admin webui IP address: 192.168.50.2
FreeBSD mfsbsd pxe
https://github.com/mmatuska/mfsbsd
https://forums.freebsd.org/threads/freebsd-iso-bootable.52444/
https://docs.freebsd.org/en/books/handbook/disks/#disks-virtual
fetch http://ftp4.se.freebsd.org/pub/FreeBSD/releases/ISO-IMAGES/13.0/FreeBSD-13.0-RELEASE-amd64-disc1.iso
mdconfig -a -t vnode -f FreeBSD-13.0-RELEASE-amd64-disc1.iso
mount_cd9660 /dev/md0 /cdrom/
git clone https://github.com/mmatuska/mfsbsd
cd mfsbsd
#Customize wanted files in conf/ specially rc.local that kickstarts everything
make iso BASE=/cdrom/usr/freebsd-dist
rc.local
fetch http://<servername>/mfsbsd/installerconfig -o /etc/installerconfig
tail -n 7 /etc/rc.local > /tmp/start.sh
chmod +x /tmp/start.sh
/tmp/start.sh
exit 0
#!/bin/csh
setenv DISTRIBUTIONS "kernel.txz base.txz"
setenv BSDINSTALL_DISTDIR /tmp
setenv BSDINSTALL_DISTSITE http://ftp4.se.freebsd.org/pub/FreeBSD/releases/amd64/13.0-RELEASE
bsdinstall distfetch
bsdinstall script /etc/installerconfig
installerconfig, ensure that gpart edits correct harddrive
PARTITIONS=ada0
DISTRIBUTIONS="kernel.txz base.txz"
BSDINSTALL_DISTDIR=/tmp
BSDINSTALL_DISTSITE=http://ftp4.se.freebsd.org/pub/FreeBSD/releases/amd64/13.0-RELEASE
#!/bin/sh
gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0
sysrc ifconfig_em0=DHCP
sysrc sshd_enable=YES
echo "Installation complete, running in host system"
echo "hostname=\"FreeBSD\"" >> /etc/rc.conf
echo "autoboot_delay=\"5\"" >> /boot/loader.conf
echo "sshd_enable=YES" >> /etc/rc.conf
echo "Setup done" >> /tmp/log.txt
echo "Setup done."
poweroff
ipxe file
#!ipxe
sanboot http://XXXXXX/mfsbsd-13.0-RELEASE-amd64.iso
boot
Mirror a OpenBSD repo
http://www.openbsd.org/ftp.html#prospective
rsync -rv --progress --delete-delay --delay-updates --fuzzy rsync://openbsd.ipacct.com/OpenBSD/6.2/packages/amd64/ /var/www/pub/OpenBSD/6.2/packages
OpenBSd httpd config:
http://www.openbsd.org/httpd.conf
Source: https://daulton.ca/2018/10/openbsd-create-private-mirror/
https://webhome.phy.duke.edu/~rgb/General/yum_article/yum_article/node15.html
Only to list the files on the remote hosts since the rsync and http endpoints may contains different files:
rsync --list-only rsync://openbsd.ipacct.com/OpenBSD/6.2/packages/amd64/
Build Python 3.X on OpenBSD
cd /usr/ports/lang/python/3.X/
make plist
make package
Maybe
env PKG_CREATE_NO_CHECKS=yes make package
Ensure that you dont have a current Python version that may conflict
#thisisugly
OpenBSD VMD example
vmctl – https://man.openbsd.org/vmctl
vmd – https://man.openbsd.org/vmd
Start by downloading the desired OpenBSD version you want to run. In my case I wanted to run OpenBSD 6.2 which is EOL.
I found a Swedish repo that has all OpenBSD versions available so I downloaded it from here:
https://ftp.lysator.liu.se/pub/OpenBSD/
I had some issues booting only from the install62.iso so I downloaded the bsd.rd and booted from it and used the iso just to install all sets.
vmctl create -s 12G openbsd62.immg
vmctl start -m 4G -L -i 1 -b bsd.rd -r install62.iso -d /home/abc/vms/openbsd62.img -c openbsd62
After the install finishes you can boot directly from you virtual disk.
vmctl start -m 4G -L -i 1 -d /home/abc/vms/openbsd62.img -c openbsd62
Salt 2019.2.7 on OpenBSD 6.6
This is probably not the recommended way but it works.
Do everything below in a OpenBSD 6.6 setup. If you run some other version you can do this using OpenBSD VMM
cd /tmp
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz
cd /usr
tar xzf /tmp/ports.tar.gz
cd /usr/ports/sysutils/
cp -r salt salt2019.2.7
cd salt2019.2.7
Edit distinfo
SHA256 (salt-2019.2.7.tar.gz) = d648bcfb7f6c3f2e13b5dfd67dec1043fc25cc72ebebec94b00b1dc5b2e1b873
SIZE (salt-2019.2.7.tar.gz) = 14576515
Edit Makefile
# $OpenBSD: Makefile,v 1.156 2020/10/05 19:46:18 jca Exp $
# optional dependencies
# https://github.com/saltstack/salt/blob/develop/doc/conf.py
# libvirt-python
# py-GitPython
# py-croniter
# py-django
# py-libcloud (cloud-requirements.txt)
# py-mako
# py-mongo
# py-mysql
# py-pyinotify
# py-openssl
# py-redis
# rabbitmq
COMMENT = remote execution and configuration management system
MODPY_EGG_VERSION = 2019.2.7
REVISION = 0
DISTNAME = salt-${MODPY_EGG_VERSION}
CATEGORIES = sysutils net devel
HOMEPAGE = https://community.saltstack.com/
MAINTAINER = Jasper Lievisse Adriaanse <[email protected]>
# Apache 2.0
PERMIT_PACKAGE = Yes
MODPY_PI = Yes
MODPY_VERSION = ${MODPY_DEFAULT_VERSION_3}
MODPY_SETUPTOOLS = No
MODULES = lang/python
BUILD_DEPENDS = textproc/py-yaml${MODPY_FLAVOR} \
www/py-jinja2${MODPY_FLAVOR} \
www/py-requests${MODPY_FLAVOR}
# requirements/base.txt
RUN_DEPENDS = net/py-msgpack${MODPY_FLAVOR}>=0.5.6 \
textproc/py-MarkupSafe${MODPY_FLAVOR} \
textproc/py-yaml${MODPY_FLAVOR} \
www/py-jinja2${MODPY_FLAVOR} \
www/py-requests${MODPY_FLAVOR} \
www/py-tornado${MODPY_FLAVOR} \
sysutils/py-distro
# requirements/zeromq.txt
RUN_DEPENDS += net/py-zmq${MODPY_FLAVOR} \
security/py-cryptodome${MODPY_FLAVOR}
# salt/output/progress.py
RUN_DEPENDS += devel/py-progressbar${MODPY_FLAVOR}
# salt/modules/x509.py
RUN_DEPENDS += security/py-M2Crypto${MODPY_FLAVOR}
# salt/{beacons,modules}/ps.py
RUN_DEPENDS += sysutils/py-psutil${MODPY_FLAVOR}
# max openfiles, soft: 3072, hard: 4096; DBus system session running...
TEST_IS_INTERACTIVE = Yes
PORTHOME = ${WRKDIST}
TEST_DEPENDS = databases/py-mysqlclient${MODPY_FLAVOR} \
devel/git \
devel/py-gitpython${MODPY_FLAVOR} \
devel/py-pip${MODPY_FLAVOR} \
devel/py-six${MODPY_FLAVOR} \
devel/py-virtualenv${MODPY_FLAVOR} \
devel/subversion \
net/py-libcloud${MODPY_FLAVOR} \
net/rabbitmq \
sysutils/salt-testing \
www/py-CherryPy${MODPY_FLAVOR}
pre-configure:
${SUBST_CMD} ${WRKSRC}/salt/returners/zabbix_return.py
sed -i 's,share/man,man,g' ${WRKSRC}/setup.py
sed -i 's,^#user: root,user: _salt,' ${WRKSRC}/conf/{master,proxy}
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples
cp -R ${WRKSRC}/conf ${PREFIX}/share/examples/salt
do-test:
cd ${WRKSRC} && \
${MODPY_BIN} tests/runtests.py -v
.include <bsd.port.mk>
Now we bake the package
make plist
make package
If errors
rm /usr/ports/plist/amd64/salt*
in /usr/ports/sysutils/salt2019.2.7/ run:
make clean=dist
make clean
try again
Saltstack 2019.2.5 on OpenBSD 6.6
Download ports
This will not always work.
This is not the recommended way and its not a clean way.
This method is only to make it work.
Maybe remove option –single-version-externally-managed not recognized from /usr/ports/lang/python/python.mk
Search for “single-version-externally-managed” in /usr/ports/lang/python/python.port.mk
cp -r /usr/ports/sysutil/salt /usr/ports/sysutil/salt2019.2.5
cd /usr/ports/sysutil/salt2019.2.5
rm -rf patches
Edit distinfo with the new version and correct hash/size
Edit Makefile to the following
# $OpenBSD: Makefile,v 1.135 2019/07/12 20:49:51 sthen Exp $
# optional dependencies
# https://github.com/saltstack/salt/blob/develop/doc/conf.py#L54
# libvirt-python
# py-GitPython
# py-croniter
# py-django
# py-libcloud (cloud-requirements.txt)
# py-mako
# py-mongo
# py-mysql
# py-pyinotify
# py-openssl
# py-redis
# rabbitmq
COMMENT = remote execution and configuration management system
MODPY_EGG_VERSION = 2019.2.5
DISTNAME = salt-${MODPY_EGG_VERSION}
REVISION = 0
CATEGORIES = sysutils net devel
HOMEPAGE = http://saltstack.org/
MAINTAINER = Jasper Lievisse Adriaanse <[email protected]>
# Apache 2.0
PERMIT_PACKAGE = Yes
MODPY_PI = Yes
MODPY_VERSION = ${MODPY_DEFAULT_VERSION_3}
MODPY_SETUPTOOLS = No
MODULES = lang/python
BUILD_DEPENDS = textproc/py-yaml${MODPY_FLAVOR} \
www/py-jinja2${MODPY_FLAVOR} \
www/py-requests${MODPY_FLAVOR}
# requirements/base.txt
RUN_DEPENDS = net/py-msgpack${MODPY_FLAVOR} \
net/py-msgpack${MODPY_FLAVOR} \
textproc/py-MarkupSafe${MODPY_FLAVOR} \
textproc/py-yaml${MODPY_FLAVOR} \
www/py-jinja2${MODPY_FLAVOR} \
www/py-requests${MODPY_FLAVOR} \
www/py-tornado${MODPY_FLAVOR}
# requirements/zeromq.txt
RUN_DEPENDS += net/py-zmq${MODPY_FLAVOR} \
security/py-cryptodome${MODPY_FLAVOR}
# salt/output/progress.py
RUN_DEPENDS += devel/py-progressbar${MODPY_FLAVOR}
# salt/modules/x509.py
RUN_DEPENDS += security/py-M2Crypto${MODPY_FLAVOR}
# max openfiles, soft: 3072, hard: 4096; DBus system session running...
TEST_IS_INTERACTIVE = Yes
PORTHOME = ${WRKDIST}
TEST_DEPENDS = databases/py-mysql${MODPY_FLAVOR} \
devel/git \
devel/py-gitpython${MODPY_FLAVOR} \
devel/py-pip${MODPY_FLAVOR} \
devel/py-six${MODPY_FLAVOR} \
devel/py-virtualenv${MODPY_FLAVOR} \
devel/subversion \
net/py-libcloud${MODPY_FLAVOR} \
net/rabbitmq \
sysutils/salt-testing \
www/py-CherryPy${MODPY_FLAVOR}
# https://github.com/saltstack/salt/pull/45164
post-extract:
cp ${FILESDIR}/{pf,vmctl}.py ${WRKSRC}/salt/modules/
pre-configure:
${SUBST_CMD} ${WRKSRC}/salt/returners/zabbix_return.py
sed -i 's,share/man,man,g' ${WRKSRC}/setup.py
sed -i 's,^#user: root,user: _salt,' ${WRKSRC}/conf/{master,proxy}
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples
cp -R ${WRKSRC}/conf ${PREFIX}/share/examples/salt
do-test:
cd ${WRKSRC} && \
${MODPY_BIN} tests/runtests.py -v
.include <bsd.port.mk>
Then run
make plist
make package
/usr/ports/packages/amd64/all/salt-2019.2.5p0.tgz
The package is unsigned and when installing it the option “-D unsigned” must be used. (https://man.openbsd.org/pkg_add)
Done
Salt Capirca for BSD
Use Salt to generate firewall rules for Open/Free-BSD
Google Capirca
Salt capirca_acl
This is not tested yet.
Since the syntax of pf.conf is not exactly the same between Free/Open-BSD some functions/attributes may not work(?)
Pillar-data:
acl:
- my-filter:
terms:
- my-term:
source_port: [1234, 1235]
action: reject
- my-other-term:
source_port:
- [5678, 5680]
protocol: tcp
action: accept
sudo salt freebsd* capirca.get_policy_config packetfilter
freebsd-lab:
# Packetfilter my-filter Policy
# $Date: 2020/08/19 $
# inet
# term my-term
block return quick inet from { any } port { 1235 1234 } to { any } flags S/SA
# term my-other-term
pass quick inet proto { tcp } from { any } port { 5678:5680 } to { any } flags S/SA keep state
How to apply to pf.conf
/etc/pf.conf: file.managed: - contents: {{ salt.capirca.get_policy_config('packetfilter') }}
Build custom OpenBSD
https://man.openbsd.org/release
dd if=/dev/zero of=mydisk.img bs=1 count=0 seek=2G
vnconfig mydisk.img
fdisk -iy vnd0
disklabel -E vnd0
add slice a with all the storage
newfs /dev/vnd0a
mount /dev/vnd0a /mnt/
cd /mnt/
tar zxvfph base67.tgz
cp /etc/resolv.conf /mnt/etc
cp /etc/installurl /mnt/etc
cd /mnt/dev/
./MAKEDEV all
#If you want to make it bootable copy the kernel
cp /bsd /mnt/
chroot /mnt/ /bin/sh
#Set root password
passwd root
#Create a fstab
#sd0a
# cat /etc/boot.conf
set tty com0
stty com0 115200
#cat /etc/ttys
#tty00 "/usr/libexec/getty std.9600" vt220 on secure
tty00 "/usr/libexec/getty std.115200" vt220 on secure
Good idea now is to bake a backup of the image.
Other good stuff to consider:
- Allow ssh?
- Create additional users?
- No network configuration has been made yet
Test the image
OpenBSD has vmd with vmctl that allows you to run a virtual machine easily.
vmctl start -m 1G -i 1 -b /bsd -d mydisk.img "myvm" -c
- m – memory
- i – #nr of interfaces (network)
- b – bios/kernel
- d – disk
- c – attach console after start