On Fri, Jun 21, 2019 at 01:20:44PM -0700, Misc User wrote:
You could stick bsd.rd onto a bootable partition then point grub to it.
You could also disable password login for root and just use a key pair.
That way you wouldn't be sending the password encrypted (or at most only
giving it a password that is useless without console access, then run
'doas passwd' the first chance you get to eliminate even that vector).
That temp password could even be a long string of random junk so long as
you enter it twice.
You could copy bsd.rd and a copy of your pub key into /boot, or carve
out a new partition using some unused disk space.
Yes, the goal is a fully automated and unattended (but "stock," supported, and
rage-free) install.
The process of spinning up a new machine should be "add the IP address to the
Ansible hosts file, run the playbook" as opposed to "dig out VNC and mess about
with everything and get interrupted by someone with something urgent and come
back and try to remember where I was..."
This seems pretty close to doable:
Ansible ought to be capable of dropping the bsd.rd into /boot and adding the
relevant lines to grub, then triggering a restart.
Creating partitions seems unnecessary if we can just get the sets via HTTP,
yes? Resizing partitions post-install would add complexity.
The autoinstall(8) man page (https://man.openbsd.org/autoinstall ) is a little
unclear on whether we need to build a custom dhcpd.conf if we are using a local
auto_install.conf, however I assume the answer is "no".
(If "yes," then Ansible would need to get the MAC address from the server
initially, build the dhcpd.conf, and put it in the bsd.rd before uploading...)
Since parameters such as root password, user's username, user password, user
SSH key, etc should be configured in the Ansible playbook or ancillary files, I
wonder if there is a way to have Ansible build a custom autoinstall.conf (using
templates) and insert it into bsd.rd immediately prior to uploading.
For that matter I can't find any instructions for editing bsd.rd or adding
files to it, did I miss a manpage somewhere?
(It's too bad supplying the file locally requires editing the image, it would
be nicer to drop the file onto /boot and then pass the filename as an argument
when booting...)
