Skip to content
Snippets Groups Projects
Commit 44c6a830 authored by nimrod's avatar nimrod
Browse files

Post on installing OpenBSD on the sg-2440.

parent 21a79a34
Branches
No related tags found
No related merge requests found
Pipeline #2217 failed
Stage: .pre
Stage: deploy
Show whitespace changes
Inline Side-by-side
content/openbsd-on-sg-2440.rst 0 → 100644
+ 210
0
View file @ 44c6a830
Installing OpenBSD on Netgate's SG-2440
#######################################
:date: 2021-09-19
:summary: Installing OpenBSD on Netgate's SG-2440
This is documentation on how to install OpenBSD (in this case 6.9 but the
procedure hasn't changed for as long as I can remember). Since the SG-2400 only
has a serial connection (no monitor output), about half of the is over the
serial console and the rest is over SSH. This post is for me to help me remember
what did I do last time.
#. Setting up the serial console
On the laptop:
.. code:: shell
sudo apt install screen
sudo modprobe cp210x
dmesg --follow
Now connect the cable and watch the :code:`dmesg` output to see the serial
connection being added (should be at :code:`/dev/ttyUSB0`) and then:
.. code:: shell
sudo screen /dev/ttyUSB0 115200
Insert the USB drive with the installer and reboot (:code:`shutdown -r now`).
To enable the serial connection in the installer, in the boot prompt run the
following commands:
.. code:: shell
stty com0 115200
set tty com0
boot
The interactive installer prompts and answers:
.. code:: shell
Terminal type? [vt220]
System hostname? (short form, e.g. 'foo') ns1
Available network interfaces are: em0 em1 em2 em3 em4 em5 vlan0.
Which network interface do you wish to configure? (or 'done') [em0] em1
IPv4 address for em1? (or 'dhcp' or 'none') [dhcp] 192.168.3.1
Netmask for em1? [255.255.255.0]
IPv6 address for em1? (or 'autoconf' or 'none') [none]
Available network interfaces are: em0 em1 em2 em3 em4 em5 vlan0.
Which network interface do you wish to configure? (or 'done') [done]
Default IPv4 route? (IPv4 address or none)
A response is required.
Default IPv4 route? (IPv4 address or none) none
DNS domain name? (e.g. 'example.com') [my.domain] shore.co.il
DNS nameservers? (IP address list or 'none') [none] 9.9.9.9
Password for root account? (will not echo)
Password for root account? (again)
The root password must be set.
Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes]
Change the default console to com1? [yes]
Available speeds are: 9600 19200 38400 57600 115200.
Which speed should com1 use? (or 'done') [115200]
Setup a user? (enter a lower-case loginname, or 'no') [no] nimrod
Full name for user nimrod? [nimrod] Nimrod Adar
Password for user nimrod? (will not echo)
Password for user nimrod? (again)
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] yes
Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: ATA, Micron_M600_MTFD, MU04 naa.500a0751122dae7a (119.2G)
sd1: SanDisk, Cruzer Blade, 1.26 serial.07815567071025103004 (3.7G)
sd2: Generic, Ultra HS-COMBO, 1.98 serial.04242240000000225001 (28.5G)
Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] sd2
Disk: sd2 Usable LBA: 64 to 59768768 [59768832 Sectors]
#: type [ start: size ]
------------------------------------------------------------------------
1: EFI Sys [ 64: 960 ]
3: OpenBSD [ 1024: 59767745 ]
Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit? [OpenBSD] w
Setting OpenBSD MBR partition to whole sd2...done.
The auto-allocated layout for sd2 is:
# size offset fstype [fsize bsize cpg]
a: 1024.0M 64 4.2BSD 2048 16384 1 # /
b: 1919.9M 2097216 swap
c: 29184.0M 0 unused
d: 1591.9M 6029088 4.2BSD 2048 16384 1 # /tmp
e: 2471.8M 9289248 4.2BSD 2048 16384 1 # /var
f: 3339.8M 14351488 4.2BSD 2048 16384 1 # /usr
g: 936.0M 21191488 4.2BSD 2048 16384 1 # /usr/X11R6
h: 3783.8M 23108320 4.2BSD 2048 16384 1 # /usr/local
i: 1668.0M 30857472 4.2BSD 2048 16384 1 # /usr/src
j: 5855.9M 34273472 4.2BSD 2048 16384 1 # /usr/obj
k: 6589.5M 46266432 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] a
/dev/rsd2a: 1024.0MB in 2097152 sectors of 512 bytes
6 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2k: 6589.5MB in 13495360 sectors of 512 bytes
33 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2d: 1591.9MB in 3260160 sectors of 512 bytes
8 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2f: 3339.8MB in 6840000 sectors of 512 bytes
17 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2g: 936.0MB in 1916832 sectors of 512 bytes
5 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2h: 3783.8MB in 7749152 sectors of 512 bytes
19 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2j: 5855.9MB in 11992960 sectors of 512 bytes
29 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2i: 1668.0MB in 3416000 sectors of 512 bytes
9 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
/dev/rsd2e: 2471.8MB in 5062240 sectors of 512 bytes
13 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
Available disks are: sd0 sd1.
Which disk do you wish to initialize? (or 'done') [done]
/dev/sd2a (46c9b63f83d3fd95.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd2k (46c9b63f83d3fd95.k) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2d (46c9b63f83d3fd95.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2f (46c9b63f83d3fd95.f) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
/dev/sd2g (46c9b63f83d3fd95.g) on /mnt/usr/X11R6 type ffs (rw, asynchronous, local, nodev)
/dev/sd2h (46c9b63f83d3fd95.h) on /mnt/usr/local type ffs (rw, asynchronous, local, nodev)
/dev/sd2j (46c9b63f83d3fd95.j) on /mnt/usr/obj type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2i (46c9b63f83d3fd95.i) on /mnt/usr/src type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2e (46c9b63f83d3fd95.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
Let's install the sets!
Location of sets? (disk http nfs or 'done') [http] disk
Is the disk partition already mounted? [yes] no
Available disks are: sd0 sd1 sd2.
Which disk contains the install media? (or 'done') [sd0] sd1
a: 1358848 1024 4.2BSD 2048 16384 16142
i: 960 64 MS-DOS
Available sd1 partitions are: a i.
Which sd1 partition has the install sets? (or 'done') [a]
Pathname to the sets? (or 'done') [6.9/amd64]
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
[X] bsd [X] base69.tgz [X] game69.tgz [X] xfont69.tgz
[X] bsd.mp [X] comp69.tgz [X] xbase69.tgz [X] xserv69.tgz
[X] bsd.rd [X] man69.tgz [X] xshare69.tgz
Set name(s)? (or 'abort' or 'done') [done] -x*
[X] bsd [X] base69.tgz [X] game69.tgz [ ] xfont69.tgz
[X] bsd.mp [X] comp69.tgz [ ] xbase69.tgz [ ] xserv69.tgz
[X] bsd.rd [X] man69.tgz [ ] xshare69.tgz
Set name(s)? (or 'abort' or 'done') [done] -game*
[X] bsd [X] base69.tgz [ ] game69.tgz [ ] xfont69.tgz
[X] bsd.mp [X] comp69.tgz [ ] xbase69.tgz [ ] xserv69.tgz
[X] bsd.rd [X] man69.tgz [ ] xshare69.tgz
Set name(s)? (or 'abort' or 'done') [done]
Directory does not contain SHA256.sig. Continue without verification? [no] yes
Installing bsd 100% |**************************| 20423 KB 00:01
Installing bsd.mp 100% |**************************| 20515 KB 00:01
Installing bsd.rd 100% |**************************| 4107 KB 00:00
Installing base69.tgz 100% |**************************| 291 MB 00:54
Extracting etc.tgz 100% |**************************| 254 KB 00:00
Installing comp69.tgz 100% |**************************| 85958 KB 00:26
Installing man69.tgz 100% |**************************| 7560 KB 00:06
Location of sets? (disk http nfs or 'done') [done]
What timezone are you in? ('?' for list) [Canada/Mountain] Israel
Saving configuration files... done.
Making all device nodes... done.
Multiprocessor machine; using bsd.mp instead of bsd.
Exit to (S)hell, (H)alt or (R)eboot? [reboot]
With this part done, I should be able to login as the root account over SSH (or
over the serial console). Now I should bootstrap the instance in the following
ways: setting up :code:`doas` for the regular user, setting up the internet
connection and adding the SSH public keys for the regular user. Then I can run
Ansible and setup everything else.
For the internet connection, I don't have any nice way of doing it, so I just
copy the connection details from the :code:`router` role in the :code:`homelab`
repository (get the password from the Keepass password database with :code:`ph
show --field Password 'Web Sites/Bezeq International'`).
Add the public SSH keys:
.. code:: shell
ssh 192.168.3.1 'mkdir -p .ssh; chmod 700 .ssh; touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys'
{ ssh-keygen -yf ~/.ssh/shore_ecdsa; ssh-keygen -yf ~/.ssh/shore_ed25519; } | ssh 192.168.3.1 'tee .ssh/authorized_keys'
Bootstrap the instance (in the :code:`homelab` repository):
.. code:: shell
ansible-playbook bootstrap.yaml -l ns1 -u root -k -e 'ansible_host=192.168.3.1'
Setup the router (still in the :code:`homelab` repository):
.. code:: shell
ansible-playbook router.yaml -e 'ansible_host-192.168.3.1'
ansible-playbook update.yaml -l ns1
Boom! Done.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment