OpenBSD automatic upgrade

    

OpenBSD 6.5 advertises for an installer improvement: rdsetroot(8) (a build-time tool) is now available for general use. Used in combination with autoinstall.8 , it is now really easy to do automatic upgrades of your OpenBSD instances.

I first manually upgraded my OpenBSD sandbox to 6.5. Once that was done, I could use the stock rdsetroot(8) tool. The plan is quite simple: write an unattended installation response file, insert it to a bsd.rd 6.5 installation image and reboot my other OpenBSD instances using that image.

Preparing the ramdisk image

Mount the “live environnement” image from the ramdisk kernel:

# doas rdsetroot -x /bsd.rd > disk.fs
# doas vnconfig vnd0 disk.fs
# doas mount /dev/vnd0a /mnt

Create and put the response file in the disk image:

# doas sh -c "cat > /mnt/auto_upgrade.conf"
Which disk is the root disk = <em>sd0</em>
Force checking of clean non-root filesystems = no
Location of sets = http
HTTP proxy URL = none
HTTP Server = cdn.openbsd.org
Server directory = pub/OpenBSD/6.5/amd64
Set name(s) = all
Set name(s) = done
Location of sets = done
^D

Make sure the “root disk” information is correct regarding your instance installation. The easy way is to check using “mount” on the target server.

Save the changes and apply the modifications to the ramdisk kernel:

# doas umount /mnt
# doas vnconfig -u vnd0
# doas rdsetroot /bsd.rd disk.fs

Upgrading automatically

Transfer the bsd.rd image to the instance that should be upgraded and boot it:

# scp /bsd.rd _remotehost:/tmp/bsd.rd
# ssh _remotehost
# doas mv /tmp/bsd.rd /bsd
# doas reboot

The host will reboot and the console should display something like:

The upgraded host will reboot and you hopefully will get SSH access back to it. Checking your email, you should get an “upgrade log” and an “rc.sysmerge output” messages. This will help ensuring everything went ok.

You should also get an “upgrade response file” by email. This can be used to… create the response file we previously used. This is pretty usefull to issue a manual upgrade on host A and replay the scenario on similar hosts B to Z using autoinstall.

Extra notes

There must be a way to run onetime commands (in the manner of fw_update) to automatically run sysmerge and packages upgrades. As for now, I’d rather do it manually:

# doas sysmerge
# doas pkg_add -u -Dinstalled
# doas pkg_delete -a

This worked like a charm on two Synology KVM instances using a single sd0 disk, on my Thinkpad X260 using Encrypted root with Keydisk and on a Vultr instance using Encrypted root with passphrase. And BTW, the upgrade on the X260 used the (iwn0) wireless connection.

I just read that florian@ has released theĀ sysupgrade(8) utility which should be released with OpenBSD 6.6. That will make upgrades even easier! Until then, happy upgrading.