Categories
DevOps

How to fix pkeys are immutable error inside Vagrant on Ubuntu Jammy Jellyfish

Fix pkeys are immutable on OpenSSL error inside Vagrant on Ubuntu Jammy Jellyfish.

Operating system.

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 22.04 LTS
Release:	22.04
Codename:	jammy

Perform a vagrant operation to raise an error.

$ vagrant up
[...]
	from /usr/share/rubygems-integration/all/gems/vagrant-2.2.19/lib/vagrant/machine.rb:215:in `block in action'
	from /usr/share/rubygems-integration/all/gems/vagrant-2.2.19/lib/vagrant/environment.rb:614:in `lock'
	from /usr/share/rubygems-integration/all/gems/vagrant-2.2.19/lib/vagrant/machine.rb:201:in `call'
	from /usr/share/rubygems-integration/all/gems/vagrant-2.2.19/lib/vagrant/machine.rb:201:in `action'
	from /usr/share/rubygems-integration/all/gems/vagrant-2.2.19/lib/vagrant/batch_action.rb:86:in `block (2 levels) in run'
/usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb:21:in `generate_key!': pkeys are immutable on OpenSSL 3.0 (OpenSSL::PKey::PKeyError)
	from /usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb:21:in `generate_key'
	from /usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/kex/abstract.rb:32:in `initialize'
	from /usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:437:in `new'
	from /usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:437:in `exchange_keys'
	from /usr/share/rubygems-integration/all/gems/net-ssh-6.1.0/lib/net/ssh/transport/algorithms.rb:245:in `proceed!'
[...]

This is a more general bug that also affects other operating systems as ruby-net-ssh does not support OpenSSL 3. Vagrant is unusable in this case, but at the present moment this issue can be resolved by using Vagrant from the official HashiCorp repository.

Get HashiCorp repository key.

$ wget -qO- https://apt.releases.hashicorp.com/gpg | sudo tee /etc/apt/trusted.gpg.d/hashicorp.asc

Add HashiCorp repository.

$ sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

Update package index.

$ sudo apt-get update

Inspect Vagrant package.

$ apt info vagrant
Package: vagrant
Version: 2.2.19+dfsg-1ubuntu1
Priority: optional
Section: universe/admin
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian Ruby Team 
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 3 559 kB
Depends: libarchive-tools, curl, openssh-client, rsync, ruby, ruby-bcrypt-pbkdf, ruby-childprocess, ruby-ed25519, ruby-erubi, ruby-i18n, ruby-listen, ruby-log4r, ruby-mime-types, ruby-net-ssh, ruby-net-sftp, ruby-net-scp, ruby-rexml, ruby-zip, ruby-vagrant-cloud
Recommends: vagrant-libvirt
Suggests: virtualbox (>= 4.0)
Breaks: virtualbox (>= 6.2)
Homepage: https://www.vagrantup.com
Ruby-Versions: all
Download-Size: 473 kB
APT-Manual-Installed: yes
APT-Sources: http://pl.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Description: Tool for building and distributing virtualized development environments
 This package provides the tools to create and configure lightweight,
 reproducible, and portable virtual environments.
 .
 Vagrant upstream uses Oracle’s VirtualBox by default to create its virtual
 machines. On Debian, Vagrant will use libvirt/KVM by default as VirtualBox is
 not part of Debian main, but will use VirtualBox if it's installed.

N: There are 11 additional records. Please use the '-a' switch to see them.

Inspect available vagrant packages.

$ apt info -a vagrant
Package: vagrant
Version: 2.2.19+dfsg-1ubuntu1
Priority: optional
Section: universe/admin
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian Ruby Team 
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 3 559 kB
Depends: libarchive-tools, curl, openssh-client, rsync, ruby, ruby-bcrypt-pbkdf, ruby-childprocess, ruby-ed25519, ruby-erubi, ruby-i18n, ruby-listen, ruby-log4r, ruby-mime-types, ruby-net-ssh, ruby-net-sftp, ruby-net-scp, ruby-rexml, ruby-zip, ruby-vagrant-cloud
Recommends: vagrant-libvirt
Suggests: virtualbox (>= 4.0)
Breaks: virtualbox (>= 6.2)
Homepage: https://www.vagrantup.com
Ruby-Versions: all
Download-Size: 473 kB
APT-Manual-Installed: yes
APT-Sources: http://pl.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
Description: Tool for building and distributing virtualized development environments
 This package provides the tools to create and configure lightweight,
 reproducible, and portable virtual environments.
 .
 Vagrant upstream uses Oracle’s VirtualBox by default to create its virtual
 machines. On Debian, Vagrant will use libvirt/KVM by default as VirtualBox is
 not part of Debian main, but will use VirtualBox if it's installed.

Package: vagrant
Version: 2.2.19
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 117 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 41,5 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.18
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 117 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 41,5 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.17
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 123 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 43,9 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.16
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 115 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 40,9 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.15
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 117 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 40,0 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.14
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 116 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 39,7 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.13
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 115 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 39,9 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.12
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 119 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 41,3 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.11
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 115 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 39,9 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.10-4
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 126 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 43,1 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Package: vagrant
Version: 2.2.9
Priority: extra
Section: default
Maintainer: HashiCorp <support@hashicorp.com>
Installed-Size: 126 MB
Homepage: https://www.vagrantup.com/
License: MIT
Vendor: HashiCorp
Download-Size: 43,0 MB
APT-Sources: https://apt.releases.hashicorp.com jammy/main amd64 Packages
Description: Vagrant is a tool for building and distributing development environments.

Install Vagrant using HashiCorp repository.

$ sudo apt-get install vagrant=2.2.19

Verify Vagrant behaviour.

$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'ubuntu/jammy64'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'ubuntu/jammy64' version '20220423.0.0' is up to date...
==> default: Setting the name of the VM: jellyfish_default_1651174236178_38283
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
    default: Adapter 2: hostonly
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: 
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default: 
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
    default: The guest additions on this VM do not match the installed version of
    default: VirtualBox! In most cases this is fine, but in rare cases it can
    default: prevent things such as shared folders from working properly. If you see
    default: shared folder errors, please make sure the guest additions within the
    default: virtual machine match the version of VirtualBox you have installed on
    default: your host and reload your VM.
    default: 
    default: Guest Additions Version: 6.0.0 r127566
    default: VirtualBox Version: 6.1
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
    default: /vagrant => /home/milosz/_v/jellyfish

Hold package till it get fixed later.

$ sudo apt-mark hold vagrant
vagrant set on hold.

It works!