Re: Bootable installation partition on a hard drive?
You could mount a special partition /altroot so you could be prepared in case something wrong happens, and the rest of the disk would be free for your backups. https://www.openbsd.org/faq/faq14.html#altroot El lun., 7 sept. 2020 a las 18:58, Walt () escribió: > ‐‐‐ Original Message ‐‐‐ > On Monday, September 7, 2020 4:48 AM, Stuart Henderson < > s...@spacehopper.org> wrote: > > > On 2020-09-07, tom ryan tomry...@gmail.com wrote: > > > > > On 7/9/20 5:07 pm, Walt wrote: > > > > > > > I have a new server on order that should arrive in a few days. > > > > It's intended purpose is to replace my current firewall. It has no CD > > > > and so I'll make and use a bootable flash drive as described in the > > > > Installation Guide section of the FAQ. > > > > The server will have a second ssd drive and so I got to wondering > > > > if it might be useful to create a bootable partition on the drive and > > > > install the installation on it. > > > > I'm probably not going to do this but I am curious about whether it > > > > would work very well. I'll probably install a second copy of the OS > on > > > > the second drive and mirror all configuration files to it so that if > > > > anything happens to the main drive, I can turn around and boot from > the > > > > second and be up and running almost immediately. > > > > It's possible, but it's a challenge to keep them in sync. > > > > > Maybe you want to just run them in a softraid mirror... > > > https://www.openbsd.org/faq/faq14.html#softraidDI > > > > This helps with some types of problem (drive failure), but doesn't help > > with fat-fingered commands or bad upgrades that periodic or manual syncs > > would protect against. > > > > My suggestions would be to keep the config files in a management system > > of some sort. Whether that's a full-blown config management system like > > ansible/salt, one of the simpler tools like rset, judo, rdist, or even > > just commiting config files directly to a version control repository, > > they will all help get a system back up and running much more quickly. > > Keeping config changes to the minimum necessary helps too of course. > > My primary reason for the second hard drive is to use faubackup to make > copies of /etc and /home to the second hard drive. I will have a 1 TB > drive on the new machine and so I will have plenty of room for an extra > bootable copy of the OS on it. > > Also, I keep copies of all the configuration files in a user directory and > make my changes there instead of /etc and /etc/sshd and then use a makefile > to copy the individual configuration files as necessary to /etc and > elsewhere. This makes it particularly easy to replace one computer with > another with a fresh copy of OpenBSD. > > Walt > > -- Lic. Manuel Solís Vázquez
Re: Bootable installation partition on a hard drive?
‐‐‐ Original Message ‐‐‐ On Monday, September 7, 2020 4:48 AM, Stuart Henderson wrote: > On 2020-09-07, tom ryan tomry...@gmail.com wrote: > > > On 7/9/20 5:07 pm, Walt wrote: > > > > > I have a new server on order that should arrive in a few days. > > > It's intended purpose is to replace my current firewall. It has no CD > > > and so I'll make and use a bootable flash drive as described in the > > > Installation Guide section of the FAQ. > > > The server will have a second ssd drive and so I got to wondering > > > if it might be useful to create a bootable partition on the drive and > > > install the installation on it. > > > I'm probably not going to do this but I am curious about whether it > > > would work very well. I'll probably install a second copy of the OS on > > > the second drive and mirror all configuration files to it so that if > > > anything happens to the main drive, I can turn around and boot from the > > > second and be up and running almost immediately. > > It's possible, but it's a challenge to keep them in sync. > > > Maybe you want to just run them in a softraid mirror... > > https://www.openbsd.org/faq/faq14.html#softraidDI > > This helps with some types of problem (drive failure), but doesn't help > with fat-fingered commands or bad upgrades that periodic or manual syncs > would protect against. > > My suggestions would be to keep the config files in a management system > of some sort. Whether that's a full-blown config management system like > ansible/salt, one of the simpler tools like rset, judo, rdist, or even > just commiting config files directly to a version control repository, > they will all help get a system back up and running much more quickly. > Keeping config changes to the minimum necessary helps too of course. My primary reason for the second hard drive is to use faubackup to make copies of /etc and /home to the second hard drive. I will have a 1 TB drive on the new machine and so I will have plenty of room for an extra bootable copy of the OS on it. Also, I keep copies of all the configuration files in a user directory and make my changes there instead of /etc and /etc/sshd and then use a makefile to copy the individual configuration files as necessary to /etc and elsewhere. This makes it particularly easy to replace one computer with another with a fresh copy of OpenBSD. Walt
Secure storage of config files (was Re: Bootable installation partition on a hard drive?)
On Sep 7, 2020, at 5:48 AM, Stuart Henderson wrote: > > My suggestions would be to keep the config files in a management system > of some sort. Whether that's a full-blown config management system like > ansible/salt, one of the simpler tools like rset, judo, rdist, or even > just commiting config files directly to a version control repository, Folks, Do people have opinions on the best way to securely store sensitive config files in a management system or repo? For instance, the various private keys that live in the various nooks and crannies of /etc. And if they’re stored in encrypted form, what’s the best way to have them decrypted for zero-touch or minimal-touch config restores? —Paul smime.p7s Description: S/MIME cryptographic signature
Re: Bootable installation partition on a hard drive?
On 2020-09-07, tom ryan wrote: > > On 7/9/20 5:07 pm, Walt wrote: >> I have a new server on order that should arrive in a few days. >> It's intended purpose is to replace my current firewall. It has no CD >> and so I'll make and use a bootable flash drive as described in the >> Installation Guide section of the FAQ. >> >> The server will have a second ssd drive and so I got to wondering >> if it might be useful to create a bootable partition on the drive and >> install the installation on it. >> >> I'm probably not going to do this but I am curious about whether it >> would work very well. I'll probably install a second copy of the OS on >> the second drive and mirror all configuration files to it so that if >> anything happens to the main drive, I can turn around and boot from the >> second and be up and running almost immediately. It's possible, but it's a challenge to keep them in sync. > Maybe you want to just run them in a softraid mirror... > > https://www.openbsd.org/faq/faq14.html#softraidDI This helps with some types of problem (drive failure), but doesn't help with fat-fingered commands or bad upgrades that periodic or manual syncs would protect against. My suggestions would be to keep the config files in a management system of some sort. Whether that's a full-blown config management system like ansible/salt, one of the simpler tools like rset, judo, rdist, or even just commiting config files directly to a version control repository, they will all help get a system back up and running much more quickly. Keeping config changes to the minimum necessary helps too of course.
Re: Bootable installation partition on a hard drive?
On 7/9/20 5:07 pm, Walt wrote: > I have a new server on order that should arrive in a few days. It's intended > purpose is to replace my current firewall. It has no CD and so I'll make and > use a bootable flash drive as described in the Installation Guide section of > the FAQ. > > The server will have a second ssd drive and so I got to wondering if it might > be useful to create a bootable partition on the drive and install the > installation on it. > > I'm probably not going to do this but I am curious about whether it would > work very well. I'll probably install a second copy of the OS on the second > drive and mirror all configuration files to it so that if anything happens to > the main drive, I can turn around and boot from the second and be up and > running almost immediately. Maybe you want to just run them in a softraid mirror... https://www.openbsd.org/faq/faq14.html#softraidDI > > Thanks, > > Walt > > Sent with [ProtonMail](https://protonmail.com) Secure Email. >