# FreeBSD google cloud image.



## Ira (Jun 20, 2016)

Hi, someone managed to install FreeBSD on google cloud ?


----------



## Murph (Jun 20, 2016)

FreeBSD 10.3-RELEASE Announcement


> FreeBSD 10.3-RELEASE amd64 is also available on these cloud hosting platforms:
> 
> Google® Compute Engine™:
> Instances can be deployed using the gcloud utility:
> ...


----------



## Ira (Jun 21, 2016)

Murph said:


> FreeBSD 10.3-RELEASE Announcement


So I have just to upload FreeBSD 10.3 AMD64 intro my bucket and click install?
I mean is not needed to convert image?


----------



## Murph (Jun 21, 2016)

Ira said:


> So i have just to upload FreeBSD 10.3 amd64 intro  my bucket and  click install ?
> I mean is not needed to convert image ?



No, you do not use the normal amd64 image that you would install on a standalone PC.  You use the special pre-prepared public image through Google's cloud management tools, as described in the section of the release announcement that I quoted above.  Here it is again:

```
% gcloud compute instances create INSTANCE \
        --image freebsd-10-3-release-amd64 \
        --image-project=freebsd-org-cloud-dev
      % gcloud compute ssh INSTANCE
```
See also: 
https://cloud.google.com/compute/docs/gcloud-compute/
https://cloud.google.com/compute/docs/instances/create-start-instance
https://cloud.google.com/compute/docs/images
Although Google's docs do not currently list FreeBSD, their docs for Linux should mostly be appropriate for things outside the running instance (you just need to use the FreeBSD images instead of Linux images, and then do things the normal FreeBSD way inside the running instance).


----------



## Ira (Jun 21, 2016)

Murph said:


> No, you do not use the normal amd64 image that you would install on a standalone PC.  You use the special pre-prepared public image through Google's cloud management tools, as described in the section of the release announcement that I quoted above.  Here it is again:
> 
> ```
> % gcloud compute instances create INSTANCE \
> ...



Well I prefer to make a special image.

But I have just one problem...

After complete install of FreeBSD I don't know which password to use.

I used this script to make the custom image:

```
VERSION=10.3-RELEASE
VMSIZE=10g
SWAPSIZE=1G
NEWFS_OPTIONS="-U -j -t"
COMPONENTS="base kernel"

TS=`env TZ=UTC date +%Y%m%d%H%M%S`
IMAGENAME=`echo FreeBSD-${VERSION}-amd64-${TS} | tr '[A-Z]' '[a-z]' | sed -e 's/\.//g'`

BUCKETFILE=FreeBSD-${VERSION}-amd64-${TS}.tar.gz
TMPFILE=FreeBSD-${VERSION}-amd64-gcloud-image-${TS}.raw

WRKDIR=${PWD}
TMPMOUNT=/mnt/gcloud_new_${TS}

###############################

cleanup() {
  set +e
  echo "Error or interrupt detected, cleaning up and exiting"
  cd ${WRKDIR}
  umount -f ${TMPMOUNT} >/dev/null 2>&1
  rmdir ${TMPMOUNT} >/dev/null 2>&1
  mdconfig -d -u ${MD_UNIT} >/dev/null 2>&1
  rm -f ${TMPFILE} disk.raw pmbr gptboot /tmp/mkimg-?????? >/dev/null 2>&1
  trap - SIGHUP SIGINT SIGTERM EXIT
  echo
  exit 1
}

build_mirror() {
  cd ${WRKDIR}
  mkdir -p ${VERSION}
  cd ${VERSION}

  for comp in ${COMPONENTS} ; do
    if [ ! -f ${comp}.txz ]; then
      fetch http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/${VERSION}/${comp}.txz
    fi
  done
}

build_image() {
  cd ${WRKDIR}
  truncate -s ${VMSIZE} ${TMPFILE}
  MD_UNIT=$(mdconfig -f ${TMPFILE})

  echo "  Creating filesystem"
  newfs ${NEWFS_OPTIONS} ${MD_UNIT} >/dev/null 2>&1

  mkdir -p ${TMPMOUNT}

  mount /dev/${MD_UNIT} ${TMPMOUNT}

  cd ${TMPMOUNT}
  for comp in ${COMPONENTS} ; do
    echo "  Installing ${comp} into image"
    tar -xzf ${WRKDIR}/${VERSION}/${comp}.txz
  done
}

setup_image() {
  cd ${TMPMOUNT}

  cat << EOF > etc/resolv.conf
search google.internal
nameserver 8.8.4.4
nameserver 8.8.8.8
EOF

  cat << EOF > etc/fstab
# Custom /etc/fstab for FreeBSD VM images
/dev/gpt/rootfs   /       ufs     rw      1       1
/dev/gpt/swapfs   none    swap    sw      0       0
EOF

  cat << EOF > etc/rc.conf
hostname="Ira"
ifconfig_vtnet0="SYNCDHCP mtu 1460"
ntpd_sync_on_start="YES"
sshd_enable="YES"
EOF

  cat << EOF > boot/loader.conf
autoboot_delay="-1"
beastie_disable="YES"
loader_logo="none"
hw.memtest.tests="0"
console="comconsole"
hw.vtnet.mq_disable=1
kern.timecounter.hardware=ACPI-safe
aesni_load="YES"
nvme_load="YES"
EOF

  cat << EOF >> etc/hosts
169.254.169.254 metadata.google.internal metadata
EOF

  cat << EOF > etc/ntp.conf
server metadata.google.internal iburst

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1
restrict 127.127.1.0
EOF

  cat << EOF >> etc/syslog.conf
*.err;kern.warning;auth.notice;mail.crit                /dev/console
EOF

  cat << EOF >> etc/ssh/sshd_config
ChallengeResponseAuthentication no
X11Forwarding no
AcceptEnv LANG
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
AllowAgentForwarding no
PermitRootLogin yes
PasswordAuthentication yes
ChallengeResponseAuthentication yes
ClientAliveInterval 420
EOF

  cat << EOF >> etc/crontab
0    3    *    *    *    root    /usr/sbin/freebsd-update cron
EOF

  cat << EOF >> etc/sysctl.conf
net.inet.icmp.drop_redirect=1
net.inet.ip.redirect=0
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
kern.ipc.somaxconn=1024
debug.trace_on_panic=1
debug.debugger_on_panic=0
EOF
    sed -E -i '' 's/^([^#].*[[:space:]])on/\1off/' etc/ttys

    touch ./firstboot
}

finish_image() {
  cd ${TMPMOUNT}
  cp boot/pmbr ${WRKDIR}
  cp boot/gptboot ${WRKDIR}

  cd ${WRKDIR}

  umount ${TMPMOUNT}
  rmdir ${TMPMOUNT}

  mdconfig -d -u ${MD_UNIT}

  echo "  Creating partitioned file"
  mkimg -s gpt -b pmbr \
          -p freebsd-boot/bootfs:=gptboot \
          -p freebsd-swap/swapfs::${SWAPSIZE} \
          -p freebsd-ufs/rootfs:=${TMPFILE} \
          -o disk.raw

  rm ${TMPFILE} pmbr gptboot
  echo "  Creating image tar"
  tar --format=gnutar -Szcf ${BUCKETFILE} disk.raw
  rm disk.raw
}

###############################

if [ $(id -u) != 0 ]; then
   echo "This script must be run as root" 1>&2
   exit 1[CODE]    echo root | pw mod user root -h 0
```
fi

set -e

trap cleanup SIGHUP SIGINT SIGTERM EXIT

cd ${WRKDIR}

echo "Building mirror of OS components"
build_mirror
echo "Creating image"
build_image
echo "Setting up image"
setup_image
echo "Finishing image"
finish_image
trap - SIGHUP SIGINT SIGTERM EXIT[/CODE]
My question is, what password will be assigned to user root after installing?
How I can do to set a password after installation is done?
My idea was to add this maybe I added it wrong?  If someone has an idea please reply.

```
echo root | pw mod user root -h 0
```
But it does not work, still says wrong password.

PS: I don't want the google cloud packages, I want a clean very clean fresh installed system.


----------



## Ira (Jun 21, 2016)




----------



## mlerota (Oct 21, 2016)

Official FreeBSD-11 is available on Google cloud platform. You can spin up one with:

```
gcloud compute instances create NAME --image freebsd-11-0-release-amd64  --image-project=freebsd-org-cloud-dev --machine-type MTYPE --zone ZONE
```

If you are new to GCP, first you have to create a network. Here is an example:


```
gcloud compute networks create default
gcloud compute firewall-rules create default-allow-icmp --network default --allow icmp --source-ranges 0.0.0.0/0
gcloud compute firewall-rules create default-allow-ssh --network default --allow tcp:22 --source-ranges 0.0.0.0/0
gcloud compute firewall-rules create default-allow-internal --network default --allow tcp:0-65535,udp:0-65535,icmp --source-ranges 10.128.0.0/9
```


----------



## mkvalor (Jan 19, 2017)

I understand your desire to configure the OS to your liking.  Please know, though, that there are some configuration steps and required packages that cannot be left out, when you do this.  Here is the github repo (not mine) of a shell script to help prepare a FreeBSD image:

https://github.com/swills/FreeBSD-gcloud/blob/master/build_google_image.sh

(Note the inclusion of certain packages to be included with the image, such as "google-shell-scripts")

I found this by following a 3-year-old comment to a 4-year-old thread on the subject at:

https://groups.google.com/forum/#!msg/gce-discussion/YWoa3Aa_49U/FYAg9oiRlLUJ

I cannot vouch for the correctness of this script (which was last updated two years ago) since I have not personally used it, but I suspect that combining elements from it with your own script, as well as considering the advice at the top of the google groups forum post, will lead you in the right direction.


----------



## Vladimir Botka (Oct 22, 2017)

FreeBSD 11.1 works fine with cloud.google.com/
`> gcloud compute instances create "INSTANCE" --image freebsd-11-1-stable-amd64-2017-10-13 --image-project=freebsd-org-cloud-dev --machine-type "g1-small" --boot-disk-size "22"`

Transfer the public key to the INSTANCE
`> gcloud compute project-info add-metadata --metadata-from-file sshKeys=gcloud.ssh-keys`

Format of the file gcloud.ssh-keys should be

```
[REMOTE-USERNAME]:ssh-rsa [KEY_VALUE] [LOCAL-USERNAME]
where:
REMOTE-USERNAME is the user whose account in the remote system shall be used to login. In most cases the name of the account (name before @gmai.com). Public key shall be copied to ~/.ssh/authorized_keys
LOCAL-USERNAME is the user whose public key ~/.ssh/id_rsa.pub shall be copied
```

Then ssh to the INSTANCE
`> whoami
LOCAL-USERNAME
> ssh REMOTE-USERNAME@IP-OF-THE-INSTANCE`



Documentation "Formatting your public SSH key files" does not describe the format correctly
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#sshkeyformat
https://issuetracker.google.com/issues/67996842
--


----------



## Shawn Bakhtiar (Jan 30, 2018)

`Shawns-Mac-Pro:~ shawn$ gcloud compute instances create "diablita" --zone "us-west1-a" --boot-disk-size "60" --boot-disk-type "pd-ssd" --image "freebsd-11-1-release-amd64" --image-project=freebsd-org-cloud-dev --machine-type "n1-standard-1"`

The SSH Keys do not work. In order to make them work I had to:

I copied the content of ~/.ssh/id_rsa.pub and ~/.ssh/google_compute_engine.pub to the vm instances ~./ssh/authorized_keys. I also added them to the *VM Instances Details* under the *SSH Keys* section.

Otherwise I get the following error error:

`Shawns-Mac-Pro:~ shawn$ ssh sbakhtiar@redacted.example.com -v
OpenSSH_6.9p1, LibreSSL 2.1.8
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: /etc/ssh/ssh_config line 56: Applying options for *
debug1: Connecting to redacted.example.com [XXX.XXX.XXX.XXX] port 22.
debug1: Connection established.
debug1: identity file /Users/shawn/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/shawn/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2 FreeBSD-20161230
debug1: match: OpenSSH_7.2 FreeBSD-20161230 pat OpenSSH* compat 0x04000000
debug1: Authenticating to redacted.example.com:22 as 'sbakhtiar'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr umac-64-etm@openssh.com none
debug1: kex: client->server aes128-ctr umac-64-etm@openssh.com none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:SoM3J1b3rrISHNumb3rSgo3sH3r3
debug1: Host 'redacted.example.com' is known and matches the ECDSA host key.
debug1: Found key in /Users/shawn/.ssh/known_hosts:34
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/shawn/.ssh/id_rsa
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: /Users/shawn/.ssh/google_compute_engine
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/shawn/.ssh/id_dsa
debug1: Trying private key: /Users/shawn/.ssh/id_ecdsa
debug1: Trying private key: /Users/shawn/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).
Shawns-Mac-Pro:~ shawn$`

I tried what Vladimir Botka suggested in his post, but I get error (after having put the public key information into _gcloud.ssh-keys_:
`Shawns-Mac-Pro:~ shawn$ gcloud compute project-info add-metadata --metadata-from-file sshKeys=gcloud.ssh-keys
ERROR: gcloud crashed (DecodeError): Invalid enum value "INTERCONNECTS"

If you would like to report this issue, please run the following command:
  gcloud feedback

To check gcloud for common problems, please run the following command:
  gcloud info --run-diagnostics`


----------

