From 44c6a8300bf4ea0c9c945a4d4f94b31c2e624b70 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 19 Sep 2021 16:26:25 +0300
Subject: [PATCH] Post on installing OpenBSD on the sg-2440.
---
content/openbsd-on-sg-2440.rst | 210 +++++++++++++++++++++++++++++++++
1 file changed, 210 insertions(+)
create mode 100644 content/openbsd-on-sg-2440.rst
diff --git a/content/openbsd-on-sg-2440.rst b/content/openbsd-on-sg-2440.rst
new file mode 100644
index 0000000..53a45fc
--- /dev/null
+++ b/content/openbsd-on-sg-2440.rst
@@ -0,0 +1,210 @@
+Installing OpenBSD on Netgate's SG-2440
+#######################################
+:date: 2021-09-19
+:summary: Installing OpenBSD on Netgate's SG-2440
+
+This is documentation on how to install OpenBSD (in this case 6.9 but the
+procedure hasn't changed for as long as I can remember). Since the SG-2400 only
+has a serial connection (no monitor output), about half of the is over the
+serial console and the rest is over SSH. This post is for me to help me remember
+what did I do last time.
+
+#. Setting up the serial console
+
+On the laptop:
+
+.. code:: shell
+
+ sudo apt install screen
+ sudo modprobe cp210x
+ dmesg --follow
+
+
+Now connect the cable and watch the :code:`dmesg` output to see the serial
+connection being added (should be at :code:`/dev/ttyUSB0`) and then:
+
+.. code:: shell
+
+ sudo screen /dev/ttyUSB0 115200
+
+
+Insert the USB drive with the installer and reboot (:code:`shutdown -r now`).
+To enable the serial connection in the installer, in the boot prompt run the
+following commands:
+
+
+.. code:: shell
+
+ stty com0 115200
+ set tty com0
+ boot
+
+
+The interactive installer prompts and answers:
+
+.. code:: shell
+
+ Terminal type? [vt220]
+ System hostname? (short form, e.g. 'foo') ns1
+ Available network interfaces are: em0 em1 em2 em3 em4 em5 vlan0.
+ Which network interface do you wish to configure? (or 'done') [em0] em1
+ IPv4 address for em1? (or 'dhcp' or 'none') [dhcp] 192.168.3.1
+ Netmask for em1? [255.255.255.0]
+ IPv6 address for em1? (or 'autoconf' or 'none') [none]
+ Available network interfaces are: em0 em1 em2 em3 em4 em5 vlan0.
+ Which network interface do you wish to configure? (or 'done') [done]
+ Default IPv4 route? (IPv4 address or none)
+ A response is required.
+ Default IPv4 route? (IPv4 address or none) none
+ DNS domain name? (e.g. 'example.com') [my.domain] shore.co.il
+ DNS nameservers? (IP address list or 'none') [none] 9.9.9.9
+
+ Password for root account? (will not echo)
+ Password for root account? (again)
+ The root password must be set.
+ Password for root account? (will not echo)
+ Password for root account? (again)
+ Start sshd(8) by default? [yes]
+ Change the default console to com1? [yes]
+ Available speeds are: 9600 19200 38400 57600 115200.
+ Which speed should com1 use? (or 'done') [115200]
+ Setup a user? (enter a lower-case loginname, or 'no') [no] nimrod
+ Full name for user nimrod? [nimrod] Nimrod Adar
+ Password for user nimrod? (will not echo)
+ Password for user nimrod? (again)
+ WARNING: root is targeted by password guessing attacks, pubkeys are safer.
+ Allow root ssh login? (yes, no, prohibit-password) [no] yes
+
+ Available disks are: sd0 sd1 sd2.
+ Which disk is the root disk? ('?' for details) [sd0] ?
+ sd0: ATA, Micron_M600_MTFD, MU04 naa.500a0751122dae7a (119.2G)
+ sd1: SanDisk, Cruzer Blade, 1.26 serial.07815567071025103004 (3.7G)
+ sd2: Generic, Ultra HS-COMBO, 1.98 serial.04242240000000225001 (28.5G)
+ Available disks are: sd0 sd1 sd2.
+ Which disk is the root disk? ('?' for details) [sd0] sd2
+ Disk: sd2 Usable LBA: 64 to 59768768 [59768832 Sectors]
+ #: type [ start: size ]
+ ------------------------------------------------------------------------
+ 1: EFI Sys [ 64: 960 ]
+ 3: OpenBSD [ 1024: 59767745 ]
+ Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit? [OpenBSD] w
+ Setting OpenBSD MBR partition to whole sd2...done.
+ The auto-allocated layout for sd2 is:
+ # size offset fstype [fsize bsize cpg]
+ a: 1024.0M 64 4.2BSD 2048 16384 1 # /
+ b: 1919.9M 2097216 swap
+ c: 29184.0M 0 unused
+ d: 1591.9M 6029088 4.2BSD 2048 16384 1 # /tmp
+ e: 2471.8M 9289248 4.2BSD 2048 16384 1 # /var
+ f: 3339.8M 14351488 4.2BSD 2048 16384 1 # /usr
+ g: 936.0M 21191488 4.2BSD 2048 16384 1 # /usr/X11R6
+ h: 3783.8M 23108320 4.2BSD 2048 16384 1 # /usr/local
+ i: 1668.0M 30857472 4.2BSD 2048 16384 1 # /usr/src
+ j: 5855.9M 34273472 4.2BSD 2048 16384 1 # /usr/obj
+ k: 6589.5M 46266432 4.2BSD 2048 16384 1 # /home
+ Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] a
+ /dev/rsd2a: 1024.0MB in 2097152 sectors of 512 bytes
+ 6 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2k: 6589.5MB in 13495360 sectors of 512 bytes
+ 33 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2d: 1591.9MB in 3260160 sectors of 512 bytes
+ 8 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2f: 3339.8MB in 6840000 sectors of 512 bytes
+ 17 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2g: 936.0MB in 1916832 sectors of 512 bytes
+ 5 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2h: 3783.8MB in 7749152 sectors of 512 bytes
+ 19 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2j: 5855.9MB in 11992960 sectors of 512 bytes
+ 29 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2i: 1668.0MB in 3416000 sectors of 512 bytes
+ 9 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ /dev/rsd2e: 2471.8MB in 5062240 sectors of 512 bytes
+ 13 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
+ Available disks are: sd0 sd1.
+ Which disk do you wish to initialize? (or 'done') [done]
+ /dev/sd2a (46c9b63f83d3fd95.a) on /mnt type ffs (rw, asynchronous, local)
+ /dev/sd2k (46c9b63f83d3fd95.k) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
+ /dev/sd2d (46c9b63f83d3fd95.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
+ /dev/sd2f (46c9b63f83d3fd95.f) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
+ /dev/sd2g (46c9b63f83d3fd95.g) on /mnt/usr/X11R6 type ffs (rw, asynchronous, local, nodev)
+ /dev/sd2h (46c9b63f83d3fd95.h) on /mnt/usr/local type ffs (rw, asynchronous, local, nodev)
+ /dev/sd2j (46c9b63f83d3fd95.j) on /mnt/usr/obj type ffs (rw, asynchronous, local, nodev, nosuid)
+ /dev/sd2i (46c9b63f83d3fd95.i) on /mnt/usr/src type ffs (rw, asynchronous, local, nodev, nosuid)
+ /dev/sd2e (46c9b63f83d3fd95.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
+
+ Let's install the sets!
+ Location of sets? (disk http nfs or 'done') [http] disk
+ Is the disk partition already mounted? [yes] no
+ Available disks are: sd0 sd1 sd2.
+ Which disk contains the install media? (or 'done') [sd0] sd1
+ a: 1358848 1024 4.2BSD 2048 16384 16142
+ i: 960 64 MS-DOS
+ Available sd1 partitions are: a i.
+ Which sd1 partition has the install sets? (or 'done') [a]
+ Pathname to the sets? (or 'done') [6.9/amd64]
+
+ Select sets by entering a set name, a file name pattern or 'all'. De-select
+ sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
+ [X] bsd [X] base69.tgz [X] game69.tgz [X] xfont69.tgz
+ [X] bsd.mp [X] comp69.tgz [X] xbase69.tgz [X] xserv69.tgz
+ [X] bsd.rd [X] man69.tgz [X] xshare69.tgz
+ Set name(s)? (or 'abort' or 'done') [done] -x*
+ [X] bsd [X] base69.tgz [X] game69.tgz [ ] xfont69.tgz
+ [X] bsd.mp [X] comp69.tgz [ ] xbase69.tgz [ ] xserv69.tgz
+ [X] bsd.rd [X] man69.tgz [ ] xshare69.tgz
+ Set name(s)? (or 'abort' or 'done') [done] -game*
+ [X] bsd [X] base69.tgz [ ] game69.tgz [ ] xfont69.tgz
+ [X] bsd.mp [X] comp69.tgz [ ] xbase69.tgz [ ] xserv69.tgz
+ [X] bsd.rd [X] man69.tgz [ ] xshare69.tgz
+ Set name(s)? (or 'abort' or 'done') [done]
+ Directory does not contain SHA256.sig. Continue without verification? [no] yes
+ Installing bsd 100% |**************************| 20423 KB 00:01
+ Installing bsd.mp 100% |**************************| 20515 KB 00:01
+ Installing bsd.rd 100% |**************************| 4107 KB 00:00
+ Installing base69.tgz 100% |**************************| 291 MB 00:54
+ Extracting etc.tgz 100% |**************************| 254 KB 00:00
+ Installing comp69.tgz 100% |**************************| 85958 KB 00:26
+ Installing man69.tgz 100% |**************************| 7560 KB 00:06
+ Location of sets? (disk http nfs or 'done') [done]
+
+ What timezone are you in? ('?' for list) [Canada/Mountain] Israel
+ Saving configuration files... done.
+ Making all device nodes... done.
+ Multiprocessor machine; using bsd.mp instead of bsd.
+ Exit to (S)hell, (H)alt or (R)eboot? [reboot]
+
+
+With this part done, I should be able to login as the root account over SSH (or
+over the serial console). Now I should bootstrap the instance in the following
+ways: setting up :code:`doas` for the regular user, setting up the internet
+connection and adding the SSH public keys for the regular user. Then I can run
+Ansible and setup everything else.
+
+For the internet connection, I don't have any nice way of doing it, so I just
+copy the connection details from the :code:`router` role in the :code:`homelab`
+repository (get the password from the Keepass password database with :code:`ph
+show --field Password 'Web Sites/Bezeq International'`).
+
+Add the public SSH keys:
+
+.. code:: shell
+
+ ssh 192.168.3.1 'mkdir -p .ssh; chmod 700 .ssh; touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys'
+ { ssh-keygen -yf ~/.ssh/shore_ecdsa; ssh-keygen -yf ~/.ssh/shore_ed25519; } | ssh 192.168.3.1 'tee .ssh/authorized_keys'
+
+Bootstrap the instance (in the :code:`homelab` repository):
+
+.. code:: shell
+
+ ansible-playbook bootstrap.yaml -l ns1 -u root -k -e 'ansible_host=192.168.3.1'
+
+Setup the router (still in the :code:`homelab` repository):
+
+.. code:: shell
+
+ ansible-playbook router.yaml -e 'ansible_host-192.168.3.1'
+ ansible-playbook update.yaml -l ns1
+
+
+Boom! Done.
--
GitLab