Oracle Cloud doesn't propose FreeBSD like a lot of providers so we need to install it using a direct flash.
This is my initial setup phase and everything starts with an Always-Free running Oracle Linux.
Flashing FreeBSD 13.1
Connected using ssh and using root:
- You need to check that you have
wget
installed otherwise you need to install it:dnf install wget -y
- Identify your disk with
fdisk -l
, in my case it's /dev/sda - Flashing: depends of your VM (AMD64 or AARCH64), you need to use the good one
```bash
AMD64
wget download.freebsd.org/ftp/releases/VM-IMAGES.. -O - | xz -dc | dd of=/dev/sda bs=1M cov=fdatasync
AARCH64
wget download.freebsd.org/ftp/releases/VM-IMAGES.. -O - | xz -dc | dd of=/dev/sda bs=1M cov=fdatasync
4. Initiate the reboot using the dashboard: https://cloud.oracle.com
FreeBSD is now installed
## Post-install steps
Using the console using the dashboard, let's do a quick config and enable ssh.
### Switch from quarterly to the latest repository (optional)
Depending if the version in quarterly is valid for your usage or not.
```bash
sed -i '' 's/quarterly/latest/' /etc/pkg/FreeBSD.conf
Update the system
freebsd-update fetch install
pkg update
reboot
Install packages
Let's install a text editor, tmux, a sudo
alternative, a DHCP client doing IPv4 and IPv6 and OpenSSH
pkg install -y doas dual-dhclient-daemon openssh-portable tmux vim
sudo
is also available but on FreeBSD, I prefer doas
Config doas
for group wheel
echo "permit :wheel" > /usr/local/etc/doas.conf
Config ssh server
vim /usr/local/etc/ssh/sshd_config
In my case, I force post-install (before the configuration management run (ansible/saltstack)):
- PubkeyAuthentication yes
- PasswordAuthentication no
- PermitEmptyPasswords no
- VersionAddendum sycured
Tune the boot time
/etc/loader.conf
autoboot_wait="0"
autoboot_delay="0"
beastie_disable="YES"
boot_serial="YES"
loader_logo="none"
cryptodev_load="YES"
Tune the system and services at boot
/etc/rc.conf
hostname="oci-test"
ifconfig_DEFAULT="DHCP inet6 accept_rtadv"
ipv6_activate_all_interfaces="YES"
dhclient_enable="YES"
dhclient_program="/usr/local/sbin/dual-dhclient"
growfs_enable="YES"
sshd_enable="NO"
openssh_enable="YES"
Create opc user
pw user add -n opc -d /home/opc -G wheel -m -s /bin/sh
Change the password
passwd opc
Add you ssh public key
mkdir -p /home/opc/.ssh
echo "MY_PUBLIC_KEY" > /home/opc/.ssh/authorized_keys
chown -R opc:opc /home/opc/.ssh
chmod 600 /home/opc/.ssh/authorized_keys
And finally, run the last reboot
Conclusion
This is a working way to have a FreeBSD when your provider doesn't offer it.
I haven't added a part about the firewall because the VM is already protected using security rules at the subnet level.
But you've 2 possibilities about the firewall:
- stateful: pf
- stateless: ipfw
If you want more information about pf, you can look at Packet Filter - OpenBSD Handbook.