2019-10-27

Automating OpenBSD Installs Even Further


Installing OpenBSD is easy. Automating OpenBSD installs is decidely less so.

I first learned about the upobsd tool about a year ago. It's a handy script that can allow you to customize the OpenBSD ramdisk bsd.rd file and making upgrading, allegedly, easier.

I could never get upobsd to work. More specifically, upobsd is very easy to use; I could never get the custom upobsd-generated bsd.rd files I made to boot. This is a problem with my ability to create .ISO files, not with upobsd.

Today, after over a week of futzing with trying to build an automated OpenBSD 6.6 VM to run in the cloud, I think I finally figured out how to get a custom OpenBSD install ISO.

Caveat: I use a custom local install path, so the install sets are not included in the boot ISO. I keep a custom siteXX.tgz there, so really all this custom ISO does is give me a cdXX.iso file with my install.conf autoinstall(8) file already included.

This means I don't have to type "A <enter> http://192.168.0.2/install.conf" again. This is huge.

doas pkg_add upobsd

INSTALL_URL=http://192.168.0.2
ISO_DIR=iso-dir
VERSION=6.5
ARCH=amd64

mkdir -p ${ISO_DIR}/${VERSION}/${ARCH}
mkdir    ${ISO_DIR}/etc/

ftp ${INSTALL_URL}/install.conf
ftp ${INSTALL_URL}/pub/OpenBSD/${VERSION}/${ARCH}/cdboot
ftp ${INSTALL_URL}/pub/OpenBSD/${VERSION}/${ARCH}/cdbr

mv cdboot cdbr ${ISO_DIR}/${VERSION}/${ARCH}/
echo set image /${VERSION}/${ARCH}/bsd.rd > ${ISO_DIR}/etc/boot.conf

upobsd -v \
  -m ${INSTALL_URL}/pub/OpenBSD \
  -V ${VERSION} \
  -a ${ARCH} \
  -i ./install.conf \
  -o ~/bsd.rd.new

mv ~/bsd.rd.new ${ISO_DIR}/${VERSION}/${ARCH}/bsd.rd

cd ${ISO_DIR}

# print dir contents
find . -type f
./etc/boot.conf
./6.5/amd64/bsd.rd
./6.5/amd64/cdboot
./6.5/amd64/cdbr

mkhybrid -r \
  -b ${VERSION}/${ARCH}/cdbr \
  -c ${VERSION}/${ARCH}/boot.catalog \
  -o ~/cd-autoinstall.iso .

Except for your new bsd.rd file, the contents of the iso-dir directory match the contents of the cd65.iso ISO with the TRANS.TBL and boot.catalog files removed. cdboot and cdbr are taken from any valid OpenBSD mirror and etc/boot.conf is just a single line of text pointing to your new bsd.rd, so you can re-create this file layout just about anywhere you have access to an OpenBSD mirror.

I've tested this successfully on a 6.5 box in building both a 6.5 and a 6.6 amd64 autoinstaller ISO. I imagine if you were to try a future release, you'd need to provide the signify keys for that given release, but this is left as an exercise for the reader.

UPDATE: Because I know someone is going to want it, yes, you can use upobsd to make an install ISO that includes the install sets on the disc image:

doas pkg_add upobsd

URL=rsync://mirror.leaseweb.com/openbsd/
ARCH=amd64
VERSION=6.5 # Use "snapshots" for -CURRENT
VER_SHORT=65
DIR=~/iso

test -d ${DIR}/${VERSION}/${ARCH} || mkdir -p ${DIR}/${VERSION}/${ARCH}
test -d ${DIR}/etc || mkdir ${DIR}/etc

echo set image /${VERSION}/${ARCH}/bsd.rd > ${DIR}/etc/boot.conf

rsync -avW \
  --no-motd \
  --include=SHA256* \
  --include=*.tgz \
  --include=bsd \
  --include=bsd.mp \
  --include=cdboot \
  --include=cdbr \
  --include=INSTALL.amd64 \
  --exclude=* \
  ${URL}/${VERSION}/${ARCH}/ ${DIR}/${VERSION}/${ARCH}/

# if you have post-install customizations like an
# install.site file, put your siteXX.tgz file together
# here:
tar cf - install.site | gzip -9 > ${DIR}/${VERSION}/${ARCH}/site${VER_SHORT}.tgz.new
mv ${DIR}/${VERSION}/${ARCH}/site${VER_SHORT}.tgz.new ${DIR}/${VERSION}/${ARCH}/site${VER_SHORT}.tgz

/usr/local/bin/upobsd -v \
  -m http://cdn.openbsd.org/pub/OpenBSD \
  -V ${VERSION} \
  -a ${ARCH} \
  -i ./install.conf \
  -o ${DIR}/${VERSION}/${ARCH}/bsd.rd.new && mv ${DIR}/${VERSION}/${ARCH}/bsd.rd.new ${DIR}/${VERSION}/${ARCH}/bsd.rd

( cd ${DIR}; /usr/sbin/mkhybrid -r \
  -b ${VERSION}/${ARCH}/cdbr \
  -c ${VERSION}/${ARCH}/boot.catalog \
  -o ~/cd${VER_SHORT}-autoinstall.iso.new . )
mv ~/cd${VER_SHORT}-autoinstall.iso.new ~/cd${VER_SHORT}-autoinstall.iso

Because your autoinstall answer file will be pointing to sets on the image, be sure to edit install.conf accordingly. You'll want lines like this:

Location of sets = cd0
Pathname to the sets = 6.5/amd64
Set name(s) = done
Checksum test for bsd.rd failed. Continue anyway = yes
Checksum test for site65.tgz failed. Continue anyway = yes
Unverified sets: bsd.rd site65.tgz. Continue without verification = yes

You'll need to override the signify verification of the install sets because you're (a) using a custom bsd.rd and (b) probably adding a siteXX.tgz.

posted at 18:59

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)