Updated CentOS Vagrant Images Available (v1607.01)

Wednesday, 10, August 2016 Laurențiu Păncescu announcement 15 Comments

Official Vagrant images for CentOS Linux 6 and CentOS Linux 7 for x86_64 are now available for download, featuring updated packages to 28 July 2016 and the following improvements:

Known Issues

Downloads

Only x86_64 images are currently available, for Vagrant’s libvirt and VirtualBox providers.

First-time users can download the official images from Hashicorp’s Atlas. You can use vagrant box add centos/6 for CentOS Linux 6, or vagrant box add centos/7 for CentOS Linux 7.

Existing users can upgrade their boxes directly by Vagrant, e.g. vagrant box update --box centos/7, but the changes will only apply to newly created instances.

Feedback

If you encounter any unexpected issues with the Vagrant images, feel free to ask on the centos-devel mailing list, or in #centos-devel on Freenode.

Acknowledgements

We would like to thank Nico Kadel-Garcia for his valuable insight on preventing sshd from performing reverse DNS lookups.

15 thoughts on "Updated CentOS Vagrant Images Available (v1607.01)"

  1. Sean Cavanaugh says:

    So when this happened with the latest release "sshd password authentication is now disabled" this is not the default of how CentOS7 is setup. I had create an out of band management network where Vagrant stiches together the VMs. Now I can't use Ansible from that oob network since it can't login the first time to install SSH keys. Why did this change?

    1. Laurențiu Păncescu says:

      Vagrant supports not only boxes that are inaccessible from outside (e.g. behind NAT), but also private and public networking. In the last two cases, having password authentication enabled allows anyone who is able to access the IP of a box to fully take control over it as root (the 'vagrant' password is publicly known, and the account has full sudo rights without a password). This is also why Vagrant 1.7 started to replace the insecure public key with a newly generated one. The default CentOS installation assumes the user provides a unique strong password during installation, therefore leaving password authentication enabled is ok; when the password is publicly known, like on Vagrant boxes, that's a bad idea.

      Some ideas for your situation: you could specify the correct identity file via ssh_config (eventually with a wildcard configuration if you are using the same key for all the boxes), and eventually use ssh-agent if your keys are encrypted. You could also use Ansible instead, by initialising the ansible_ssh_private_key_file variable for each host in the inventory file (this is probably the best approach if you have a dynamic inventory). If you prefer to write your own keys via provisioning, configure Vagrant not to replace the insecure private key (config.insert_key=false) and use that for the initial login.

  2. David Vazquez says:

    Latest box doesn't work. Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

    1. Laurențiu Păncescu says:

      The easiest way is to just let Vagrant handle all the details - 'vagrant ssh' will create a SSH session to the box, no questions asked. If you want to invoke ssh directly, i.e. not through vagrant, you have to specify the correct identity file, e.g. 'ssh -i .vagrant/machines/default/virtualbox/private_key -l vagrant 127.0.0.1 -p 2222' (assuming your box is named "default"). You can also create a ssh_config file, to avoid typing such a long command every time ('vagrant ssh-config' will print a valid configuration file for your setup).

      1. Manny says:

        I get the Permission denied error even when doing a simple 'vagrant ssh'.

        1. Laurențiu Păncescu says:

          Please make sure you aren't using Vagrant 1.8.5, which is the current version (use 'vagrant version' to display both the installed and the latest available version). With Vagrant 1.8.4, 'vagrant init centos/7 && vagrant up && vagrant ssh' works fine - just checked. Please see the last item in the 'Known Issues' above - without any information about your host OS or Vagrant version, I can only guess what's wrong.

          If you are still encountering problems, please ask in #centos on IRC: someone will probably be able to help you step by step (WordPress comments are not a suitable support channel).

      2. Lawrence Fritts says:

        None of these are working for me. I cannot vagrant ssh into my new machine.

        1. Sourabh says:

          I ran into the same issue. The combo that is working is Vagrant 1.8.4 and Virtual Box 5.0.x. I haven't tried Vagrant 1.8.5 with VB 5.0.x (may be some other day) 🙂

  3. dmas says:

    By any chance, is there a corresponding Kickstart file shared that can be used to (re)build the same CentOS images available for download? It would be very helpful for making additional adjustments to the image if/when needed.

    1. dmas says:

      I was finally able to DL the centos/7 box and saw it does have the complete Kickstart file built during the build. As such, please disregard my question 😉

  4. Marina says:

    Good Job)))

  5. Dave Vigil says:

    It would be really nice to have a vmware_desktop version available as well.

  6. Andy Feller says:

    How do you recommend those using packer virtualbox-ovf builder to ssh now as these sshd changes break builds now?

    1. Andy Feller says:

      So might have answered this for myself finally, but for those who're using virtualbox-ovf builder they should use the vagrant insecure key instead of password authentication.

    2. Laurențiu Păncescu says:

      I've never used Packer, but I would recommend setting its ssh_private_key_file option to Vagrant's insecure private key (e.g. "~/.vagrant.d/insecure_private_key"), instead of using ssh_password like the examples in the Packer documentation.

Leave a Reply to Marina Cancel reply

Your email address will not be published. Required fields are marked *