Skip to content

Instantly share code, notes, and snippets.

@dch

dch/README.md Secret

Last active December 30, 2016 23:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dch/4e22f086b1b1375442a1 to your computer and use it in GitHub Desktop.
Save dch/4e22f086b1b1375442a1 to your computer and use it in GitHub Desktop.
Download ZIP
FreeBSD config for wintermute & gcloud
Raw
README.md

rescue

rescue_wintermute
sleep 10
while true ; do ssh root@wintermute.skunkwerks.at -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null ; sleep 2; done
#enter password from rescue_wintermute
alias l='/bin/ls -aFGhl'
mkdir -m 0700 /root/.ssh
fetch -o /root/.ssh/authorized_keys http://home.apache.org/~dch/authorized_keys
chmod 0400 /root/.ssh/authorized_keys

wipe & set up mfsbsd

zpool export tank || zpool export tub
destroygeom -d ada0 -d ada1
set IMAGE=mfsbsd-se-10.1-RELEASE-amd64.img
set URL=http://people.apache.org/~dch/dist/$IMAGE
set URL=http://mfsbsd.vx.sk/files/images/10/amd64/$IMAGE
cd /tmp && fetch $URL
md5  $IMAGE | \
  grep e3ef2b767333fc75ea9ee38752130978 && echo md5 OK && \
  dd if=$IMAGE of=/dev/ada0 bs=64k && \
  dd if=$IMAGE of=/dev/ada1 bs=64k && \
reboot
# patience

install FreeBSD

in hetzner's own rescue disk, the shell is bash, not csh. Remove 'set ...' if needed.

set CONFIGS=http://people.apache.org/~dch/configs
# pick your flavour
## DIST=http://ftp.de.freebsd.org/pub/FreeBSD/snapshots/amd64/amd64/9.3-STABLE/
set DIST=http://ftp.de.freebsd.org/pub/FreeBSD/releases/amd64/10.1-RELEASE/
set DIST=http://ftp.de.freebsd.org/pub/FreeBSD/snapshots/amd64/11.0-CURRENT/
set DIST=http://wintermute.skunkwerks.at/pub/FreeBSD/snapshots/amd64/amd64/12.0-CURRENT/
# get updated zfsinstall script with extra PCBSD filesystems and additional zpool v5000 support
fetch --no-verify-peer -o /root/bin/zfsinstall http://git.io/vMLAx
# boom!
zpool export tank || zpool export tub
destroygeom -d ada0 -d ada1
# write 64MB of zeros to both ends of the drive to stop zfs/zpools getting confused
dd if=/dev/zero of=/dev/ada0 bs=64k conv=sync seek=30392593 &
dd if=/dev/zero of=/dev/ada0 bs=64k conv=sync count=1048576 &

# recover missing geom_nop.ko
mkdir /boot/kernel/
cd / && tar xf /nfs/mfsbsd/10.1-release-amd64.tbz boot/kernel/geom_nop.ko 
kldload geom_nop

zfsinstall -d ada0 -d ada1 -r mirror -p zroot -s 4G -c -a -n -u $DIST
set SNAP=zroot@`date -u "+%Y%m%d-%H%M"`:post-zfsinstall
zfs snapshot -r $SNAP
zfs send -vR $SNAP | xz -ze9v > /tmp/$SNAP.zfs.xz

pre-chroot tweaks

## set HOST=wintermute
set HOST=gce
mkdir -p /mnt/usr/local/etc
cd /tmp
# additional packages as required
fetch $DIST/src.txz
fetch $DIST/ports.txz
fetch $DIST/doc.txz
tar xzf doc.txz -C /mnt/
tar xzf src.txz -C /mnt/
tar xzf ports.txz -C /mnt/

# config
fetch -o /mnt/etc/rc.conf $CONFIGS/$HOST/etc/rc.conf
fetch -o /mnt/etc/resolv.conf $CONFIGS/$HOST/etc/resolv.conf
chmod 0644 /mnt/etc/resolv.conf /mnt/etc/rc.conf

# sshd
echo PermitRootLogin yes >> /mnt/etc/ssh/sshd_config
mkdir -m 0700 /mnt/root/.ssh
fetch -o /mnt/root/.ssh/authorized_keys http://people.apache.org/~dch/authorized_keys
chmod 0400 /mnt/root/.ssh/authorized_keys

# change root password for a looong one
chroot /mnt passwd
set SNAP=zroot@`date -u "+%Y%m%d-%H%M"`:post-config
zfs snapshot -r $SNAP
# install pkg & helpful things
chroot /mnt pkg install -y ansible aria2 ca_root_nss curl git \
    signify gnupg httpie iftop jq kc kpcli mosh p7zip panicmail \
    pstree python27 readline rsync sudo the_silver_searcher  \
    tmux tree wget yajl erlang zsh
set SNAP=zroot@`date -u "+%Y%m%d-%H%M"`:post-packages
zfs snapshot -r $SNAP
zfs send -vR $SNAP | xz -ze9v > /mnt/var/tmp/$SNAP.zfs.xz

reboot

upgrade FreeBSD the hacky way

# import zpool and snapshot
zpool import -R /mnt -f zroot
snap=`date -u +%Y%m%d-%H%M`:pre-upgrade
zfs snapshot -r zroot@$snap
snapd="/mnt/.zfs/snapshot/$snap"
# grab new bits
DIST=http://ftp.de.freebsd.org/pub/FreeBSD/releases/amd64/10.1-RELEASE/
cd /tmp
fetch $DIST/base.txz
fetch $DIST/kernel.txz
fetch $DIST/doc.txz
fetch $DIST/games.txz
fetch $DIST/lib32.txz
# update FreeBSD
chflags noschg /mnt/{bin,lib,usr/bin,usr/lib,usr/lib32,sbin,libexec}/*
tar xzf kernel.txz -C /mnt/
tar xzf base.txz -C /mnt/
tar xzf doc.txz -C /mnt/
tar xzf games.txz -C /mnt/
tar xzf lib32.txz -C /mnt/
# transfer config files
cd $snapd/etc
cp -av group master.passwd passwd pwd.db spwd.db /mnt/etc/
cp -av ssh/sshd_config /mnt/etc/ssh/
diff -rq $snapd/etc /mnt/etc
# switch to chroot for packages
mount -t devfs devfs /mnt/dev
chroot /mnt /bin/sh
alias l='/bin/ls -aFGhl'
pkg delete -a
# pkg tool
pkg upgrade
pkg update
pkg clean
# packages
pkg install -v ansible aria2 autoconf automake ca_root_nss curl git gmake gnupg help2man httpie iftop jq kc kpcli m4 mongoose mosh nload ocaml-opam p7zip panicmail pcre pkgconf pstree python27 py27-pygments py27-requests py27-sphinx readline rsync sudo the_silver_searcher thttpd tmux tree vim-lite wget yajl zsh
pkg install erlang rebar couchdb
pkg install btsync
set SNAP=zroot@`date -u "+%Y%m%d-%H%M"`
zfs snapshot -r $SNAP:post-upgrade
exit
zpool export -f zroot
# update efi in freebsd to avoid FAT 8.3 file path weirdness from OSX
mkdir /efi
mount -t msdosfs /dev/....

references

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment