From nobody Thu May 30 04:16:22 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VqXxv4mm4z5Lnf5 for ; Thu, 30 May 2024 04:16:35 +0000 (UTC) (envelope-from vrwmiller@gmail.com) Received: from mail-yw1-x1132.google.com (mail-yw1-x1132.google.com [IPv6:2607:f8b0:4864:20::1132]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VqXxv09Fwz4dCn for ; Thu, 30 May 2024 04:16:35 +0000 (UTC) (envelope-from vrwmiller@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=Np9xhaTl; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of vrwmiller@gmail.com designates 2607:f8b0:4864:20::1132 as permitted sender) smtp.mailfrom=vrwmiller@gmail.com Received: by mail-yw1-x1132.google.com with SMTP id 00721157ae682-62a2424ec39so3755427b3.1 for ; Wed, 29 May 2024 21:16:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717042593; x=1717647393; darn=freebsd.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/3bA5AMIbV54emoLupIs/nMVbcISkCkLh7bhwibvSuA=; b=Np9xhaTlZciUd0DehTTQRFrm84wd5rlS3+dDcgDQ4mr3R8AIp9LvD06ElOFBQIzKmJ zJLebuuvXN8AgXlkAlq6sSTZqALFrSLNYZhYGavPXx8E/VqKTWDc5ZCTFBTtttXMjrM9 3gWr1d0Jvr10A+afNaPkCopgLIXd5xP6RFUa+F1Z8+6wE2u4/EK9nTicoPVwK8dzbNPz /neio7DlRIgbsLAnmzOr6JSkmKaGZE2/NphS34r6KLKUc3/IFjXBziwwVGI4cgGGVDBG GXTA9CEjIgoYUzQwP+iIkO/wfjmd4uxcmI3HL4b/SQD2BZZQTTUeek4/8h3xmYSCYxIz K4Ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717042593; x=1717647393; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/3bA5AMIbV54emoLupIs/nMVbcISkCkLh7bhwibvSuA=; b=S30AtRAsKNMbuU6KjpjBcjCp7qAuCXDTFQDpUmAEZsPvyxO9T38L19D3XVfZx6d0Z4 8MUmp0BNSKe3a04jNYfJv7L3duXiAGcRpiL0fGFBEITgexYn0XY/EVu8cwwgOXtUJHfK YLa/kjVxFp5s165cUa/sQnWbeicN0zU99XDawYssteNMAJxlL4epKbPNrAcMGPDQHGuz YMsyliUx7A+XawYy/Pt6ezK0zKFktiFq44LlQyOFBGs3gQe7gRepBXvzI8leGM4IepGP SUapF7j/mbUiZBYpRYFMLLbUbitP7DTK4eqq+gwu0cdOFT2f0e98cUmZjPB0WNcUbOvM vNOQ== X-Gm-Message-State: AOJu0Yx2aCJfTchi38b99V/dkW/rcL2fDx8omJkN8TW+omtu5osZvc29 WyBBm+y4eMS5w7JqwxZfMkqwdFinY7t9z/ZNiT28uSe/sxipfGFgKSiQK+NRSDC/N6TVpAOj8Ut 801IJHiPPEVDrXlYp8V0/L4ZDneJ/rQqx X-Google-Smtp-Source: AGHT+IFTPOK5m50NLPgXYedYVoR7++KRnQSXyL217gEAVu0rf1/mpjw+bUwBC4aMUe3uM6gG5rkv+m5q9qst71XhcPo= X-Received: by 2002:a0d:d5ca:0:b0:61a:b199:9313 with SMTP id 00721157ae682-62c6bc31632mr12873357b3.16.1717042593393; Wed, 29 May 2024 21:16:33 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: freebsd-questions@freebsd.org Sender: owner-freebsd-questions@FreeBSD.org MIME-Version: 1.0 References: <6070ca6676d04596b849782e723177ca@oekb.at> In-Reply-To: <6070ca6676d04596b849782e723177ca@oekb.at> From: Vincent Miller Date: Thu, 30 May 2024 00:16:22 -0400 Message-ID: Subject: Re: FreeBSD install via Proxy? To: Jenisch Ewald Cc: "freebsd-questions@freebsd.org" Content-Type: multipart/alternative; boundary="000000000000d7f2a60619a42147" X-Spamd-Bar: -- X-Spamd-Result: default: False [-3.00 / 15.00]; SUBJECT_ENDS_QUESTION(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; ARC_NA(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; FROM_HAS_DN(0.00)[]; MISSING_XM_UA(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROMTLD(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::1132:from] X-Rspamd-Queue-Id: 4VqXxv09Fwz4dCn --000000000000d7f2a60619a42147 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, May 28, 2024 at 8:23=E2=80=AFAM Jenisch Ewald wrote: > Hi, > > I've got a machine sitting in a heavily firewalled environment not > allowing direct internet connections, but http/https has to run via a > proxy. I've found ways to get normal user activity as well as git for > source updates run via proxy, but how about a fresh installation of FreeB= SD > > To be specific: How can I get the installer (i.e. bootonly.iso) to run > it's downloads via a proxy instead of trying to connect to the internet > dirctly? > [ snip ] > > PS: As for "installation", I'm talking about FreeBSD 14.0 here > I've not done this with 14.x yet nor interactively via bootonly.iso, but believe it is feasible based on my experience. The stock bootonly.iso should be sufficient if you're ok doing it interactively and figuring it out as you go. Boot the media into a shell, initialize a network interface, and define HTTP_PROXY and friends appropriately then run bsdinstall or equivalent procedure to fetch and install kernel, base, etc. The bootonly.iso can also be built with a custom implemented /etc/installerconfig that does it non-interactively. Such an ISO might be able to be built with Poudriere more easily than it can be built from source. I'm familiar with doing so from source and less so via Poudriere and with FreeBSD 8.0 through 13.3 and via proxy beginning with 13.x. The interactive process isn't scalable particularly in a zero-trust environment. The non-interactive implementation is much more useful with larger footprints. I wrote some blogs 10+ years ago regarding PXE booting and installing FreeBSD via Cobbler. Those concepts still apply to current versions, but the implementation and tools have changed over the years...Cobbler isn't used, the FreeBSD installer has changed, and other tools have been replaced. See them below. There's probably some useful tidbits still, but not directly applicable to modern versions. https://blog.hostileadmin.com/2013/04/11/installing-freebsd-via-cobbler/ https://blog.hostileadmin.com/2012/05/08/using-sysinstall-for-automated-fre= ebsd-8-x-installs/ https://blog.hostileadmin.com/2012/05/04/pxe-booting-into-a-freebsd-install= ation/ -- Take care Vincent Miller --000000000000d7f2a60619a42147 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, May 28, 2024 at 8:23=E2=80=AF= AM Jenisch Ewald <Ewald.Jenisch= @oekb.at> wrote:
Hi,

I've got a machine sitting in a heavily firewalled environment not allo= wing direct internet connections, but http/https has to run via a proxy. I&= #39;ve found ways to get normal user activity as well as git for source upd= ates run via proxy, but how about a fresh installation of FreeBSD

To be specific: How can I get the installer (i.e. bootonly.iso) to run it&#= 39;s downloads via a proxy instead of trying to connect to the internet dir= ctly?

[ snip ]

PS: As for "installation", I'm talking about FreeBSD 14.0 her= e

I've not done this with 14.x yet= nor interactively=C2=A0via bootonly.iso, but believe it is feasible based = on my experience. The stock bootonly.iso should be sufficient if you're= ok doing it interactively and figuring it out as you go. Boot the media in= to a shell, initialize a network interface, and define HTTP_PROXY and frien= ds appropriately=C2=A0then run bsdinstall or equivalent=C2=A0procedure to f= etch and install kernel, base, etc.

The bootonly.i= so can also be built with a custom implemented /etc/installerconfig that do= es it non-interactively. Such an ISO might be able to be built with Poudrie= re more easily than it can be built from source. I'm familiar with=C2= =A0doing so from source and less so via Poudriere and with FreeBSD 8.0 thro= ugh 13.3 and via proxy beginning with 13.x.

The in= teractive process isn't scalable particularly=C2=A0in a zero-trust envi= ronment. The non-interactive implementation is much more useful with larger= footprints.

I wrote some=C2=A0blogs 10+ years ago= regarding PXE booting and installing FreeBSD via Cobbler. Those concepts s= till apply to current versions, but the implementation and tools have chang= ed over the years...Cobbler isn't used, the FreeBSD installer has chang= ed, and other tools have been replaced. See them below. There's probabl= y some useful tidbits still, but not directly applicable to modern versions= .


--
Take care
Vincent Miller
--000000000000d7f2a60619a42147--