ncharron]

Are you still interested in provisioning with packer? I have the .NET install working no problem as I've done it through the autounattend file and moved all the scripts to packer provisioning as it was the only way to get it to work with VMWare Fusion if you don't want to pay for the fusion provisioner license from vagrant. Unless I completely missed something about the vagrant fusion plugin...

And because you install .NET and chocolatey with the autounattend file, it also allows for the choco env vars to be available when you start your next scripts as those are then done with the normal packer provisioning which will have them available.

It also now allows you to build with different providers (so not stuck on virtualbox if you didn't want to) however I am still running into some issues with the iis setup but they are being worked on as we speak.

Let me know if you are still interested in moving provisioning to packer and I can ping you guys once it starts to work as intended.

[jbarnett-r7]

I think it would be really nice to move as much of the provisioning as possible to packer. This would make the vagrant up step very quick and allow you to get back to a base box very quickly. Please let us know if you are able to get it all working. I'd be more than happy to test it out when it's ready.

[ncharron]

Got it up and running however I really only tested it with vmware.

I did not incorporate it into your build_win2008.sh or build_win2008.ps1 yet.

To test it essentially use packer build -only=vmware-iso windows_2008_r2.json or in your case packer build -only=virtualbox-iso windows_2008_r2.json

Now mind you there is an extra windows restart in the provisioning section that may not be necessary. I used it because I was provisioning on the laptop and the wifi at the time may have been tricky and therefore crashing in the middle of the rails section, for some reason, putting it there seemed to have solved my issue. May not be needed for you however.

You can check it out here: https://github.com/ncharron/metasploitable3

Again this was also made to be able to se vmware for provisioning since (correct me if I am wrong) provisioning with vagrant on vmware requires a license.

I also had to modify some scripts because they gave me errors or would stall the process because a message box would popup.

The other thing to note is that it is still at "headless":false for debugging and "keep_input_artifact": true, for me that wanted to keep the vmware base box there since I can also use packer to modify an existing base vmware box.

Let me know if you have any questions or comments.

[ncharron]

To be clear, there would be one thing missing is that there is no cleanup script or command to remove the C:\vagrant folder which is uploaded and used for provisioning. Will add it later, this was mostly a PoC that if interested we/I can definitely build upon.