Contributed by merdely on from the sshd-and-bsd.rd-and-network-upgrade-goodness dept.
Yaifo 0.4 has been released. After Waldemar Brodkorb's 0.2 release for OpenBSD 3.8 (previously covered on Undeadly), very little work has been done. I had released patches on my site for Yaifo to be used with OpenBSD 3.9 and OpenBSD 4.0 but no official updates had been released.
Yaifo (Yet Another Installer for OpenBSD) is basically a stock bsd.rd kernel with sshd enabled. It also includes RAIDFRAME support. Suppose you have a server that is 500 miles away and you want to either upgrade it or do a fresh install -- what do you do? You could download Yaifo for OpenBSD 4.1, edit the config file, copy your authorized_keys file, copy the server's ssh_host_* files, compile the yaifo.rd kernel, upload it to your server as /bsd and reboot. When the server comes back up, ssh to the server as root and you will be prompted with the familiar "(I)nstall, (U)pgrade or (S)hell?" prompt.
I recently received permission from Waldemar to take over the project, so I wanted to announce Yaifo 0.4.
Yaifo 0.4 includes the following features:
- Support for the newest version of OpenBSD (4.1, 4.1-current)
- Support for the ${SUDO} variable (can be set in /etc/mk.conf)
- Support for using supplied ssh_host*_key files (vs. creating new ones each time)
- Ask if ssh_host*_key files should be copied to the new install's /etc/ssh
- Enabled setting the DNS search string in /etc/resolv.conf
- Support for using a second NIC
- Support for AMD64 kernels (I don't have the ability to test)
There are two files available for Yaifo 0.4:
- yaifo-0.4-41: Yaifo 0.4 updated for OpenBSD 4.1
- yaifo-0.4-41-current-20070702: Yaifo 0.4 updated for OpenBSD 4.1-current (as of July 2, 2007)
To use Yaifo 0.4 with OpenBSD 4.1:
- Download and patch your source tree to /usr/src
- If you're not root, add "SUDO=sudo" to /etc/mk.conf
- Download yaifo-0.4-41 and untar it.
- Copy your authorized_keys file to the yaifo-0.4-41 directory
- If you're upgrading or re-installing an existing system, copy its /etc/ssh/ssh_host* files to the yaifo-0.4-41 directory
- Edit the yaifo-0.4-41/config file and modify it to your liking
- Make the yaifo.rd kernel: cd yaifo-0.4-41; make obj; make
- Copy the yaifo.rd kernel to the system you want to upgrade/re-install as /bsd
- Reboot the system
- Connect to the system: ssh root@<ip of system>
- Proceed with the upgrade/install as you normally would.
- When complete, do not type halt. Instead type reboot.
The future of Yaifo will include a new name, a home on SourceForge, continued updating for new versions of OpenBSD and, possibly, support for other architectures.
(Comments are closed)
By Adam Karim (archite) adamk@apple.com on
By David Chisnall (82.7.199.50) on
Remote install, however, would have been incredibly useful. Installing OpenBSD is pretty easy when you know what you're doing. It's much harder when you are trying to talk a technician through the process over IM on an unfamiliar machine. If I could have burned a custom install CD with my SSH key on it, then this would have been a lot easier; simply send the colo company the install image and let them burn the CD and pop it in the machine on first boot.
Comments
By jirib (85.207.203.106) on
if you have ever recompiled sendmail with SASL you know it needs cyrus-sasl package installed :) i don't know much about Yaifo, but OpenBSD install supports siteXY.tgz (check FAQ) where you can put your updated binaries of SMTP-AUTH enabled sendmail... i haven't tried that yet but after recompiling sendmail put $DESTDIR somewhere and then tar it and put it in siteXY.tgz...
Comments
By Mike Erdely (merdely) on http://erdelynet.com/
> installed :) i don't know much about Yaifo, but OpenBSD install supports siteXY.tgz (check
> FAQ) where you can put your updated binaries of SMTP-AUTH enabled sendmail... i haven't
> tried that yet but after recompiling sendmail put $DESTDIR somewhere and then tar it and put
> it in siteXY.tgz...
Yaifo supports siteXY.tgz and siteXY-`hostname`.tgz like the stock install.sub does.
By Anonymous Coward (87.79.240.31) on
>
Yes, following upgradeXX.html "Just works!" (Thanks Nick!) Did a lot of upgrades that way and till today it never went wrong. Having an image to dd back is calming anyway.
SMTPAUTH requires the authentication infrastructure. Have a look at this thread:
http://marc.info/?l=openbsd-misc&m=118323400025556&w=2
> Remote install, however, would have been incredibly useful. Installing OpenBSD is pretty easy when you know what you're doing. It's much harder when you are trying to talk a technician through the process over IM on an unfamiliar machine. If I could have burned a custom install CD with my SSH key on it, then this would have been a lot easier; simply send the colo company the install image and let them burn the CD and pop it in the machine on first boot.
You can dd the yaifo image onto the first disk and boot it, by yourself if your hoster supplies some kind of rescue-system or let them do it.
Comments
By jirib (85.207.203.106) on
>
> You can dd the yaifo image onto the first disk and boot it, by yourself if your hoster supplies some kind of rescue-system or let them do it.
well Yaifo "...this is basically bsd.rd with sshd+raidframe sprinkled in..."
man boot.conf - you can specify what to boot after next reboot...
By Anonymous Coward (87.79.240.31) on
By Maxim Bourmistrov (EN) maxim@openbsd.nu on http://www.openbsd.nu
Thanks for moving this project forward.
By jirib (85.207.203.106) on
why are these tools in ports? there is a lot of silly ports or non very often updated ports but this kind of userful ports is missing :(
Comments
By Anonymous Coward (85.207.203.106) on
why are NOT these... (ooops)
By Mike Erdely (merdely) on http://erdelynet.com/
I'll see if I can find someone that knows something about binpatch to post a story...
> why are these tools [NOT] in ports? there is a lot of silly ports or
> non very often updated ports but this kind of userful ports is missing :(
Tools like these are difficult to maintain through ports. It's basically source code that is recompiled on a case by case basis. I'll often have ~/yaifo-s1, ~/yaifo-s2, ... to maintain yaifo.rd kernels for multiple systems.
If someone has ideas for making this into a port, I'm interested.
Comments
By Anonymous Coward (85.207.203.106) on
has anybody tried that?
By Anonymous Coward (213.41.244.253) on
>
> why are these tools in ports? there is a lot of silly ports or non very often updated ports but this kind of userful ports is missing :(
You mean a usefull port that patches /usr/src???
By sad undeadly reader (83.64.118.178) on
what's next?
come on guys, shut up your mouth!