The in-progress Vagrant AWS has a lot of promise, especially for devops. The ability to test your Puppet or Chef scripts on an EC2 instance using Vagrant is very tempting. Unfortunately, it’s not yet quite stable enough to rely on, in my experience. Some errors seem to happen sporadically. Most are related to
ssh, although running
ssh manually works fine (either
vagrant ssh or
Sometimes, something as simple as
mkdir fails without reason:
The following SSH command responded with a non-zero exit status. Vagrant assumes that this means the command failed! mkdir -p '/vagrant'
rsync completes, but then it immediately terminates the instance:
[default] Rsyncing folder: /home/ben/aws-sandbox/ => /vagrant [default] Terminating the instance...
I’m still hopeful that it can be useful to us in the future. Like I said, there’s a lot of promise in this young project.
At any rate, we took some time to research how to get SSH agent forwarding working, which is valuable for us when remote pairing. We were getting stuck with errors like this:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
It turns out that
vagrant itself ignores anything but identity files, which was key to getting agent forwarding to work. This can be inspected using
It turns out that
lib/vagrant/util/ssh.rb can be modified like so:
--- a/lib/vagrant/util/ssh.rb +++ b/lib/vagrant/util/ssh.rb @@ -108,7 +108,7 @@ module Vagrant # IdentitiesOnly option. Also, we don't enable it in plain mode so # that SSH properly searches our identities and tries to do it itself. if !Platform.solaris? && !plain_mode - command_options += ["-o", "IdentitiesOnly=yes"] + command_options += ["-o", "IdentitiesOnly=no"] end # If we're not in plain mode, attach the private key path.
There’s a related change that can be made to make
vagrant ssh-config match, but it seems to be cosmetic:
--- a/templates/commands/ssh_config/config.erb +++ b/templates/commands/ssh_config/config.erb @@ -6,7 +6,7 @@ Host <%= host_key %> StrictHostKeyChecking no PasswordAuthentication no IdentityFile "<%= private_key_path %>" - IdentitiesOnly yes + IdentitiesOnly no LogLevel FATAL <% if forward_agent -%> ForwardAgent yes
That was enough to get our SSH agent forwarding to work. These changes make sense in the context of AWS, but probably not in Vagrant at large. I’m tempted to make a pull request, but the above changes are a little half baked – and
vagrant-aws still needs some fine tuning before the change can really be tested.