Customizing an OpenBSD install

One of OpenBSD’s cool fea­tures is the install process itself. It’s fast and customizable.

I often have the need to install iden­ti­cal OpenBSD sys­tems, such as fire­walls or clus­ter mem­bers and the install process makes this extremely easy.

Every file­set that you can choose through the OpenBSD installer is a sim­ple tar­ball that is extracted against the chrooted / of your new sys­tem. What makes the OpenBSD installer exit­ing is that you can roll out your own file­sets in exactly the same manor.

You sim­ply cre­ate a tar­ball called siteXX.tgz, where XX equals the OpenBSD release num­ber that you are try­ing to install, like site41.tgz for OpenBSD 4.1. That tar­ball could con­tain con­fig­u­ra­tion files or other stuff that needs to be changed on a par­tic­u­lar type of machine. The installer under­stands suf­fixes so you can cre­ate tar­balls called site40-firewall.tgz, site41-webserver.tgz or site41-clusternode12.tgz. Upload them to a FTP or HTTP server that you can reach from the machine that you want to install OpenBSD on and once you have reached the point in the install process where you are prompted for addi­tional file­sets you sim­ply tell the installer where to fetch the addi­tional fileset(s).

That’s a pretty nifty fea­ture — but there is more. Once the installer has fin­ished rolling out your tar­ball it looks for an exe­cutable file, install.site or upgrade.site respec­tively, inside the root direc­tory of the newly installed or upgraded machine and exe­cutes that file. You can use them to auto­mat­i­cally install extra soft­ware, add users or update the source tree which makes them an extremely pow­er­ful tool.

Rudi­men­tary backup and restore is another thing that siteXX.tgz files are use­ful for.

I can install a com­plete fire­wall in less then 10 min­utes and toss it into pro­duc­tion with­out the need for any man­ual con­fig­u­ra­tion. That’s impressive.

Once installed, you could use tools like csync2, a very capa­ble clus­ter syn­chro­niza­tion tool, to ensure the con­sis­tency of deployed machines.

No Comments

Leave a Reply

Your email is never shared.Required fields are marked *