www.fabiankeil.de/gehacktes/cloudiatr/

cloudiatr: Remote operating system eviction made easy

cloudiatr makes reproducibly installing ElectroBSD and other FreeBSD-based operating systems more convenient (for some values of convenient). The previously running operating system is evicted, backups should be done before the eviction.

Data integrity matters, thus OpenZFS is used for everything.

By default, two ZFS pools are created at install-time. An unencrypted boot pool and an encrypted root pool for the rest of the operating system. cloudiatr reserves the remaining disk space for a third encrypted data pool, but does not create the pool itself, so you can do it after the reboot, using the potentially more trustworthy kernel and binaries that have been installed previously. The unencrypted boot pool can (and should be) overwritten once the system is running and recreated before intentional reboots. Running the system without usable boot pool prepares it for getting confiscated as a result of sloppy or malicious police investigations and similar threats.

Originally cloudiatr was designed to merely make storing zogftw backups on other people's computers (the cloud) more convenient, but of course it can also be used for systems you control and trust and to create bootable USB sticks.

cloudiatr should not be confused with Claudia (who has a Schäferhund).

This is what democracy a failed eviction attempt looks like

[Foto: Couple of police men in body armor] The police men in the picture did not use cloudiatr. The first eviction attempt failed. Coincidence? I think not.

This is what democracy a successful remote eviction looks like

Getting sshd working on the eviction target and creating the cloudiatr.conf is left as exercise for the reader ...

fk@r500 ~/git/cloudiatr $ scp cloudiatr cloudiatr.conf root@polizei-erziehung.fabiankeil.de:/root/
cloudiatr                                                  100%   16KB  16.1KB/s   00:00    
cloudiatr.conf                                             100% 1085     1.1KB/s   00:00    
fk@r500 ~/git/cloudiatr $ ssh root@polizei-erziehung.fabiankeil.de ./cloudiatr evict
cloudiatr (7073cbb) can't wait to evict 'polizei-erziehung.fabiankeil.de' ...

CLOUDIATR_DISKS='/dev/ada0 /dev/ada1'
CLOUDIATR_CHECKSUM_SMECKSUM='false'
CLOUDIATR_DEFAULTROUTER='95.211.241.126'
CLOUDIATR_HOSTNAME='polizei-erziehung.fabiankeil.de'
CLOUDIATR_IP_ADDRESS='95.211.241.83'
CLOUDIATR_MURDER_DEATH_KILL_REQUESTED='true'
CLOUDIATR_NETMASK='0xffffffc0'
CLOUDIATR_NEW_USER='cloudiatr'
CLOUDIATR_GELI_KEY_LENGTH='256'

Depending on your jurisdiction, 'eviction without consent' may be against the law.
cloudiatr doesn't bother to make backups of the existing data. That's what zogftw is for.

cloudiatr: Continue eviction? [y/n] y
cloudiatr: You really asked for it. Murder death kill in progress ...
cloudiatr: Eviction in progress ...
cloudiatr: Clearing gpart leftovers ...
/dev/ada0
ada0 destroyed
/dev/ada1
ada1 destroyed
cloudiatr: Setting up gpart ...
/dev/ada0
ada0 created
ada0p1 added
bootcode written to ada0
ada0p2 added
ada0p3 added
ada0p4 added
ada0p5 added
/dev/ada1
ada1 created
ada1p1 added
bootcode written to ada1
ada1p2 added
ada1p3 added
ada1p4 added
ada1p5 added
cloudiatr: Creating bpool on /dev/ada0p2 /dev/ada1p2  ...
cloudiatr: Initialising geli on /dev/ada0p3 ...
cloudiatr: Initialising geli on /dev/ada1p3 ...
cloudiatr: geli-attaching /dev/ada0p3
cloudiatr: geli-attaching /dev/ada1p3
cloudiatr: Creating rpool on /dev/ada0p3.eli /dev/ada1p3.eli  ...
cloudiatr: Checking image checksum ...
SHA256 (/tmp/FreeBSD-10.1-RELEASE-amd64-memstick.img) = 7a071894f12454442cf24ee4f19c2d21e2a8a79d54c83541d2cb7b9f48497b3e
cloudiatr: Loading kernel modules from FreeBSD image ...
crypto
geom_eli
opensolaris
zfs
cloudiatr: Extracting base
cloudiatr: Extracting kernel (without symbols)
/cloudiatr/rpool.key -> bpool/boot/rpool.key
/cloudiatr/geli-backups/ada0p3.eli -> /cloudiatr/rpool/var/backups/ada0p3.eli
/cloudiatr/geli-backups/ada1p3.eli -> /cloudiatr/rpool/var/backups/ada1p3.eli
cloudiatr: Writing /cloudiatr/rpool/boot/loader.conf ...
cloudiatr: Writing /cloudiatr/rpool/etc/rc.conf ...
cloudiatr: Writing /cloudiatr/rpool/etc/fstab ...
cloudiatr: Writing /cloudiatr/rpool/etc/resolv.conf ...
cat: /etc/resolv.conf: No such file or directory
cloudiatr: Setting root passwd
Changing local password for root
New Password:
Retype New Password:
Writing entropy file:.
Generating RSA host key.
2048 bd:97:aa:20:40:16:c5:f1:16:82:50:3b:29:08:98:bf  root@polizei-erziehung.fabiankeil.de (RSA)
Generating ECDSA host key.
256 39:5f:15:52:6e:4c:45:06:47:4f:87:d6:a3:3a:69:a5  root@polizei-erziehung.fabiankeil.de (ECDSA)
Generating ED25519 host key.
256 ef:db:4f:a0:d4:10:95:fe:5d:d0:7f:82:a3:77:26:60  root@polizei-erziehung.fabiankeil.de (ED25519)
/usr/sbin/sendmail -bi -OAliasFile=/etc/mail/aliases
/etc/mail/aliases: 29 aliases, longest 10 bytes, 297 bytes total
chmod 0640 /etc/mail/aliases.db
Setting date via ntp.
 4 Jan 16:41:14 ntpdate[2187]: step time server 193.1.31.66 offset 0.984920 sec
cloudiatr: Creating cloudiatr
/root/.ssh/authorized_keys -> /cloudiatr/rpool/home/cloudiatr/.ssh/authorized_keys
Preparing mounpoints on rpool ...
Exporting bpool ...
Looks like somebody managed to install a real operating system ...
cloudiatr: Reboot now? [y/n] y
#                                                                                
*** FINAL System shutdown message from root@polizei-erziehung.fabiankeil.de ***                                                                   

System going down IMMEDIATELY                                                  

System shutdown time has arrived
Connection to polizei-erziehung.fabiankeil.de closed by remote host.
Connection to polizei-erziehung.fabiankeil.de closed.
fk@r500 ~/git/cloudiatr $fancy-ping polizei-erziehung 1
[...]
2015-01-04 16:54:19: polizei-erziehung didn't respond in time
2015-01-04 16:54:23: polizei-erziehung didn't respond in time
2015-01-04 16:54:24: polizei-erziehung is alive
^C
# 1. Some mundane details that haven't been automated yet
# 2. ...
# 3. profit!
fk@r500 ~/git/cloudiatr $ssh polizei-erziehung.fabiankeil.de
OnionBSD (CLOUDIATR) #674 r276255+54e52d3(fk): Fri Dec 26 23:01:10 CET 2014

Welcome to OnionBSD!

$ su
Password:
root@polizei-erziehung:/home/fk # ./cloudiatr soft-protect
CLOUDIATR_DISKS='/dev/ada1 /dev/ada2'
CLOUDIATR_CHECKSUM_SMECKSUM='false'
CLOUDIATR_DEFAULTROUTER='95.211.241.126'
CLOUDIATR_HOSTNAME='polizei-erziehung.fabiankeil.de'
CLOUDIATR_IP_ADDRESS='95.211.241.83'
CLOUDIATR_MURDER_DEATH_KILL_REQUESTED='true'
CLOUDIATR_NETMASK='0xffffffc0'
CLOUDIATR_NEW_USER='cloudiatr'
CLOUDIATR_GELI_KEY_LENGTH='256'

cloudiatr: Put OnionBSD in 'Soviet Germany' mode? [y/n] y
cloudiatr: Destroying bpool ...
cloudiatr: Use 'geli kill -a' to 'hard-protect' your data right now. No recovery without remote backups!
cloudiatr: Nuking former bpool vdevs from orbit ...
cloudiatr: Done. OnionBSD should remain working as expected until the next shutdown ...
cloudiatr: Remember to 'unprotect' the system before consensual reboots (or use the opportunity to test your backup system)

In case you are wondering, OnionBSD was the internal code name for ElectroBSD.

License

cloudiatr is free software, but, like ElectroBSD, not yet available on the Internet:

Copyright (c) 2014-2015 Fabian Keil <fk@fabiankeil.de>

Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ALL YOUR
DATA IS BELONG TO THE SOFTWARE AND MAY BE EATEN BY IT. IF THAT IS NOT
ACCEPTABLE, YOU SHOULD PROBABLY MAKE BACKUPS BEFORE USING THE SOFTWARE.

An enterprise license (two sentences shorter and most likely already approved by the relevant legal department) is available upon request. The details are in the ElectroBSD funding section.