loading...
Cover image for Custom OpenBSD Droplet on DigitalOcean

Custom OpenBSD Droplet on DigitalOcean

nabbisen profile image Heddi Nabbisen Updated on ・2 min read

* The cover image is originally by KevinYi and edited with great appreciation.

Summary

Hi : )
This post shows how to create OpenBSD droplet in DigitalOcean.

The process is simple and small:

  1. DigitalOcean Panel
    • Create FreeBSD drolpet with SSH login enabled.
  2. SSH
    • Download OS image.
    • Write it into the storage.
  3. DigitalOcean Droplet Console
    • Reboot and run the installer.

The detailed steps are below.

✿ ✿ ✿

Preparation

DigitalOcean Panel

First of all, (sign up as needed and) sign in DigitalOcean.

Then, create FreeBSD droplet in the menu of DigitalOcean: "Create Droplets".

* Note: Both ufs and zfs are acceptable.

Remember to set up "Add your SSH keys".
Besides, we can generate the key via command line like this:

$ ssh-keygen -t rsa -C "%YOUR-EMAIL-ADDRESS%"

SSH

Connect to the droplet as root or superusers with SSH client:

$ ssh -i ~/.ssh/%id_rsa% root@%YOUR-HOST%

Download the installer image as minirootXX.fs file:

# fetch https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/miniroot65.fs
miniroot65.fs                                 100% of 4800 kB   35 MBps 00m00s

Then, stop swap:

# # case ufs:
# swapoff /dev/gpt/swap
# # case zfs:
# swapoff /dev/gpt/swap0

Also, stop geom debugging in order to enable writing data into storage:

# sysctl kern.geom.debugflags=0x10
kern.geom.debugflags: 0 -> 16

Write the installer image into the storage:

# dd if=miniroot65.fs of=/dev/vtbd0 bs=512k
9+1 records in
9+1 records out
4915200 bytes transferred in 0.032766 secs (150008149 bytes/sec)

Are you ready to "Access console"?
Click this button to start DigitalOcean console:

panel image

Keep it open.

OK. Let's reboot the virtual machine.
Type this in your ssh session:

# reboot

Now, ssh is finished.
Switch to DigitalOcean console.

Installation

DigitalOcean Droplet Console

Wait for the boot completion with DigitalOcean console open.
The OpenBSD installer will ask you which option to choose clearly as usual!

console image

* Tip: Choosing shell instead of install or autoinstall enables us to apply full disk encryption.
In order to do so, run the command like this (Excerpt) on the shell:
bioctl -c C -l /dev/sd0a softraid0
Run install afterwards.

When configuring networking with the installer, you need to use the value of "PUBLIC IP ADDRESS"/"GATEWAY"/"NETMASK" at the bottom of the console instead of DHCP and so on:

  • IPv4 address for vio0? = "PUBLIC IP ADDRESS"
  • Netmask for vio0? = "NETMASK"
  • Default IPv4 Route = "GATEWAY"
  • DNS nameservers: 8.8.8.8 8.8.4.4 (For example)

You will get location of sets via http.

After all of the installation are finished and the virtual machine is rebooted, you would say "Hello, OpenBSD":

finished

✿ ✿ ✿

I wish you enjoy happy computing with OpenBSD on DigitalOcean, the cool system and the cool service : )

Posted on Mar 6 '19 by:

nabbisen profile

Heddi Nabbisen

@nabbisen

An ICT designer/developer and a security monk. "With a cool brain and a warm heart", I am challenging unsolved problems in our society. I use OpenBSD/Rust/etc.

Discussion

markdown guide
 

How do you mitigate the crypto password upon reboot when you cant access the web console?

 

Hi, 0x746461,
I have checked the detail.
This is why I didn't have to enter the password to reboot the virtual machine.

I did twice; One is after running dd if=miniroot??.fs of=/dev/vtbd0 bs=512k. The other is after installation of OpenBSD.

  1. As to the former, I used ssh connection with client certification. This session started when running ssh -i ~/.ssh/%id_rsa% root@%YOUR-HOST% above. Additionally, DigitalOcean console is open then. (Well, I updated my post about it.)
  2. As to the latter, I used DigitalOcean console and just followed the installer.

I hope this would be the answer to your question.

 

Hi, 0x746461.
Thank you for your question.
Excuse me, but would you tell me in which part of my tutorial you have trouble?
You can't click or run "Access console" to reboot the virtual machine?

 

I didnt say I had a problem with the tutorial. I was wondering how you mitigate the necessity of having access to the console of the virtual machine to enter the password to unlock the disk upon every reboot.

Thank you for your detail.
I'll check it this week or next week!