(auto)Installing BSD Systems The auto-installation methods you can use to set BSD operating systems up and running ----- After more than a decade in touch with systems like FreeBSD, not by just consuming them as an end-user but also by working as a sysadmin or by developing 'BSD Powered' solutions, you might fall into pitfalls by not easily finding a way to fully automate their installations. The good news: it's possible and it's not as complicated as you might think! Today's needs regarding automating things like an O.S. installation can save you a lot of time; Kickstart or Preseed files are not the only ways of doing it. One can even combine or expand it all to add patching and updating routines into the game. Here we are not talking about a one-click solution or something like querying an API endpoint to provide you with a shiny virtual machine; no. The main idea behind this talk is to present you with a tool-set and ways of (auto)installing your machines, let's say, using a NetBSD operating system; be it virtual, or not. Inspired by talks like the ones showing how OpenBSD Amsterdam sets its virtual machines up, we get together and share thoughts, ideas and setups to get DHCP, iPXE and diskless systems in our favor to set our infrastructure up and running. Concerned about the first boot and keeping up with services' configurations and consistencies, we also talk about getting Puppet to watch it for you. Considering plain text passwords no one wishes to host in a Git repository, EYAML to the rescue! ----- DEMO * https://share.riseup.net/#Uomo3eX77PLcgicqNFdVXw * https://share.riseup.net/#rPDzTIcRGEzTYkoUD2MwLw

1. (auto)Installing BSD Systems
(auto)Installing BSD Systems
The auto-installation methods you can use to set BSD operating systems up and running
EuroBSDCon 2021 – https://2021.eurobsdcon.org – (auto)Installing BSD Systems – Vinícius Zavam – https://keybase.io/egypcio

2. ●
__init__
○
/usr/pkg/bin/flame > /dev/null

cd /pub && more beer
●
RARP/BOOTP/DHCP
●
syslinux
●
u-boot
●
FTP/TFTP/HTTP
●
iPXE
●
all-in-one bootable software
●
netboot xyz
●
(auto)Installers
●
DragonFlyBSD
●
FreeBSD
●
NetBSD
●
OpenBSD
●
Puppet
●
r10k
●
EYAML

3. __init__

4. ●
/usr/pkg/bin/flame > /dev/null
○
cloud-config;
○
dd;

“favorite clone/snapshot tool”;

“dump and restore”;
○
kickstart;
○
packer;
○
preseed;
○
sim (system image manager);
○
tivoli; ...
●
cd /pub && more beer
○
family, friends, and follow-the-sun;
○
hobbies;
○
plants;
○
sports; ...
__init__

5. RARP/BOOTP/DHCP

6. ●
RARP (reverse address resolution protocol)
○
dns; gateway;
○
mac addr. table.
○
pre-configuration;
●
BOOTP (bootstrap protocol)
○
dns; gateway;
○
client’s IP addr.; server’s addr.;
○
pre-configuration.
●
DHCP (dynamic host configuration protocol)
○
dns; gateway; ntp;
○
client’s IP addr.; server’s addr.;
○
FQDN (full qualified domain name);
○
IPv6 (DHCPv6); ...
RARP/BOOTP/DHCP

7. syslinux

8. ●
bootloader (bootstrap loader);
○
lightweight;

floppy;

ext{2,3,4}/fat (extlinux);
○
second-stage;
○
iso-images (isolinux);
○
chain loading;

memdisk;
○
PXE (pre-boot execution environment);

pxelinux
●
u-boot
○
first-stage;
○
it’s NOT syslinux;
○
ARM.
syslinux

9. FTP/TFTP/HTTP

10. ●
FTP (file transfer protocol);
○
authentication
○
it’s NOT SFTP (ssh file transfer protocol)
●
FTPS == RFC 4217
○
TCP/21
●
TFTP (trivial file transfer protocol);
○
authentication;
○
encryption;
○
file size;
●
32MB ~ 4GB
○
UDP/69.
●
HTTP (hypertext transfer protocol);
○
authentication;
○
encryption;
●
TLS (transport layer security)
●
TCP/443
○
haproxy ♥
FTP/TFTP/HTTP

11. iPXE

12. ●
full PXE implementation
○
HTTP(s);
○
IPv6;
○
iSCSI; FCoE;
○
VLAN.
●
OEM (original equipment manufacturers)
●
expansion ROM
○
broadcom;
○
intel;
○
vmware.
●
chain loading
○
UNDI (universal network driver interface);
○
EFI (extensible firmware interface), UEFI (unified …);
○
scripting.
●
iso-image
iPXE

13. ●
AIO (all-in-one bootable software)
○
FreeBSD – https://www.aioboot.com/en/freebsd/
iPXE

15. ●
netboot.xyz
○
https://github.com/netbootxyz/netboot.xyz/tree/development/roles/netbootxyz/templates/menu

FreeBSD

OpenBSD
iPXE

19. (auto)Installers

20. ●
live system
○
cd;
○
img;
●
diskless
○
NFS

/boot/pxeboot
○
TFTP

/boot/pxeboot_tftp
○
/etc/rc.local
(auto)Installers – DragonFlyBSD
https://www.dragonflybsd.org/images

21. ●
pfi (pre-flight installer)
○
/etc/defaults/pfi.conf
○
/etc/pfi.conf *
○
frontend; backend;

cgi; curses; none; xorg;

dfui_installer
○
pre-program; pre-script;
○
rc.conf(5)
●
rconfig (remote configuration client / server)
○
/usr/share/examples/rconfig

auto; encrypted_root; hammer;
○
rconfig(8)
○
UDP/257
(auto)Installers – DragonFlyBSD
https://www.dragonflybsd.org/images

22. ●
“enable headless installer”
○
10th
of september 2018
○
https://bugs.dragonflybsd.org/issues/3147
(auto)Installers – DragonFlyBSD
https://www.dragonflybsd.org/images

23. ●
diskless(8)
○
exports(5)
○
nfsd(8)
○
pxeboot(8)
○
tftpd(8)
●
bsdinstall(8)
○
bsdconfig(8)

defaultrouter; diskmgmt;

hostname;

useradd; userdel; usermgmt;

timezone; ...
○
scripting;

preamble

setup
(auto)Installers – FreeBSD
https://www.freebsd.org/copyright

24. BSDINSTALL_DISTSITE="http://bsd/14.0-CURRENT"
CUSTOM_CACHACA="jurubeba"
DISTRIBUTIONS="base.txz kernel.txz minha.txz"
PARTITIONS="ada0"
#!/bin/sh
sysrc hostname=ypioca160.localdomain
sysrc ifconfig_DEFAULT=DHCP
sysrc sshd_enable=YES
sysrc ntpd_enable=YES
sysrc ntpd_sync_on_start=YES
env FOO=bar freebsd-update ...
env FOO=bar pkg ...
env FOO=bar pkg ...
sed .../sshd_config
sed .../ntp.conf
reboot
(auto)Installers – FreeBSD
https://www.freebsd.org/copyright

25. ●
bsdinstall: fix distfetch while calling bsdinstall as script target
○
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250928
○
https://reviews.freebsd.org/D27121
(auto)Installers – FreeBSD
https://www.freebsd.org/copyright

26. ●
mfsBSD building instructions
○
Martin Matuska

https://github.com/mmatuska/mfsbsd/blob/master/BUILD.md
(auto)Installers – FreeBSD
https://www.freebsd.org/copyright

27. (auto)Installers – NetBSD
●
diskless(8)
○
/usr/mdec/pxeboot_ia32.bin
●
sysinst(8)
○
utility menu
○
logging functions

/tmp/sysinst.log

/tmp/sysinst.sh
●
rc(8)
○
rc.local
https://www.dragonflybsd.org/images

28. (auto)Installers – NetBSD
●
anita (automated netbsd installation and test application)
○
amd64; i386;
○
evbarm-aarch64; evbarm-earmv7hf;
○
QEMU; Xen
https://www.dragonflybsd.org/images

29. (auto)Installers – NetBSD
●
testing netbsd automagically
○
EuroBSDCon 2011
○
Martin Husemann

https://2011.eurobsdcon.org/papers/husemann/Testing_NetBSD_automagically.pdf
https://www.dragonflybsd.org/images

30. ●
autoinstall(8)
○
auto_install.conf

macaddr-install.conf

hostname-install.conf

install.conf
●
pxeboot(8)
○
/usr/mdec/pxeboot
○
/etc/boot.conf

bsd.rd
(auto)Installers – OpenBSD
https://www.openbsd.org/artwork.html

31. System hostname = sapupara.domingolegal
Password for root = $2b$14$Z4xRMg8vDpgYH...GVot3ySoj8yby
Change the default console to com0 = yes
Which speed should com0 use = 19200
Setup a user = baiacu
Password for user = meuXuxuzinh0
Public ssh key for user = ssh-ed25519 AAAA...Acre
What timezone are you in = America/Fortaleza
Location of sets = http
HTTP Server = 10.123.123.10
Use http instead = yes
Set name(s) = -x*
(auto)Installers – OpenBSD
https://www.openbsd.org/artwork.html

32. ●
The OpenBSD Hypervisor in the wild, a short story
○
EuroBSDCon 2019
○
Mischa Peters

https://www.youtube.com/watch?v=9TuWCR9X-wY
●
OpenBSD: add VMM to ‘packer’
○
EuroBSDCon 2019
○
Philipp Buehler

https://www.youtube.com/watch?v=GNmeFi3C1Xg
(auto)Installers – OpenBSD
https://www.openbsd.org/artwork.html

33. ●
FuguIta Start Guide
○
OpenBSD Live System – FuguIta
○
Yoshihiro Kawamata

http://fuguita.org
(auto)Installers – OpenBSD
https://www.openbsd.org/artwork.html

34. Puppet

35. ●
puppet agent
○
client machines;
○
states definitions;

configurations;

packages;

services.
●
r10k
○
puppet server + control repository;
○
dynamic environments;
○
VCS (version control system);
●
git; ...
Puppet
https://puppet.com/legal/

36. ●
eyaml
○
hiera (hierarchical database)

hiera-gpg DEPRECATED

hiera-eyaml
○
pkcs (public-key cryptography standards)

blocks

passwords
●
encryption plugins
○
gpg

multiple private keys
○
KMS (key management system)

gkms, for Google Cloud

kms, for Amazon Web Services
○
vault
Puppet
https://puppet.com/legal/

37. Puppet
---
my-base-packages:
- bind-utils
- curl
my-plain-password: vetinhoR0ch3d@
my-encrypted-property: >
ENC[PKCS7,Y22exl+OvjDe+drmik2XEeD3VQtl1uZJXFFF2NnrMXDWx0csyqLB/2NOWefv
NBTZfOlPvMlAesyr4bUY4I5XeVbVk38XKxeriH69EFAD4CahIZlC8lkE/uDh
jJGQfh052eonkungHIcuGKY/5sEbbZl/qufjAtp/ufor15VBJtsXt17tXP4y
l5ZP119Fwq8xiREGOL0lVvFYJz2hZc1ppPCNG5lwuLnTekXN/OazNYpf4CMd
/HjZFXwcXRtTlzewJLc+/gox2IfByQRhsI/AgogRfYQKocZgFb/DOZoXR7wm
IZGeunzwhqfmEtGiqpvJJQ5wVRdzJVpTnANBA5qxeA==]
https://puppet.com/legal/

38. Artwork’s Artist and Copyrights
Artwork’s Artist and Copyrights
https://www.drachenmagier.ch
https://ko-fi.com/drachenmagier/shop

39. (auto)Installing BSD Systems
(auto)Installing BSD Systems
The auto-installation methods you can use to set BSD operating systems up and running
EuroBSDCon 2021 – https://2021.eurobsdcon.org – (auto)Installing BSD Systems – Vinícius Zavam – https://keybase.io/egypcio