ELI5

Booting

Computers can boot from CDROM, hard drives and USB drives.

A server can also boot from the network. This is how a rescue console is provided on servers.

Rescue Console / Recovery Console

The provider's control panel is used to send a signal to the server to use network boot on next reboot.

This might be a minimal Linux distribution, or minimal windows environment.

The server is rebooted into the configured rescue environment with networking and disk access.

Minimal OS: Rescue functionality and virtual machines

A minimal Linux environment can run virtual machines using QEMU.

QEMU can pass physical hard drives through to a virtual machine as accessible devices.

When run, the script will install and run QEMU to load a minimal FreeBSD environment, mfsBSD.

QEMU will make detected hard drives available to mfsBSD as disk devices.

QEMU will proxy port 1022 on the rescue system to port 22 on the mfsBSD virtual machine.

This allows remote access to the virtual machine, secured by SSH key.

Installation

Installation is possible via SSH to port 1022 of your server. This is secured by the key you provided.

The server's hard drives are transparently attached to the virtual machine as devices, and can be formatted for ZFS like normal drives.

A custom configuration is passed to bsdinstall for an unattended installation of FreeBSD-13.1 on the attached hard drives.

Formatting and configuration for ZFS will happen automatically.

After installation is completed, and rescue console exited, the server boots FreeBSD from the hard drives directly.

The virtual machine loaded in the rescue console vanishes completely. It only existed in memory for a short time.

Security

Access to recovery console is with SSH key when configured on provider's control panel.

Access to mfsBSD installation virtual machine is via SSH key, with URL or file source passed in when run.

Access to resulting server running installed FreeBSD is via SSH key, configured as part of the customisations passed in to bsdinstall.

No passwords are used at any stage. No passwords are configured. Root does not have a password.

Users created can use the commands su - or sudo su - to get root access.