Creating NetBSD Bhyve/KVM images suitable for running in Triton.
Create the VM json:
{
"brand": "bhyve",
"alias": "netbsd-install",
"autoboot": "false",
"bootrom": "bios",
"ram": 8192,
"disks": [
{
"boot": false,
"model": "virtio",
"size": 10240
},
{
"boot": true,
"model": "ahci",
"media": "cdrom",
"path": "/boot-com.iso"
}
],
"resolvers": [
"10.0.84.48",
"10.0.84.84"
],
"nics": [
{
"nic_tag": "admin",
"ip": "10.0.83.220",
"netmask": "255.255.255.0",
"gateway": "10.0.83.1",
"model": "virtio",
"primary": true
}
],
"customer_metadata": {
"root_authorized_keys": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZ2pDopp8rpmfy8/kGP1Ex6rsl4Wj7ZjjfELeJgqs/q jperkin-ed25519-2020"
}
}Create VM but do not start it up yet.
$ vmadm create -f netbsd-install.jsonFetch NetBSD boot-com.iso and place it into root directory of the created zone.
$ curl -O http://ftp.netbsd.org/pub/NetBSD/NetBSD-9.1/amd64/installation/cdrom/boot-com.iso
$ cp boot-com.iso /zones/<uuid>/rootNow we can start it up and attach to the console.
$ vmadm start <uuid>
$ vmadm console <uuid>During the boot, you must drop to a boot promptby pressing "3" before the timer runs out.
The xhci driver needs to be disabled, otherwise the host will panic during boot.
>> NetBSD/x86 BIOS Boot, Revision 5.11 (Sun Oct 18 19:24:30 UTC 2020) (from NetBSD 9.1)
>> Memory: 640/15360 k
1. Boot normally
2. Boot single user
3. Drop to boot prompt
Choose an option; RETURN for default; SPACE to stop countdown.
Option 1 will be chosen in 0 seconds.
type "?" or "help" for help.
> userconf disable xhci
> boot
Follow the NetBSD sysinst installer. I made the following changes from the defaults:
- Set swap size to 2GB, leaving 8GB for /
- Increase serial baud rate to 115200
- Installation without X11
- HTTP install
- Configure network manually (no DHCP support)
- Set a distinct hostname to make it easy to grep for things that need to be removed prior to image creation
- Enable installation of binary packages (just pkgin)
- Enable sshd, ntpd, ntpdate
- Disable cgd, raidframe
After install, drop to a shell and edit /boot.cfg to fix the XHCI issue, then halt the machine.
$ mount /dev/dk0 /mnt2
$ echo "userconf=disable xhci" >>/mnt2/boot.cfg
$ umount /mnt2
$ poweroffRemove the CD device
$ echo '{"remove_disks": ["/boot-com.iso"]}' | vmadm update <uuid>Then boot the system back up again. You may also need to reconnect the console.
$ vmadm boot <uuid>
$ vmadm console <uuid>Once booted, log in as root with the empty password.
Fetch support binaries and scripts:
#
# /usr/triton/bin contains our builds of mdata-client and jq. These should only
# depend on libc and libm to be portable across different releases.
#
mkdir -p /usr/triton/bin
cd /usr/triton/bin
for file in jq mdata-delete mdata-get mdata-list mdata-put; do
ftp https://us-east.manta.joyent.com/pkgsrc/public/support/images/netbsd/${file}
chmod 0755 ${file}
done
#
# Install the /etc/rc.d/triton init script. This sets up networking and the
# root SSH keys from customer_metadata.
#
ftp -o /etc/rc.d/triton https://us-east.manta.joyent.com/pkgsrc/public/support/images/netbsd/triton
chmod 0555 /etc/rc.d/tritonUpdate /etc/rc.conf:
- Add
triton=YES, - Remove
hostname=anddefaultroute=if set, - Remove
wscons=YES. - Sort the remaining entries,
$ vi /etc/rc.confTurn off ttyE* entries in /etc/ttys, no need for virtual consoles:
$ vi /etc/ttys
ttyE1 "/usr/libexec/getty Pc" wsvt25 off secure
ttyE2 "/usr/libexec/getty Pc" wsvt25 off secure
ttyE3 "/usr/libexec/getty Pc" wsvt25 off secureRemove static entry added by sysinst to /etc/hosts:
$ vi /etc/hostsStop syslogd prior to removing files, avoiding them being written to on halt:
$ /etc/rc.d/syslogd stopRemove or empty all files that will be created on first boot:
#
# Remove networking files created by /etc/rc.d/triton
#
for f in ifconfig.vioif0 mygate myname resolv.conf; do
rm -f /etc/${f}
done
rm -f /var/spool/postfix/etc/resolv.conf
#
# Not sure where these come from
#
rm -f /etc/rc.conf.bak.*
#
# Remove SSH keys
#
rm -f /etc/ssh/ssh_host*
rm -f /root/.ssh/authorized_keys
#
# Remove and empty log files
#
rm -f /var/log/*.gz
for f in /var/log/*; do
[ -f $f ] && >$f
done
rm -f /var/run/dmesg.boot
rm -f /var/run/rc.log
>/var/run/utmp
>/var/run/utmpx
#
# Remove pkgin database (it will almost certainly be out of date).
#
rm -f /var/db/pkgin/pkgin.db
#
# Remove the system entropy file, we do not want it to be deterministic.
#
rm -f /var/db/entropy-fileNote that /var/log/*.gz will be recreated every hour by the newsyslog cron, so double check when creating your image that you don't happen to be unlucky with timing in between removing the existing log files and shutting down the host.
Rebuild pkgdb files just in case:
$ pkg_admin rebuild
$ pkg_admin rebuild-treeFinally, switch off. Make sure to use poweroff, as running shutdown -p now or similar will recreate the entropy file.
$ poweroffI don't really understand why this is required, but it is, otherwise you get "out of space" errors:
$ vmadm update <uuid> flexible_disk_size=20480Now we can snapshot the image and generate the metadata.
$ zfs snapshot -r zones/<uuid>@final
$ zfs send zones/<uuid>/disk0@final | gzip -9 >netbsd-9.1.zfs.gz
The JSON manifest is below, the following variables need replacing:
@UUID@with a fresh uuid (e.g. just runuuid).@SIZE@with thels -loutput fornetbsd-9.1.zfs.gz.@SHA1@with thedigest -a sha1output fornetbsd-9.1.zfs.gz.
Note to keep this order to ease diffs against imgadm show output.
{
"v": 2,
"uuid": "@UUID@",
"owner": "00000000-0000-0000-0000-000000000000",
"name": "netbsd-9.1",
"version": "20210223",
"state": "active",
"disabled": false,
"public": true,
"published_at": "2020-02-22T22:22:22Z",
"type": "zvol",
"os": "bsd",
"files": [
{
"sha1": "@SHA1@",
"size": "@SIZE@",
"compression": "gzip"
}
],
"description": "NetBSD 9.1. Installation without X11.",
"homepage": "https://www.netbsd.org/",
"requirements": {},
"nic_driver": "virtio",
"disk_driver": "virtio",
"cpu_type": "host",
"image_size": 10240,
"tags": {
"role": "os"
}
}