System

Sensorsd - UPS Shutdown

OpenBSD

Shutdown Hosts on Power Outages

Everybody is talking about Power Outages. Let’s assume you have a Smart-UPS for your Playground and you’d like to shut some Infrastructure to avoid some troubles with corrupt filesystems, broken vm’s and things like that.

Connection UPS to APU via USB Cable

dmesg show the UPS connected

APU# dmesg
uhidev0 at uhub0 port 3 configuration 1 interface 0 "American Power Conversion Smart-UPS_1500 ...
uhidev0: iclass 3/0, 142 report ids
upd0 at uhidev0
uhid0 at uhidev0 reportid 1: input=0, output=0, feature=1
uhid1 at uhidev0 reportid 2: input=0, output=0, feature=1
...
uhid21 at uhidev0 reportid 142: input=0, output=0, feature=4

Check sysctl

what kind of information do we get from the hardware sensor ?

JC - JSON from CLI

OpenBSD

how to build json from cli

we all like json, do we ? https://kellyjonbrazil.github.io/jc/docs/parsers/ping

add package

doas pkg_add jc

try ping

openbsd-box # ping -c 3 1.1.1.1 |jc --ping -p 2>/dev/null
{
  "destination_ip": "1.1.1.1",
  "data_bytes": 56,
  "pattern": null,
  "destination": "1.1.1.1",
  "packets_transmitted": 3,
  "packets_received": 3,
  "packet_loss_percent": 0.0,
  "duplicates": 0,
  "round_trip_ms_min": 9.219,
  "round_trip_ms_avg": 9.826,
  "round_trip_ms_max": 10.158,
  "round_trip_ms_stddev": 0.43,
  "responses": [
    {
      "type": "reply",
      "bytes": 64,
      "response_ip": "1.1.1.1",
      "icmp_seq": 0,
      "ttl": 59,
      "time_ms": 10.158,
      "duplicate": false
    },
    {
      "type": "reply",
      "bytes": 64,
      "response_ip": "1.1.1.1",
      "icmp_seq": 1,
      "ttl": 59,
      "time_ms": 9.219,
      "duplicate": false
    },
    {
      "type": "reply",
      "bytes": 64,
      "response_ip": "1.1.1.1",
      "icmp_seq": 2,
      "ttl": 59,
      "time_ms": 10.101,
      "duplicate": false
    }
  ]
}

Compatible platforms: linux, darwin, freebsd -> had to redirect the stderr to /dev/null because OpenBSD is not (yet) supported officially…

Ubuntu 20.04 LTS & Netplan

Linux

Assume you got a fresh Machine with DHCP …

Ubuntu with DHCP Config

cat /etc/netplan/01-netcfg.yaml
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens192:
      dhcp4: true
  version: 2

and you’d like to switch to Static IP, ask google how todo it an give try:

Static IP with Netplan

# This is the network config written by 'subiquity'
network:
  version: 2
  ethernets:
    ens192:
      addresses:
      - 1.2.3.4/24
      gateway4: 1.1.1.1
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
        search:
        - world.net

then reboot … and the machine is gone. ok, not really gone, but from IP perspective definitly. it just reboots and come back without default gateway :(

FreeBSD bhyve

FreeBSD

bhyve, pronounced “beehive” is a hypervisor/virtual machine manager for FreeBSD that supports most Intel and AMD processors that report the “POPCNT” (POPulation Count) processor feature in dmesg(8).

Download ISO and boot it

… in a new Virtual Machine …

cat << 'EOF' > run_bhyve.sh
#!/usr/bin/env bash

iso=FreeBSD-13.1-RELEASE-amd64-bootonly.iso
vm=guest.img

# Load Module if needed
kldstat |grep vmm.ko || kldload vmm

ifconfig tap0 create
sysctl net.link.tap.up_on_open=1

ifconfig
ifconfig bridge0 create
ifconfig bridge0 addm vmx0 addm tap0
ifconfig bridge0 create
ifconfig bridge0 up

# Get ISO
test -f $iso || fetch https://download.freebsd.org/releases/amd64/amd64/ISO-IMAGES/13.1/$iso

# Prepare Disk File
test -f $vm || truncate -s 16G $vm

# Boot from ISO
sh /usr/share/examples/bhyve/vmrun.sh -m 1024M -t tap0 -d guest.img -i -I $iso vm001

exit 0
EOF

Set Permission and run it

chmod 700 run_bhyve.sh
./run_bhyve.sh

-> Run Live System or install a brand new System

OpenBSD Compile Custom Kernel

OpenBSD

Let’s Compile a Custom Kernel for OpenBSD … and let’s check if we can tune the Process it with multiple Processors.

get Sources and prepare Custom Kernel

cd /usr/src
ftp https://cdn.openbsd.org/pub/OpenBSD/$(uname -r)/sys.tar.gz
tar xfz sys.tar.gz
rm xfz sys.tar.gz
cd /sys/arch/$(uname -m)/conf
cp GENERIC.MP CUSTOM.MP
config CUSTOM.MP
cd ../compile/CUSTOM.MP

-> with config CUSTOM.MP, you can enable disable Components which will be built into your Custom Kernel. Wlan Drives for a VirtualServer, as example, does not make sense.

FreeBSD - Upgrade 13.0 to 13.1

FreeBSD

Upgrade FreeBSD 13.0 to 13.1

should be a easy task, right ?

Patch it first

freebsd-update fetch
freebsd-update install

reboot

may not needed, but you have to boot anyway a few times …

Fetch and Upgrade to 13.1

this needs some time ! depending on your internet speed, and specially to power and filesystem performance of your machine. 20-30min for a common VM is not unreal :(

time freebsd-update upgrade -r 13.1-RELEASE
time freebsd-update install

Reboot

shutdown -r now

Finish Install

freebsd-update install

Final Reboot

shutdown -r now
Any Comments ?

sha256: f5d56eadc5e7a757d4a2af764da5a0446ebb246ce6ea630b158a53dc3a160996

Bootstrap Debian

Linux

Bootstrapping Debian

a little helper how to generate a Debian Template. This time, it’s a VM Hosted on Vultr

New VM

1 CPU, 1GB RAM, 25GB Disk

upload debian-10.9.0-amd64-netinst.iso
boot from iso
install:      (text based)
lang:         english
country:      switzerland
locale:       US (en_US.UTF-8)
keymap:       Swiss German
nic:          ens3
hostname:     template-25G
domain:       your.domain.de
passwd:       xxxxxxxx
user:         firstname lastname / loginame
passwd:       xxxxxxxx
disk:         Guided - entire disk with LVM - (one partition | separate /home | separate /home, /var and /tmp)
              separate partition for large disks
              one partition for smaller disks
write:        yes
disk:         20GB (for guided partitioning), 5GB for Spare
write:        yes
another dvd:  no
mirror:       switzerland, debian.ethz.ch
survey:       no
software:     SSH Server, standard system utilities
grub:         yes, /dev/sda3

remove iso and reboot

login as user, su to root

mkdir /root/.ssh && chmod 600 /root/.ssh
echo "ssh-ed25519 AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

halt -p
-> snapshot template-debian-25G
Any Comments ?

sha256: 5b87992169bc05b44db33f9e79fa557f81844b871c8a7566d94b8bf11841ad32

Bootstrap OpenBSD with Jail Partition

OpenBSD

Bootstrapping VM

This is similar to the previous Post, but with a small difference.

Here, we add an other Partition /jail with 2GB Size. On this Partition, we remove the nodev & nosuid Flag, so we can use this Partition as Root for some Jailed Users. And last but not least, we fireup a new VM, configure a Jailed User and make it Public Available …

VM with 20G Disk

*** Bootstrap OpenBSD 6.8 ***

Bootstrap OpenBSD

OpenBSD

Bootstrapping VM

It’s always good to have Templates. Isn’t it ? Sometime, with a lot of stuff preconfigured and installed. Sometimes, a fresh install without anything (except syspatches). Here a little Helper, how to Build a OpenBSD Template with 20GB, resp. 40GB Disk Size.

This stuff was tested on www.hetzner.de, so you should be able to reproduce it in a few minutes.

Costs: CX11,  1 CPU, 2 GB RAM, 20 GB Disk, 20TB Traffic -> 2.68 Euro/Month
Costs: CPX11, 2 CPU, 2 GB RAM, 40 GB Disk, 20TB Traffic -> 3.76 Euro/Month

If you create an Account, you can use my sponsor link and we both get “a few bucks” to play with …

Gitolite

OpenBSD, System

You wanna host your own Git Repositories ? Have a look at Gitolite. It does all for you :)

Install GitoLite

pkg_add gitolite

Add git user

root@gitserver ~# adduser -silent
Enter username []: git
Enter full name []: git repo user
Enter shell bash csh git-shell ksh nologin sh [ksh]:
Uid [1001]:
Login group git [git]:
Login group is ``git''. Invite git into other groups: guest no
[no]:
Login class authpf bgpd daemon default pbuild staff unbound
[default]:
Enter password []:
Disable password logins for the user? (y/n) [n]: y

Name:        git
Password:    ****
Fullname:    git repo user
Uid:         1001
Gid:         1001 (git)
Groups:      git
Login Class: default
HOME:        /home/git
Shell:       /bin/ksh
OK? (y/n) [y]: y
Added user ``git''
Add another user? (y/n) [y]: n

Basic Setup

Setup Repo, add your key