depenguin-me / depenguin-run Goto Github PK

View Code? Open in Web Editor NEW

15.0 15.0 7.0 113 KB

Installer script for mfsBSD image to install FreeBSD 14.0 with zfs-on-root using qemu

License: MIT License

Shell 100.00%

depenguin-run's People

Stargazers

Watchers

Forkers

grembo click0 nkfilis bretton ludoplex q4zar subito

depenguin-run's Issues

Test request: Hetzner PX62-NVMe

ada0 and ada1

2 x 960 GB NVMe SSD Datacenter Edition
https://www.hetzner.com/dedicated-rootserver/px62-nvme

Please provide a 13.3 ISO

Now that 13.2 is EoL, it would be great if we could get a 13.3 ISO (as installing 13.2 and then upgrading is not a real option anymore). Prettyplease? ;)

Test request: IONOS Dedicated Servers

Most options have 2 SATA disks.
https://www.ionos.com/servers/dedicated-servers

recovery console info, linux-based
https://www.ionos.com/help/server-cloud-infrastructure/server-administration-dedicated-servers/booting-the-dedicated-server-to-the-linux-rescue-system/

older recovery console info, linux-based
https://www.ionos.com/help/server-cloud-infrastructure/dedicated-server-for-servers-purchased-before-102818/rescue-and-recovery/working-with-the-linux-rescue-system/

Please provide ansible playbook

outline for an ansible playbook which can provision a host, from rescue system to end server:

doing this requires multiple stages with different usernames, and removing ssh host keys at steps:

access rescue via SSH root@ip, get script from site, run it
access qemu mfsbsd via ssh port 1022 mfsbsd@ip
- configure depenguin_settings.sh with settings from inventory
  todo: find way to update inventory with data from provider API
- run depenguin_bsdinstall.sh and wait for shutdown
reconnect active rescue via SSH root@ip, cancel qemu, reboot
wait a bit, access host user@ip for post-install setup

Ideally a drop-in role for other ansible playbooks?

Test request: Servers.com Dell Servers

Test request: Servers.com Dell Servers
https://www.servers.com/products/dedicated-servers/

Cheapest have 2 drives. This is a premium price service provider.

Recovery console is "DMGMTSrvInit 1.0 x86_64 [based on CentOS 6 x86_64]"
mentions Dell OpenManage Deployment Toolkit
https://www.servers.com/support/knowledge/dedicated-servers/how-to-restore-a-dedicated-server-using-rescue-mode

Test request: Leaseweb Dedicated Servers

https://www.leaseweb.com/dedicated-servers

Most options are dual drive.

They have a recovery console, with a FreeBSD image
https://kb.leaseweb.com/products/dedicated-server/starting-your-dedicated-server-in-rescue-mode

FreeBSD is listed as supported install image too
https://kb.leaseweb.com/products/dedicated-server/reinstalling-your-dedicated-server

Test Report: Hetzner AX41 (2 x 2TB spindle disks)

Successful installation as follows:

wget https://depenguin.me/run.sh && chmod +x run.sh && ./run.sh KEYURL

error popped up, can safely ignore

./run.sh: line 277: kvm-ok: command not found

continue till script says ssh available, and connect via ssh on port 1022, change to root with sudo su - and then run

zfsinstall -d ada0 -d ada1 -r mirror -s 4G -A -4 -c -p zroot

successful install ends with:

===============
Extracting FreeBSD distribution ... done
Writing /boot/loader.conf... done
Writing /etc/fstab...Writing /etc/rc.conf... done
Copying /boot/zfs/zpool.cache ... done

Installation complete.
The system will boot from ZFS with clean install on next reboot

You may make adjustments to the installed system using chroot:
chroot /mnt

Some adjustments may require a mounted devfs:
mount -t devfs devfs /mnt/dev

WARNING - Don't export ZFS pool "zroot"!
===============

However we have additional steps to do

cat /home/mfsbsd/.ssh/authorized_keys

*copy to clipboard*

root@mfsbsd:~ # chroot /mnt

pw groupadd <your user>
pw useradd -m -n <your user> -g <your user> -G wheel -h - -c "your name"

cd /home/<your user>

mkdir .ssh
cd .ssh
vi authorized_keys

*paste in keys copied to clipboard earlier*

chmod 600 authorized_keys
cd ..
chmod 700 .ssh

chown -R <your user>:<your user> .ssh

root@mfsbsd:/ # cat /etc/rc.conf
zfs_enable="YES"

vi /etc/rc.conf

hostname="yourhostname"
ifconfig_igb0_name="untrusted"
ifconfig_untrusted="up"
ifconfig_untrusted_ipv6="up"
ifconfig_untrusted_aliases="inet 1.2.3.4/32 inet6 1234::123:123:1234::2/64"
ipv6_activate_all_interfaces="YES"
static_routes="gateway default"
route_gateway="-host 6.7.8.9 -interface untrusted"
route_default="default 6.7.8.9"
ipv6_defaultrouter="fe80::1%untrusted"
sshd_enable="YES"
zfs_enable="YES"

*save and exit*

ctrl-d to exit chroot

back in rescue ssh session, control-c to exit, type reboot.

wait a while, connect ssh youruser@yourip

there is no sudo installed by default, but su - works without password if steps above followed.

proceed with freebsd-update fetch and freebsd-update install and other steps.

It seems, depending on the debian version used for the rescue image, you need to install a different package. In the case of a OVH/Kimsufi KS-GAME-1, I needed to remove the "mkisofs:mkisofs" from the DEPS variable and installed xorriso and genisoimage packages by hand.
It looks like the OVH rescue-pro uses Debian Jessie, but I'm not very familiar with those things.

Test request: Hetzner EX43

Specs:

Intel® Core™ i5-12500 processor from the twelfth generation, nicknamed "Alder Lake"
2 x 512 GB Gen4 NVMe SSD

FreeBSD support seems more likely in FreeBSD-14, however the script should work provided that:

CSM is turned on
- likely requires GPU attached
- requires secure boot disabled
- may be unclear how to do this on Hetzner EX43 servers
NVME boot is supported only in UEFI

System will fail to boot correctly otherwise.

Test request: Scaleway Dedibox

https://www.scaleway.com/en/dedibox/

Most options have only a single disk according to docs screenshots, indeterminate otherwise.

"Currently we offer three different types of rescue mode:

An Ubuntu distribution

A Windows PE distribution

A FreeBSD distribution"

https://www.scaleway.com/en/docs/dedibox/dedicated-servers/how-to/use-rescue-mode/

Wide OS support including FreeBSD
https://www.scaleway.com/en/dedibox/operating-systems/

ovmf package missing on Debian 10

The current OVH rescue system is based on Debian 10 and it needs the ovmf package to be installed in order for qemu to run properly

Test request: Hetzner ipv6 only instance

It's not known how the script works with ipv6-only instances. ipv4 addresses are an addon now.

There is a corresponding issue here
depenguin-me/depenguin-builder#2

command line parameters for statically compiled qemu-system-x86_64

The source post links to a statically compiled qemu binary at

there is also a copy at

depenguin.me mirror: https://depenguin.me/files/vkvm.tar.gz

This binary is QEMU 2.2.0, the current version is 7.0.0, dated Apr 19th 2022.

The command line parameters are:

QEMU emulator version 2.2.0, Copyright (c) 2003-2008 Fabrice Bellard
usage: qemu-system-x86_64 [options] [disk_image]

'disk_image' is a raw hard disk image for IDE hard disk 0

Standard options:
-h or -help     display this help and exit
-version        display version information and exit
-machine [type=]name[,prop[=value][,...]]
                selects emulated machine ('-machine help' for list)
                property accel=accel1[:accel2[:...]] selects accelerator
                supported accelerators are kvm, xen, tcg (default: tcg)
                kernel_irqchip=on|off controls accelerated irqchip support
                vmport=on|off|auto controls emulation of vmport (default: auto)
                kvm_shadow_mem=size of KVM shadow MMU
                dump-guest-core=on|off include guest memory in a core dump (default=on)
                mem-merge=on|off controls memory merge support (default: on)
                iommu=on|off controls emulated Intel IOMMU (VT-d) support (default=off)
-cpu cpu        select CPU ('-cpu help' for list)
-smp [cpus=]n[,maxcpus=cpus][,cores=cores][,threads=threads][,sockets=sockets]
                set the number of CPUs to 'n' [default=1]
                maxcpus= maximum number of total cpus, including
                offline CPUs for hotplug, etc
                cores= number of CPU cores on one socket
                threads= number of threads on one CPU core
                sockets= number of discrete sockets in the system
-numa node[,mem=size][,cpus=cpu[-cpu]][,nodeid=node]
-numa node[,memdev=id][,cpus=cpu[-cpu]][,nodeid=node]
-add-fd fd=fd,set=set[,opaque=opaque]
                Add 'fd' to fd 'set'
-set group.id.arg=value
                set <arg> parameter for item <id> of type <group>
                i.e. -set drive.$id.file=/path/to/image
-global driver.prop=value
                set a global default for a driver property
-boot [order=drives][,once=drives][,menu=on|off]
      [,splash=sp_name][,splash-time=sp_time][,reboot-timeout=rb_time][,strict=on|off]
                'drives': floppy (a), hard disk (c), CD-ROM (d), network (n)
                'sp_name': the file's name that would be passed to bios as logo picture, if menu=on
                'sp_time': the period that splash picture last if menu=on, unit is ms
                'rb_timeout': the timeout before guest reboot when boot failed, unit is ms
-m[emory] [size=]megs[,slots=n,maxmem=size]
                configure guest RAM
                size: initial amount of guest memory (default: 128MiB)
                slots: number of hotplug slots (default: none)
                maxmem: maximum amount of guest memory (default: none)
NOTE: Some architectures might enforce a specific granularity
-mem-path FILE  provide backing storage for guest RAM
-mem-prealloc   preallocate guest memory (use with -mem-path)
-k language     use keyboard layout (for example 'fr' for French)
-audio-help     print list of audio drivers and their options
-soundhw c1,... enable audio support
                and only specified sound cards (comma separated list)
                use '-soundhw help' to get the list of supported cards
                use '-soundhw all' to enable all of them
-balloon none   disable balloon device
-balloon virtio[,addr=str]
                enable virtio balloon device (default)
-device driver[,prop[=value][,...]]
                add device (based on driver)
                prop=value,... sets driver properties
                use '-device help' to print all possible drivers
                use '-device driver,help' to print all possible properties
-name string1[,process=string2][,debug-threads=on|off]
                set the name of the guest
                string1 sets the window title and string2 the process name (on Linux)
                When debug-threads is enabled, individual threads are given a separate name (on Linux)
                NOTE: The thread names are for debugging and not a stable API.
-uuid %08x-%04x-%04x-%04x-%012x
                specify machine UUID

Block device options:
-fda/-fdb file  use 'file' as floppy disk 0/1 image
-hda/-hdb file  use 'file' as IDE hard disk 0/1 image
-hdc/-hdd file  use 'file' as IDE hard disk 2/3 image
-cdrom file     use 'file' as IDE cdrom image (cdrom is ide1 master)
-drive [file=file][,if=type][,bus=n][,unit=m][,media=d][,index=i]
       [,cyls=c,heads=h,secs=s[,trans=t]][,snapshot=on|off]
       [,cache=writethrough|writeback|none|directsync|unsafe][,format=f]
       [,serial=s][,addr=A][,rerror=ignore|stop|report]
       [,werror=ignore|stop|report|enospc][,id=name][,aio=threads|native]
       [,readonly=on|off][,copy-on-read=on|off]
       [,discard=ignore|unmap][,detect-zeroes=on|off|unmap]
       [[,bps=b]|[[,bps_rd=r][,bps_wr=w]]]
       [[,iops=i]|[[,iops_rd=r][,iops_wr=w]]]
       [[,bps_max=bm]|[[,bps_rd_max=rm][,bps_wr_max=wm]]]
       [[,iops_max=im]|[[,iops_rd_max=irm][,iops_wr_max=iwm]]]
       [[,iops_size=is]]
                use 'file' as a drive image
-mtdblock file  use 'file' as on-board Flash memory image
-sd file        use 'file' as SecureDigital card image
-pflash file    use 'file' as a parallel flash image
-snapshot       write to temporary files instead of disk image files
-hdachs c,h,s[,t]
                force hard disk 0 physical geometry and the optional BIOS
                translation (t=none or lba) (usually QEMU can guess them)
-fsdev fsdriver,id=id[,path=path,][security_model={mapped-xattr|mapped-file|passthrough|none}]
 [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]
-virtfs local,path=path,mount_tag=tag,security_model=[mapped-xattr|mapped-file|passthrough|none]
        [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]
-virtfs_synth Create synthetic file system image

USB options:
-usb            enable the USB driver (will be the default soon)
-usbdevice name add the host or guest USB device 'name'

Display options:
-display sdl[,frame=on|off][,alt_grab=on|off][,ctrl_grab=on|off]
            [,window_close=on|off]|curses|none|
            gtk[,grab_on_hover=on|off]|
            vnc=<display>[,<optargs>]
                select display type
-nographic      disable graphical output and redirect serial I/Os to console
-curses         use a curses/ncurses interface instead of SDL
-no-frame       open SDL window without a frame and window decorations
-alt-grab       use Ctrl-Alt-Shift to grab mouse (instead of Ctrl-Alt)
-ctrl-grab      use Right-Ctrl to grab mouse (instead of Ctrl-Alt)
-no-quit        disable SDL window close capability
-sdl            enable SDL
-spice [port=port][,tls-port=secured-port][,x509-dir=<dir>]
       [,x509-key-file=<file>][,x509-key-password=<file>]
       [,x509-cert-file=<file>][,x509-cacert-file=<file>]
       [,x509-dh-key-file=<file>][,addr=addr][,ipv4|ipv6]
       [,tls-ciphers=<list>]
       [,tls-channel=[main|display|cursor|inputs|record|playback]]
       [,plaintext-channel=[main|display|cursor|inputs|record|playback]]
       [,sasl][,password=<secret>][,disable-ticketing]
       [,image-compression=[auto_glz|auto_lz|quic|glz|lz|off]]
       [,jpeg-wan-compression=[auto|never|always]]
       [,zlib-glz-wan-compression=[auto|never|always]]
       [,streaming-video=[off|all|filter]][,disable-copy-paste]
       [,disable-agent-file-xfer][,agent-mouse=[on|off]]
       [,playback-compression=[on|off]][,seamless-migration=[on|off]]
   enable spice
   at least one of {port, tls-port} is mandatory
-portrait       rotate graphical output 90 deg left (only PXA LCD)
-rotate <deg>   rotate graphical output some deg left (only PXA LCD)
-vga [std|cirrus|vmware|qxl|xenfb|tcx|cg3|none]
                select video card type
-full-screen    start in full screen
-vnc display    start a VNC server on display

i386 target only:
-win2k-hack     use it when installing Windows 2000 to avoid a disk full bug
-no-fd-bootchk  disable boot signature checking for floppy disks
-no-acpi        disable ACPI
-no-hpet        disable HPET
-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]
                ACPI table description
-smbios file=binary
                load SMBIOS entry from binary file
-smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d][,uefi=on|off]
                specify SMBIOS type 0 fields
-smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str]
              [,uuid=uuid][,sku=str][,family=str]
                specify SMBIOS type 1 fields

Network options:
-net nic[,vlan=n][,macaddr=mac][,model=type][,name=str][,addr=str][,vectors=v]
                create a new Network Interface Card and connect it to VLAN 'n'
-net user[,vlan=n][,name=str][,net=addr[/mask]][,host=addr][,restrict=on|off]
         [,hostname=host][,dhcpstart=addr][,dns=addr][,dnssearch=domain][,tftp=dir]
         [,bootfile=f][,hostfwd=rule][,guestfwd=rule][,smb=dir[,smbserver=addr]]
                connect the user mode network stack to VLAN 'n', configure its
                DHCP server and enabled optional services
-net tap[,vlan=n][,name=str][,fd=h][,fds=x:y:...:z][,ifname=name][,script=file][,downscript=dfile][,helper=helper][,sndbuf=nbytes][,vnet_hdr=on|off][,vhost=on|off][,vhostfd=h][,vhostfds=x:y:...:z][,vhostforce=on|off][,queues=n]
                connect the host TAP network interface to VLAN 'n'
                use network scripts 'file' (default=/etc/qemu-ifup)
                to configure it and 'dfile' (default=/etc/qemu-ifdown)
                to deconfigure it
                use '[down]script=no' to disable script execution
                use network helper 'helper' (default=/tmp/libexec/qemu-bridge-helper) to
                configure it
                use 'fd=h' to connect to an already opened TAP interface
                use 'fds=x:y:...:z' to connect to already opened multiqueue capable TAP interfaces
                use 'sndbuf=nbytes' to limit the size of the send buffer (the
                default is disabled 'sndbuf=0' to enable flow control set 'sndbuf=1048576')
                use vnet_hdr=off to avoid enabling the IFF_VNET_HDR tap flag
                use vnet_hdr=on to make the lack of IFF_VNET_HDR support an error condition
                use vhost=on to enable experimental in kernel accelerator
                    (only has effect for virtio guests which use MSIX)
                use vhostforce=on to force vhost on for non-MSIX virtio guests
                use 'vhostfd=h' to connect to an already opened vhost net device
                use 'vhostfds=x:y:...:z to connect to multiple already opened vhost net devices
                use 'queues=n' to specify the number of queues to be created for multiqueue TAP
-net bridge[,vlan=n][,name=str][,br=bridge][,helper=helper]
                connects a host TAP network interface to a host bridge device 'br'
                (default=br0) using the program 'helper'
                (default=/tmp/libexec/qemu-bridge-helper)
-net l2tpv3[,vlan=n][,name=str],src=srcaddr,dst=dstaddr[,srcport=srcport][,dstport=dstport],txsession=txsession[,rxsession=rxsession][,ipv6=on/off][,udp=on/off][,cookie64=on/off][,counter][,pincounter][,txcookie=txcookie][,rxcookie=rxcookie][,offset=offset]
                connect the VLAN to an Ethernet over L2TPv3 pseudowire
                Linux kernel 3.3+ as well as most routers can talk
                L2TPv3. This transport allows connecting a VM to a VM,
                VM to a router and even VM to Host. It is a nearly-universal
                standard (RFC3391). Note - this implementation uses static
                pre-configured tunnels (same as the Linux kernel).
                use 'src=' to specify source address
                use 'dst=' to specify destination address
                use 'udp=on' to specify udp encapsulation
                use 'srcport=' to specify source udp port
                use 'dstport=' to specify destination udp port
                use 'ipv6=on' to force v6
                L2TPv3 uses cookies to prevent misconfiguration as
                well as a weak security measure
                use 'rxcookie=0x012345678' to specify a rxcookie
                use 'txcookie=0x012345678' to specify a txcookie
                use 'cookie64=on' to set cookie size to 64 bit, otherwise 32
                use 'counter=off' to force a 'cut-down' L2TPv3 with no counter
                use 'pincounter=on' to work around broken counter handling in peer
                use 'offset=X' to add an extra offset between header and data
-net socket[,vlan=n][,name=str][,fd=h][,listen=[host]:port][,connect=host:port]
                connect the vlan 'n' to another VLAN using a socket connection
-net socket[,vlan=n][,name=str][,fd=h][,mcast=maddr:port[,localaddr=addr]]
                connect the vlan 'n' to multicast maddr and port
                use 'localaddr=addr' to specify the host address to send packets from
-net socket[,vlan=n][,name=str][,fd=h][,udp=host:port][,localaddr=host:port]
                connect the vlan 'n' to another VLAN using an UDP tunnel
-net vde[,vlan=n][,name=str][,sock=socketpath][,port=n][,group=groupname][,mode=octalmode]
                connect the vlan 'n' to port 'n' of a vde switch running
                on host and listening for incoming connections on 'socketpath'.
                Use group 'groupname' and mode 'octalmode' to change default
                ownership and permissions for communication port.
-net dump[,vlan=n][,file=f][,len=n]
                dump traffic on vlan 'n' to file 'f' (max n bytes per packet)
-net none       use it alone to have zero network devices. If no -net option
                is provided, the default is '-net nic -net user'
-netdev [user|tap|bridge|vde|vhost-user|socket|hubport],id=str[,option][,option][,...]

Character device options:
-chardev null,id=id[,mux=on|off]
-chardev socket,id=id[,host=host],port=port[,to=to][,ipv4][,ipv6][,nodelay][,reconnect=seconds]
         [,server][,nowait][,telnet][,reconnect=seconds][,mux=on|off] (tcp)
-chardev socket,id=id,path=path[,server][,nowait][,telnet][,reconnect=seconds][,mux=on|off] (unix)
-chardev udp,id=id[,host=host],port=port[,localaddr=localaddr]
         [,localport=localport][,ipv4][,ipv6][,mux=on|off]
-chardev msmouse,id=id[,mux=on|off]
-chardev vc,id=id[[,width=width][,height=height]][[,cols=cols][,rows=rows]]
         [,mux=on|off]
-chardev ringbuf,id=id[,size=size]
-chardev file,id=id,path=path[,mux=on|off]
-chardev pipe,id=id,path=path[,mux=on|off]
-chardev pty,id=id[,mux=on|off]
-chardev stdio,id=id[,mux=on|off][,signal=on|off]
-chardev serial,id=id,path=path[,mux=on|off]
-chardev tty,id=id,path=path[,mux=on|off]
-chardev parallel,id=id,path=path[,mux=on|off]
-chardev parport,id=id,path=path[,mux=on|off]

Device URL Syntax:
-iscsi [user=user][,password=password]
       [,header-digest=CRC32C|CR32C-NONE|NONE-CRC32C|NONE
       [,initiator-name=initiator-iqn][,id=target-iqn]
                iSCSI session parameters
Bluetooth(R) options:
-bt hci,null    dumb bluetooth HCI - doesn't respond to commands
-bt hci,host[:id]
                use host's HCI with the given name
-bt hci[,vlan=n]
                emulate a standard HCI in virtual scatternet 'n'
-bt vhci[,vlan=n]
                add host computer to virtual scatternet 'n' using VHCI
-bt device:dev[,vlan=n]
                emulate a bluetooth device 'dev' in scatternet 'n'

TPM device options:
-tpmdev passthrough,id=id[,path=path][,cancel-path=path]
                use path to provide path to a character device; default is /dev/tpm0
                use cancel-path to provide path to TPM's cancel sysfs entry; if
                not provided it will be searched for in /sys/class/misc/tpm?/device

Linux/Multiboot boot specific:
-kernel bzImage use 'bzImage' as kernel image
-append cmdline use 'cmdline' as kernel command line
-initrd file    use 'file' as initial ram disk
-dtb    file    use 'file' as device tree image

Debug/Expert options:
-serial dev     redirect the serial port to char device 'dev'
-parallel dev   redirect the parallel port to char device 'dev'
-monitor dev    redirect the monitor to char device 'dev'
-qmp dev        like -monitor but opens in 'control' mode
-mon [chardev=]name[,mode=readline|control][,default]
-debugcon dev   redirect the debug console to char device 'dev'
-pidfile file   write PID to 'file'
-singlestep     always run in singlestep mode
-S              freeze CPU at startup (use 'c' to start execution)
-realtime [mlock=on|off]
                run qemu with realtime features
                mlock=on|off controls mlock support (default: on)
-gdb dev        wait for gdb connection on 'dev'
-s              shorthand for -gdb tcp::1234
-d item1,...    enable logging of specified items (use '-d help' for a list of log items)
-D logfile      output log to logfile (default stderr)
-L path         set the directory for the BIOS, VGA BIOS and keymaps
-bios file      set the filename for the BIOS
-enable-kvm     enable KVM full virtualization support
-xen-domid id   specify xen guest domain id
-xen-create     create domain using xen hypercalls, bypassing xend
                warning: should not be used when xend is in use
-xen-attach     attach to existing xen domain
                xend will use this when starting QEMU
-no-reboot      exit instead of rebooting
-no-shutdown    stop before shutdown
-loadvm [tag|id]
                start right away with a saved state (loadvm in monitor)
-daemonize      daemonize QEMU after initializing
-option-rom rom load a file, rom, into the option ROM space
-rtc [base=utc|localtime|date][,clock=host|rt|vm][,driftfix=none|slew]
                set the RTC base and clock, enable drift fix for clock ticks (x86 only)
-icount [shift=N|auto][,align=on|off]
                enable virtual instruction counter with 2^N clock ticks per
                instruction and enable aligning the host and virtual clocks
-watchdog i6300esb|ib700
                enable virtual hardware watchdog [default=none]
-watchdog-action reset|shutdown|poweroff|pause|debug|none
                action when watchdog fires [default=reset]
-echr chr       set terminal escape character instead of ctrl-a
-virtioconsole c
                set virtio console
-show-cursor    show cursor
-tb-size n      set TB size
-incoming p     prepare for incoming migration, listen on port p
-nodefaults     don't create default devices
-chroot dir     chroot to dir just before starting the VM
-runas user     change to user id user just before starting the VM
-sandbox <arg>  Enable seccomp mode 2 system call filter (default 'off').
-readconfig <file>
-writeconfig <file>
                read/write config file
-nodefconfig
                do not load default config files at startup
-no-user-config
                do not load user-provided config files at startup
-trace [events=<file>][,file=<file>]
                specify tracing options
-enable-fips    enable FIPS 140-2 compliance
-object TYPENAME[,PROP1=VALUE1,...]
                create an new object of type TYPENAME setting properties
                in the order they are specified.  Note that the 'id'
                property must be set.  These objects are placed in the
                '/objects' path.
-msg timestamp[=on|off]
                change the format of messages
                on|off controls leading timestamps (default:on)
-dump-vmstate <file>
                Output vmstate information in JSON format to file.
                Use the scripts/vmstate-static-checker.py file to
                check for possible regressions in migration code
                by comparing two such vmstate dumps.
During emulation, the following keys are useful:
ctrl-alt-f      toggle full screen
ctrl-alt-n      switch to virtual console 'n'
ctrl-alt        toggle mouse and keyboard grab

When using -nographic, press 'ctrl-a h' to get some help.

Useful notes:

change directory to share/qemu and run ../../qemu-system-x86_64 -parameter value
or use -L /path/to/share/qemu/ where bios files and keymaps are
the only bios tested is the default file bios-256k.bin and must be set as parameter -bios bios-256k.bin
keymaps are in share/qemu/keymaps and can be referenced with -k keymaps/en-us if in same directory as bios files, and only en-us has been tested
VNC can be restricted to localhost with -vnc 127.0.0.1:1 and then use SSH to proxy connect to VNC

Provide the likely interface name in the installed BSD system during the mfsBSD boot step

when the script has loaded up qemu and outputs this text

ssh -p 1022 mfsbsd@ip-address

it should also indicate the likely name of the resulting network interface in the installed system.

I don't know an easy way to do this, however I found the following

FreeBSD interface naming

The name of a FreeBSD interface starts with the name of its network driver.
It is then followed by a number starting at 0 that increases incrementally by
one for each additional interface sharing that driver. 
For example, a common driver used by Intel gigabit network interface cards is igb. 
The first such card in a firewall will be igb0, the second is igb1, and so on. 
Other common driver names include cxl (Chelsio 10G), em (Also Intel 1G), 
ix (Intel 10G), bge (various Broadcom chipsets), amongst numerous others.
If a system mixes an Intel card and a Chelsio card, the interfaces will be igb0
and cxl0 respectively.

source

It's tricky because Xneelo servers show eno0 in rescue system, em0 in mfsBSD, and igb0 when in resulting installed FreeBSD system.

However in some Hetzner server-bidding servers it would be em0 in mfsBSD and installed FreeBSD system.

Detecting the likely result in end system, and informing user, or automatically setting, would be useful.

I need to use password access to MfsBSD

A vanilla build of MfsBSD with root password is enough for me.
The mandatory requirement to use ssh keys is superfluous.

Test request: Hetzner PX62

ada0 and ada1

2 x 8 TB SATA Enterprise HDD
https://www.hetzner.com/dedicated-rootserver/px62

Test request: Hivelocity dedicated servers

There are some listed at https://www.hivelocity.net/dedicated-servers/

We support Ubuntu 18.04 and 22.04, CentOS and Almalinux 8 or CloudLinux 8

Not clear if there is a rescue boot, or can use a recovery image, otherwise they have custom iPXE images too

Statically compiled qemu binary won't work with disks larger than 2TB

The original post makes a note:

If you have drives larger than 2 TB, you still need to download the UEFI boot

The depenguinme script doesn't currently cater for this, and it's unclear what needs to happen.

The file exists as an additional mirror at https://depenguin.me/files/uefi.tar.gz

To-do: figure out what needs to happen with the extracted uefi.bin file, perhaps it can be loaded with -bios uefi.bin option?

Add automatic shellcheck action on pull/push

See bsdpot/pot for examples.

Test Request: IBM Cloud deprecating FreeBSD

IBM Cloud deprecation for FreeBSD on all server types starting December 31, 2022 according to this reddit post

ibm cloud lifecycle docs mention supporting FreeBSD 12.x (available only on bare metal servers) to 30 June 2024.

Rescue System mentions Centos 7

We'll need to test run script and qemu on Centos 7. Also IBM cloud dedicated boxes. Solutions seem region specific so not linking to servers yet.

Test request: Hetzner SX134 storage server

Install zroot mirror to 2 x nvme ssd, then use 10 x 16TB for minio/ceph/other

10 x 16 TB Enterprise HDD 7200 rpm, 2 x 960 GB datacenter NVMe SSD
https://www.hetzner.com/dedicated-rootserver/sx134

Test request: Hetzner AX41-NVMe

ada0 and ada1

2 x 512 GB NVMe SSD
https://www.hetzner.com/dedicated-rootserver/ax41-nvme

Change project about info

- Installer script for mfsBSD image to install FreeBSD 13.1 with zfs-on-root using a statically compiled qemu binary
+ Installer script for mfsBSD image to install FreeBSD 13.1 with zfs-on-root using qemu

(we might as well use a statically compiled one in some setups, but being less specific manages expectations)

qemu won't run on servers that don't have virtualization support

Subj.
I have a server with an Intel Atom processor where there is no virtualization support.

Therefore, instead of the mandatory qemu options ( -enable-kvm -cpu host ), you need to check for virtualization support.

Default ZFS datasets are very limited

The default ZFS datasets in mfsbsd setup are very limited:

root@depenguintest:~ # zfs list
NAME             USED  AVAIL     REFER  MOUNTPOINT
zroot           1.05G  1.76T       24K  none
zroot/root      1.05G  1.76T      938M  /
zroot/root/tmp    25K  1.76T       25K  /tmp
zroot/root/var   133M  1.76T      133M  /var

By comparison a normal FreeBSD setup (13.0) would create something more like

zroot                                               53.7G   373G       96K  /zroot
zroot/ROOT                                          46.4G   373G       96K  none
zroot/ROOT/default                                  46.4G   373G     46.4G  /
zroot/tmp                                           2.50G   373G     2.50G  /tmp
zroot/usr                                           3.45G   373G       96K  /usr
zroot/usr/home                                      2.51G   373G     2.51G  /usr/home
zroot/usr/ports                                       96K   373G       96K  /usr/ports
zroot/usr/src                                        963M   373G      963M  /usr/src
zroot/var                                           9.98M   373G       96K  /var
zroot/var/audit                                       96K   373G       96K  /var/audit
zroot/var/crash                                       96K   373G       96K  /var/crash
zroot/var/log                                       4.52M   373G     4.52M  /var/log
zroot/var/mail                                      5.07M   373G     5.07M  /var/mail
zroot/var/tmp                                        112K   373G      112K  /var/tmp

with user, or other programs like pot, creating additional datasets.

I'd like to suggest an improvement here, but not sure what. Or draw more attention to the limited setup somehow.

Test request: Hetzner AX52

Starting to play with this one.

So far depenguin.me does not start properly (doing a plain run.sh):

KVM acceleration can be used
Starting qemu...
Please wait, booting... 30s
Please wait, booting... 25s
Please wait, booting... 20s
Please wait, booting... 15s
Please wait, booting... 10s
Please wait, booting... 5s
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
Waiting for sshd to become available...
...

Hetzner - Extracting FreeBSD distribution ...Killed error

I tried to install FreeBSD based on the:
https://depenguin.me/

In the zfsinstall step it died and I cannot run it again:

Installation

root@mfsbsd:~ # zfsinstall -d ada0 -d ada1 -r mirror -s 4G -A -4 -c -p zroot
Fetching base files from: ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/13.1-RELEASE
/tmp/base.txz                                          186 MB   25 MBps    07s
/tmp/kernel.txz                                         49 MB   25 MBps    02s
Creating GUID partitions on ada0 ... done
Configuring ZFS bootcode on ada0 ... done
=>        40  1000215136  ada0  GPT  (477G)
          40         472     1  freebsd-boot  (236K)
         512        3584        - free -  (1.8M)
        4096     8388608     2  freebsd-swap  (4.0G)
     8392704   991821824     3  freebsd-zfs  (473G)
  1000214528         648        - free -  (324K)

Creating GUID partitions on ada1 ... done
Configuring ZFS bootcode on ada1 ... done
=>        40  1000215136  ada1  GPT  (477G)
          40         472     1  freebsd-boot  (236K)
         512        3584        - free -  (1.8M)
        4096     8388608     2  freebsd-swap  (4.0G)
     8392704   991821824     3  freebsd-zfs  (473G)
  1000214528         648        - free -  (324K)

Creating ZFS pool zroot on  ada0p3 ada1p3 ... done
Setting default checksum to fletcher4 for zroot ... done
Enabling default compression on zroot ... done
Creating zroot root partition: ... done
Creating zroot partitions: var tmp ... done
Setting bootfs for zroot to zroot/root ... done
NAME             USED  AVAIL     REFER  MOUNTPOINT
zroot            248K   457G       24K  none
zroot/root        72K   457G       24K  /mnt
zroot/root/tmp    24K   457G       24K  /mnt/tmp
zroot/root/var    24K   457G       24K  /mnt/var
Extracting FreeBSD distribution ...Killed
 error

If I try it again

root@mfsbsd:~ # zfsinstall -d ada0 -d ada1 -r mirror -s 4G -A -4 -c -p zroot
Error: ZFS pool "zroot" already exists

root@mfsbsd:~ # df -h
Filesystem        Size    Used   Avail Capacity  Mounted on
/dev/md0           82M     71M    5.3M    93%    /
devfs             1.0K    1.0K      0B   100%    /dev
tmpfs             628M    598M     30M    95%    /rw
devfs             1.0K    1.0K      0B   100%    /rw/dev
zroot/root        457G    155M    457G     0%    /rw/mnt
zroot/root/var    457G     24K    457G     0%    /rw/mnt/var
zroot/root/tmp    457G     24K    457G     0%    /rw/mnt/tmp

Whatever I try it fails:

root@mfsbsd:~ # zfsinstall -d ada0 -d ada1 -r mirror -s 4G -A -4 -c -p zroot
Error: An exported ZFS pool "zroot" already exists
Please choose another pool name or rename/destroy the exported pool.
root@mfsbsd:~ # zpool remove zroot
cannot open 'zroot': no such pool
root@mfsbsd:~ # zpool destroy zroot
cannot open 'zroot': no such pool
root@mfsbsd:~ # zpool destroy -f zroot
cannot open 'zroot': no such pool
root@mfsbsd:~ # zpool status
no pools available

Any ideas how to continue or restart completely?

Test request: Xneelo TruServ and Truserv Plus

2 x Micron 1 TB, 1300 SSD
or
2 x Micron 960 GB, 5200 ECO SSD
https://xneelo.co.za/dedicated-servers/

edit: adding Recovery console info
https://xneelo.co.za/help-centre/control-panel/linux-rescue-system-self-managed-server/

edit 2: try for free for 7 days
https://xneelo.co.za/help-centre/products-and-services/how-do-i-terminate-server/

Should you be cancelling your server within the 7 day grace period
after placing your order, we will proceed to decommission the server
with immediate effect. You will not be liable for any fees associated
with this server.

Support more than 2 drives

There are some machines that come with 4 or 6 drives and it would be nice to use them as a raidz(2) pool, but the script currently only supports <=2 drive machines, right?

Test request: Hetzner AX51

ada0 and ada1

2 x 8 TB SATA Enterprise HDD
https://www.hetzner.com/dedicated-rootserver/ax51

Add more than two drives?

Hi,

I am currently bootstrapping a server with four drives, and the script always only selects /dev/sd[ab] and not /dev/sd[abcd] as its listed in lsblk.
I found there is a limitation that you can only add 4 drives to qemu, but if you use if=virtio more can be added.

What can be done about this, so that the installation can directly take care of all disks?

Kind regards.

Test request: OVH Baremetal servers

Test Request: OVH Baremetal servers

https://www.ovhcloud.com/en/bare-metal/

Multiple tiers/ranges of servers with common entry level disk setup of 2 x 2TB or 2 x 512GB SSD:

Kimsufi
Rise
Advance
Game
Scale
High Grade

Linux based rescue system
https://docs.ovh.com/gb/en/dedicated/ovh-rescue/

Create a random mfsbsd password / support ssh public key

Right now, running the script listens to the public internet with fixed, known, weak credentials.

It would be cool if the script could generate a random password for mfsbsd and show it on start. This way the security risk for the server would be greatly reduced.

Another great feature would be supporting an ssh public key (and therefore using no password at all) and/or limiting access by IP address.

Testing Hetzner EX44 (NVMe)

This server works mostly out of the box, but requires a special network driver from ports to work.

In this test, the network adapter was a Realtek RTL8125 2.5GbE Controller (vendor=0x10ec device=0x8125). This should work with net/realtek-re-kmod, but at the time of writing (March 2024) it doesn't. Instead, net/realtek-re-kmod198 is required (see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275882 for details).

After finishing the installation, but before rebooting, drop into a shell and install the driver:

pkg install realtek-re-kmod198

Then adapt /boot/loader.conf to make use of it:

if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"
hw.re.max_rx_mbuf_sz="2048"  # optional

Finally configure the interface in /etc/rc.conf:

ifconfig_re0_name="untrusted"

ifconfig_untrusted="up"
ifconfig_untrusted_ipv6="up"
ifconfig_untrusted_aliases="inet 1.2.3.4/32 inet6 2a01:4f8:1:2a::2/64"

static_routes="gateway default"
route_gateway="-host 1.2.3.1 -interface untrusted"
route_default="default 1.2.3.1"

ipv6_defaultrouter="fe80::1%untrusted"

Legend:

1.2.3.4: host IPv4 IP
1.2.3.1: IPv4 default gateway
2a01:4f8:1:2a::2: host IPv6 IP

PhoenixNAP Bare Metal Cloud

Can this be used on PhoenixNAP Bare Metal Cloud?

https://phoenixnap.com/bare-metal-cloud

Test request: Equinix Metal

https://metal.equinix.com/product/servers/

Most have 1-2 drives or more.

There is a recovery console "which loads a vanilla Alpine Linux image into your server's RAM"
https://metal.equinix.com/developers/docs/resilience-recovery/rescue-mode/

http://wiki.alpinelinux.org
install missing packages with apk such as apk add e2fsprogs

FreeBSD is listed as supported install option
https://metal.equinix.com/developers/docs/operating-systems/supported/

Remove sudo

Really cool script, just tested and it seems to work ok.

It would be good to remove sudo from the script (and maybe check for uid 0 on start)., sinceHetzner servers don't have sudo installed by default and one connects to servers running the rescue image using root anyway.

Need a list of commands in provider rescue console

The depenguinme.sh script can only work with the binaries that exist in the linux rescue environment, or with statically-compiled binaries that are downloaded.

It would be useful to have a list of binaries available /bin and /usr/bin and /usr/sbin etc from a rescue console such as Hetzner.

For example:
Is it possible to create an ISO file in the rescue system? Does mkisofs exist by default or do we need a statically-compiled copy?

depenguin-me / depenguin-run Goto Github PK

depenguin-run's People

Stargazers

Watchers

Forkers

depenguin-run's Issues

Recommend Projects

Recommend Topics

Recommend Org