Openbsd autoinstall » Historique » Version 3
sacha, 15/06/2021 13:53
1 | 1 | sacha | # Autoinstall OpenBSD ! |
---|---|---|---|
2 | |||
3 | * What ? |
||
4 | |||
5 | You want to build a full automated OpenBSD in 3 minuts, here is the cookbook. |
||
6 | I used it to deploy various PC Engines APU routers/firewalls. |
||
7 | |||
8 | * How ? |
||
9 | |||
10 | PXE Boot from the OpenBSD Builder |
||
11 | |||
12 | #### Packages |
||
13 | |||
14 | ~~~ |
||
15 | pkg_add bash colorls curl git gmake gnuwatch go jq python-3.6 |
||
16 | ~~~ |
||
17 | |||
18 | #### PXE Interface |
||
19 | |||
20 | ~~~ |
||
21 | builder# cat /etc/hostname.em1 |
||
22 | 172.16.16.254/24 description "PXE" |
||
23 | ~~~ |
||
24 | |||
25 | #### dhcpd |
||
26 | |||
27 | ~~~ |
||
28 | filename "auto_install"; |
||
29 | next-server 172.16.16.254; |
||
30 | subnet 172.16.16.0 netmask 255.255.255.0 { |
||
31 | range 172.16.16.1 172.16.16.2; |
||
32 | option subnet-mask 255.255.255.0; |
||
33 | option broadcast-address 172.16.16.255; |
||
34 | option routers 172.16.16.254; |
||
35 | } |
||
36 | ~~~ |
||
37 | |||
38 | ~~~ |
||
39 | echo "dhcpd_flags=em1">> /etc/rc.conf.local |
||
40 | ~~~ |
||
41 | |||
42 | #### PXE |
||
43 | |||
44 | ~~~ |
||
45 | mkdir -p /tftp/etc && chown _tftpd:_tftpd /tftp |
||
46 | cd /tftp |
||
47 | ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/pxeboot |
||
48 | ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/bsd.mp |
||
49 | ln -s pxeboot auto_install |
||
50 | ln -s bsd.rd bsd |
||
51 | |||
52 | echo " |
||
53 | stty com0 115200 |
||
54 | boot bsd |
||
55 | " > /tftp/etc/boot.conf |
||
56 | |||
57 | echo 'tftpd_flags="-4 /tftp"' >> /etc/rc.conf.local |
||
58 | /etc/rc.d/dhcpd start |
||
59 | /etc/rc.d/tftpd start |
||
60 | ~~~ |
||
61 | |||
62 | #### Copy sources |
||
63 | |||
64 | ~~~ |
||
65 | $ cd /var/www/htdocs |
||
66 | $ mkdir -p pub/OpenBSD/6.5/amd64/ |
||
67 | $ cd pub/OpenBSD/6.5/amd64/ |
||
68 | $ ftp 'ftp://ftp.nluug.nl/pub/OpenBSD/6.5/amd64/*' |
||
69 | ~~~ |
||
70 | |||
71 | ~~~ |
||
72 | signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig |
||
73 | ~~~ |
||
74 | |||
75 | #### /etc/httpd.conf |
||
76 | |||
77 | ~~~ |
||
78 | server "*" { |
||
79 | listen on * port 80 |
||
80 | directory auto index |
||
81 | } |
||
82 | |||
83 | |||
84 | #### builder |
||
85 | |||
86 | ~~~ |
||
87 | #!/usr/local/bin/bash |
||
88 | |||
89 | ##################################### |
||
90 | 2 | sacha | # Builder - v1.0 |
91 | 1 | sacha | ##################################### |
92 | |||
93 | echo "==========================================" |
||
94 | echo "= OpenBSD Configuration builder - V1.1 =" |
||
95 | 2 | sacha | echo "= sacha at aquilenet.fr -=o=- 20190722 =" |
96 | 1 | sacha | echo "==========================================" |
97 | |||
98 | BPATH="/builder" |
||
99 | SKEL="$BPATH/skel" |
||
100 | WWW="$BPATH/www" |
||
101 | TGZ="$BPATH/siteXX.tgz" |
||
102 | VERSION="$(uname -r)" |
||
103 | VER="$(uname -r |tr -d '.')" |
||
104 | |||
105 | ok="n" |
||
106 | until [ $ok == "o" ]; do |
||
107 | |||
108 | read -p "Nom du site: " SITE |
||
109 | #read -p "Departement: " DEP |
||
110 | read -p "Code Postal: " CP |
||
111 | read -p "infos OSM:" OSM |
||
112 | read -p "pppoe user: " PPPOEU |
||
113 | read -p "pppoe pass: " PPPOEP |
||
114 | |||
115 | DEP=${CP:0:2} |
||
116 | |||
117 | echo "----------------------------------" |
||
118 | echo "Site : $SITE" |
||
119 | echo "Departement : $DEP" |
||
120 | echo "Code Postal : $CP" |
||
121 | echo "Infos OSM : $OSM" |
||
122 | echo "pppoe user : $PPPOEU" |
||
123 | echo "pppoe pass : $PPPOEP" |
||
124 | read -p "ok ? (o/n):" ok |
||
125 | done |
||
126 | |||
127 | |||
128 | SITEPATH="$BPATH/site/$SITE" |
||
129 | |||
130 | mkdir -p $SITEPATH/{root,etc,var/unbound/etc/,home,usr/local/bin} |
||
131 | |||
132 | cp -R $SKEL/* $SITEPATH/ |
||
133 | |||
134 | #------------------- |
||
135 | # myname |
||
136 | #------------------- |
||
137 | 2 | sacha | echo "cerbere.$SITE.mydomain.fr" > $SITEPATH/etc/myname |
138 | 1 | sacha | |
139 | #------------------- |
||
140 | # dhcpd.conf |
||
141 | #------------------- |
||
142 | sed -e "s/DEP/$DEP/g" -e "s/SITE/$SITE/g" $SKEL/etc/dhcpd.conf > $SITEPATH/etc/dhcpd.conf |
||
143 | |||
144 | #------------------- |
||
145 | # hostname.pppoe0 |
||
146 | #------------------- |
||
147 | sed -e "s/PPPOEU/$PPPOEU/g" -e "s/PPPOEP/$PPPOEP/g" $SKEL/etc/hostname.pppoe0 > $SITEPATH/etc/hostname.pppoe0 |
||
148 | |||
149 | #------------------- |
||
150 | # hostname.em2 |
||
151 | #------------------- |
||
152 | sed -e "s/DEP/$DEP/g" $SKEL/etc/hostname.em2 > $SITEPATH/etc/hostname.em2 |
||
153 | |||
154 | #------------------- |
||
155 | # unbound.conf |
||
156 | #------------------- |
||
157 | sed -e "s/DEP/$DEP/g" $SKEL/var/unbound/etc/unbound.conf > $SITEPATH/var/unbound/etc/unbound.conf |
||
158 | |||
159 | #------------------- |
||
160 | # prometheus geoash |
||
161 | #------------------- |
||
162 | |||
163 | preposition=$(curl -Ls "https://nominatim.openstreetmap.org/search/$CP $OSM?format=geojson&limit=1" |jq '.features[].geometry.coordinates| .[]') |
||
164 | position=$(echo $preposition | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }') |
||
165 | position=${position/ /,} |
||
166 | pregeoash=$(curl -Ls -w %{url_effective} -o /dev/null "http://geohash.org?q=$position") |
||
167 | geoash=${pregeoash#"http://geohash.org/"} |
||
168 | echo $geoash |
||
169 | echo 'loc{geohash="$geoash",place="'$SITE'"} 10' > $SKEL/var/node_exporter/site_location.prom |
||
170 | |||
171 | #===================================================================================================== |
||
172 | # FIN |
||
173 | |||
174 | cd $SITEPATH && tar czvf $TGZ/$SITE-site$VER.tgz . |
||
175 | rm -f $WWW/pub/OpenBSD/$VERSION/amd64/site.tgz |
||
176 | cp $TGZ/$SITE-site$VER.tgz $WWW/pub/OpenBSD/$VERSION/amd64/site$VER.tgz |
||
177 | ~~~ |
||
178 | |||
179 | ~~~ |
||
180 | builder|02:37:51|:/builder#ls -alh /builder/ |
||
181 | total 32 |
||
182 | drwxr-xr-x 6 root wheel 512B Jul 22 02:37 . |
||
183 | drwxr-xr-x 15 root wheel 512B Jul 21 18:24 .. |
||
184 | -rwxr-xr-x 1 root wheel 1.8K Jul 22 02:32 builder.sh |
||
185 | lrwxr-xr-x 1 root wheel 54B Jul 21 21:35 prometheus-build -> /home/sacha/go/src/github.com/prometheus/node_exporter |
||
186 | drwxr-xr-x 3 root wheel 512B Jul 22 01:35 site |
||
187 | drwxr-xr-x 2 root wheel 512B Jul 22 01:35 siteXX.tgz |
||
188 | drwxr-xr-x 7 root wheel 512B Jul 22 01:30 skel |
||
189 | -rw-r--r-- 1 root wheel 1.2K Jul 22 01:07 test.tgz |
||
190 | lrwxr-xr-x 1 root wheel 5B Jul 21 18:24 tftp -> /tftp |
||
191 | drwxr-xr-x 2 root wheel 512B Jul 22 00:05 tmp |
||
192 | lrwxr-xr-x 1 root wheel 16B Jul 21 18:24 www -> /var/www/htdocs/ |
||
193 | ~~~ |
||
194 | |||
195 | |||
196 | ~~~ |
||
197 | |||
198 | #### /tmp/i/install.resp |
||
199 | |||
200 | printf '%s' 'yourpassword' | encrypt |
||
201 | |||
202 | #### install.conf |
||
203 | |||
204 | ~~~ |
||
205 | System hostname = cerbere |
||
206 | Which network interface do you wish to configure = em0 |
||
207 | IPv4 address for em0 = dhcp |
||
208 | IPv6 address for em0 = none |
||
209 | Which network interface do you wish to configure = done |
||
210 | 2 | sacha | DNS domain name = SITE.mydomain.fr |
211 | 1 | sacha | DNS nameservers = none |
212 | Start sshd(8) by default = yes |
||
213 | Do you expect to run the X Window System = no |
||
214 | Change the default console to com0 = yes |
||
215 | Which speed should com0 use = 115200 |
||
216 | Password for root account = $2b$10$V2wkDaLWTc0jmdPEMOW5VOPeg.nS9YbJOsj6LYZMrXdRiDCGoo6yu |
||
217 | Password for user sacha = $2b$09$GWtR24VPpbZTdKyu5MZStOlyiNn2IKUy2trMI1rOJh1YjEjjNZKJa |
||
218 | Setup a user = sacha |
||
219 | Full name for user sacha = sacha |
||
220 | Public ssh key for user sacha = ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA4y0oNSz3pvt2WVY/kBnlciuKoO8Nhxc+zsiaA7EOw+MRaysGZ6tymgMBpwuOCwMA8oBdgOzzlZOk7oIM1AUVjykrcrS3JPW1AOp0rjHJSDQKc8x2jBZTM8VIt1GoDTvfxoO6WTjaPJwwOxZlcS1zT6nW1y5IvO0Apz4MVKKNUZaZNa7x7MBfV59nXvWORddf3zJD/lHpK8WxfRVgYRJoLrNiqUe26GaDCKPge5fAmtgJMLvKGSzdsoCxtrY04tZw3fsdb/hJl7/Ov7dyX9NXJEU0dveFXZnLhYwKVhUa0CRxawCez202HInhp3LttYptwoX8jCjuRMlPL4+rhKtnDnze4Q81hU08xTV+TmNOzdPpVs0hY9wkQXyYrBlAGMjLQS0JQVL0hnI5FBB90GhwxzxzvD7HYLjipXXyOpdn/GZeSEG9ayjxc8kgXesT9Ogwo0GiXxPOjHz32NEJbDXXktMJZJuSqM6zD3KroB4qB6gLFZRnklqiedRTOMYJLYhC1MtdXqN/wpdlFQemYvCCGr44FJKLMDBYch4AiChVnr8VmnMzs+3ZE/3cP6tzDwgjotZc3uKN9nbEQt6SamlxW68P35ScODT1tED0JHep4qRxa5wQjYbLFQNwlWU1Vj7SxNDW0ahyZO5OZiuqtUjYzthhGECFqCtJwc/y2NTstFM= nobody@nowhere |
||
221 | Allow root ssh login = no |
||
222 | Which disk is the root disk = sd0 |
||
223 | Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit = O |
||
224 | Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = a |
||
225 | Which disk do you wish to initialize = done |
||
226 | Location of sets = http |
||
227 | HTTP proxy URL = none |
||
228 | HTTP Server = 172.16.16.254 |
||
229 | Pathname to the sets = pub/OpenBSD/6.5/amd64 |
||
230 | Unable to connect using https. Use http instead = yes |
||
231 | Set name(s) = -x* |
||
232 | Set name(s) = -g* |
||
233 | Set name(s) = site65.tgz |
||
234 | Checksum test for site65.tgz failed. Continue anyway = yes |
||
235 | Unverified sets: site65.tgz. Continue without verification = yes |
||
236 | Set name(s) = done |
||
237 | Directory does not contain SHA256.sig. Continue without verification = yes |
||
238 | Location of sets = done |
||
239 | What timezone are you in = Europe/Paris |
||
240 | Exit to (S)hell, (H)alt or (R)eboot = R |
||
241 | ~~~ |
||
242 | |||
243 | #### build siteXX.tgz |
||
244 | exemple copier le site65.tgz dans www/pub/OpenBSD/6.5/amd64 puis ls -al > www/pub/OpenBSD/6.5/amd64/index.txt |
||
245 | script install: install.site https://undeadly.org/cgi?action=article;sid=20080111200305 |
||
246 | |||
247 | #### install.site |
||
248 | |||
249 | ~~~ |
||
250 | usermod -G wheel sacha |
||
251 | echo 'node_exporter:\ |
||
252 | :tc=daemon: '>> /etc/login.conf |
||
253 | cap_mkdb /etc/login.conf |
||
254 | groupadd _node_exporter |
||
255 | useradd -u _node_exporter -c "Prometheus Node Exporter agent" -d /var/empty -s /sbin/nologin -L node_exporter _node_exporter |
||
256 | ~~~ |
||
257 | |||
258 | |||
259 | |||
260 | * Sources |
||
261 | |||
262 | http://eradman.com/posts/autoinstall-openbsd.html |
||
263 | http://149.210.185.89/openbsd-autoinstall.html |
||
264 | http://www.openbsd.org/faq/faq4.html#site |
||
265 | https://man.openbsd.org/autoinstall.8 |