Menu

Subscribe

/home/jeevanullas

Up in the Cloud!

openbsd on Eucalyptus

on Eucalyptus, openbsd

People love BSD and it bothers me, that  they cant run it on Eucalyptus private cloud inside their organisation. So, I took the challenge on  building an openbsd image (EMI) which we could then run on Eucalyptus.

The version of openbsd used is 5.2 amd64 and Eucalyptus 3.2.0 on CentOS 6.3. Note that there were problems with running an instance store backed EMI and hence I ended up running an instance from boot-from-EBS EMI.

For the sake of simplicity, this post is divided into 5 parts :

Part – 1 , Build the base image

First of all download the openbsd 5.2 install ISO from the following link:

ftp://ftp3.usa.openbsd.org/pub/OpenBSD/5.2/amd64/install52.iso

Next on your machine (having virt-manager and KVM), run virt-manager to create a new virtual machine, virt-manager provides an easy to use GUI based interface to create a virtual machine. The wizard based process is pretty slick, screenshots below shows the details that were given:

After this the VM would boot, and we need to just follow the installation process as we do normally for openbsd; I followed the following link:

http://www.openbsd.org/faq/faq4.html#More

Make sure you ensure the SSH and NTP services are installed and configured to start automatically at boot, this is really helpful, the only tricky part is the disk partitioning, I used a custom disk partitioning , using the disklabel ; following link would help do that

http://www.openbsd.org/faq/faq4.html#Moredisklabel

The need for a custom layout and a disk large as 10 GB (Check the wizard screenshot above) was because I planned on using the openbsd ports and install necessary software in my image.

Once the install is finished; just reboot the VM, next we will do some configuration

Part -2 Modify the base image, to include necessary tools and configuration

In my tests , I have found that you need VIRTIO enabled on the Node Controller (Eucalyptus) to make this openbsd EMI work; there are couple of things to do , to make sure the EMI works that way;

VIRTIO network driver if used creates a device file in the openbsd instance; vio0 , we need to make sure the network configuration is placed such that this device gets a DHCP provided IP address during boot, this is how we do it on openbsd

echo 'dhcp' > /etc/hostname.vio0

Next I followed this link here , to get ports installed and configured on this VM;

http://www.openbsd.org/faq/faq15.html#Ports

I basically put wget and curl inside the VM , because those help with getting meta-data from within the instance when it is running on Eucalyptus

Finally I put a custom version of rc.local in */etc *, to get the SSH keys working, for the sake of completeness I have uploaded it on github at the following URL;

https://github.com/jeevanullas/cloud-scripts/blob/master/rc.local

NOTE: The above script is copied and hacked together (to make it work on openbsd) from the original script available here https://github.com/eucalyptus/Eucalyptus-Scripts/blob/master/rc.local

I also made sure that the SSH configuration within opebsd strictly only allows for SSH key base authentication and not password by modifying the necessary configuration in /etc/ssh/sshd_config

Now shutdown the VM and copy the virtual disk file in /var/lib/libvirt/images/ for this VM to the Eucalyptus Storage Controller (SC)

Part -3 Upload the base image to Eucalyptus and get an EMI

From Eucalyptus side ; the first requirement is to make sure we use VIRTIO for everything on the NC, so on the NC , please make sure inside /etc/eucalyptus/eucalyptus.conf USEVIRTIO* is all set to 1

The openbsd EMI would be a boot-from-EBS (bfEBS) EMI because that is what works, the instance store backed EMI seems to not work due to natural reasons of kernel/ramdisk issues;

Next create a 10G volume on the Eucalyptus cloud and attach it to any running instance (any running instance, from any image), basically need to dump the image file for openbsd we got in Part -2 into the volume

euca-create-volume -s 10 -z cloud3

euca-attach-volume -d /dev/vdb -i i-05CB3829 vol-9B4F3F76

Now go on the SC and dd the openbsd image to the corresponding LV device for the volume you attached above (you need to figure out the LV for your volume ; its pretty easy if you have only 1 volume attached to an instance in the whole cloud, otherwise some manual work is involved IIRC)

dd if=openbsd-blog.img of=dev/vg-itL1qZZjVsCuLg../lv-D0fGsw..

Once the above is finished, detach the volume from the running instance and snapshot it

euca-detach-volume vol-9B4F3F76

euca-create-snapshot vol-9B4F3F76

Once the volume is snapshotted we can just register the EMI out of the same using;

euca-register -n "openbsd" --root-device-name /dev/sda1 -b /dev/sda1=snap-60FA3B94

This should give you an EMI-ID which you can run instance out off;

Part -4 Run an instance

Now we would run an instance from this EMI and check if we can access it over SSH;

euca-run-instances -k sshlogin -t m1.large emi-2D8A446A

ssh -i sshlogin root@10.104.3.1

There you go! Your own openbsd instance on your own Eucalyptus private cloud, with root access, start playing!

Part -5 Run eutester, Instance check on the EMI

This last part was little tricky to crack and there are some loose ends, which I would like help on, from the openbsd users/developers on internet;

Basically we run a set of tests on the EMI via the eutester test suite to verify the EMI, you can check out more on the test here;

https://github.com/eucalyptus/eutester/blob/testing/testcases/cloud_user/instances/instancetest.py

The results for the test is stored here;

https://github.com/eucalyptus/image-verification-results

For openbsd there were 3 things that failed

  • Instance meta-data does not return any ramdisk ID – This is natural as there is no ramdisk associated with the bfEBS EMI
  • Ephemeral storage was not found – Apparently the check to find the ephemeral storage does a ; ls -l /dev/sda2 , this device does not exist on the openbsd instance, so it failed
  • EBS Volume attach fails – This is important, because as soon as the volume gets attached to the running openbsd instance , the instance is not reachable over SSH or via console, it appears that the hotplug for disk is causing the kernel to panic, if we detach the volume and reboot (euca-reboot-instances) it comes to life again;

The result of the test are available on the following link:

https://github.com/jeevanullas/cloud-scripts/blob/master/openbsd-eutester-result

Hope this blog post is useful for the openbsd lovers and they would enjoy reading and running their favourite openbsd instances on top of Eucalyptus cloud without much hiccup;