openbsd cover

Exoscale is happy to announce the availability of an OpenBSD 5.6 image. OpenBSD is a 4.4BSD based operating system focused on portability, standardization, correctness, proactive security and integrated cryptography.

The OpenBSD project is most famous for producing OpenSSH.

Why does OpenBSD matter

Compared to Linux, the development of OpenBSD differs in several way. The most glaring difference is the fact that OpenBSD produces a complete and integrated operating system, while Linux is distributed as a kernel with separate teams building non-kernel (referred to as userland) components and most of the time another team bundling both the kernel and userland components in distributions. By contrast, the OpenBSD team produces both the kernel and userland as well as a selection of third-party packages - ports.

The result is a consistent system with great attention to details, and a huge selection of userland tools which are either specific to OpenBSD or target it primarily such as

  • relayd: A layer 2/3 and layer 7 load-balancer.
  • iked: An IPSEC VPN daemon.
  • pf: The best open source firewall.
  • smtpd: A simple and powerful SMTP server.

And many more such as httpd, ntpd, ldapd and ypldap. Beyond the base system you’ll find your favorite software ready to install as pre-built packages.

In addition to this selection of software, the documentation is of outstanding quality and readily available - in man pages.

All this makes OpenBSD a great candidate for generic cloud workloads, it truly excels in the following scenarios:

  • VPN host to guard access to your other instances.
  • Firewall and load-balancer for your web front-ends.
  • DNS resolver and authoritative server.
  • Mail gateway.

Cloud-init support

Building on this great foundation, we added minimal support for instance personalization on first boot, to allow you to easily orchestrate OpenBSD instances through our API.

To keep within the spirit of security OpenBSD promotes, the personalization does as little as possible and is only performed on first boot, the following actions are possible:

  • Provisioning of public keys for the root account through the keypair functionality of our API or our web portal.
  • Setting the FQDN of the instance and adding it to /etc/hosts

Based on feedback from users of the OpenBSD template we will consider adding more functionality to the cloud-init process as documented here: https://github.com/exoscale/openbsd-cloud-init.

We hope you’ll enjoy using OpenBSD and are looking forward to your feedback.

openbsd running