300 VMs deployed 🐡

Finishing touches

Your VM is a clean install of OpenBSD 6.6-release. You can ssh into it:

$ ssh username@XXX.XXX.XXX.XXX
OpenBSD 6.6 (GENERIC) #353: Sat Oct 12 10:45:56 MDT 2019

Get the password from ~/.ssh/authorized_keys and switch to root.

$ awk '{print$NF}' .ssh/authorized_keys
$ su -

Add your username to /etc/doas.conf:

# echo 'permit username' > /etc/doas.conf

Update /etc/pf.conf, test, and load it:

# echo 'pass in quick proto { icmp, icmp6 } all' >> /etc/pf.conf
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick proto icmp all
pass in quick proto ipv6-icmp all

Check 6.6 errata and apply available patches.

# syspatch
Relinking to create unique kernel... done; reboot to load the new kernel
Errata can be reviewed under /var/syspatch
# reboot
Connection to XXX.XXX.XXX.XXX closed by remote host.

Connect to the console

To get connected to the console you need to have access to the host your VM is running on. The same username and public SSH key, as provided for the VM, are used to create a local user on the host.

When this is done you can use [vmctl(8)] to manage your VM.
The options you have are:

$ vmctl console id
$ vmctl start [-c] id
$ vmctl stop [-fw] id

-f Forcefully stop the VM without attempting a graceful shutdown.
-w Wait until the VM has been terminated.
-c Automatically connect to the VM console.

Connect to the console with:

$ vmctl console id

Note: id can also be your VM name.

Known issues

There are currently a couple of known issues.

It's possible the clock to drift at some point. When this becomes severe you can also add a workaround in cron for it:

*/15 * * * * /usr/sbin/rdate -s pool.ntp.org

The issue is known to the OpenBSD developers and they are investigating solutions.

The other issue which can cause some headache is connectivity loss. As a workaround run ping from cron:

*/5 * * * * /sbin/ping -c3 <your gateway> > /dev/null

Alternative is to run ping in tmux with something like:

@reboot /usr/bin/tmux new -d 'while true; do ping -i5 <your gateway>; done' \;