Openbsd autoinstall » Historique » Révision 3
« Précédent |
Révision 3/6
(diff)
| Suivant »
sacha, 15/06/2021 13:53
Autoinstall OpenBSD !¶
- What ?
You want to build a full automated OpenBSD in 3 minuts, here is the cookbook.
I used it to deploy various PC Engines APU routers/firewalls.
- How ?
PXE Boot from the OpenBSD Builder
Packages¶
pkg_add bash colorls curl git gmake gnuwatch go jq python-3.6
PXE Interface¶
builder# cat /etc/hostname.em1 172.16.16.254/24 description "PXE"
dhcpd¶
filename "auto_install"; next-server 172.16.16.254; subnet 172.16.16.0 netmask 255.255.255.0 { range 172.16.16.1 172.16.16.2; option subnet-mask 255.255.255.0; option broadcast-address 172.16.16.255; option routers 172.16.16.254; }
echo "dhcpd_flags=em1">> /etc/rc.conf.local
PXE¶
mkdir -p /tftp/etc && chown _tftpd:_tftpd /tftp cd /tftp ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/pxeboot ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/bsd.mp ln -s pxeboot auto_install ln -s bsd.rd bsd echo " stty com0 115200 boot bsd " > /tftp/etc/boot.conf echo 'tftpd_flags="-4 /tftp"' >> /etc/rc.conf.local /etc/rc.d/dhcpd start /etc/rc.d/tftpd start
Copy sources¶
$ cd /var/www/htdocs $ mkdir -p pub/OpenBSD/6.5/amd64/ $ cd pub/OpenBSD/6.5/amd64/ $ ftp 'ftp://ftp.nluug.nl/pub/OpenBSD/6.5/amd64/*'
signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig
/etc/httpd.conf¶
server "*" { listen on * port 80 directory auto index } #### builder
#!/usr/local/bin/bash
#####################################
Builder - v1.0¶
#####################################
echo "=========================================="
echo "= OpenBSD Configuration builder - V1.1 ="
echo "= sacha at aquilenet.fr -=o=- 20190722 ="
echo "=========================================="
BPATH="/builder"
SKEL="$BPATH/skel"
WWW="$BPATH/www"
TGZ="$BPATH/siteXX.tgz"
VERSION="$(uname -r)"
VER="$(uname -r |tr -d '.')"
ok="n"
until [ $ok == "o" ]; do
read -p "Nom du site: " SITE
#read -p "Departement: " DEP
read -p "Code Postal: " CP
read -p "infos OSM:" OSM
read -p "pppoe user: " PPPOEU
read -p "pppoe pass: " PPPOEP
DEP=${CP:0:2}
echo "----------------------------------"
echo "Site : $SITE"
echo "Departement : $DEP"
echo "Code Postal : $CP"
echo "Infos OSM : $OSM"
echo "pppoe user : $PPPOEU"
echo "pppoe pass : $PPPOEP"
read -p "ok ? (o/n):" ok
done
SITEPATH="$BPATH/site/$SITE"
mkdir -p $SITEPATH/{root,etc,var/unbound/etc/,home,usr/local/bin}
cp -R $SKEL/* $SITEPATH/
#-------------------
myname¶
#-------------------
echo "cerbere.$SITE.mydomain.fr" > $SITEPATH/etc/myname
#-------------------
dhcpd.conf¶
#-------------------
sed -e "s/DEP/$DEP/g" -e "s/SITE/$SITE/g" $SKEL/etc/dhcpd.conf > $SITEPATH/etc/dhcpd.conf
#-------------------
hostname.pppoe0¶
#-------------------
sed -e "s/PPPOEU/$PPPOEU/g" -e "s/PPPOEP/$PPPOEP/g" $SKEL/etc/hostname.pppoe0 > $SITEPATH/etc/hostname.pppoe0
#-------------------
hostname.em2¶
#-------------------
sed -e "s/DEP/$DEP/g" $SKEL/etc/hostname.em2 > $SITEPATH/etc/hostname.em2
#-------------------
unbound.conf¶
#-------------------
sed -e "s/DEP/$DEP/g" $SKEL/var/unbound/etc/unbound.conf > $SITEPATH/var/unbound/etc/unbound.conf
#-------------------
prometheus geoash¶
#-------------------
preposition=$(curl -Ls "https://nominatim.openstreetmap.org/search/$CP $OSM?format=geojson&limit=1" |jq '.features[].geometry.coordinates| .[]')
position=$(echo $preposition | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
position=${position/ /,}
pregeoash=$(curl -Ls -w %{url_effective} -o /dev/null "http://geohash.org?q=$position")
geoash=${pregeoash#"http://geohash.org/"}
echo $geoash
echo 'loc{geohash="$geoash",place="'$SITE'"} 10' > $SKEL/var/node_exporter/site_location.prom
#=====================================================================================================
FIN¶
cd $SITEPATH && tar czvf $TGZ/$SITE-site$VER.tgz .
rm -f $WWW/pub/OpenBSD/$VERSION/amd64/site.tgz
cp $TGZ/$SITE-site$VER.tgz $WWW/pub/OpenBSD/$VERSION/amd64/site$VER.tgz
builder|02:37:51|:/builder#ls -alh /builder/
total 32
drwxr-xr-x 6 root wheel 512B Jul 22 02:37 .
drwxr-xr-x 15 root wheel 512B Jul 21 18:24 ..
-rwxr-xr-x 1 root wheel 1.8K Jul 22 02:32 builder.sh
lrwxr-xr-x 1 root wheel 54B Jul 21 21:35 prometheus-build -> /home/sacha/go/src/github.com/prometheus/node_exporter
drwxr-xr-x 3 root wheel 512B Jul 22 01:35 site
drwxr-xr-x 2 root wheel 512B Jul 22 01:35 siteXX.tgz
drwxr-xr-x 7 root wheel 512B Jul 22 01:30 skel
-rw-r--r-- 1 root wheel 1.2K Jul 22 01:07 test.tgz
lrwxr-xr-x 1 root wheel 5B Jul 21 18:24 tftp -> /tftp
drwxr-xr-x 2 root wheel 512B Jul 22 00:05 tmp
lrwxr-xr-x 1 root wheel 16B Jul 21 18:24 www -> /var/www/htdocs/
/tmp/i/install.resp¶
printf '%s' 'yourpassword' | encrypt
install.conf¶
System hostname = cerbere Which network interface do you wish to configure = em0 IPv4 address for em0 = dhcp IPv6 address for em0 = none Which network interface do you wish to configure = done DNS domain name = SITE.mydomain.fr DNS nameservers = none Start sshd(8) by default = yes Do you expect to run the X Window System = no Change the default console to com0 = yes Which speed should com0 use = 115200 Password for root account = $2b$10$V2wkDaLWTc0jmdPEMOW5VOPeg.nS9YbJOsj6LYZMrXdRiDCGoo6yu Password for user sacha = $2b$09$GWtR24VPpbZTdKyu5MZStOlyiNn2IKUy2trMI1rOJh1YjEjjNZKJa Setup a user = sacha Full name for user sacha = sacha Public ssh key for user sacha = ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA4y0oNSz3pvt2WVY/kBnlciuKoO8Nhxc+zsiaA7EOw+MRaysGZ6tymgMBpwuOCwMA8oBdgOzzlZOk7oIM1AUVjykrcrS3JPW1AOp0rjHJSDQKc8x2jBZTM8VIt1GoDTvfxoO6WTjaPJwwOxZlcS1zT6nW1y5IvO0Apz4MVKKNUZaZNa7x7MBfV59nXvWORddf3zJD/lHpK8WxfRVgYRJoLrNiqUe26GaDCKPge5fAmtgJMLvKGSzdsoCxtrY04tZw3fsdb/hJl7/Ov7dyX9NXJEU0dveFXZnLhYwKVhUa0CRxawCez202HInhp3LttYptwoX8jCjuRMlPL4+rhKtnDnze4Q81hU08xTV+TmNOzdPpVs0hY9wkQXyYrBlAGMjLQS0JQVL0hnI5FBB90GhwxzxzvD7HYLjipXXyOpdn/GZeSEG9ayjxc8kgXesT9Ogwo0GiXxPOjHz32NEJbDXXktMJZJuSqM6zD3KroB4qB6gLFZRnklqiedRTOMYJLYhC1MtdXqN/wpdlFQemYvCCGr44FJKLMDBYch4AiChVnr8VmnMzs+3ZE/3cP6tzDwgjotZc3uKN9nbEQt6SamlxW68P35ScODT1tED0JHep4qRxa5wQjYbLFQNwlWU1Vj7SxNDW0ahyZO5OZiuqtUjYzthhGECFqCtJwc/y2NTstFM= nobody@nowhere Allow root ssh login = no Which disk is the root disk = sd0 Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit = O Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = a Which disk do you wish to initialize = done Location of sets = http HTTP proxy URL = none HTTP Server = 172.16.16.254 Pathname to the sets = pub/OpenBSD/6.5/amd64 Unable to connect using https. Use http instead = yes Set name(s) = -x* Set name(s) = -g* Set name(s) = site65.tgz Checksum test for site65.tgz failed. Continue anyway = yes Unverified sets: site65.tgz. Continue without verification = yes Set name(s) = done Directory does not contain SHA256.sig. Continue without verification = yes Location of sets = done What timezone are you in = Europe/Paris Exit to (S)hell, (H)alt or (R)eboot = R
build siteXX.tgz¶
exemple copier le site65.tgz dans www/pub/OpenBSD/6.5/amd64 puis ls -al > www/pub/OpenBSD/6.5/amd64/index.txt
script install: install.site https://undeadly.org/cgi?action=article;sid=20080111200305
install.site¶
usermod -G wheel sacha echo 'node_exporter:\ :tc=daemon: '>> /etc/login.conf cap_mkdb /etc/login.conf groupadd _node_exporter useradd -u _node_exporter -c "Prometheus Node Exporter agent" -d /var/empty -s /sbin/nologin -L node_exporter _node_exporter
- Sources
http://eradman.com/posts/autoinstall-openbsd.html
http://149.210.185.89/openbsd-autoinstall.html
http://www.openbsd.org/faq/faq4.html#site
https://man.openbsd.org/autoinstall.8
Mis à jour par sacha il y a plus de 3 ans · 3 révisions