Openbsd autoinstall » Historique » Révision 5
Révision 4 (sacha, 15/06/2021 13:53) → Révision 5/6 (sacha, 15/06/2021 13:55)
# Autoinstall OpenBSD !
* What ?
You want to build a full automated OpenBSD in 3 minuts, here is the cookbook.
I used it to deploy various PC Engines APU routers/firewalls.
* How ?
PXE Boot from the OpenBSD Builder
#### Packages
~~~
pkg_add bash colorls curl git gmake gnuwatch go jq python-3.6
~~~
#### PXE Interface
~~~
builder# cat /etc/hostname.em1
172.16.16.254/24 description "PXE"
~~~
#### dhcpd
~~~
filename "auto_install";
next-server 172.16.16.254;
subnet 172.16.16.0 netmask 255.255.255.0 {
range 172.16.16.1 172.16.16.2;
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.16.255;
option routers 172.16.16.254;
}
~~~
~~~
echo "dhcpd_flags=em1">> /etc/rc.conf.local
~~~
#### PXE
~~~
mkdir -p /tftp/etc && chown _tftpd:_tftpd /tftp
cd /tftp
ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/pxeboot
ftp http://mirrors.ircam.fr/pub/OpenBSD/6.5/amd64/bsd.mp
ln -s pxeboot auto_install
ln -s bsd.rd bsd
echo "
stty com0 115200
boot bsd
" > /tftp/etc/boot.conf
echo 'tftpd_flags="-4 /tftp"' >> /etc/rc.conf.local
/etc/rc.d/dhcpd start
/etc/rc.d/tftpd start
~~~
#### Copy sources
~~~
$ cd /var/www/htdocs
$ mkdir -p pub/OpenBSD/6.5/amd64/
$ cd pub/OpenBSD/6.5/amd64/
$ ftp 'ftp://ftp.nluug.nl/pub/OpenBSD/6.5/amd64/*'
~~~
~~~
signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig
~~~
#### /etc/httpd.conf
~~~
server "*" {
listen on * port 80
directory auto index
}
~~~
#### builder
~~~
#!/usr/local/bin/bash
#####################################
# Builder - v1.0
#####################################
echo "=========================================="
echo "= OpenBSD Configuration builder - V1.1 ="
echo "= sacha at aquilenet.fr -=o=- 20190722 ="
echo "=========================================="
BPATH="/builder"
SKEL="$BPATH/skel"
WWW="$BPATH/www"
TGZ="$BPATH/siteXX.tgz"
VERSION="$(uname -r)"
VER="$(uname -r |tr -d '.')"
ok="n"
until [ $ok == "o" ]; do
read -p "Nom du site: " SITE
#read -p "Departement: " DEP
read -p "Code Postal: " CP
read -p "infos OSM:" OSM
read -p "pppoe user: " PPPOEU
read -p "pppoe pass: " PPPOEP
DEP=${CP:0:2}
echo "----------------------------------"
echo "Site : $SITE"
echo "Departement : $DEP"
echo "Code Postal : $CP"
echo "Infos OSM : $OSM"
echo "pppoe user : $PPPOEU"
echo "pppoe pass : $PPPOEP"
read -p "ok ? (o/n):" ok
done
SITEPATH="$BPATH/site/$SITE"
mkdir -p $SITEPATH/{root,etc,var/unbound/etc/,home,usr/local/bin}
cp -R $SKEL/* $SITEPATH/
#-------------------
# myname
#-------------------
echo "cerbere.$SITE.mydomain.fr" > $SITEPATH/etc/myname
#-------------------
# dhcpd.conf
#-------------------
sed -e "s/DEP/$DEP/g" -e "s/SITE/$SITE/g" $SKEL/etc/dhcpd.conf > $SITEPATH/etc/dhcpd.conf
#-------------------
# hostname.pppoe0
#-------------------
sed -e "s/PPPOEU/$PPPOEU/g" -e "s/PPPOEP/$PPPOEP/g" $SKEL/etc/hostname.pppoe0 > $SITEPATH/etc/hostname.pppoe0
#-------------------
# hostname.em2
#-------------------
sed -e "s/DEP/$DEP/g" $SKEL/etc/hostname.em2 > $SITEPATH/etc/hostname.em2
#-------------------
# unbound.conf
#-------------------
sed -e "s/DEP/$DEP/g" $SKEL/var/unbound/etc/unbound.conf > $SITEPATH/var/unbound/etc/unbound.conf
#-------------------
# prometheus geoash
#-------------------
preposition=$(curl -Ls "https://nominatim.openstreetmap.org/search/$CP $OSM?format=geojson&limit=1" |jq '.features[].geometry.coordinates| .[]')
position=$(echo $preposition | awk '{ for (i=NF; i>1; i--) printf("%s ",$i); print $1; }')
position=${position/ /,}
pregeoash=$(curl -Ls -w %{url_effective} -o /dev/null "http://geohash.org?q=$position")
geoash=${pregeoash#"http://geohash.org/"}
echo $geoash
echo 'loc{geohash="$geoash",place="'$SITE'"} 10' > $SKEL/var/node_exporter/site_location.prom
#=====================================================================================================
# FIN
cd $SITEPATH && tar czvf $TGZ/$SITE-site$VER.tgz .
rm -f $WWW/pub/OpenBSD/$VERSION/amd64/site.tgz
cp $TGZ/$SITE-site$VER.tgz $WWW/pub/OpenBSD/$VERSION/amd64/site$VER.tgz
~~~
~~~
builder|02:37:51|:/builder#ls -alh /builder/
total 32
drwxr-xr-x 6 root wheel 512B Jul 22 02:37 .
drwxr-xr-x 15 root wheel 512B Jul 21 18:24 ..
-rwxr-xr-x 1 root wheel 1.8K Jul 22 02:32 builder.sh
lrwxr-xr-x 1 root wheel 54B Jul 21 21:35 prometheus-build -> /home/sacha/go/src/github.com/prometheus/node_exporter
drwxr-xr-x 3 root wheel 512B Jul 22 01:35 site
drwxr-xr-x 2 root wheel 512B Jul 22 01:35 siteXX.tgz
drwxr-xr-x 7 root wheel 512B Jul 22 01:30 skel
-rw-r--r-- 1 root wheel 1.2K Jul 22 01:07 test.tgz
lrwxr-xr-x 1 root wheel 5B Jul 21 18:24 tftp -> /tftp
drwxr-xr-x 2 root wheel 512B Jul 22 00:05 tmp
lrwxr-xr-x 1 root wheel 16B Jul 21 18:24 www -> /var/www/htdocs/
~~~
~~~
#### /tmp/i/install.resp
~~~
printf '%s' 'yourpassword' | encrypt
~~~
#### install.conf
~~~
System hostname = cerbere
Which network interface do you wish to configure = em0
IPv4 address for em0 = dhcp
IPv6 address for em0 = none
Which network interface do you wish to configure = done
DNS domain name = SITE.mydomain.fr
DNS nameservers = none
Start sshd(8) by default = yes
Do you expect to run the X Window System = no
Change the default console to com0 = yes
Which speed should com0 use = 115200
Password for root account = $2b$10$V2wkDaLWTc0jmdPEMOW5VOPeg.nS9YbJOsj6LYZMrXdRiDCGoo6yu
Password for user sacha = $2b$09$GWtR24VPpbZTdKyu5MZStOlyiNn2IKUy2trMI1rOJh1YjEjjNZKJa
Setup a user = sacha
Full name for user sacha = sacha
Public ssh key for user sacha = ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA4y0oNSz3pvt2WVY/kBnlciuKoO8Nhxc+zsiaA7EOw+MRaysGZ6tymgMBpwuOCwMA8oBdgOzzlZOk7oIM1AUVjykrcrS3JPW1AOp0rjHJSDQKc8x2jBZTM8VIt1GoDTvfxoO6WTjaPJwwOxZlcS1zT6nW1y5IvO0Apz4MVKKNUZaZNa7x7MBfV59nXvWORddf3zJD/lHpK8WxfRVgYRJoLrNiqUe26GaDCKPge5fAmtgJMLvKGSzdsoCxtrY04tZw3fsdb/hJl7/Ov7dyX9NXJEU0dveFXZnLhYwKVhUa0CRxawCez202HInhp3LttYptwoX8jCjuRMlPL4+rhKtnDnze4Q81hU08xTV+TmNOzdPpVs0hY9wkQXyYrBlAGMjLQS0JQVL0hnI5FBB90GhwxzxzvD7HYLjipXXyOpdn/GZeSEG9ayjxc8kgXesT9Ogwo0GiXxPOjHz32NEJbDXXktMJZJuSqM6zD3KroB4qB6gLFZRnklqiedRTOMYJLYhC1MtdXqN/wpdlFQemYvCCGr44FJKLMDBYch4AiChVnr8VmnMzs+3ZE/3cP6tzDwgjotZc3uKN9nbEQt6SamlxW68P35ScODT1tED0JHep4qRxa5wQjYbLFQNwlWU1Vj7SxNDW0ahyZO5OZiuqtUjYzthhGECFqCtJwc/y2NTstFM= nobody@nowhere
Allow root ssh login = no
Which disk is the root disk = sd0
Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit = O
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = a
Which disk do you wish to initialize = done
Location of sets = http
HTTP proxy URL = none
HTTP Server = 172.16.16.254
Pathname to the sets = pub/OpenBSD/6.5/amd64
Unable to connect using https. Use http instead = yes
Set name(s) = -x*
Set name(s) = -g*
Set name(s) = site65.tgz
Checksum test for site65.tgz failed. Continue anyway = yes
Unverified sets: site65.tgz. Continue without verification = yes
Set name(s) = done
Directory does not contain SHA256.sig. Continue without verification = yes
Location of sets = done
What timezone are you in = Europe/Paris
Exit to (S)hell, (H)alt or (R)eboot = R
~~~
#### build siteXX.tgz
exemple copier le site65.tgz dans www/pub/OpenBSD/6.5/amd64 puis ls -al > www/pub/OpenBSD/6.5/amd64/index.txt
script install: install.site https://undeadly.org/cgi?action=article;sid=20080111200305
#### install.site
~~~
usermod -G wheel sacha
echo 'node_exporter:\
:tc=daemon: '>> /etc/login.conf
cap_mkdb /etc/login.conf
groupadd _node_exporter
useradd -u _node_exporter -c "Prometheus Node Exporter agent" -d /var/empty -s /sbin/nologin -L node_exporter _node_exporter
~~~
* Sources
http://eradman.com/posts/autoinstall-openbsd.html
http://149.210.185.89/openbsd-autoinstall.html
http://www.openbsd.org/faq/faq4.html#site
https://man.openbsd.org/autoinstall.8