Merge pull request #13 from pkorovin/final_steps

Final steps

README.md

@@ -18,9 +18,6 @@ Still some mad regexp about how to the find the connected tap(4) interface
 
 If you find something, please use ``make vmb'' and include the log.
 
-## ports(7)
-A ports Makefile is under development and might pop up with 6.7 latest.
-
 # Remarks
 This is heavily based on https://github.com/m110/packer-builder-hcloud and
 https://github.com/prep/packer-builder-vmm

builder/openbsd-vmm/config.go

@@ -15,8 +15,8 @@ import (
 )
 
 const (
-	_DISK_QCOW2 = "qcow2"
-	_DISK_RAW   = "raw"
+	_DISK_QCOW2           = "qcow2"
+	_DISK_RAW             = "raw"
 	_GENFILES_DEFAULT_EXT = "pkr.in"
 )
 
@@ -30,7 +30,6 @@ type Config struct {
 
 	VMName     string `mapstructure:"vm_name"      required:"true"`
 	VMTemplate string `mapstructure:"vm_template"  required:"true"` // vmctl -t
-	Console    bool   `mapstructure:"console"`                      // vmctl -c
 	BootDevice string `mapstructure:"boot_device"`                  // vmctl -B
 	Boot       string `mapstructure:"boot"`                         // vmctl -b
 	CdRom      string `mapstructure:"cdrom"`                        // vmctl -r
@@ -44,7 +43,7 @@ type Config struct {
 	UserData string `mapstructure:"user_data"`
 
 	GenFilesExtension string `mapstructure:"gen_files_extension"`
-	GenFilesPattern string `mapstructure:"gen_files_pattern"`
+	GenFilesPattern   string `mapstructure:"gen_files_pattern"`
 
 	ctx interpolate.Context
 }

builder/openbsd-vmm/step_gen_files.go

@@ -68,7 +68,7 @@ func (step *stepGenFiles) Run(ctx context.Context, state multistep.StateBag) mul
 			return nil
 		}
 
-		matched, err := filepath.Match(GenFilesPattern + "*." + GenFilesExtension, fileinfo.Name())
+		matched, err := filepath.Match(GenFilesPattern+"*."+GenFilesExtension, fileinfo.Name())
 
 		if matched {
 			lines, err := scanLines(path)
@@ -77,7 +77,7 @@ func (step *stepGenFiles) Run(ctx context.Context, state multistep.StateBag) mul
 				return err
 			}
 
-			newfile, err := os.OpenFile(strings.TrimSuffix(path, "." + GenFilesExtension), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
+			newfile, err := os.OpenFile(strings.TrimSuffix(path, "."+GenFilesExtension), os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
 			if err != nil {
 				state.Put("error", fmt.Errorf("Error writing output file: %s", err))
 				return err

examples/README.examples

@@ -0,0 +1,47 @@
+To test/use example templates located in packer folder:
+
+1. Configure vmd(8), httpd(8), unbound(8) and pf(4) appropriately.
+
+DNS queries from VMs are redirected using pf(4) to host's unbound(8) which also
+serves serves "local." DNS zone. Host's httpd(8) serves OpenBSD installation
+files and packages and is available for VMs as at http://openbsd.local.
+
+Both httpd(8) and unbound(8) are configured to listen on vether0 (100.64.0.1/10).
+
+Packer dynamically creates VM instances using parent VM template defined in
+vm.conf(5). Example templates use VM "generic" as parent VM template and
+"packer_user" as template owner and packer builder account, change it to your
+preference.
+
+2. Create directories for ISO images, packer templates, logs and output:
+
+	# mkdir /home/_vmd/_iso
+	# chown -R packer_user /home/_vmd
+
+	$ mkdir -p ~/.config/packer
+	$ mkdir -p ~/.log/packer
+
+and set your environment, see packer.env.sample
+
+3. Download/copy/check required ISO images and installation files to configured
+locations.
+
+4. Copy Packer templates to $PACKER_CONFIG_DIR:
+
+	$ cp -R packer/* $PACKER_CONFIG_DIR
+
+5. Check templates configuration, change vars where necessary (paths, ssh_user,
+etc). Note that common vars are defined/set in $PACKER_CONFIG_DIR/*.hcl files
+and symlinked from each template direcrory. OS/build-specific variables are set
+in template's pkr.hcl config.
+
+6. Check/edit _http/* autoinstall templates; copy your authorized_keys file
+to $PACKER_CONFIG_DIR/_http.
+
+7. Run packer:
+
+	$ cd $PACKER_CONFIG_DIR
+	$ packer build alpine-base
+	$ packer build centos-base
+	$ packer build openbsd-base
+	$ packer build openbsd-dev

examples/etc/hostname.vether0.sample

@@ -0,0 +1,2 @@
+inet 100.64.0.1 255.192.0.0 NONE
+!ifconfig bridge0 add \$if up

examples/etc/httpd.conf.sample

@@ -0,0 +1,10 @@
+server "openbsd.local" {
+  listen on vether0 port www
+  log style combined
+  root "/htdocs/openbsd"
+  location "/snapshots/amd64/" { directory auto index }
+  location "/snapshots/packages/amd64/all/" { directory auto index }
+  location "/snapshots/amd64/SHA256.sig" { no log }
+}
+
+types { include "/usr/share/misc/mime.types" }

examples/etc/pf.conf.sample

@@ -0,0 +1,12 @@
+vmd_local_prefix = "100.64.0.0/10"
+vmd_dns = "100.64.0.1"
+
+set skip on vether0
+
+match out on egress inet from $vmd_local_prefix to any nat-to (egress:0)
+
+pass in quick on tap inet proto tcp from $vmd_local_prefix to any port domain rdr-to $vmd_dns port domain
+pass in quick on tap inet proto udp from $vmd_local_prefix to any port domain rdr-to $vmd_dns port domain
+pass out
+
+block in log

examples/etc/unbound/unbound.conf

@@ -0,0 +1,76 @@
+# $OpenBSD: unbound.conf,v 1.19 2019/11/07 15:46:37 sthen Exp $
+
+server:
+	#interface: 127.0.0.1
+	#interface: 127.0.0.1@5353	# listen on alternative port
+	#interface: ::1
+	#do-ip6: no
+
+	# override the default "any" address to send queries; if multiple
+	# addresses are available, they are used randomly to counter spoofing
+	#outgoing-interface: 192.0.2.1
+	#outgoing-interface: 2001:db8::53
+
+	access-control: 0.0.0.0/0 refuse
+	access-control: 127.0.0.0/8 allow
+	access-control: ::0/0 refuse
+	access-control: ::1 allow
+
+	hide-identity: yes
+	hide-version: yes
+
+	# Perform DNSSEC validation. Comment out the below option to disable.
+	#
+	auto-trust-anchor-file: "/var/unbound/db/root.key"
+	val-log-level: 2
+
+	# Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains
+	# https://tools.ietf.org/html/rfc8198
+	#
+	aggressive-nsec: yes
+
+	include: "/var/unbound/etc/unbound.conf.local"
+
+	# Serve zones authoritatively from Unbound to resolver clients.
+	# Not for external service.
+	#
+	#local-zone: "local." static
+	#local-data: "mycomputer.local. IN A 192.0.2.51"
+	#local-zone: "2.0.192.in-addr.arpa." static
+	#local-data-ptr: "192.0.2.51 mycomputer.local"
+
+	# UDP EDNS reassembly buffer advertised to peers. Default 4096.
+	# May need lowering on broken networks with fragmentation/MTU issues,
+	# particularly if validating DNSSEC.
+	#
+	#edns-buffer-size: 1480
+
+	# Use TCP for "forward-zone" requests. Useful if you are making
+	# DNS requests over an SSH port forwarding.
+	#
+	#tcp-upstream: yes
+
+	# CA Certificates used for forward-tls-upstream (RFC7858) hostname
+	# verification.  Since it's outside the chroot it is only loaded at
+	# startup and thus cannot be changed via a reload.
+	#tls-cert-bundle: "/etc/ssl/cert.pem"
+
+remote-control:
+	control-enable: yes
+	control-interface: /var/run/unbound.sock
+
+# Use an upstream forwarder (recursive resolver) for some or all zones.
+#
+#forward-zone:
+#	name: "."				# use for ALL queries
+#	forward-addr: 192.0.2.53		# example address only
+#	forward-first: yes			# try direct if forwarder fails
+
+# Use an upstream DNS-over-TLS forwarder and do not fall back to cleartext
+# if that fails.
+#forward-zone:
+#	name: "."
+#	forward-tls-upstream: yes		# use DNS-over-TLS forwarder
+#	forward-first: no			# do NOT send direct
+#	# the hostname after "#" is not a comment, it is used for TLS checks:
+#	forward-addr: 192.0.2.53@853#resolver.hostname.example

examples/etc/unbound/unbound.conf.local

@@ -0,0 +1,14 @@
+interface: 100.64.0.1
+access-control: 100.64.0.0/10 allow
+
+private-address: 10.0.0.0/8
+private-address: 100.64.0.0/10
+private-address: 172.16.0.0/12
+private-address: 192.168.0.0/16
+private-address: 169.254.0.0/16
+private-address: fd00::/8
+private-address: fe80::/10
+
+private-domain: "local"
+local-zone: "local." static
+include: "/var/unbound/etc/zone.local"

examples/etc/unbound/zone.local

@@ -0,0 +1,2 @@
+local-data: "openbsd.local.	IN A 100.64.0.1"
+local-data: "dev.local.		IN A 100.64.0.100"

examples/etc/vm.conf.sample

@@ -0,0 +1,18 @@
+switch "local" {
+	interface bridge0
+}
+
+vm generic {
+	disable
+	owner packer_user
+	allow instance { boot, cdrom, disk, instance, interface, memory }
+	memory 1G
+	disk /dev/null
+}
+
+#vm generic instance dev {
+#	disable
+#	memory 4G
+#	disk /home/_vmd/openbsd-dev.qcow2
+#	interface tap { switch "local" }
+#}