DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th May 2021
dennisN86 dennisN86 is offline
New User
 
Join Date: Jan 2021
Posts: 7
Default No user for in PXE-Boot Server environment to boot Diskless clients

Hi folks,

I'm trying to get a pxe-boot server up and running, which should serve a couple more SBCs in my network with it OSs.

I'm following the detailed guide for diskless clients in the OpenBSD man pages: https://man.openbsd.org/diskless

1. Add an entry to /etc/ethers corresponding to the client's Ethernet address:
Code:
00:0D:B9:2D:C3:30	reverse-proxy
2. Assign an IP address for myclient in /etc/hosts:
Code:
10.10.10.3	reverse-proxy
3. If booting an amd64 or i386 client, ensure that tftpd(8) is configured...
Code:
# cat /etc/rc.conf.local
tftpd_flags=-4 /tftp
bootparamd_flags=
dhcpd_flags=em1
httpd_flags=
mountd_flags=
nfsd_flags=
ntpd_flags=
portmap_flags=
rarpd_flags=
4. Install a copy of the appropriate diskless boot loader in /tftp:
Code:
# pwd
/tftp
# tree
|-- bsd
|-- etc
|   `-- boot.conf
|-- pxeboot
5. Add myclient to the bootparams database /etc/bootparams:
Code:
# cat /etc/bootparams
reverse-proxy	root=10.10.10.1:/var/export/reverse-proxy \
reverse-proxy	swap=/dev/sd0b
6. Build the swap for my client:

I'm leaving out this step and instead add a usb-stick to the SBC in order not to have to many unnecessary writes to the SSD in the pxe-boot server. Swapctl recognizes the usb-stick on boot.

7. Populate my clients root filesystem on the server:

I've done so following this guide from the official papers on the OpenBSD website: https://www.openbsd.org/papers/bsdcan2019_netboot.pdf

Code:
# mkdir -p /var/export/reverse-proxy
# tar xzphf base69.tgz -C /var/export/reverse-proxy
# cd /var/export/reverse-proxy/var/sysmerge
# tar xzphf etc.tgz -C /var/export/reverse-proxy/
# cd /var/export/reverse-proxy/dev
# ./MAKEDEV all
I'm editing a couple more files the paper describes:
Code:
# echo "reverse-proxy.example.com" > etc/myname
# echo "127.0.0.1	localhost" > etc/hosts
# echo "dhcp" > etc/hostname.vr0
# echo "portmap_flags=" >> etc/rc.conf.local
# echo '+:*::::::::' >> etc/master.passwd
# echo '+:*::'       >> etc/group
# pwd_mkdb -d etc -p etc/master.passwd
# cap_mkdb -f etc/login.conf /etc/login.conf

Now the system boots up...
Code:
PXE boot MAC address 00:0d:b9:2d:c3:30, interface vr0
nfs_boot: using interface vr0, with revarp & bootparams
nfs_boot: client_addr=10.10.10.3                       
nfs_boot: server_addr=10.10.10.1 hostname=reverse-proxy
root on 10.10.10.1:/var/export/reverse-proxy           
clock: unknown CMOS layout                  
nfs_boot: bootparam get swap: 60
WARNING: no swap                
Automatic boot in progress: starting file system checks.
mount: realpath none: No such file or directory
chmod: /bsd: No such file or directory
ln: /bsd: No such file or directory
pf enabled
starting network
vr0: 10.10.10.3 lease accepted from 10.10.10.1 (00:0d:b9:44:ec:5d)
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons: portmap.
mount: realpath none: No such file or directory
savecore: no core dump (no dumpdev)
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd smtpd sndiod.
starting local daemons: cron.
Sat May  8 09:18:29 MDT 2021
...to the point one would usually enter his Login/Password credentials. Since there is no user existing, this is all fine. My question now is: Which files do I have to edit or copy from an existing installation to add a user to the OS?

Thanks!
Reply With Quote
  #2   (View Single Post)  
Old 8th May 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,402
Default

Users are defined in /etc/*passwd* files. See passwd(5).
Reply With Quote
  #3   (View Single Post)  
Old 8th May 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,776
Default

You can create users in a script. This is what I use to automate it:
Code:
# ----------------------------------------------------
echo ADDING USERS j65nko adriaan  snap

DEBUG=echo 
DEBUG=''

#---------------------------
create_user() {
   local NAME PASSWORD UID
   NAME="$1"
   UID="$2"
   PASSWORD="$3"
   echo Creating user: ${NAME} 
#   $DEBUG useradd -m \
#   -m option wants to create home dirs
   $DEBUG useradd \
        -g ${NAME} \
        -G wheel,operator \
        -d /home/${NAME} \
        -k /etc/skel \
        -s /bin/ksh \
        -L staff \
        -p ${PASSWORD} \
        -u ${UID} \
        -g =uid \
         ${NAME} 
}

#        -d /home/${NAME} \
# password created with : $ echo MySecretPassword | encrypt -b10

create_user j65nko  1001 '$2b$10$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
create_user snap    1002 '$2b$10$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Attached Files
File Type: sh _addding_users.sh (1.2 KB, 7 views)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 8th May 2021 at 08:51 PM.
Reply With Quote
  #4   (View Single Post)  
Old 8th May 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,402
Default

I've been using the built-in adduser(8) script instead of writing my own scripts with useradd(8). Less effort for similar results.

There are many, many user management tools available. Certainly, many more than we actually need.
Reply With Quote
  #5   (View Single Post)  
Old 9th May 2021
dennisN86 dennisN86 is offline
New User
 
Join Date: Jan 2021
Posts: 7
Default

How do I make user of either J65nkos script or the built-in adduser command, when the target is a NFS share and not the currently running OpenBSD install?
Reply With Quote
  #6   (View Single Post)  
Old 9th May 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,402
Default

There are actually 4 password files that all the various userid management utilities manage synchronously. They are normally located in /etc:
  1. /etc/passwd
  2. /etc/master.passwd
  3. /etc/pwd.db
  4. /etc/spwd.db
There's also a temporary lock file, /etc/ptmp, to ensure serialization of multiple changes.

You have choices, such as:

  • Add your thin client/clients as users in your base system, then copy these files into your thin client private "/etc".
  • Create your custom passwd(5) file in a working directory, then use pwd_mkdb(8) to create these 4 files in your private "/etc" directory with the -d and -p options.
  • Create a complete chroot(8) environment for your thin clients and use any of the userid / password utilitites within the chroot() jail.
If this were my task, I'd choose the first of these, as it is the simplest solution.

Last edited by jggimi; 9th May 2021 at 09:43 AM. Reason: clarity, additional comment
Reply With Quote
  #7   (View Single Post)  
Old 9th May 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,776
Default

There is also an nr 5.: /etc/group ;-)

More than 15 years ago, I wrote that user creation script as building block of a install.site script. It is included in a so-called siteXX.tgz or siteXX-$(hostname -s).tgz during installation. See Customizing the Install Process.

I have never done a diskless client setup, so I don't know whether something similar can be done in that particular environment. Would something simpler like rc.firsttime(8) be feasible to create the user(s)?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 9th May 2021 at 08:21 PM.
Reply With Quote
  #8   (View Single Post)  
Old 10th May 2021
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,402
Default

Quote:
Originally Posted by J65nko View Post
There is also an nr 5.: /etc/group ;-)
Thanks!
Reply With Quote
  #9   (View Single Post)  
Old 10th May 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,776
Default

Another more complicated approach would be to set up YP directory services. You did that partly with
Code:
# echo '+:*::::::::' >> etc/master.passwd
# echo '+:*::'       >> etc/group
See the complete instructions at Directory Services
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 10th May 2021
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,776
Default

A transcript of adding users to an existing VPS system and creating a tarball of the affected file/databases in /etc:
Code:
root@nedrag[~]ls -lT /etc/*pass*
-rw-------  1 root  wheel  4101 Apr 28 02:53:48 2021 /etc/master.passwd
-rw-r--r--  1 root  wheel  3629 Apr 28 02:53:48 2021 /etc/passwd

root@nedrag[~]touch MARKER
root@nedrag[~]ls -lT MARKER
-rw-r--r--  1 root  wheel  0 May 10 23:55:30 2021 MARKER

root@nedrag[~]find /etc/ -newer MARKER
root@nedrag[~]

root@nedrag[~]sh _adding_users.sh                                                                                      
ADDING USERS joe kamala
Creating user: joe
useradd: Warning: home directory `/home/joe' doesn't exist, and -m was not specified
Creating user: kamala
useradd: Warning: home directory `/home/kamala' doesn't exist, and -m was not specified

root@nedrag[~]find /etc/ -newer MARKER 
/etc/
/etc/group
/etc/master.passwd
/etc/passwd
/etc/pwd.db
/etc/spwd.db

root@nedrag[~]tar cvf MyUserDB.tgz -C /etc group passwd master.passwd pwd.db spwd.db 
group
passwd
master.passwd
pwd.db
spwd.db

root@nedrag[~]tar tvf MyUserDB.tgz                                                                                     
-rw-r--r--  1 root     wheel         1250 May 10 23:56 group
-rw-r--r--  1 root     wheel         3707 May 10 23:56 passwd
-rw-------  1 root     wheel         4317 May 10 23:56 master.passwd
-rw-r--r--  1 root     wheel        40960 May 10 23:56 pwd.db
-rw-r-----  1 root     _shadow      40960 May 10 23:56 spwd.db
Do a simple install on either real hardware or in a virtual image disk. And run the script, adapted to your users.
You then could copy and untar the MyUserDB.tgz on the partition/directory you serve to your diskless clients.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Old 13th May 2021
dennisN86 dennisN86 is offline
New User
 
Join Date: Jan 2021
Posts: 7
Default

Thanks for you help jggimi and J65nko. Since I had an cf-card install still in place, I just put it back in and did those two steps:

Code:
reverse-proxy# tar cvf adminUserDB.tgz -C /etc group passwd master.passwd pwd.db spwd.db 
group
passwd
master.passwd
pwd.db
spwd.db

reverse-proxy# tar tvf adminUserDB.tgz
-rw-r--r--  1 root     wheel         1250 May 10 23:56 group
-rw-r--r--  1 root     wheel         3707 May 10 23:56 passwd
-rw-------  1 root     wheel         4317 May 10 23:56 master.passwd
-rw-r--r--  1 root     wheel        40960 May 10 23:56 pwd.db
-rw-r-----  1 root     _shadow      40960 May 10 23:56 spwd.db
I can login now and I'm happy to have a diskless client running in my network.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBSD user AutoLogin after boot? mbzadegan OpenBSD Security 3 7th February 2018 12:43 PM
Invalid Signature when trying to boot Ubuntu 14.04 (Dual Boot) bsd007 FreeBSD General 7 18th September 2014 12:37 PM
Create a partition for OpenBSD in a multi-boot OS environment cravuhaw2C OpenBSD Installation and Upgrading 9 14th July 2014 09:16 AM
Freebsd server wont boot rpadilla FreeBSD General 5 11th June 2008 04:09 PM
Dual-boot laptop won't boot OpenBSD after upgrade to 4.3 kbeaucha OpenBSD Installation and Upgrading 17 30th May 2008 02:40 PM


All times are GMT. The time now is 05:43 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick