OS Software

Saltstack 3001 on OpenBSD

Bake Saltstack 3001 for OpenBSD

Main goal is to run Salt version 3001 on OpenBSD 6.6

Today it looks like the port/package for version 3001 will only be released to OpenBSD 6.7 and forward(?).

So how do I make a port/package to run version 3001 on my OpenBSD 6.6 systems.

To learn more about the 3001 release I would recommend reading: https://salt.tips/whats-new-in-salt-sodium/

Procedure

  • Download ports
  • Make a copy of the old port / create a port

Download ports

Start by downloading the OpenBSD ports on a fresh 6.6: https://www.openbsd.org/faq/ports/ports.html#PortsFetch

Just to keep a copy of the commands that I followed:

cd /tmp
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/{ports.tar.gz,SHA256.sig}
signify -Cp /etc/signify/openbsd-$(uname -r | cut -c 1,3)-base.pub -x SHA256.sig ports.tar.gz

cd /usr
tar xzf /tmp/ports.tar.gz

now all ports is available in /usr/ports/ and Salt is located in /usr/ports/sysutils/salt

Create the new port

What I did was to create a copy of of the existing port and then just updated all the dependencies.

My test setup using vmd/vmctl

Testing the package I used the OpenBSD vmd, vmctl

To keep it simple:

on the mother machine update pf.conf with the following lines:

set skip on tap0
set skip on tap1

pass out on egress from 100.64.0.0/8 to any nat-to (egress)
The host (tapX) address is assigned 100.64.n.2, where 'n' is the numeric VM ID visible in the 'vmctl status' command
The guest (vio0) address is assigned 100.64.n.3

https://man.openbsd.org/vmctl#LOCAL_INTERFACES

tap0/1 is the interfaces vmctl will create for the VM and the other rule is to allow the VM's to communicate with internet.

You will have to enable vmd before working with vmctl:

rcctl -f start vmd (or add it to /etc/rc.local, -f is to force it once)

Create a virtual disk

vmctl create -s 2G disk.img

Then start the new VM with a few options:

vmctl start -c -m 2G -L -r install66.iso -d disk.img "myvm"

All the flags/parameters can be found at vmctl (https://man.openbsd.org/vmctl) but -c is to attach to the console directly. Remove it to start the VM in the background and use vmctl to attach to it.

This will launch the regular OpenBSD installation script to setup your VM. If you want to make it easier for next time you can shutdown the VM when the installation is completed and copy the file disk.img. This will be like taking a snapshot.

When the VM has booted I update the /etc/resolv.conf to a public DNS like 8.8.8.8/9.9.9.9 just to be able to fetch the package dependencies from the internet.

Now download the package from the mother machine:

scp <username>@100.64.n.2:/usr/ports/packages/amd64/all/salt-3001p0.tgz .

This will download the package to the current directory. Replace the dot (.) with the path you want to place the file.

Now the package can be installed by running:

pkg_add -D unsigned salt-3001p0.tgz

I have not looked into why the package is unsigned but adding "-D unsigned" ignores that error/issue.

comments powered by Disqus