280 VMs deployed and 20 available 🐡

Finishing touches

Your VM is a clean install of OpenBSD 6.5-release. You can ssh into it:

$ ssh username@XXX.XXX.XXX.XXX
OpenBSD 6.5 (GENERIC) #3: Sat Apr 13 14:42:43 MDT 2019
...
$

Get the password from ~/.ssh/authorized_keys and switch to root.

$ awk '{print$NF}' .ssh/authorized_keys
XXXXXXXXXXXXXXXXXXXXXXXXXX
$ su -
Password:
#

Add your username to /etc/doas.conf:

# echo 'permit username' > /etc/doas.conf
#

Update /etc/pf.conf, test, and load it:

# echo 'pass in quick proto { icmp, icmp6 } all' >> /etc/pf.conf
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick proto icmp all
pass in quick proto ipv6-icmp all
#

Check 6.5 errata and apply available patches.

# syspatch
...
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch
# reboot
Connection to XXX.XXX.XXX.XXX closed by remote host.

Known issues

There are currently a couple of known issues.

It's possible the clock to drift at some point. When this becomes severe you can also add a workaround in cron for it:

*/15 * * * * /usr/sbin/rdate -s pool.ntp.org

The issue is known to the OpenBSD developers and they are investigating solutions.

The other issue which can cause some headache is connectivity loss. As a workaround run ping from cron:

*/5 * * * * /sbin/ping -c3 <your gateway> > /dev/null

Alternative is to run ping in tmux with something like:

@reboot /usr/bin/tmux new -d 'while true; do ping -i5 <your gateway>; done' \;