Skip to main content

Multipass

·659 words·4 mins
Blogger cli multipass
Table of Contents

Introduction
#

Multipass is simple a docker alternative from Canonical projects. It is a lightweight cross-platform VM manager, and is designed for developers who want a fresh Ubuntu environment with a single command.

A cloud-init can be used for post-install configuration, such as setup SSH public key or mounting a disk.

It is so fun 😜😜 and I love its’ simplicity.

Log Journal
#

2022.05.15 : Installation
#

Multipass is a lightweight virtual machine manager developed by Canonical, the company behind Ubuntu. It allows you to easily create, manage, and launch virtual machines on your local machine or in the cloud, using a simple command-line interface.

Multipass provides a fast and efficient way to test and develop software on multiple operating systems without the need to set up and maintain a full-fledged virtualization infrastructure. It uses the lightweight KVM virtualization technology to create isolated environments that run independently of the host system.

With Multipass, we can quickly spin up new virtual machines, and customize the configuration of each virtual machine, such as CPU, memory, disk space, and network settings.

$ sudo snap install multipass --classic 
$ sudo snap refresh multipass --channel stable

2022.05.16: Customized VM at launch with cloud-init
#

Multipass is great. With cloud-init, it is getting better.

With cloud-init we can customize our virtual machine at launch when we create them with Multipass.

First, create a cloud-init.yaml file with the content below:

ssh_authorized_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAAD........./FAC8DD2xi2pZZc3Dnv/6iE= xx@pf

Next, create the VM and login to the shell.

$ multipass launch --name jimny --cloud-init cloud-init.yaml
$ multipass shell jimny

2022.09.28 : Advanced Setup with Multipass
#

We can pre-configure all the actions every time a new VM instance is created via cloud-init. Create a YAML file called cloud_init.yaml below:

users:
  - default
  - name: xx
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh_authorized_keys:
      - ssh-rsa <rsa keys in one line>
package_update: true
package_upgrade: true
packages:
  - nodejs
  - python3

Then, create a new VM instance, login the shell, and checkfor Nodejs and python3 packages.

$ multipass launch -c 2 -m 2G -d 10G -n jimny --cloud-init cloud_init.yaml
$
$ multipass info jimny
$ multipass shell jimny
ubuntu@jimny:~$ apt list python3 nodejs

2022.09.29 : Multipass Local Privileged Mounts
#

To access the host storage from the guest VM instance, we need to setup one-time configuration. First, find out the current configured value:

$ multipass get local.privileged-mounts

If it is false, then set the value to true:

$ multipass set local.privileged-mounts=true

Then, share the host’s local folder (c:\Temp) to guest VM. And check if it is successful.

$ multipass mount c:\temp jimny:temp
$ multipass info jimny
$ multipass umount jimny:temp

2022.10.01 : Multipass Images
#

To show Multipass images:

$ multipass find --format json
{
    "errors": [
    ],
    "images": {
        "18.04": {
            "aliases": [
                "bionic"
            ],
            "os": "Ubuntu",
            "release": "18.04 LTS",
            "remote": "",
            "version": "20220921"
        },
        ....
        ....
        ....
}

$ multipass version --format json
{
    "multipass": "1.10.1+win",
    "multipassd": "1.10.1+win"
}

2022.10.24 : Multipass is Exposing SSH private key to everyone.
#

It is so convenience to use the command ‘multipass shell jimny’ whenever we need to access to VM created.

But, how can we login without password? Where is the SSH private key?

Actually it is using SSH public key authentication for login to VM.

For my case, I’m using WSL, and the SSH private key is stored at C:\ProgramData\Multipass\data\ssh-keys\id_rsa

So, in theory, we can always do the following to login to any VM created by Multipass.

PS> ssh -i C:\ProgramData\Multipass\data\ssh-keys\id_rsa ubuntu@jimny

However, you will always hit with permission error. Not because of no permission, but everyone has a READ permission to the private key. To fix this, you need an administrator privilege to fix it:

C:\cd C:\ProgramData\Multipass\data\ssh-keys

C:\ProgramData\Multipass\data\ssh-keys> icacls id_rsa /inheritance:r /grant "$(whoami):F" /grant "NT AUTHORITY\SYSTEM:F"

Make sure it is executed successfully and you should be able to use the SSH private key for authentication.

PS> ssh -i C:\ProgramData\Multipass\data\ssh-keys\id_rsa ubuntu@jimny

Links#

Related

Think In Graphs
·21 words·1 min
Blogger qotd
Defenders think in lists. Attackers think in graphs.
What is Information Security?
·12 words·1 min
Blogger infosec qotd
Intelligence vs Innovation.
Challenges In Vulnerability Management
·268 words·2 mins
Posts vulnmgmt
Vulnerability management faces challenges in both agent-based and network scan-based approaches