OpenBSD Journal

Yaifo 0.4

Contributed by merdely on from the sshd-and-bsd.rd-and-network-upgrade-goodness dept.

Yaifo 0.4 has been released. After Waldemar Brodkorb's 0.2 release for OpenBSD 3.8 (previously covered on Undeadly), very little work has been done. I had released patches on my site for Yaifo to be used with OpenBSD 3.9 and OpenBSD 4.0 but no official updates had been released.

Yaifo (Yet Another Installer for OpenBSD) is basically a stock bsd.rd kernel with sshd enabled. It also includes RAIDFRAME support. Suppose you have a server that is 500 miles away and you want to either upgrade it or do a fresh install -- what do you do? You could download Yaifo for OpenBSD 4.1, edit the config file, copy your authorized_keys file, copy the server's ssh_host_* files, compile the yaifo.rd kernel, upload it to your server as /bsd and reboot. When the server comes back up, ssh to the server as root and you will be prompted with the familiar "(I)nstall, (U)pgrade or (S)hell?" prompt.

I recently received permission from Waldemar to take over the project, so I wanted to announce Yaifo 0.4.

Yaifo 0.4 includes the following features:

  • Support for the newest version of OpenBSD (4.1, 4.1-current)
  • Support for the ${SUDO} variable (can be set in /etc/mk.conf)
  • Support for using supplied ssh_host*_key files (vs. creating new ones each time)
  • Ask if ssh_host*_key files should be copied to the new install's /etc/ssh
  • Enabled setting the DNS search string in /etc/resolv.conf
  • Support for using a second NIC
  • Support for AMD64 kernels (I don't have the ability to test)

There are two files available for Yaifo 0.4:

To use Yaifo 0.4 with OpenBSD 4.1:

  1. Download and patch your source tree to /usr/src
  2. If you're not root, add "SUDO=sudo" to /etc/mk.conf
  3. Download yaifo-0.4-41 and untar it.
  4. Copy your authorized_keys file to the yaifo-0.4-41 directory
  5. If you're upgrading or re-installing an existing system, copy its /etc/ssh/ssh_host* files to the yaifo-0.4-41 directory
  6. Edit the yaifo-0.4-41/config file and modify it to your liking
  7. Make the yaifo.rd kernel: cd yaifo-0.4-41; make obj; make
  8. Copy the yaifo.rd kernel to the system you want to upgrade/re-install as /bsd
  9. Reboot the system
  10. Connect to the system: ssh root@<ip of system>
  11. Proceed with the upgrade/install as you normally would.
  12. When complete, do not type halt. Instead type reboot.
I always test my yaifo.rd kernel on a local system first to make sure that it looks the way Iexpect before upgrading a box across the country. Typos happen.

The future of Yaifo will include a new name, a home on SourceForge, continued updating for new versions of OpenBSD and, possibly, support for other architectures.

(Comments are closed)


Comments
  1. By Adam Karim (archite) adamk@apple.com on

    This is great news. I have used this on numerous occasions with great success. Good luck on the project and I will follow your progress!

  2. By David Chisnall (82.7.199.50) on

    I've got an OpenBSD server in a colo centre that has gone from 3.8 to 4.1 without needing any remote hands time; the upgrade instructions are pretty simple (it would be really nice if these could be put in a script, rather than a human-readable web page). The only thing that takes any time is recompiling Sendmail, since the version in the base system isn't build with WANT_SMTPAUTH (anyone know why not? Does it need the SASL headers installed at compile time?).

    Remote install, however, would have been incredibly useful. Installing OpenBSD is pretty easy when you know what you're doing. It's much harder when you are trying to talk a technician through the process over IM on an unfamiliar machine. If I could have burned a custom install CD with my SSH key on it, then this would have been a lot easier; simply send the colo company the install image and let them burn the CD and pop it in the machine on first boot.

    Comments
    1. By jirib (85.207.203.106) on

      > I've got an OpenBSD server in a colo centre that has gone from 3.8 to 4.1 without needing any remote hands time; the upgrade instructions are pretty simple (it would be really nice if these could be put in a script, rather than a human-readable web page). The only thing that takes any time is recompiling Sendmail, since the version in the base system isn't build with WANT_SMTPAUTH (anyone know why not? Does it need the SASL headers installed at compile time?).

      if you have ever recompiled sendmail with SASL you know it needs cyrus-sasl package installed :) i don't know much about Yaifo, but OpenBSD install supports siteXY.tgz (check FAQ) where you can put your updated binaries of SMTP-AUTH enabled sendmail... i haven't tried that yet but after recompiling sendmail put $DESTDIR somewhere and then tar it and put it in siteXY.tgz...

      Comments
      1. By Mike Erdely (merdely) on http://erdelynet.com/

        > if you have ever recompiled sendmail with SASL you know it needs cyrus-sasl package
        > installed :) i don't know much about Yaifo, but OpenBSD install supports siteXY.tgz (check
        > FAQ) where you can put your updated binaries of SMTP-AUTH enabled sendmail... i haven't
        > tried that yet but after recompiling sendmail put $DESTDIR somewhere and then tar it and put
        > it in siteXY.tgz...

        Yaifo supports siteXY.tgz and siteXY-`hostname`.tgz like the stock install.sub does.

    2. By Anonymous Coward (87.79.240.31) on

      > I've got an OpenBSD server in a colo centre that has gone from 3.8 to 4.1 without needing any remote hands time; the upgrade instructions are pretty simple (it would be really nice if these could be put in a script, rather than a human-readable web page). The only thing that takes any time is recompiling Sendmail, since the version in the base system isn't build with WANT_SMTPAUTH (anyone know why not? Does it need the SASL headers installed at compile time?).
      >

      Yes, following upgradeXX.html "Just works!" (Thanks Nick!) Did a lot of upgrades that way and till today it never went wrong. Having an image to dd back is calming anyway.

      SMTPAUTH requires the authentication infrastructure. Have a look at this thread:
      http://marc.info/?l=openbsd-misc&m=118323400025556&w=2

      > Remote install, however, would have been incredibly useful. Installing OpenBSD is pretty easy when you know what you're doing. It's much harder when you are trying to talk a technician through the process over IM on an unfamiliar machine. If I could have burned a custom install CD with my SSH key on it, then this would have been a lot easier; simply send the colo company the install image and let them burn the CD and pop it in the machine on first boot.

      You can dd the yaifo image onto the first disk and boot it, by yourself if your hoster supplies some kind of rescue-system or let them do it.

      Comments
      1. By jirib (85.207.203.106) on

        > > Remote install, however, would have been incredibly useful. Installing OpenBSD is pretty easy when you know what you're doing. It's much harder when you are trying to talk a technician through the process over IM on an unfamiliar machine. If I could have burned a custom install CD with my SSH key on it, then this would have been a lot easier; simply send the colo company the install image and let them burn the CD and pop it in the machine on first boot.
        >
        > You can dd the yaifo image onto the first disk and boot it, by yourself if your hoster supplies some kind of rescue-system or let them do it.

        well Yaifo "...this is basically bsd.rd with sshd+raidframe sprinkled in..."

        man boot.conf - you can specify what to boot after next reboot...

  3. By Anonymous Coward (87.79.240.31) on

    Thanks! Very much apreciated.

  4. By Maxim Bourmistrov (EN) maxim@openbsd.nu on http://www.openbsd.nu

    This is definitely what I should try out, as I have not time to travel back and forward to my colo!
    Thanks for moving this project forward.

  5. By jirib (85.207.203.106) on

    I'm looking forward Undeadly will cover as well binpatch :)

    why are these tools in ports? there is a lot of silly ports or non very often updated ports but this kind of userful ports is missing :(

    Comments
    1. By Anonymous Coward (85.207.203.106) on

      > why are these tools in ports? there is a lot of silly ports or non very often updated ports but this kind of userful ports is missing :(

      why are NOT these... (ooops)

    2. By Mike Erdely (merdely) on http://erdelynet.com/

      > I'm looking forward Undeadly will cover as well binpatch :)

      I'll see if I can find someone that knows something about binpatch to post a story...

      > why are these tools [NOT] in ports? there is a lot of silly ports or
      > non very often updated ports but this kind of userful ports is missing :(

      Tools like these are difficult to maintain through ports. It's basically source code that is recompiled on a case by case basis. I'll often have ~/yaifo-s1, ~/yaifo-s2, ... to maintain yaifo.rd kernels for multiple systems.

      If someone has ideas for making this into a port, I'm interested.

      Comments
      1. By Anonymous Coward (85.207.203.106) on

        what about syspatch - http://sf.net/project/syspatch
        has anybody tried that?

    3. By Anonymous Coward (213.41.244.253) on

      > I'm looking forward Undeadly will cover as well binpatch :)
      >
      > why are these tools in ports? there is a lot of silly ports or non very often updated ports but this kind of userful ports is missing :(

      You mean a usefull port that patches /usr/src???

  6. By sad undeadly reader (83.64.118.178) on

    wtf? some undeadly editors should be shot!

    what's next?

    come on guys, shut up your mouth!

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]