Upgrade encrypted OpenBSD to 6.2 in Vultr hosting

Because OVH hosting as damm slow, I tested Vultr hosting (because they are *BSD friendly). I first tried OpenBSD 6.2-beta, then upgraded to 6.2. Of course, root is encrypted. Here’re my notes.

Install OpenBSD with encrypted root on Vultr

Create the VM

Log into Vultr web interface. In the “Servers” section, click “+”. Choose a “Server Location” ; I used “France”. Select the “OpenBSD 6” server type. Decide which “Server Size” fits your needs ; I use “25GB SSD (1 CPU / 1024MB Memory)”.

There are a few optionnal nice things to do:

  • Additional Features = Enable IPv6
  • SSH Keys = Upload and Select public key to deploy
  • Set Server Hostname & Label

It’s now time to hit the [Deploy Now] button and “Wait until installed…”

This will give you a standard default OpenBSD install. There may also be some hidden specific settings tuned under the KVM hood. Stop the server and be ready to install encrypted -BETA.

Install the encrypted system

Still using the Vultr web interface, Select the server and browse to “Select Settings / Custom ISO”. In “Custom ISO”, select the install -BETA iso you uploaded. Attach the ISO and reboot. Now open the console.

There are no mystery here. Just read, understand and follow the official directions.

In my case, it went this way:

Welcome to the OpenBSD/amd64 X.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s

# dd if=/dev/random of=/dev/rsd0c bs=1m

# fdisk -iy sd0

# disklabel -E sd0
Label editor (enter '?' for help at any prompt)
> a a 
offset: [64]
size: [52420031] *
FS type: [4.2BSD] RAID
> w
> q
No label changes.

# bioctl -c C -l sd0a softraid0
New passphrase:
Re-type passphrase:
sd1 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
sd1: 25595MB, 512 bytes/sector, 52419503 sectors
softraid0: CRYPTO volume attached as sd1

# cd /dev && sh MAKEDEV sd1

# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1

# exit

Welcome to the OpenBSD/amd64 X.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? i

Choose your keyboard layout [default] ENTER


Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0] sd1


CONGRATULATIONS! Your OpenBSD install has been successfully completed!

# halt

The system is installed. In the Web interface, select the instance and click [Stop]. Select “Server Details”, then “Settings”, then “Custom ISO”. Hit the [Remove ISO] button. The server will reboot.

Connect to the console. Enter your passphrase (using EN keyboard) and you’re set.

Upgrade the encrypted system

When OpenBSD 6.2 was released, I went for the upgrade process.

Log in to the server and download bsd.rd. Then reboot.

Using the Web console, enter the passphrase and select “boot: bsd.rd” to launch the installer.

The first thing to do is create the root device ; where your system is installed.

Welcome to the OpenBSD/amd64 X.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s

# cd /dev
# sh MAKEDEV sd1
# exit

The second thing to do is to launch the upgrade process.

Welcome to the OpenBSD/amd64 X.X installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? u

Which disk is the root disk? sd1


CONGRATULATIONS! Your OpenBSD install has been successfully completed!

# reboot

And that’s all. “Hey, what did you expect?” ©

Hopefully, the server will reboot and everything will be ok.

Activate syspatch and openup. They were not available for -BETA release.

Check and upgrade your packages. And go back to real life. OpenBSD takes care of the rest!

BTW, the dmesg is available here.

Author: Joel Carnat

#work Technical Architect and SysAdmin #geek OpenBSD and Open Source + Free Software #fun Karate, Kobudo, Jodo, Bodyweight workout, Photography

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.