Runner Bootstrap

Read when:

• changing cloud-init;
• debugging machines that never become SSH-ready;
• changing the minimal runner contract or readiness checks.

Each runner is an Ubuntu machine prepared by cloud-init. It does not need coordinator credentials.

Bootstrap creates:

• the crabbox user;
• SSH key-only access;
• SSH on the primary port, default 2222, and configured fallback ports, default 22;
• /work/crabbox;
• shared package caches.

Bootstrap installs:

• curl and CA certificates;
• Git;
• rsync;
• jq;
• OpenSSH server.

Bootstrap intentionally does not install project language runtimes such as Go, Node, pnpm, Docker, databases, or service dependencies. Those belong in GitHub Actions hydration, devcontainers, Nix, mise/asdf, or repository setup scripts. A machine should not pass readiness until crabbox-ready succeeds over SSH.

The CLI prefers the configured SSH port and can fall back through ssh.fallbackPorts during early bootstrap or operator-network egress restrictions. Set ssh.fallbackPorts: [] or CRABBOX_SSH_FALLBACK_PORTS=none when the fallback should be disabled. Long term, snapshots or provider images can replace slow cloud-init once the bootstrap contract is stable.

Related docs:

• Providers
• SSH keys
• run command
• doctor command