Creating 'install.conf' for OpenBSD automatic installations

[J65nko]

In OpenBSD autoinstall I posted about my first experiences with the autoinstall(8) procedure. At the end of that thread I mentioned how a shell script could generate a customized install.conf file.

The result of my endeavours is presented here as mk-install.conf.sh. Included is a Makefile to prefix the generated install.conf with a MAC address and to upload to a webserver directory. See autoinstall(8) for the role of a MAC address in the naming of install.conf

The environment, in which this was developed and tested, consisted of a Linux Mint (Ubuntu and thus Debian derative) server acting as KVM host for the OpenBSD current (2014-12-12) guest installs.
An OpenBSD box, 'hercules.utp.xnet" (192.168.222.20) was configured as PXE/TFTP and web server. My OpenBSD router at 192.168.222.10 acted as DHCP server.

Things mk-install.conf.sh does not (yet) do:

• Multiple network interfaces
• IPv6 configuration
• Configure a vlan interface
• Regular (non-root) user creation
• Multiple sources for the file sets

Some of these things, like vlan I never use because a VLAN capable switch is still missing from my hardware collection. And defining user accounts, I prefer to handle in a siteXX.tgz.

On the other hand it supports some features that the average OpenBSD user probably does not use regulary:

• Serial console configuration
• Selection of siteXX.tgz and siteXX-hostname.tgz and the need for handling the failing checksum and verification.

An example of a generated installation response file:

Code:

Terminal type? = vt220
System hostname = diogenes 
Which network interface do you wish to configure? = vio0 
IPv4 address for = dhcp 
Password for root account? = $2a$10$8ZnU7QJ4yYt7tk3TXyzGfuGYYjKN3Ae0BGZQ/I5hN1U/v/6DVXgpK 
Public ssh key for root account? = ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCMPEpNB1XOPiaIcv2NJhG1c5Os595IebooZdnloA0OT+npTyk9FQbysijlFq+GWyc7Wu27qaELlhikj//qAyGc= adriaan@hercules.utp.xnet
Start sshd(8) by default? = yes
Start ntpd(8) by default? = yes
NTP server? (hostname or 'default') = default
Do you expect to run the X Window System? = yes
Do you want the X Window System to be started by xdm(1)? = no
Do you want to suspend on lid close? = no
Change the default console to com0? = yes
Which speed should com0 use? (or 'done') = 19200
What timezone are you in? = Europe/Amsterdam
Setup a user? = no 
Which disk is the root disk? = sd0 
Use DUIDs rather than device names in fstab? = yes
Use (W)hole disk or (E)dit the MBR? = W
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? = a
Which disk do you wish to initialize? = done
Location of sets? = http
HTTP proxy URL? = none
HTTP Server? = hercules.utp.xnet
Server directory? = snapshots/i386
Set name(s)? = -all bsd bsd.rd bsd.mp base56.tgz site56.tgz done
Checksum test for site56.tgz failed. Continue anyway? = yes
Unverified sets: site56.tgz. Continue without verification? = yes 
Checksum test for site56-diogenes.tgz failed. Continue anyway? = yes
Unverified sets: site56-diogenes.tgz. Continue without verification? = yes 
Location of sets? = done

I realized that since the install script ask for Set name(s)?, they could be enumerated in one single answer:

Code:

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, file name pattern or 'all'. Selected
sets are labelled '[X]'.
    [X] bsd           [X] base56.tgz    [X] xbase56.tgz   [X] xserv56.tgz
    [X] bsd.rd        [X] comp56.tgz    [X] xshare56.tgz  [ ] site56.tgz
    [X] bsd.mp        [X] man56.tgz     [X] xfont56.tgz
Set name(s)? (or 'abort' or 'done') [done] -all bsd bsd.rd bsd.mp base56.tgz site56.tgz done
Get/Verify SHA256.sig   100% |**************************|  2067       00:00
Signature Verified
Get/Verify bsd          100% |**************************| 10295 KB    00:00
Get/Verify bsd.rd       100% |**************************|  6773 KB    00:00
Get/Verify bsd.mp       100% |**************************| 10327 KB    00:00
Get/Verify base56.tgz   100% |**************************| 51053 KB    00:01
Get/Verify site56.tgz   100% |**************************|  4915       00:00
Checksum test for site56.tgz failed. Continue anyway? [no] yes
Unverified sets: site56.tgz. Continue without verification? [no] yes
Installing bsd          100% |**************************| 10295 KB    00:00
Installing bsd.rd       100% |**************************|  6773 KB    00:00
Installing bsd.mp       100% |**************************| 10327 KB    00:00
Installing base56.tgz   100% |**************************| 51053 KB    00:03
Extracting etc.tgz      100% |**************************|   110 KB    00:00
Installing site56.tgz   100% |**************************|  4915       00:00
Location of sets? (disk http or 'done') [done] done
Saving configuration files...done.
Making all device nodes...done.

[J65nko]

The attached tarball contains the script, the Makefile, an install.conf and a serial console log of the unattended automatic install.

Notes for the Makefile

If you comment out the MAC variable the file will be uploaded to the web server as install.conf. Else the MAC address, followed by a '-' will be prefixed.

Code:

#MAC     = 52:54:00:aa:aa:01
CONF    = install.conf

.ifdef MAC
UPLOAD = ${MAC}-${CONF}
.else
UPLOAD = ${CONF}
.endif

Code:

$ make -n upload
sudo cp -p install.conf /home/www/52:54:00:aa:aa:01-install.conf

$ vi Makefile (commenting out the MAC variable)

$ make -n upload 
sudo cp -p install.conf /home/www/install.conf

Check make(1) for the purpose of the -n option in this small demo

[J65nko]

Summary of the changes:

• Support creation of wheel user
• Support the 'prohibit-password' option for SSH root login
• Support automatic disklabel procedure through a configuration file (see OpenBSD automatic disklabel allocation

Code:

Password for root account? <provided>
Public ssh key for root account? [none] ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN[snip]

Start sshd(8) by default? [yes] yes
Do you expect to run the X Window System? [yes] no
Change the default console to com0? [yes] yes
Available speeds are: 9600 19200 38400 57600 115200.
Which speed should com0 use? (or 'done') [38400] 38400

Setup a user? (enter a lower-case loginname, or 'no') [no] csmoker
Full name for user csmoker? [csmoker] Carpetsmoker
Password for user csmoker? <provided>
Public ssh key for user csmoker [none] ecdsa-sha2-nistp256 AAAAE2VjZHNhLX[snip]

WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] prohibit-password

The automatic disklabel

Code:

Available disks are: sd0.
Which disk is the root disk? ('?' for details) [sd0] sd0
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] whole
Setting OpenBSD MBR partition to whole sd0...done.
URL to autopartitioning template for disklabel? [none] http://hercules.utp.xnet/autodisklabel.txt
Fetching http://hercules.utp.xnet/autodisklabel.txt
/dev/rsd0a: 100.0MB in 204800 sectors of 512 bytes
4 cylinder groups of 25.00MB, 1600 blocks, 3200 inodes each
/dev/rsd0e: 2048.0MB in 4194304 sectors of 512 bytes
11 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0d: 200.0MB in 409600 sectors of 512 bytes
4 cylinder groups of 50.00MB, 3200 blocks, 6400 inodes each
/dev/rsd0h: 2914.0MB in 5967872 sectors of 512 bytes
15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0f: 500.0MB in 1024000 sectors of 512 bytes
4 cylinder groups of 125.00MB, 8000 blocks, 16000 inodes each
/dev/rsd0g: 200.0MB in 409600 sectors of 512 bytes
4 cylinder groups of 50.00MB, 3200 blocks, 6400 inodes each
/dev/sd0a (286220d9cb3c95a8.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd0e (286220d9cb3c95a8.e) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0d (286220d9cb3c95a8.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0h (286220d9cb3c95a8.h) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
/dev/sd0f (286220d9cb3c95a8.f) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0g (286220d9cb3c95a8.g) on /mnt/var/log type ffs (rw, asynchronous, local, nodev, nosuid)

Let's install the sets!

The contents of the tarball:

Code:

$ tar tvzf Autoinstall_2016_0301.tgz
 drwxr-xr-x  0      Mar  1 04:05 Autoinstall
 -rw-r--r--  964    Mar  1 04:00 Autoinstall/Makefile
 -rwxr--r--  6326   Mar  1 04:00 Autoinstall/mk-install.conf.sh
 -rw-r--r--  2013   Mar  1 04:00 Autoinstall/install.conf
 -rw-r--r--  11148  Mar  1 04:00 Autoinstall/wheel-user-log.txt
 -rw-r--r--  76     Mar  1 04:05 Autoinstall/autodisklabel.txt

The mk-install.conf.sh script and the Makefile are used to create the install.conf file.
wheel-user-log.txt is a log captured with serial console of an automatic install using that response file.

Have fun

[persistent_ignoramus]

This thread should be made sticky...for generations to come, just like MIT published it's LISP lectures

Thank you J65nko.

[J65nko]

For another different approach see http://daemonforums.org/showthread.php?t=12137