About OpenBSD

OpenBSD is a free, multi-platform BSD4.4-based UNIX-like operating system (https://www.openbsd.org/) that integrates cutting-edge security technology. OpenBSD is used for a variety of technologies such as routers, firewalls, SMTP server, DNS server, and other applications.

AWS & OpenBSD

The OpenBSD 7.0 AMI is not available natively on AWS and cannot be launched directly inside Amazon EC2. To launch an OpenBSD EC2 instance users need to use a public community AMI or create their own. This can be tricky if they are unfamiliar with AWS or OpenBSD.

AMI Creation Options

There are two options to create an AMI:

  1. Importing the AMI directly from a VMDK file. (VMDK is a complete and independent virtual machine originally created for VMware products. A VMDK file can quickly be created by exporting a virtual machine.)
  2. Importing the VMDK file as a snapshot and converting the imported snapshot into an AMI

Author’s Note: Due to AWS not recognizing my OS while importing the AMI, I was unable to create an AMI using the first option. We will hence be focusing on the second option for the rest of this article.

This article aims to provide readers with a concise tutorial that shows them how to create an AMI using the second option i.e. importing the VMDK file as a snapshot and converting the imported snapshot into an AMI.

AMI Creation — Tutorial

Requirements

The following are the requirements to create the AMI:

  1. Shell access to OpenBSD > 6.5 which is vmm(4)* compatible and has internet access. (This means that you need to access native virtualization inside your machine.)
  2. 3GB or more free space in /tmp directory.

*vmm(4) is a driver used to execute virtual machines

Author’s Note: Please note that I tried to launch an OpenBSD VM inside VMWare/VirtualBox and wasn’t able to access virtualization. I ended up creating a dual-boot on an old computer.

For the rest of this tutorial, all the commands need to be executed inside an OpenBSD environment that meets the requirements mentioned above.

First, install some packages that will be needed later:

$ > pkg_add vmdktool git python py-pip

For Python, choose the 2.7 version.

Install the AWS CLI by running the following command:

$ > pip2.7 install awscli

Configure the CLI using AWS Access Key ID and Secret Access Key:

$ > aws configure
AWS Access Key ID: ***********************
AWS Secret Access Key: ***********************

Configuring OpenBSD

We will use a script made by Antoine Jacoutot (https://github.com/ajacoutot) that will build an OpenBSD image and then import it into the EC2 console.

Clone the repository by running the following command:

$ > git clone https://github.com/ajacoutot/aws-openbsd.git

Create an auto-partitioning template which is a file that defines the space for each partition:

/              250M
swap 80-256M 10%
/tmp 120M-4G 8%
/var 80M-4G 13%
/usr 900M-2G 5%
/usr/X11R6 512M-1G 3%
/usr/local 2G-10G 10%
/usr/src 1-2G 2%
/usr/obj 1.3G-2G 4%
/home 1G-* 45%

Author’s Note: Readers can modify this file according to their requirements to adjust partition sizes. (Documentation: http://undeadly.org/cgi?action=article&sid=20150505123418)

Name the file autopartitioning and place it inside the repository folder. Remember the path of this file, it will be needed later.

The next step is to modify the script to enable the retrieval of the auto-partitioning template since the script does not do this by default.

To do this, edit the obsd-img-builder.sh . Go to the create_img()function and locate the following line:

cp ${_WRKDIR}/auto_install.conf ${_rdmnt}

Add the following below (Replace <path> by the parent folder of the auto-partitioning file.):

mkdir ${_rdmnt}/template
cp <path>/autopartitioning ${_rdmnt}/template/autopartitioning

Now go to create_autoinstallconf()function and locate this line:

What timezone are you in = UTC

Add the following line below:

URL to autopartitioning template for disklabel = file:template/autopartitioning

Running the Script

The script is now ready to be executed inside the OpenBSD environment.

Start by running the daemon that handles virtual machines. This daemon is needed to build the OpenBSD image:

$ > rcctl -f start vmd

Run the script (Replace <desired-size>with the size you want for your image. Note that the size is in GB and must be set according to the auto-partitioning template.

$ > ./obsd-img-builder.sh -r 7.0 -s <desired-size>

The AMI is now available inside the EC2 console under the My AMIs tab. This AMI can currently be accessed only by the user account. However, it can potentially be shared with other accounts as well by updating the AMI permissions.

Conclusion

OpenBSD is an ideal solution for companies looking to build secure firewalls and private network services. By following the steps detailed in this tutorial, readers can quickly create an OpenBSD 7.0 AMI on Amazon EC2.

About TrackIt

TrackIt is an Amazon Web Services Advanced Consulting Partner specializing in cloud management, consulting, and software development solutions based in Venice, CA.

TrackIt specializes in Modern Software Development, DevOps, Infrastructure-As-Code, Serverless, CI/CD, and Containerization with specialized expertise in Media & Entertainment workflows, High-Performance Computing environments, and data storage.

TrackIt’s forté is cutting-edge software design with deep expertise in containerization, serverless architectures, and innovative pipeline development. The TrackIt team can help you architect, design, build and deploy a customized solution tailored to your exact requirements.

In addition to providing cloud management, consulting, and modern software development services, TrackIt also provides an open-source AWS cost management tool that allows users to optimize their costs and resources on AWS.