Running OpenBSD 6.5 on Kimsufi KS-10
672 words, 4 minutes
The french company OVH provides Kimsufi dedicated servers. The KS-10 ships with Intel® Core™ i5-2300 and 16GB DDR3 of RAM. The main drawback is that there is no KVM-IP or HTML console. This means you can’t run FDE configuration. AFAIK. But in case you don’t care, there’s a way to install the “unsupported” OpenBSD release on those machines.
When the KS-10 has been subscribed, you have access to the Web management GUI. It allows to start, stop and run a rescue mode for the server. OpenBSD will be installed using the Linux rescue mode image and the qemu software that is available in the image.
Boot in rescue mode
From the Web GUI, in the “Server status” section, click the [Desactivate] button to disable monitoring during installation.
Then click the [ NetBoot ] button. Select the “Rescue” mode and the “rescue64-pro” image. Click [ Next ]. Review the rescue settings and click [ Confirm ].
Click the [ Restart ] button and confirm the action. Wait a few minutes to get an email containing directions to log in.
From a terminal, use SSH to connect to the server in rescue mode.
# ssh-keygen -R $_ip_address
# ssh root@$_ip_address
root@rescue:~#
root@rescue:~# export TERM=xterm-color
Install OpenBSD
From the rescue mode session, download the OpenBSD media and reset the server’s disk.
root@rescue:~# wget https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/install65.iso
root@rescue:~# wget https://cdn.openbsd.org/pub/OpenBSD/6.5/amd64/SHA256
root@rescue:~# sha256sum -c SHA256 2>&1 | grep OK
install65.iso: OK
root@rescue:~# dd if=/dev/urandom of=/dev/sda count=4096
4096+0 records in
4096+0 records out
2097152 bytes (2.1 MB) copied, 0.0675546 s, 31.0 MB/s
Use Qemu to boot the OpenBSD iso file and install to the physical disk. Qemu can be told to emulate SATA drive (instead of the defaut IDE one) and use a text interface rather than VNC to access the console.
root@rescue:~#
Welcome to the OpenBSD/amd64 6.5 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
(...)
Available network interfaces are: em0 vlan0.
Which network interface do you wish to configure? (or 'done') []
IPv4 address for em0? (or 'dhcp' or 'none') []
em0: bound to 10.0.2.15 from 10.0.2.2 (52:55:0a:00:02:02)
IPv6 address for em0? (or 'autoconf' or 'none') [none] autoconf
Available network interfaces are: em0 vlan0.
Which network interface do you wish to configure? (or 'done') [done] done
(...)
Available disks are: sd0.
Which disk is the root disk? ('?' for details) [] sd0
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
Setting OpenBSD MBR partition to whole sd0...done.
(...)
CONGRATULATIONS! Your OpenBSD install has been successfully completed!
When you login to your new system the first time, please read your mail
using the 'mail' command.
There’s nothing special about installing OpenBSD here. Everything goes straightforward. One can use DHCP or fixed IP configuration. When the installation is finished, simply halt the process.
syncing disks... done
The operating system has halted.
Please press any key to reboot.
To get out of qemu and terminate the installation process, hit the “Alt+Shift+2” keys. Then enter the “quit” command. From there, we’re back in the rescue mode console.
There is a way to test the OpenBSD installation before blindly rebooting the server.
(...)
openbsd# halt
syncing disks... done
The operating system has halted.
Please press any key to reboot.
That runs the installed OpenBSD instance from within Qemu. This can be used in case OpenBSD won’t boot and you need to debug the boot process.
Booting OpenBSD on Kimsufi KS-10
Now that the installation boots in Qemu, we can boot OpenBSD on the real hardware. From the Web GUI, click the [ NetBoot ] button, click the [ Hard disk ] button, then [ Next ] and confirm the change.
From the rescue console, issue a “reboot” command and wait a few moments for the server to boot OpenBSD. So far, everything went smooth. The monitoring can be enabled again. You’ll notice some regular pings from OVH infrastructure.
Some hardware informations: dmesg , ifconfig , pcidump , sysctl output.
Not sure I’ll use it as I can’t enable FDE. I’d rather pop smaller encrypted VC2 from Vultr.