Menú principal

OpenBSD 5.0 en KVM

20 Jun
Published by antonio.hernandez in

Este documento es una guía para la instalación de OpenBSD 5.0 en una máquina virtual usando KVM. La instalación de OpenBSD la haré a través del puerto serial lo que implica que la presente guía requiere de unos cuantos pasos más para su terminación en comparación con una instalación local.

La forma en que se llevará a cabo la instalación obliga a instalar los demás programas/librerias (ports) de OpenBSD desde la red, al respecto se hará uso de una red virtual con la ayuda de vde2. Recomiendo la lectura de Init script para crear un swith virtual de vde2 ya que realizo este documento a partir de él.

Los programas a usar, serán:

  • Virtual Distributed Ethernet para crear la red virtual.
  • dnsmasq para proveer DHCP y BOOTP en la red virtual.
  • cu para realizar la conexión al puerto serial de la máquina virtual.
  • thttpd para proveer un mirror local de OpenBSD.

La idea se basa en un entorno físico expuesto en la siguiente imagen:

Sin embargo, ya que todo será hecho en un entorno virtual, la siguiente imagen da una idea más clara:

Creando un mirror local de OpenBSD

Para instalar los ports de OpenBSD lo haré mediante un servidor HTTP desde la red virtual por lo tanto se creará una estructura similar a la encontrada en un mirror de OpenBSD. Puede realizarse tal mirror con la ayuda del siguiente shell script:

#!/bin/sh
#
# wget-sets-obsd.sh: Download/Checksums files/sets to create a minimal mirror of
# OpenBSD. Useful for pxe/network installation.
# 
# Copyright (c) 2011 Antonio Hernández Blas <hba.nihilismus@gmail.com>
 
#
#            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
#                    Version 2, December 2004
#
# Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
#
# Everyone is permitted to copy and distribute verbatim or modified
# copies of this license document, and changing it is allowed as long
# as the name is changed.
#
#            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
#   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
#
#  0. You just DO WHAT THE FUCK YOU WANT TO.
#
 
WGET=/usr/bin/wget
SHA256SUM=/usr/bin/sha256sum
 
RWD=/home
TFTP_DIR=$RWD/tftp
WWW_DIR=$RWD/www
 
SOURCE="http://openbsd.mirrors.tds.net"
SOURCE_DIR="pub/OpenBSD"
VERSION=5.0
ARCH=i386
 
VERSION_FILE=$(echo $VERSION | sed 's/\.//')
TFTP_FILES="bsd.rd pxeboot"
 
# These are just the minimal sets to install OpenBSD.
WWW_MINIMAL="bsd bsd.rd bsd.mp \
  base${VERSION_FILE}.tgz \
  etc${VERSION_FILE}.tgz \
  man${VERSION_FILE}.tgz"
 
# For a full installation
WWW_FULL="comp${VERSION_FILE}.tgz \
  game${VERSION_FILE}.tgz \
  xbase${VERSION_FILE}.tgz \
  xetc${VERSION_FILE}.tgz \
  xfont${VERSION_FILE}.tgz \
  xserv${VERSION_FILE}.tgz \
  xshare${VERSION_FILE}.tgz"
 
if [ "$1" = "-a" ]; then
  WWW_FILES="${WWW_MINIMAL} ${WWW_FULL}"
else
  WWW_FILES=${WWW_MINIMAL}
  # Lets fool the OpenBSD installation program :)
  ( cd ${WWW_DIR}/${SOURCE_DIR}/${VERSION}/${ARCH}
    for i in ${WWW_FULL};
    do
      echo touch $i
      touch $i
    done
  ) || exit
fi
 
mkdir -p ${TFTP_DIR} || exit 1
mkdir -p ${WWW_DIR}/${SOURCE_DIR}/${VERSION}/${ARCH} || exit 1
 
# Download the list and sha256sums of files.
( cd ${WWW_DIR}/${SOURCE_DIR}/${VERSION}/${ARCH}
  ${WGET} -c "${SOURCE}/${SOURCE_DIR}/$VERSION/$ARCH/index.txt"
  ${WGET} -c "${SOURCE}/${SOURCE_DIR}/$VERSION/$ARCH/SHA256"
) || exit 1
 
( cd ${TFTP_DIR}
  for i in ${TFTP_FILES};
  do
    ${WGET} -c "${SOURCE}/${SOURCE_DIR}/$VERSION/$ARCH/$i"
    CHECKSUM=$(grep "($i)" ${WWW_DIR}/${SOURCE_DIR}/${VERSION}/${ARCH}/SHA256)
    echo ${CHECKSUM} | ${SHA256SUM} -c - || exit 1
  done
) || exit 1
 
( cd ${WWW_DIR}/${SOURCE_DIR}/${VERSION}/${ARCH}
  for i in ${WWW_FILES};
  do
    ${WGET} -c "${SOURCE}/${SOURCE_DIR}/$VERSION/$ARCH/$i"
    CHECKSUM=$(grep "($i)" ${WWW_DIR}/${SOURCE_DIR}/${VERSION}/${ARCH}/SHA256)
    echo ${CHECKSUM} | ${SHA256SUM} -c - || exit 1
  done
) || exit 1

Ejecuta dicho script y obtendrás la siguiente estructura de directorios y contenido:

root@localhost:~# tree /home/tftp/ /home/www/pub/
/home/tftp/
|-- bsd.rd
`-- pxeboot
/home/www/pub/
`-- OpenBSD
    `-- 5.0
        `-- i386
            |-- SHA256
            |-- base50.tgz
            |-- bsd
            |-- bsd.mp
            |-- bsd.rd
            |-- comp50.tgz
            |-- etc50.tgz
            |-- game50.tgz
            |-- index.txt
            |-- man50.tgz
            |-- xbase50.tgz
            |-- xetc50.tgz
            |-- xfont50.tgz
            |-- xserv50.tgz
            `-- xshare50.tgz
 
3 directories, 17 files

Nota que dicho script solo bajará los sets requeridos para una instalación mínima de OpenBSD, si quieres descargar todos los sets ejecuta lo con la opción -a.

Para poner en red el mirror ejecuta:

root@localhost:~# cd /home/www
root@localhost:~# thttpd -u root

Y comprueba su estado con un navegador web: http://172.16.16.1

Configuración de PXE

Dentro de /home/tftp creamos el directorio etc, dentro de él un archivo con nombre boot.conf y el siguiente contenido:

<code linenumbers="off> stty com0 19200 set tty com0 set image /bsd.rd

Creando un servidor de DHCP y BOOTP

Creamos un servidor de DHCP y BOOTP en la interfaz virtual usando dnsmasq:

root@localhost:~# dnsmasq 
  --interface=tap0 \
  --listen-address=172.16.16.1 \
  --bind-interfaces \
  --except-interface=lo \
  --dhcp-authoritative \
  --user=nobody --group=nogroup --no-daemon \
  --dhcp-range=172.16.16.2,172.16.16.10,255.0.0.0,172.255.255.255,8h \
  --dhcp-boot=pxeboot \
  --enable-tftp --tftp-root=/home/tftp
 
dnsmasq: started, version 2.57 cachesize 150
dnsmasq: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP IDN
dnsmasq-dhcp: DHCP, IP range 172.16.16.2 -- 172.16.16.10, lease time 8h
dnsmasq-tftp: TFTP root is /home/tftp 
dnsmasq: reading /etc/resolv.conf
dnsmasq: using nameserver 10.0.0.1#53
dnsmasq: read /etc/hosts - 9 addresses

Dejamos en ejecución a dnsmasq en la terminal.

Creando e iniciando la máquina virtual

Creamos un disco duro virtual (openbsd.hd0) de 5G:

usuario@localhost:~$ qemu-img create -f qcow2 openbsd50.hd0 5G
Formatting 'openbsd50.hd0', fmt=qcow2 size=5368709120 encryption=off cluster_size=65536

Iniciamos la máquina virtual conectada al switch virtual con el siguiente comando (importante usar las opciones -serial pty y -boot order=nc):

usuario@localhost:~$ qemu-kvm \
  -smp 2 \
  -m 512 \
  -net nic,model=e1000 \
  -net vde,sock=/var/run/vde_switch1.ctl \
  -hda openbsd50.hd0
  -serial pty \
  -boot order=nc
 
char device redirected to /dev/pts/2

Notaremos que se ha creado /dev/pts/2 como línea de comunicación serial y a su vez hay un mensaje de log en la terminal donde aún se esta ejecutando dnsmasq:

dnsmasq-dhcp: DHCPDISCOVER(tap0) 52:54:00:12:34:56
dnsmasq-dhcp: DHCPOFFER(tap0) 172.16.16.5 52:54:00:12:34:56
dnsmasq-dhcp: DHCPDISCOVER(tap0) 52:54:00:12:34:56
dnsmasq-dhcp: DHCPOFFER(tap0) 172.16.16.5 52:54:00:12:34:56
dnsmasq-dhcp: DHCPREQUEST(tap0) 172.16.16.5 52:54:00:12:34:56
dnsmasq-dhcp: DHCPACK(tap0) 172.16.16.5 52:54:00:12:34:56
...
dnsmasq-tftp: sent /home/tftp/pxeboot to 172.16.16.5
dnsmasq-tftp: sent /home/tftp/etc/boot.conf to 172.16.16.5
dnsmasq-tftp: sent /home/tftp/bsd.rd to 172.16.16.5

Nos conectamos al puerto serial de la máquina virtual:

usuario@localhost:~$ cu -l /dev/pts/2 -s 19200
>> OpenBSD/i386 PXEBOOT 3.16
boot> 
booting tftp:/bsd.rd: 5961320+946088 [61+228000+215962]=0x702e28
entry point at 0x200120
 
Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2011 OpenBSD. All rights reserved.  http://www.OpenBSD.org
 
OpenBSD 5.0 (RAMDISK_CD) #36: Wed Aug 17 10:27:31 MDT 2011
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: QEMU Virtual CPU version 1.0 ("GenuineIntel" 686-class) 2 GHz
cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16
real mem  = 536076288 (511MB)
avail mem = 520306688 (496MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xff046, SMBIOS rev. 2.4 @ 0xfd900 (11 entries) bios0: vendor Bochs version "Bochs" date 01/01/2007 bios0: Bochs Bochs acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HPET acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat acpiprt0 at acpi0: bus 0 (PCI0) mpbios at bios0 function 0x0 not configured bios0: ROM list: 0xc0000/0x8c00 0xc9000/0xa00 0xca000/0x2400 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: <QEMU HARDDISK> wd0: 16-sector PIO, LBA48, 5120MB, 10485760 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 1.0> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 "Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) em0 at pci0 dev 3 function 0 "Intel PRO/1000MT (82540EM)" rev 0x03: irq 11, address 52:54:00:12:34:56 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: density unknown fd1 at fdc0 drive 1: density unknown softraid0 at root scsibus1 at softraid0: 256 targets PXE boot MAC address 52:54:00:12:34:56, interface em0 root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T   Welcome to the OpenBSD/i386 5.0 installation program.

Instalación de OpenBSD

Welcome to the OpenBSD/i386 5.0 installation program.
(I)nstall, (U)pgrade or (S)hell? I
At any prompt except password prompts you can escape to a shell by
typing '!'. Default answers are shown in []'s and are selected by
pressing RETURN.  You can exit this program at any time by pressing
Control-C, but this can leave your system in an inconsistent state.
 
Terminal type? [vt220] 
System hostname? (short form, e.g. 'foo') openbsd50
 
Available network interfaces are: em0 vlan0.
Which one do you wish to configure? (or 'done') [em0] 
IPv4 address for em0? (or 'dhcp' or 'none') [dhcp] 
Issuing hostname-associated DHCP request for em0.
DHCPDISCOVER on em0 to 255.255.255.255 port 67 interval 1
DHCPOFFER from 172.16.16.1 (b2:fd:0c:9c:4e:01)
DHCPREQUEST on em0 to 255.255.255.255 port 67
DHCPACK from 172.16.16.1 (b2:fd:0c:9c:4e:01)
bound to 172.16.16.5 -- renewal in 14400 seconds.
IPv6 address for em0? (or 'rtsol' or 'none') [none] 
Available network interfaces are: em0 vlan0.
Which one do you wish to configure? (or 'done') [done] 
Using DNS domainname my.domain
Using DNS nameservers at 172.16.16.1
Do you want to do any manual network configuration? [no] 
 
Password for root account? (will not echo) 
Password for root account? (again) 
Start sshd(8) by default? [yes] 
Start ntpd(8) by default? [no] 
Do you expect to run the X Window System? [yes] no
Change the default console to com0? [no] 
Setup a user? (enter a lower-case loginname, or 'no') [no] usuario
Full user name for usuario? [usuario] Antonio Hernández Blas
Password for usuario account? (will not echo) 
Password for usuario account? (again) 
Since you set up a user, disable sshd(8) logins to root? [yes] 
What timezone are you in? ('?' for list) [America/Mexico_City] 
 
Available disks are: wd0.
Which one is the root disk? (or 'done') [wd0] 
Use DUIDs rather than device names in fstab? [yes] 
MBR has invalid signature; not showing it.
Use (W)hole disk or (E)dit the MBR? [whole] 
Setting OpenBSD MBR partition to whole wd0...done.
The auto-allocated layout for wd0 is:

size offset fstype [fsize bsize cpg]

a: 953.9M 64 4.2BSD 2048 16384 1 # / b: 256.0M 1953664 swap
c: 5120.0M 0 unused
d: 3072.0M 2477952 4.2BSD 2048 16384 1 # /usr e: 832.5M 8769408 4.2BSD 2048 16384 1 # /home Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] /dev/rwd0a: 953.9MB in 1953600 sectors of 512 bytes 5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each /dev/rwd0e: 832.5MB in 1704928 sectors of 512 bytes 5 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each /dev/rwd0d: 3072.0MB in 6291456 sectors of 512 bytes 16 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each /dev/wd0a on /mnt type ffs (rw, asynchronous, local) /dev/wd0e on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid) /dev/wd0d on /mnt/usr type ffs (rw, asynchronous, local, nodev)

Durante la instalación el paso más importante es indicar la fuente de los sets a instalar en OpenBSD, recuerda que es una instalación mínima:

Let's install the sets!
Location of sets? (cd disk ftp http or 'done') [cd] http
HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] 
Server? (hostname, list#, 'done' or '?') [ftp5.eu.openbsd.org] 172.16.16.1
Server directory? [pub/OpenBSD/5.0/i386] 
 
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, file name pattern or 'all'. Selected
sets are labelled '[X]'.
    [X] bsd           [X] etc50.tgz     [X] xbase50.tgz   [X] xserv50.tgz
    [X] bsd.rd        [X] comp50.tgz    [X] xetc50.tgz
    [ ] bsd.mp        [X] man50.tgz     [X] xshare50.tgz
    [X] base50.tgz    [X] game50.tgz    [X] xfont50.tgz
Set name(s)? (or 'abort' or 'done') [done] -comp50.tgz -game50.tgz -x*
    [X] bsd           [X] etc50.tgz     [ ] xbase50.tgz   [ ] xserv50.tgz
    [X] bsd.rd        [ ] comp50.tgz    [ ] xetc50.tgz
    [ ] bsd.mp        [X] man50.tgz     [ ] xshare50.tgz
    [X] base50.tgz    [ ] game50.tgz    [ ] xfont50.tgz
Set name(s)? (or 'abort' or 'done') [done] 
bsd          100% |*************************************|  8738 KB    00:00
bsd.rd 100% |*************************************| 6275 KB 00:00
base50.tgz 100% |*************************************| 53906 KB 01:06
etc50.tgz 100% |*************************************| 512 KB 00:03
man50.tgz 100% |*************************************| 9498 KB 00:29
Location of sets? (cd disk ftp http or '
done') [done] Saving configuration files...done. Generating initial host.random file...done. Making all device nodes...done. Install non-free firmware files on first boot? [no]   CONGRATULATIONS! Your OpenBSD install has been successfully completed! To boot the new system, enter 'reboot' at the command prompt. When you login to your new system the first time, please read your mail using the 'mail' command.  

halt

syncing disks... done   The operating system has halted. Please press any key to reboot.

Cerramos la ventana de KVM y reiniciamos la máquina virtual (importante usar -boot c):

usuario@localhost:~$ qemu-kvm \
  -smp 2 \
  -m 512 \
  -net nic,model=e1000 \
  -net vde,sock=/var/run/vde_switch1.ctl \
  -hda openbsd50.hd0
  -boot c

Iniciando sesión por ssh

Si todo ha salido bien hasta el momento podemos inclusive conectarnos a la maquina virtual por la red virtual usando ssh:

usuario@localhost:~$ ssh usuario@172.16.16.5
The authenticity of host '172.16.16.5 (172.16.16.5)' can't be established.
ECDSA key fingerprint is 01:bf:f3:14:93:8e:fd:09:bf:82:8f:7d:40:0e:04:af.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.16.5' (ECDSA) to the list of known hosts.
usuario@172.16.16.5's password: 
Last login: Tue Jun 19 23:58:55 2012
OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
 
Welcome to OpenBSD: The proactively secure Unix-like operating system.
 
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
 
$ uname -a
OpenBSD openbsd50.my.domain 5.0 GENERIC#43 i386
$ 

Referencias