OpenBSD Journal

[Ask OBSDJ] Rapidly deploying OpenBSD servers?

Contributed by Dengue on from the make-em-multiply dept.

Stephen Barr writes : "Greetings, Does anybody know of a way to rapidly deploy OpenBSD servers. At the office, we are migrating from KRUD (Kevin's Redhat Uber Distriution) to OpenBSD, and we need to ensure that there will be a way to quickly redeploy servers if the need arises.

Response here or to would be very much appreciated.

/* Stephen Barr */"

You might want to try Aaron Campbell's formula for creating and maintaining the USENIX terminal room.

(Comments are closed)

  1. By Blah () on

    What's the point of a website like this if it is just to ask people to email the solutions directly to the person asking? Post your answers, and then email a copy if you must, but I can imagine this information helping more than one person (if not myself at the moment).
    And I agree that creating a .tgz of the whole harddrive after OpenBSD has been setup sounds easiest, but I suppose there might be some sort of computer specific stuff that is important to setup, so anybody know of some sort of ready-made script for installing OpenBSD and setting up various things on a per-computer basis?
    Oh, and that link is to your https server. Is that intentional, or did you just put it in by mistake? You are trying to spread your certificate as much as possible by "accidentally" slipping in links to the https server every now and then, aren't you :P.

  2. By NullStream () on

    Instead of making a huge ass baseXX.tgz
    Make a tarball with just the changed files and call it localconfig.tgz or something and add it to a distro cd (by making a personal copy of course). When it asks if you want to add more packages you say yes and tell it to use localconfig.tgz this way you can use any version of openbsd and apply your platform|site specific changes to it.

    Of course I'm thinking in the long term.

    I'm also interested in trying to figure out what is MINIMALLY needed for a machine install and how it makes the hard drive bootable. This way you could replicate machines with a bootable cd and little to no interaction (aka faster).

    And since I'm on the topic of cd's it would be even better to put the final base on a non rewritiable media (aka CDR) and mount everything except home and /tmp (ram drive) and then do a union mount of things that could possibly change like /usr/bin or whatnot... this way you can have a secure base to start from and still add to it if you need to (aka mount /etc unioned and scp passwd dbases from a master controller at boot).

    Of course if you were that mad you would probably deal with bootp and since we're cheap and don't want to buy boot roms get yourself a decent network card (aka fxp) and PXE boot. :)

    Whoo hoo more off topic you could use the previous method to make pop toasters, web server farms, etc with the help of a switch and a net-app. Should you need more horse power you just throw together any type of box pop in an fxp plug into switch; power on and instant scaleablility. :) [doing that was the most fun I ever had... of course i was nudged in this direction by a previous co-worker]

  3. By Jack Barnett () on

    Create a tgz named localhost.tgz as mentioned in a previous post, then create a shell script to automatically edit all base.tgz specif files

    For example, have it go and change hostname, ipaddress, etc...

    Setup properly like this you can deploy a fully funcationly OpenBSD box in less than an hour or so (quicker if you have a faster computer).

    One of the most helpfully things is have a "standard" hardware configuation so you don't have to much around with hardware specif issuses. For example all sparc station 20's or all PC buildt the exact same way. (this way you can also release a customed compiled kernel also)

    Also don't forget to patch before you create the base.tgz! :) If a new patches come out, update you base.tgz just in case it has to be deployed on short notice.

    Also helpfully if you have the exact same arch, get a file server for /usr/src and /usr/obj, compile it on one machine and deploy it to all the rest of the machines by a simple `make install` then each machine doesn't have to keep src/obj local and doesn't have to waste time/hard disk/cpu building patches. Same goes for ports/packages.

  4. By Jeremy C. Reed () on

    If you have enough workstations to install that makes it workwhile, it may be a good idea to customize the sysinst boot disk. For example, with NetBSD, I have forced it to not prompt for answers and it automatically uses dhcp to gather network info and uses the defaults for installs. (Then just make sure it also installs this customized localhost.tgz set). Then once you have a customized install floppy, and a local dhcp server and FTP server with the install sets, you can install each station in just a one or two minutes of your time. (The install itself may take ten or 15 minutes; of course, depending on other factors.)

  5. By Jon Martin () on
    Naturally the web form completely mangled my post.
    I just have no luck with these web discussion
    gizmos. If this attempt gets mangled too, just
    check the URL above.

    A very similar question came up on the openbsd-misc mailing list recently.
    What follows is basically what I sent that person.

    This is what we do to install OpenBSD on whole labs full of machines at the
    University of Alberta Department of Computing Science.

    1. Setup a template box. Install OpenBSD, configure it for our needs,
    install additional third party software.
    2. Turn on rsh and give root a .rhosts files so root on the other lab machines
    will be able to access the template box.
    3. Drop this script into root's home dir (we call it "copybeast"):

    # Call this script as ``$0 ''
    cd /
    mv /tmp /otmp
    ln -s /mnt/tmp /tmp
    # start dumping filesystems
    cd /mnt/var
    rsh $1 "dump 0f - /dev/wd0h" | restore rf -
    rm restoresymtable
    cd /mnt/usr
    rsh $1 "dump 0f - /dev/wd0g" | restore rf -
    rm restoresymtable
    cd /mnt
    rsh $1 "dump 0f - /dev/wd0a" | restore rf -
    rm restoresymtable
    cd /
    # change a few key files
    echo $2 > /mnt/etc/myname
    echo $ > /mnt/var/local/qmail/control/me
    echo "inet $2 NONE" > /mnt/etc/hostname.xl0
    # install the boot block
    echo "installing boot block"
    /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot wd0
    echo "done"

    4. Boot a batch (how big the batch is depends on the speed of your disks and
    net) of target machine with an OpenBSD CD. Take them through the
    install process until it asks for root's password (so disks will be
    partitioned and net configured). Drop to command line.
    5. rsh template-box-ip "cat copybeast" > copybeast; chmod 700 copybeast
    6. ./copybeast template-box-ip whatever-my-name-is
    7. Reboot when they are done.
    8. Repeat for the next batch of machines. Obviously you now have a larger
    pool of templates and can do more target machines per batch (provided your
    network allows it).
    9. Remove the ~root/.rhosts, turn off rsh, and do any other final securing
    (eg. turning off CD booting and password protecting the BIOS) when
    completely done.

    Obviously the script needs to be tuned for your particular setup. You could
    probably do away with the .rhosts file too. We use it because we can then
    get lesser admins (not priviledged with root's password) to help.

  6. By Loki () on

    You might want to take a look at something from the OpenBSD mailing lists... see and also this follow-up: .

    Basically, create a tarball named site29.tgz (for 2.9) and drop it in the install directory. site.tgz will show up with the standard package list. The tarball will be exploded at / and / will automatically be run in a chrooted environment. The process is somewhat more flexible than the single base.tgz method, since you can use >

    I have used this to fully install & customize systems in less than 15 minutes.

  7. By Loki () on

    ...that should be, you can use "make release" to upgrade the base OS and local customization (IP Address and such) is easier, because it can be done at install time.

  8. By James () on

    If you're going to clone systems, there's some products out there that can make your life easier.

    Invest in some IDE hard drive carriers. They make cloning drives easy, as well as swaping out systems if something fails. Cost about USD $50 per machine. Well worth it.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]