You could just load the operating systems on each physical node manually, but that's a hassle: connecting a USB or CD-ROM drive, formatting the media, etc. So what I like to do is use something like a Raspberry Pi to do the initial deployments, until we get a real infrastructure deployed that can bootstrap other things.
First, I'd like to talk about the technology tree and how I break it down with, architectures (arch), hosts, platforms, implementations, and components.
Capabilities and some thoughts on technology trees.
Architecture
# an 'architecture' is a type of hardware
# (e.g. amd64, arm64, armel, armhf, i386, mips, mipsel, powerpc, ppc64el, s390x, sparc)
# it provides an architecture type
architecture:
capabilities:
- arch:(type)
Host
# an 'host' is a specific implementation of a architecture
# (e.g. macbook-pro-16, rasberry-pi)
host:
prerequisites:
- arch:(type)
Operating-System
operating-system:
prerequisites:
- (host)
Platform
# a 'platform' consists of an OS running on implementation of architecture
platform:
prerequisites:
- host (any)
- operating-system (any compatible with host architecture)
Implementation
# an 'implementation' is a language-specific, instance of a capability
# implementations require a platform
# (e.g. minicom running on a rasberry pi)
implementation:
prerequisites:
- platform:(type)
Component
# an 'component' is a piece of equipment that can be utilized by a platform, # but may not be platform specific, an implementation may require them # (e.g. wifi-hardware for ip-networking) component: provides:
So our technology-tree for building the deployer platform will be:
hosts:macbook-pro ─┐
os:macos ──────────┤
└ platform:workstation ─┐
├ image-burning ─┐
├ file-editing ─┤
└ file-transfer ─┤
hosts:kano-kit ─────────────────────────────────────────────┤
os:raspbian ────────────────────────────────────────────────┤
└ platform:deployer
Imaging the deployer node
First you're going to need some kind of workstation. You're not going to get very far without one. The Raspberry Pi 4 makes a pretty good one, but I'll be using a MacBook Pro.find the media you inserted
$ diskutil list
/dev/disk0 (internal, physical):
#: TYPE NAME SIZE IDENTIFIER
0: GUID_partition_scheme *2.0 TB disk0
1: EFI EFI 314.6 MB disk0s1
2: Apple_APFS Container disk1 2.0 TB disk0s2
/dev/disk1 (synthesized):
#: TYPE NAME SIZE IDENTIFIER
0: APFS Container Scheme - +2.0 TB disk1
Physical Store disk0s2
1: APFS Volume Macintosh HD 11.2 GB disk1s1
2: APFS Volume Macintosh HD - Data 638.9 GB disk1s2
3: APFS Volume Preboot 82.4 MB disk1s3
4: APFS Volume Recovery 528.9 MB disk1s4
5: APFS Volume VM 3.2 GB disk1s5
/dev/disk2 (external, physical):
#: TYPE NAME SIZE IDENTIFIER
0: *15.9 GB disk2
Image the media with dd
diskutil unmountDisk /dev/disk2 sudo dd if=/Users/jameswhite/lib/raspbian/2020-08-20-raspios-buster-armhf-lite.img of=/dev/disk2
Use ctrl-t for progreess
$ sudo dd if=/Users/jameswhite/lib/raspbian/2020-08-20-raspios-buster-armhf-lite.img of=/dev/disk2 <ctrl-t> load: 1.57 cmd: dd 96065 uninterruptible 0.00u 0.06s 12593+0 records in 12592+0 records out 6447104 bytes transferred in 2.425220 secs (2658358 bytes/sec)
Prepare the SD card for first boot
# Enable ssh on the pi
touch /Volumes/boot/ssh
# Enable wireless on the pi
cat<<EOF > /Volumes/boot/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US
network={
ssid="mywifissid"
psk="bobloblaw'slawblog"
}
EOF
hdiutil eject /dev/disk2
Bootstrapping deployer and setting up the serial connections
You will need something along the lines of:apt-get update && apt-get upgrade -y
Verify we can see our console devices
root@raspberrypi:~# ls -l /dev/ttyUSB∗ crw-rw---- 1 root dialout 188, 0 Aug 20 11:47 /dev/ttyUSB0 crw-rw---- 1 root dialout 188, 1 Aug 20 11:47 /dev/ttyUSB1 crw-rw---- 1 root dialout 188, 2 Aug 20 11:47 /dev/ttyUSB2 crw-rw---- 1 root dialout 188, 3 Aug 20 11:47 /dev/ttyUSB3 crw-rw---- 1 root dialout 188, 4 Aug 20 11:47 /dev/ttyUSB4
Setting up serial communication
apt-get install -y minicom
#!/bin/bash
# /root/.minirc/mkall
HERE="$(cd $(dirname ${BASH_SOURCE[0]}); pwd)"
for device in $(cd /dev; ls ttyUSB∗); do
[ ! -d "${HERE}/${device}" ] && mkdir -p "${HERE}/${device}"
for speed in 9600 19200 38400 115200 57600; do
[ ! -d "${HERE}/${device}/${speed}" ] && mkdir -p "${HERE}/${device}/${speed}"
[ ! -f "${HERE}/${device}/${speed}/8n1" ] && cat<< EOF > "${HERE}/${device}/${speed}/8n1"
# Machine-generated file - use setup menu in minicom to change parameters.
pu port /dev/${device} pu baudrate ${speed}
pu bits 8
pu parity N
pu stopbits 1
pu rtscts No
EOF
done
done
for conf in $(find .minirc/ttyUSB4 -type f); do [ -h .minirc.probe ] && rm .minirc.probe; ln -s ${conf} .minirc.probe; minicom probe; echo -n "Keep ${conf} (y/n)? "; read trash; [ "${trash}" == "y" ] && break; done
Keep .minirc/ttyUSB4/115200/8n1 (y/n)? y root@raspberrypi:~# mv .minirc.probe .minirc.edge02
[ ! -h ~/.minirc.nas06 ] && ( cd ${HOME}; ln -s .minirc/ttyUSB0/115200/8n1 .minirc.nas06 )
[ ! -h ~/.minirc.apu4.01 ] && ( cd ${HOME}; ln -s .minirc/ttyUSB1/115200/8n1 .minirc.apu4.01 )
[ ! -h ~/.minirc.apu4.02 ] && ( cd ${HOME}; ln -s .minirc/ttyUSB2/115200/8n1 .minirc.apu4.02 )
[ ! -h ~/.minirc.edge01 ] && ( cd ${HOME}; ln -s .minirc/ttyUSB3/115200/8n1 .minirc.edge01 )
[ ! -h ~/.minirc.edge01 ] && ( cd ${HOME}; ln -s .minirc/ttyUSB3/115200/8n1 .minirc.edge02 )
Now you should have consoles on the NAS, both edge switches, and both OpenBSD boxes.
The machines behind this one will need to route through the deployer until we have our OpenBSD boxes online.
</pre> echo “1” > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE apt-get install -y iptables-persistent iptables-save > /etc/iptables/rules.v4 </pre>