Search This Blog

Tuesday, 6 October 2015

5 things to know before you “vagrant up”

With it’s simplicity of use and the elegance it provides, Vagrant proves to be an interesting tool for a security professional. In this article I’ll give a basic overview so that you can start using it. So what is exactly Vagrant? Think of it as a wrapper around your virtualization provider like VMware or Virtual Box. By using Vagrant you get greater control and flexibility in creating, and managing multiple virtual machines at the same time.

To understand better let’s take an use case. Imagine that you are building an IDS lab. You would typically require 3 machines – Server, Sensor and Monitoring machine. Now to create this setup in Virtual Box you need to perform a series of repetitive tasks - installing the operating system, applications, define networking etc. Once the setup is done, you need to bring up and manage these machines individually. All these activities kind of take your focus away from the core of what you might have wanted– like testing some Snort rules or understanding how Bro IDS works. Wouldn’t it be great if these repetitive tasks can be automated, so that you can focus on stuff that matters?

This is where Vagrant comes in. With Vagrant you simply write a configuration file to define these 3 machines. You can subsequently bring them up, install the OS, provision them and manage them using a handful of “vagrant” commands. So with Vagrant, you move from managing individual machines to managing an environment. Here’s a simple visualization of how Vagrant works:

vagrant complete

 

#1 - The VagrantFile

The VagrantFile is an ASCII based text file where you specify the configuration of the virtual machine you require. If you need 10 machines for your lab then you need to specify them sequentially in the VagrantFile.
For every VM you can specify:

  1. Physical properties of the machine (CPU, RAM etc)
  2. Network Interfaces
  3. Shared Folders (Folders shared between host and the VM)
  4. Hostname/IP Address
  5. Details of software to be installed on the VM – In Vagrant terms this is called provisioning.

Here is a snippet from the VagrantFile, to create a simple Ubuntu virtual machine. The syntax is based on Ruby. But even if you don’t know Ruby at all it is fairly straight to understand and implement. 

#- This line indicates the beginning of configuration.  
Vagrant.configure(2) do |config| 
#- Begin configuration for my-ubuntu-machine 
config.vm.define "My Ubuntu Machine" do |my-ubuntu-machine| 
#- Specifying the “box” required for this machine and the URL to get it from.  
my-ubuntu-machine.vm.box="precise64"
my-ubuntu-machine.vm.box_url ="http://files.vagrantup.com/precise64.box"
#- Setting the hostname, IP and SSH port forwarding  
my-ubuntu-machine.vm.hostname="ubuntu-machine"
my-ubuntu-machine.vm.network "private_network", ip: "10.1.1.10"
my-ubuntu-machine.vm.network "forwarded_port", guest: 22, host: 2210  
#- Provisioning or software/config update – I am just running apt-get update to get the latest versions of packages  
my-ubuntu-machine.vm.provision "shell", inline: -SHELL 
#!/usr/bin/env bash 
apt-get update /dev/null 21 
SHELL 
end  
#- Add more VMs as required… 
#- Below line indicates end of configuration. 
end

 








#2 – The Vagrant Boxes


A box is file that represents a virtual machine. Think of it as an appliance that you can plug in to Vagrant and start running. Boxes are available for download from vagrantbox.es and the Hashicorp site. In addition to downloading boxes you can also create your own boxes and use them.


 








#3 – Virtualization Providers


This would typically be any software that provides an emulated environment for running different operating systems. Popular options are Vmware Player/Workstation/Fusion, and VirtualBox. Vagrant works free and fine with VirtualBox. However if you want to use it with VMware, you need to purchase additional licenses.


 








#4 – The Vagrant Software


The Vagrant software:


  1. Reads the VagrantFile,
  2. Downloads the boxes (if not already available)
  3. Installs the required applications – For this it takes the help of
  4. Creates VMs in the Virtualization provider
  5. Provisions the machines as required - For simple software installations you can use shell scripts. Where shell scripts get complicated, Vagrant also provides support for Configuration management tools such as Chef, Puppet, Salt andAnsible.
  6. Provides capabilities for managing the VMs using the “vagrant” command.

 








#5 – Plug-ins


Vagrant provides extensibility with the use of Plug-ins (not shown in above diagram). As a developer you might be interested to add new vagrant commands, provide easier options to configure a host, add support for provisioners etc. In fact, Vagrant itself ships with a set of core plug-ins that work behind the scenes to configure and bring up your VM. You can find the list of core plug-ins here. Plug-ins are developed using Ruby and are implemented as self-contained packages (Rubygems).


To know more about Vagrant refer the Vagrant documentation or the very readable book by Mitchell Hashimoto – Vagrant Up and Running.

Posted by at

1 comment:

Subscribe to: Post Comments (Atom)