Packer templates for Ubuntu written in legacy JSON (trainerbox)

Overview

This repository contains Packer templates for creating Ubuntu Vagrant boxes, currently the focus is on ubuntu Desktop 20.04. Written in legacy json. With the box you get:

• Docker & docker images of webgoat, webwolf, Juiceshop
• Zap (2.9.0)
• nmap
• Burproxy
• Infrastructure validation tools

This is a fork of boxcutter and uses some files from Packer Templates for Ubuntu with ZFS Root for the AWS ami.

Project status

This project is a prototype and is currently no longer actively being maintained, until the next workshop/training that has to be given on ZAP/Burp websecurity. Nevertheless: feel free to make use of it.

How to use the vagrant box

Parallels requires that the Parallels Virtualization SDK for Mac be installed as an additional prerequisite.

We make use of JSON files containing user variables to build specific versions of Ubuntu. You tell packer to use a specific user variable file via the -var-file= command line option. This will override the default options on the core ubuntu.json packer template, which builds Ubuntu 20.04 by default.

For example, to build Ubuntu 20.04, use the following:

`$ packer build -var-file=ubuntu2004.json ubuntu.json`

If you want to make boxes for a specific desktop virtualization platform, use the -only parameter. For example, to build Ubuntu 20.04 for VirtualBox:

`$ packer build -only=virtualbox-iso -var-file=ubuntu2004.json ubuntu.json`

The boxcutter templates currently support the following desktop virtualization strings:

• parallels-iso - Parallels desktop virtualization (Requires the Pro Edition - Desktop edition won't work)
• virtualbox-iso - VirtualBox desktop virtualization
• vmware-iso - VMware Fusion or VMware Workstation desktop virtualization

Building the Vagrant boxes with the box script

We've also provided a wrapper script bin/box for ease of use, so alternatively, you can use the following to build Ubuntu 20.04 for all providers:

`$ bin/box build ubuntu2004`

Or if you just want to build Ubuntu 20.04 for VirtualBox:

`$ bin/box build ubuntu2004 virtualbox`

Building the Vagrant boxes with the Makefile

A GNU Make Makefile drives a complete basebox creation pipeline with the following stages:

• build - Create basebox *.box files
• assure - Verify that the basebox *.box files produced function correctly
• deliver - Upload *.box files to Artifactory, Atlas or an S3 bucket

The pipeline is driven via the following targets, making it easy for you to include them in your favourite CI tool:

make build   # Build all available box types
make assure  # Run tests against all the boxes
make deliver # Upload box artifacts to a repository
make clean   # Clean up build detritus

Proxy Settings

The templates respect the following network proxy environment variables and forward them on to the virtual machine environment during the box creation process, should you be using a proxy:

• http_proxy
• https_proxy
• ftp_proxy
• rsync_proxy
• no_proxy

Tests

Automated tests are written in Serverspec and require the vagrant-serverspec plugin to be installed with:

vagrant plugin install vagrant-serverspec

The bin/box script has subcommands for running both the automated tests and for performing exploratory testing.

Use the bin/box test subcommand to run the automated Serverspec tests. For example to execute the tests for the Ubuntu 20.04 box on VirtualBox, use the following:

bin/box test ubuntu2004 virtualbox

Similarly, to perform exploratory testing on the VirtualBox image via ssh, run the following command:

bin/box ssh ubuntu2004 virtualbox

Variable overrides

There are several variables that can be used to override some of the default settings in the box build process. The variables can that can be currently used are:

• cpus
• disk_size
• memory
• update

The variable HEADLESS can be set to run Packer in headless mode. Set HEADLESS := true, the default is false.

The variable UPDATE can be used to perform OS patch management. The default is to not apply OS updates by default. When UPDATE := true, the latest OS updates will be applied.

The variable PACKER can be used to set the path to the packer binary. The default is packer.

The variable ISO_PATH can be used to set the path to a directory with OS install images. This override is commonly used to speed up Packer builds by pointing at pre-downloaded ISOs instead of using the default download Internet URLs.

The variables SSH_USERNAME and SSH_PASSWORD can be used to change the default name & password from the default vagrant/vagrant respectively.

The variable INSTALL_VAGRANT_KEY can be set to turn off installation of the default insecure vagrant key when the image is being used outside of vagrant. Set INSTALL_VAGRANT_KEY := false, the default is true.

The variable CUSTOM_SCRIPT can be used to specify a custom script to be executed. You can add it to the script/custom directory (content is ignored by Git). The default is custom-script.sh which does nothing.

Contributing

1. Fork and clone the repo.
2. Create a new branch, please don't work in your master branch directly.
3. Add new Serverspec or Bats tests in the test/ subtree for the change you want to make. Run make test on a relevant template to see the tests fail (like make test-virtualbox/ubuntu2004).
4. Fix stuff. Use make ssh to interactively test your box (like make ssh-virtualbox/ubuntu2004).
5. Run make test on a relevant template (like make test-virtualbox/ubuntu2004) to see if the tests pass. Repeat steps 3-5 until done.
6. Update README.md and AUTHORS to reflect any changes.
7. If you have a large change in mind, it is still preferred that you split them into small commits. Good commit messages are important. The git documentatproject has some nice guidelines on writing descriptive commit messages.
8. Push to your fork and submit a pull request.
9. Once submitted, a full make test run will be performed against your change in the build farm. You will be notified if the test suite fails.

Would you like to help out more?

Contact moujan@annawake.com

Acknowledgments

Parallels provided a Business Edition license of their software to run on the basebox build farm.

SmartyStreets provided basebox hosting for the box-cutter project since 2015 - thank you for your support!

Short: How to create your own box

Requires: Virtualbox 6, Vagrant, Packer.

• prepare a release at https://app.vagrantup.com
• update box_tag in ubuntu.json
• run packer build -only=virtualbox-iso -var 'vagrant_cloud_token=<YOURVAGRANTCLODUTOKENHERE>' -var 'version=<VERSIONHERE>' ubuntu.json (note the box might require additonal steps to have a desktop)
• Finalize your release at https://app.vagrantup.com or use the locally created virtualbox and export it for your own usage/training.
• export your access key and access key id and then run packer build aws-template.json. Protip use: packer build -var 'version=0.3.8' aws-template.json >> amicreatorlog.log and tail -f amicreatorlog.log for easy debugging.