{"id":269,"date":"2022-12-05T13:00:00","date_gmt":"2022-12-05T18:00:00","guid":{"rendered":"http:\/\/sycured.127.0.0.1.sslip.io\/?p=269"},"modified":"2024-01-14T12:31:20","modified_gmt":"2024-01-14T17:31:20","slug":"install-freebsd-oracle-cloud","status":"publish","type":"post","link":"http:\/\/10.42.0.68:8080\/blog\/install-freebsd-oracle-cloud","title":{"rendered":"Install FreeBSD 13.1 on Oracle Cloud"},"content":{"rendered":"\n
Oracle Cloud doesn’t propose FreeBSD like a lot of providers so we need to install it using a direct flash<\/em>.<\/p>\n\n\n\n This is my initial setup phase and everything starts with an Always-Free running Oracle Linux.<\/p>\n\n\n\n Connected using ssh and using root:<\/p>\n\n\n\n FreeBSD is now installed<\/p>\n\n\n\n Using the console using the dashboard, let’s do a quick config and enable ssh.<\/p>\n\n\n\n Depending on the version: quarterly is valid for your usage or not.<\/p>\n\n\n\n Let’s install a text editor, tmux, a In my case, I force post-install (before the configuration management run (ansible\/saltstack)):<\/p>\n\n\n\n \/etc\/loader.conf<\/strong><\/p>\n\n\n\n \/etc\/rc.conf<\/strong><\/p>\n\n\n\n And finally, run the last This is a working way to have a FreeBSD when your provider doesn’t offer it.<\/p>\n\n\n\n I haven’t added a part about the firewall because the VM is already protected using security rules at the subnet level.<\/p>\n\n\n\n But you’ve 2 possibilities about the firewall:<\/p>\n\n\n\nFlashing FreeBSD 13.1<\/h2>\n\n\n\n
\n
wget<\/code> installed otherwise you need to install it:
dnf install wget -y<\/code><\/li>\n\n\n\n
fdisk -l<\/code>, in my case it’s \/dev\/sda<\/strong><\/li>\n\n\n\n
# AMD64\nwget https:\/\/download.freebsd.org\/ftp\/releases\/VM-IMAGES\/13.1-RELEASE\/amd64\/Latest\/FreeBSD-13.1-RELEASE-amd64.raw.xz -O - | xz -dc | dd of=\/dev\/sda bs=1M cov=fdatasync\n\n# AARCH64\nwget https:\/\/download.freebsd.org\/ftp\/releases\/VM-IMAGES\/13.1-RELEASE\/aarch64\/Latest\/FreeBSD-13.1-RELEASE-arm64-aarch64.raw.xz -O - | xz -dc | dd of=\/dev\/sda bs=1M cov=fdatasync<\/code><\/pre>\n\n\n\n
\n
Post-install steps<\/h2>\n\n\n\n
Switch from quarterly to the latest repository (optional)<\/h3>\n\n\n\n
sed -i '' 's\/quarterly\/latest\/' \/etc\/pkg\/FreeBSD.conf<\/code><\/pre>\n\n\n\n
Update the system<\/h3>\n\n\n\n
freebsd-update fetch install\npkg update\nreboot<\/code><\/pre>\n\n\n\n
Install packages<\/h3>\n\n\n\n
sudo<\/code> alternative, a DHCP client doing IPv4 and IPv6 and OpenSSH<\/p>\n\n\n\n
pkg install -y doas dual-dhclient-daemon openssh-portable tmux vim<\/code><\/pre>\n\n\n\n
sudo<\/code> is also available but on FreeBSD, I prefer
doas<\/code><\/p>\n\n\n\n
Config
doas<\/code> for group wheel<\/h3>\n\n\n\n
echo \"permit :wheel\" > \/usr\/local\/etc\/doas.conf<\/code><\/pre>\n\n\n\n
Config ssh server<\/h3>\n\n\n\n
vim \/usr\/local\/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n
\n
Tune the boot time<\/h3>\n\n\n\n
autoboot_wait=\"0\"\nautoboot_delay=\"0\"\nbeastie_disable=\"YES\"\nboot_serial=\"YES\"\nloader_logo=\"none\"\ncryptodev_load=\"YES\"<\/code><\/pre>\n\n\n\n
Tune the system and services at boot<\/h3>\n\n\n\n
hostname=\"oci-test\"\nifconfig_DEFAULT=\"DHCP inet6 accept_rtadv\"\nipv6_activate_all_interfaces=\"YES\"\ndhclient_enable=\"YES\"\ndhclient_program=\"\/usr\/local\/sbin\/dual-dhclient\"\ngrowfs_enable=\"YES\"\nsshd_enable=\"NO\"\nopenssh_enable=\"YES\"<\/code><\/pre>\n\n\n\n
Create opc user<\/h3>\n\n\n\n
pw user add -n opc -d \/home\/opc -G wheel -m -s \/bin\/sh<\/code><\/pre>\n\n\n\n
Change the password<\/h4>\n\n\n\n
passwd opc<\/code><\/pre>\n\n\n\n
Add your SSH public key<\/h4>\n\n\n\n
mkdir -p \/home\/opc\/.ssh\necho \"MY_PUBLIC_KEY\" > \/home\/opc\/.ssh\/authorized_keys\nchown -R opc:opc \/home\/opc\/.ssh\nchmod 600 \/home\/opc\/.ssh\/authorized_keys<\/code><\/pre>\n\n\n\n
reboot<\/code><\/p>\n\n\n\n
Conclusion<\/h2>\n\n\n\n