Bootable installation partition on a hard drive?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Bootable installation partition on a hard drive?

Walt
I have a new server on order that should arrive in a few days. It's intended purpose is to replace my current firewall. It has no CD and so I'll make and use a bootable flash drive as described in the Installation Guide section of the FAQ.

The server will have a second ssd drive and so I got to wondering if it might be useful to create a bootable partition on the drive and install the installation on it.

I'm probably not going to do this but I am curious about whether it would work very well. I'll probably install a second copy of the OS on the second drive and mirror all configuration files to it so that if anything happens to the main drive, I can turn around and boot from the second and be up and running almost immediately.

Thanks,

Walt

Sent with [ProtonMail](https://protonmail.com) Secure Email.
Reply | Threaded
Open this post in threaded view
|

Re: Bootable installation partition on a hard drive?

tom ryan

On 7/9/20 5:07 pm, Walt wrote:
> I have a new server on order that should arrive in a few days. It's intended purpose is to replace my current firewall. It has no CD and so I'll make and use a bootable flash drive as described in the Installation Guide section of the FAQ.
>
> The server will have a second ssd drive and so I got to wondering if it might be useful to create a bootable partition on the drive and install the installation on it.
>
> I'm probably not going to do this but I am curious about whether it would work very well. I'll probably install a second copy of the OS on the second drive and mirror all configuration files to it so that if anything happens to the main drive, I can turn around and boot from the second and be up and running almost immediately.

Maybe you want to just run them in a softraid mirror...

https://www.openbsd.org/faq/faq14.html#softraidDI

>
> Thanks,
>
> Walt
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
>

Reply | Threaded
Open this post in threaded view
|

Re: Bootable installation partition on a hard drive?

Stuart Henderson
On 2020-09-07, tom ryan <[hidden email]> wrote:

>
> On 7/9/20 5:07 pm, Walt wrote:
>> I have a new server on order that should arrive in a few days.
>> It's intended purpose is to replace my current firewall. It has no CD
>> and so I'll make and use a bootable flash drive as described in the
>> Installation Guide section of the FAQ.
>>
>> The server will have a second ssd drive and so I got to wondering
>> if it might be useful to create a bootable partition on the drive and
>> install the installation on it.
>>
>> I'm probably not going to do this but I am curious about whether it
>> would work very well. I'll probably install a second copy of the OS on
>> the second drive and mirror all configuration files to it so that if
>> anything happens to the main drive, I can turn around and boot from the
>> second and be up and running almost immediately.

It's possible, but it's a challenge to keep them in sync.

> Maybe you want to just run them in a softraid mirror...
>
> https://www.openbsd.org/faq/faq14.html#softraidDI

This helps with some types of problem (drive failure), but doesn't help
with fat-fingered commands or bad upgrades that periodic or manual syncs
would protect against.

My suggestions would be to keep the config files in a management system
of some sort. Whether that's a full-blown config management system like
ansible/salt, one of the simpler tools like rset, judo, rdist, or even
just commiting config files directly to a version control repository,
they will all help get a system back up and running much more quickly.
Keeping config changes to the minimum necessary helps too of course.


Reply | Threaded
Open this post in threaded view
|

Secure storage of config files (was Re: Bootable installation partition on a hard drive?)

Paul Suh-2
On Sep 7, 2020, at 5:48 AM, Stuart Henderson <[hidden email]> wrote:
>
> My suggestions would be to keep the config files in a management system
> of some sort. Whether that's a full-blown config management system like
> ansible/salt, one of the simpler tools like rset, judo, rdist, or even
> just commiting config files directly to a version control repository,

Folks,

Do people have opinions on the best way to securely store sensitive config files in a management system or repo? For instance, the various private keys that live in the various nooks and crannies of /etc.

And if they’re stored in encrypted form, what’s the best way to have them decrypted for zero-touch or minimal-touch config restores?


—Paul


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bootable installation partition on a hard drive?

Walt
In reply to this post by Stuart Henderson
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, September 7, 2020 4:48 AM, Stuart Henderson <[hidden email]> wrote:

> On 2020-09-07, tom ryan [hidden email] wrote:
>
> > On 7/9/20 5:07 pm, Walt wrote:
> >
> > > I have a new server on order that should arrive in a few days.
> > > It's intended purpose is to replace my current firewall. It has no CD
> > > and so I'll make and use a bootable flash drive as described in the
> > > Installation Guide section of the FAQ.
> > > The server will have a second ssd drive and so I got to wondering
> > > if it might be useful to create a bootable partition on the drive and
> > > install the installation on it.
> > > I'm probably not going to do this but I am curious about whether it
> > > would work very well. I'll probably install a second copy of the OS on
> > > the second drive and mirror all configuration files to it so that if
> > > anything happens to the main drive, I can turn around and boot from the
> > > second and be up and running almost immediately.
>
> It's possible, but it's a challenge to keep them in sync.
>
> > Maybe you want to just run them in a softraid mirror...
> > https://www.openbsd.org/faq/faq14.html#softraidDI
>
> This helps with some types of problem (drive failure), but doesn't help
> with fat-fingered commands or bad upgrades that periodic or manual syncs
> would protect against.
>
> My suggestions would be to keep the config files in a management system
> of some sort. Whether that's a full-blown config management system like
> ansible/salt, one of the simpler tools like rset, judo, rdist, or even
> just commiting config files directly to a version control repository,
> they will all help get a system back up and running much more quickly.
> Keeping config changes to the minimum necessary helps too of course.

My primary reason for the second hard drive is to use faubackup to make
copies of /etc and /home to the second hard drive.  I will have a 1 TB
drive on the new machine and so I will have plenty of room for an extra
bootable copy of the OS on it.

Also, I keep copies of all the configuration files in a user directory and
make my changes there instead of /etc and /etc/sshd and then use a makefile
to copy the individual configuration files as necessary to /etc and
elsewhere. This makes it particularly easy to replace one computer with
another with a fresh copy of OpenBSD.

Walt

Reply | Threaded
Open this post in threaded view
|

Re: Bootable installation partition on a hard drive?

Manuel Solis Vazquez
You could mount a special partition /altroot so you could be prepared in
case something wrong happens, and the rest of the disk would be free for
your backups.

https://www.openbsd.org/faq/faq14.html#altroot

El lun., 7 sept. 2020 a las 18:58, Walt (<[hidden email]>)
escribió:

> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, September 7, 2020 4:48 AM, Stuart Henderson <
> [hidden email]> wrote:
>
> > On 2020-09-07, tom ryan [hidden email] wrote:
> >
> > > On 7/9/20 5:07 pm, Walt wrote:
> > >
> > > > I have a new server on order that should arrive in a few days.
> > > > It's intended purpose is to replace my current firewall. It has no CD
> > > > and so I'll make and use a bootable flash drive as described in the
> > > > Installation Guide section of the FAQ.
> > > > The server will have a second ssd drive and so I got to wondering
> > > > if it might be useful to create a bootable partition on the drive and
> > > > install the installation on it.
> > > > I'm probably not going to do this but I am curious about whether it
> > > > would work very well. I'll probably install a second copy of the OS
> on
> > > > the second drive and mirror all configuration files to it so that if
> > > > anything happens to the main drive, I can turn around and boot from
> the
> > > > second and be up and running almost immediately.
> >
> > It's possible, but it's a challenge to keep them in sync.
> >
> > > Maybe you want to just run them in a softraid mirror...
> > > https://www.openbsd.org/faq/faq14.html#softraidDI
> >
> > This helps with some types of problem (drive failure), but doesn't help
> > with fat-fingered commands or bad upgrades that periodic or manual syncs
> > would protect against.
> >
> > My suggestions would be to keep the config files in a management system
> > of some sort. Whether that's a full-blown config management system like
> > ansible/salt, one of the simpler tools like rset, judo, rdist, or even
> > just commiting config files directly to a version control repository,
> > they will all help get a system back up and running much more quickly.
> > Keeping config changes to the minimum necessary helps too of course.
>
> My primary reason for the second hard drive is to use faubackup to make
> copies of /etc and /home to the second hard drive.  I will have a 1 TB
> drive on the new machine and so I will have plenty of room for an extra
> bootable copy of the OS on it.
>
> Also, I keep copies of all the configuration files in a user directory and
> make my changes there instead of /etc and /etc/sshd and then use a makefile
> to copy the individual configuration files as necessary to /etc and
> elsewhere. This makes it particularly easy to replace one computer with
> another with a fresh copy of OpenBSD.
>
> Walt
>
>

--
Lic. Manuel Solís Vázquez