[CentOS-devel] Feedback needed: ideas for the Vagrant images

Thu Jul 7 18:43:20 UTC 2016
Lalatendu Mohanty <lmohanty at redhat.com>

On 07/07/2016 06:23 PM, Laurentiu Pancescu wrote:
> Hi there,
>
> I would appreciate some feedback on a few ideas for our Vagrant images.
>
> Our CentOS images for Vagrant are currently not setup according to the 
> upstream recommendations for base boxes, and I'd like to change that. 
> [1]  Here's the list of necessary modifications:
>
> I. root password should be 'vagrant': already filed by Lalatendu 
> Mohanty as issue #30 on GitHub [2].  I should mention that Karanbir 
> Singh has some reservations related to security. However, the box 
> already has passwordless sudo, and changing the root password is just 
> a "sudo passwd" away (I tried, it warns about a bad password, but it 
> accepts it).  Although public key auth is enabled, password-based 
> authentication isn't disabled, and sshd will happily let anyone log in 
> to any public box as vagrant:vagrant.  We should probably only allow 
> local password logins (on the console), for both root and vagrant; not 
> sure if the best way to enforce this is sshd_config or PAM.
>

+1. I think we should keep the behavior as per upstream Vagrant 
documentation.

> II. use /vagrant as the sync directory: we currently use 
> /home/vagrant/sync, this change is already planned for the release 
> following 1606
>
> III. "UseDNS no" in sshd_config: this would make connections via ssh 
> faster
>
> Additional ideas for optimization:
>
> IV. disable requiretty in /etc/sudoers: this allows users to enable 
> the pipelining feature of the Ansible provisioner, which significantly 
> increases its speed (it's about 2 times faster in my tests). [3]
>
> V. set GRUB_TIMEOUT to 1 or 0: this reduces or eliminates the waiting 
> time before the default kernel is booted (the VM runs generally 
> without a display, so it makes no sense to wait there)
>
> Best regards,
> Laurențiu
>
> [1] https://www.vagrantup.com/docs/boxes/base.html
> [2] https://github.com/CentOS/sig-cloud-instance-build/issues/30
> [3] https://docs.ansible.com/ansible/intro_configuration.html#pipelining
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel