Kebre.net

Salt 2019.2.7 on OpenBSD 6.6

November 6, 2020 by kebre001

This is probably not the recommended way but it works.

Do everything below in a OpenBSD 6.6 setup. If you run some other version you can do this using OpenBSD VMM

cd /tmp
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz

cd /usr
tar xzf /tmp/ports.tar.gz
cd /usr/ports/sysutils/
cp -r salt salt2019.2.7
cd salt2019.2.7

Edit distinfo

SHA256 (salt-2019.2.7.tar.gz) = d648bcfb7f6c3f2e13b5dfd67dec1043fc25cc72ebebec94b00b1dc5b2e1b873
SIZE (salt-2019.2.7.tar.gz) = 14576515

Edit Makefile

# $OpenBSD: Makefile,v 1.156 2020/10/05 19:46:18 jca Exp $

# optional dependencies
# https://github.com/saltstack/salt/blob/develop/doc/conf.py
# libvirt-python
# py-GitPython
# py-croniter
# py-django
# py-libcloud (cloud-requirements.txt)
# py-mako
# py-mongo
# py-mysql
# py-pyinotify
# py-openssl
# py-redis
# rabbitmq

COMMENT =               remote execution and configuration management system

MODPY_EGG_VERSION =     2019.2.7
REVISION =              0
DISTNAME =              salt-${MODPY_EGG_VERSION}

CATEGORIES =            sysutils net devel

HOMEPAGE =              https://community.saltstack.com/

MAINTAINER =            Jasper Lievisse Adriaanse <[email protected]>

# Apache 2.0
PERMIT_PACKAGE =        Yes

MODPY_PI =              Yes
MODPY_VERSION =         ${MODPY_DEFAULT_VERSION_3}
MODPY_SETUPTOOLS =      No

MODULES =               lang/python

BUILD_DEPENDS =         textproc/py-yaml${MODPY_FLAVOR} \
                        www/py-jinja2${MODPY_FLAVOR} \
                        www/py-requests${MODPY_FLAVOR}

# requirements/base.txt
RUN_DEPENDS =           net/py-msgpack${MODPY_FLAVOR}>=0.5.6 \
                        textproc/py-MarkupSafe${MODPY_FLAVOR} \
                        textproc/py-yaml${MODPY_FLAVOR} \
                        www/py-jinja2${MODPY_FLAVOR} \
                        www/py-requests${MODPY_FLAVOR} \
                        www/py-tornado${MODPY_FLAVOR} \
                        sysutils/py-distro

# requirements/zeromq.txt
RUN_DEPENDS +=          net/py-zmq${MODPY_FLAVOR} \
                        security/py-cryptodome${MODPY_FLAVOR}

# salt/output/progress.py
RUN_DEPENDS +=          devel/py-progressbar${MODPY_FLAVOR}

# salt/modules/x509.py
RUN_DEPENDS +=          security/py-M2Crypto${MODPY_FLAVOR}

# salt/{beacons,modules}/ps.py
RUN_DEPENDS +=          sysutils/py-psutil${MODPY_FLAVOR}

# max openfiles, soft: 3072, hard: 4096; DBus system session running...
TEST_IS_INTERACTIVE =   Yes
PORTHOME =              ${WRKDIST}
TEST_DEPENDS =          databases/py-mysqlclient${MODPY_FLAVOR} \
                        devel/git \
                        devel/py-gitpython${MODPY_FLAVOR} \
                        devel/py-pip${MODPY_FLAVOR} \
                        devel/py-six${MODPY_FLAVOR} \
                        devel/py-virtualenv${MODPY_FLAVOR} \
                        devel/subversion \
                        net/py-libcloud${MODPY_FLAVOR} \
                        net/rabbitmq \
                        sysutils/salt-testing \
                        www/py-CherryPy${MODPY_FLAVOR}

pre-configure:
        ${SUBST_CMD} ${WRKSRC}/salt/returners/zabbix_return.py
        sed -i 's,share/man,man,g' ${WRKSRC}/setup.py
        sed -i 's,^#user: root,user: _salt,' ${WRKSRC}/conf/{master,proxy}

post-install:
        ${INSTALL_DATA_DIR} ${PREFIX}/share/examples
        cp -R ${WRKSRC}/conf ${PREFIX}/share/examples/salt

do-test:
        cd ${WRKSRC} && \
                ${MODPY_BIN} tests/runtests.py -v

.include <bsd.port.mk>

Now we bake the package

make plist
make package

If errors

rm /usr/ports/plist/amd64/salt*

in /usr/ports/sysutils/salt2019.2.7/ run:
make clean=dist
make clean

try again

Saltstack 2019.2.5 on OpenBSD 6.6

September 7, 2020September 7, 2020 by kebre001

Download ports

This will not always work.
This is not the recommended way and its not a clean way.
This method is only to make it work.

Maybe remove option –single-version-externally-managed not recognized from /usr/ports/lang/python/python.mk

Search for “single-version-externally-managed” in /usr/ports/lang/python/python.port.mk

cp -r /usr/ports/sysutil/salt /usr/ports/sysutil/salt2019.2.5

cd /usr/ports/sysutil/salt2019.2.5
rm -rf patches
Edit distinfo with the new version and correct hash/size
Edit Makefile to the following

# $OpenBSD: Makefile,v 1.135 2019/07/12 20:49:51 sthen Exp $

# optional dependencies
# https://github.com/saltstack/salt/blob/develop/doc/conf.py#L54
# libvirt-python
# py-GitPython
# py-croniter
# py-django
# py-libcloud (cloud-requirements.txt)
# py-mako
# py-mongo
# py-mysql
# py-pyinotify
# py-openssl
# py-redis
# rabbitmq

COMMENT =               remote execution and configuration management system

MODPY_EGG_VERSION =     2019.2.5
DISTNAME =              salt-${MODPY_EGG_VERSION}
REVISION =              0

CATEGORIES =            sysutils net devel

HOMEPAGE =              http://saltstack.org/

MAINTAINER =            Jasper Lievisse Adriaanse <[email protected]>

# Apache 2.0
PERMIT_PACKAGE =        Yes

MODPY_PI =              Yes
MODPY_VERSION =         ${MODPY_DEFAULT_VERSION_3}
MODPY_SETUPTOOLS =      No

MODULES =               lang/python

BUILD_DEPENDS =         textproc/py-yaml${MODPY_FLAVOR} \
                        www/py-jinja2${MODPY_FLAVOR} \
                        www/py-requests${MODPY_FLAVOR}

# requirements/base.txt
RUN_DEPENDS =           net/py-msgpack${MODPY_FLAVOR} \
                        net/py-msgpack${MODPY_FLAVOR} \
                        textproc/py-MarkupSafe${MODPY_FLAVOR} \
                        textproc/py-yaml${MODPY_FLAVOR} \
                        www/py-jinja2${MODPY_FLAVOR} \
                        www/py-requests${MODPY_FLAVOR} \
                        www/py-tornado${MODPY_FLAVOR}

# requirements/zeromq.txt
RUN_DEPENDS +=          net/py-zmq${MODPY_FLAVOR} \
                        security/py-cryptodome${MODPY_FLAVOR}

# salt/output/progress.py
RUN_DEPENDS +=          devel/py-progressbar${MODPY_FLAVOR}

# salt/modules/x509.py
RUN_DEPENDS +=          security/py-M2Crypto${MODPY_FLAVOR}

# max openfiles, soft: 3072, hard: 4096; DBus system session running...
TEST_IS_INTERACTIVE =   Yes
PORTHOME =              ${WRKDIST}
TEST_DEPENDS =          databases/py-mysql${MODPY_FLAVOR} \
                        devel/git \
                        devel/py-gitpython${MODPY_FLAVOR} \
                        devel/py-pip${MODPY_FLAVOR} \
                        devel/py-six${MODPY_FLAVOR} \
                        devel/py-virtualenv${MODPY_FLAVOR} \
                        devel/subversion \
                        net/py-libcloud${MODPY_FLAVOR} \
                        net/rabbitmq \
                        sysutils/salt-testing \
                        www/py-CherryPy${MODPY_FLAVOR}

# https://github.com/saltstack/salt/pull/45164
post-extract:
        cp ${FILESDIR}/{pf,vmctl}.py ${WRKSRC}/salt/modules/

pre-configure:
        ${SUBST_CMD} ${WRKSRC}/salt/returners/zabbix_return.py
        sed -i 's,share/man,man,g' ${WRKSRC}/setup.py
        sed -i 's,^#user: root,user: _salt,' ${WRKSRC}/conf/{master,proxy}

post-install:
        ${INSTALL_DATA_DIR} ${PREFIX}/share/examples
        cp -R ${WRKSRC}/conf ${PREFIX}/share/examples/salt

do-test:
        cd ${WRKSRC} && \
                ${MODPY_BIN} tests/runtests.py -v

.include <bsd.port.mk>

Then run

make plist

make package
/usr/ports/packages/amd64/all/salt-2019.2.5p0.tgz

The package is unsigned and when installing it the option “-D unsigned” must be used. (https://man.openbsd.org/pkg_add)

Done

Salt Capirca for BSD

August 19, 2020 by kebre001

Use Salt to generate firewall rules for Open/Free-BSD
Google Capirca
Salt capirca_acl

This is not tested yet.
Since the syntax of pf.conf is not exactly the same between Free/Open-BSD some functions/attributes may not work(?)

Pillar-data:

acl:
  - my-filter:
      terms:
        - my-term:
            source_port: [1234, 1235]
            action: reject
        - my-other-term:
            source_port:
              - [5678, 5680]
            protocol: tcp
            action: accept

sudo salt freebsd* capirca.get_policy_config packetfilter
freebsd-lab:
    # Packetfilter my-filter Policy
    # $Date: 2020/08/19 $
    # inet
    
    # term my-term
    block return quick inet from { any } port { 1235 1234 } to { any } flags S/SA
    
    # term my-other-term
    pass quick inet proto { tcp } from { any } port { 5678:5680 } to { any } flags S/SA keep state

How to apply to pf.conf

/etc/pf.conf:
  file.managed:
    - contents: {{ salt.capirca.get_policy_config('packetfilter') }}

Build custom OpenBSD

July 24, 2020July 16, 2020 by kebre001

https://man.openbsd.org/release

dd if=/dev/zero of=mydisk.img bs=1 count=0 seek=2G

vnconfig mydisk.img

fdisk -iy vnd0

disklabel -E vnd0
add slice a with all the storage

newfs /dev/vnd0a


mount /dev/vnd0a /mnt/
cd /mnt/

tar zxvfph base67.tgz

cp /etc/resolv.conf /mnt/etc
cp /etc/installurl /mnt/etc

cd /mnt/dev/
./MAKEDEV all

#If you want to make it bootable copy the kernel
cp /bsd /mnt/

chroot /mnt/ /bin/sh

#Set root password
passwd root

#Create a fstab
#sd0a

# cat /etc/boot.conf
set tty com0
stty com0 115200

#cat /etc/ttys
#tty00   "/usr/libexec/getty std.9600"   vt220   on secure
tty00   "/usr/libexec/getty std.115200"   vt220   on secure

Good idea now is to bake a backup of the image.

Other good stuff to consider:

Allow ssh?
Create additional users?
No network configuration has been made yet

Test the image

OpenBSD has vmd with vmctl that allows you to run a virtual machine easily.

vmctl start -m 1G -i 1 -b /bsd -d mydisk.img "myvm" -c

m – memory
i – #nr of interfaces (network)
b – bios/kernel
d – disk
c – attach console after start

Star Citizen 3.9

May 10, 2020 by kebre001

baasdasdasdasd

Hello world!

May 8, 2020 by kebre001

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!