Contents
About OpenBSD
OpenBSD is a free, multi-platform BSD4.4-based UNIX-like operating system (https://www.openbsd.org/) that integrates cutting-edge security technology. OpenBSD is used for a variety of technologies such as routers, firewalls, SMTP server, DNS server, and other applications.
AWS & OpenBSD
The OpenBSD 7.0 AMI is not available natively on AWS and cannot be launched directly inside Amazon EC2. To launch an OpenBSD EC2 instance users need to use a public community AMI or create their own. This can be tricky if they are unfamiliar with AWS or OpenBSD.
AMI Creation Options
There are two options to create an AMI:
- Importing the AMI directly from a VMDK file. (VMDK is a complete and independent virtual machine originally created for VMware products. A VMDK file can quickly be created by exporting a virtual machine.)
- Importing the VMDK file as a snapshot and converting the imported snapshot into an AMI
Author’s Note: Due to AWS not recognizing my OS while importing the AMI, I was unable to create an AMI using the first option. We will hence be focusing on the second option for the rest of this article.
This article aims to provide readers with a concise tutorial that shows them how to create an AMI using the second option i.e. importing the VMDK file as a snapshot and converting the imported snapshot into an AMI.
AMI Creation — Tutorial
Requirements
The following are the requirements to create the AMI:
- Shell access to OpenBSD > 6.5 which is vmm(4)* compatible and has internet access. (This means that you need to access native virtualization inside your machine.)
- 3GB or more free space in
/tmp
directory.
*vmm(4) is a driver used to execute virtual machines
Author’s Note: Please note that I tried to launch an OpenBSD VM inside VMWare/VirtualBox and wasn’t able to access virtualization. I ended up creating a dual-boot on an old computer.
For the rest of this tutorial, all the commands need to be executed inside an OpenBSD environment that meets the requirements mentioned above.
First, install some packages that will be needed later:
$ > pkg_add vmdktool git python py-pip
For Python, choose the 2.7 version.
Install the AWS CLI by running the following command:
$ > pip2.7 install awscli
Configure the CLI using AWS Access Key ID and Secret Access Key:
$ > aws configure
AWS Access Key ID: ***********************
AWS Secret Access Key: ***********************
Configuring OpenBSD
We will use a script made by Antoine Jacoutot (https://github.com/ajacoutot) that will build an OpenBSD image and then import it into the EC2 console.
Clone the repository by running the following command:
$ > git clone https://github.com/ajacoutot/aws-openbsd.git
Create an auto-partitioning template which is a file that defines the space for each partition:
/ 250M
swap 80-256M 10%
/tmp 120M-4G 8%
/var 80M-4G 13%
/usr 900M-2G 5%
/usr/X11R6 512M-1G 3%
/usr/local 2G-10G 10%
/usr/src 1-2G 2%
/usr/obj 1.3G-2G 4%
/home 1G-* 45%
Author’s Note: Readers can modify this file according to their requirements to adjust partition sizes. (Documentation: http://undeadly.org/cgi?action=article&sid=20150505123418)
Name the file autopartitioning
and place it inside the repository folder. Remember the path of this file, it will be needed later.
The next step is to modify the script to enable the retrieval of the auto-partitioning template since the script does not do this by default.
To do this, edit the obsd-img-builder.sh
. Go to the create_img()
function and locate the following line:
cp ${_WRKDIR}/auto_install.conf ${_rdmnt}
Add the following below (Replace <path>
by the parent folder of the auto-partitioning file.):
mkdir ${_rdmnt}/template
cp <path>/autopartitioning ${_rdmnt}/template/autopartitioning
Now go to create_autoinstallconf()
function and locate this line:
What timezone are you in = UTC
Add the following line below:
URL to autopartitioning template for disklabel = file:template/autopartitioning
Running the Script
The script is now ready to be executed inside the OpenBSD environment.
Start by running the daemon that handles virtual machines. This daemon is needed to build the OpenBSD image:
$ > rcctl -f start vmd
Run the script (Replace <desired-size>
with the size you want for your image. Note that the size is in GB and must be set according to the auto-partitioning template.
$ > ./obsd-img-builder.sh -r 7.0 -s <desired-size>
The AMI is now available inside the EC2 console under the My AMIs tab. This AMI can currently be accessed only by the user account. However, it can potentially be shared with other accounts as well by updating the AMI permissions.
Conclusion
OpenBSD is an ideal solution for companies looking to build secure firewalls and private network services. By following the steps detailed in this tutorial, readers can quickly create an OpenBSD 7.0 AMI on Amazon EC2.
About TrackIt
TrackIt is an international AWS cloud consulting, systems integration, and software development firm headquartered in Marina del Rey, CA.
We have built our reputation on helping media companies architect and implement cost-effective, reliable, and scalable Media & Entertainment workflows in the cloud. These include streaming and on-demand video solutions, media asset management, and archiving, incorporating the latest AI technology to build bespoke media solutions tailored to customer requirements.
Cloud-native software development is at the foundation of what we do. We specialize in Application Modernization, Containerization, Infrastructure as Code and event-driven serverless architectures by leveraging the latest AWS services. Along with our Managed Services offerings which provide 24/7 cloud infrastructure maintenance and support, we are able to provide complete solutions for the media industry.