smartos > Bhyve-ready NetBSD Images
Bhyve-ready NetBSD Images
Created by hww3. Last updated by hww3,
5 days ago. Version #6.
I've put together some bhyve images of NetBSD for use with MNX Triton Datacenter and SmartOS. They include a pre-configured cloud-init and should be fairly well integrated with Triton.
The latest images are available for NetBSD 10.1 and contain the following:
- Base OS install, plus compiler and headers, plus man pages on a 10GB image.
- Virtio disk and networking
- Integration using cloud-init configured for SmartOS/Triton (root password and ssh key, data disk preparation, etc)
- mdata client installed, example use is in /etc/cloud/cloud.cfg
- root and data disk resize checks on startup
- pkgsrc/pkgin installed and ready to go
- mozilla-rootcerts installed and set up
- Serial console configured for use with vmadm console
- UEFI boot
I'm hosting the image on my IMGAPI server. You can add it as a source to your imgadm:
root@headnode# imgadm source -a http://images.welliver.org
Here's the current list of images:
root@headnode# imgadm avail | grep netbsd
3a362e0e-afaf-11ed-97b3-cfb1bff0c1d0 netbsd-9.3-cloudimage 20230219 bsd zvol 2023-02-19
caf6d5d6-69c2-11f0-a449-c7e57fb31843 netbsd-10.1-cloudimage 20250726 bsd zvol 2025-07-26
These images are intended to be light weight, so only the minimum install sets (plus the compiler and headers, necessary for building software). Here's an example of how to add other installation sets:
root# cd / && curl -L http://mirror.planetunix.net/pub/NetBSD/NetBSD-10.1/amd64/binary/sets/ttxt.tar.xz | tar xzvf -
I've tested both images as a pkgsrc build platform and they work at least as well as my previous virtual environment running on VMWare.
An important note regarding security
By default, NetBSD does not assign a password to the root user. This means that unless the password is changed, anyone with console access can log in as root. Generally, anyone in the wheel group can su to root without being prompted for a password. A user, "netbsd" is also created as the recommended login approach. This user will also have ssh keys installed, but by default has no password.
The images generated will automatically set a root password if it's provided in the instance metadata. This happens automatically in Triton, but it also works with SmartOS if it's provided in the instance information (see the example below for how to do this).
Also note, the metadata client is executable by anyone, so even if the password is set, it relies on the security of the communication port (/dev/tty01) and thus //could// be easy to retrieve, unless it's been changed. This seems to be the case with all image types, and again, the only protection comes from the permission set on the metadata socket or device.
How the images are built
The image build script must be run from a netbsd system, in order to format the ffs disk and install the netbsd boot loader. Additionally, cloud-init installation won't be successful if the current NetBSD version isn't the same as the image we're building (point releases may work, however). Thus, building an image is a two-step process: create an image on a vm running a previous NetBSD release, and then boot into that and run the image builder in order to get a fully functional image. The interim image won't have networking automatically set up, so there's some legwork that needs to be done there. It's unclear what the right approach is, ditching cloud-init or automating more of the process. Given that major releases happen once every 2-3 years, it may not be worth the effort to try to improve the process.
So, start by cloning the following repository on a NetBSD system:
https://git.sr.ht/~hww3/netbsd-cloud-images
Edit the script for the version of NetBSD you'd like to use and to make any changes, and then (as root) run build.sh. This should create a new blank UEFI-based NetBSD install with everything configured for the first run. The result will be a raw image called "final.raw".
Copy this to your smartos/triton headnode and create a blank bhyve vm (take the script and template from the repository above):
./bhyve_import_raw_image.sh final.raw netbsd-10.1-cloudimage 10.1 netbsd-cloudimage-template.json
Adapted from the following source:
https://github.com/virt-lightning/netbsd-cloud-images
Notes for creating the initial image:
NetBSD DVD install images are UEFI ready starting with NetBSD 9.0, so we can finally use BHYVE for the entire process. An image from the previous version of NetBSD can be used, as described above, so the following isn't relevant unless you like doing things the hard way.
NOTE: the build vms don't need to be built on smartos, or even bhyve. You can generate the "final.raw" image on VMware or UTM, etc if that's easier.
A key trick is to make sure that the CD drive is located at a high PCI slot to ensure it gets priority:
UUID=youInstanceUUID
ISO="NetBSD-9.3-amd64.iso"
cp $ISO /zones/$UUID/root/
vmadm update $UUID bhyve_extra_opts="-s 7:0,ahci-cd,/$ISO"
vmadm start $UUID
vmadm update $UUID bhyve_extra_opts=""
You can use VNC to perform the original install. Not all VNC clients work equally well. I've had good luck with TigerVNC, but not with MacOS Screen Sharing and the "official" VNC client. Chicken also worked well, but is no longer supported on recent MacOS.
Not categorized
|
RSS Feed
| BackLinks