SHARE
TWEET

Morgan - Clean DO droplets

a guest Jul 27th, 2016 74 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. I wanted to share a solution I came up with for getting super clean, auto-configuring droplets running on DigitalOcean with the latest versions of FreeBSD. No extra junk preinstalled!
  3.  
  4. As background, DigitalOcean base images come with a bunch of packages to support auto-configuration, no ZFS support, an extra “freebsd” user account, and other “evidences of tampering”. For sysadmins who have always installed FreeBSD from scratch, this feels like being given someone else’s pre-configured server. Plus, we want ZFS, of course.
  5.  
  6. It’s possible to have it all on DigitalOcean with a one-time effort.
  7.  
  8. Initially, you start with their base “hand me down” server image. From that, you rebuild it by booting an in-memory FreeBSD environment that runs the standard bsdinstall tool. * And from there, you’re in control of the entire setup process as usual. You can even enable ZFS! When you’re done, you have a fresh-from-the-factory, untainted FreeBSD droplet.
  9.  
  10. The downside? It has the network settings entered during the install process, so it won’t be auto-configuring from the DigitalOcean metadata API. But this can be fixed with a simple shell script ** that I have put on GitHub -- no extra packages or user accounts needed! After installing it and cleaning up /etc/rc.conf, you can shut down your droplet, make a snapshot of it, and use that image for cloning other droplets.
  11.  
  12.  This is one of my first contributions to the FreeBSD community. I’m interested in any feedback on making it better.
  13.  
  14. Thanks for a great show. I look forward to watching you guys every week.
  15.  
  16.  
  17.  
  18. --Morgan
  19.  
  20.   San Diego, CA
  21.  
  22.  
  23.  
  24. P.S. The gift! On BSD Now 151, you lamented about Let’s Encrypt clients. I’m not sure which Bash script client Allan had trouble with, but the one I found has worked wonderfully, and it supports SANs. I’m using it as the basis for a “master server” that manages the generation and renewal of certificates deployed across multiple FreeBSD web servers and even mail servers that aren’t running Apache or Nginx. Sounds a bit like what Allan was trying to accomplish. The script, created by Lukas Schauer, and my solution are on GitHub. ***
  25.  
  26.  
  27. * How to install FreeBSD with ZFS filesystem on Digitalocean
  28.  
  29. https://github.com/fxlv/docs/blob/master/freebsd/freebsd-with-zfs-digitalocean.md
  30.  
  31. ** Lightweight, zero-dependency, self-configuration for FreeBSD droplets on DigitalOcean
  32.  
  33. https://github.com/morganwdavis/freebsd-digitalocean
  34.  
  35. *** Let’s Encrypt Master Server
  36.  
  37. https://github.com/morganwdavis/lets-encrypt-master-server
RAW Paste Data
Top