147 lines
4.4 KiB
Markdown
147 lines
4.4 KiB
Markdown
# EvoBSD 1.0
|
||
|
||
EvoBSD is an ansible project used for customising OpenBSD hosts
|
||
used by Evolix.
|
||
|
||
## How to install an OpenBSD machine
|
||
|
||
**Note :** The system must be installed with a root account only. Put your public key in the remote root's autorized_keys (/root/.ssh/authorized_keys)
|
||
|
||
1 - Install ansible's prerequisites
|
||
|
||
```
|
||
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
|
||
```
|
||
|
||
2 - Run it!
|
||
|
||
```
|
||
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
|
||
```
|
||
|
||
### Try it on a disposable system!
|
||
|
||
The easiest way to try EvoBSD is by using packer and vmm :
|
||
|
||
* First of all let's install go and packer on your host system
|
||
|
||
```
|
||
# pkg_add go packer
|
||
```
|
||
|
||
* Then we gonna use [packer-builder-vmm](https://github.com/prep/packer-builder-vmm) project availbale on Github
|
||
|
||
```
|
||
$ go get -u github.com/prep/packer-builder-vmm/cmd/packer-builder-vmm
|
||
```
|
||
|
||
* We have to create a definition file for packer
|
||
|
||
```
|
||
$ vim openbsd.json
|
||
```
|
||
|
||
{
|
||
"description": "OpenBSD installation on VMM",
|
||
|
||
"variables": {
|
||
"hostname": "evobsd",
|
||
"domain": "example.com",
|
||
|
||
"password": "evolix"
|
||
},
|
||
|
||
"builders": [
|
||
{
|
||
"type": "vmm",
|
||
"vm_name": "evobsd",
|
||
"disk_size": "2G",
|
||
"format": "qcow2",
|
||
"mem_size": "1024M",
|
||
|
||
"iso_urls": ["downloads/install64.fs", "https://ftp.nluug.nl/pub/OpenBSD/6.4/amd64/install64.fs"],
|
||
"iso_checksum": "7aa4344cb39efbf67300f97ac7eec005b607e8c19d4e31a0a593a8ee2b7136e4",
|
||
"iso_checksum_type": "sha256",
|
||
|
||
"boot_wait": "10s",
|
||
"boot_command": [
|
||
"S<enter>",
|
||
|
||
"cat <<EOF >disklabel.template<enter>",
|
||
"/ 1G-* 100%<enter>",
|
||
"EOF<enter>",
|
||
|
||
"cat <<EOF >install.conf<enter>",
|
||
"System hostname = {{user `hostname`}}<enter>",
|
||
"DNS domain name = {{user `domain`}}<enter>",
|
||
"Password for root account = {{user `password`}}<enter>",
|
||
"Do you expect to run the X Window System = no<enter>",
|
||
"Setup a user = no<enter>",
|
||
"Which disk is the root disk = sd1<enter>",
|
||
"Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = c<enter>",
|
||
"URL to autopartitioning template for disklabel = file://disklabel.template<enter>",
|
||
"Location of sets = disk<enter>",
|
||
"Is the disk partition already mounted = no<enter>",
|
||
"Set name(s) = -bsd.rd<enter>",
|
||
"Set name(s) = done<enter>",
|
||
"Directory does not contain SHA256.sig. Continue without verification = yes<enter>",
|
||
"What timezone are you in = Europe/Paris<enter>",
|
||
"EOF<enter>",
|
||
|
||
"install -af install.conf<enter>",
|
||
"<wait2m>",
|
||
|
||
"/sbin/halt -p<enter><wait15>"
|
||
]
|
||
}
|
||
]
|
||
}
|
||
|
||
|
||
* You need your unprivileged user to be able to run vmctl through doas
|
||
|
||
```
|
||
# echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl
|
||
```
|
||
|
||
* Eventually you can build your virtual machine
|
||
|
||
```
|
||
$ packer build openbsd.json
|
||
```
|
||
|
||
* Once the building is done, run your VM like this
|
||
|
||
```
|
||
doas vmctl start evobsd -cL -d output-vmm/evobsd.qcow2
|
||
```
|
||
|
||
## Contributions
|
||
|
||
Contributions to this project are most welcome! The best way is to create a
|
||
pull request so that after review it's merged.
|
||
|
||
## License
|
||
|
||
MIT License
|
||
|
||
Copyright (c) 2019 Evolix
|
||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||
of this software and associated documentation files (the "Software"), to deal
|
||
in the Software without restriction, including without limitation the rights
|
||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||
copies of the Software, and to permit persons to whom the Software is
|
||
furnished to do so, subject to the following conditions:
|
||
|
||
The above copyright notice and this permission notice shall be included in all
|
||
copies or substantial portions of the Software.
|
||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||
SOFTWARE.
|