We're taking a little break in our series "GPU/PCI Passthrough on Proxmox", I must say that the fourth article on OpenBSD gave me a hard time. So I thought it was an opportunity to take stock of the different methods of installing OpenBSD on our favorite hypervisor. We will consider different scenarios depending on the types of BIOS available under Proxmox (OVMF, SEABIOS); different OpenBSD installation images; and, finally, we'll talk about the thorny subject of OpenBSD's compatibility with Cloud-init.
# Focus on the different installation images
OpenBSD offers many images, it is not necessarily easy to find them. The idea is not so much to provide an exhaustive description of all the installation images, as to specify a few points on the most suitable images depending on the use cases for an installation.
So let's start, in the set of images offered by OpenBSD, I would retain the following:
- install73.img The most complete installation image, containing the essential packages to install the system, BIOS/UEFI compatible.
- install73.iso An image more suitable for CD format also contains most of the packages to install the system, however this image is not compatible with an installation in UEFI.
- cd73.iso and miniroot73.img Are the lighter versions of the aforementioned images (by analogy they could be compared to a “Netinstall” image from Debian).
All of these images support the main architectures (amd64, arm64, i386), except for the arm64[ architecture /b] for ISO images.
# Install (BIOS/UEFI)
## Importing OpenBSD images
I will use install73.iso for BIOS mode installation and install73.img for UEFI mode installation. You can absolutely use install73.img for both types of installation, but in the context of this article I wanted to present the widest range of installation methods (with their subtleties for some) .
## Creation of VMs
BIOS
Explanations:
- agent 1,type=isa Special configuration of the QEMU agent, via the ISA serial port.
- bios seabios (i440fx machine) The default configuration for QEMU hosts.
- boot order='ide0;scsi0' We define a classic boot order (the installation medium first).
- ide0 PVE1:iso/install73.iso,media=cdrom Location of the installation disk.
UEFI
Explanations:
- bios ovmf and machine q35 The alternative firmware to Seabios will be better suited, especially if you want to use PCIe peripherals.
- boot order='scsi0;ide0' For the boot order, we place the installation disk in second position.
- efidisk0 local-lvm:0 the necessary EFI partition, for any type of UEFI installation.
We will also need to import the installation image in RAW format, which we will place in ide0.
# Installation process
## BIOS/UEFI Common Settings
launching the installer
Network Setup
[h3]Root account definition[/h3]
Enabling basic services (xorg/sshd/xenodm)
Definition of a user
Security configuration for SSH
Timezone
## Partitioning and installing the base system in BIOS mode
We start by defining the destination disk for the installation sd0, if you're not sure which disk to select you can list them with '?', then the disk partitioning method (MBR). Finally, select the automatic partitioning proposal [a].
To install the system, we will have to indicate where the basic packages are stored, in cd0 in this case, which corresponds to our ide0 PVE1:iso/install73.iso , finally have bypassed the SHAZ56.sig verification to install the whole thing.
## Partitioning and installing the base system in UEFI mode
We start by defining the destination disk for the installation sd0, if you're not sure which disk to select you can list them with '?', then we select the partitioning method (GPT). Finally, select the automatic partitioning proposal [a].
Have defined this time disk as the location type for the package-set then in the list of available disks we will select the only available disk not being sd0 by occurrence wd0, which corresponds to ours ide0 PVE1:iso/install73.img.
## Post installation
For the BIOS VM, you can shut it down directly and disconnect the installation disk:
For the UEFI VM, I recommend simply restarting it from the console, and not removing the installation disk (openbsd seems to need it at boot time).
Once our VMs are started, we will still need to go through some configurations for the QEMU agent.
# Cloud-init and OpenBSD “Cloud” image
Now let's come to the painful subject of compatibility between OpenBSD and Cloud-init, officially OpenBSD does not offer a “Cloud” image preconfigured with Cloud-init nor a package for the latter. However, various projects offer unofficial implementations, notably here https://bsd-cloud-image.org.
This is how I did it:
I start by creating my template
Explanations:
- sshkey /root/.ssh/id_rsa.pub: We import our SSH key, which gives us access other than the SERIAL output.
- serial0 socket & vga serial0: set the default display to serial console output (default configuration for cloud-init).
- boot order=‘scsi0’: We define the boot order on the OpenBSD cloud image, which we will then import into our configuration.
- ide0 local-lvm:cloudinit Cloud-init disk location.
I download the OpenBSD cloud image from https://bsd-cloud-image.org, and run the import command.
I create my configuration file for Cloud-init, as I did in my previous article GPU passtrought under Proxmox VE - Debian 12 (Part. 02x04) I am going to store my config file in "/mnt/pve/PVE1/snippets", relative to my particular configuration (mount point to my NAS). In your preferred case the native path “/var/lib/vz/snippets”.
- We define a new user with superuser rights
- We import our ssh key for the new user (is not necessary, but this allows us to maintain SSH access to our VM just in case)
- Finally, we placed the last post installation commands in the runcmd section. Be careful though, as the console output (for cloud-init) already occupies serial0 we will have to select another serial port for ISA in this case /dev/cua01.
In addition to passing our configuration file, we will additionally define the IP assignment type with the commands.
In your case, for the last command, use instead (default path for the “snippets” folder):
I do a little resize on the QCOW2 image then we start the VM, and our OpenBSD is ready for use.
We are staying with this minimum configuration for the moment, as for PCI Passthrough support and template management, this will be the subject of the next article.
# Focus on the different installation images
OpenBSD offers many images, it is not necessarily easy to find them. The idea is not so much to provide an exhaustive description of all the installation images, as to specify a few points on the most suitable images depending on the use cases for an installation.
So let's start, in the set of images offered by OpenBSD, I would retain the following:
- install73.img The most complete installation image, containing the essential packages to install the system, BIOS/UEFI compatible.
- install73.iso An image more suitable for CD format also contains most of the packages to install the system, however this image is not compatible with an installation in UEFI.
- cd73.iso and miniroot73.img Are the lighter versions of the aforementioned images (by analogy they could be compared to a “Netinstall” image from Debian).
All of these images support the main architectures (amd64, arm64, i386), except for the arm64[ architecture /b] for ISO images.
# Install (BIOS/UEFI)
## Importing OpenBSD images
I will use install73.iso for BIOS mode installation and install73.img for UEFI mode installation. You can absolutely use install73.img for both types of installation, but in the context of this article I wanted to present the widest range of installation methods (with their subtleties for some) .
Code:
wget -P /mnt/pve/PVE1/template/iso/ https://ftp.openbsd.org/pub/OpenBSD/7.3/amd64/install73.img https://ftp.openbsd.org/pub/ OpenBSD/7.3/amd64/install73.isoBIOS
Code:
qm create 109 \
--name obsd-bios \
--agent 1,type=isa \
--memory 2192 \
--bios seabios \
--sockets 1 --cores 2 \
--cpu kvm64 \
--net0 virtio,bridge=vmbr0 \
--scsihw virtio-scsi-single \
--boot order='ide0;scsi0' \
--scsi0 local-lvm:35 \
--ide0 PVE1:iso/install73.iso,media=cdrom- agent 1,type=isa Special configuration of the QEMU agent, via the ISA serial port.
- bios seabios (i440fx machine) The default configuration for QEMU hosts.
- boot order='ide0;scsi0' We define a classic boot order (the installation medium first).
- ide0 PVE1:iso/install73.iso,media=cdrom Location of the installation disk.
UEFI
Code:
qm create 110\
--name obsd-uefi \
--agent 1,type=isa\
--memory 2192 \
--bios ovmf \
--machine q35 \
--sockets 1 --cores 2 \
--cpu kvm64 \
--net0 virtio,bridge=vmbr0 \
--scsihw virtio-scsi-single \
--boot order='scsi0;ide0' \
--efidisk0 local-lvm:0 \
--scsi0 local-lvm:35- bios ovmf and machine q35 The alternative firmware to Seabios will be better suited, especially if you want to use PCIe peripherals.
- boot order='scsi0;ide0' For the boot order, we place the installation disk in second position.
- efidisk0 local-lvm:0 the necessary EFI partition, for any type of UEFI installation.
We will also need to import the installation image in RAW format, which we will place in ide0.
Code:
qm set 110 --ide0 local-lvm:0,import-from=/mnt/pve/PVE1/template/iso/install73.img# Installation process
## BIOS/UEFI Common Settings
launching the installer
Code:
Welcome to the OpenBSD/amd64 7.3 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
choose your keyboard layout (’?’ or ’L’ for list) [default] en
Systemhostname? (short form, e.g. *foo’) openbsdNetwork Setup
Code:
Available network interfaces are: vio0 vlan0.
Network interface to configure? (name, lladdr, '?', or 'done') [vio0]
IPv4 address for vioO? (or 'autoconf' or 'none') [autoconf]
IPv6 address for vioO? (Cor 'autoconf' or 'none') [none]
Network interface to configure? (name, lladdr, '?', or 'done') [done]
Code:
Password for root account? (will not echo)
Password for root account? (again)Enabling basic services (xorg/sshd/xenodm)
Code:
Start sshd(8) by default? [yes]
Do you expect to run the X Window System? [yes]
Do you want the X Window System to be started by xenodm(1)? [no]
Change the default console to com0? [no]Definition of a user
Code:
Setup a user? (enter a lower-case loginname, or ’no’) [no] openbsd
Full name for user openbsd? [openbsd] openbsd
Password for user openbsd? (will not echo)
Password for user openbsd? (again)Security configuration for SSH
Code:
Allow root ssh login? (yes, no, prohibit-password) [no]Timezone
Code:
What timezone are you in? (’?’ for list) [Europe/Paris]## Partitioning and installing the base system in BIOS mode
We start by defining the destination disk for the installation sd0, if you're not sure which disk to select you can list them with '?', then the disk partitioning method (MBR). Finally, select the automatic partitioning proposal [a].
Code:
Available disks are: sdO. Encrypt the root disk? (disk, ‘no’ or ’?’ for details) [no]
Which disk is the root disk? (’?’ for details) [sd0]
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
Setting OpenBSD MBR partition to whole sdO...done. The auto-allocated layout for sdO is:
# size offset fstype [fsize bsize cpg]
a: 1.0G 512 4.2B5SD 2048 16384 1 # /
b: 2.5G 2097664 Swap
c: 35 .0G O unused
d: 2.1G 7352384 4.2BSD 2048 16384 1 # /tmp
e: 3.2G 11670784 4.2B5D 2048 16384 1 # /var
f: 3.9G 18452736 4.2B5D 2048 16384 1 # /usr
g: 1.0G 26615584 4.2BSD 2048 16384 1 # /usr/X11R6
h: 4.6G 28712736 4.2BSD 2048 16384 1 # /usr/local
i: 2.0G 38446176 4.2BSD 2048 16384 1 # /usr/src
j: 6.0G 42536320 4.2BSD 2048 16384 1 # /usr/obj
k: 6.7G 55058400 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]To install the system, we will have to indicate where the basic packages are stored, in cd0 in this case, which corresponds to our ide0 PVE1:iso/install73.iso , finally have bypassed the SHAZ56.sig verification to install the whole thing.
Code:
Let’s install the sets?
Location of sets? (cd0 disk http nfs or ’done’) [cd0]
Pathname to the sets? (Cor ’done’) [7.3/amd64]
Select sets by entering a set name, a file name pattern or ‘all’. De-select
sets by prepending a ’-’, e.g.: *-gamex’. Selected sets are labeled '[X]'.
[X] bsd [X] base73.tgz [X] game73.tgz [X] xfont73.tgz
[X] bsd.mp [X] comp73.tgz [X] xbase73.tgz [X] xserv73.tgz
[X] bsd.rd [X] man73.tgz [X] xshare73.tgz
Set name(s)? (Cor ’abort’ or ’done’) [done]
Directory does not contain SHAZ56.sig. Continue without verification? [drowned
Location of sets? (cdO disk http nfs or ’done’) [done]
CONGRATULATIONS! Your OpenBSD install has been successfully completed
When you login to your new system the first time, please read your mail using the ’mail’ command.
Exit to (S)hell, (H)alt or (R)eboot? [reboot]## Partitioning and installing the base system in UEFI mode
We start by defining the destination disk for the installation sd0, if you're not sure which disk to select you can list them with '?', then we select the partitioning method (GPT). Finally, select the automatic partitioning proposal [a].
Code:
Available disks are: sdO. Encrypt the root disk? (disk, ‘no’ or ’?’ for details) [no]
Which disk is the root disk? (’?’ for details) [sd0] # defined here the destination disk for the installation
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [gpt]
Setting OpenBSD MBR partition to whole sdO...done. The auto-allocated layout for sdO is:
# size offset fstype [fsize bsize cpg]
a: 1.0G 512 4.2B5SD 2048 16384 1 # /
b: 2.5G 2097664 Swap
c: 35 .0G O unused
d: 2.1G 7352384 4.2BSD 2048 16384 1 # /tmp
e: 3.2G 11670784 4.2B5D 2048 16384 1 # /var
f: 3.9G 18452736 4.2B5D 2048 16384 1 # /usr
g: 1.0G 26615584 4.2BSD 2048 16384 1 # /usr/X11R6
h: 4.6G 28712736 4.2BSD 2048 16384 1 # /usr/local
i: 2.0G 38446176 4.2BSD 2048 16384 1 # /usr/src
j: 6.0G 42536320 4.2BSD 2048 16384 1 # /usr/obj
k: 6.7G 55058400 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]Have defined this time disk as the location type for the package-set then in the list of available disks we will select the only available disk not being sd0 by occurrence wd0, which corresponds to ours ide0 PVE1:iso/install73.img.
Code:
Let’s install the sets?
Location of sets? (cd0 disk http nfs or 'done') [http] disk
Is the disk partition already mounted? [yes] no
Available disks are: sd0 sd1.
Which disk contains the install media? (or ''done') [sd1]
a: 1358848 18624 4.2BSD 2048 16384 16142
i: 960 64 MSDOS
Available sd1 partitions are: a i.
which sd1 partition has the install sets? (or ‘done’) [a]
Pathname to the sets? (or 'done') [7.3/amd64]
Select sets by entering a set name, a file name pattern or ‘all’. De-select
sets by prepending a ’-’, e.g.: *-gamex’. Selected sets are labeled '[X]'.
[X] bsd [X] base73.tgz [X] game73.tgz [X] xfont73.tgz
[X] bsd.mp [X] comp73.tgz [X] xbase73.tgz [X] xserv73.tgz
[X] bsd.rd [X] man73.tgz [X] xshare73.tgz
Set name(s)? (Cor ’abort’ or ’done’) [done]
Directory does not contain SHAZ56.sig. Continue without verification? [drowned
Location of sets? (cdO disk http nfs or ’done’) [done]
CONGRATULATIONS! Your OpenBSD install has been successfully completed
When you login to your new system the first time, please read your mail using the ’mail’ command.
Exit to (S)hell, (H)alt or (R)eboot? [reboot]## Post installation
For the BIOS VM, you can shut it down directly and disconnect the installation disk:
Code:
qm stop 109 && qm set 109 --delete ide0
qm start 109For the UEFI VM, I recommend simply restarting it from the console, and not removing the installation disk (openbsd seems to need it at boot time).
Once our VMs are started, we will still need to go through some configurations for the QEMU agent.
Code:
# Check the IP address (will be useful for me to pass the rest of the config via SSH)
ifconfig
# Installation of the QEMU agent
pkg_add qemu-ga
# Configure ISA QEMU Guest agent
cat <<'EOF' >> /etc/rc.conf.local
pkg_scripts=qemu_ga
qemu_ga_flags="-t /var/run/qemu-ga -m isa-serial -p /dev/cua00 -f /var/run/qemu-ga/qemu-ga.pid"
EOF
# Activation of the QEMU Guest agent service
/etc/rc.d/qemu_ga stop && /etc/rc.d/qemu_ga start# Cloud-init and OpenBSD “Cloud” image
Now let's come to the painful subject of compatibility between OpenBSD and Cloud-init, officially OpenBSD does not offer a “Cloud” image preconfigured with Cloud-init nor a package for the latter. However, various projects offer unofficial implementations, notably here https://bsd-cloud-image.org.
This is how I did it:
I start by creating my template
Code:
qm create 112 \
--name obsd-ci \
--agent 1,type=isa\
--memory 2192\
--bios seabios \
--boot order='scsi0' \
--sockets 1 --cores 2 \
--net0 virtio,bridge=vmbr0 \
--ide0 local-lvm:cloudinit\
--sshkey /root/.ssh/id_rsa.pub\
--scsihw virtio-scsi-pci\
--serial0 socket \
--vga serial0- sshkey /root/.ssh/id_rsa.pub: We import our SSH key, which gives us access other than the SERIAL output.
- serial0 socket & vga serial0: set the default display to serial console output (default configuration for cloud-init).
- boot order=‘scsi0’: We define the boot order on the OpenBSD cloud image, which we will then import into our configuration.
- ide0 local-lvm:cloudinit Cloud-init disk location.
I download the OpenBSD cloud image from https://bsd-cloud-image.org, and run the import command.
Code:
wget -P /mnt/pve/PVE1/template/iso https://object-storage.public.mtl1.vexxhost.net/swift/v1/1dbafeefbd4f4c80864414a441e72dd2/bsd-cloud-image.org/images/openbsd/ 7.3/2023-04-22/ufs/openbsd-7.3-2023-04-22.qcow2
Code:
qm set 112 --scsi0 local-lvm:0,import-from=/mnt/pve/PVE1/template/iso/openbsd-7.3-2023-04-22.qcow2- We define a new user with superuser rights
- We import our ssh key for the new user (is not necessary, but this allows us to maintain SSH access to our VM just in case)
- Finally, we placed the last post installation commands in the runcmd section. Be careful though, as the console output (for cloud-init) already occupies serial0 we will have to select another serial port for ISA in this case /dev/cua01.
Code:
cat << EOF >> /mnt/pve/PVE1/snippets/obsd73.yaml
#cloud-config
users:
- name: openbsd
gecos: openbsd
groups: wheel
ssh_authorized_keys:
$(cat /root/.ssh/authorized_keys | grep -E "^ssh" | xargs -iXX echo " - XX")
chpasswd:
expires: false
list:
- openbsd:PASSWORD
runcmd:
- pkg_add qemu-ga
- echo "pkg_scripts=qemu_ga" >> /etc/rc.conf.local
- echo 'qemu_ga_flags="-t /var/run/qemu-ga -m isa-serial -p /dev/cua01 -f /var/run/qemu-ga/qemu-ga.pid"' >> /etc/ rc.conf.local
- /etc/rc.d/qemu_ga stop && /etc/rc.d/qemu_ga start
EOF
Code:
qm set 112 --ipconfig0 ip=dhcp
qm set 112 --cicustom "vendor=PVE1:snippets/obsd73.yaml"
Code:
qm set 112 --cicustom "vendor=local:snippets/obsd73.yaml"
Code:
qm resize 112 scsi0 +10G
qm start 112We are staying with this minimum configuration for the moment, as for PCI Passthrough support and template management, this will be the subject of the next article.
Last edited: