another man's ramblings on code and tech

Configuring Windows 7 Vagrant Base Boxes with SSH


With Vagrant it can be quite frustrating setting up Windows Base Boxes using WinRM. I have never had any success myself using the Vagrant WinRM method. While I gawk in amazement at pre-built boxes which have WinRM control, there seems to be no complete documentation anywhere on how to set it up. In fact, the Vagrant page describing how to set up Windows base boxes has formatting issues which makes its Windows code blocks near unreadable. Add on top of that the fact that their (and others') instructions are either missing steps or outright wrong and you end up where I was three weeks ago: falling back on using the SSH method to connect and provision with Vagrant. While Vagrant does not have much built in automatic provisioning features with SSH mode Windows, you can still do manual provisioning using the Vagrantfile modifyvm command to configure what you need.

Step 1: Create vagrant user

The first important step is to create the vagrant user on Windows. Make sure the account's username and password is "vagrant" and that it is an administrator. Then log into this new account.

Step 2: Install any provider specific requirements with Cygwin and OpenSSH

Next, from the vagrant user's account, install any provider specific required software (like VBox's Guest Additions) and then install Cygwin and OpenSSH using these great instructions from Oracle.

At the end of this section, you should be able to SSH to localhost from a Cygwin terminal by running:

ssh localhost

Step 3: Configure Windows Firewall

You'll need to do add some entries to the firewall to allow communication through port 22 so that Vagrant can communicate with the base box.

  1. Go to "Windows Firewall with Advanced Security" in the start menu.
  2. Go to "Inbound Rules"
  3. Hit "New Rule"
  4. Select "Port" based rule
  5. Select "TCP"
  6. Select "Specified local ports" and enter 22
  7. Select "Allow the connection"
  8. Selected all check boxes for "When does this rule apply?"
  9. For name make it something along the lines of "Allow SSH Access"

You may need to add an outbound rule as well with the same setup to explicitly allow connections outbound over 22 but most likely that is not necessary.

Step 4: Package up base box

Now to package up the base box. Create a folder called "vagrant_win7", change dir into it and run:

vagrant package --base "VM_NAME_HERE" --output "vagrant_win7.box"

Substituting "VM_NAME_HERE" with the name of your VM in your respective provider. This will take a while and will create a file called "vagrant_win7.box" in the contained folder.

Step 5: Configure Vagrantfile

In order for Vagrant to even add this new base box to a provider it needs a Vagrantfile. In our case, we're using:

  1. A Windows guest OS
  2. SSH to a Windows guest OS
  3. Password protection

All of which go against Vagrant default functionality. Hence, we need our Vagrantfile to reflect that. We must also disable the default shared Vagrant folder because it does not set up correctly automatically over SSH. Here's an example of the Vagrantfile I used to create my Windows base box:

#/home/jflowers/vagrant_win7/Vagrantfile
Vagrant.configure(2) do |config|
  config.vm.box = "vagrant_win7"

  config.vm.provider "virtualbox" do |v|
    v.name = "vagrant_win7"
    v.customize ["modifyvm", :id, "--nic2", "hostonly"]
  end

  config.vm.synced_folder '.', '/vagrant', disabled: true
  config.vm.guest = "windows"

  config.ssh.insert_key = false
  config.ssh.username = "vagrant"
  config.ssh.password = "vagrant"
end

With this configuration I set the name of the box in Vagrant and VirtualBox. I also set up a host only adapter using the modifyvm parameter with v.customize. I then disable the automatic synced folder and explicitly tell Vagrant its using a Windows guest OS. Finally I tell Vagrant to ignore using a private/public key-pair with SSH and tell it the username and password to use to connect.

Step 6: Add box to Vagrant and vagrant up

Finally, now that you have a working base box and Vagrantfile, its time to add your box and vagrant up! From the "vagrant_win7" folder simply run:

vagrant box add vagrant_win7 vagrant_win7.box

Once its finished adding your box you can run:

vagrant up

to turn it on and:

vagrant ssh

to create a SSH connection!

And that's it! As you can see, the SSH method is a little complex, and leaves you without some automatic provisioning features with Vagrant. However if you simply need a Windows box working quickly and cannot get the WinRM route working, then this is a functional alternative.

Date: Jul 13 2015

NEXT