{"id":269,"date":"2022-12-05T13:00:00","date_gmt":"2022-12-05T18:00:00","guid":{"rendered":"http:\/\/sycured.127.0.0.1.sslip.io\/?p=269"},"modified":"2024-01-14T12:31:20","modified_gmt":"2024-01-14T17:31:20","slug":"install-freebsd-oracle-cloud","status":"publish","type":"post","link":"http:\/\/10.42.0.68:8080\/blog\/install-freebsd-oracle-cloud","title":{"rendered":"Install FreeBSD 13.1 on Oracle Cloud"},"content":{"rendered":"\n<p>Oracle Cloud doesn&#8217;t propose FreeBSD like a lot of providers so we need to install it using <em>a direct flash<\/em>.<\/p>\n\n\n\n<p>This is my initial setup phase and everything starts with an Always-Free running Oracle Linux.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Flashing FreeBSD 13.1<\/h2>\n\n\n\n<p>Connected using ssh and using root:<\/p>\n\n\n\n<ol>\n<li>You need to check that you have <code>wget<\/code> installed otherwise you need to install it: <code>dnf install wget -y<\/code><\/li>\n\n\n\n<li>Identify your disk with <code>fdisk -l<\/code>, in my case it&#8217;s <strong>\/dev\/sda<\/strong><\/li>\n\n\n\n<li>Flashing: It depends on your VM (AMD64 or AARCH64), you need to use the good one<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code># AMD64\nwget https:\/\/download.freebsd.org\/ftp\/releases\/VM-IMAGES\/13.1-RELEASE\/amd64\/Latest\/FreeBSD-13.1-RELEASE-amd64.raw.xz -O - | xz -dc | dd of=\/dev\/sda bs=1M cov=fdatasync\n\n# AARCH64\nwget https:\/\/download.freebsd.org\/ftp\/releases\/VM-IMAGES\/13.1-RELEASE\/aarch64\/Latest\/FreeBSD-13.1-RELEASE-arm64-aarch64.raw.xz -O - | xz -dc | dd of=\/dev\/sda bs=1M cov=fdatasync<\/code><\/pre>\n\n\n\n<ol start=\"4\">\n<li>Initiate the reboot using the dashboard: https:\/\/cloud.oracle.com<\/li>\n<\/ol>\n\n\n\n<p>FreeBSD is now installed<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Post-install steps<\/h2>\n\n\n\n<p>Using the console using the dashboard, let&#8217;s do a quick config and enable ssh.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Switch from quarterly to the latest repository (optional)<\/h3>\n\n\n\n<p>Depending on the version: quarterly is valid for your usage or not.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sed -i '' 's\/quarterly\/latest\/' \/etc\/pkg\/FreeBSD.conf<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Update the system<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>freebsd-update fetch install\npkg update\nreboot<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install packages<\/h3>\n\n\n\n<p>Let&#8217;s install a text editor, tmux, a <code>sudo<\/code> alternative, a DHCP client doing IPv4 and IPv6 and OpenSSH<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>pkg install -y doas dual-dhclient-daemon openssh-portable tmux vim<\/code><\/pre>\n\n\n\n<p><code>sudo<\/code> is also available but on FreeBSD, I prefer <code>doas<\/code><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Config <code>doas<\/code> for group wheel<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"permit :wheel\" &gt; \/usr\/local\/etc\/doas.conf<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Config ssh server<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/usr\/local\/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<p>In my case, I force post-install (before the configuration management run (ansible\/saltstack)):<\/p>\n\n\n\n<ul>\n<li>PubkeyAuthentication yes<\/li>\n\n\n\n<li>PasswordAuthentication no<\/li>\n\n\n\n<li>PermitEmptyPasswords no<\/li>\n\n\n\n<li>VersionAddendum sycured<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Tune the boot time<\/h3>\n\n\n\n<p><strong>\/etc\/loader.conf<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>autoboot_wait=\"0\"\nautoboot_delay=\"0\"\nbeastie_disable=\"YES\"\nboot_serial=\"YES\"\nloader_logo=\"none\"\ncryptodev_load=\"YES\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Tune the system and services at boot<\/h3>\n\n\n\n<p><strong>\/etc\/rc.conf<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>hostname=\"oci-test\"\nifconfig_DEFAULT=\"DHCP inet6 accept_rtadv\"\nipv6_activate_all_interfaces=\"YES\"\ndhclient_enable=\"YES\"\ndhclient_program=\"\/usr\/local\/sbin\/dual-dhclient\"\ngrowfs_enable=\"YES\"\nsshd_enable=\"NO\"\nopenssh_enable=\"YES\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Create opc user<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>pw user add -n opc -d \/home\/opc -G wheel -m -s \/bin\/sh<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Change the password<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>passwd opc<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Add your SSH public key<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir -p \/home\/opc\/.ssh\necho \"MY_PUBLIC_KEY\" &gt; \/home\/opc\/.ssh\/authorized_keys\nchown -R opc:opc \/home\/opc\/.ssh\nchmod 600 \/home\/opc\/.ssh\/authorized_keys<\/code><\/pre>\n\n\n\n<p>And finally, run the last <code>reboot<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>This is a working way to have a FreeBSD when your provider doesn&#8217;t offer it.<\/p>\n\n\n\n<p>I haven&#8217;t added a part about the firewall because the VM is already protected using security rules at the subnet level.<\/p>\n\n\n\n<p>But you&#8217;ve 2 possibilities about the firewall:<\/p>\n\n\n\n<ul>\n<li>stateful: pf<\/li>\n\n\n\n<li>stateless: ipfw<\/li>\n<\/ul>\n\n\n\n<p>If you want more information about pf, you can look at <a href=\"https:\/\/www.openbsdhandbook.com\/pf\/\">Packet Filter &#8211; OpenBSD Handbook<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Oracle Cloud doesn&#8217;t propose FreeBSD like a lot of providers so we need to install it using a direct flash. This is my initial setup phase and everything starts with an Always-Free running Oracle Linux. Flashing FreeBSD 13.1 Connected using ssh and using root: FreeBSD is now installed Post-install steps Using the console using the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":84,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"saved_in_kubio":false,"footnotes":""},"categories":[28],"tags":[34],"_links":{"self":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts\/269"}],"collection":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/comments?post=269"}],"version-history":[{"count":1,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts\/269\/revisions"}],"predecessor-version":[{"id":271,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/posts\/269\/revisions\/271"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/media\/84"}],"wp:attachment":[{"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/media?parent=269"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/categories?post=269"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/10.42.0.68:8080\/wp-json\/wp\/v2\/tags?post=269"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}