3
INSTALLING

You’ve thought about what you want your FreeBSD install to do. You’ve chosen hardware. You’ve downloaded boot media and burned it to a flash drive or optical disk. You’ve found a working USB keyboard and set up your test machine to boot from that media. Now let’s walk through a FreeBSD install. Boot up your install media and follow along.

Throughout this walkthrough, I’ll mention the various key mappings, quirks, and shortcuts the installer provides. One annoyance is that the installer offers no back button: if you screw up something basic, like the disk partitioning, start over.

My desktop, of course, has been installed and running for years. I’ve somehow been coerced to setting up a system for Bert,¹ though. If he doesn’t like my installation methods, he can read this chapter and install his own dang machines.

Core Settings

Upon booting the install media, I see the boot loader screen with its 10-second countdown, as shown in Figure 3-1.

Figure 3-1: The boot loader

Hitting ENTER skips the 10-second counter.

I then get the selection menu shown in Figure 3-2.

Figure 3-2: Selecting Install

In Chapter 5, we’ll discuss using the live CD option to repair damaged systems. For right now, choose Install (the default) by pressing ENTER.

You might notice that the first letter of each choice is in red, while most of the text is gray. You can type that letter to make a choice rather than arrowing over. Here, entering S takes you to a shell, while L starts the live CD image.

You’re now entering bsdinstall(8), FreeBSD’s old-fashioned installer. While other operating systems have pretty graphical installers with mouse-driven menus and multicolor pie charts, FreeBSD’s looks like an old DOS program. You’ll start your install by choosing a keymap, as shown in Figure 3-3.

Figure 3-3: Keymap selection

Bert’s typing habits are atrocious, and he really needs a better keyboard layout. You can arrow up and down this list, but that’s slow. PAGEUP and PAGEDOWN take you up and down a whole screen at a time, while HOME and END take you to the top and bottom, respectively. When I find a keymap I like, I press ENTER. I can then test the keymap, as shown in Figure 3-4.

The keymap looked familiar, but many keymaps have similar names. Hitting ENTER brings up a field where I can hammer on the keyboard to test whether the keymap fits what I think I picked. If it looks good, ENTER brings me back to this screen, where I can hit the up arrow and ENTER to proceed.

The installer then asks me for a hostname, as Figure 3-5 shows.

Figure 3-4: To test or not?

Figure 3-5: Entering a hostname

I’m my own network administrator, so I can use any name I want. Your organization might have different rules. Hit ENTER to proceed.

Distribution Selection

While setting a keymap and a hostname are important, the first truly FreeBSD-specific item comes up when we choose distributions to install. In FreeBSD, a distribution is a particular subset of FreeBSD components. When you install FreeBSD, you’ll need to pick which distributions you want. The installer doesn’t list any mandatory selections: you must have a kernel and the basic userland. Some parts are optional, however (see Figure 3-6).

Figure 3-6: Distributions

You don’t need any of these, but some will be very useful for certain situations.

base-dbg Debugging symbols for the base system, useful to programmers

doc FreeBSD’s official documentation, such as the Handbook

kernel-dbg Debugging symbols for the kernel, useful to programmers

lib32-dbg Debugging symbols for 32-bit libraries (only on 64-bit systems)

lib32 32-bit compatibility libraries (only on 64-bit systems)

src Source code of installed operating system

tests FreeBSD’s self-test tools

If you’re programming or developing on FreeBSD, or developing FreeBSD itself, arrow up and down to select the debugging libraries. New users might find the documentation helpful. Use the spacebar to select and deselect an option, and ENTER to proceed to disk partitioning.

I recommend always installing the operating system source code. It takes up very little space and can be an invaluable resource.

In my case, I want Bert to bother me as little as possible. I give him all the debugging libraries and the system source code, so if he whinges I can tell him to read /usr/src.

Disk Partitioning

FreeBSD supports two primary filesystems: UFS and ZFS (see Figure 3-7). Chapter 2 discusses choosing between them, so I won’t cover that again. Now I need to stop waffling and make a choice.

Figure 3-7: Choosing a filesystem

Experienced users can select Manual or, for the hardcore, Shell. I’m letting you follow along, though, so I’ll either choose Auto (UFS) or Auto (ZFS). I’ll use UFS to demonstrate disk partitioning and then go on to ZFS.

UFS Installs

Because the default UFS install is straightforward and many people use the default options just fine, I’m choosing some more obscure options to demonstrate using bsdinstall. I’m asked first how much of the disk I want to use, as shown in Figure 3-8.

If Bert wants to use multiple operating systems, he can fire up a hypervisor. I hit ENTER to use the whole disk. A pop-up appears, warning me that I’m about to erase the disk. Yes, I am. That’s the point. Select Yes. I’m then asked to choose a partition scheme, as shown in Figure 3-9.

Figure 3-8: Disk use

Figure 3-9: Partition schemes

Bsdinstall conservatively defaults to using MBR partitions. Just about everything supports MBR partitions, much like everything supports BIOS rather than EFI, but GPT will cause me much less pain later. I arrow up one space and select GPT, bringing up the default GPT partitioning (see Figure 3-10).

Figure 3-10: Default GPT partitioning

You can hit ENTER right now to finish your UFS partitions, but I’m certain Bert needs special treatment. Let’s create special partitioning just for him.

Every GPT system needs a freebsd-boot partition, so leave ada0p1 alone. Arrow down to ada0p2, and either hit D or arrow over to the Delete button to blow it away. Do the same for ada0p3, leaving you with a single partition and a bunch of empty space, as seen in Figure 3-11.

Figure 3-11: Only the boot loader

Now decide how you want this disk partitioned. The disk has 16GB of space, which I’m dividing up as follows:

• 512KB freebsd-boot EFI boot partition
• 1GB swap
• 4GB emergency dump space (see Chapter 24)
• 1GB root (/)
• 512MB /tmp
• 2GB /var
• Everything else in /usr

The boot partition already exists, so I arrow over to Create or just hit C to add the first partition, bringing up the dialog in Figure 3-12.

Figure 3-12: Adding a new partition

The arrow keys will move you between the options at the bottom of the screen, but you’ll need the TAB key to bounce up into the text area at the top. Once you’re in the text area, the arrow keys will move you from field to field and back and forth in each line. Our first partition will be swap space, so use the DELETE key to erase the contents of the Type field and enter freebsd-swap. Set the size to 1GB. Every partition should have a label, so I label this swap0. We discuss labels in Chapter 10.

Now hit TAB to leave the text boxes and select OK.

I’m pretty sure that Bert is going to panic this machine and do it in such a terrible way that I’m going to have to dump all of the host’s memory to disk. The host has 4GB of RAM, so I create a 4GB dump partition. It’ll look exactly like the swap space, including a type of freebsd-swap, but I set the size to 4GB and label it dump0.

The root partition is a little different, as shown in Figure 3-13. The root partition needs a filesystem, so set the type to freebsd-ufs. I’ve decided to allocate it 1GB. The root partition always has a mountpoint of /, and I label it root.

Figure 3-13: Adding the root partition

The remaining partitions for /tmp, /var, and /usr all look similar. When you’ve used up all the disk space, you’ll get a partition table much like that in Figure 3-14.

Figure 3-14: Complete custom GPT/UFS partition table

The installer asks me whether I’m sure. This layout should keep Bert from complaining that log files have overflowed his system, so I’m content. Select Finish to partition the disk and have the install proceed.

ZFS Installs

If I choose ZFS, I’ll get the ZFS configuration screen shown in Figure 3-15.

Figure 3-15: ZFS configuration

The default option is Install, which will give you an error because you haven’t selected a ZFS virtual device type yet. You’ll need to start with Pool Type/Disks. Before we get there, though, let’s look at the other choices.

The default name of a FreeBSD root ZFS pool is zroot. There’s no real reason to change this, unless you want your system to look different than any other ZFS system out there or your organization has standards for naming pools.

The Force 4K Sectors option is important for reasons we’ll discuss in Chapter 10. Unless you know for absolutely certain that your disks have 512-byte sectors, leave this option at Yes.

If you choose Encrypt Disks, you’ll be prompted for a passphrase for full-disk encryption. FreeBSD uses GELI for ZFS encryption (see Chapter 23), although when ZFS gets native encryption this might change.

For Partition Scheme, choose GPT. If your host can reasonably run ZFS, it supports GPT.

How much swap space do you need? Adjust Swap Size as necessary. I want this host to have enough space for a full kernel memory dump, because Bert, so I adjust the swap size to 4GB.

Hosts with multiple hard drives can use swap partitions on multiple drives. When a drive containing a swap partition fails, the host loses everything in that swapped-out chunk of memory and crashes. Choosing Mirror Swap gives your swap space redundancy but uses more disk space.

Should you choose Encrypt Swap? There’s very little performance cost and, in case your hard drives are stolen, potential advantages.

Now go up and choose Pool Type/Disks to select a ZFS virtual device type, as shown in Figure 3-16.

Figure 3-16: Virtual device selection

Chapter 12 discusses ZFS virtual devices at length. Selecting a virtual device type is the most important decision you’ll make for a ZFS system. For a single-disk host, however, the only viable option is stripe. Select it and you’ll get an option to choose the hard drives in your ZFS pool (see Figure 3-17).

Figure 3-17: ZFS disk selection

Use the spacebar to select the disks you want to include in this pool. As this host has only one disk, I select it and then select OK to continue.

The installer returns me to the main ZFS configuration screen. I double-check my selections (GPT partitioning and 4GB swap) and then arrow up to select Install. The installer gives me a final “Are you really, really sure?” warning. I’m sure.

Network and Service Configuration

Once you approve the disk layout, bsdinstall writes the new partition table to disk, creates filesystems, and extracts the distributions you’ve chosen without further intervention. The installer moves on to set up the network, services, and users.

First, you are prompted for the system’s new root password. The root user can do absolutely anything to the system, so make it a good password. You’ll have to enter it twice to have it accepted.

Arrow up and down to choose a network interface. This host has only a single interface, so I hit ENTER to configure it (see Figure 3-18).

Figure 3-18: Selecting network interface

Next, we’re asked whether we want to configure IPv4 for this interface. If you’re not sure what IPv4 is, but you want internet, select Yes. I certainly do. We’re then asked whether we want to use DHCP to automatically configure networking. If this is a disposable system, then probably, but this is going to be Bert’s personal server. It needs a special network configuration. I select No and bring up the Network Configuration screen, shown in Figure 3-19.

Your cursor is already up in the text area. Use the arrow keys to move down, not TAB or ENTER. See how OK is highlighted? Once you hit ENTER, the installer proceeds to the next screen whether you’ve set up the network or not. Fill in the appropriate values for the IP address, subnet mask, and default gateway. If you don’t know what these are, you should’ve used DHCP or read Chapter 7. Don’t worry about making a mistake here; if you goof, the last screen of the installer offers a chance to change the network configuration. Hit ENTER when you’re done.

Figure 3-19: Network configuration

Once you’ve configured IPv4, the installer proceeds to IPv6. You’re all on modern networks, so go ahead and configure it. The IP address, netmask, and default router settings are much like IPv4. The installer also supports SLAAC, also known as DHCP for IPv6. If you’re still on a decrepit IPv4-only network, though, skip IPv6.

You’re then given the option to configure DNS. Here, I enter the search domains and nameservers for my network (see Figure 3-20).

Figure 3-20: Resolver configuration

If you have IP address information for your network but don’t know the search domains and the name server IP addresses, copy those values from another machine.

The installer now requests the host’s time zone. Rather than dumping all the time zones on you in a giant list, you get a series of hierarchical menus, as shown in Figure 3-21.

Figure 3-21: Time zone selector

Choose your continent. You’ll then be asked for a region. I choose United States—Bert’s in Europe, yes, but I want him to be painfully aware that if he requests help during his mornings, he’s not going to get it. Remember that the END and HOME keys take you to the top and bottom of these long lists; it’s much faster to get to the United States by hitting END and going up a couple spots than to page through every country in the Western Hemisphere, including all those little islands. I then get to choose from any time zone in the United States. US citizens will once again be reminded that many states have really messed-up time zones.² Even my home of Michigan isn’t innocent. But I choose Michigan and am given a chance to confirm my choice (see Figure 3-22).

I recognize EDT, or Eastern Daylight Time. If I didn’t, I’d select No and try again.

The next few screens give you the option to set the system clock. Weirdly, the default is set to Skip. While you can enter the time and datehere, it’s much easier to set the time from the network, as we’ll do later.

Now we can enable a few services at system startup, as shown in Figure 3-23.

Figure 3-22: US time zones

Figure 3-23: Startup services

Most hosts need SSH, and you should always enable kernel crash dumps. Other services might not fit your network, though. I always enable ntpd (see Chapter 20) and local_unbound (see Chapter 8) so that the host’s clock synchronizes itself to the public NTP servers and keeps a local DNS cache, but if your host doesn’t have access to the public internet, they aren’t as useful. Laptop users might investigate moused(8) and powerd(8).

We then get the system hardening options shown in Figure 3-24.

Figure 3-24: Hardening options

We discuss the hardening options at length in Chapter 19. If this is your first install, and you want to have a gentle learning experience, leave them all off. If you want to learn how to work on a more properly secured system, select everything. I enable every hardening option on all of my hosts, and learning to work with improved security will be good for Bert.

Now we can add a user to the system (see Figure 3-25). I recommend adding at least one unprivileged user to each system so that you can log on to the newly installed host without going straight to root. If you have a provisioning system such as Ansible that requires a user account, create that account here. This host is for Bert, so I’m giving him an account.

Figure 3-25: Adding a user

Chapter 9 discusses creating user accounts in detail, but I’ll give some reasonable settings for the first account here. Bert’s preferred account name is xistence, and I’ll indulge him in it. I fill in his first name, and just hit ENTER to take the default Uid and Login group. He’s the primary user on this system, so I add him to the wheel group, allowing him to use the root password. He gets the tcsh shell because it’s my favorite.

If you have a policy on where user home directories go, follow it. Otherwise, take the defaults. Similarly, while you can adjust the password settings to fit the default, generally speaking, it’s easiest to type the user’s password. Many people recommend a password like ChangeMe, but I prefer to go with passwords that actively encourage users to change them as soon as possible—maybe something like BertIsTheWorstIMeanTheWorstHumanBeingEver.³ And if I lock out the account after I create it, I’ll need to unlock it only when he wants to use the machine.

After adding one user, I’m asked whether I want to add another. If I add an account for myself, I’ll bear partial liability for this host. I say No.

Finishing the Install

The core configuration, shown in Figure 3-26, is all done! I then get a chance to go back and tweak some settings.

Figure 3-26: Final configuration

Most of these options come straight from earlier in the install process. Do you want to go back to change the network configuration? Choose Network. Should you add another user or enable more services? Did you enter the wrong password? This is your chance to right those wrongs.

When you think you’re ready, select Exit to discover you don’t have to be done.

The installer covers the basics, but every environment is unique. Manual configuration offers a command prompt chrooted into the system that gives you the chance to make any final changes (see Figure 3-27). Choose No and you’ll be told to remove the boot media and reboot. I often find tweaking a host before its first boot simplifies my life, so I choose Yes.

Figure 3-27: Manual configuration

I’m chrooted into the installed host with a root shell. The exact tasks you perform here depend entirely on your network. Chapter 9 discusses chflags(8) and schg. Now I type exit, as shown in Figure 3-28.

Figure 3-28: Final shell configuration

Then I reboot, pull the installation media, and boot into a complete FreeBSD install!