Projet

Général

Profil

Actions

Autoinstall OpenBSD !

  • What ?

You want to build a full automated OpenBSD in 3 minuts, here is the cookbook.
I used it to deploy various PC Engines APU routers/firewalls.

  • How ?

PXE Boot from the OpenBSD Builder

Packages

pkg_add bash colorls curl git gmake gnuwatch go jq python-3.6

PXE Interface

builder# cat /etc/hostname.em1                                                                                                                                         
172.16.16.254/24 description "PXE"

dhcpd

    filename "auto_install";
    next-server 172.16.16.254;
subnet 172.16.16.0 netmask 255.255.255.0 {
    range 172.16.16.1 172.16.16.2;
    option subnet-mask 255.255.255.0;
    option broadcast-address 172.16.16.255;
    option routers 172.16.16.254;
    }
echo "dhcpd_flags=em1">> /etc/rc.conf.local

PXE

mkdir -p /tftp/etc && chown _tftpd:_tftpd /tftp
cd /tftp
ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/pxeboot
ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/bsd.mp
ln -s pxeboot auto_install
ln -s bsd.rd bsd

 echo "
  stty com0 115200
  boot bsd
  " > /tftp/etc/boot.conf

 echo 'tftpd_flags="-4 /tftp"' >> /etc/rc.conf.local
 /etc/rc.d/dhcpd start
 /etc/rc.d/tftpd start

Copy sources

$ cd /var/www/htdocs
$ mkdir -p pub/OpenBSD/6.5/amd64/
$ cd pub/OpenBSD/6.5/amd64/
$ ftp 'ftp://ftp.nluug.nl/pub/OpenBSD/6.5/amd64/*'
signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig

/etc/httpd.conf

server "*" {
        listen on * port 80
        directory auto index
}

builder

#!/usr/local/bin/bash

#####################################
# Builder - v1.0
#####################################

echo "=========================================="
echo "=  OpenBSD Configuration builder - V1.1  ="
echo "=  sacha at aquilenet.fr -=o=- 20190722  ="
echo "=========================================="

BPATH="/builder"
SKEL="$BPATH/skel"
WWW="$BPATH/www"
TGZ="$BPATH/siteXX.tgz"
VERSION="$(uname -r)"
VER="$(uname -r |tr -d '.')"

ok="n"
until [ $ok == "o" ]; do

read -p "Nom  du site: " SITE
#read -p "Departement: " DEP
read -p "Code Postal: " CP
read -p "infos OSM:" OSM
read -p "pppoe user: " PPPOEU
read -p "pppoe pass: " PPPOEP

DEP=${CP:0:2}

echo "----------------------------------"
echo "Site              : $SITE"
echo "Departement       : $DEP"
echo "Code Postal       : $CP"
echo "Infos OSM         : $OSM"
echo "pppoe user        : $PPPOEU"
echo "pppoe pass        : $PPPOEP"
read -p "ok ? (o/n):" ok
done


SITEPATH="$BPATH/site/$SITE"

mkdir -p $SITEPATH/{root,etc,var/unbound/etc/,home,usr/local/bin}

cp -R $SKEL/* $SITEPATH/

#-------------------
#  myname 
#-------------------
echo "cerbere.$SITE.mydomain.fr" > $SITEPATH/etc/myname

#-------------------
#  dhcpd.conf
#-------------------
sed -e "s/DEP/$DEP/g" -e "s/SITE/$SITE/g"  $SKEL/etc/dhcpd.conf > $SITEPATH/etc/dhcpd.conf

#-------------------
#  hostname.pppoe0
#-------------------
sed -e "s/PPPOEU/$PPPOEU/g" -e "s/PPPOEP/$PPPOEP/g" $SKEL/etc/hostname.pppoe0 > $SITEPATH/etc/hostname.pppoe0

#-------------------
#  hostname.em2
#-------------------
sed -e "s/DEP/$DEP/g" $SKEL/etc/hostname.em2 > $SITEPATH/etc/hostname.em2

#-------------------
# unbound.conf
#-------------------
sed -e "s/DEP/$DEP/g" $SKEL/var/unbound/etc/unbound.conf > $SITEPATH/var/unbound/etc/unbound.conf

#-------------------
# prometheus geoash 
#-------------------

preposition=$(curl -Ls  "https://nominatim.openstreetmap.org/search/$CP $OSM?format=geojson&limit=1" |jq '.features[].geometry.coordinates| .[]')
position=$(echo $preposition | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
position=${position/ /,}
pregeoash=$(curl -Ls -w %{url_effective} -o /dev/null "http://geohash.org?q=$position")
geoash=${pregeoash#"http://geohash.org/"}
echo $geoash 
echo 'loc{geohash="$geoash",place="'$SITE'"} 10' > $SKEL/var/node_exporter/site_location.prom

#=====================================================================================================
# FIN

cd $SITEPATH && tar czvf  $TGZ/$SITE-site$VER.tgz .
rm -f $WWW/pub/OpenBSD/$VERSION/amd64/site.tgz
cp $TGZ/$SITE-site$VER.tgz $WWW/pub/OpenBSD/$VERSION/amd64/site$VER.tgz
builder|02:37:51|:/builder#ls -alh /builder/
total 32
drwxr-xr-x   6 root  wheel   512B Jul 22 02:37 .
drwxr-xr-x  15 root  wheel   512B Jul 21 18:24 ..
-rwxr-xr-x   1 root  wheel   1.8K Jul 22 02:32 builder.sh
lrwxr-xr-x   1 root  wheel    54B Jul 21 21:35 prometheus-build -> /home/sacha/go/src/github.com/prometheus/node_exporter
drwxr-xr-x   3 root  wheel   512B Jul 22 01:35 site
drwxr-xr-x   2 root  wheel   512B Jul 22 01:35 siteXX.tgz
drwxr-xr-x   7 root  wheel   512B Jul 22 01:30 skel
-rw-r--r--   1 root  wheel   1.2K Jul 22 01:07 test.tgz
lrwxr-xr-x   1 root  wheel     5B Jul 21 18:24 tftp -> /tftp
drwxr-xr-x   2 root  wheel   512B Jul 22 00:05 tmp
lrwxr-xr-x   1 root  wheel    16B Jul 21 18:24 www -> /var/www/htdocs/

/tmp/i/install.resp

printf '%s' 'yourpassword' | encrypt

install.conf

System hostname = cerbere
Which network interface do you wish to configure = em0
IPv4 address for em0 = dhcp
IPv6 address for em0 = none
Which network interface do you wish to configure = done
DNS domain name = SITE.mydomain.fr
DNS nameservers = none
Start sshd(8) by default = yes
Do you expect to run the X Window System = no
Change the default console to com0 = yes
Which speed should com0 use = 115200
Password for root account = $2b$10$V2wkDaLWTc0jmdPEMOW5VOPeg.nS9YbJOsj6LYZMrXdRiDCGoo6yu 
Password for user sacha = $2b$09$GWtR24VPpbZTdKyu5MZStOlyiNn2IKUy2trMI1rOJh1YjEjjNZKJa
Setup a user = sacha
Full name for user sacha = sacha
Public ssh key for user sacha = ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA4y0oNSz3pvt2WVY/kBnlciuKoO8Nhxc+zsiaA7EOw+MRaysGZ6tymgMBpwuOCwMA8oBdgOzzlZOk7oIM1AUVjykrcrS3JPW1AOp0rjHJSDQKc8x2jBZTM8VIt1GoDTvfxoO6WTjaPJwwOxZlcS1zT6nW1y5IvO0Apz4MVKKNUZaZNa7x7MBfV59nXvWORddf3zJD/lHpK8WxfRVgYRJoLrNiqUe26GaDCKPge5fAmtgJMLvKGSzdsoCxtrY04tZw3fsdb/hJl7/Ov7dyX9NXJEU0dveFXZnLhYwKVhUa0CRxawCez202HInhp3LttYptwoX8jCjuRMlPL4+rhKtnDnze4Q81hU08xTV+TmNOzdPpVs0hY9wkQXyYrBlAGMjLQS0JQVL0hnI5FBB90GhwxzxzvD7HYLjipXXyOpdn/GZeSEG9ayjxc8kgXesT9Ogwo0GiXxPOjHz32NEJbDXXktMJZJuSqM6zD3KroB4qB6gLFZRnklqiedRTOMYJLYhC1MtdXqN/wpdlFQemYvCCGr44FJKLMDBYch4AiChVnr8VmnMzs+3ZE/3cP6tzDwgjotZc3uKN9nbEQt6SamlxW68P35ScODT1tED0JHep4qRxa5wQjYbLFQNwlWU1Vj7SxNDW0ahyZO5OZiuqtUjYzthhGECFqCtJwc/y2NTstFM= nobody@nowhere
Allow root ssh login = no
Which disk is the root disk = sd0
Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit = O 
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = a 
Which disk do you wish to initialize = done
Location of sets = http 
HTTP proxy URL = none
HTTP Server = 172.16.16.254
Pathname to the sets = pub/OpenBSD/6.5/amd64 
Unable to connect using https. Use http instead = yes
Set name(s) = -x*
Set name(s) = -g*
Set name(s) = site65.tgz
Checksum test for site65.tgz failed. Continue anyway = yes
Unverified sets: site65.tgz. Continue without verification = yes
Set name(s) = done
Directory does not contain SHA256.sig. Continue without verification = yes
Location of sets = done
What timezone are you in = Europe/Paris
Exit to (S)hell, (H)alt or (R)eboot = R

build siteXX.tgz

exemple copier le site65.tgz dans www/pub/OpenBSD/6.5/amd64 puis ls -al > www/pub/OpenBSD/6.5/amd64/index.txt
script install: install.site https://undeadly.org/cgi?action=article;sid=20080111200305

install.site

usermod -G wheel sacha
echo 'node_exporter:\
        :tc=daemon: '>> /etc/login.conf
cap_mkdb /etc/login.conf
groupadd _node_exporter
useradd -u _node_exporter -c "Prometheus Node Exporter agent" -d /var/empty -s /sbin/nologin -L node_exporter _node_exporter

Sources

http://eradman.com/posts/autoinstall-openbsd.html
http://149.210.185.89/openbsd-autoinstall.html
http://www.openbsd.org/faq/faq4.html#site
https://man.openbsd.org/autoinstall.8

Mis à jour par sacha il y a presque 3 ans · 6 révisions