Re: Automated remote install
> On Dec 19, 2018, at 9:24 AM, andrew fabbro wrote: > Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my > experience, 100% will add it to their library if you request it. > > Note that I'm referring to KVM providers (traditional VPS providers), not > "public cloud". The big boys - AWS, Azure, Google, etc. are not interested > in OpenBSD. > > The mid-tier players - DigitalOcean, Vultr, Linode - are semi-interested. > Vultr offers it natively. You can shim on Linode or DO but why bother then > the main field of KVM players (there are thousands) offer it. If you > search for a VPS provider that offers KVM (not OpenVZ, VIrtuozzo, or Xen) > you will find many. I’ve got a few static IP’s & a stable 6.3 machine. Might trade you a VMM/VMD for a few beers. Regards Patrick
Re: Automated remote install
On Fri, Dec 21, 2018 at 04:39:07PM +0545, Frank Beuth wrote: > > (No, switching to Vultr/Linode/etc is not an option) > NO Vultr is definitely NOT an option. >From a thread I started in m...@opensmtpd.org Vultr has started offering baremetal servers. I made the big mistake of using one. They are only buying completely burned class C blocks of spam blacklisted of IP addresses. Their staff is not competent and whoever is trying to save a few pennies by buying burned IP blocks is a sure sign of problems ahead. You could get good service as a cloud provider, but with middle management this idiotic, you will see problems later. Using Vultr has cost me two domains that are now blacklisted even after dropping Vultr. They lie and say that they will try to unblacklist the IP address that is in an un-blacklistable list. I rate them negative 5 stars and get a lawyer. Pissed, Chris Bennett
Re: Automated remote install
On Wed, Dec 19, 2018 at 07:24:12AM -0800, andrew fabbro wrote: Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my experience, 100% will add it to their library if you request it. I did a quick survey, and found that of the providers I currently work with who offer OpenBSD ISOs, most/all of them: - Require using VNC during installation (no automated install) - Do not offer encrypted VNC ... "Now I remember why I started this thread!" While setting up SSH key-based auth as part of the install process will mitigate someone sniffing passwords and using them to log in, if you have any suggestions for securing this kind of setup further, they would be welcome. (No, switching to Vultr/Linode/etc is not an option)
Re: Automated remote install
Philipp Buehler writes: > Am 20.12.2018 19:24 schrieb cho...@jtan.com: > > I'm not sure what you mean by that. The script I posted the other day > > is part of a (working, tested) process to create an openbsd image > > within openbsd and then upload it to aws as an iam. I based it on, I > > think, an earlier version of the instructions linked above. No linux > > or osx required (no osx even present). > > News to me that vagrant and esp. virtualbox is available on OpenBSD. Well obviously I didn't use those, they're shit. Which part of "based it on" wasn't clear? I used vmm and sh, which make the 'standing up a vm' part of the process so simple that the scripts which implement it barely deserve the name. Matthew
Re: Automated remote install
Am 20.12.2018 19:24 schrieb cho...@jtan.com: I'm not sure what you mean by that. The script I posted the other day is part of a (working, tested) process to create an openbsd image within openbsd and then upload it to aws as an iam. I based it on, I think, an earlier version of the instructions linked above. No linux or osx required (no osx even present). News to me that vagrant and esp. virtualbox is available on OpenBSD. -- pb
Re: Automated remote install
Philipp Buehler writes: > Am 20.12.2018 18:13 schrieb David Diggles: > > However it's possible to build for AWS. > > https://github.com/ajacoutot/aws-openbsd > > and there's more stuff "in the pipe", since the above > needs a Linux or OSX environment > > Next year ;) it'll be possible to do this on OpenBSD > (vmm/packer/vagrant). I'm not sure what you mean by that. The script I posted the other day is part of a (working, tested) process to create an openbsd image within openbsd and then upload it to aws as an iam. I based it on, I think, an earlier version of the instructions linked above. No linux or osx required (no osx even present). Matthew
Re: Automated remote install
Am 20.12.2018 18:13 schrieb David Diggles: However it's possible to build for AWS. https://github.com/ajacoutot/aws-openbsd and there's more stuff "in the pipe", since the above needs a Linux or OSX environment Next year ;) it'll be possible to do this on OpenBSD (vmm/packer/vagrant). ciao -- pb
Re: Automated remote install
>Note that I'm referring to KVM providers (traditional VPS providers), >not >"public cloud". The big boys - AWS, Azure, Google, etc. are not >interested >in OpenBSD. However it's possible to build for AWS. https://github.com/ajacoutot/aws-openbsd
Re: Automated remote install
On Wed, Dec 19, 2018 at 07:24:12AM -0800, andrew fabbro wrote: Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my experience, 100% will add it to their library if you request it. That's an excellent idea, especially from the perspective of making OpenBSD adoption easier for others as well. ("click the button" vs "don't forget the `--hail-puffy-full-of-grace` flag on `ansible-playbook`") In this particular case -- where I frequently need to spin up servers in exotic and unusual places -- it's not ideal, of course.
Re: Automated remote install
On Tue, Dec 18, 2018 at 1:03 AM Frank Beuth wrote: > On Mon, Dec 17, 2018 at 02:35:41PM -0200, Daniel Bolgheroni wrote: > >If you're going to run on some public cloud, they usually offer the > >possibility of keeping a custom image you provide, and use this image to > >deploy new VMs based on it. > > "usually" being the key word here :) > Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my experience, 100% will add it to their library if you request it. Note that I'm referring to KVM providers (traditional VPS providers), not "public cloud". The big boys - AWS, Azure, Google, etc. are not interested in OpenBSD. The mid-tier players - DigitalOcean, Vultr, Linode - are semi-interested. Vultr offers it natively. You can shim on Linode or DO but why bother then the main field of KVM players (there are thousands) offer it. If you search for a VPS provider that offers KVM (not OpenVZ, VIrtuozzo, or Xen) you will find many. -- andrew fabbro and...@fabbro.org
Re: Automated remote install
On Mon, Dec 17, 2018 at 01:36:57PM +, secli...@boxdan.com wrote: > On Mon, Dec 17, 2018 at 10:22:56AM -0200, Daniel Bolgheroni wrote: > > Maybe ansible is not the answer here. > > You are probably correct. Do you know a better way? If you're going to run on some public cloud, they usually offer the possibility of keeping a custom image you provide, and use this image to deploy new VMs based on it. You can do a normal install and customize it adding the python package (you do not need ansible on the target machine, just python) and your public ssh key for the user ansible will use to connect. This customization can be done manually or using siteXX.tgz and install.site that OpenBSD provides: https://www.openbsd.org/faq/faq4.html#site >From here you should be able to point ansible from the control machine to the target VM, and run your playbook to further customize your installation. Of course that, at this point, the network should be already up. This depends on your public cloud, but usually a 'dhcp' inside your hostname.if(5) will do. But note again this is not a fully-automated installation using ansible, which isn't trivial on any OS. But it helps a lot. -- db
Re: Automated remote install
On Mon, Dec 17, 2018 at 10:22:56AM -0200, Daniel Bolgheroni wrote: Maybe ansible is not the answer here. You are probably correct. Do you know a better way?
Re: Automated remote install
On Mon, Dec 17, 2018 at 09:23:08AM +, secli...@boxdan.com wrote: > Has anyone successfully automated (i.e with Ansible/etc) the process of > installing OpenBSD on a remote server? > > The most recent attempts at remote installation (manual or automated) that I > was able to find, are fairly old: > https://jcs.org/notaweblog/2014/09/12/remotely_installing_openbsd_qemu > https://github.com/jedisct1/yaifo > https://www.dim13.org/Install-OpenBSD-on-remote-host-without-KVM > http://frankgroeneveld.nl/2014/04/13/remote-installation-of-openbsd-from-linux/ > > jcs indicates that his QEMU-based method demands knowing what kind of > network card is in the server. This seems hard to automate. I don't know how you would do this with ansible, since the node requirement is at least a network connection already running, ssh (which is not in bsd.rd) and python (which is only on ports). In another words, a pretty complete OS setup already. See this: https://docs.ansible.com/ansible/2.7/installation_guide/intro_installation.html#managed-node-requirements And some problems Joshua Stein described he could hit with YAIFO (the first link you posted) would also apply here. Note that this isn't limited to OpenBSD. Maybe ansible is not the answer here. Cheers, -- db
Re: Automated remote install
Den mån 17 dec. 2018 kl 11:19 skrev : > > Has anyone successfully automated (i.e with Ansible/etc) the process of > installing OpenBSD on a remote server? > > jcs indicates that his QEMU-based method demands knowing what kind of network > card is in the server. This seems hard to automate. I think you can prepopulate a ton of /etc/hostname.0 configs all saying "dhcp" and cover a wide range of emulated network hardware in order to get a reachable machine for which later configs (like more ifs and so forth) can be set. -- May the most significant bit of your life be positive.