Skip to content

Commit

Permalink
Merge pull request #13 from pkorovin/final_steps
Browse files Browse the repository at this point in the history
Final steps
  • Loading branch information
double-p authored Apr 19, 2020
2 parents cfdd920 + 91f3cd1 commit c00a5cf
Show file tree
Hide file tree
Showing 40 changed files with 508 additions and 190 deletions.
3 changes: 0 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,6 @@ Still some mad regexp about how to the find the connected tap(4) interface

If you find something, please use ``make vmb'' and include the log.

## ports(7)
A ports Makefile is under development and might pop up with 6.7 latest.

# Remarks
This is heavily based on https://github.com/m110/packer-builder-hcloud and
https://github.com/prep/packer-builder-vmm
7 changes: 3 additions & 4 deletions builder/openbsd-vmm/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ import (
)

const (
_DISK_QCOW2 = "qcow2"
_DISK_RAW = "raw"
_DISK_QCOW2 = "qcow2"
_DISK_RAW = "raw"
_GENFILES_DEFAULT_EXT = "pkr.in"
)

Expand All @@ -30,7 +30,6 @@ type Config struct {

VMName string `mapstructure:"vm_name" required:"true"`
VMTemplate string `mapstructure:"vm_template" required:"true"` // vmctl -t
Console bool `mapstructure:"console"` // vmctl -c
BootDevice string `mapstructure:"boot_device"` // vmctl -B
Boot string `mapstructure:"boot"` // vmctl -b
CdRom string `mapstructure:"cdrom"` // vmctl -r
Expand All @@ -44,7 +43,7 @@ type Config struct {
UserData string `mapstructure:"user_data"`

GenFilesExtension string `mapstructure:"gen_files_extension"`
GenFilesPattern string `mapstructure:"gen_files_pattern"`
GenFilesPattern string `mapstructure:"gen_files_pattern"`

ctx interpolate.Context
}
Expand Down
2 changes: 0 additions & 2 deletions builder/openbsd-vmm/config.hcl2spec.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions builder/openbsd-vmm/step_gen_files.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func (step *stepGenFiles) Run(ctx context.Context, state multistep.StateBag) mul
return nil
}

matched, err := filepath.Match(GenFilesPattern + "*." + GenFilesExtension, fileinfo.Name())
matched, err := filepath.Match(GenFilesPattern+"*."+GenFilesExtension, fileinfo.Name())

if matched {
lines, err := scanLines(path)
Expand All @@ -77,7 +77,7 @@ func (step *stepGenFiles) Run(ctx context.Context, state multistep.StateBag) mul
return err
}

newfile, err := os.OpenFile(strings.TrimSuffix(path, "." + GenFilesExtension), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
newfile, err := os.OpenFile(strings.TrimSuffix(path, "."+GenFilesExtension), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
state.Put("error", fmt.Errorf("Error writing output file: %s", err))
return err
Expand Down
12 changes: 0 additions & 12 deletions docroot/packer-auto_install-http.conf

This file was deleted.

10 changes: 0 additions & 10 deletions docroot/packer-auto_install-iso.conf

This file was deleted.

40 changes: 0 additions & 40 deletions examples/Makefile.ports

This file was deleted.

47 changes: 47 additions & 0 deletions examples/README.examples
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
To test/use example templates located in packer folder:

1. Configure vmd(8), httpd(8), unbound(8) and pf(4) appropriately.

DNS queries from VMs are redirected using pf(4) to host's unbound(8) which also
serves serves "local." DNS zone. Host's httpd(8) serves OpenBSD installation
files and packages and is available for VMs as at http://openbsd.local.

Both httpd(8) and unbound(8) are configured to listen on vether0 (100.64.0.1/10).

Packer dynamically creates VM instances using parent VM template defined in
vm.conf(5). Example templates use VM "generic" as parent VM template and
"packer_user" as template owner and packer builder account, change it to your
preference.

2. Create directories for ISO images, packer templates, logs and output:

# mkdir /home/_vmd/_iso
# chown -R packer_user /home/_vmd

$ mkdir -p ~/.config/packer
$ mkdir -p ~/.log/packer

and set your environment, see packer.env.sample

3. Download/copy/check required ISO images and installation files to configured
locations.

4. Copy Packer templates to $PACKER_CONFIG_DIR:

$ cp -R packer/* $PACKER_CONFIG_DIR

5. Check templates configuration, change vars where necessary (paths, ssh_user,
etc). Note that common vars are defined/set in $PACKER_CONFIG_DIR/*.hcl files
and symlinked from each template direcrory. OS/build-specific variables are set
in template's pkr.hcl config.

6. Check/edit _http/* autoinstall templates; copy your authorized_keys file
to $PACKER_CONFIG_DIR/_http.

7. Run packer:

$ cd $PACKER_CONFIG_DIR
$ packer build alpine-base
$ packer build centos-base
$ packer build openbsd-base
$ packer build openbsd-dev
2 changes: 2 additions & 0 deletions examples/etc/hostname.vether0.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
inet 100.64.0.1 255.192.0.0 NONE
!ifconfig bridge0 add \$if up
10 changes: 10 additions & 0 deletions examples/etc/httpd.conf.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
server "openbsd.local" {
listen on vether0 port www
log style combined
root "/htdocs/openbsd"
location "/snapshots/amd64/" { directory auto index }
location "/snapshots/packages/amd64/all/" { directory auto index }
location "/snapshots/amd64/SHA256.sig" { no log }
}

types { include "/usr/share/misc/mime.types" }
12 changes: 12 additions & 0 deletions examples/etc/pf.conf.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
vmd_local_prefix = "100.64.0.0/10"
vmd_dns = "100.64.0.1"

set skip on vether0

match out on egress inet from $vmd_local_prefix to any nat-to (egress:0)

pass in quick on tap inet proto tcp from $vmd_local_prefix to any port domain rdr-to $vmd_dns port domain
pass in quick on tap inet proto udp from $vmd_local_prefix to any port domain rdr-to $vmd_dns port domain
pass out

block in log
76 changes: 76 additions & 0 deletions examples/etc/unbound/unbound.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# $OpenBSD: unbound.conf,v 1.19 2019/11/07 15:46:37 sthen Exp $

server:
#interface: 127.0.0.1
#interface: 127.0.0.1@5353 # listen on alternative port
#interface: ::1
#do-ip6: no

# override the default "any" address to send queries; if multiple
# addresses are available, they are used randomly to counter spoofing
#outgoing-interface: 192.0.2.1
#outgoing-interface: 2001:db8::53

access-control: 0.0.0.0/0 refuse
access-control: 127.0.0.0/8 allow
access-control: ::0/0 refuse
access-control: ::1 allow

hide-identity: yes
hide-version: yes

# Perform DNSSEC validation. Comment out the below option to disable.
#
auto-trust-anchor-file: "/var/unbound/db/root.key"
val-log-level: 2

# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
# https://tools.ietf.org/html/rfc8198
#
aggressive-nsec: yes

include: "/var/unbound/etc/unbound.conf.local"

# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.
#
#local-zone: "local." static
#local-data: "mycomputer.local. IN A 192.0.2.51"
#local-zone: "2.0.192.in-addr.arpa." static
#local-data-ptr: "192.0.2.51 mycomputer.local"

# UDP EDNS reassembly buffer advertised to peers. Default 4096.
# May need lowering on broken networks with fragmentation/MTU issues,
# particularly if validating DNSSEC.
#
#edns-buffer-size: 1480

# Use TCP for "forward-zone" requests. Useful if you are making
# DNS requests over an SSH port forwarding.
#
#tcp-upstream: yes

# CA Certificates used for forward-tls-upstream (RFC7858) hostname
# verification. Since it's outside the chroot it is only loaded at
# startup and thus cannot be changed via a reload.
#tls-cert-bundle: "/etc/ssl/cert.pem"

remote-control:
control-enable: yes
control-interface: /var/run/unbound.sock

# Use an upstream forwarder (recursive resolver) for some or all zones.
#
#forward-zone:
# name: "." # use for ALL queries
# forward-addr: 192.0.2.53 # example address only
# forward-first: yes # try direct if forwarder fails

# Use an upstream DNS-over-TLS forwarder and do not fall back to cleartext
# if that fails.
#forward-zone:
# name: "."
# forward-tls-upstream: yes # use DNS-over-TLS forwarder
# forward-first: no # do NOT send direct
# # the hostname after "#" is not a comment, it is used for TLS checks:
# forward-addr: 192.0.2.53@853#resolver.hostname.example
14 changes: 14 additions & 0 deletions examples/etc/unbound/unbound.conf.local
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
interface: 100.64.0.1
access-control: 100.64.0.0/10 allow

private-address: 10.0.0.0/8
private-address: 100.64.0.0/10
private-address: 172.16.0.0/12
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: fd00::/8
private-address: fe80::/10

private-domain: "local"
local-zone: "local." static
include: "/var/unbound/etc/zone.local"
2 changes: 2 additions & 0 deletions examples/etc/unbound/zone.local
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
local-data: "openbsd.local. IN A 100.64.0.1"
local-data: "dev.local. IN A 100.64.0.100"
18 changes: 18 additions & 0 deletions examples/etc/vm.conf.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
switch "local" {
interface bridge0
}

vm generic {
disable
owner packer_user
allow instance { boot, cdrom, disk, instance, interface, memory }
memory 1G
disk /dev/null
}

#vm generic instance dev {
# disable
# memory 4G
# disk /home/_vmd/openbsd-dev.qcow2
# interface tap { switch "local" }
#}
26 changes: 0 additions & 26 deletions examples/openbsd-nonauto.json

This file was deleted.

20 changes: 0 additions & 20 deletions examples/openbsd.json

This file was deleted.

Loading

0 comments on commit c00a5cf

Please sign in to comment.