DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 15th December 2014
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Creating 'install.conf' for OpenBSD automatic installations

In OpenBSD autoinstall I posted about my first experiences with the autoinstall(8) procedure. At the end of that thread I mentioned how a shell script could generate a customized install.conf file.

The result of my endeavours is presented here as mk-install.conf.sh. Included is a Makefile to prefix the generated install.conf with a MAC address and to upload to a webserver directory. See autoinstall(8) for the role of a MAC address in the naming of install.conf

The environment, in which this was developed and tested, consisted of a Linux Mint (Ubuntu and thus Debian derative) server acting as KVM host for the OpenBSD current (2014-12-12) guest installs.
An OpenBSD box, 'hercules.utp.xnet" (192.168.222.20) was configured as PXE/TFTP and web server. My OpenBSD router at 192.168.222.10 acted as DHCP server.

Things mk-install.conf.sh does not (yet) do:
  • Multiple network interfaces
  • IPv6 configuration
  • Configure a vlan interface
  • Regular (non-root) user creation
  • Multiple sources for the file sets

Some of these things, like vlan I never use because a VLAN capable switch is still missing from my hardware collection. And defining user accounts, I prefer to handle in a siteXX.tgz.

On the other hand it supports some features that the average OpenBSD user probably does not use regulary:
  • Serial console configuration
  • Selection of siteXX.tgz and siteXX-hostname.tgz and the need for handling the failing checksum and verification.

An example of a generated installation response file:
Code:
Terminal type? = vt220
System hostname = diogenes 
Which network interface do you wish to configure? = vio0 
IPv4 address for = dhcp 
Password for root account? = $2a$10$8ZnU7QJ4yYt7tk3TXyzGfuGYYjKN3Ae0BGZQ/I5hN1U/v/6DVXgpK 
Public ssh key for root account? = ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMPEpNB1XOPiaIcv2NJhG1c5Os595IebooZdnloA0OT+npTyk9FQbysijlFq+GWyc7Wu27qaELlhikj//qAyGc= adriaan@hercules.utp.xnet
Start sshd(8) by default? = yes
Start ntpd(8) by default? = yes
NTP server? (hostname or 'default') = default
Do you expect to run the X Window System? = yes
Do you want the X Window System to be started by xdm(1)? = no
Do you want to suspend on lid close? = no
Change the default console to com0? = yes
Which speed should com0 use? (or 'done') = 19200
What timezone are you in? = Europe/Amsterdam
Setup a user? = no 
Which disk is the root disk? = sd0 
Use DUIDs rather than device names in fstab? = yes
Use (W)hole disk or (E)dit the MBR? = W
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? = a
Which disk do you wish to initialize? = done
Location of sets? = http
HTTP proxy URL? = none
HTTP Server? = hercules.utp.xnet
Server directory? = snapshots/i386
Set name(s)? = -all bsd bsd.rd bsd.mp base56.tgz site56.tgz done
Checksum test for site56.tgz failed. Continue anyway? = yes
Unverified sets: site56.tgz. Continue without verification? = yes 
Checksum test for site56-diogenes.tgz failed. Continue anyway? = yes
Unverified sets: site56-diogenes.tgz. Continue without verification? = yes 
Location of sets? = done
I realized that since the install script ask for Set name(s)?, they could be enumerated in one single answer:
Code:
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, file name pattern or 'all'. Selected
sets are labelled '[X]'.
    [X] bsd           [X] base56.tgz    [X] xbase56.tgz   [X] xserv56.tgz
    [X] bsd.rd        [X] comp56.tgz    [X] xshare56.tgz  [ ] site56.tgz
    [X] bsd.mp        [X] man56.tgz     [X] xfont56.tgz
Set name(s)? (or 'abort' or 'done') [done] -all bsd bsd.rd bsd.mp base56.tgz site56.tgz done
Get/Verify SHA256.sig   100% |**************************|  2067       00:00
Signature Verified
Get/Verify bsd          100% |**************************| 10295 KB    00:00
Get/Verify bsd.rd       100% |**************************|  6773 KB    00:00
Get/Verify bsd.mp       100% |**************************| 10327 KB    00:00
Get/Verify base56.tgz   100% |**************************| 51053 KB    00:01
Get/Verify site56.tgz   100% |**************************|  4915       00:00
Checksum test for site56.tgz failed. Continue anyway? [no] yes
Unverified sets: site56.tgz. Continue without verification? [no] yes
Installing bsd          100% |**************************| 10295 KB    00:00
Installing bsd.rd       100% |**************************|  6773 KB    00:00
Installing bsd.mp       100% |**************************| 10327 KB    00:00
Installing base56.tgz   100% |**************************| 51053 KB    00:03
Extracting etc.tgz      100% |**************************|   110 KB    00:00
Installing site56.tgz   100% |**************************|  4915       00:00
Location of sets? (disk http or 'done') [done] done
Saving configuration files...done.
Making all device nodes...done.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 15th December 2014 at 02:25 AM. Reason: Added OpenBSD current (2014-12-12) as OS/installer version
Reply With Quote
  #2   (View Single Post)  
Old 15th December 2014
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default Download

The attached tarball contains the script, the Makefile, an install.conf and a serial console log of the unattended automatic install.

Notes for the Makefile

If you comment out the MAC variable the file will be uploaded to the web server as install.conf. Else the MAC address, followed by a '-' will be prefixed.

Code:
#MAC     = 52:54:00:aa:aa:01
CONF    = install.conf

.ifdef MAC
UPLOAD = ${MAC}-${CONF}
.else
UPLOAD = ${CONF}
.endif

Code:
$ make -n upload
sudo cp -p install.conf /home/www/52:54:00:aa:aa:01-install.conf

$ vi Makefile (commenting out the MAC variable)

$ make -n upload 
sudo cp -p install.conf /home/www/install.conf
Check make(1) for the purpose of the -n option in this small demo
Attached Files
File Type: tgz Autoinstall.tgz (8.1 KB, 317 views)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

Last edited by J65nko; 15th December 2014 at 02:20 AM.
Reply With Quote
  #3   (View Single Post)  
Old 1st March 2016
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default New version suitable for OpenBSD 5.9

Summary of the changes:
  • Support creation of wheel user
  • Support the 'prohibit-password' option for SSH root login
  • Support automatic disklabel procedure through a configuration file (see OpenBSD automatic disklabel allocation

Code:
Password for root account? <provided>
Public ssh key for root account? [none] ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN[snip]

Start sshd(8) by default? [yes] yes
Do you expect to run the X Window System? [yes] no
Change the default console to com0? [yes] yes
Available speeds are: 9600 19200 38400 57600 115200.
Which speed should com0 use? (or 'done') [38400] 38400

Setup a user? (enter a lower-case loginname, or 'no') [no] csmoker
Full name for user csmoker? [csmoker] Carpetsmoker
Password for user csmoker? <provided>
Public ssh key for user csmoker [none] ecdsa-sha2-nistp256 AAAAE2VjZHNhLX[snip]

WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] prohibit-password
The automatic disklabel

Code:
Available disks are: sd0.
Which disk is the root disk? ('?' for details) [sd0] sd0
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] whole
Setting OpenBSD MBR partition to whole sd0...done.
URL to autopartitioning template for disklabel? [none] http://hercules.utp.xnet/autodisklabel.txt
Fetching http://hercules.utp.xnet/autodisklabel.txt
/dev/rsd0a: 100.0MB in 204800 sectors of 512 bytes
4 cylinder groups of 25.00MB, 1600 blocks, 3200 inodes each
/dev/rsd0e: 2048.0MB in 4194304 sectors of 512 bytes
11 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0d: 200.0MB in 409600 sectors of 512 bytes
4 cylinder groups of 50.00MB, 3200 blocks, 6400 inodes each
/dev/rsd0h: 2914.0MB in 5967872 sectors of 512 bytes
15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0f: 500.0MB in 1024000 sectors of 512 bytes
4 cylinder groups of 125.00MB, 8000 blocks, 16000 inodes each
/dev/rsd0g: 200.0MB in 409600 sectors of 512 bytes
4 cylinder groups of 50.00MB, 3200 blocks, 6400 inodes each
/dev/sd0a (286220d9cb3c95a8.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd0e (286220d9cb3c95a8.e) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0d (286220d9cb3c95a8.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0h (286220d9cb3c95a8.h) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
/dev/sd0f (286220d9cb3c95a8.f) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0g (286220d9cb3c95a8.g) on /mnt/var/log type ffs (rw, asynchronous, local, nodev, nosuid)

Let's install the sets!
The contents of the tarball:
Code:
$ tar tvzf Autoinstall_2016_0301.tgz
 drwxr-xr-x  0      Mar  1 04:05 Autoinstall
 -rw-r--r--  964    Mar  1 04:00 Autoinstall/Makefile
 -rwxr--r--  6326   Mar  1 04:00 Autoinstall/mk-install.conf.sh
 -rw-r--r--  2013   Mar  1 04:00 Autoinstall/install.conf
 -rw-r--r--  11148  Mar  1 04:00 Autoinstall/wheel-user-log.txt
 -rw-r--r--  76     Mar  1 04:05 Autoinstall/autodisklabel.txt
The mk-install.conf.sh script and the Makefile are used to create the install.conf file.
wheel-user-log.txt is a log captured with serial console of an automatic install using that response file.

Have fun
Attached Files
File Type: tgz Autoinstall_2016_0301.tgz (7.0 KB, 357 views)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 12th September 2016
persistent_ignoramus persistent_ignoramus is offline
Real Name: Branislav
New User
 
Join Date: Sep 2009
Location: Belgrade,Kosovo,Serbia
Posts: 4
Default

This thread should be made sticky...for generations to come, just like MIT published it's LISP lectures

Thank you J65nko.
Reply With Quote
  #5   (View Single Post)  
Old 19th July 2022
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

For another different approach see http://daemonforums.org/showthread.php?t=12137
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Tags
autoinstall, install.conf, openbsd, openbsd automatic install, unattended install

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating scenario with OpenBSD, network benky OpenBSD Security 10 12th February 2015 09:35 PM
OpenBSD Call For Testing Of OpenBSD Automatic Installation J65nko News 0 10th January 2014 03:08 PM
Security Large botnet attacks WordPress installations worldwide J65nko News 1 15th April 2013 03:51 PM
Ram usage on default installations libertas General software and network 7 21st January 2012 04:46 PM
setting $PKGDIR screws up port installations TerryP FreeBSD Ports and Packages 9 27th June 2008 03:45 AM


All times are GMT. The time now is 04:47 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick