This repository contains Packer templates for creating Ubuntu Vagrant boxes, currently the focus is on ubuntu Desktop 20.04. Written in legacy json. With the box you get:
- Docker & docker images of webgoat, webwolf, Juiceshop
- Zap (2.9.0)
- nmap
- Burproxy
- Infrastructure validation tools
This is a fork of boxcutter and uses some files from Packer Templates for Ubuntu with ZFS Root for the AWS ami.
This project is a prototype and is currently no longer actively being maintained, until the next workshop/training that has to be given on ZAP/Burp websecurity. Nevertheless: feel free to make use of it.
Parallels requires that the Parallels Virtualization SDK for Mac be installed as an additional prerequisite.
We make use of JSON files containing user variables to build specific versions of Ubuntu.
You tell packer
to use a specific user variable file via the -var-file=
command line
option. This will override the default options on the core ubuntu.json
packer template,
which builds Ubuntu 20.04 by default.
For example, to build Ubuntu 20.04, use the following:
`$ packer build -var-file=ubuntu2004.json ubuntu.json`
If you want to make boxes for a specific desktop virtualization platform, use the -only
parameter. For example, to build Ubuntu 20.04 for VirtualBox:
`$ packer build -only=virtualbox-iso -var-file=ubuntu2004.json ubuntu.json`
The boxcutter templates currently support the following desktop virtualization strings:
parallels-iso
- Parallels desktop virtualization (Requires the Pro Edition - Desktop edition won't work)virtualbox-iso
- VirtualBox desktop virtualizationvmware-iso
- VMware Fusion or VMware Workstation desktop virtualization
We've also provided a wrapper script bin/box
for ease of use, so alternatively, you can use
the following to build Ubuntu 20.04 for all providers:
`$ bin/box build ubuntu2004`
Or if you just want to build Ubuntu 20.04 for VirtualBox:
`$ bin/box build ubuntu2004 virtualbox`
A GNU Make Makefile
drives a complete basebox creation pipeline with the following stages:
build
- Create basebox*.box
filesassure
- Verify that the basebox*.box
files produced function correctlydeliver
- Upload*.box
files to Artifactory, Atlas or an S3 bucket
The pipeline is driven via the following targets, making it easy for you to include them in your favourite CI tool:
make build # Build all available box types
make assure # Run tests against all the boxes
make deliver # Upload box artifacts to a repository
make clean # Clean up build detritus
The templates respect the following network proxy environment variables and forward them on to the virtual machine environment during the box creation process, should you be using a proxy:
- http_proxy
- https_proxy
- ftp_proxy
- rsync_proxy
- no_proxy
Automated tests are written in Serverspec and require
the vagrant-serverspec
plugin to be installed with:
vagrant plugin install vagrant-serverspec
The bin/box
script has subcommands for running both the automated tests
and for performing exploratory testing.
Use the bin/box test
subcommand to run the automated Serverspec tests.
For example to execute the tests for the Ubuntu 20.04 box on VirtualBox, use
the following:
bin/box test ubuntu2004 virtualbox
Similarly, to perform exploratory testing on the VirtualBox image via ssh, run the following command:
bin/box ssh ubuntu2004 virtualbox
There are several variables that can be used to override some of the default settings in the box build process. The variables can that can be currently used are:
- cpus
- disk_size
- memory
- update
The variable HEADLESS
can be set to run Packer in headless mode.
Set HEADLESS := true
, the default is false.
The variable UPDATE
can be used to perform OS patch management. The
default is to not apply OS updates by default. When UPDATE := true
,
the latest OS updates will be applied.
The variable PACKER
can be used to set the path to the packer binary.
The default is packer
.
The variable ISO_PATH
can be used to set the path to a directory with
OS install images. This override is commonly used to speed up Packer builds
by pointing at pre-downloaded ISOs instead of using the default download
Internet URLs.
The variables SSH_USERNAME
and SSH_PASSWORD
can be used to change the
default name & password from the default vagrant
/vagrant
respectively.
The variable INSTALL_VAGRANT_KEY
can be set to turn off installation of the
default insecure vagrant key when the image is being used outside of vagrant.
Set INSTALL_VAGRANT_KEY := false
, the default is true.
The variable CUSTOM_SCRIPT
can be used to specify a custom script
to be executed. You can add it to the script/custom
directory (content
is ignored by Git).
The default is custom-script.sh
which does nothing.
- Fork and clone the repo.
- Create a new branch, please don't work in your
master
branch directly. - Add new Serverspec or Bats tests in the
test/
subtree for the change you want to make. Runmake test
on a relevant template to see the tests fail (likemake test-virtualbox/ubuntu2004
). - Fix stuff. Use
make ssh
to interactively test your box (likemake ssh-virtualbox/ubuntu2004
). - Run
make test
on a relevant template (likemake test-virtualbox/ubuntu2004
) to see if the tests pass. Repeat steps 3-5 until done. - Update
README.md
andAUTHORS
to reflect any changes. - If you have a large change in mind, it is still preferred that you split them into small commits. Good commit messages are important. The git documentatproject has some nice guidelines on writing descriptive commit messages.
- Push to your fork and submit a pull request.
- Once submitted, a full
make test
run will be performed against your change in the build farm. You will be notified if the test suite fails.
Contact [email protected]
Parallels provided a Business Edition license of their software to run on the basebox build farm.
SmartyStreets provided basebox hosting for the box-cutter project since 2015 - thank you for your support!
Requires: Virtualbox 6, Vagrant, Packer.
- prepare a release at https://app.vagrantup.com
- update box_tag in ubuntu.json
- run
packer build -only=virtualbox-iso -var 'vagrant_cloud_token=<YOURVAGRANTCLODUTOKENHERE>' -var 'version=<VERSIONHERE>' ubuntu.json
(note the box might require additonal steps to have a desktop) - Finalize your release at https://app.vagrantup.com or use the locally created virtualbox and export it for your own usage/training.
- export your access key and access key id and then run
packer build aws-template.json
. Protip use:packer build -var 'version=0.3.8' aws-template.json >> amicreatorlog.log
andtail -f amicreatorlog.log
for easy debugging.