 |
| OpenBSD Free - Functional - Secure |
OpenBSD has also remained very niche over my 2+ decades of usage. OpenBSD is rarely offered as an install option by virtual private server (VPS) providers. Unfortunately this includes OVHcloud, my current choice for most of my server hosting needs.
Fortunately, the lack of an OpenBSD install image is not an absolute bar to running it as a guest OS on the OVHcloud VPS service.
Keep reading to learn how to install OpenBSD on the OVHcloud VPS service!
OVHcloud's VPS service is built on OpenStack with KVM as the hypervisor. OpenBSD runs as a guest on KVM. Therefore, a little extra work can get OpenBSD running on an OVHcloud VPS.
Alternatives exist to my approach. These rely more on third party software, such as booting the OpenBSD installation image with GRUB (see here), or installing OpenBSD on VirtualBox and then transferring the image to the OVHcloud VPS (see here).
My approach boots the OpenBSD miniroot installation image directly from the virtual disk of the OVHcloud VPS.
Step 1: Purchase VPS and Reboot in Rescue Mode
Purchase an OVHcloud VPS plan. Select one of the "distribution only" flavours of Linux. It does not matter which one you choose. It will soon be erased and replaced with OpenBSD.
After receiving confirmation that your VPS is provisioned by OVHcloud, load the VPS page in the OVHcloud control panel and "reboot in rescue mode" from the "Boot" options menu (as of writing, but the control panel layout has changed over the years, and likely will again). Wait a few minutes for the the rescue mode image to boot (a minimal install of Debian 10, as of writing).
Once the Debian image has booted, you can open a noVNC console window for your VPS from the OVHcloud control panel (labelled "KVM" in the "Name" options menu, as of writing). Log into Debian using the provided random password.
Step 2: Document the Network Configuration
The OVHcloud control panel does not provide all network configuration information necessary to install OpenBSD. For as long as OVHcloud has been my preferred provider, they have assigned each VPS a gateway that resides on different subnet than the VPS. Unfortunately, the gateway IP address for a VPS cannot be found in the OVHcloud control panel. OpenBSD will not connect to the Internet without configuring the correct gateway IP address.
Therefore, before installing OpenBSD it is necessary to document the network configuration by booting the rescue mode Debian image.
Enter the following command in the noVNC console to confirm the IP address configuration for the virtual network interface of the VPS:
$ ifconfig
This will display the configuration information for all network interfaces on the VPS (one virtual interface plus the loopback interface, as of writing). Confirm that the virtual interface is configured to broadcast on its own IP (netmask 255.255.255.255). You may want to note the IP address and netmask for easy reference during the OpenBSD installation.
Next, enter the following command to confirm the IP address of the gateway assigned to the VPS:
$ ip route
The output should include a line similar to "default via xxx.xxx.xxx.xxx dev ens3", where "xxx.xxx.xxx.xxx" is the IP address of the gateway assigned to the VPS. You definitely want to note the gateway IP address for use during the OpenBSD installation.
Then, optionally, you may want to enter the following command to confirm the OVHcloud name server:
$ cat /etc/resolv.conf
The output should include a line similar to "nameserver xxx.xxx.xxx.xxx", where "xxx.xxx.xxx.xxx" is the IP address of the OVHcloud name server. You may want to note this IP address for use during the OpenBSD installation, unless you prefer to use some other public name server.
Step 3: Prepare the VPS Virtual Disk to Boot the OpenBSD Installer
OpenBSD provides a download of a raw disk image to write the OpenBSD installer onto a flash disk. It works equally well when written to the virtual disk of an OVHcloud VPS.
Enter the following command into the noVNC console to retrieve the OpenBSD installer image file (for OpenBSD release 7.2, as of writing):
$ wget https://cdn.openbsd.org/pub/OpenBSD/7.2/amd64/miniroot72.img
Next, enter the following command to retrieve the file that includes the SHA256 hash for the OpenBSD installer image file:
$ wget https://cdn.openbsd.org/pub/OpenBSD/7.2/amd64/SHA256
Next, enter the following command to verify the integrity of the OpenBSD installer image file:
$ sha256sum -c --ignore-missing SHA256
The output should be similar to "miniroot72.img: OK".
Next, enter the following command to verify the block device name of the virtual disk for the VPS:
$ lsblk
The output should return two physical block device names. The OVHcloud rescue disk should be 2.5G in size and might be named "sda". The other disk should be the virtual disk for the VPS and might be named "sdb". Verify that the second disk is the same size as configured under your chosen OVHcloud VPS plan. Assuming that the virtual disk is named "sdb", enter the following command to overwrite it with the OpenBSD installer image:
$ dd if=miniroot72.img of=/dev/sdb bs=1M
Finally, return to the OVHcloud control panel and choose the option to "Reboot my VPS" from the "Boot" options menu. This will reboot the VPS into the OpenBSD installer. You will need to reopen the noVNC console after waiting a few minutes for the reboot to complete.
Step 4: Install OpenBSD
Install OpenBSD in your preferred manner, with four exceptions:
Exception 1
When prompted with "Netmask for vio0?", enter the netmask as 255.255.255.255.
Exception 2
When prompted with "Default IPv4 route?", enter ! (type an exclamation mark followed by the Enter key) to drop to the shell. Then enter the following command to add the IP address of the gateway assigned to the VPS as the default gateway on the vio0 interface, replacing "xxx.xxx.xxx.xxx" with the gateway IP address that you noted in Step 2:
# route add -inet xxx.xxx.xxx.xxx/32 -link -iface vio0
The output in response to this command should be similar to "add host xxx.xxx.xxx.xxx/32: gateway vio0".
Next, enter the following command to exit the shell and continue with the install script:
# exit
Then, enter the gateway IP address that you noted in Step 2 at the prompt for "Default IPv4 route?".
Exception 3
When prompted with "Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit?", enter W to allocate the entire virtual disk of the VPS for OpenBSD.
Important note: the OpenBSD installer will be wiped from the virtual disk at this point, but it will not impact the current installation because the installer is fully copied into memory at boot. The only potential problem exists if the VPS is rebooted before the OpenBSD installation is completed.
Exception 4
When prompted with "Exit to (S)hell, (H)alt or (R)eboot?", enter S to drop to the shell. Assuming that OpenBSD was installed in a typical manner, the root of the new install should be mounted at /mnt. If so, enter the following commands into the shell, replacing "xxx.xxx.xxx.xxx" with the gateway IP address you noted in Step 2:
# sed -i '1i\
> !route add -inet xxx.xxx.xxx.xxx/32 -link -iface vio0
> ' /mnt/etc/mygate
# cat /mnt/etc/mygate
The final output should be similar to the following, where "xxx.xxx.xxx.xxx" is the IP address of the gateway assigned to the VPS:
!route add -inet xxx.xxx.xxx.xxx/32 -link -iface vio0
xxx.xxx.xxx.xxx
Step 5: Complete Installation and Reboot
The OpenBSD installation is complete, barring any other desired changes before first boot.
Once finished, reboot from the shell. Assuming the installation was performed correctly, the VPS will boot OpenBSD and it will be accessible via SSH.
No comments :
Post a Comment