# -*- mode: ruby -*-
# vi: set ft=ruby :
# An updated version of this file may be at
# https://svn.r-project.org/R-dev-web/trunk/WindowsBuilds/winutf8/ucrt3/extra/vagrant-win10-tst/Vagrantfile
#
# see ../../vm.md for more information
# also available at: https://developer.r-project.org/WindowsBuilds/winutf8/ucrt3/vm.html
#
# Please note the Windows virtual machine used here has a rather old version
# of Windows 10, which does not allow using UTF-8 as the native encoding
# in R. It can, however, still be used to test the new toolchain and new
# builds or debug most issues in packages (the experience shows that most
# are not caused by UTF-8 being the native encoding).
# Before use
#
# apt-get install virtualbox
# apt-get install vagrant
#
# unzip MSEdge.Win10.Vagrant.zip
# "MSEdge on Win10 (x64) Stable 1809" for platform "Vagrant"
# available from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ including
# license terms
#
# mv "MSEdge - Win10.box" MSEdgeWin10.box
# vagrant box add win10-tst MSEdgeWin10.box
#
# get setup.ps1
# cp ../../r/setup.ps1 .
# or:
# wget https://svn.r-project.org/R-dev-web/trunk/WindowsBuilds/winutf8/ucrt3/r/setup.ps1
#
# vagrant plugin install winrm
# vagrant plugin install winrm-elevated
# vagrant plugin install winrm-fs
# vagrant plugin install vagrant-vbguest
#
# sudo apt-get install freerdp2-x11
#
# ssh-keygen
# the current user needs to have ~/.ssh/id_rsa.pub (and ~/.ssh/id_rsa)
# this is for logging without password (other security issues are present, see below)
#
# vagrant up
# boots up the virtual machine and installs/provisions it
#
# consider installing windows updates from the GUI
# either log in via virtualbox (choose "Show" on the machine)
# or via "vagrant rdp -- /cert-ignore"
#
# Then
# the current directory on the host (with Vagrantfile) is accessible from the guest as
# C:\vagrant
#
# vagrant ssh
# to get bash/Msys2 shell:
# set MSYSTEM=MSYSTEM & "c:\msys64\usr\bin\bash.exe" --login -i
# even some console programs don't work without GUI, e.g. MikTeX
#
# vagrant rdp -- /cert-ignore
# to get GUI connection
#
# virtualbox
# find the running machine, "Show" to get GUI connection
# username is "IEUser", password is "Passw0rd!"
#
# Machine management
#
# vagrant up - to boot
# vagrant halt - to shut down
# vagrant suspend
# vagrant resume
#
Vagrant.configure("2") do |config|
config.vm.provider :virtualbox do |v|
v.cpus = 2
v.memory = 4096
end
if Vagrant.has_plugin?("vagrant-vbguest") then
# change to "false" to prevent updating of virtualbox additions on VM start
config.vbguest.auto_update = true
end
config.vm.box = "win10-tst"
config.vm.guest = :windows
config.vm.communicator = "winrm"
config.vm.graceful_halt_timeout = 600
config.vm.boot_timeout = 600
# RDP and WinRM port forwarding
config.vm.network :forwarded_port, guest: 3389, host: 3389
config.vm.network :forwarded_port, guest: 5985, host: 5985, id: "winrm", auto_correct: true
config.winrm.username = "IEUser"
config.winrm.password = "Passw0rd!"
config.ssh.username= "IEUser"
config.ssh.keys_only= true
config.ssh.insert_key = false
config.ssh.sudo_command = ''
config.ssh.shell = 'sh -l'
config.ssh.private_key_path = "~/.ssh/id_rsa"
# enable remote connection using RDP (not secure)
config.vm.provision "shell",
privileged: true,
inline: <<-SHELL
Set-ItemProperty -Path 'HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server' -name "fDenyTSConnections" -value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
try {
Add-LocalGroupMember -Group "Remote Desktop Users" -Member "IEUser" -ErrorAction Stop
} catch [Microsoft.PowerShell.Commands.MemberExistsException] {
Write-Output "User is already a member of Remote Desktop Users group."
}
SHELL
# disable NLA so that RDP clients connect via "vagrant rdp" (not secure)
config.vm.provision "shell",
privileged: true,
run: "always",
inline: <<-SHELL
[void](Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace "root\\cimv2\\terminalservices" -ComputerName $env:computername -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
SHELL
# enable SSH server
config.vm.provision "shell",
privileged: true,
inline: <<-SHELL
# Enable SSH server
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
$r = Get-NetFirewallRule -Name sshd -ErrorAction SilentlyContinue
if ($r) {
Write-Output "Firewall Rule for sshd is already present."
} else {
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
}
SHELL
# copy current user's SSH RSA public key to the server
# see https://stackoverflow.com/questions/16212816/setting-up-openssh-for-windows-using-public-key-authentication
config.vm.provision "file",
source: "~/.ssh/id_rsa.pub",
destination: "/ProgramData/ssh/administrators_authorized_keys"
# fix permissions for the authorized keys file so that sshd accepts it
# see https://www.concurrency.com/blog/may-2019/key-based-authentication-for-openssh-on-windows
config.vm.provision "shell",
privileged: true,
inline: <<-SHELL
$acl = Get-Acl "C:\\ProgramData\\ssh\\administrators_authorized_keys"
$acl.SetAccessRuleProtection($true, $false)
$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
$acl.SetAccessRule($administratorsRule)
$acl.SetAccessRule($systemRule)
$acl | Set-Acl
SHELL
# install software needed to build R, including Msys2
config.vm.provision "shell",
privileged: true,
path: "setup.ps1"
end