We're in the process of moving our small farm of servers from a managed
provider to unmanaged-provider ServerBeach.com. The difference in price
between the two in terms of monthly costs was huge! My biggest concern
was whether I would be able to remotely build an OpenBSD load-balancing
firewall given they don't have remote-hands technology or support
connecting com0 to one of the other servers we ordered. Fortunately,
ServerBeach offer their RapidRescue technology for remote install of
"unsupported" OSs. RapidRescue is essentially a Linux, ram-disk based
environment similar to what's found in stock bsd.rd, except with sshd
enabled.[1]
To remote install OpenBSD I knew we would have to use a custom bsd.rd
that included sshd enabled by default. A quick search on
<http://marc.info/?l=openbsd-misc&r=1&w=2> returned yaifo (I'd forgotten
the name of the utility) and I was on my way.
I pulled down the latest source from
<http://sourceforge.net/projects/yaifo/> and reviewed the README.
Everything looked pretty simple until I read about configuring the
interfaces in the config file. The new servers have two interfaces. One
with a public IP and the other connected to a private net. I knew I
would have to get my config right to connect to the server.[2] Reviewing
ifconfig on the server and dmesg showed me the server had a two built-in
em(4) interfaces, eth0 having the public IP. I edited the config file
assuming em0 under an OpenBSD kernel would also be the public NIC. I
copied the information I found in the default CentOS 5 install to yaifo
config.
Taking a step back, I first followed the README's advice to test a build
of yaifo on a local box just to make sure I knew what I was doing. Good
advice that. My first go at configuring an interface failed. Once I
proved to myself I could build yaifo.rd and log in remotely (in a vm)
and could specify the IP (no dhcp in my production environment), it was
time to build an image for the soon-to-be production server.
I rebooted the server into RapidRescue and scp'd yaifo.fs up to the new
box. A quick `dd if=yaifo.js of=/dev/sda` and the disk was ready. Moment
of truth time. I typed reboot. About 30 seconds later I was able to
connect to the box and was greeted with an OpenSSH login screen. Since I
had added my authorized_keys to the yaifo image and had ssh-agent
running, in moments I was logged in an presented with the familiar
bsd.rd (I)nstall, (U)pgrade or (S)hell? prompt.
I followed the normal install steps, noting that since I had entered
hard-coded values for the interface config yaifo took care of that part
of the install for me. I added bsd.mp to the default setup and let the
installer go. 15 minutes later I finished the config and was pleased to
see that yaifo gave me the opportunity to move my ssh keys to the new
server. When done, the yaifo-based install helpfully reminded me to type
`reboot` rather than `halt -p`. Another 30 seconds later and my spiffy
new OpenBSD server was up and running.
All told I probably spent 2 hours reading the instructions and prepping
a vm to test with and another hour or so building and testing yaifo
before I was ready. Of course the actual server install followed the
normal OpenBSD quick process. With the ease of installation and my
concerns about remote install put to rest, I'm ready to start looking at
moving the rest of our remote servers to OpenBSD. I would be glad to be
move from RedHat/CentOS to OpenBSD across the board.
Thanks to all the OpenBSD developers for making installations quick and
easy and special thanks to merdely@ for taking yaifo under his wing and
keeping it up-to-date and easy to use.
--Aaron
[1] http://www.serverbeach.com/products/rapid_rescue.php
[2] If I wanted to connect the first time. RapidRescue makes it easy to
load image after image on the disks so there was no risk of borking the
server.
