offloading vagrant so qubes doesnt have to support it.

125 views

Skip to first unread message

pixel fairy

unread,

Sep 21, 2016, 10:53:55 PM9/21/16

to qubes-users

I should start a support group for vagrant users who like qubes-os :(

Nested virtualization may become possible in qubes-4.x, but would come with an increased attack surface and some other complications. for one thing, virtualbox doesnt run in xen, and thats the mostly solid platform for vagrant. kvm is faster when it runs, but has other issues. by putting vagrant on a server dedicated to it, you get faster vagrant runs, free up all that memory, and you can screen/tmux the session and come back to later. all for the cost of needing that damn internet connection.

the cost of hardware is not much. most of it is ram, and an an ssd. no need for fancy graphics cards or anything else.

finally made one and started using it. its just linux virtualbox for now. it has user accounts for all of us, and one shared account with all our keys. tmux, vim, etc also installed so we can have a pleasant and comfortable collaboration environment, but we havent used that yet.

to get around the issue of running the same vagrant file at the same time, we set an environment variable in ~/.bashrc. heres a "template" multi machine vagrant file.

# -*- mode: ruby -*-
# vi: set ft=ruby :

if ENV.has_key?('v6prefix')
v6prefix = ENV['v6prefix']
else
v6prefix = "fd96:8025:fb27::"
end

VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "bento/ubuntu-16.04"
config.vm.define "server" do |server|
server.vm.hostname = "server"
server.vm.network "private_network", ip: v6prefix + "51"
end
config.vm.define "client" do |client|
client.vm.hostname = "client"
client.vm.network "private_network", ip: v6prefix + "52"
end
end

tried kvm, with one big kvm for virtualbox so we could have both. but, virtualbox doesnt run in kvm (thought i remember doing it in the past)

ive run virtualbox and kvm in vmware, so maybe esxi would a better host for this. to those cringing right now, vagrant is just a test environment. your not supposed to put anything important, let alone sensitive in there.

Eva Star

unread,

Sep 24, 2016, 6:12:51 PM9/24/16

to qubes...@googlegroups.com

On 09/22/2016 05:53 AM, pixel fairy wrote:

> Nested virtualization may become possible in qubes-4.x, but would come with an increased attack surface and some other complications. for one thing, virtualbox doesnt run in xen, and thats the mostly solid platform for vagrant. kvm is faster when it runs, but has other issues. by putting vagrant on a server dedicated to it, you get faster vagrant runs, free up all that memory, and you can screen/tmux the session and come back to later. all for the cost of needing that damn internet connection.

Search the forum. You can enable nested visualization and run virtualbox
at Qubes (but it's not secure)

--
Regards

Reply all

Reply to author

Forward

0 new messages