Blog

sha256: 2b87a252a3d912530dd8c20df6bee7f6cbc4ede0074fdf217e318aab39d9736c

Openbsd upgrade 6.6

OpenBSD

OpenBSD 6.6 is released today. here is my upgrade procedure:

run sysmerge

reboot

run script:

#!/bin/sh

# be nice and verbose
e() {
  echo "\n$1 **"
}

e "** vars"
_mydir=$(pwd)

e "** build base urls"
_path_base=https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/
_path_pkg=https://cdn.openbsd.org/pub/OpenBSD/6.6/packages/amd64/
echo "_path_base: ${_path_base}"
echo "_path_pkg: ${_path_pkg}"

e "** make all devices"
cd /dev
./MAKEDEV all || exit 1

e "** cd /tmp"
cd /tmp

e "** install boot loader"
_boot=$(mount |awk -F'[/ ]' '/ on \/ / {print $3}')
installboot ${_boot%?}

e "** hash new Kernel"

 
Any Comments ?
 


sha256 -h /var/db/kernel.SHA256 /bsd

e "** export URL for pkg upgrade"
echo "export PKG_PATH=${_path_pkg}"
export PKG_PATH="${_path_pkg}"

e "** run sysmerge"
sysmerge

e "** run fw update"
fw_update -v

e "** run pkg update"
pkg_add -Vu

e "** index new man pages"
makewhatis

e "** Update Acme Client API"
sed -i s'/acme-v01.api.letsencrypt.org/acme-v02.api.letsencrypt.org/' /etc/acme-client.conf

e "** files to remove"
  rm -f /usr/share/man/man3p/carp.3p \
        /usr/share/man/man3p/Tie::ExtraHash.3p \
        /usr/share/man/man3p/Tie::StdHash.3p \
        /usr/share/man/man3p/Tie::StdScalar.3p \
        /usr/share/man/man3p/basename.3p \
        /usr/share/man/man3p/cluck.3p \
        /usr/share/man/man3p/confess.3p \
        /usr/share/man/man3p/croak.3p \
        /usr/share/man/man3p/dirname.3p \
        /usr/share/man/man3p/fileparse.3p \
        /usr/share/man/man3p/getopt.3p \
        /usr/share/man/man3p/getopts.3p \
        /usr/share/man/man3p/inet_aton.3p \
        /usr/share/man/man3p/inet_ntoa.3p \
        /usr/share/man/man3p/longmess.3p \
        /usr/share/man/man3p/look.3p \
        /usr/share/man/man3p/open2.3p \
        /usr/share/man/man3p/open3.3p \
        /usr/share/man/man3p/pod2usage.3p \
        /usr/share/man/man3p/podchecker.3p \
        /usr/share/man/man3p/podselect.3p \
        /usr/share/man/man3p/shortmess.3p \
        /usr/share/man/man3p/sockaddr_in.3p \
        /usr/share/man/man3p/sockaddr_un.3p \
        /usr/share/man/man3p/writemain.3p

  rm -f /usr/sbin/snmpctl \
        /usr/share/man/man8/snmpctl.8

  rm -f /usr/X11R6/lib/pkgconfig/libfs.pc \
        /usr/X11R6/include/X11/fonts/FSlib.h

  rm -rf  /usr/X11R6/share/doc/libFS

  rm -f /usr/X11R6/bin/xman \
        /usr/X11R6/lib/X11/xman.help \
        /usr/X11R6/man/man1/xman.1 \
        /usr/X11R6/share/X11/app-defaults/Xman

  rm -f /usr/X11R6/bin/xman \
        /usr/X11R6/lib/X11/xman.help \
        /usr/X11R6/man/man1/xman.1 \
        /usr/X11R6/share/X11/app-defaults/Xman \
        /usr/X11R6/lib/pkgconfig/libfs.pc \
        /usr/X11R6/lib/modules/v10002d.uc \
        /usr/X11R6/lib/modules/v20002d.uc \
        /usr/X11R6/lib/modules/drivers/ark_drv.la \
        /usr/X11R6/lib/modules/drivers/ark_drv.so \
        /usr/X11R6/lib/modules/drivers/chips_drv.la \
        /usr/X11R6/lib/modules/drivers/chips_drv.so \
        /usr/X11R6/lib/modules/drivers/glint_drv.la \
        /usr/X11R6/lib/modules/drivers/glint_drv.so \
        /usr/X11R6/lib/modules/drivers/i128_drv.la \
        /usr/X11R6/lib/modules/drivers/i128_drv.so \
        /usr/X11R6/lib/modules/drivers/neomagic_drv.la \
        /usr/X11R6/lib/modules/drivers/neomagic_drv.so \
        /usr/X11R6/lib/modules/drivers/rendition_drv.la \
        /usr/X11R6/lib/modules/drivers/rendition_drv.so \
        /usr/X11R6/lib/modules/drivers/s3_drv.la \
        /usr/X11R6/lib/modules/drivers/s3_drv.so \
        /usr/X11R6/lib/modules/drivers/s3virge_drv.la \
        /usr/X11R6/lib/modules/drivers/s3virge_drv.so \
        /usr/X11R6/lib/modules/drivers/sis_drv.la \
        /usr/X11R6/lib/modules/drivers/sis_drv.so \
        /usr/X11R6/lib/modules/drivers/tdfx_drv.la \
        /usr/X11R6/lib/modules/drivers/tdfx_drv.so \
        /usr/X11R6/lib/modules/drivers/trident_drv.la \
        /usr/X11R6/lib/modules/drivers/trident_drv.so \
        /usr/X11R6/lib/modules/drivers/tseng_drv.la \
        /usr/X11R6/lib/modules/drivers/tseng_drv.so \
        /usr/X11R6/man/man4/chips.4 \
        /usr/X11R6/man/man4/glint.4 \
        /usr/X11R6/man/man4/i128.4 \
        /usr/X11R6/man/man4/neomagic.4 \
        /usr/X11R6/man/man4/rendition.4 \
        /usr/X11R6/man/man4/s3.4 \
        /usr/X11R6/man/man4/s3virge.4 \
        /usr/X11R6/man/man4/sis.4 \
        /usr/X11R6/man/man4/tdfx.4 \
        /usr/X11R6/man/man4/trident.4 \
        /usr/X11R6/man/man4/tseng.4 \
        /usr/X11R6/man/man3/XkbAllocGeomOverlayKey.3

  rm -f /usr/X11R6/include/X11/fonts/FSlib.h \
        /usr/include/dev/ic/dwc_gmac_reg.h \
        /usr/include/dev/ic/dwc_gmac_var.h \
        /usr/include/llvm/Analysis/IndirectCallSiteVisitor.h \
        /usr/include/llvm/CodeGen/GCs.h \
        /usr/include/llvm/DebugInfo/PDB/Native/NativeBuiltinSymbol.h \
        /usr/include/llvm/DebugInfo/PDB/Native/NativeEnumSymbol.h \
        /usr/include/llvm/IR/TypeBuilder.h \
        /usr/include/llvm/Transforms/Utils/OrderedInstructions.h

  rm -f /usr/share/man/man1/clang++.1 \
        /usr/share/man/man1/clang-cpp.1 \
        /usr/share/man/man1/diagnostics.1 \
        /usr/share/man/man3/SipHash24.3 \
        /usr/share/man/man3/bitstring.3 \
        /usr/share/man/man3/byteorder.3 \
        /usr/share/man/man3/directory.3 \
        /usr/share/man/man3/ethers.3 \
        /usr/share/man/man3/exec.3 \
        /usr/share/man/man3/fts.3 \
        /usr/share/man/man3/getcap.3 \
        /usr/share/man/man3/inet_net.3 \
        /usr/share/man/man3/md5.3 \
        /usr/share/man/man3/pcap-filter.3 \
        /usr/share/man/man3/pcap.3 \
        /usr/share/man/man3/pwcache.3 \
        /usr/share/man/man3/resolver.3 \
        /usr/share/man/man3/rmd160.3 \
        /usr/share/man/man3/sha1.3 \
        /usr/share/man/man3/sha2.3 \
        /usr/share/man/man3/stdarg.3 \
        /usr/share/man/man3/uucplock.3 \
        /usr/share/man/man3/uuid.3 \
        /usr/share/man/man3/ypclnt.3 \
        /usr/share/man/man4/i386/vmm.4 \
        /usr/share/man/man4/macppc/openprom.4 \
        /usr/share/man/man4/sparc64/openprom.4

e "** remove myself"
cd ${_mydir}
rm $0

e "** done !"
Any Comments ?

sha256: 2bb8d98fff6c458bd85b32a50afb0c31b65a2cd8a0599fdc891b567334464552

How to Create Bootable USB Stick for OpenBSD

OpenBSD

Download “install66.fs”

Open balenaEtcher on OSX

Proceed

-> seems not to work :(

build USB Stick with DD

mount
/dev/disk4s1 on /Volumes/Ohne Titel (hfs, local, nodev, nosuid, journaled, noowners)

Open DiskUtils

Unmount “Ohne Titel”

DD

osx$ sudo dd if=install66.fs of=/dev/disk4s1 bs=1m

wait 10min

done

Any Comments ?

sha256: 82aedd94540efdd5f343399a0d3d67cab01c64cb5ee70f441427fd5cbfa136da

OpenBSD 6.x Diskusage

OpenBSD

How much Disk is used with Default Partitioning

puffy66# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a     1005M   96.1M    858M    10%    /
/dev/sd0k      9.6G    2.0K    9.1G     0%    /home
/dev/sd0d      1.8G   12.0K    1.7G     0%    /tmp
/dev/sd0f      2.5G    955M    1.4G    39%    /usr
/dev/sd0g     1005M    202M    752M    21%    /usr/X11R6
/dev/sd0h      4.2G    218K    3.9G     0%    /usr/local
/dev/sd0j      5.8G    2.0K    5.5G     0%    /usr/obj
/dev/sd0i      1.7G    2.0K    1.6G     0%    /usr/src
/dev/sd0e      2.8G    5.9M    2.7G     0%    /var

Example with 32 GB

puffy66# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G   96.1M    3.6G     3%    /
/dev/sd0g      7.8G    2.0K    7.4G     0%    /home
/dev/sd0d      2.0G   12.0K    1.9G     0%    /tmp
/dev/sd0f      7.9G    1.1G    6.4G    15%    /usr
/dev/sd0e      7.9G    5.9M    7.5G     0%    /var

Partition Proposal for 16GB

/dev/sd0a 2G  /
/dev/sd0b 1G  swap
/dev/sd0d 1G  /tmp
/dev/sd0e 4G  /var
/dev/sd0f 4G  /usr
/dev/sd0g 4G  /home

Partition Proposal for 20GB

/dev/sd0a 2G  /
/dev/sd0b 1G  swap
/dev/sd0d 1G  /tmp
/dev/sd0e 6G  /var
/dev/sd0f 6G  /usr
/dev/sd0g 4G  /home

Partition Proposal for 32GB

/dev/sd0a 4G  /
/dev/sd0b 2G  swap
/dev/sd0d 2G  /tmp
/dev/sd0e 8G  /var
/dev/sd0f 8G  /usr
/dev/sd0g 8G  /home

Partition Proposal for 64GB

/dev/sd0a 4G  /
/dev/sd0b 2G  swap
/dev/sd0d 2G  /tmp
/dev/sd0e 8G  /var
/dev/sd0f 8G  /usr
/dev/sd0g 8G  /home
/dev/sd0h 32G /data

Templates APU 16GB

cat << 'EOF' > autodisklabel
/       2G
swap    0.5G
/tmp    1G
/usr    4G
/var    4G
/home   4G
EOF

Templates APU 120GB

cat << 'EOF' > autodisklabel
/       4G
swap    4G
/tmp    4G
/usr    8G
/var    8G
/home   16G
/data   64G
EOF

Quick and Dirty APU 120GB

a 4G /root
a 4G swap
a 4G /tmp
a 8G /usr
a 8G /home
a *  /var

-> which results in:

apu-120GB# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G   75.0M    3.6G     2%    /
/dev/sd0f      7.8G    2.0K    7.4G     0%    /home
/dev/sd0d      3.9G   16.0K    3.7G     0%    /tmp
/dev/sd0e      7.8G    1.2G    6.1G    17%    /usr
/dev/sd0g     81.1G    7.0M   77.1G     0%    /var
Any Comments ?

sha256: 8b0fa0f79f422c4d4ed8eb1ee67cda1d67470ff8aec34f18bb7715b6ea4291f0

BasicAuthentication with Nginx

Web

NOT YET WORKING …

Install NGINX

pkg_add -v nginx

rcctl enable nginx
rcctl restart nginx

Enable BasicAuth

server {
    ...
    auth_basic           "Administrator’s Area";
    auth_basic_user_file conf/htpasswd;

    location /public/ {
        auth_basic off;
    }
}

Create File and User

htpasswd -c /etc/apache2/.htpasswd user1

Restart Service

rcctl restart nginx

Source

https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/

Any Comments ?

sha256: b0311dad9186b4e2f8cd9730688c8e75c09a3ff687259cccc132810a706cb2f6

BasicAuthentication with httpd

Web

Enable Auth

server "default" {
  listen on * port 80
  authenticate "secure area" with "/htpasswd.conf"
}

create htpasswd file

htpasswd /var/www/htpasswd.conf user-x
Password:
Retype Password:

chown www /var/www/htpasswd.conf
chmod 600 /var/www/htpasswd.conf

Restart Service

rcctl restart httpd
Any Comments ?

sha256: b934f5b05de5100f7a6f13e4e93003740ca9704b37a4302abe51f0b8d9a1f7b3

how to create a bootable usb stick for catalina (MacOS 10.15)

Blog

stick: 16 GB

format with GUID, name it USB

cli: sudo /Applications/Install\ macOS\ Catalina.app/Contents/Resources/createinstallmedia –volume /Volumes/USB/ –nointeraction

wait about 20min

Any Comments ?

sha256: 01b5e44e316946854669173480af11682adf6a20f659711acf203473a601d253

how to move on the cli

OpenBSD

Any Comments ?

sha256: 92b20e0a803b2e3c9a987fe89c259ac9bd069b22732d93f80d0626fae15e733b

Ansible tricks

Blog

Show Hostvars

ansible -m debug -a "var=hostvars['puffy']" localhost

Build Encrypted Variable

echo -n 'letmein' | ansible-vault encrypt_string --stdin-name 'vault_my_var'
vault_my_var: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          31366161316337383034303536623932613436333530333435366132383637643366333931663732
          3761653137313030323036336435633134663861313939380a663939393263383934323864663265
          34353632646137356535323536643565616561376133313936313763386164333234663233643561
          6364396632663133380a356132343239386632356562333538633236646665653531333438653165
          6465

Ansible Loops Overview

https://chromatichq.com/blog/untangling-ansibles-loops

Anstom Log

Source: https://github.com/octplane/ansible_stdout_compact_logger/commit/d8effb3c85d1b9364d3efab9360f8470bc76fc26

Any Comments ?

sha256: eeb8c85d2b71a4b18ec1d57d131234a75ecfd47c140a6bba3a058c6a68da5bc1

Multicast

OpenBSD

/etc/mrouted.conf

name LOCAL 239.255.0.0/16
phyint em1 disable

forward multicast

sysctl.conf
net.inet.ip.mforwarding=1

enable and start Service

rcctl enable multicast
rcctl start multicast
rcctl enable mrouted
rcctl start mrouted

useful commands

netstat -g
map-mbone
mrinfo
mtrace

https://felix-kling.de/blog/2019/sonos-dedicated-vlan.html

Any Comments ?

sha256: 8f43d20c9f3186346dfab5fb16a3de63b780d414c608ce12f0d096089fbf9642

Dualstack

OpenBSD

DualStack & Prefix Delegation with OpenBSD

OS: OpenBSD 6.5

Hint: wide-dhcpv6-20080615p9 was not working fine. So, i gave a try with dhcpcd

Install Package

pkg_add dhcpcd-7.1.1p4

Configure dhcpcd

/etc/dhcpcd.conf
ipv6only
noipv6rs
duid
persistent
option rapid_commit
require dhcp_server_identifier

# disable running any hooks; not typically required for simple DHCPv6-PD setup
script ""

# List interfaces explicitly so that dhcpcd doesn't touch others
allowinterfaces em1 vlan108 vlan110 vlan112

interface em1
    # the following two lines tell dhcpcd to do router solicitation
    # itself. don't use them if using "inet6 autoconf" (slaacd)
    ipv6rs
    ia_na 1

    # request prefixes from the provider to use for downstream networks
    ia_pd 2 vlan108/1 vlan110/2 vlan112/3

Enable and Start Service

rcctl enable dhcpcd
rcctl restart dhcpcd

You sould now get a ip address on your public interface. adjust the pf.conf accordingly for ipv6 !