vagrant-lxd 0.3.4 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 19b57c015f383c61855e133fbcca178eec5c389b
-  data.tar.gz: ebe1a99f880fa00afdf740e7c1c9f3163b53f22d
+  metadata.gz: 37988b3901f0e99417203fbab0b8c532e631f0c4
+  data.tar.gz: c39bdfa2e6e7912cd5dc3cad36600bc6d98ff51d
 SHA512:
-  metadata.gz: b7f17bca98f8490e9c773d3848b5348a521e97d6352fae665007fb16b579e3fa74605fd73eccdbeb217cba0c8fa6f889b606e4b06925667d7632cb88a51c9096
-  data.tar.gz: 89218b6793e3ce419c4c9b486d81c8e88e4d35c5b00d22857247558d889f9d2a6faee55adfdecf1d03b38fb201217843507234ef71a5371526c2c9f6eae27dab
+  metadata.gz: 1c14feb0f9522935357fe750329e288697bb8dc226218aeeebec74baa8e78afc36689a3972db637db9fa0e507e594dcfc9ae8df0c68a25550ee6359e536f6d35
+  data.tar.gz: 68cb1f0440026627051a5754e64857b25a78dc5d7a0d155c798304af8676efff555a5e226e01be3daa6d4d258e0d64856fa6195070c8a8366004df987bade911

data/Gemfile.lock

@@ -27,7 +27,7 @@ GIT
 PATH
   remote: .
   specs:
-    vagrant-lxd (0.3.4)
+    vagrant-lxd (0.4.0)
       hyperkit (~> 1.2.0)
 
 GEM

data/README.md

@@ -67,7 +67,7 @@ VM images from [Vagrant Cloud][cloud] should work without modification:
 
 #### Configuration
 
-Below is an example Vagrantfile showing all of the provider's
+Below is an example Vagrantfile showing most of the provider's
 configurable values, along with their defaults. The `debian/stretch64`
 box is available on the Vagrant Cloud, so you should be able to copy
 this file and adjust it as you see fit.
@@ -90,6 +90,27 @@ Vagrant.configure('2') do |config|
 end
 ```
 
+### Client Authentication
+
+The LXD API uses client certificates to authenticate requests.
+
+By default, the plugin will first try to use files from
+`~/.config/lxc/client.crt` and `client.key`, if they exist. Otherwise,
+it will generate a new 4096-bit RSA certificate (and accompanying
+private key) in Vagrant's data directory. When using the plugin for the
+first time, you will need to add this certificate to LXD's trust store
+by running:
+
+    $ lxc config trust add ~/.vagrant.d/data/lxd/client.crt
+
+If you would rather use an existing certificate, you can specify the
+files for the plugin to use with the following settings:
+
+    config.vm.provider 'lxd' do |lxd|
+      lxd.client_certificate = '/path/to/client.crt'
+      lxd.client_key = '/path/to/client.key'
+    end
+
 ### Synced Folders
 
 In order to use shared folders, you must first add your user ID to the
@@ -177,6 +198,10 @@ configuration documentation][docs] for details.
       lxd.privileged = true
     end
 
+Note that enabling these options will invalidate any user and group ID
+mappings you may have configured for synced folders, since privileged
+containers use the same UID and GID space as the host machine.
+
 [docs]: https://lxd.readthedocs.io/en/latest/containers/
 
 ## Hacking

data/lib/vagrant-lxd/config.rb

@@ -18,6 +18,7 @@
 #
 
 require 'uri'
+require 'openssl'
 
 module VagrantLXD
   class Config < Vagrant.plugin('2', :config)
@@ -32,6 +33,8 @@ module VagrantLXD
     attr_accessor :profiles
     attr_accessor :vagrant_uid
     attr_accessor :vagrant_gid
+    attr_accessor :client_certificate
+    attr_accessor :client_key
 
     def initialize
       @name = UNSET_VALUE
@@ -45,6 +48,8 @@ module VagrantLXD
       @api_endpoint = UNSET_VALUE
       @vagrant_uid = UNSET_VALUE
       @vagrant_gid = UNSET_VALUE
+      @client_certificate = UNSET_VALUE
+      @client_key = UNSET_VALUE
     end
 
     def validate(machine)
@@ -110,6 +115,30 @@ module VagrantLXD
         errors << "Invalid `vagrant_gid' (value must be a non-negative integer): #{vagrant_gid.inspect}"
       end
 
+      if client_certificate.is_a? String
+        begin
+          OpenSSL::X509::Certificate.new(File.read(client_certificate))
+        rescue Exception => e
+          errors << "Invalid `client_certificate' (unable to read certificate): #{e.message}"
+        end
+      elsif not client_certificate.nil?
+        errors << "Invalid `client_certificate' (value must be a string): #{client_certificate.inspect}"
+      elsif not client_key.nil?
+        errors << "You must provide both `client_certificate' and `client_key'"
+      end
+
+      if client_key.is_a? String
+        begin
+          OpenSSL::PKey.read(File.read(client_key))
+        rescue Exception => e
+          errors << "Invalid `client_key' (unable to read key): #{e.message}"
+        end
+      elsif not client_key.nil?
+        errors << "Invalid `client_key' (value must be a string): #{client_key.inspect}"
+      elsif not client_certificate.nil?
+        errors << "You must provide both `client_certificate' and `client_key'"
+      end
+
       { Version::NAME => errors }
     end
 
@@ -148,7 +177,7 @@ module VagrantLXD
 
       if api_endpoint == UNSET_VALUE
         @api_endpoint = URI('https://127.0.0.1:8443')
-      else
+      elsif String === api_endpoint
         @api_endpoint = URI(api_endpoint)
       end
 
@@ -159,6 +188,18 @@ module VagrantLXD
       if vagrant_gid == UNSET_VALUE
         @vagrant_gid = vagrant_uid
       end
+
+      if client_certificate == UNSET_VALUE
+        @client_certificate = nil
+      elsif String === client_certificate
+        @client_certificate = File.expand_path(client_certificate)
+      end
+
+      if client_key == UNSET_VALUE
+        @client_key = nil
+      elsif String === client_key
+        @client_key = File.expand_path(client_key)
+      end
     end
   end
 end

data/lib/vagrant-lxd/driver.rb

@@ -24,7 +24,7 @@ require 'tempfile'
 require 'timeout'
 require 'monitor'
 require 'vagrant/machine_state'
-require 'vagrant-lxd/config'
+require 'vagrant-lxd/driver/certificate'
 
 module VagrantLXD
   class Driver
@@ -88,6 +88,10 @@ module VagrantLXD
       error_key 'lxd_disk_unmount_failure'
     end
 
+    class CertificateGenerationFailure < Vagrant::Errors::VagrantError
+      error_key 'lxd_certificate_generation_failure'
+    end
+
     class SnapshotNotFound < Vagrant::Errors::VagrantError
       error_key 'snapshot_not_found'
     end
@@ -118,6 +122,8 @@ module VagrantLXD
     attr_reader :nesting
     attr_reader :privileged
     attr_reader :profiles
+    attr_reader :client_certificate
+    attr_reader :client_key
     attr_reader :vagrant_uid
     attr_reader :vagrant_gid
 
@@ -132,10 +138,11 @@ module VagrantLXD
       @ephemeral = machine.provider_config.ephemeral
       @profiles = machine.provider_config.profiles
       @name = machine.provider_config.name
+      @client_certificate = machine.provider_config.client_certificate
+      @client_key = machine.provider_config.client_key
       @vagrant_uid = machine.provider_config.vagrant_uid
       @vagrant_gid = machine.provider_config.vagrant_gid
       @logger = Log4r::Logger.new('vagrant::lxd::driver')
-      @lxd = Hyperkit::Client.new(api_endpoint: api_endpoint.to_s, verify_ssl: false, user_agent: USER_AGENT)
     end
 
     def validate!
@@ -156,18 +163,18 @@ module VagrantLXD
     end
 
     def mount(name, options)
-      container = @lxd.container(machine_id)
+      container = lxd.container(machine_id)
       devices = container[:devices].to_hash
       devices[name] = { type: 'disk', path: options[:guestpath], source: options[:hostpath] }.merge(options[:config])
       container[:devices] = devices
-      @lxd.update_container(machine_id, container)
+      lxd.update_container(machine_id, container)
     rescue Hyperkit::BadRequest => e
       @machine.ui.error 'Failed to mount synced folder'
       fail DiskMountFailure, machine_name: @machine.name, guestpath: options[:guestpath], reason: e.reason
     end
 
     def mounted?(name, options)
-      container = @lxd.container(machine_id)
+      container = lxd.container(machine_id)
       devices = container[:devices].to_hash
       name = name.to_sym
       begin
@@ -179,18 +186,18 @@ module VagrantLXD
     end
 
     def unmount(name, options)
-      container = @lxd.container(machine_id)
+      container = lxd.container(machine_id)
       devices = container[:devices].to_hash
       devices.delete(name.to_sym)
       container[:devices] = devices
-      @lxd.update_container(machine_id, container)
+      lxd.update_container(machine_id, container)
     rescue Hyperkit::BadRequest => e
       @machine.ui.error 'Failed to unmount synced folder'
       fail DiskUnmountFailure, machine_name: @machine.name, guestpath: options[:guestpath], reason: e.reason
     end
 
     def attach(container)
-      @lxd.container(container) # Query LXD to make sure the container exists.
+      lxd.container(container) # Query LXD to make sure the container exists.
 
       if in_state? NOT_CREATED
         @machine.id = container
@@ -211,17 +218,17 @@ module VagrantLXD
     #
 
     def snapshot_list
-      @lxd.snapshots(machine_id)
+      lxd.snapshots(machine_id)
     end
 
     def snapshot_save(name)
       snapshot_delete(name) # noops if the snapshot doesn't exist
-      operation = @lxd.create_snapshot(machine_id, name, sync: false)
+      operation = lxd.create_snapshot(machine_id, name, sync: false)
       wait_for_operation(operation)
     end
 
     def snapshot_restore(name)
-      operation = @lxd.restore_snapshot(machine_id, name, sync: false)
+      operation = lxd.restore_snapshot(machine_id, name, sync: false)
       wait_for_operation(operation)
     rescue Hyperkit::BadRequest
       @logger.warn 'Snapshot restoration failed: ' << name
@@ -229,14 +236,14 @@ module VagrantLXD
     end
 
     def snapshot_delete(name)
-      @lxd.delete_snapshot(machine_id, name)
+      lxd.delete_snapshot(machine_id, name)
     rescue Hyperkit::NotFound
       @logger.warn 'No such snapshot: ' << name
     end
 
     def state
       return NOT_CREATED if machine_id.nil?
-      container_state = @lxd.container_state(machine_id)
+      container_state = lxd.container_state(machine_id)
       container_state[:status].downcase.to_sym
     rescue Hyperkit::NotFound
       NOT_CREATED
@@ -250,28 +257,28 @@ module VagrantLXD
 
         Driver.synchronize do
           begin
-            image = @lxd.image(fingerprint)
+            image = lxd.image(fingerprint)
             @logger.debug 'Using image: ' << image.inspect
           rescue Hyperkit::NotFound
-            image = @lxd.create_image_from_file(file)
+            image = lxd.create_image_from_file(file)
             @logger.debug 'Created image: ' << image.inspect
             begin
-              @lxd.update_image(fingerprint, properties: IMAGE_PROPERTIES)
-              @lxd.create_image_alias(fingerprint, machine_id, IMAGE_PROPERTIES)
+              lxd.update_image(fingerprint, properties: IMAGE_PROPERTIES)
+              lxd.create_image_alias(fingerprint, machine_id, IMAGE_PROPERTIES)
             rescue Hyperkit::Error
               @logger.error 'Failed to set description for image: ' << e.reason
             end
           end
         end
 
-        container = @lxd.create_container(machine_id, ephemeral: ephemeral, fingerprint: fingerprint, config: config, profiles: profiles)
+        container = lxd.create_container(machine_id, ephemeral: ephemeral, fingerprint: fingerprint, config: config, profiles: profiles)
         @logger.debug 'Created container: ' << container.inspect
 
         @machine.id = machine_id
       end
     rescue Hyperkit::Error => e
-      @lxd.delete_container(machine_id) rescue nil unless container.nil?
-      @lxd.delete_image(image[:metadata][:fingerprint]) rescue nil unless image.nil?
+      lxd.delete_container(machine_id) rescue nil unless container.nil?
+      lxd.delete_image(image[:metadata][:fingerprint]) rescue nil unless image.nil?
       if e.reason =~ /Container '([^']+)' already exists/
         @machine.ui.error e.reason
         fail ContainerAlreadyExists, machine_name: @machine.name, container: $1
@@ -284,9 +291,9 @@ module VagrantLXD
     def resume
       case state
       when :stopped
-        @lxd.start_container(machine_id)
+        lxd.start_container(machine_id)
       when :frozen
-        @lxd.unfreeze_container(machine_id, timeout: timeout)
+        lxd.unfreeze_container(machine_id, timeout: timeout)
       end
     rescue Hyperkit::BadRequest
       @machine.ui.warn "Container failed to start within #{timeout} seconds"
@@ -295,7 +302,7 @@ module VagrantLXD
 
     def halt(force = false)
       if in_state? :running, :frozen
-        @lxd.stop_container(machine_id, timeout: timeout, force: force)
+        lxd.stop_container(machine_id, timeout: timeout, force: force)
       end
     rescue Hyperkit::BadRequest
       if force
@@ -308,7 +315,7 @@ module VagrantLXD
 
     def suspend
       if in_state? :running
-        @lxd.freeze_container(machine_id, timeout: timeout)
+        lxd.freeze_container(machine_id, timeout: timeout)
       end
     rescue Hyperkit::BadRequest
       @machine.ui.warn "Container failed to suspend within #{timeout} seconds"
@@ -325,9 +332,9 @@ module VagrantLXD
     end
 
     def configure
-      container = @lxd.container(machine_id)
+      container = lxd.container(machine_id)
       container[:config] = container[:config].to_hash.merge(config)
-      @lxd.update_container(machine_id, container)
+      lxd.update_container(machine_id, container)
     rescue Hyperkit::Error => e
       @machine.ui.error 'Failed to configure container'
       fail ContainerConfigurationFailure, machine_name: @machine.name, reason: e.reason
@@ -349,12 +356,22 @@ module VagrantLXD
     # used by the rest of the plugin.
     #
 
+    def lxd
+      @lxd ||= Hyperkit::Client.new(
+        api_endpoint: api_endpoint.to_s,
+        client_cert: cert.certificate,
+        client_key: cert.key,
+        verify_ssl: false,
+        user_agent: USER_AGENT,
+      )
+    end
+
     def machine_id
       @machine.id
     end
 
     def delete_container
-      @lxd.delete_container(machine_id)
+      lxd.delete_container(machine_id)
     rescue Hyperkit::NotFound
       @logger.warn "Container '#{machine_id}' not found, unable to destroy"
     rescue Hyperkit::Error => e
@@ -369,7 +386,7 @@ module VagrantLXD
     end
 
     def delete_image
-      @lxd.delete_image(container[:config][:'volatile.base_image'])
+      lxd.delete_image(container[:config][:'volatile.base_image'])
     rescue Hyperkit::NotFound
       @logger.warn "Image for '#{machine_id}' not found, unable to destroy"
     rescue Hyperkit::BadRequest
@@ -380,17 +397,17 @@ module VagrantLXD
     # is enabled or setting sync: true. TODO Upstream a better fix than
     # this, so that `wait_for_operation` really does.
     def wait_for_operation(operation)
-      @lxd.wait_for_operation(operation.id)
+      lxd.wait_for_operation(operation.id)
     rescue Faraday::TimeoutError
       retry
     end
 
     def container
-      @lxd.container(machine_id)
+      lxd.container(machine_id)
     end
 
     def connection_usable?
-      @lxd.images
+      lxd.images
     rescue Faraday::ConnectionFailed
       false
     else
@@ -398,7 +415,7 @@ module VagrantLXD
     end
 
     def authentication_usable?
-      connection_usable? and @lxd.containers
+      connection_usable? and lxd.containers
     rescue Hyperkit::Forbidden
       false
     else
@@ -425,7 +442,7 @@ module VagrantLXD
       @logger.debug "Looking up ipv4 address for #{machine_id}..."
       Timeout.timeout(timeout) do
         loop do
-          container_state = @lxd.container_state(machine_id)
+          container_state = lxd.container_state(machine_id)
           if address = container_state[:network][:eth0][:addresses].find { |a| a[:family] == 'inet' }
             return address[:address]
           else
@@ -439,6 +456,16 @@ module VagrantLXD
       fail NetworkAddressAcquisitionTimeout, time_limit: timeout, lxd_bridge: 'lxdbr0' # FIXME Hardcoded bridge name
     end
 
+    def cert
+      @cert ||= if client_certificate
+        Certificate.new(client_certificate, client_key)
+      else
+        Driver.synchronize do
+          locate_or_generate_client_certificate
+        end
+      end
+    end
+
     def config
       # NOTE We reuse ActiveSupport for `#deep_dup` here, but if the Hyperkit
       # dependency ever goes away, drop ActiveSupport and use some other
@@ -469,6 +496,18 @@ module VagrantLXD
       config
     end
 
+    def locate_or_generate_client_certificate
+      vagrant_path = @machine.env.data_dir / 'lxd'
+      default_path = Certificate.default_path / 'lxc'
+
+      search_paths = [vagrant_path, default_path]
+
+      Certificate.locate(search_paths) or
+      Certificate.generate(vagrant_path)
+    rescue Certificate::GenerationFailure => e
+      fail CertificateGenerationFailure, reason: e.message, api_endpoint: @api_endpoint.to_s, default_path: default_path, vagrant_path: vagrant_path
+    end
+
     # TODO Image handling should be moved into its own class.
     def prepare_image_file
       tmpdir = Dir.mktmpdir
@@ -520,7 +559,7 @@ module VagrantLXD
         machine: @machine.name,
         api_endpoint: @api_endpoint.to_s,
         https_address: @api_endpoint.host,
-        client_cert: File.expand_path('.config/lxc/client.crt', ENV['HOME']),
+        client_cert: cert.certificate.to_s,
       )
     end
   end

data/lib/vagrant-lxd/driver/certificate.rb

@@ -0,0 +1,88 @@
+#
+# Copyright (c) 2019 Catalyst.net Ltd
+#
+# This file is part of vagrant-lxd.
+#
+# vagrant-lxd is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or (at
+# your option) any later version.
+#
+# vagrant-lxd is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with vagrant-lxd. If not, see <http://www.gnu.org/licenses/>.
+#
+
+require 'etc'
+require 'openssl'
+require 'pathname'
+require 'socket'
+require 'vagrant-lxd/version'
+
+module VagrantLXD
+  class Driver
+    class Certificate < Struct.new(:certificate, :key)
+      PKEY_BITS = 4096
+      CERT_EXPIRY_YEARS = 10
+
+      GenerationFailure = Class.new(Exception)
+
+      @logger = Log4r::Logger.new('vagrant::lxd::driver::certificate')
+
+      def Certificate.default_path
+        Pathname.new('~/.config').expand_path
+      end
+
+      def Certificate.issuer_name
+        version = "#{Version::DESCRIPTION} #{Version::VERSION}"
+        username = Etc.getpwuid(Process.uid).name
+        hostname = Socket.gethostname
+        "/O=linuxcontainers.org/OU=#{version}/CN=#{username}@#{hostname}"
+      end
+
+      def Certificate.locate(paths)
+        if path = paths.find { |x| usable?(x) }
+          @logger.debug "Found usable certificate under #{path}"
+          Certificate.new(path / 'client.crt', path / 'client.key')
+        end
+      end
+
+      def Certificate.generate(path)
+        @logger.debug 'Generating new client certificate...'
+        name = OpenSSL::X509::Name.parse(issuer_name)
+        pkey = OpenSSL::PKey::RSA.new(PKEY_BITS)
+        cert = OpenSSL::X509::Certificate.new
+        cert.serial = 0
+        cert.version = 3
+        cert.issuer = name
+        cert.subject = name
+        cert.public_key = pkey.public_key
+        cert.not_before = Time.now
+        cert.not_after = Time.now + (365 * 24 * 60 * 60 * CERT_EXPIRY_YEARS)
+        cert.sign(pkey, OpenSSL::Digest::SHA1.new)
+        @logger.debug "Saving new certificate to disk under #{path}..."
+        FileUtils.mkdir_p(path, mode: 0o700)
+        File.write(path / 'client.crt', cert.to_s, 0, perm: 0o600)
+        File.write(path / 'client.key', pkey.to_s, 0, perm: 0o600)
+        Certificate.new(path / 'client.crt', path / 'client.key')
+      rescue Exception => e
+        @logger.error 'Certificate creation failed: ' << e.message
+        fail GenerationFailure, e.message
+      end
+
+      def Certificate.usable?(path)
+        @logger.debug "Checking for existing client certificate in #{path}..."
+        OpenSSL::PKey.read(File.read(path / 'client.key'))
+        OpenSSL::X509::Certificate.new(File.read(path / 'client.crt'))
+      rescue Exception
+        false
+      else
+        true
+      end
+    end
+  end
+end

data/lib/vagrant-lxd/version.rb

@@ -20,7 +20,7 @@
 module VagrantLXD
   module Version
     NAME = 'vagrant-lxd'
-    VERSION = '0.3.4'
+    VERSION = '0.4.0'
     DESCRIPTION = 'Vagrant LXD provider'
   end
 end

data/templates/locales/en.yml

@@ -32,13 +32,13 @@ en:
         
     errors:
       lxd_connection_failure: |-
-        The provider was unable to contact the LXD daemon at %{api_endpoint}.
+        The LXD provider was unable to contact the daemon at %{api_endpoint}.
         
         It's possible that LXD isn't installed, or that it isn't configured to
         accept HTTPS connections from your machine. You can check whether HTTPS
         access is enabled with the following command:
         
-            $ lxc config show core.https_address
+            $ lxc config get core.https_address
         
         If the result is empty or an error is shown, you will need to correct
         the way LXD is configured before Vagrant can use it. This can be done
@@ -51,7 +51,7 @@ en:
             https://linuxcontainers.org/lxd/getting-started-cli/#initial-configuration
         
       lxd_authentication_failure: |-
-        The provider could not authenticate to the LXD daemon at %{api_endpoint}.
+        The LXD provider could not authenticate to the daemon at %{api_endpoint}.
         
         You may need configure LXD to allow requests from this machine. The
         easiest way to do this is to add your LXC client certificate to LXD's
@@ -156,6 +156,18 @@ en:
         You will either need to delete this container and try again, or attach
         the VM to it with `vagrant lxd attach %{machine_name} %{container}`.
         
+      lxd_certificate_generation_failure: |-
+        The LXD provider was unable to generate a client certificate for
+        authenticating to the daemon at %{api_endpoint}.
+        
+        It tried to place the files in %{vagrant_path}.
+        
+        The underlying error message was: %{reason}
+        
+        You can use an existing certificate by setting the `client_certificate`
+        and `client_key` options in the LXD provider's configuration, or by
+        placing 'client.crt' and 'client.key' files in %{default_path}.
+        
       snapshot_not_found: |-
         The snapshot name `%{snapshot_name}` was not found for the
         virtual machine `%{machine}`.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vagrant-lxd
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.4.0
 platform: ruby
 authors:
 - Evan Hanson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-18 00:00:00.000000000 Z
+date: 2019-03-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: hyperkit
@@ -45,6 +45,7 @@ files:
 - lib/vagrant-lxd/command.rb
 - lib/vagrant-lxd/config.rb
 - lib/vagrant-lxd/driver.rb
+- lib/vagrant-lxd/driver/certificate.rb
 - lib/vagrant-lxd/plugin.rb
 - lib/vagrant-lxd/provider.rb
 - lib/vagrant-lxd/synced_folder.rb
@@ -71,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
 summary: Vagrant LXD provider