openbsd-autoinstall - www.codemadness.org - www.codemadness.org saait content files
(HTM) git clone git://git.codemadness.org/www.codemadness.org
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
openbsd-autoinstall (16218B)
---
1 1<- Back / codemadness.org 70
2 i codemadness.org 70
3 i codemadness.org 70
4 i# OpenBSD: setup a local auto-installation server codemadness.org 70
5 i codemadness.org 70
6 iLast modification on 2020-04-30 codemadness.org 70
7 i codemadness.org 70
8 iThis guide describes how to setup a local mirror and installation/upgrade codemadness.org 70
9 iserver that requires little or no input interaction. codemadness.org 70
10 i codemadness.org 70
11 i codemadness.org 70
12 i## Setup a local HTTP mirror codemadness.org 70
13 i codemadness.org 70
14 iThe HTTP mirror will be used to fetch the base sets and (optional) custom sets. codemadness.org 70
15 iIn this guide we will assume **192.168.0.2** is the local installation server codemadness.org 70
16 iand mirror, the CPU architecture is amd64 and the OpenBSD release version is codemadness.org 70
17 i6.5. We will store the files in the directory with the structure: codemadness.org 70
18 i codemadness.org 70
19 i http://192.168.0.2/pub/OpenBSD/6.5/amd64/ codemadness.org 70
20 i codemadness.org 70
21 iCreate the www serve directory and fetch all sets and install files codemadness.org 70
22 i(if needed to save space *.iso and install65.fs can be skipped): codemadness.org 70
23 i codemadness.org 70
24 i $ cd /var/www/htdocs codemadness.org 70
25 i $ mkdir -p pub/OpenBSD/6.5/amd64/ codemadness.org 70
26 i $ cd pub/OpenBSD/6.5/amd64/ codemadness.org 70
27 i $ ftp 'ftp://ftp.nluug.nl/pub/OpenBSD/6.5/amd64/*' codemadness.org 70
28 i codemadness.org 70
29 iVerify signature and check some checksums: codemadness.org 70
30 i codemadness.org 70
31 i $ signify -C -p /etc/signify/openbsd-65-base.pub -x SHA256.sig codemadness.org 70
32 i codemadness.org 70
33 hSetup »httpd(8)« for simple file serving: URL:https://man.openbsd.org/httpd.8 codemadness.org 70
34 i codemadness.org 70
35 i # $FAVORITE_EDITOR /etc/httpd.conf codemadness.org 70
36 i codemadness.org 70
37 hA minimal example config for »httpd.conf(5)«: URL:https://man.openbsd.org/httpd.conf.5 codemadness.org 70
38 i codemadness.org 70
39 i server "*" { codemadness.org 70
40 i listen on * port 80 codemadness.org 70
41 i } codemadness.org 70
42 i codemadness.org 70
43 iThe default www root directory is: /var/www/htdocs/ codemadness.org 70
44 i codemadness.org 70
45 iEnable the httpd daemon to start by default and start it now: codemadness.org 70
46 i codemadness.org 70
47 i # rcctl enable httpd codemadness.org 70
48 i # rcctl start httpd codemadness.org 70
49 i codemadness.org 70
50 i## Creating an installation response/answer file codemadness.org 70
51 i codemadness.org 70
52 iThe installer supports loading responses to the installation/upgrade questions codemadness.org 70
53 ifrom a simple text file. We can do a regular installation and copy the answers codemadness.org 70
54 ifrom the saved file to make an automated version of it. codemadness.org 70
55 i codemadness.org 70
56 iDo a test installation, at the end of the installation or upgrade when asked the codemadness.org 70
57 iquestion: codemadness.org 70
58 i codemadness.org 70
59 i Exit to (S)hell, (H)alt or (R)eboot? codemadness.org 70
60 i codemadness.org 70
61 iType S to go to the shell. Find the response file for an installation and copy codemadness.org 70
62 iit to some USB stick or write down the response answers: codemadness.org 70
63 i codemadness.org 70
64 i cp /tmp/i/install.resp /mnt/usbstick/ codemadness.org 70
65 i codemadness.org 70
66 iA response file could be for example: codemadness.org 70
67 i codemadness.org 70
68 i System hostname = testvm codemadness.org 70
69 i Which network interface do you wish to configure = em0 codemadness.org 70
70 i IPv4 address for em0 = dhcp codemadness.org 70
71 i IPv6 address for em0 = none codemadness.org 70
72 i Which network interface do you wish to configure = done codemadness.org 70
73 i Password for root account = $2b$10$IqI43aXjgD55Q3nLbRakRO/UAG6SAClL9pyk0vIUpHZSAcLx8fWk. codemadness.org 70
74 i Password for user testuser = $2b$10$IqI43aXjgD55Q3nLbRakRO/UAG6SAClL9pyk0vIUpHZSAcLx8fWk. codemadness.org 70
75 i Start sshd(8) by default = no codemadness.org 70
76 i Do you expect to run the X Window System = no codemadness.org 70
77 i Setup a user = testuser codemadness.org 70
78 i Full name for user testuser = testuser codemadness.org 70
79 i What timezone are you in = Europe/Amsterdam codemadness.org 70
80 i Which disk is the root disk = wd0 codemadness.org 70
81 i Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit = OpenBSD codemadness.org 70
82 i Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = a codemadness.org 70
83 i Location of sets = http codemadness.org 70
84 i HTTP proxy URL = none codemadness.org 70
85 i HTTP Server = 192.168.0.2 codemadness.org 70
86 i Server directory = pub/OpenBSD/6.5/amd64 codemadness.org 70
87 i Unable to connect using https. Use http instead = yes codemadness.org 70
88 i Location of sets = http codemadness.org 70
89 i Set name(s) = done codemadness.org 70
90 i Location of sets = done codemadness.org 70
91 i Exit to (S)hell, (H)alt or (R)eboot = R codemadness.org 70
92 i codemadness.org 70
93 iGet custom encrypted password for response file: codemadness.org 70
94 i codemadness.org 70
95 i $ printf '%s' 'yourpassword' | encrypt codemadness.org 70
96 i codemadness.org 70
97 i codemadness.org 70
98 i## Changing the RAMDISK kernel disk image codemadness.org 70
99 i codemadness.org 70
100 h»rdsetroot(8)« is publicly exposed now in base since 6.5. Before 6.5 it is URL:https://man.openbsd.org/rdsetroot.8 codemadness.org 70
101 havailable in the /usr/src/ tree as elfrdsetroot, see also the »rd(4)« man page. URL:https://man.openbsd.org/rd.4 codemadness.org 70
102 i codemadness.org 70
103 i $ mkdir auto codemadness.org 70
104 i $ cd auto codemadness.org 70
105 i $ cp pubdir/bsd.rd . codemadness.org 70
106 i $ rdsetroot -x bsd.rd disk.fs codemadness.org 70
107 i # vnconfig vnd0 disk.fs codemadness.org 70
108 i # mkdir mount codemadness.org 70
109 i # mount /dev/vnd0a mount codemadness.org 70
110 i codemadness.org 70
111 iCopy the response file (install.resp) to: mount/auto_install.conf codemadness.org 70
112 i(installation) **or** mount/auto_upgrade.conf (upgrade), but not both. In this codemadness.org 70
113 iguide we will do an auto-installation. codemadness.org 70
114 i codemadness.org 70
115 iUnmount, detach and patch RAMDISK: codemadness.org 70
116 i codemadness.org 70
117 i # umount mount codemadness.org 70
118 i # vnconfig -u vnd0 codemadness.org 70
119 i $ rdsetroot bsd.rd disk.fs codemadness.org 70
120 i codemadness.org 70
121 iTo test copy bsd.rd to the root of some testmachine like /bsd.test.rd then codemadness.org 70
122 i(re)boot and type: codemadness.org 70
123 i codemadness.org 70
124 i boot /bsd.test.rd codemadness.org 70
125 i codemadness.org 70
126 iIn the future (6.5+) it will be possible to copy to a file named "/bsd.upgrade" codemadness.org 70
127 iin the root of a current system and automatically load the kernel: codemadness.org 70
128 hSee the script bsd.upgrade in CVS. URL:https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/stand/boot/boot.c?rev=1.46&content-type=text/x-cvsweb-markup codemadness.org 70
129 iOf course this is possible with PXE boot or some custom USB/ISO also. codemadness.org 70
130 hAs explained in the »autoinstall(8)« man page: create either an URL:https://man.openbsd.org/autoinstall.8 codemadness.org 70
131 iauto_upgrade.conf **or** an auto_install.conf, but not both. codemadness.org 70
132 i codemadness.org 70
133 i codemadness.org 70
134 i## Create bootable miniroot codemadness.org 70
135 i codemadness.org 70
136 iIn this example the miniroot will boot the custom kernel, but fetch all the codemadness.org 70
137 isets from the local network. codemadness.org 70
138 i codemadness.org 70
139 iWe will base our miniroot of the official version: miniroot65.fs. codemadness.org 70
140 i codemadness.org 70
141 iWe will create a 16MB miniroot to boot from (in this guide it is assumed the codemadness.org 70
142 ioriginal miniroot is about 4MB and the modified kernel image fits in the new codemadness.org 70
143 iallocated space): codemadness.org 70
144 i codemadness.org 70
145 i $ dd if=/dev/zero of=new.fs bs=512 count=32768 codemadness.org 70
146 i codemadness.org 70
147 iCopy first part of the original image to the new disk (no truncation): codemadness.org 70
148 i codemadness.org 70
149 i $ dd conv=notrunc if=miniroot65.fs of=new.fs codemadness.org 70
150 i # vnconfig vnd0 new.fs codemadness.org 70
151 i codemadness.org 70
152 iExpand disk OpenBSD boundaries: codemadness.org 70
153 i codemadness.org 70
154 i # disklabel -E vnd0 codemadness.org 70
155 i > b codemadness.org 70
156 i Starting sector: [1024] codemadness.org 70
157 i Size ('*' for entire disk): [8576] * codemadness.org 70
158 i > r codemadness.org 70
159 i Total free sectors: 1168. codemadness.org 70
160 i > c a codemadness.org 70
161 i Partition a is currently 8576 sectors in size, and can have a maximum codemadness.org 70
162 i size of 9744 sectors. codemadness.org 70
163 i size: [8576] * codemadness.org 70
164 i > w codemadness.org 70
165 i > q codemadness.org 70
166 i codemadness.org 70
167 ior: codemadness.org 70
168 i codemadness.org 70
169 i # printf 'b\n\n*\nc a\n*\nw\n' | disklabel -E vnd0 codemadness.org 70
170 i codemadness.org 70
171 iGrow filesystem and check it and mark as clean: codemadness.org 70
172 i codemadness.org 70
173 i # growfs -y /dev/vnd0a codemadness.org 70
174 i # fsck -y /dev/vnd0a codemadness.org 70
175 i codemadness.org 70
176 iMount filesystem: codemadness.org 70
177 i codemadness.org 70
178 i # mount /dev/vnd0a mount/ codemadness.org 70
179 i codemadness.org 70
180 iThe kernel on the miniroot is GZIP compressed. Compress our modified bsd.rd and codemadness.org 70
181 ioverwrite the original kernel: codemadness.org 70
182 i codemadness.org 70
183 i # gzip -c9n bsd.rd > mount/bsd codemadness.org 70
184 i codemadness.org 70
185 iOr to save space (+- 500KB) by stripping debug symbols, taken from bsd.gz target codemadness.org 70
186 hin this Makefile. URL:https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/amd64/iso/Makefile codemadness.org 70
187 i codemadness.org 70
188 i $ cp bsd.rd bsd.strip codemadness.org 70
189 i $ strip bsd.strip codemadness.org 70
190 i $ strip -R .comment -R .SUNW_ctf bsd.strip codemadness.org 70
191 i $ gzip -c9n bsd.strip > bsd.gz codemadness.org 70
192 i $ cp bsd.gz mount/bsd codemadness.org 70
193 i codemadness.org 70
194 iNow unmount and detach: codemadness.org 70
195 i codemadness.org 70
196 i # umount mount/ codemadness.org 70
197 i # vnconfig -u vnd0 codemadness.org 70
198 i codemadness.org 70
199 hNow you can »dd(1)« the image new.fs to your bootable (USB) medium. URL:https://man.openbsd.org/dd.1 codemadness.org 70
200 i codemadness.org 70
201 i codemadness.org 70
202 i## Adding custom sets (optional) codemadness.org 70
203 i codemadness.org 70
204 hFor patching »/etc/rc.firsttime« and other system files it is useful to use a URL:https://man.openbsd.org/rc.firsttime.8 codemadness.org 70
205 icustomized installation set like siteVERSION.tgz, for example: site65.tgz. The codemadness.org 70
206 isets can even be specified per host/MAC address like codemadness.org 70
207 isiteVERSION-$(hostname -s).tgz so for example: site65-testvm.tgz codemadness.org 70
208 i codemadness.org 70
209 iWhen the installer checks the base sets of the mirror it looks for a file codemadness.org 70
210 iindex.txt. To add custom sets the site entries have to be added. codemadness.org 70
211 i codemadness.org 70
212 iFor example: codemadness.org 70
213 i codemadness.org 70
214 i -rw-r--r-- 1 1001 0 4538975 Oct 11 13:58:26 2018 site65-testvm.tgz codemadness.org 70
215 i codemadness.org 70
216 iThe filesize, permissions etc do not matter and are not checked by the codemadness.org 70
217 iinstaller. Only the filename is matched by a regular expression. codemadness.org 70
218 i codemadness.org 70
219 i codemadness.org 70
220 i## Sign custom site* tarball sets (optional) codemadness.org 70
221 i codemadness.org 70
222 iIf you have custom sets without creating a signed custom release you will be codemadness.org 70
223 iprompted for the messages: codemadness.org 70
224 i codemadness.org 70
225 i checksum test failed codemadness.org 70
226 i codemadness.org 70
227 iand: codemadness.org 70
228 i codemadness.org 70
229 i unverified sets: continue without verification codemadness.org 70
230 i codemadness.org 70
231 hOpenBSD uses the program »signify(1)« to cryptographically sign and URL:https://man.openbsd.org/signify.1 codemadness.org 70
232 iverify filesets. codemadness.org 70
233 i codemadness.org 70
234 iTo create a custom public/private keypair (ofcourse make sure to store the codemadness.org 70
235 iprivate key privately): codemadness.org 70
236 i codemadness.org 70
237 i $ signify -G -n -c "Custom 6.5 install" -p custom-65-base.pub -s custom-65-base.sec codemadness.org 70
238 i codemadness.org 70
239 iCreate new checksum file with filelist of the current directory (except SHA256* codemadness.org 70
240 ifiles): codemadness.org 70
241 i codemadness.org 70
242 i $ printf '%s\n' * | grep -v SHA256 | xargs sha256 > SHA256 codemadness.org 70
243 i codemadness.org 70
244 iSign SHA256 and store as SHA256.sig, embed signature: codemadness.org 70
245 i codemadness.org 70
246 i $ signify -S -e -s /privatedir/custom-65-base.sec -m SHA256 -x SHA256.sig codemadness.org 70
247 i codemadness.org 70
248 iVerify the created signature and data is correct: codemadness.org 70
249 i codemadness.org 70
250 i $ signify -C -p /somelocation/custom-65-base.pub -x SHA256.sig codemadness.org 70
251 i codemadness.org 70
252 iCopy **only** the **public** key to the RAMDISK: codemadness.org 70
253 i codemadness.org 70
254 i $ cp custom-65-base.pub mount/etc/signify/custom-65-base.pub codemadness.org 70
255 i codemadness.org 70
256 iNow we have to patch the install.sub file to check our public key. If you know codemadness.org 70
257 ia better way without having to patch this script, please let me know. codemadness.org 70
258 i codemadness.org 70
259 iChange the variable PUB_KEY in the shellscript mount/install.sub from: codemadness.org 70
260 i codemadness.org 70
261 i PUB_KEY=/etc/signify/openbsd-${VERSION}-base.pub codemadness.org 70
262 i codemadness.org 70
263 iTo: codemadness.org 70
264 i codemadness.org 70
265 i PUB_KEY=/etc/signify/custom-${VERSION}-base.pub codemadness.org 70
266 i codemadness.org 70
267 iAnd for upgrades from: codemadness.org 70
268 i codemadness.org 70
269 i $UPGRADE_BSDRD && codemadness.org 70
270 i PUB_KEY=/mnt/etc/signify/openbsd-$((VERSION + 1))-base.pub codemadness.org 70
271 i codemadness.org 70
272 iTo: codemadness.org 70
273 i codemadness.org 70
274 i $UPGRADE_BSDRD && codemadness.org 70
275 i PUB_KEY=/mnt/etc/signify/custom-$((VERSION + 1))-base.pub codemadness.org 70
276 i codemadness.org 70
277 i codemadness.org 70
278 i## Ideas codemadness.org 70
279 i codemadness.org 70
280 h* Patch »rc.firsttime(8)«: and run syspatch, add ports, setup xenodm etc. URL:https://man.openbsd.org/rc.firsttime.8 codemadness.org 70
281 h* Custom partitioning scheme, see »autoinstall(8)« "URL to autopartitioning URL:https://man.openbsd.org/autoinstall.8 codemadness.org 70
282 i template for disklabel = url". codemadness.org 70
283 h* Setup »pxeboot(8)« to boot and install over the network using URL:https://man.openbsd.org/pxeboot.8 codemadness.org 70
284 h »dhcpd(8)« and URL:https://man.openbsd.org/dhcpd.8 codemadness.org 70
285 h »tftpd(8)« then not even some USB stick is required. URL:https://man.openbsd.org/tftpd.8 codemadness.org 70
286 i codemadness.org 70
287 i codemadness.org 70
288 i## References codemadness.org 70
289 i codemadness.org 70
290 i* Main OpenBSD installation and upgrade shellscript: codemadness.org 70
291 h /usr/src/distrib/miniroot/install.sub URL:https://cvsweb.openbsd.org/src/distrib/miniroot/install.sub codemadness.org 70
292 .