EvoBSD is a set of Ansible playbooks and roles providing a customisation of the OpenBSD operating system used by Evolix.
Jeremy Dubois
337dcb9438
- Specification of the different possible uses of the playbook - Addition of the openvpn role, commented by default - No use of the PKG_PATH variable, which is no longer useful since OpenBSD 6.1 installurl. |
||
---|---|---|
roles | ||
tasks | ||
vars | ||
CONTRIBUTING.md | ||
evolixisation.yml | ||
hosts | ||
LICENSE | ||
prerequisite.yml | ||
README.md |
EvoBSD 1.0
EvoBSD is an ansible project used for customising OpenBSD hosts used by Evolix.
How to install an OpenBSD machine
Note : The system must be installed with a root account only. Put your public key in the remote root's autorized_keys (/root/.ssh/authorized_keys)
1 - Install ansible's prerequisites
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
2 - Run it
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
Testing
Changes can be tested by using Packer and vmm(4) :
- This process depends on the Go programming language.
# pkg_add go packer
- We use the packer-builder-vmm project to bridge Packer and vmm(4)
$ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm
- Here is an example build file
$ vim openbsd.json
{
"description": "OpenBSD installation on vmm(4)",
"variables": {
"hostname": "evobsd",
"domain": "example.com",
"password": "evolix"
},
"builders": [
{
"type": "vmm",
"vm_name": "evobsd",
"disk_size": "2G",
"format": "qcow2",
"mem_size": "1024M",
"iso_urls": ["downloads/install64.fs", "https://ftp.nluug.nl/pub/OpenBSD/6.4/amd64/install64.fs"],
"iso_checksum": "7aa4344cb39efbf67300f97ac7eec005b607e8c19d4e31a0a593a8ee2b7136e4",
"iso_checksum_type": "sha256",
"boot_wait": "10s",
"boot_command": [
"S<enter>",
"cat <<EOF >disklabel.template<enter>",
"/ 1G-* 100%<enter>",
"EOF<enter>",
"cat <<EOF >install.conf<enter>",
"System hostname = {{user `hostname`}}<enter>",
"DNS domain name = {{user `domain`}}<enter>",
"Password for root account = {{user `password`}}<enter>",
"Do you expect to run the X Window System = no<enter>",
"Setup a user = no<enter>",
"Which disk is the root disk = sd1<enter>",
"Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = c<enter>",
"URL to autopartitioning template for disklabel = file://disklabel.template<enter>",
"Location of sets = disk<enter>",
"Is the disk partition already mounted = no<enter>",
"Set name(s) = -bsd.rd<enter>",
"Set name(s) = done<enter>",
"Directory does not contain SHA256.sig. Continue without verification = yes<enter>",
"What timezone are you in = Europe/Paris<enter>",
"EOF<enter>",
"install -af install.conf<enter>",
"<wait2m>",
"/sbin/halt -p<enter><wait15>"
]
}
]
}
- You need your unprivileged user to be able to run vmctl(8) through doas(1)
# echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf
- Build the virtual machine
$ packer build openbsd.json
- Start it
doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2
- Enable NAT on your host machine
pass out on em0 inet from tap0:network to any nat-to (em0)
assuming em0 is your egress interface
Contributions
See the contribution guidelines