diff options
| -rw-r--r-- | BACKLOG.md | 1 | ||||
| -rw-r--r-- | files/autoinstall-openbsd-on-qemu.sh (renamed from _drafts/autoinstall-openbsd-on-qemu.sh) | 6 | ||||
| -rw-r--r-- | posts/autoinstall-openbsd-on-qemu.md (renamed from _drafts/autoinstall-openbsd-on-qemu.md) | 43 |
3 files changed, 25 insertions, 25 deletions
@@ -56,4 +56,3 @@ * SQLite hexastore vs. Neo4j * Setup a FreeBSD sftp server with basic email notifications from the command-line using bash, ssh, and the DigitalOcean command-line application * Cloud/VPS provider comparison -* Auto-install OpenBSD to QEMU guest machine diff --git a/_drafts/autoinstall-openbsd-on-qemu.sh b/files/autoinstall-openbsd-on-qemu.sh index d700482..d71a3dc 100644 --- a/_drafts/autoinstall-openbsd-on-qemu.sh +++ b/files/autoinstall-openbsd-on-qemu.sh @@ -3,7 +3,7 @@ # Auto-install OpenBSD/amd64 6.7 on QEMU. # # First published at https://www.skreutz.com/posts/autoinstall-openbsd-on-qemu/ -# on 21 July 2020. +# on 22 July 2020. # # Copyright (c) 2020 Stefan Kreutz <mail@skreutz.com> # @@ -96,7 +96,7 @@ EOF printf "Fetched kernel, PXE bootstrap program, and file sets from %s\\n" "${RSYNC_MIRROR}" fi -# Create autoinstall configuration if not exists. +# Create autoinstall(8) configuration if not exists. if [ ! -e mirror/install.conf ] then cat << EOF > mirror/install.conf @@ -120,7 +120,7 @@ EOF printf "Created example response file for autoinstall(8) at ./mirror/install.conf\\n" fi -# Create disklabel configuration if not exists. +# Create disklabel(8) configuration if not exists. if [ ! -e mirror/disklabel ] then cat << EOF > mirror/disklabel diff --git a/_drafts/autoinstall-openbsd-on-qemu.md b/posts/autoinstall-openbsd-on-qemu.md index 4550fcc..ca80cfa 100644 --- a/_drafts/autoinstall-openbsd-on-qemu.md +++ b/posts/autoinstall-openbsd-on-qemu.md @@ -1,11 +1,9 @@ --- title: Auto-install OpenBSD on QEMU description: How to perform an unattended installation of OpenBSD on the QEMU virtual machine monitor. -published: 2020-07-21 +published: 2020-07-22 --- -<!-- TODO: Update published date in post and script. --> - I happen to develop a pet project of mine on a Linux desktop, while actually targeting an [OpenBSD](https://www.openbsd.org/) server. Thus I searched for a scriptable way to install OpenBSD on the [QEMU](https://www.qemu.org/) virtual machine manager, such that I could automate a local integration test against OpenBSD running on Linux. @@ -14,41 +12,41 @@ During a normal, interactive installation, you answer a series of questions like At the end of the installation, the installer sends a recorded list of those questions along with your answers to the root user's mail box. You can then adapt this so-called _response file_ to your needs and feed it to the [autoinstall(8)](https://man.openbsd.org/OpenBSD-6.7/autoinstall) command to perform an unattended installation. -In the remainder of this post, I show how to auto-install OpenBSD/amd64 6.7 on the QEMU PC system emulator 5.0.0. +In the remainder of this post, I will show how to auto-install OpenBSD/amd64 6.7 on the QEMU PC system emulator 5.0.0. In the end, I will present a simple yet [complete POSIX shell script](/files/autoinstall-openbsd-on-qemu.sh) to get the job done. The script is intended to run on Linux, though. If you already have a running OpenBSD installation, you should consider to use OpenBSD's own hypervisor [vmm(4)](https://man.openbsd.org/OpenBSD-6.7/vmm) instead of QEMU as described in the [OpenBSD FAQ](https://www.openbsd.org/faq/faq16.html) and in this [blog post](https://eradman.com/posts/autoinstall-openbsd.html) by Eric Radman. We will perform the following steps: -1. Install prerequisites +1. Install several prerequisites 1. Setup a local OpenBSD mirror 1. Configure the installation 1. Setup a network boot environment 1. Install the virtual machine 1. Log in to the virtual machine -## Install prerequisites +## Prerequisites We will use the following tools: * [curl](https://curl.haxx.se/), a data transfer tool (and library) -* [OpenSSH](https://www.openssh.com/portable.html), a remote login tool -* [QEMU](https://www.qemu.org/), a virtual machine monitor +* [OpenSSH](https://www.openssh.com/), a remote login tool +* [QEMU](https://www.qemu.org/), a virtual machine monitor (or hypervisor) * [rsync](https://rsync.samba.org/), an incremental file transfer tool -* [signify](https://github.com/aperezdc/signify), a cryptographic signature tool -* [socat](http://www.dest-unreach.org/socat/), a successor of the infamous TCP/IP Swiss Army knife, [netcat](https://nc110.sourceforge.io/) +* [signify](https://github.com/aperezdc/signify), a cryptographic signature tool[^signify-portable] +* [socat](http://www.dest-unreach.org/socat/), a successor of the infamous TCP/IP Swiss Army knife [netcat](https://nc110.sourceforge.io/) Chances are that your Linux distribution of choice packages these tools. For example, the following command installs them on Arch Linux: $ sudo pacman -S curl openssh qemu rsync signify socat -## Setup a local OpenBSD mirror +## Local OpenBSD mirror To begin with, we setup a partial, local [OpenBSD mirror](https://www.openbsd.org/ftp.html). -First, we create the [directory layout](https://www.openbsd.org/ftp.html#layout): +First, we create the relevant part of the [directory layout](https://www.openbsd.org/ftp.html#layout): $ mkdir -p mirror/pub/OpenBSD/6.7/amd64 @@ -88,14 +86,14 @@ Fourth, we verify the fetched files using [signify(1)](https://man.openbsd.org/O Finally, we serve the local mirror at <http://127.0.0.1:8080/>. Feel free to use your web server of choice. -Chances are, that your Linux distribution comes with Python's [http.server module](https://docs.python.org/3/library/http.server.html): +Chances are, that your Linux distribution comes with Python's [http.server](https://docs.python.org/3/library/http.server.html) module: $ python3 \ -m http.server \ --directory mirror \ --bind 127.0.0.1 8080 -## Configure the installation +## Configuration First, we create a response file for [autoinstall(8)](https://man.openbsd.org/OpenBSD-6.7/autoinstall) at `mirror/install.conf`:[^response-file] @@ -140,7 +138,7 @@ Next, we create a [disklabel(8)](https://man.openbsd.org/OpenBSD-6.7/disklabel) Finally, we create an optional site-specific file set. This way, we can run some commands at the end of the installation. Here, we reset the OpenBSD mirror server used by [pkg_add(1)](https://man.openbsd.org/OpenBSD-6.7/pkg_add) and other commands.[^restrict-network] -Moreover, we permit the wheel user group --- and thus the user `puffy` --- to run any command as root without entering their password using [doas(1)](https://man.openbsd.org/OpenBSD-6.7/doas). +Moreover, we permit the user group `wheel` --- and thus the user `puffy` --- to run any command as the user `root` without entering their password using [doas(1)](https://man.openbsd.org/OpenBSD-6.7/doas). Create the file `site/install.site`: @@ -157,7 +155,7 @@ Then, make the file executable, package the file set, and add it to the local Op $ ( cd site && tar -czf ../mirror/pub/OpenBSD/6.7/amd64/site67.tgz . ) $ ( cd mirror/pub/OpenBSD/6.7/amd64 && ls -l > index.txt ) -## Setup a network boot environment +## Network boot environment We create a dedicated directory to serve the OpenBSD kernel and PXE bootstrap program over [TFTP](https://en.wikipedia.org/w/index.php?title=Trivial_File_Transfer_Protocol&oldid=959587822): @@ -171,7 +169,7 @@ Furthermore, we create a [boot(8)](https://man.openbsd.org/OpenBSD-6.7/man8/amd6 set tty com0 boot tftp:/bsd.rd -## Install the virtual machine +## Installation First, we create a copy-on-write disk image using [qemu-img(1)](https://www.qemu.org/docs/master/tools/qemu-img.html): @@ -195,14 +193,14 @@ The `-m` option sets the amount of virtual memory. The `-drive` option attaches the previously created copy-on-write disk image as a [Virtio](https://wiki.libvirt.org/page/Virtio) disk drive. The `-device` option attaches a standard network adapter. The `-netdev` option configures a virtual network `10.0.2.0/24` where `10.0.2.2` and `10.0.2.15` point to the QEMU host and guest respectively. -Moreover, we instruct QEMU to (a) run an embedded TFTP server, (b) redirect port 2222 on the host to port 22 on the guest, and (c) redirect port 80 on the virtual host address `10.0.2.1` to port 8080 on the host. +Moreover, we instruct QEMU to (a) run an embedded TFTP server at `10.0.2.1`, (b) redirect port 2222 on the host to port 22 on the guest, and (c) redirect port 80 on the virtual host address `10.0.2.1` to port 8080 on the host. The former port redirection enables us to log in to the guest using [ssh(1)](https://man.openbsd.org/OpenBSD-6.7/ssh), and the latter port redirection frees us from binding to the privileged port 80 on the host.[^socat] Finally, the `-nographic` option turns QEMU into a command-line application that redirects the emulated serial port to the console. Press `C-a x` to stop the virtual machine, or `C-a h` to show other options. -## Log in to the virtual machine +## Login -Once the virtual machine has booted, you can login as the user `puffy` using [ssh(1)](https://man.openbsd.org/OpenBSD-6.7/ssh): +Once the virtual machine has booted, you can log in as the user `puffy` using [ssh(1)](https://man.openbsd.org/OpenBSD-6.7/ssh): ssh \ -o "StrictHostKeyChecking no" \ @@ -226,6 +224,9 @@ For example, I use a simple, yet [complete POSIX shell script](/files/autoinstal In fact, I have written another script to install and test the said pet project of mine as well. But this is out of scope here. +[^signify-portable]: + We use Adrian Perez' [portable version](https://github.com/aperezdc/signify) of OpenBSD's [signify(1)](https://man.openbsd.org/OpenBSD-6.7/signify) here. + [^sha256]: You can also verify the [SHA256 checksums](https://ftp.openbsd.org/pub/OpenBSD/6.7/amd64/SHA256) of the fetched files if you cannot use [signify(1)](https://man.openbsd.org/OpenBSD-6.7/signify). @@ -238,4 +239,4 @@ But this is out of scope here. [^socat]: I failed to forward port 80 on the virtual host address to port 8080 on the local host using [qemu-system-x86_64(1)](https://www.qemu.org/docs/master/system/qemu-manpage.html)'s `guestfwd` alone. - Instead, I resorted to the invaluable [socat(1)](http://www.dest-unreach.org/socat/doc/socat.html). + That's why I resorted to the invaluable [socat(1)](http://www.dest-unreach.org/socat/doc/socat.html). |