vagrant should be able to connect to the vm and interact with it
==> vm-test: Creating shared folders metadata...
==> vm-test: Starting domain.
==> vm-test: Waiting for domain to get an IP address...
==> vm-test: Waiting for SSH to become available...
==> vm-test: Removing domain...
/opt/vagrant/embedded/gems/gems/net-ssh-3.0.2/lib/net/ssh/proxy/command.rb:93:in `read_nonblock': end of file reached (EOFError)
OS/Distro version:: Ubuntu 16.04.2 LTS
Libvirt version: Version: 1.3.1-1ubuntu10.8
virt-sysprep remove hostkeys by default.
Don't know if it is new or not in debian8 (the target os) but without hostkeys, sshd will never start making the packaged box not functionnal.
I temporary fixed it by removing the specific action (ssh-hostkeys) from virt-sysprep.
my patch:
in lib/vagrant-libvirt/action/package_domain.rb
virt-sysprep --no-logfile --operations defaults,-ssh-userdir,-ssh-hostkeys -a #{@tmp_img}
Although that works it is not ideal since the guest should be creating ssh keys for each new instantiation, so leaving this open for now.
it should be customized options for package. i will pick it up soon
https://github.com/libguestfs/libguestfs/blame/f4ca4de207f33847871a95e686997476b82ec1af/sysprep/sysprep_operation_ssh_hostkeys.ml suggests that the operation ssh-hostkeys has been enabled by default for 4 years.
I hit this issue as well when packaging a box. The workaround from @ch0k0bn worked for me. I cannot speak to whether this worked in previous releases.
Along with virt-sysprep doing ssh-hostkeys removal, Vagrant also expects to find the known insecure keypair tested in https://github.com/hashicorp/vagrant/blob/b0fc33e9b728f8575890a5a9e358394983b5298c/plugins/communicators/ssh/communicator.rb#L702-L707
A solution seems to be for actions/package_domain.rb to inject this keypair into the new box after virt-sysprep does its work, so when the next vagrant up tests for SSH connectivity it finds this and does the work of replacing with a new keypair.
For repackaging from base boxes (e.g. bentos) this may be redundant, provided config.ssh.insert_key = false is provided in the Vagrantfile.
I think #1315 should resolve this, there are further fixes with #1307 that should ensure that if config.ssh.insert_key = false is not set that the private key required is bundled. It possibly would be better to re-inject the insecure key instead. But at least we'll follow the default behaviour and ssh should work by default..
Most helpful comment
I think #1315 should resolve this, there are further fixes with #1307 that should ensure that if
config.ssh.insert_key = falseis not set that the private key required is bundled. It possibly would be better to re-inject the insecure key instead. But at least we'll follow the default behaviour and ssh should work by default..