Building an Fedora CoreOS Vagrant box

coreos_vagrant.sh

#!/bin/bash

set -eu -o pipefail

if ! command -v VBoxManage &> /dev/null; then
  echo "[ERROR] VirtualBox is not installed"
  exit 1
fi

if ! command -v vagrant &> /dev/null; then
  echo "[ERROR] Vagrant is not installed"
  exit 1
fi

if ! command -v podman &> /dev/null && ! command -v docker &> /dev/null; then
  echo "[ERROR] Podman or Docker is not installed"
  exit 1
fi

COREOS_JSON="/tmp/coreos-stable.json"
CENTOS_COOKIES="/tmp/fedoraproject.cookies"

curl -fsSL -c "${CENTOS_COOKIES}" -b "${CENTOS_COOKIES}" https://builds.coreos.fedoraproject.org/streams/stable.json > "${COREOS_JSON}"

COREOS_RELEASE="$(jq -r '.architectures["x86_64"]["artifacts"]["virtualbox"]["release"]' ${COREOS_JSON})"
COREOS_DOWNLOAD="$(jq -r '.architectures["x86_64"]["artifacts"]["virtualbox"]["formats"]["ova"]["disk"]["location"]' ${COREOS_JSON})"
COREOS_SHA256="$(jq -r '.architectures["x86_64"]["artifacts"]["virtualbox"]["formats"]["ova"]["disk"]["sha256"]' ${COREOS_JSON})"
COREOS_MAJOR_VERSION="$(echo "${COREOS_RELEASE}" | cut -d. -f1)"
BOX_NAME="fedora-coreos-${COREOS_MAJOR_VERSION}"
BOX_FULL_NAME="fedora-coreos-${COREOS_RELEASE}"
IGNITION_SERVER="10.0.2.2"
VAGRANT_KEY="$(curl -fsSL https://raw.githubusercontent.com/hashicorp/vagrant/master/keys/vagrant.pub)"

echo "[INFO] Downloading CoreOS ${COREOS_RELEASE} for VirtualBox"
if [ ! -f "${BOX_FULL_NAME}.ova" ]; then
  USER_AGENT="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.0.0"
  curl -A "${USER_AGENT}" -fL -c "${CENTOS_COOKIES}" -b "${CENTOS_COOKIES}" \
    -H "Referer: https://fedoraproject.org/" -H "Origin: https://fedoraproject.org/" \
    --progress-bar \
    -o "${BOX_FULL_NAME}.ova" "${COREOS_DOWNLOAD}"
fi

echo "[INFO] Verifying SHA256 checksum"
echo -n "${COREOS_SHA256} ${BOX_FULL_NAME}.ova" | sha256sum --check --status

if ! command -v podman &> /dev/null; then
  CONTAINER_RUNTIME="$(which docker)"
else
  CONTAINER_RUNTIME="$(which podman)"
fi

echo "[INFO] Writing Butane configuration file"
echo "variant: fcos
version: 1.5.0
grub:
  users:
    - name: root
      password_hash: grub.pbkdf2.sha512.600000.8BF09FDC239B0CD194DA0FB1F6885359DC62EE9BC72E27841D916D7DFC591CCD.9FD2830138199836EF555A16E0895C5518371291342D4B0B5008476829DDAC4C1F03E2628C735E39E50D63369B921FF02B2596E8FA19E75E9A218B42DE54581
passwd:
  users:
    - name: vagrant
      groups:
        - wheel
        - sudo
      shell: /bin/bash
      ssh_authorized_keys:
        - ${VAGRANT_KEY}
storage:
  files:
    - path: /etc/ssh/sshd_config.d/20-allow-users.conf
      mode: 0644
      contents:
        inline: |
          AllowUsers vagrant" > vagrant_config.bu

echo "[INFO] Generating Ignition configuration"
${CONTAINER_RUNTIME} run --interactive --rm quay.io/coreos/butane:release \
       --pretty --strict < vagrant_config.bu > ./vagrant_config.ign

echo "[INFO] Validating Ignition configuration file"
${CONTAINER_RUNTIME} run --pull=always --rm -i quay.io/coreos/ignition-validate:release - < ./vagrant_config.ign

echo "[INFO] Writing Nginx configuration file"
echo "server {
  listen 80;
  location / {
    autoindex on;
  }
}" > nginx.conf

echo "[INFO] Starting Nginx container serving the Ignition configuration"
if ! ${CONTAINER_RUNTIME} ps | grep -q coreos-ign-nginx; then
  ${CONTAINER_RUNTIME} run -v"$(pwd):/var/lib/nginx/html/" \
    -v "$(pwd)/nginx.conf:/etc/nginx/http.d/default.conf" \
    --cap-drop=all \
    --cap-add={chown,dac_override,net_bind_service,setgid,setuid} \
    --name coreos-ign-nginx -d -p 9999:80 konstruktoid/nginx
fi

echo "[INFO] Importing CoreOS ${COREOS_RELEASE} into VirtualBox"
if ! VBoxManage list vms | grep -m1 -qo "${BOX_NAME}"; then
  vboxmanage import "${BOX_FULL_NAME}.ova" --vsys 0 --vmname "${BOX_NAME}"
fi

SHA512SUM=$(sha512sum ./vagrant_config.ign | awk '{print $1}')

echo "[INFO] Writing Ignition pointer configuration file"
echo "variant: fcos
version: 1.5.0
ignition:
  config:
    replace:
      source: http://${IGNITION_SERVER}:9999/vagrant_config.ign
      verification:
        hash: sha512-${SHA512SUM}" > ./vagrant_pointer.bu

echo "[INFO] Generating Ignition pointer configuration"
${CONTAINER_RUNTIME} run --interactive --rm quay.io/coreos/butane:release \
       --pretty --strict < ./vagrant_pointer.bu > ./vagrant_pointer.ign

echo "[INFO] Validating Ignition pointer configuration file"
${CONTAINER_RUNTIME} run --pull=always --rm -i quay.io/coreos/ignition-validate:release - < ./vagrant_pointer.ign

if [ -f "${BOX_NAME}.box" ]; then
  echo "[INFO] Removing existing ${BOX_NAME}.box"
  vagrant box remove "${BOX_NAME}" --all || echo "Ignoring error"
  rm "${BOX_NAME}.box"
fi

echo "[INFO] Setting VirtualBox Ignition configuration"
VBoxManage guestproperty unset "${BOX_NAME}" /Ignition/Config
VBoxManage guestproperty set "${BOX_NAME}" /Ignition/Config "$(cat ./vagrant_pointer.ign)"
coreos_uuid=$(VBoxManage list vms | grep "${BOX_NAME}" | awk '{print $NF}' | tr -d '{}')

echo "[INFO] Packaging CoreOS ${COREOS_RELEASE} into Vagrant box"
vagrant package --base "${coreos_uuid}" --output "${BOX_NAME}.box"

echo "[INFO] Removing CoreOS ${COREOS_RELEASE} VM from VirtualBox"
VBoxManage unregistervm "${BOX_NAME}" --delete

echo "[INFO] Creating Vagrantfile"
echo "Vagrant.configure('2') do |config|
  config.vm.box_check_update = false
  config.vm.synced_folder '.', '/vagrant', disabled: true

  config.ssh.forward_agent = true
  config.ssh.insert_key = false

  if Vagrant.has_plugin?('vagrant-vbguest')
    config.vbguest.auto_update = false
    config.vbguest.installer_options = { allow_kernel_upgrade: false }
  end

  config.vm.provider 'virtualbox' do |vb|
    vb.check_guest_additions = false
    vb.functional_vboxsf = false
    vb.customize ['modifyvm', :id, '--uart1', '0x3F8', '4']
    vb.customize ['modifyvm', :id, '--uartmode1', 'disconnected']
  end

  config.vm.define 'coreos' do |coreos|
    coreos.vm.hostname = 'coreos'
    coreos.vm.box = '${BOX_NAME}'
    coreos.vm.box_url = 'file://${BOX_NAME}.box'
  end
end" > Vagrantfile