OpenBSD
OpenBSD is a free and open-source Unix-like operating system known for its emphasis on security, correctness, and a
strong commitment to free and open-source software principles. Developed by a community of volunteers, OpenBSD
prioritizes code quality and rigorous security auditing, making it a preferred choice for security-conscious users and
organizations. The system's proactive security features, such as privilege separation and a focus on secure coding
practices, contribute to its reputation as one of the most secure operating systems available. OpenBSD supports various
hardware architectures and includes a range of built-in utilities and services. Its commitment to simplicity, clarity,
and a secure default configuration has established OpenBSD as a reliable platform for network infrastructure, firewalls,
and security-focused applications.
OpenBSD with American Cloud
American Cloud offers two OpenBSD options.
- OpenBSD (Beta) -Predefined with a 25GB startup disk and cloud init allowing interaction with CMP functions.
- OpenBSD (Beta) -Self-Install version which requires more robust technical knowledge to utilze all the resources
within the CMP. This documentation will discuss both.
OpenBSD (Beta) -Predefined
Build Instance
1. Login to the Web Portal with a valid American Cloud account
2. On the left navigation column choose 'Cloud Compute'
3. Click on "Create an Instance" select your "Project" and click "Proceed"
4. Select your location and network. Under "Choose Server Image" select "Other Services" tab and choose "OpenBSD 7.4
Beta"
5. Choose server size
Important: The base template will provide a 25GB root disk no matter the SSD selected. Therefore, only choose a 25GB
root disk for pricing purposes. Later in the documentation, more storage will be allocated.
6. Click on Review and Deploy once reviewed click on Deploy Now
Upon initial boot the American Cloud CMP will show a running status moments before the full boot is complete. By opening
the console the boot process can be observed.
Add Additional Storage
- As discussed previously additional storage may be required. American Cloud provides this through block storage.
Select here for additional documentation on building Block Storage Click Here. Ensure when building the block
storage volume that the newly built instance is selected.
1. OpenBSD lacks a hot-add function. Therefore, a reboot is required following the build of block storage Reboot the
system either through the CMP or command sudo reboot.
Retrieve Disk Information
1. Upon reboot, use the command sysctl -a | grep -i disk. The disk count will be printed onto the screen.
ac-openbsd$ sysctl -a | grep -i disk
hw.disknames=cd0:,sd0:5ca267e7629f19b2,sd1:,fd0:
hw.diskcount=4
machdep.bios.diskinfo.128=bootdev = 0xa0000204, cylinders = 1023, heads = 255, sectors = 63
2. Access root using sudo -i and run the command disklabel sd1 to print the drive information
ac-openbsd# disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: Block Device
duid: 0000000000000000
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 6527
total sectors: 104857600
boundstart: 0
boundend: 104857600
16 partitions:
# size offset fstype [fsize bsize cpg]
c: 104857600 0 unused
Partition the Drive
Command Function
help Display summary of available commands
manual Display fdisk man page
reinit Initialize the partition table
setpid Set identifier of table entry
edit Edit table entry
flag Set flag value of table entry
update Update MBR bootcode
select Select MBR extended table entry
swap Swap two table entries
print Print partition table
write Write partition table to disk
exit Discard changes and exit edit level
quit Save changes and exit edit level
abort Discard changes and terminate fdisk
1. Partition the drive using fdisk -e sd1
ac-openbsd# fdisk -e sd1
Enter 'help' for information
sd1: 1>
2. Use the print command to list the available partitions
sd1: 1> p
Disk: sd1 geometry: 6527/255/63 [104857600 Sectors]
Offset: 0 Signature: 0x0
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
-------------------------------------------------------------------------------
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
3. Determine how to partition the drive and use the edit command to make adjustments.
For this example a single 50GB partition will be built on partition 3
4. Select the partition id. To print a list of identifiers type ?. For an identifier of OpenBSD utilize A6
5. Determine to use CHS or not.
6. Determine the partition offset and size
sd1: 1> edit 3
Partition id ('0' to disable) [01 - FF]: [00] (? for help) A6
Do you wish to edit in CHS mode? [n] n
Partition offset [0 - 104857599]: [0] 0
Partition size [1 - 104857600]: [1] 104857600
7. Using the print command ensure the partition has been created. If satisfied use the quit command to save & exit
fdisk
8. Build the new file system using the command newfs sd1c.
Mount Drive
1. Using either nano or vim, open /etc/fstab. Insert the drive info using (duid /location perms)
ex...786d2bc033bfc8ff.c /mnt/test1 ffs rw,wxallowed 1 1
2. Using the mkdir command build the location for the drive
ac-openbsd# mkdir /mnt/test1
3. Using mount -a command will mount all drives in the /etc/fstab file.
4. Finally list the drives using df -h
ac-openbsd# df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/sd0a 24.2G 1.4G 21.6G 7% /
/dev/sd1c 48.4G 2.0K 46.0G 1% /mnt/test1
/dev/sdc1c at /mnt/test1 has been added
OpenBSD (Beta) -Self-Install
Build Instance
1. Login to the Web Portal with a valid American Cloud account
2. On the left navigation column choose 'Cloud Compute'
3. Click on "Create an Instance" select your "Project" and click "Proceed"
4. Select your location and network. Under "Choose Server Image" select "Other Services" tab and choose "OpenBSD 7.4
Beta"
5. Choose server size
6. Click on Review and Deploy once reviewed click on Deploy Now
Upon initial boot the American Cloud CMP will show a running status moments before the full boot is complete. By opening
the console the boot process can be observed.
Finalize Install
At first build the OpenBSD instances will not be receiving input from the CMP. Therefore, the console should be used to
interact with the instance.
1. On the instance overview page launch the console utilizing the console toggle
2. An initial install page will be displayed. Hit the enter key to continue
3. Select the desired boot mode. This documentation will focus on normal boot mode
While conducting the initial setup options surrounded by "[ ]" are default.
4. Provide keyboard and hostname for the instance. This will be adjusted later in the documentation
Welcome to the OpenBSD/amd64 7.4 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
Choose your keyboard layout ('?' or 'L' for list) [default]
System hostname? (short form, e.g. 'foo') ac_openbsd
5. Establish the network configuration
Available network interfaces are: em0 vlan0.
Network interface to configure? (name, lladdr, '?', or 'done') [em0]
IPv4 address for em0? (or 'autoconf' or 'none') [autoconf]
IPv6 address for em0? (or 'autoconf' or 'none') [none]
Available network interfaces are: em0 vlan0.
Network interface to configure? (name, lladdr, '?', or 'done') [done]
6. Configure root account information. This documentation is prohibiting-password for ssh login and should be adjusted
to fit requirements
Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes]
Do you expect to run the X Window System? [yes] no
Change the default console to com0? [no]
Setup a user? (enter a lower-case loginname, or 'no') [no]
Allow root ssh login? (yes, no, prohibit-password) [no] prohibit-password
What timezone are you in? ('?' for list) [US/Eastern] UTC
7. Configure the required disk space. There are several options. This documentation a custom layout is utilized. The
disk space was determined by step 5 in the Build Instance section
Available disks are: sd0.
Which disk is the root disk ('?' for details) [sd0]
Encrypt the root disk with a passphrase? [no]
Use (W)hole disk MBR, whole disk )G)PT or (E)dit? [whole]
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] C
Label editor (enter '?' for help at any prompt)
sd0>a
partition to add: [a]
offset: [64]
size: [104857536]
FS type: [4.2BSD]
mount point: [none] /
8. Once the drive has been built and mounted utilize the p command to review the disk. When satisfied use 'q' to quit
and write label
sd0*> p
sd0*> q
Write new label?: [y]
9. Install the sets utilizing the below information
Let's install the sets!
Location of sets? (cd0 disk http nfs or 'done') [http]
HTTP proxy URL? (e.g. 'http://proxy:8080' or 'none') [none]
HTTP Server? (hostname, list#, 'done' or '?') [ftp.usa.openbsd.org]
Server directory? [pub/OpenBSD/7.4/amd64]
10. Next select sets. Upon initial population all sets will be selected. Use the -all command to unselect all and type
the desired set names and reboot the instance
Select sets by entering a set name, a file name pattern or 'all'.
Set name(s)? (or 'abort' or 'done') [done] -all
Set name(s)? (or 'abort' or 'done') [done] bsd bsd.rd base74.tgz bsd.mp man74.tgz
name(s)? (or 'abort' or 'done') [done]
Locations of sets? (cd0 disk http nfs or 'done') [done]
Exit to (S)hell, (H)alt or (R)eboot? [reboot]
Install Cloud init
In order for the machine to interact with American Cloud CMP cloud-init is required. Below are the necessary
requirements.
1. Install python using 'pkg_add python git`.
2. When prompted, choose option 3: python-3.10.13
vm-play-w-9b186d# pkg_add python git
quirks-6.160 signed on 2023-12-14T11:48:02Z
Ambiguous: choose package for python
a 0: <None>
1: python-2.7.18p11
2: python-3.9.18
3: python-3.10.13
4: python-3.11.5
Your choice:
3. Clone cloud-init using git clone https://github.com/canonical/cloud-init.git
4. Navigate to the cloud-init directory using cd cloud-init/
5. Using ./tools/build-on-openbsd install the tools within the cloud-init directory
6. Install the preferred editor using pkg_add vim or pkg_add nano
7. Edit the rc.local file by running vim /etc/rc.local and inserting the below code under line number two. Also,
comment out or remove the /usr/local/lib/cloud-init/ds-identify
rm -f var/run/.instance-id
rm -f var/run/instance-data
#/usr/local/lib/cloud-init/ds-identify
8. Edit the cloud.cfg file using the command vim /etc/cloud/cloud.cfg to match the below. Ensure to add the
datasource_list.
# The modules that run in the 'init' stage
datasource_list: [ CloudStack ]
datasource:
CloudStack: {}
None: {}
# The modules that run in the 'init' stage
cloud_init_modules:
- seed_random
- bootcmd
- write_files
- [set_hostname, always]
- update_hostname
- update_etc_hosts
- ca_certs
- rsyslog
- users_groups
- ssh
# The modules that run in the 'config' stage
cloud_config_modules:
- ssh_import_id
- keyboard
- locale
- [set_passwords, always]
- ntp
- timezone
- disable_ec2_metadata
- [runcmd, always]
# System and/or distro specific settings
# (not accessible to handlers/transforms)
system_info:
# This will affect which distro class gets used
distro: openbsd
# Default user name + that default users groups (if added/used)
default_user:
name: cloud
lock_passwd: False
gecos: cloud
groups: [sudo, wheel]
doas:
- permit nopass cloud
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/ksh
network:
renderers: ['openbsd']
9. Reboot the system
The instance can now be managed completely using the American Cloud CMP. This can be tested by changing hostname or
password.
