2018-12-28 11:23:49 +01:00
|
|
|
|
# EvoBSD 1.0
|
|
|
|
|
|
|
|
|
|
EvoBSD is an ansible project used for customising OpenBSD hosts
|
|
|
|
|
used by Evolix.
|
|
|
|
|
|
|
|
|
|
## How to install an OpenBSD machine
|
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
**Note :** The system must be installed with a root account only.
|
|
|
|
|
Put your public key in the remote root's autorized_keys
|
|
|
|
|
(/root/.ssh/authorized_keys)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-06-04 13:23:06 -04:00
|
|
|
|
1. Install ansible's prerequisites
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
|
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:23:06 -04:00
|
|
|
|
2. Run it
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
|
|
|
|
|
```
|
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
### Testing
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
Changes can be tested by using [Packer](https://www.packer.io/) and
|
|
|
|
|
[vmm(4)](https://man.openbsd.org/vmm.4) :
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* This process depends on the [Go](https://golang.org/) programming language.
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
# pkg_add go packer
|
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* We use the [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project to bridge Packer and vmm(4)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm
|
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* Here is an example build file
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ vim openbsd.json
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
{
|
2018-12-31 09:15:05 -05:00
|
|
|
|
"description": "OpenBSD installation on vmm(4)",
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
"variables": {
|
|
|
|
|
"hostname": "evobsd",
|
|
|
|
|
"domain": "example.com",
|
|
|
|
|
|
|
|
|
|
"password": "evolix"
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"builders": [
|
|
|
|
|
{
|
|
|
|
|
"type": "vmm",
|
|
|
|
|
"vm_name": "evobsd",
|
|
|
|
|
"disk_size": "2G",
|
|
|
|
|
"format": "qcow2",
|
|
|
|
|
"mem_size": "1024M",
|
|
|
|
|
|
|
|
|
|
"iso_urls": ["downloads/install64.fs", "https://ftp.nluug.nl/pub/OpenBSD/6.4/amd64/install64.fs"],
|
|
|
|
|
"iso_checksum": "7aa4344cb39efbf67300f97ac7eec005b607e8c19d4e31a0a593a8ee2b7136e4",
|
|
|
|
|
"iso_checksum_type": "sha256",
|
|
|
|
|
|
|
|
|
|
"boot_wait": "10s",
|
|
|
|
|
"boot_command": [
|
|
|
|
|
"S<enter>",
|
|
|
|
|
|
|
|
|
|
"cat <<EOF >disklabel.template<enter>",
|
|
|
|
|
"/ 1G-* 100%<enter>",
|
|
|
|
|
"EOF<enter>",
|
|
|
|
|
|
|
|
|
|
"cat <<EOF >install.conf<enter>",
|
|
|
|
|
"System hostname = {{user `hostname`}}<enter>",
|
|
|
|
|
"DNS domain name = {{user `domain`}}<enter>",
|
|
|
|
|
"Password for root account = {{user `password`}}<enter>",
|
|
|
|
|
"Do you expect to run the X Window System = no<enter>",
|
|
|
|
|
"Setup a user = no<enter>",
|
|
|
|
|
"Which disk is the root disk = sd1<enter>",
|
|
|
|
|
"Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = c<enter>",
|
|
|
|
|
"URL to autopartitioning template for disklabel = file://disklabel.template<enter>",
|
|
|
|
|
"Location of sets = disk<enter>",
|
|
|
|
|
"Is the disk partition already mounted = no<enter>",
|
|
|
|
|
"Set name(s) = -bsd.rd<enter>",
|
|
|
|
|
"Set name(s) = done<enter>",
|
|
|
|
|
"Directory does not contain SHA256.sig. Continue without verification = yes<enter>",
|
|
|
|
|
"What timezone are you in = Europe/Paris<enter>",
|
|
|
|
|
"EOF<enter>",
|
|
|
|
|
|
|
|
|
|
"install -af install.conf<enter>",
|
|
|
|
|
"<wait2m>",
|
|
|
|
|
|
|
|
|
|
"/sbin/halt -p<enter><wait15>"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* You need your unprivileged user to be able to run vmctl(8) through doas(1)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
2019-01-02 14:55:28 +01:00
|
|
|
|
# echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf
|
2018-12-28 11:23:49 +01:00
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* Build the virtual machine
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
$ packer build openbsd.json
|
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* Start it
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2
|
|
|
|
|
```
|
|
|
|
|
|
2020-06-04 13:27:03 -04:00
|
|
|
|
* Enable NAT on your host machine
|
2019-01-02 14:35:20 +01:00
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
pass out on em0 inet from tap0:network to any nat-to (em0)
|
|
|
|
|
```
|
|
|
|
|
*assuming em0 is your egress interface*
|
|
|
|
|
|
2018-12-28 11:23:49 +01:00
|
|
|
|
## Contributions
|
2019-01-03 12:53:58 -05:00
|
|
|
|
See the [contribution guidelines](CONTRIBUTING.md)
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2018-12-31 09:15:05 -05:00
|
|
|
|
## License
|
2018-12-28 11:23:49 +01:00
|
|
|
|
|
2019-01-02 14:35:20 +01:00
|
|
|
|
[MIT License](LICENSE)
|