Once you boot from your chosen media, you should see something like this:
> OpenBSD/amd64 BOOT 3.18 boot>
If you need to interrupt the boot process for any reason, you can do so at this point. We’ll discuss how to interrupt the boot process in Chapter 5, and reasons for doing so throughout the book.
If you wait five seconds, OpenBSD should boot. The kernel will then introduce itself and begin identifying your hardware.
booting 1cd0a:/5.3/amd64/bsd.rd: 2986868+913996+2861496+0+504624 [89+318288+205653]=0xb6f578 entry point at 0x1001e0 [7205c766, 34000004, 24448b12, 1608a304] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2012 OpenBSD. All rights reserved. http://www.OpenBSD.org 2 OpenBSD 5.3 (RAMDISK_CD) #23: Sun Feb 12 09:45:07 MST 2012 [email protected]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 1072627712 (1022MB) avail mem = 1032290304 (984MB) …
In this output, you can tell at 1 from which device the system is booting—CD drive 0 in this case. Next, you see the copyright information, followed by the directory in which your kernel was compiled at 2. You can see that this is an OpenBSD snapshot kernel, compiled by user deraadt
on host amd64.openbsd.org.
At this point, OpenBSD should probe your hardware and display the results as it attaches device drivers.
Once the boot messages pass, you should see the following text:
Welcome to the OpenBSD/amd64 5.3 installation program.
(I)nstall, (U)pgrade or (S)hell? i
As you can see, there are three options: Install, Upgrade, and Shell. The OpenBSD installer is a shell script that calls programs to download files, format disks, and otherwise prepare your system. It might not be pretty, but it is extremely fast and, in educated hands, extremely powerful.
The Shell option will drop you into an OpenBSD command line, where you have access to the commands on the installation disk. These minimal commands might suffice to repair a damaged system. We’ll examine the Upgrade option in Chapter 20.
Enter i
to choose Install. You should see a welcome message and a few basic instructions:
At any prompt except password prompts you can escape to a shell by typing '!'. Default answers are shown in []'s and are selected by pressing RETURN. You can exit this program at any time by pressing Control-C, but this can leave your system in an inconsistent state. 1 Terminal type? [vt220] 2 System hostname? (short form, e.g. 'foo') caddis
The installer shows default answers in square brackets. To use the default, just press ENTER.
If your system has a standard keyboard and monitor, OpenBSD will use it as the standard VT220 terminal, as shown at 1. If you have an unusual terminal connected to your system, you’re probably an old geezer who knows exactly what terminal type it is. If you’re a young kid using some ancient, unidentified, dust-covered terminal found in a disused laboratory at the back of an abandoned fireworks factory because you thought it would be nifty, stop now and get a standard monitor and keyboard. While OpenBSD probably supports that antediluvian console, this is not the time to try it.
Next, the installer should prompt you for the system’s short hostname at 2, which will be a single word to identify your system. This particular computer is named caddis
; you can name yours whatever you like.
Now to configure the network:
1 Available network interfaces are: em0 em1 vlan0. 2 Which one do you wish to configure? (or 'done') [em0] 3 IPv4 address for em0? (or 'dhcp' or 'none') [dhcp] 192.0.2.85 4 Netmask? [255.255.255.0] 255.255.255.128 5 IPv6 address for em0? (or 'rtsol' or 'none') [none] Available network interfaces are: em0 em1 vlan0. 6 Which one do you wish to configure? (or 'done') [done] 7 Default IPv4 route? (IPv4 address, 'dhcp' or 'none') 192.0.2.1 add net default: gateway 192.0.2.1 8 DNS domain name? (e.g. 'bar.com') [my.domain] blackhelicopters.org 9 DNS nameservers? (IP address list or 'none') [none] 192.0.2.2 192.0.2.10
At 1, the installer lists the network interfaces it recognizes on your machine. It has found three: em0
, em1
, and vlan0
. The first two, em0
and em1
, are network cards. I chose em0
at 2, the installer’s default, by pressing ENTER. Avoid configuring a virtual local area network (VLAN) during installation if possible, especially on your first installation. If you need a VLAN to connect to the Internet, see Chapter 12.
When asked at 3 if you want to give a static IP address, you can choose to use DHCP by pressing ENTER. I chose to enter a static address because I’ll be using this machine as a server. (If you don’t need a static address, you can just let DHCP automatically assign you an IP address.)
When you use a static address, you must also enter a netmask at 4 and (if desired) an IPv6 address at 5. Now, having configured one network card, OpenBSD asks at 6 if you’ve finished configuring the network. If you wanted the installer to walk you through configuring the second network card, you would enter em1
instead of accepting the default of done
.
If you assign a static IP address, you must also configure a static route if you want to access the Internet, as shown at 7. Similarly, you need to tell your host its domain name at 8 and the IP address of at least one name server at 9.
At this point, you should be on your local network. If you can’t access the network, you probably entered something incorrectly. If nothing else, you can use an exclamation point (!
) to interrupt the installation and get a shell prompt. (Chapter 12 discusses OpenBSD’s network configuration in greater depth.)
Our example server has multiple network interfaces. I chose to configure interface em0
because that machine was in front of me, and if I chose the wrong network card, I could move the cable. But what if you don’t have physical access to your machine? If you had two different network cards (say, an Intel and a 3Com), you would have a better idea which card is which, but having two identical cards leaves you guessing which card has a cable plugged into which network.
Luckily, the OpenBSD installer lets you escape to a command prompt to do a little investigating. How is this useful here? Network interfaces that are plugged in will tell you what kind of connection they have, and disconnected or otherwise failed interfaces will report that they have no media. Here’s how you can interrupt the installer to identify the live interface:
Available network interfaces are: em0 em1 vlan0. 1 Which one do you wish to configure? (or 'done') [em0] ! Type 'exit' to return to install. 2 # ifconfig lo0: flags=8008<LOOPBACK,MULTICAST> mtu 33152 em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0c:29:aa:09:21 3 media: Ethernet autoselect (1000baseT full-duplex,master) status: unknown em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:0c:29:aa:09:2b 4 media: Ethernet autoselect (none) status: unknown vlan0: flags=0<> mtu 1500 lladdr 00:00:00:00:00:00
Rather than choosing an interface, escape to a command prompt at 1 by entering an exclamation point (!
). Then ask OpenBSD at 2 to tell you about its network interfaces by running ifconfig
. You can see interfaces em0
and em1
in the output. While em0
reports at 3 that it’s running 1000baseT at full-duplex, at 4 you can see that em1
has a media type of none
. Interface em0
is plugged in, so that’s the interface I want to configure. Enter exit
to return to the installer, and proceed to configure card em0
.
The installer should now ask you to configure some basic system parameters:
1 Password for root account? (will not echo) Password for root account? (again) 2 Start sshd(8) by default? [yes] 3 Start ntpd(8) by default? [no] yes NTP server? (hostname or 'default') [default] 4 Do you expect to run the X Window System? [yes] 5 Do you want the X Window System to be started by xdm(1)? [no] 6 Change the default console to com0? [no]
At 1, enter your root password twice. If the passwords don’t match, the installer will make you do it over until they do.
You can enable the Secure Shell (SSH) daemon at 2 so that you can remotely connect to this machine immediately after installation. If you enable SSH but do not create a user later in the installation, you can SSH to the machine as root. This is a Very Bad Idea when using password authentication and will let intruders more easily compromise your server. If you enable sshd
here, be absolutely certain to create a user during the installation process! If you don’t, at least disable SSH logins by the root account immediately after installing OpenBSD, as discussed in Chapter 4.
Correct time is important on a network. I usually enable the Network Time Protocol (NTP) daemon ntpd(8)
during the installation process, as shown at 3. OpenBSD chooses a set of publicly accessible time servers by default, but you can specify a local time server if you have one available.
Now tell the installer at 4 if you intend to run X Windows. X requires that software be permitted fairly broad access into the kernel. If the installer detects a graphic console, it defaults to permitting X. If you don’t need a graphic console, disable X access.
If you’re running X, you might also want the X display manager xdm(1)
. At 5, tell the installer if you want xdm
. By default, OpenBSD doesn’t start xdm
when it boots; you’re generally better off installing OpenBSD on your system than configuring X, so I’ve accepted the default of no
here.
If you want this system to use a serial port as the console, you can set that during the installation at 6. I discuss serial consoles in Chapter 5.
For the basic system parameters, I’ve used the default for all but one. Enabling time service certainly isn’t mandatory—I could easily enable ntpd
after installation instead. I could have also told the installer to disable X, but I can change that after installation as well.
Now to set up your first user.
Setup a user? (enter a lower-case loginname, or 'no') [no] mwlucas Full user name for mwlucas? [mwlucas] Michael W Lucas Password for mwlucas account? (will not echo) Password for mwlucas account? (again) Since you set up a user, disable sshd(8) logins to root? [yes]
My usual user account name is mwlucas
. Here, I enter that username, along with a real name entry. The installer creates this account and gives it permission to use the root password (see Chapter 6). You should be prompted twice for the user’s password.
You’re offered a chance to disable root logins over SSH. Use this default. The root account should never be permitted to log in via SSH, unless using public key authentication, and even then, those logins should be restricted. For the reasons to avoid root logins over SSH, do an Internet search for “Hail Mary Cloud.”
Set your time zone during installation. If you have Internet access when you install OpenBSD, the installer should try to determine your time zone. OpenBSD assumes that the BIOS clock is set in Coordinated Universal Time (UTC). If the BIOS clock is set in some other time zone, you’ll need to correct the system time after installation.
I’m in Detroit, Michigan. If you’re familiar with US geography, you might think that I need US Eastern Time, but my state has its own time zone.
1 What timezone are you in? ('?' for list) [US/Eastern] ? Africa/ Chile/ GB-Eire Israel NZ-CHAT UCT America/ Cuba GMT Jamaica Navajo US/ Antarctica/ EET GMT+0 Japan PRC UTC Arctic/ EST GMT-0 Kwajalein PST8PDT Universal Asia/ EST5EDT GMT0 Libya Pacific/ W-SU Atlantic/ Egypt Greenwich MET Poland WET Australia/ Eire HST MST Portugal Zulu Brazil/ Etc/ Hongkong MST7MDT ROC posix/ CET Europe/ Iceland Mexico/ ROK posixrules CST6CDT Factory Indian/ Mideast/ Singapore right/ Canada/ GB Iran NZ Turkey 2 What timezone are you in? ('?' for list) [US/Eastern] US 3 What sub-timezone of 'US' are you in? ('?' for list) ? Alaska Central Hawaii Mountain Samoa Aleutian East-Indiana Indiana-Starke Pacific Arizona Eastern Michigan Pacific-New 4 What timezone are you in? ('?' for list) [US/Eastern] US/Michigan
I don’t recall my exact time zone, but I know it isn’t plain old US Eastern Time. I enter a question mark (?
) at 1 to see the available options. I don’t recognize any of the time zones listed at 2 as correct for my city, but I know I’m in a US time zone, so I enter US
. I don’t know what my choices of sub-time zones are, so I enter a question mark (?
) at 3 to see the US time zones. And there’s Michigan! At 4, I enter the full time zone name.[9]
As noted earlier, in a dedicated installation, the installer erases all data on the drive. Unlike most other operating system installers, the OpenBSD installer doesn’t warn you about this; it assumes that you understand the implications of repartitioning your hard drive.
For this first installation, we’ll use OpenBSD’s default partitioning scheme. (We’ll discuss custom partitioning later in this chapter.) Our demo server has a single disk. We’ll first create an MBR partition on this disk and then add OpenBSD partitions.
Available disks are: sd0. Which one is the root disk? (or 'done') [sd0] Use DUIDs rather than device names in fstab? [yes]
The installer tells us that it sees one disk, device sd0
. The installer must know which disk will hold the root partition. (With only a single disk this seems superfluous, but it becomes important if you system has we’ll see an example with multiple disks, as discussed in Custom Disk Layout.) When you have only one disk, OpenBSD assumes that you’ll use it. It also asks if you want to use the disk’s DUID in the filesystem table rather than the device name. For reasons we’ll discuss in Chapter 8, always answer yes
to this.
The installer will now show you the MBR partition table.
Disk: sd0 geometry: 6527/ 255/ 63 [ 104857600 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------------ 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Use (W)hole disk, use the (O)penBSD area, or (E)dit the MBR? [whole] Setting OpenBSD MBR partition to whole sd0…done.
The first line shows the detected hard drive geometry. This particular drive has 6527 cylinders, 255 heads, and 63 sectors per cylinder. If you compare this to the label on the physical drive, it almost certainly won’t match (because hard drives lie). But note that this translated geometry has exactly the same number of sectors as shown in the hard drive documentation.
Beneath this line, you see the existing MBR partition table. The partitions are all zeroed out, which means that this drive has no partitions. We want only OpenBSD on this machine, so take the default and let OpenBSD swallow the whole drive.
Now it’s time to consider your OpenBSD partitions.
The auto-allocated layout for sd0 is: # size offset fstype [fsize bsize cpg] 1 a: 1.0G 64 4.2BSD 2048 16384 1 # / b: 1.2G 2097216 swap c: 50.0G 0 unused d: 3.6G 4716480 4.2BSD 2048 16384 1 # /tmp e: 5.7G 12176320 4.2BSD 2048 16384 1 # /var f: 2.0G 24063040 4.2BSD 2048 16384 1 # /usr g: 1.0G 28257344 4.2BSD 2048 16384 1 # /usr/X11R6 h: 6.3G 30354496 4.2BSD 2048 16384 1 # /usr/local i: 1.9G 43566400 4.2BSD 2048 16384 1 # /usr/src j: 2.0G 47467072 4.2BSD 2048 16384 1 # /usr/obj k: 25.4G 51661376 4.2BSD 2048 16384 1 # /home 2 Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] 3 /dev/rsd0a: 1024.0MB in 2097152 sectors of 512 bytes 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each …
Our first partition at 1 is a
, which occupies 1GB and will be used as the root partition (/). On the installed system, this will be known as partition sd0a
. Look down the list to see all of the standard partitions discussed in Chapter 2.
We could do custom disk partitioning at this point, but for our first installation, we’ll use the defaults, as shown at 2. The installer should then label the disk and 3 create filesystems on all the partitions.
Now that you have allocated disk space, let’s put the operating system onto the disk. The installer starts by asking some basic questions about how to get the sets.
Let's install the sets! Location of sets? (cd disk ftp http or 'done') [cd] 1 ftp HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] Server? (hostname, list#, 'done' or '?') [ftp5.usa.openbsd.org] 2 ftp.lambdaserver.com Server directory? [pub/OpenBSD/5.3/amd64] Login? [anonymous]
Although I booted this system off a CD, I’m going to install the file sets via 1 FTP. If my network needed to use a proxy to access the Internet, I would tell the installer.
While the installer will choose an FTP server for you at 2, you can specify an FTP server that you know is close or fast. If you’re installing a snapshot, give the file path to the desired snapshot on the FTP server. Finally, if this FTP server requires a username and password, enter it here.
At this point, the installer should log in to the FTP server, find all available file sets, and display them for your approval.
Select sets by entering a set name, a file name pattern or 'all'. De-select sets by prepending a '-' to the set name, name pattern or 'all'. Selected sets are labelled '[X]'. [X] bsd [X] etc53.tgz [X] xbase53.tgz [X] xserv53.tgz [X] bsd.rd [X] comp53.tgz [X] xetc53.tgz [X] bsd.mp [X] man53.tgz [X] xshare53.tgz [X] base53.tgz [X] game53.tgz [X] xfont53.tgz Set name(s)? (or 'abort' or 'done') [done]
I suggest you install everything, but you can choose to remove one or more sets.
For example, suppose you are building a firewall machine. Firewalls traditionally don’t have compilers, documentation, or X. You can remove file sets by entering a minus sign (-
) and the name of the file set.
Set name(s)? (or 'abort' or 'done') [done] 1 -comp53.tgz -man53.tgz [X] bsd [X] etc53.tgz [X] xbase53.tgz [X] xserv53.tgz [X] bsd.rd [ ] comp53.tgz [X] xetc53.tgz [X] bsd.mp [ ] man53.tgz [X] xshare53.tgz [X] base53.tgz [X] game53.tgz [X] xfont53.tgz Set name(s)? (or 'abort' or 'done') [done]
This example removes the compiler and manual file sets at 1. You can see that they’re no longer selected in the list of file sets.
You can also use wildcards when selecting file sets. For example, here’s how to remove all file sets beginning with an x
:
Set name(s)? (or 'abort' or 'done') [done] -x*
[X] bsd [X] etc53.tgz [ ] xbase53.tgz [ ] xserv53.tgz
[X] bsd.rd [ ] comp53.tgz [ ] xetc53.tgz
[X] bsd.mp [ ] man53.tgz [ ] xshare53.tgz
[X] base53.tgz [X] game53.tgz [ ] xfont53.tgz
Set name(s)? (or 'abort' or 'done') [done]
If you change your mind, you can add file sets back in by entering a plus (+
) sign and the file set name. Here, I add back everything by using a wildcard (*
):
Set name(s)? (or 'abort' or 'done') [done] *
[X] bsd [X] etc53.tgz [X] xbase53.tgz [X] xserv53.tgz
[X] bsd.rd [X] comp53.tgz [X] xetc53.tgz
[X] bsd.mp [X] man53.tgz [X] xshare53.tgz
[X] base53.tgz [X] game53.tgz [X] xfont53.tgz
Set name(s)? (or 'abort' or 'done') [done]
Once you’re ready, press ENTER to install the default or selected file sets.
After the installer unpacks all of the file sets on the hard drive, it will ask if you have more file sets to install.
Location of sets? (cd disk ftp http or 'done') [done]
If you have any custom file sets, you could install them at this point.
After unpacking the file sets, the installer cleans up after itself and tells you it’s finished with this message:
CONGRATULATIONS! Your OpenBSD install has been successfully completed! To boot the new system, enter 'reboot' at the command prompt. When you login to your new system the first time, please read your mail using the 'mail' command.
Do as you’re told and enter reboot
, and then remove the CD if necessary. If you’re content with a default installation, you can skip to Chapter 4 now.