Total Pageviews

Search: This Blog, Linked From Here, The Web, My fav sites, My Blogroll

Translate

17 July 2010

OpenBSD --- Installation process

under revision

Using a development version of a OS is sort of like living 
in a house inhabited by a large family of carpenters 
and architects: Every morning when you wake up, 
the house is a little different. Maybe you have a 
new turret, or some walls have moved. Or 
perhaps someone has temporarily 
removed the floor under your bed.

About strong cryptography into the base system: OpenBSD 
can not be re-exported from the US once it has entered
the US.  Because of this, take care NOT to get the 
distribution from an FTP server in the US if you 
are outside of Canada and the US.

Installation Preparations

A successful OpenBSD installation requires:
  1. The OpenBSD software
  2. Supported hardware
  3. A bit of thought about how you want your installed machine to look and behave (A developer's multiboot laptop will have very different requirements than a dedicated firewall, which will look completely different than a Web server).
 Proper preparations will make your OpenBSD installation quick and easy.
We're going to spend a great deal of time on the requirements, considerations, and decisions you need to make before installing OpenBSD. Once you know what you have to do, the actual install process is quite simple. 
Many of the problems people have installing OpenBSD come from not understanding their many choices(may confuse newbies).
The final word on installing OpenBSD is the INSTALL document included in the release. For example, before installing OpenBSD on an i386/amd64, you must read INSTALL.i386 (or INSTALL.amd64) file for that(i.e 4.7) release!

OpenBSD Hardware
OpenBSD supports a wide variety of hardware architectures (actually 17) ---some are less well-known platforms.---  Take a look for a full list of supported platforms. This page contains links to a page for each hardware platform, in which the state of hardware support is discussed in full detail. For example, the i386 page gives a full list of all i386-compatible hardware supported in the latest development version of OpenBSD(-current).
    We cover the i386 platform, (aka "80386-compatible" or "Standard PC"). They're the most common machines, and you probably have one sitting around you could use to learn on.
    In fact, even old systems can run OpenBSD; you probably have something in a back closet that would do nicely. Many of the examples here were performed on a Pentium 166 with 48MB RAM and a stack of 2GB hard disks. We're going to cover installing OpenBSD on both a dedicated machine and on a few varieties of dual-boot systems.
Although OpenBSD will work on ancient hardware, that hardware needs to be in good shape. If your old Pentium box kept crashing because it has bad RAM, it won't behave any better with OpenBSD than it does with its current OS. Also, OpenBSD will be most useful with certain minimum hardware configurations.
Here are some basic recommendations, based on my own experiences. These are all i386-based; if you have some other hardware platform, you can draw on these and make your own comparisons.


Proprietary Hardware question
Some hardware vendors over the last 17 years thought that it was a good idea to keep their hardware interfaces secret, so that competitors wouldn't be able to copy their designs. This has generally proven to be a bad idea; a flood of commodity parts has largely trampled this sort of hardware in recent years.
Developing device drivers for a piece of hardware without the interface specifications is quite difficult. 
Some hardware can be supported well without full documentation, such as Intel's EtherExpress network cards, and is common enough to make struggling through the lack of documentation worthwhile. Other hardware simply cannot be supported without full and complete documentation, such as Sun's Ultra-SPARC III processor.
If an OpenBSD developer has specifications for a piece of hardware and interest in that same hardware, he'll probably implement support for it. If not, that hardware won't work. In most cases, unsupported proprietary hardware can be replaced with better and less expensive open versions.


Processor
Your brand of processor is really irrelevant. OpenBSD doesn't care if it's running on an Intel, AMD, or IBM, or even an old Cyrix or one of those nifty Transmeta processors.  
It simply probes the CPU on booting and uses whatever chip features it recognizes
I've run very effective firewalls on 486 machines, easily handling a T1 of traffic. Still, I would recommend that you get at minimum a 100 MHz or faster CPU. Some of the demonstrations here take less than 15 minutes on (nowadays) old AMD1800+ and days on a 25 MHz 486.
Although OpenBSD will run on a multiple-processor system, it will only use one processor. If you have a choice between an SMP system and one with a single processor, you may as well just use the single-CPU machine for OpenBSD. Maybe in the past , nowadays SMP is possible


Memory (RAM)
Memory is good, and the more memory you have the happier you will be. In fact, adding RAM will do more than anything else to accelerate your system
You should have at least 16MB of RAM at a bare minimum, and preferably at least 32. Mind you, if you can get a couple of gigs of RAM in your system, OpenBSD will take full advantage of it.
    Most weird crashes and unexplainable problems can be traced back to bad memory, so be certain that the memory you are using is good.  
Memory is the most likely failure point in an old machine.


Hard Drives
In past days hard drives was a big performance bottleneck (except SCSI disks). Nowadays  SATA disks don't have hard performance problems.
    You'll be happiest with at least 1GB of disk on your system, though I'm assuming that you have at least 10GB of disk. If you have a smaller disk, you'll want to be careful to clean up after yourself. For example, at one point I recommend keeping old source code around for later use; if you don't have enough disk space, don't do that!



Installation Methods
There are three ways(Not all methods are supported by every architecture, but both x86 and AMD64 support all three installation procedures) to install OpenBSD:
  1. through installation media (CD or floppy disk): By far the quickest, easiest, and most comprehensive method for modern computers is to use the official OpenBSD installation CDs. or anyway from a local OpenBSD Distribution Set copy. This eliminates many network issues that can complicate what should be a simple install. 
  2. by bootstrapping from an existing OpenBSD system:  You can also install from a local FAT or EXT2 file system, such as found on many Microsoft or Linux machines. But before your system must be partitioned properly for this to work or at a first try you can use  an x86 virtualization software like Oracle's VM VirtualBox).
  3. over a network: If you need to install OpenBSD right away and have a working broadband Internet connection, you can perform an FTP installation by using a minimal install floppy disk or CD(li.e. for amd64 arch cd47.iso), then retrieving the installation files from one of many OpenBSD mirror sites. If you choose a mirror site that is close to you, the download will take less time than if you choose one that is far away. It's a good idea to write down two or three mirror addresses just in case one happens to be down when you need it; you may have to type these in during installation. In addition to installation, you will also need an FTP mirror address for some other important things later, so it's a good idea to have them written down so that you don't have to look them up again. If you choose to install from a reasonably close mirror site, and you have sufficient bandwidth, FTP installs are quite fast and reliable. You can also install over HTTP but you're stuck with the inherent limitations of the HTTP protocol when installing via the Web; HTTP does not include the error-correcting protocols found in FTP. You might use this if you're behind a Web-only proxy server or if your closest mirror only speaks HTTP. 
  4. Finally, you can download the files you need and make your own local OpenBSD install server. This also would allow you to "upgrade" part of your system to OpenBSD, which is especially useful on multiple-boot systems. To do this, just download the parts you need from the release directory (e.g. /pub/OpenBSD/4.6/amd64) on a FTP server. If you're not sure which parts you need, you can safely download the entire release directory for your architecture — it'll take up a little more room, but will ensure you have everything you might need.
Local Installation Servers
One reason ISOs are popular is that you can reuse them to install many machines at the cost of a single (ISO) download.
  1. If you want to install a few (or many!) OpenBSD machines without buying a CD-ROM, and yet without using up bandwidth for each install, just download the entire release directory (e.g. /pub/OpenBSD/4.6/amd64) for your architecture. 
  2. If you copy these files to a local FTP or HTTP server, you can install any number of machines from these files. All you need to know is how to connect to this server, and any user names and password required to access it (all there are anonymous accounts so no pass required).
You only need to download the directories for the architectures you need. If you know exactly what you want to install, you only need to download the installation sets (see "Distribution Sets") you plan to install.
    Some architectures also support installs over NFS, but not all of them, so we won't cover it here.

The ".../4.7/amd64/"  layout
The directory on the server that has the ISO files for the i386 minimal install CD and floppies is /pub/OpenBSD/4.7/i386/, and the AMD64 ISO can be found at /pub/OpenBSD/4.7/amd64/.

Excerpt from INSTALL.amd64 document
The OpenBSD 4.7 release is organized in the following way.  In the .../4.7 directory, for each of the architectures having an OpenBSD 4.7 binary distribution, there is a sub-directory.
    The amd64-specific portion of the OpenBSD 4.7 release is found in the "amd64" subdirectory of the distribution.  That subdirectory is laid out as follows:
  • INSTALL.amd64:  Installation notes; this file.
  • SHA256:  Output of the sum(1) program using the option -a sha256, usable for verification of the correctness of downloaded files.
  • floppy47.fs:  The standard amd64 boot and installation floppy;
  • pxeboot: amd64-specific second-stage PXE bootstrap (for network installs);
  • *.tgz:  amd64 binary distribution sets;
  • bsd:  A stock GENERIC amd64 kernel which will be installed on your system during the install.
  • bsd.mp:  A stock GENERIC.MP amd64 kernel, with support for multiprocessor machines, which can be used instead of the GENERIC kernel after the install.
  • bsd.rd:  A compressed RAMDISK kernel; the embedded filesystem contains the installation tools. Used for simple installation from a pre-existing system.
  • install47.iso: The amd64 boot and installation CD-ROM ("full install") image, which contains the base and X sets, so that install or upgrade can be done without network connectivity.
  • cd47.iso    A miniroot filesystem ("boot only") image (available for a number of platforms) suitable to be used as a bootable CD-ROM image which will then permit the rest of the system to be installed via FTP. These ISO images are only a few megabytes in size, and contain just the installation tools, not the actual file sets (the base and X sets be found via another media or network); otherwise similar to the bsd.rd image above.
  • cdbr:  First-stage CD bootstrap (boot sector), which loads the cdboot second-stage bootstrap.  This file is included in the cd47.iso image, and is provided as a convenience, but will rarely be needed.
  • cdboot: Second-stage CD bootstrap loader for non-emulation OpenBSD El Torito CD-ROMs. It processes boot.conf then loads the bsd.rd installation ramdisk kernel. This file is included in the cd47.iso image, and is provided as a convenience, but will rarely be  needed.
  • index.txt: Contains info about files sited in  /4.7/amd64/
There are more image files, of which you (newbie user) need only one install47.iso if you are installing from the CDROM. Note, these ISO files are not the same as the official CD set. These images are for single platforms, and do not include any of the pre-compiled packages, stickers, or artwork that the official CD set does.


The OpenBSD/amd64 binary distribution sets contain the binaries which comprise the OpenBSD 4.7 release for amd64 systems(in our example case).  There actually are eleven binary distribution sets.  The binary distribution sets can be found in the "amd64" subdirectory of the OpenBSD 4.7 distribution tree, and are as follows:
  • base47   The OpenBSD/amd64 4.7 base binary distribution.  You MUST install this distribution set.  It contains the base OpenBSD utilities that are necessary for the system to run and be minimally functional. It includes shared library support, and excludes everything described below.[ 52.5 MB gzipped, 166.4 MB uncompressed ]
  • comp47  The OpenBSD/amd64 Compiler tools.  All of the tools relating to C, C++, Objective-C and Fortran are supported.  This set includes the system include files (/usr/include), the linker, the compiler tool chain, and the various system libraries (except the shared libraries, which are included as part of the base set). This set also includes the manual pages for all of the utilities it contains, as well as the system call and library manual pages.[ 105.8 MB gzipped, 355.0 MB uncompressed ]
  •  etc47 This distribution set contains the system configuration files that reside in /etc and in several other places. This set MUST be installed if you are installing the system from scratch, but should NOT be used if you are upgrading. (If you are upgrading, it's recommended that you get a copy of this set and CAREFULLY upgrade your configuration files by hand; [ 509.5 KB gzipped, 1.5 MB uncompressed ]
  • game47  This set includes the games and their manual pages. [ 2.5 MB gzipped, 5.8 MB uncompressed ]
  •  man47   This set includes all of the manual pages for the binaries and other software contained in the base set. Note that it does not include any of the manual pages that are included in the other sets. [ 9.0 MB gzipped, 32.9 MB uncompressed ]
  • misc47  This set includes the system dictionaries (which are rather large), and the typesettable document set. [ 356.2 KB gzipped, 1.1 MB uncompressed ]
  • xbase47  This set includes the base X distribution. This includes programs, headers and libraries. [ 16.4 MB gzipped, 55.2 MB uncompressed ]
  • xetc47   This set includes the X window system configuration files that reside in /etc.  It's the equivalent of etc47 for X. [ 70.0 KB gzipped, 268.7 KB uncompressed ]
  • xfont47  This set includes all of the X fonts. [ 37.8 MB gzipped, 49.0 MB uncompressed ]
  • xserv47  This set includes all of the X servers. [ 20.3 MB gzipped, 56.5 MB uncompressed ]
  • xshare47 This set includes all text files equivalent between all architectures. [ 2.8 MB gzipped, 15.3 MB uncompressed ]


Burning a CD from an ISO file
If you haven't created a CD from an ISO file in the past, then the instructions for doing so are dependent on your current operating system. Skip down to the subsection below that applies to your situation.


Microsoft Windows
You should already have some kind of CD/DVD writing program like Nero or Easy CD Creator on your computer. Navigate the program's menus until you find the option for creating a CD from an ISO image. Select the cdXX.iso(or installXX.iso) image in the ensuing file dialog, and then choose to burn the CD image to the disc.
If you do not have any such program, you can download one for free at either of these addresses:
  1. isorecorder
  2. cdburnerxp
After the CD writing program is downloaded and installed, run it.
    For example, using CDBurnerXP, you'd insert a blank disc, then click on the Start New Data Disc Compilation button. After that, go to the File menu and select Write Disk From ISO File. Choose the cd40.iso (or installXX.iso) file from the ensuing file dialogue, then click Write Disc.


Unix, GNU, and BSD systems
You can use the cdrecord command-line utility or the Qt-based K3b program to make ISOs into CDs. K3b should be pretty self-explanatory.
    Here's a quick cdrecord example (remember to change it for your specific system):
cdrecord -eject speed=24 dev=0,1,0 cd40.iso


Mac OS X
Start the Disk Utility from the Applications menu, then drag-and-drop the cd40.iso file to its sidebar. Click the file in the Disk Utility sidebar to select it; then go to the menu, select the Image submenu, and click on Burn.



Creating a diskette from an FS file
Refer to the section below that corresponds with the operating system you're using.


From Unix-like operating systems
Most BSD, GNU and Unix systems can format and check a disk by using the fdformat utility. Its usage is simple:
fdformat /dev/rfd0c
where the /dev/rfd0c represents your floppy disk's device node. This is only an example and may not apply to your specific operating system, so change the above command appropriately. If you see all Vs in the resulting format routine, the disk is safe to write to. To commit your floppy image to disk, use the dd command as such:
dd if=floppy40.fs of=/dev/rfd0c bs=32k
Again, you must modify the above command to fit your situation.


From Microsoft Windows
The first thing you'll need is a program that can write floppy images to disks. Windows does not natively include such a utility, but the OpenBSD Project has a few of them available for you to use on Windows. The one that should work best for current Windows systems (2000, XP, Vista) is ntrw.
    You can download it from the directory /pub/OpenBSD/4.7/tools/ on the same OpenBSD mirror that you downloaded the floppy ISO from. Once downloaded, start the Command Prompt utility and run the program in it with the following syntax:
ntrw floppy40.fs a:



Installing over PXE 
If you can't use a CD or diskette, and your network infrastructure supports booting over a network connection via the Preboot eXecution Environment (PXE), you can install OpenBSD over it. PXE gurus probably just need to know the name of the file from the OpenBSD FTP server that the operating system boots from. That file is pxeboot, and the installation kernel is bsd.rd, so these two files need to be in the  appropriate directory on your FTP server. PXE booting can be very tricky because it involves other machines and services. If you need more detailed PXE boot instructions, the OpenBSD Project has them here.


Finding OpenBSD on the Net
You can install OpenBSD directly from the Internet, over HTTP or FTP. Every bit of OpenBSD is available this way, from programs to source code to add-on packages. You can download the entirety of OpenBSD piecemeal or just grab the entire software distribution from the FTP site. Installing via FTP or HTTP is one of the most popular ways to get OpenBSD.
    What you will not find on the Internet is a set of official OpenBSD ISO images of any release. The OpenBSD Project uses CD-ROM sales to fund OpenBSD development, and it would really prefer that if you want a CD-ROM, you purchase one. The disk images of the official install CD-ROMs is copyrighted by Theo de Raadt. The OpenBSD team adds some extras to the CD-ROM package, such as stickers and artwork, to make it more appealing.
    With a bit of searching, you will find OpenBSD ISO images on various Internet sites. Some of these are duplicates of the official ISO images, and are distributed in violation of Theo's copyright. This is not only illegal in most parts of the world, it's also just plain rudeOther ISO images on the Net are releases built by third parties who are not OpenBSD team members. While the release process is well documented, it still isn't a very simple operation. You're welcome to grab one of these ISO images and try to use it, but you should be warned that they have not been through the usual OpenBSD quality assurance process. Also, any joker can put up an ISO image, but you have no way to really know that such an image doesn't contain a Trojan, backdoor, or other booby trap unless you thoroughly audit the image and compare it against an official OpenBSD install. If you're going to go to that amount of trouble, you might as well shell out a few dollars and purchase an official CD-ROM anyway, or just try a FTP install!


FTP Install Sites

The main OpenBSD FTP site is at the University of Alberta, in Calgary, Canada. You can expect that the students are using all the bandwidth they can get for educational purposes, without sparing a thought for your OpenBSD needs. This makes the main FTP site slower that you might like. Fortunately, OpenBSD is mirrored all over the world.
    Go to the OpenBSD website and check the "FTP" link. This will bring up a whole list of mirror sites in a variety of formats — FTP, HTTP, AFS, and so on. The list includes mirrors on every continent. There's almost certainly one closer to you than the University of Alberta.
Note that not all mirrors have all the files(but all of there have the most important ones) of the main Openbsd FTP site


OpenBSD FTP/HTTP Layout (/pub/OpenBSD/)
No matter how you get OpenBSD over the network, you'll find the distribution site laid out much like this.
1 3.0/
   3.1/
   3.2/
   3.3/
2 OpenSSH/ OpenNTPD/ OpenBGPD/
3 README
4 distfiles/
5 ftplist
6 patches/
7 snapshots/
8 songs/
9 src/
   tools/
   doc/
  • The 1 numbered directories are for the various releases of OpenBSD. Above, we see that this FTP site contains versions 3.0, 3.1, 3.2, and 3.3. You'll only have one release directory on a CD-ROM, of course — the directory for the release you want/have.
  • The 2 numbered OpenSSH (like OpenBGPD, OpenNTPD) directory contains the OpenBSD team's implementation of SSH, which has been adopted by many different software projects, both free and commercial (i.e., Solaris). OpenBSD includes OpenSSH, and so you really don't have to worry about getting it separately.
  • The 3 numbered README file --in some but not all mirrors-- contains very basic information about obtaining OpenBSD and where to get more information on the software like:   "Welcome to ftp.eu.OpenBSD.org Located at the Stockholm University Department of IT & Media For other mirror sites visit http://www.openbsd.org/ftp.html All transfers are logged, if you don't like this policy, disconnect now!"
  • The 4 numbered distfile directory contains the source code of a great deal of add-on OpenBSD software. Not all mirror sites carry this directory, as it's quite large.
  • The 5 numbered ftplist file lists the official FTP and HTTP installation mirrors. When you install via FTP later, the install program will grab this file to allow you to choose a mirror site close to you.
  • The 6 numbered patches directory contains directories for each previous release of OpenBSD, and various patches for that release. Security problems and critical bugs can be patched after a release, and they are made available here.
  • The 7 numbered snapshots directory contains recent experimental versions of OpenBSD, generally from between releases. If you want to see what's coming in future versions of OpenBSD, you can install a snapshot. Because these are works-in-progress, support is minimal. The developers appreciate bug reports on snapshots, but don't support snapshots.
  • The 8 numbered songs directory contains the "soundtracks" for each release of OpenBSD. 
  • If all you want to do is browse the source code of the most recent release of OpenBSD, you can go through the 9 numbered src directory (in some mirrors is empty instead exist a srcsys.tar.gz file). The source code is kept here in plain-text, human-readable format. There are easier ways to browse the source code, however: the OpenBSD website includes the source code on the Web, complete with revision history and developer comments. 
  • Finally, the tools directory contains odds and ends that are useful for the OpenBSD Project's internal workings and 
  • the doc/ contains faq documentation.
Whether you have a CD-ROM or FTP access to the software, what you're almost certainly most interested in is the release directory for the latest version of OpenBSD.


The OpenBSD Release (/pub/OpenBSD/X.X)
If you look within the release directory on either the FTP site or the CD-ROM, you'll see the following:
  • A directory for each architecture OpenBSD supports. (On CD-ROM, this is scattered between different disks)
  • A "packages" directory containing precompiled software for this release for every supported architecture(represented by a directory)
  • A "ports.tar.gz" file containing the compressed ports tree 
  • A "src.tar.gz", "sys.tar.gz"
  • A (or more) compressed file/s "xenocara.tar.gz" containing the source code of the X Window System for this release.
  • A "tools" directory containing installation tools.
Each version directory contains a variety of documents (plain text files) containing instructions and programs applicable to that type of hardware.
    For example, in the /pub/OpenBSD/4.6/ directory you'll see several text documents about installation like:
  • README: describes synthetically the installation procedure
  • ANNOUNCEMENT : A omni-comprehensive document of the new release contains features, improvements, install notes, greetings  etc
  • HARDWARE: look above
  • ftplist: look above
  • PACKAGES: how to install them 
  • root.mail: describe the most basic initial questions that a system administrator of an OpenBSD box might have.

Take a look through your CD-ROM or FTP site, and make sure you can find the directory for your hardware architecture. I'll be using the i386 directory in the rest of this text; if you're on a different hardware platform, substitute the correct architecture directory everywhere.



Distribution Sets
In each architecture directory (/3.1/i386) you'll see several compressed files with names like comp31.tgz, misc31.tgz, and so on. These files are distribution sets, or compressed chunks of OpenBSD.
    Each distribution set contains a subsection of the whole OpenBSD OS. By choosing the distribution sets you install, you can choose how much functionality your OpenBSD system will have. 
For example, the documentation (man31.tgz) is kept in a separate distribution set. If you're short on space and have documentation elsewhere, you might choose to save a little space and not install them on this machine. If this is a secure machine, you probably don't want a compiler (comp31.tgz) on it. And if this is your experimental "learning OpenBSD" machine, you probably want to install everything (actually 4.7 version contains 11 distribution sets).
Each distribution set has a name and a version number. For example, one distribution set of OpenBSD in release 3.2 is base32.tgz. In the next release, these same tools will be called base33.tgz.
    Below are the distribution sets for OpenBSD. You'll find these on all architectures, unless noted in the architecture's release notes. If this is your first OpenBSD install, take a moment to decide which distribution sets you need. If at all possible, install them all while you're learning the OS. You can always trim them down in future installs.

bsd
This small distribution set contains the kernel(in fact is a binary file). The kernel is important. The installer will complain if you don't have it and issue all sorts of dire warnings. Worse, your new system will not boot without it.

baseXX.tgz
This contains OpenBSD's core programs, all the things that make OpenBSD UNIXish. All the programs in /bin, /sbin, /usr/bin, and /usr/sbin, the system libraries, and the miscellaneous programs you expect to find on a UNIX system are in this distribution set. Without this distribution set, your OpenBSD system will not work at all.

etcXX.tgz
You might guess that this distribution set contains the /etc/ directory, but it also contains assorted other files and directories that are required by the system, such as /var/log, as well as root's home directory. You must install this distribution set if you want your OpenBSD system to actually run.

manXX.tgz
If you need the manual pages for the programs in the base and the etc set, install this distribution set. The manual pages for other sets are installed with the distribution set.

compXX.tgz
This distribution contains C, C++, and Fortran compilers, tools, and the associated toolchain for each. It also includes the manual pages and documentation for the compilers. You will want this set if you plan to develop or compile software on this system. You need this set to use the ports collection. While this distribution set isn't large, you might choose to not install in on a secure machine such as a firewall. (Intruders are generally delighted to find a properly configured compiler on a firewall; such tools make a hacker's life much easier.)

gameXX.tgz
This distribution set contains a variety of simple games and documentation for them, based on games originally distributed in the BSD 4.4-Lite software collection. Some of these, such as fortune, are considered UNIX classics, and old farts won't be happy unless they're installed. Others, such as rogue, have more advanced versions available as a port or a package. You don't really need this, unless you want to see what us old farts called "computer games" back in the day.

miscXX.tgz
This contains dictionary files and type-settable documentation. If this system is intended as a desktop, you probably want these. If it's a server, you probably don't need them.

xbaseXX.tgz
This contains the core of XFree86, X.org such as programs, headers, libraries, and so on. If you want to use X, you need this. Although you might not have a console or monitor on this system, remember that X will allow programs on this server to display on a workstation. These functions will not work without this distribution set.

xfontsXX.tgz
This contains the fonts for XFree86. If you plan to use X on a local display, install this.

xservXX.tgz
This contains all of the XFree86 X.org video card drivers. If you plan to use X on a local display, install this.

xshareXX.tgz
XFree86's X.org documentation and text files are included in this distribution set. If you're one of those few people who know everything there is to know about XFree86, you can get by without this.


Partitioning
The most difficult part of installing OpenBSD is deciding how to partition your hard drive. When you don't know how partitions work, choosing a partition layout can be troublesome. Unlike many installers that have fancy menus or graphic tools, OpenBSD's installer expects you to know how to use low-level disk management tools.
Partitions are logical subsections of a hard drive. Different partitions can be handled in different ways and can even have different file systems or different operating systems on them. 
We're going to discuss partitioning for both single-OS and multiple-OS installs. Get a piece of paper to make some notes about your partitioning.
  1. Start by writing down the size of your hard disk. This is the amount of space you have to divide between your partitions. 
  2. Write down the size of every partition you want and 
  3. the order in which you want those partitions to lie

This will make installing OpenBSD much easier!


Why Partition?
Partitioning might seem like a pain; why should you bother? Many commercial operating systems allow you to simply have one large partition over your entire hard disk, giving you a single 80-gig partition. What are the advantages of partitioning?
  1. Different operating systems have different partition types and different requirements for disk layout. A Microsoft operating system simply cannot recognize an OpenBSD or Linux disk format and will insist upon formatting it before using it. Although OpenBSD (Linux too) can mount partitions designed for most other popular operating systems, do not put the main OpenBSD system programs on a foreign partition. Let each OS run on its own section of disk. If you want to have multiple operating systems on your machine, you must partition. 
  2. But when you're running a dedicated OpenBSD machine, why should you bother to split up your hard drive?
  • On a physical level, different parts of the disk move at different speeds. By putting frequently accessed data on the fastest parts of the disk, you can improve system performance. The only way to arrange this is by using partitions. 
  • Also, the operating system handles each partition separately. This means that you can configure each partition differently or set it to use different rules. 
  • The root partition is the only partition that should have device nodes, for example, so you can tell other partitions to not recognize device nodes. 
  • Partitions that contain user data should not have setuid programs, and you might not even want to allow them to have programs at all. Separate partitions enforce that easily. 
  • You want the main system configuration directory (/etc) to be unchangeable, so an intruder or a clumsy user cannot alter it? That's trivial with separate partitions. 
  • If one partition is damaged, chances are that damage will not extend to other partitions. You can boot the system using the intact partitions and attempt to recover the data on the damaged partition. 
  • Finally, correct use of partitioning can enhance security. Not only will hackers have a more difficult time if they do break into your machine, but your own users will find it more difficult to accidentally damage the system.
Before partitioning a hard drive, decide what the system will be used for. Is this a mail server? A Web server? A desktop machine? We'll discuss the requirements for each partition for different types of servers.


Standalone OpenBSD Partitioning

If you're installing a dedicated OpenBSD machine, you don't have to worry about sharing the hard drive with another operating system. This simplifies the partitioning process — you only have to worry about OpenBSD's requirements.
    The main partitions you'll need to consider are:
  • / (root)
  • swap space
  • /tmp
  • /var
  • /usr, and 
  • /home.
If you forget to create any of these partitions, the installer will put the files that should go in the partitions into your root partition. This will quickly fill up your root partition!



Root
The root partition holds the main system configuration files and the most essential UNIX utilities needed to get a computer into single-user mode. Your system should have fast access to its root file system, so put it first on the disk. Because it holds only these basic utilities and configuration files it doesn't need to be large; on a modern hard drive, I find a 600MB root partition comfortably roomy. I would recommend no smaller than 50MB for a root partition. (You could scrape by with a few megabytes smaller; the exact minimum size varies with the version of OpenBSD)
If you're familiar with other some other UNIX-like operating systems, such as some distributions of Linux, you might be used to simply using a single large root partition and putting everything on it. This is a bad idea for a variety of reasons. With a partition safely constraining your log files, a process or user gone amok cannot fill your entire drive; while it could fill a partition, you would still be able to create and edit files on other partitions, giving you the flexibility you need to address the actual problem. Also, with a single partition, you cannot control where files are put on the disk. This hurts performance. Damage to the disk is probably spread across many different files in unrelated parts of the system, which means that your chances of recovering from a damaged disk or file system problems drop dramatically.

Root Limitations(in past days)
Over the years, i386 systems have been expanded time and time again to surpass their own limits. They're based upon an architecture that could originally handle a maximum of 640KB of RAM, after all! The OpenBSD kernel — indeed, all modern operating system kernels — work around these limits in a manner mostly transparent to the user, but when the system is first booting you're trapped with the BIOS limitations.
    Many old i386 systems have a 504MB limit on hard drives, on which the BIOS cannot get at anything beyond the first 504MB of data on a disk. If your BIOS cannot find your operating system kernel in that first 504MB, it cannot boot the system. Check your hardware manual; if it makes any references to a 504MB limit, this affects you. You absolutely must place your entire root partition within the first 504MB of disk.
    Additionally, for some time i386 systems had a similar (not identical) 8GB limit. OpenBSD still obeys that 8GB limit. Even if your system is not susceptible to the 504MB limit, your entire root partition must be completely contained within the first 8GB of disk.
    Of course, if you follow my advice and make your root partition 500MB you will never have to worry about either of these restrictions and the potential damage that they can inflict.
    If you break these rules, your system will probably appear to work. The second you upgrade your system, or move the file /bsd(kernel), the computer will quite probably refuse to boot. Save yourself much pain; make the root partition 500MB, and the first partition on the disk, and this problem will never affect you.


Swap Space
The next partition on your drive should be swap space, the disk space used by virtual memory. When your computer fills its physical memory, it will start to move information that has been sitting idle in memory into swap. If things go well, your system will almost never need swap space, but if you do need it, it needs to be fast.
    So, how much swap space do you need? This is a matter of long debates between sysadmins. The short answer is, "It depends on the system." General wisdom says that you should have at least twice as much swap as you have physical memory. This isn't a bad rule, so long as you understand that it's very general. More won't hurt. Less might, if your system runs out of RAM. If you find that you need more swap space, you should probably buy more memory instead. If that's not an option, you can use a regular file as a swap file. Still, if you have a reasonable amount of disk space, simply assigning an amount of swap equal to twice the amount of RAM you have is sensible.
    You should also consider possible future upgrades. If a computer has 500MB of RAM today, but you plan to upgrade it to 3GB of RAM in a couple of months, perhaps assigning 6GB of disk space to swap is a good idea. After all, if you can afford three gigs of RAM and you have the hardware to manage it, certainly that much disk is not an issue!

Swap Splitting
If you have multiple disks, you can vastly improve the efficiency of your swap space by splitting it among multiple drives. Put the first swap partition on the second-outermost ring of the drive with your root partition, and other swap space on the outermost edge of their drives. This splits reads and writes among multiple disk controllers.
    For swap splitting to work best, however, the drives must be SCSI(or SATA). If you have IDE drives, the drives need to be on different IDE controllers. Remember, each IDE controller splits its total data throughput among all the connected hard drives. If you have two hard drives on the same IDE controller and you're accessing both drives simultaneously, each disk will average half as fast as it would if you were running it alone. The major bottleneck in using swap space is data throughput speed, and you won't gain speed by creating contention on your IDE bus.


/tmp
The /tmp directory is system-wide temporary space.
If you do not create a separate /tmp partition, it will be included on your root partition. This means that your system-wide temporary space will be subject to the same conditions as the rest of your root drive. This probably isn't what you want, especially if you plan to mount your root partition read-only!
Requirements for a /tmp directory are generally a matter of opinion — after all, you can always just use a chunk of space in your home directory as temporary space. On a modern hard drive, I like to have at least 5GB in a /tmp directory. Automated software installers frequently want to extract files in /tmp, and having to work around these installers when /tmp fills up is possible but tedious.


/var
The /var partition contains frequently changing logs, mail spools, temporary run files, the default website, and so on.
  • If your server is a Web server, your website logs will go to this partition, and you may need to make it 1GB or more. 
  • On a small "generic Internet mail/Web server," I'll frequently give /var 20 percent of my remaining disk space. 
  • If the server handles only email or databases, I'll kick this up to 70 percent or more, or just assign a space to the remaining partitions and throw everything else I have on /var. 
  • If you're really cramped for space, you might assign as little as 30MB to /var. (Again, actual minimum requirements vary depending on your version of OpenBSD.)

/usr
The /usr partition holds the operating system programs, system source code, compilers and libraries, and other stuff like that. Much of this changes only when you upgrade your system.
  • On a modern hard drive, I recommend using about 6GB on your /usr partition. This should be more than sufficient for all the contents of /usr and just about any add-on packages you might desire, and should also leave room for any OpenBSD source you might want to install. 
  • Without the X Window System, you could make /usr as small as 200MB.
  • If you need X, you should assign /usr at least 350MB.

/home
The /home partition is where users keep their files. If you have more disk space (or better a new hardisk) than is good for you, assign it here. Your home directory will quickly fill up with all sorts of stuff that you'll be tripping across years from now.
    The /home partition can easily be the last on your disk; it doesn't need to be fast. It also doesn't need to be large (no system files go here); the only files on the drive will be the ones that you need.
If you've been adding this up, you should notice that it's entirely possible to have a complete OpenBSD system (without the X Window System) in less than 300MB. Just for kicks, compare that to the amount of space a minimal install of Windows XP requires or the size of an minimal Solaris 9 box installation. Your complete install, with all your user programs, may be far larger than 300MB — but all that space is used up because of things you specifically want, not OS overhead.

Multiple Hard Drives

If you have a second hard drive of comparable quality to your main drive, you can make excellent use of it with proper planning. First, use the outer edge of the drive for swap, as discussed earlier in the "Swap Splitting" section. Use the rest of the drive to segregate your data from your operating system. Do this by assigning the remainder of the drive to the partition that stores files for whatever your server does the most of.
  • If it's a Web server, make the second drive /www or /home.
  • If it's a mail server, use it for /var or /var/mail
  • If it's a network logging host, assign the second drive to /var/log.
In general, segregating your operating system from the data you're serving increases system efficiency. Like all rules of thumb, this is debatable. But no sysadmin will tell you that this is an actively bad idea, while one can argue endlessly about what the "absolute best" idea is.
    If you have no idea what your system will be for, make your second drive /usr and split your first hard drive amongst /var, /tmp, /, and swap space.
    If your second drive is much slower than your main system drive, don't bother using it. Not only will its performance be poor, chances are that it is much older than your main drive and far more likely to fail.
    If you need to install more than one operating system on your computer, an extra hard drive is an excellent and easy way to do that.


Multiple OS Partitioning

Many people need to run multiple operating systems on one computer, and OpenBSD allows you to do that. By far, the easiest way to do this is to install a hard drive in your computer for each operating system. This allows you to use each OS's native disk tools without risking tramping on your other operating system. In this day of dirt-cheap terabytes hard drives, however, this is an added complication for many people who simply want to divide up their hard disk appropriately.
    When you divide up a single hard disk between multiple operating systems, you fall into another level of partitioning, known as MBR (Master Boot Record) partitions. The boundaries of these partitions are stored in the Master Boot Record on a disk, and are managed by tools such as UNIX fdisk, DOS fdisk, or Microsoft's Disk Administrator.
Any operating system can see MBR partitions; they may not recognize that one of these partitions is designated for OpenBSD, but they realize that this is a discrete section of disk. Within these large partitions, you create smaller OpenBSD-specific partitions for /home, /usr, and so on.
The fdisk tools allow you to, say, take your 80GB disk and designate the first 20GB for OpenBSD, the second 20GB for Microsoft Windows XP, the third 20GB for FreeBSD, and the last chunk for Linux, should you wish. You then use each OS's native tools to manage those chunks of disk space. You would then use a separate "boot manager" to choose between operating systems at boot time.
    When you decide where to put disk space for any one OS, you need to allow for OpenBSD's boot limitations. Just because you have multiple operating systems on a hard drive doesn't mean that you can ignore the 504MB limit or the 8GB limit. If you have enough disk space to install more than one operating system, chances are your system does not suffer from the 504MB limit. Still, the OpenBSD root partition must be contained entirely within the first 8GB of disk, not the first 8GB of disk space assigned to OpenBSD. In most cases, this means that OpenBSD must be the first operating system on your disk. Also, OpenBSD on a hard disk must be a single contiguous section; you cannot dedicate the first 20GB of your hard drive to OpenBSD, have a 20GB Microsoft partition, and have a 40GB OpenBSD partition to round out your disk.
    Put your OpenBSD partition first on the disk, and you won't have any problems. We discuss multiboot partitioning and installation at length later.


Disk Sectors

You need to be aware of disk sectors to use the installation tool. For now you just need to be aware that a sector is a tiny section of a disk. Each sector has a number. Sector 0 is at the beginning of the disk, and the sectors are numbered sequentially until the end of the disk.
    Partitions can be defined by the sectors that they occupy. On most disks, the Master Boot Record takes up the first 62 sectors. The next partition would start at sector 63 and go on for a size you indicate.


Decisions Complete!

You should know
  1. which distribution sets you want to install on your first machine and 
  2. how you want to divide your hard disk. 
These are the most difficult issues you will face in installing OpenBSD. Hopefully, you have a piece of paper with your decisions noted.


Dedicated Installation

Armed with your OpenBSD software and a computer with supported hardware, you are now ready to face an actual installation. We will cover a full installation on the i386 architecture via CD-ROM and FTP/HTTP. (We'll cover installing from a hard disk later, as you won't be using that method unless you're using multiple operating systems. You'll want to understand OpenBSD's standalone installation process before beginning to install on a multiboot system) You may or may not need to use a floppy disk to boot your system, so be sure you have one handy just in case.
    Before you install, be absolutely certain that any data you have on this machine is backed up elsewhere! When you install OpenBSD and use the entire hard drive, as we're doing here, you will reformat the hard disk; you'll lose any data on the hard drive.
    The first thing you need to do is check your hardware and prepare your BIOS.


Hardware Setup
Before you even begin, be sure OpenBSD supports your hardware! You can find the supported hardware list for the most recent version of OpenBSD on i386 here (for amd64 look here) or on the FTP site or CD-ROM in the release directory as i386/INSTALL.i386. These documents include lists of hardware that is supported at this time.
    The devices on the hardware compatibility lists are frequently identified by chipset, not by the vendor. After all, when you buy a computer the network card is frequently just listed as a "10/100 Ethernet," not an "Intel i8255x-based PCI Ethernet card."
To make matters worse, many vendors use identical hardware under a separate brand name or use different hardware under the same brand name. For example, Linksys is famous for having four very different cards all called the EtherLink.
You might have to dig in the hardware manual for this information, or ask your vendor. If nothing else, you can just try to install and see if everything works. The boot-time messages will give you a great deal of information on what sort of hardware you have.


BIOS Setup
Before you try to install, confirm that your system's BIOS is properly configured. Because every BIOS is slightly different, I won't go over exact instructions on how to configure. Most computer systems tell you how to access the system BIOS when you first boot the computer and include a simple menu-driven system to make changes. Consult your motherboard manual if you have any problems.
  1. First, set "Plug and Play OS" to NO. This tells your BIOS to do some basic hardware setup, rather than relying upon the OS to do everything. Modern versions of Microsoft Windows expect to handle hardware setup. OpenBSD takes advantage of the BIOS' ability to configure the hardware itself. Many PCI devices will work poorly if you do not set this option! 
  2. Also configure your boot device. If you are installing from CD-ROM, set your boot device to CD-ROM, then floppy disk, then hard drive. (If your CD-ROM boot gives you trouble, you can use a floppy disk as a fallback.) If you are installing from some other media, your first boot device should be the floppy disk and the hard disk second.


Making a Boot Floppy
If you do not have an OpenBSD CD-ROM, or if your hardware does not boot from CD-ROM, you need to start your install with a boot floppy. The OpenBSD boot floppy actually contains a very small subset of OpenBSD, including just the tools 
needed to recognize your hardware, format your disks, and download and extract the appropriate distribution sets in the correct locations.
    You'll find a few boot floppy images in the architecture release directory. The purpose of these images may change over time, so confirm in the release install document if you have any trouble. Each name includes the release number — for example, the images for OpenBSD 3.4 will be named floppy34.fs, floppy34B.fs, and floppy34C.fs. Download the disk image that most closely describes your system; you only need one of:
  • floppyXX.fs This image is for the most common i386 hardware. This will boot your average workstation or low-end server.
  • floppyXXB.fs This image is for high-end servers. It includes gigabit Ethernet cards, SCSI, and RAID drivers.
  • floppyXXC.fs This image is for laptops and other PCMCIA/Cardbus systems.
Once you have the appropriate image file, you'll need to copy it onto a floppy disk. You cannot use basic file system-level copying, such as Windows drag and drop. These are image files, meaning that they include the file system and not just the files on the file system.


Creating Floppies on UNIX
If you're already running a UNIX-like system, dd is the only command you need. You also need to know your floppy drive's device name, which is probably /dev/fd0, /dev/floppy, or /dev/rfd0. Once you have that, you just tell dd to copy the image to the disk in that device. If the device name was /dev/fd0c, you'd enter:
# dd if=floppy33B.fs of=/dev/fd0c

to write the floppy33B.fs image to floppy disk.
  • If dd runs for a while and then gives an error, you may have a bad floppy disk.
  • Floppies tend to go bad very easily, and you should try another one. If dd gives you an error immediately or exits silently without writing to the floppy disk, you probably need to specify a different floppy device driver.

Creating Boot Floppies on Modern Microsoft Systems
If your computer is running Windows NT or one of its descendants (such as Windows 2000, Windows XP, Windows 2003, and so on), fdimage.exe (OpenBSD provides it  in the "tools" directory of the release directory. The program fdimage.exe is specifically designed for older Microsoft operating systems --9x-- and does not work on Windows NT-based operating systems) will not work. OpenBSD includes a program for this, ntrw.exe, in the tools directory of the release directory. Like fdimage.exe, ntrw.exe is designed to copy a disk image to a disk. Windows NT-based systems do not rewrite filenames, so you should be able to open a command prompt and just type:
C:> ntrw floppy33C.fs a:

If it doesn't work, you probably have a bad floppy disk.


Booting

Put your boot media in the drive and power up your system.
You can also use a VM(vmware, virtualbox etc.) with a distribuition set installXX.iso disk image
You should see the usual BIOS messages go flashing past and then the OpenBSD boot prompt.
boot>
If you should need to interrupt the boot process for any reason, you can enter the appropriate commands here. We'll discuss various reasons to interrupt the boot later. If you wait for five seconds, the boot messages will follow.
booting fd0a:/bsd: +173028=0x43d3e4 start=0xd0100020
entry point at 0x100020
Copyright (c) 1982, 1986, 1989, 1991, 1993
Copyright (c) 1995-2002 OpenBSD. All rights reserved. http://www.OpenBSD.org 
The Regents of the University of California. All rights reserved.


At this point, device driver messages will start to flow past, as OpenBSD probes your hardware and assigns drivers to all the system components that it recognizes.


The Install Program (installXX.iso)

The OpenBSD installer is just a shell script that calls programs to download files, format disks, and in general prepare your system for use. It might not be pretty, but it is extremely fast and in educated hands it is extremely powerful.
The installer changes very slightly between releases of OpenBSD. Some of the words may change, and some of the questions may be rearranged. The following was prepared with a prerelease version of OpenBSD 3.3. Do not blindly follow these directions; instead, use them as examples!
Once the boot messages pass, you'll see the following text:
erase ^?, werase ^W, kill ^U, intr ^C, status ^T
Welcome to the OpenBSD/i386 3.2 install program.
 (I)nstall, (U)pgrade or (S)hell? i

We'll examine the "Upgrade" later.
    The "Shell" command will drop you into a command line, where you could work with the few commands available on the boot disk.
    We want the "Install" option now, however. Hit "i" and then ENTER. The installer will display a welcome message and a few basic instructions. This program will help you install OpenBSD in a simple and rational way:
At any prompt except password prompts you can run a shell command by typing '!foo', or escape to a shell by typing '!'. Default answers are shown in []'s and are selected by pressing RETURN. At any time you can exit this program by pressing Control-C and then RETURN, but quitting during an install can leave your system in an inconsistent state.
Choose your Keyboard layout ("?" or "L" for list) [default] ENTER
kbd: Keyboard mapping set to en
 A keyboard-encoding table allows you to remap your keyboard from the  standard U.S. QWERTY style to that used in some other language. Entering "y" will give you an option to choose one. Most readers of this book will be perfectly comfortable with the standard QWERTY keyboard, so just hit ENTER to take the default. If you're using a standard i386 keyboard and monitor, just press ENTER as the default. If you have an unusual terminal hooked up to your i386 system, you're probably one of those old hands and know exactly what terminal type you have.


Network Setup
Now the installer will prompt you for networking information:
System hostname? (short form, e.g. 'foo'): openbsdtest
If you've been around networks for any length of time, you've probably seen host names that include a domain name, such as "openbsdtest.BlackHelicopters.org." This is not the style of host name the installer wants to see here! Just enter the machine's name within the domain: So I enter "openbsdtest." Even if your system is not on a network, it needs to have a local host name.
NOTE: In case you see:
Configure the network? [y]
If you are installing from CD-ROM and don't want to bother with the network right now, you can hit "n." I recommend that you configure the network while you're in the install program; however, it's much simpler for a new user to do it here than to go back and configure it later. 
If any interface will be configured by DHCP, you should not enter information that will be supplied via DHCP, e.g. the DNS domain name. Enter DNS domain name (e.g. 'bar.com'): [my.domain] BlackHelicopters.org
 If your network has a DHCP server, just hit ENTER here.
available network interfaces are: em0 vlan0
which one do you wish to configure? [em0] ENTER
If you only have one network card(vlan0 here is the VM network interface), just hit ENTER. Multiple network cards require a bit more thought.

IPv4 address for em0 [dhcp] ENTER 
...assign dhcp address...

IPv6 address for em0 [none] ENTER

available network interfaces are: em0 vlan0
which one do you wish to configure? [done] ENTER
Using DNS domainname  ...your gateway...
Using DNS nameservers at 192.168.1.1
Do you want to do any manual network configuration? [no] ENTER



If Your System Has Multiple Network Cards
While your driver names and device numbers will vary, if you have two identical network cards you may have difficulty determining which physical card has which interface name. My test computer has two identical network cards. These particular cards use the "em" driver and are numbered 0 and 1. There is no way to look at the hardware and identify which is which. If you are installing over the network, you must configure the card that is attached into the network! Trying to install any software over the network is extraordinarily frustrating when you aren't plugged in. It is very difficult to tell which card it is from the information presented within the installer or even on the command line.
This is one place where a shell escape comes in very handy. You can escape to a command shell with CTRL-C, or run a single shell command by putting an exclamation point in front of it. 
The "ifconfig -a" command will tell you which network card is hooked up to the network. (We discuss ifconfig at some length in later, but for right now just run the command as a single shell command). Network interfaces that are not plugged in or that have failed for some other reason will have a "media" line that says "none" and a "status" line set to  "no carrier," while cards that have plugged in and are talking to the network will have a "media" line that says how they are connected and status "active":
!ifconfig -a
    lo0: flags=8008 mtu 33224
           groups:lo
    em0: flags=8843 mtu 1500
            lladdress: 00:02:b3:63:e4:1d
            media: Ethernet autoselect (1000baseTX full-duplex)
            groups: dhcp egress
            status: active
            inet6: ...some hex...
            inet: ... current Ip address...
    em1: flags=8802 mtu 1500
            lladdress: 00:02:b3:63:e3:ec
            media: Ethernet autoselect (none)
            status: no carrier 

The em0 card is connected to the network at 1000 megabits full duplex and is active, while the  em1 card is not connected and hence has "no carrier." You want to configure the em0 card, so enter "em0."
IPv4 address for em0 (or 'dhcp')? 192.168.1.250
We have a sIP address for this system, but entering "dhcp" will make the system get IP address and domain information from the DHCP server.
Symbolic (host) name? [openbsdtest]
We want to use the same host name, so hit ENTER here.
Netmask? [255.255.255.0]

If you have a netmask other than 255.255.255.0, enter it here. Otherwise, hit ENTER.
The default media for em0 is
   media: Ethernet autoselect (1000baseTX full-duplex)
 Do you want to change the default media? [n]

Media options tell a network card how to connect to the network. In this case, the card seems to have picked up the network connection automatically. If you have an older network card, this may not work so seamlessly; you may need to tell your card to use the 10baseT connector instead of the BNC attachment, for example, or to use full-duplex instead of half-duplex. You'll have to look at the OpenBSD manual page for your card. You might think this would be difficult to do before you have OpenBSD installed, but don't forget that the manual pages are available on the OpenBSD website.
    You can repeat the process for the other network card or just enter "done" to tell the installer you have finished configuring network cards. The installer will then ask you for the default route on your network and the IP address of your primary nameserver.
Enter IP address of default route: [none] 192.168.1.1
Enter IP address of primary nameserver: [none] 192.168.1.5
Would you like to use the nameserver now? [y]


    The next question might seem curious — if you have your network configured, why would you need to do more configuration?
Do you want to do more, manual, network configuration? [n] y


If you're an experienced network administrator, you've probably seen networks where your could only connect to the Internet if you had a particular secondary route set, or where multiple DNS servers were required. This also gives anyone who wants to install over a network an opportunity to test their network configuration. If you have a problem with network installs, this will make your life simpler.


Testing Network Connectivity
If you take the option to do additional network configuration, you'll be dropped at a command prompt with a small selection of UNIX tools to work with. Even a simple test, such as "ping," will confirm your system is talking to the network. Try to ping the host you plan to install OpenBSD from or your default gateway. While not all the standard UNIX commands are available on the install disk, quite a few basic tools are.
# ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1): 56 data bytes
    64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.366 ms
    64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.171 ms
    ^C--- 192.168.1.1 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/std-dev = 0.171/0.268/0.366/0.098 ms

This indicates that the system can ping the default gateway, 192.168.1.1. Hit CONTROL-C to interrupt the ping. If, on the other hand, you issue the command and see nothing for several seconds, you have a connectivity problem.
# ping 192.168.1.1
    PING 192.168.1.1 (192.168.1.1): 56 data bytes
    --- 192.168.1.1 ping statistics ---
    3 packets transmitted, 0 packets received, 100% packet loss    #

Again, hit CONTROL-C to interrupt the test.
In this case, confirm your IP address and default gateway are correct. Do you have a link light? Do basic network troubleshooting to identify the problem, and perhaps carefully inspect the output of the ifconfig command to try to identify any problems.Once you know you're on the network, return to the installer by typing "exit".
# exit


Root Password
The installer will now ask you for your root password. Your root password should be several characters long and include a mix of upper and lower case alphanumeric characters and symbols.
Password for root account? (will not echo):
Password (again):

Be sure you remember the root password! While it can be recovered by booting into single-user mode, you don't really want to go through that hassle to cover your own mistakes.
    Install continue with:
start sshd(8) by default?[yes]
start ntpd(8) by default?[no]
do you expect to run  the X window system? [yes]
do you want the  X window system to be started by xdm? [no]
Setup a user?
full user name for ?
password for account?
password for account? (again)
Since you setup a user disable sshd(8) logins to root?[yes]
what time zone you are in? [Europe/Rome]




Disk Setup

The installer will now ask you for disks and (probably) actually does is allow you to partition your disks. You will now initialize the disk(s) that OpenBSD will use. To enable all available security features you should configure the disk(s) to allow the creation of separate filesystems for /, /tmp, /var, /usr, and /home.
Available disks are: sd0 sd1 wd0
Which one is the root disk? (or done) [wd0]
MBR has invalid signature; not shown it
or ....
Note that the installer has identified the disks attached to this system. OpenBSD found three disks, which it calls sd0, sd1, and wd0. Any drive beginning with "sd" is a SCSI disk, while any drive beginning with "wd" is an IDE drive. Count the drives that the installer found; is that the number of drives you have in this machine? If not, then OpenBSD did not find all of your hard drives. You probably have an unsupported hard drive controller.
    In this example, we're going to use the IDE drive for the operating system and the SCSI drives for database files and home directories. Type "wd0" and press ENTER. 
    If you want to share a single hard drive between multiple operating systems, take a look at the below. Right now, enter "w" here.



Creating OpenBSD Partitions

The install program will now guide you through creating partitions on your disk. This is perhaps the most complicated part of installing OpenBSD. Get out your scratch sheet where you wrote down how you wanted to divide your disk. You will need it here.
You will now create an OpenBSD disklabel inside the OpenBSD MBR partition. The disklabel defines how OpenBSD splits up the MBR partition into OpenBSD partitions in which filesystems and swap space are created. The offsets used in the disklabel are ABSOLUTE, i.e. relative to the start of the disk, NOT the start of the OpenBSD MBR partition.
A disklabel defines OpenBSD partitions within an MBR partition. The entire disk is designated as a single MBR partition, as we dedicated the disk to OpenBSD. A small chunk of the disk will be allocated to the Master Boot Record, however, and the installer tells you how many sectors it occupies.
# using MBR partition 3: type A6 off 63 (0x3f) size 39179889 (0x255d671)
Treating sectors 63-39179952 as the OpenBSD portion of the disk.
You can use the 'b' command to change this.
Initial label editor (enter '?' for help at any prompt)
>
One important fact here is that the installer tells you how many  sectors are available on the MBR partition. Because we have dedicated this disk to OpenBSD, we know that there are 39179953 sectors on this disk — remember, computers start numbering at zero! We can use all but the first 62 sectors.
    You're now at a command prompt within OpenBSD's disklabel tool. This tool has its own command set, which you can view by entering a question mark at the disklabel prompt. We're going to examine some of the basic commands here.


Understanding a Disklabel

The "p" command prints the disklabel as it currently appears. A disklabel contains two basic sets of information:
  1. some physical information about the disk and 
  2. information about the partitioning of the MBR partition. 
Let's look at the physical information first. While it doesn't usually have a direct impact upon the installation process, you may need to know how to read it if something goes wrong.

> p
device: /dev/rwd0c
type: ESDI
disk: ESDI/IDE disk
label: SAMSUNG SV2011H
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 39179952
free sectors: 39179889
rpm: 3600

  1. Your first entry is the disk's device name, shown as /dev/rwd0c in this example. The middle of the name, wd0, is the disk name. The leading "r" means that we're addressing the disk in raw mode, while the tailing "c" means that we're examining the "c" partition. "c" is the OpenBSD partition name used for the whole MBR disk. 
  2. The type is a general label describing the interface used by the disk. Any IDE disk will show up as ESDI (Enhanced Small Device Interface), while SCSI disks are labeled SCSI.
  3. The disk field shows what sort of disk is attached to this interface. In this case, it's an IDE disk, but we knew that from the device name already.
  4. The label displays the manufacturer's name and model number for the drive. 
  5. The bytes per sector line shows how many bytes are in a single sector. Almost all drives put 512 bytes, or half a K, in a single sector.
  6. The next few lines, where disklabel prints out the sectors per track
  7. the tracks per cylinder, 
  8. the sectors per cylinder, and 
  9. the number of cylinders on the drive
  10. the rpm field tells you the rpm (revolutions per minute) of the disk.
This lines can be confusing. Hard drives have expanded dramatically over the years; many different sorts of hardware perform some sort of "translation" to make the hard drive work as you would expect. This means that by the time this information reaches the disklabel program, the hardware, the BIOS, or both may have altered it repeatedly. You cannot trust that these values reflect the physical design of the disk. (If you're interested in the workings of disk translation, take a look at the INSTALL.chs document in the i386 directory of the distribution directory.) Fortunately, you don't need to do anything with them.
    The fields that tell you the  total sectors on the disk and the number of free sectors are accurate, however. The whole purpose of the translations that the hardware performs is to give an accurate sector count, after all!

    All of the above cannot be changed without changing the underlying hardware. The following section, which displays the actual OpenBSD partitioning of the disk, can and must be altered.

16 partitions:
#        size          offset   fstype   [  fsize  bsize  cpg]
  c: 39179952         0    unused         0     0
>

  1. The first line shown here says that you can have up to 16 OpenBSD partitions on this hard drive.
  2. The comment line shows what each of the six columns beneath it mean.
  3. The first gives a partition letter. A unique letter identifies each partition on a disk. As we said earlier, the "c" partition represents the whole drive.
  4. The size is the number of sectors the partition takes up. In our example, the "c" partition takes up 39179952 sectors. This includes the sectors occupied by the Master Boot Record — remember, "c" is the whole disk.
  5. The offset column shows how far from the beginning of the disk this partition begins. As the "c" partition is the whole disk, it has an offset of zero.
  6. The fstype column shows the file system type the partition has.
  7. The last three columns describe fragmentation behavior of the file system and are not meant to be changed by anyone. The OpenBSD file system is highly fragmentation resistant. If you're curious, start reading at newfs(8) and its related manual pages. If you're an advanced user, the installer does give you a chance to alter these — but you really shouldn't unless you know exactly what you're doing and why.
  8. Under fsize, you will see the fragment size for any file fragments on the disk, in bytes.
  9. The bsize is the size of a block on disk, in bytes.
  10. Finally, cpg shows the number of cylinders per cylinder group.
Anytime you feel confused in the disk partitioning process, print your current disklabel and compare it to your notes on how you want the partitioning to look.
Now that you can see what the disk partitioning looks like, let's add a partition or four.

Adding Partitions
This IDE drive is 20GB, and I want to divide it as follows.

  • 500MB root
  • 500MB swap
  • 10GB /usr
  • 9GB /var
I don't have a /home partition on this drive; I plan to put it on one of the SCSI drives.
    To add a partition, enter "a". This will drop you into an interactive dialog. The important thing to remember here is that partitions are created on the disk in the order that you create them in the disklabel. You want your root partition to be first on the disk, so you need to create it first. (Remember, if you put your root partition further in the disk you might break the 8GB limit!)

> a
partition: [a]

Traditionally, the first partition on a disk is the "a" partition. Hit ENTER to take the default.

offset: [63]

The offset is the number of sectors from the beginning of the disk this partition begins. Remember, sectors 0–62 are used by the Master Boot Record. The installer is smart enough to know this, and presents a default that picks up where the last partition left off. Hit ENTER to accept it.
size: [39179889] 500M

By default, the installer presents you with the number of sectors remaining on the disk as your partition size. This is useful for the very last partition on the disk, but it's not what you want to use here.
    The default unit here is in sectors. Rather than having to convert the partition size you want into sectors, however, the installer recognizes the following abbreviations for sizes:
  • b for bytes
  • c for cylinders
  • k for kilobytes
  • m for megabytes
  • g for gigabytes
Here, we tell the system to create a 500MB partition. Partitions can only be created along cylinder boundaries, so the installer will round it off to the nearest cylinder unless you happen to enter a value that exactly matches a cylinder.

FS type: [4.2BSD]

You can either choose a 4.2BSD file system, or "swap." The installer knows that the "a" traditionally needs a file system, so it defaults.

mount point: [none] /
>

We want this first partition to be our root partition, so enter a slash. The partition is created, and you are dropped back to the disklabel prompt. Swap space is next on the list.

> a
partition: [b]
offset: [1024128]
size: [38155824] 500M
Rounding to nearest cylinder: 1024128
FS type: [swap]

This looks almost exactly like our first example. We tell disklabel to add a partition. As it's our second partition, it defaults to partition b. It begins at an offset just after where your previous partition ends. We have to 4 enter a size, which is the first non-default choice we enter. Disklabel automatically rounds this off to a suitable cylinder boundary. The "b" partition is traditionally swap space, so disklabel defaults to creating this as swap space. Swap space doesn't have a mount point, so we're done. Our next mount point has a couple of minor surprises, however.

> a
partition: [d]
offset: [2048256]
size: [37131696] 10G
Rounding to nearest cylinder: 20971440
FS type: [4.2BSD]
mount point: [none] /usr
>

Here, the automatic partition lettering has skipped "c" and gone to "d." What gives? Remember, the "c" partition represents the entire disk, so "d" is the next available letter. Because "b" is the traditional swap space, disklabel defaults to making this partition (and all subsequent partitions) a standard OpenBSD file system. Finally, we have to tell disklabel where we want this partition mounted.
Our last partition on this disk, /var, is the easiest to create of all.

> a
partition: [e]
offset: [23019696]
size: [16160256]  
FS type: [4.2BSD]
mount point: [none] /var
>

Disklabel knows which partition letter to assign, and the offset, and it even knows how many sectors are left on the hard drive! All we have to do is assign a mount point.
    Now that you've completely filled the disk, use the "p" command to print your edited disklabel. The top of the disklabel is unchanged, but our partition table looks considerably different.

> p
...
16 partitions:
#        size   offset    fstype   [fsize bsize   cpg]
  a:  1024065       63    4.2BSD     1024  8192    16  # /
  b:  1024128  1024128      swap
  c: 39179952        0    unused        0     0
  d: 20971440  2048256    4.2BSD     1024  8192    16  # /usr
  e: 16160256 23019696    4.2BSD     1024  8192    16  # /var
>

All of our partitions are visible here, along with comments recording which partition we intended to assign them to. You can check your work here.


Writing a Label to the Disk
Once you are satisfied with your work, hit "q" to write your edited disklabel on the disk. If you don't like your work, you can hit "z" to quit disklabel without writing any changes.

> q
Write new label?: [y]

You'll get one last chance to change your mind. Once you write a new disklabel, recovering any data on the disk will become extremely difficult! You should have backed up any vital data on this disk before starting the install, but this is a good time to confirm you didn't, say, microwave the backup tape. Hit ENTER to continue.

The root filesystem will be mounted on wd0a.
wd0b will be used for swap space.
Mount point for wd0d (size=10485720k), none or done? [/usr]

You have a final chance to set the mount point for your partitions. The mount point you chose is in the default, but if you want to rearrange things, you can do it here. Hit ENTER to go on. The installer will cycle through all of the partitions on the disk, asking you to confirm their mount points.

Mount point for wd0e (size=8080128k), none or done? [/var]
Mount point for wd0d (size=10485720k), none or done? [/usr] done

When you have confirmed all of your mount points, the installer starts asking you where you want to mount your disks again at the beginning of the list! This might seem annoying, but think about it. If you realized on your last partition that you had made an error on the mount point, you might need to rearrange earlier partitions. Enter "done" to end the loop, and proceed to the next disk.



Installation Media

Now that you have a network connection and a disk to put files on, you can tell the system where to install from.
   You will now specify the location and names of the install sets you want to load. You will be able to repeat this step until all of your sets have been successfully loaded. If you are not sure what sets to install, refer to the installation notes for details on the contents of each.
Sets can be located on a (m)ounted filesystem; a (c)drom, (d)isk or (t)ape device; or a (f)tp, (n)fs or (h)ttp server.
Let's install the sets!
Location of sets?(cd disk, ftp, http or 'done') [cd] ENTER
Here, we will discuss installations over the network (FTP and HTTP), and installations from CD-ROM. The "mounted filesystem" and "disk" installs are more commonly used in a multiple-boot installation, so we'll cover them later. (And if you know how to prepare an OpenBSD installation tape, you probably don't need this tutorial!)


CD-ROM Installs
If you're installing from CD-ROM, you probably booted off of it. If you had to boot off a floppy disk, be certain that your CD-ROM is in the computer before proceeding! If you enter RETURN to choose CD-ROM media, you'll see the following message:
Let's install the sets!
Location of sets?(cd disk, ftp, http or 'done') [cd] ENTER

Available CD-ROMs are: sd0
Which one contains the install media?(or 'done') [cd0] ENTER
Pathname to the sets?(or 'done') [4.6/amd64] ENTER
You almost certainly have only one CD-ROM drive installed. If you have multiple CD-ROM drives, they will be named cd0, cd1, cd2, and so on. You may have to look at the system's boot-time messages to determine which drive is which. Enter the name of your CD-ROM drive in the appropriate space. The installer knows which on the CD-ROM the architecture's distribution directory can be found, but if this is a custom CD-ROM not created by the OpenBSD team you may need to enter a custom path. That's it! You're now ready to go.


Network Installs
On any sort of network install, from any source, the installer will ask you several basic questions:
  • What server is the installation media found on?
  • Where on this server is the installation media?
  • What are my logon and password to access this resource?
You'll want to have these answers available before you start. The FTP and HTTP install processes are almost identical, so we're only going to cover FTP. In most cases the questions are exactly the same, except for the scripts saying "HTTP" instead of "FTP." If you have a choice, use FTP. (FTP is a more reliable protocol for transferring large amounts of data than HTTP)

Location of sets? (cd disk ftp http or 'done') [ftp] Enter
  HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] Enter
  
If you are behind a FTP or HTTP proxy server, you can enter the URL here. If you aren't, just hit ENTER.
Server? (hostname, list#, 'done' or '?') [mirror.example.org] obsd.cec.mtu.edu
The installer can fetch a list of mirror sites for the release you are installing. If you already know which OpenBSD mirror site you are going to use, you will have an opportunity later to enter it directly. Otherwise, you should probably take a look at the list of servers.
  1. ftp://ftp.openbsd.org/pub/OpenBSD          Alberta, Canada
  2. ftp://ftp.openbsd.org.ar/pub/OpenBSD         Buenos Aires, Argentina
  3. ftp://mirror.aarnet.edu.au/pub/OpenBSD       Canberra, Australia
  4. ...
Each line is an official OpenBSD mirror for this release and includes
  1. an index number, 
  2. a URL, and a 
  3. physical location.
If you're not certain which mirror is closest on the network, choose a mirror that is physically close (In an ideal world, before starting you would have identified your closest mirror with ping(8) and traceroute(8). But I'm not about to walk you through these commands for every operating system that you might have!). Remember the index number for your closest mirror. I.e.
66  ftp://ftp3.usa.openbsd.org/pub/OpenBSD     Boulder, CO, USA
At the end of the server list, the installer asks you which mirror to use. If you had previously chosen a particular mirror or have a local FTP server you're using, you could enter that host name here. Otherwise, just enter the server number.
Server IP address, hostname, or list#? [] 66
Using   ftp://ftp3.usa.openbsd.org/pub/OpenBSD
Does the server support passive mode ftp? [y]
Passive mode FTP is a more modern version of the FTP protocol, designed to cooperate with packet-filtering firewalls. Some very old FTP servers do not support passive mode FTP properly, however. Almost all public OpenBSD mirrors support passive mode FTP; if you have problems getting the software from a particular server, however, you might try setting this to "no."
Server directory? [pub/OpenBSD/3.2/i386] pub/OpenBSD/3.2/i386
If you entered a number from the FTP server list, the installer remembers which directory of the FTP server the software can be found in. Otherwise, enter the full path to the architecture's release directory here.
Login? [anonymous]
OpenBSD mirrors generally allow anonymous access. If you are installing from a local mirror, you might need to enter a username and password here.


Distribution Sets
Now that you know where you are installing from, you can choose what to install. The installer will present a list of all the distribution sets available in this version of OpenBSD.

The defaults shown are a reasonable choice for a server with the X Window System. If you're satisfied with these choices, you can just enter "done". To install a complete set of OpenBSD, including X, enter the name "all." If you want something in between, such as adding one distribution set to the list, type its name.
File Name? (or 'done') [xbase32.tgz] xshare32.tgz

To remove a distribution set, enter its name with a leading -.
File Name? (or 'done') [xbase32.tgz] -man32.tgz

After each modification, the installer will present you with an updated lists of distribution sets it will install. When you're happy with the list, type "done" and ENTER. You'll get a final chance to change your mind.

Ready to install sets? [y]

Hit ENTER, and the installer will begin writing OpenBSD from the installation media onto your hard drive. You'll see a message much like this for each distribution set you chose to install.

This will go very quickly if you're installing from CD-ROM, and at network speeds otherwise.
    Once the distribution sets you chose are installed, you'll have an opportunity to change your mind and add more distribution sets. This can be useful if a network site you installed from did not have all the sets you needed or if network issues prevented you from downloading them.
Extract more sets? [n]


Custom Installation Sets and Scripts
If you have downloaded the installation sets to a local FTP server or have built some other local installation media, the OpenBSD installer allows you to add your own custom files or scripts to the install process. This is very useful if you have a "standard build" for your network and want to replicate one set of changes to every freshly installed machine.
    The installation script looks for a set called "siteXX.tgz" in the same directory as the other distribution sets. Replace the "XX" with the release name — for example, a custom site file for OpenBSD 3.3 would be called "site33.tgz." This file is a standard gzipped tar file rooted in /. This file is extracted last, using the standard xvpf options, allowing the administrator to add custom files or packages to every system installed with that set.
    As a final step in the install process, the installer will look for a shell script called /install.site. If such a script is found, it is run as the last stage of the install process. You can use this to remove unwanted programs, install other software or any other actions desired. The easiest way to get /install.site onto your new system is to include it in siteXX.tgz.


Final Installation Steps
Tthe install rebuilds device nodes, installs bootblocks, and in general cleans up after itself. Finally, you will see the completion message.

Enter the word "halt," and the system will shut itself down. Do not just power off the computer! You want to shut the system down gracefully.
syncing disks... done
The operating system has halted.
Please press any key to reboot.
One press of the ANY key, and your system will reboot into OpenBSD! or you can power off.


Post-Install Configuration

Now that you've got OpenBSD installed, it's time to start configuring it. Let's start from the beginning with your first experience with the operating system after installation's over.
    OpenBSD has a general configuration file that controls which of its integrated programs run and how they function. We'll discuss this system, /etc/rc.conf, in some detail.


First Boot in OpenBSD
The boot loader will pause briefly in case you want to load an alternate kernel. If you can't wait the few seconds, press Enter to skip it.
    When you get to the login prompt, log in as root and put in your root password. You'll be greeted with a paragraph of welcome text and a new mail notification. If you are asked for your terminal type, type in pcvt25 and press Enter. Go ahead and read the welcome message, then type in mail and press Enter to read the email. You'll see a list of messages come up, but really there is only one right now, from Theo de Raadt. To read it, type more 1 (that's the number one) and press Enter.
As you'll see, the email is a welcome message from the OpenBSD project leader. Press the spacebar to scroll down to the next page of text. It's not terribly long, but it does tell you some basic information about OpenBSD that you'll find helpful, including a suggestion to read the afterboot manpage. When you're done, you should see a & prompt. Type x and press Enter to quit the mail program, then type man afterboot to read a more in-depth introduction to OpenBSD(gives much good advice for new systems administrators. Some of that advice gives an overview of material that we'll cover later, while some of it only applies to particular situations or network environments). You should skim afterboot(8) on your version of OpenBSD, as it has lots of pointers to things you might want to set up. Here, we'll cover the steps that should be done on every OpenBSD system.


Creating User Accounts

For reasons of safety and security (mostly to prevent yourself from doing any serious damage to your own operating system), it's best to create a user account to work from. If necessary, you can switch to root permissions from within that account by using the su command (the user must be a member of the wheel group to do this).
    The command that you would use on most Unix-like operating systems is useradd. If you're already familiar with this command and how to use it, go ahead and run it.
If you have several user accounts to add, or would like a simpler utility for adding users, OpenBSD has a neat little script called adduser
The first time you run adduser, you are asked to set the default user parameters. After those are set, you'll be able to initialize a new user account. So let's get started:
type adduser and press Enter.
Go ahead and put in the default user account settings. If you don't know what to put in here, just press Enter to accept the defaults. Once those are set, you'll be asked for a username and user-specific settings. Go ahead and put them in as they appear. When you're asked to invite the user to other groups, you will probably want to type in wheel here, as that's the group that allows a user to switch to root permissions. If you do not want this user to be able to gain root access (if it's an account for someone else other than you, for instance), then don't invite them to the wheel group.
    At the end of the procedure, you'll be asked to verify the account settings you just entered. After you approve them, the account will be created, and that user will be able to log in.

A Quick Introduction to the vi Editor
The default editor in OpenBSD (and most other Unix-like operating systems) is vi. It's a little old and archaic, and requires time and determination to learn to use it effectively. If you want to learn more about it, install the Vim package from the OpenBSD Ports tree later on (Vim is an improved version of vi) and go through the in-program tutorial. For now, though, you just need to know how to use it. Here's a list of basic commands:
  • Press i to enter insert mode, which allows you to type and erase text
  • Press Escape to exit insert mode
  • Press colon (:) and then type w and press Enter to save a file, as in :w
  • Press the d key twice to delete a line
  • Press the / key and then enter a search string to perform a search
  • Press the o key to skip to the next line, insert a line break, and enter insert mode
  • Type in :q and press Enter to quit vi
  • To save and then quit, type :wq and press Enter
  • To quit without saving, type :q! and press Enter
  • Remember to exit insert mode before you try to execute other commands.

Customizing the Terminal

Even if you're eventually going to end up controlling this machine remotely through OpenSSH, or if you're going to be running a graphical desktop environment, you still have some configuration work to do from the terminal. Wouldn't it be helpful to adjust your key repeat rate and maybe add some color output to your screen? This section is entirely optional, but you will likely find it helpful.

Changing the terminal type
The default VT220 terminal emulator is not able to display color, and it's difficult to see what you're doing in command-line text editors when you can only see black and gray. Fortunately this is a setting that can easily be changed; just follow this process:
  1. Change to the home directory of the user whose terminal type you want to change (remember that root's home directory is /root): cd /home/user/
  2. Now edit the .profile configuration file with vi or your preferred text editor.
  3. Add this line above the PATH statement: export TERM=pcvt25
  4. For the root user, erase or comment out (by putting # symbols before each line) the three-line if statement at the bottom of the /root/.profile file. It should look like this:
if [ -x /usr/bin/tset ]: then
   eval '/usr/bin/tset -sQ \?$TERM'
fi
Erasing or commenting this if statement keeps OpenBSD from asking you what terminal type you want to use every time you log in.
    You will have to log out and log back in for these changes to take effect. From this point forward, you should be able to see colors where appropriate (for example, in applications such as Vim, Emacs, Lynx, Mutt, etc.).

Setting the key repeat delay and rate
Is the keyboard delay and repeat rate too slow for you? If you're going to be primarily controlling this system through a serial terminal or over OpenSSH, there isn't much sense in changing these settings. If you're going to be working from a keyboard connected directly to the machine, however, there are two settings you can edit to modify
  • the key repeat rate and 
  • repeat delay
First let's play with them in real time to see which numbers you prefer, starting with the repeat rate. Run this command:
wsconsctl keyboard.repeat.del1=300
If that's too fast or too slow for you, run the same command with a lower or higher number. When you find a rate that you prefer, write it down for right now. We'll make this setting permanent in a moment.
    Next, let's try changing the key repeat delay. Be warned that if you set this number too low, it can be extremely difficult to type your way out of it:
wsconsctl keyboard.repeat.deln=50
Again, adjust the number to your preference, but try not to go so low that you can't type normally. Once you've got your preferred number, write it down.
    Now let's make these settings permanent. Edit the /etc/wsconsctl.conf file. You'll notice that the first two settings you find are are similar to the commands you've just run. If the lines are commented out (if there's a # before them), uncomment them and set their numbers to the ones you wrote down. Remember that  
  • del1 is the repeat rate and 
  • deln is the repeat delay.
Save and exit the file when you're finished. Since you've already adjusted the settings for your current session, you won't have to re-log or restart the computer for them to take effect.



CD/DVD Mounting Made Easy

Before you go much further, it might be a good idea to make it easier to mount your optical drive. By default, you have to do it by hand with a command like this:
mount -t cd9660 /dev/cd0a /mnt
You're going to run out of predefined mount points if you have any other disks or drives to mount, so the default method really isn't meant to be a permanent solution. If this machine is meant to be a server that you'll never need to put CDs into (upgrading aside), there's no need to make any changes; you can leave it as is. Otherwise, follow this procedure:
  1. First you'll need a more convenient place to mount the optical drive. I suggest /mnt/cdrom (usually the standard in GNU systems) or /cdrom (usually the standard in FreeBSD). Regardless of what the directory name is, you have to create it. /mnt/cdrom will be the example used here, so that's the one we'll use right now, though you're free to change it to your preference. Use the mkdir command to create it: mkdir /mnt/cdrom
  2. Next, open /etc/fstab with your preferred text editor and add this line (you may have to change the device node if you have several CD drives): /dev/cd0a /mnt/cdrom cd9660 ro,noauto 0 0
  3. Save and exit the editor. Now you can use the mount and umount commands without having to type the device name and mount point each time.


Installing the Ports Tree and the Base System Source Code

Installing the Ports tree and the base system source code is optional. You need Ports only if you need more than a handful of extra programs and you know exactly what they are.
You need the OpenBSD source code if you want to be able to switch to the OpenBSD X.X-STABLE branch, which recompiles the base system if security patches become available.
The Ports system
  1. downloads the source code of the program you want to install, 
  2. applies OpenBSD-specific patches, and 
  3. then compiles and installs it and all of its dependencies. 
Obviously there are quicker, easier, and more disk-efficient ways to install software, so if you only need a few programs, it might be easier to use the pkg_add command to install them, assuming they have few dependencies. A lot of the time, though, you don't really know what you need until you've had the system up and running for a while, and sometimes you end up needing another program a few months down the line.
    Whether or not you should install the Ports tree depends on what you're going to do with your OpenBSD machine:
  • If it's just going to be a router or a wireless access point, it might be best to install the few packages you need (if any) and forget about Ports entirely. 
  • If this is going to be a web, email, or other network server, Ports will probably make your life easier unless you have the most basic of configurations in mind. 
  • If this is to be a desktop machine, you definitely want Ports. 
If you change your mind later, you can always install or remove the Ports tree.

Installing the Ports tree
  1. If you have the official OpenBSD CD set, the Ports source code can be found on disc 3. So insert that disc into your optical drive and mount it (this assumes you followed the earlier tutorial on modifying /etc/fstab to make CD mounting easier): mount /mnt/cdrom
  2. Now change to the destination directory: cd /usr/
  3. Finally, unpack the Ports tarball: tar zxvf /mnt/cdrom/ports.tar.gz
If you installed over FTP, you'll have to fetch the Ports tarball from your local FTP mirror before you can unpack it.
  1. You can connect to it from the command line by using the ftp command. 
  2. Log in as anonymous and use your email address as the password. Navigate to the / pub/OpenBSD/4.0/ directory, and then use the get command to retrieve ports.tar.gz. This command will do the trick (substitute your local mirror for openbsdmirror below): ftp ftp://openbsdmirror/pub/OpenBSD/4.0/ports.tar.gz 
  3. Once the file is downloaded, unpack it to the /usr directory. It will unpack its own /usr/ports directory and populate it with the moret 4,000 program entries in the Ports tree. 
  4. Once the Ports tree is unpacked, you're ready to use it. Instructions for that are in the next $.

Installing the base system source tree
This procedure is almost identical to that of the Ports tree. Here's the process:
  1. Mount disc 3 of the OpenBSD CD set, or download the src.tar.gz file from your local OpenBSD mirror. If you'd like an example of how to do this, read the preceding subsection on installing the Ports tree.
  2. Switch to the /usr/src/ directory: cd /usr/src
  3. Unpack the src.tar.gz file: tar zxvf /mnt/cdrom/src.tar.gz
When it is done, you will be able to switch to the patch branch and compile your own OpenBSD kernel.


Using the OpenBSD Package Tools

The pkg_add command is useful for fetching and installing packages, but it's a real pain to have to type in an exact path to the package, which will be on either disc or of your CD set, or from a remote FTP mirror. Fortunately, a  variable in OpenBSD called PKG_PATH allows you to easily do this. It sets a path(or more) either local or remote to a directory of OpenBSD packages.
If you have PKG_PATH set to an online OpenBSD package repository, it makes it much easier to install packages with pkg_add or through the Ports tree. If you have a lot of installed programs, whether they be from Ports or from the pool of precompiled packages, this is definitely the way to go. 
Here's how to take advantage of it:
  1. Unless you already have one written down, go to this address and find an OpenBSD mirror that is close to you
  2. Edit the /root/.profile configuration file. On a blank line, type in this line, substituting the FTP mirror address you selected in the previous step for openbsdmirror (also substitute amd64 for i386 if you're using the AMD64 edition): export PKG_PATH=ftp://openbsdmirror/pub/OpenBSD/4.7/packages/i386/ (don't forget the last /)
  3. And put this line below it: export FETCH_PACKAGES=yes
  4. Save and exit the editor, then re-log in so that the changes can take effect(or execute ". ./.profile" command. It reloads your new .profile so you do not need reboot). If you are logging in as a regular user and using su (not su -)to install packages, you will need to make the same changes to your user's ~/.profile configuration as well.

With the above changes,
  1. whenever you try to install a program through the Ports tree, Ports will first look for a binary package in the directory you specified. 
  2. If it finds one, it also looks for dependent packages. 
  3. If no precompiled binaries are found, Ports goes ahead and compiles the program from source, along with any dependencies. 
  4. If you install a package with the pkg_add command, you need to type only the package name (not the full version information and path), and dependencies are automatically calculated for you.

Installing programs through Ports and pkg_add
There are more than 4,000 programs in the Ports tree, and about 6000 of them have precompiled binary package equivalents. As mentioned in the previous subsection, you can use Ports to retrieve binary packages if you make the changes listed above.
    The advantage that Ports has over the plain pkg_add command is that it's much easier to find a program you're looking for. Just go to /usr/ports/ and look through the categories; then cd to that category and look for the program you want. Vim, for instance, can be found in /usr/ports/editors/vim/.
    If there is any question as to what one of the programs in Ports does, take a look at the DESCR file in that program's pkg directory. DESCR provides a basic description of what each program does.
    If you can't find a package through ordinary navigation of the Ports tree, switch to the /usr/ports directory and run this command(Replace searchterm with a search word):
make search key=searchterm
This is not case-sensitive, so capital letters don't matter. You'll be shown a list of programs in the Ports tree that have descriptions that contain the word you searched for. If the list is too long to read in one screen, hold down the Shift key and press Page Up to scroll the screen buffer back a little.
    Once you change to the program's directory in the Ports tree, run this command to install the program:
make install clean
  1. First, Ports will check to see if there is a package available. 
  2. If there is, it'll fetch it and any dependent packages and install them.
  3. If there is no package, the source code will be retrieved, and the program and all of its dependencies will be compiled and installed, and 
  4. then the temporary build files and source code tarballs will be deleted.
The pkg_add command is used like this:
pkg_add packagename

The package tools now do name resolution, so if you need to install, for instance, the GIMP graphics program, you won't need to specify the version number (unless there are several variants of the package available).
    If you want to find out more about pkg_add, view its manual by running this command:
man pkg_add
Though there are a few more package tools, the only other ones you're likely to use are: 

  • pkg_info, which tells you what packages are currently installed and what versions they are (it can also be used on individual packages to tell you all about them), and 
  • pkg_delete, which removes a particular package.



Enabling Binary Compatibility with Other OSes

OpenBSD has the ability to run binaries from some other kinds of Unix or Unix-like operating systems. This binary compatibility is restricted to certain processor architectures (i386, mostly) and is not turned on by default. 
    Fortunately, enabling it is simple. Assuming you want to permanently enable binary compatibility, follow this procedure:
  1. Edit the /etc/sysctl.conf file with your text editor of choice.
  2. At the end of the file you'll see six commented-out lines that deal with binary compatibility. Uncomment the ones relevant to your situation. The next time you restart the computer, binary compatibility for the operating systems you specified will be enabled.
  3. If you don't want to restart, use the sysctl command to enable compatibility for this session: just type sysctl and then after it, copy and paste the line from the sysctl.conf file that you want enabled and press Enter.
  4. If you want true FreeBSD compatibility, you'll have to install the /usr/ports/emulators/freebsd_lib package, which provides some essential FreeBSD software libraries.
  5. If you want full Linux binary compatibility, you'll have to install the /usr/ports/emulators/redhat package, which provides some essential GNU software libraries. You will also have to create a /proc directory and add this line to /etc/fstab: /proc /proc procfs rw,linux 0 0
Not all binaries will work, but most should. Anything that has architecture- or system-specific code (such as something that interfaces directly with your computer hardware) will probably not work.
    FreeBSD binaries will use the /emul/freebsd directory as their "shadow root" directory, where a sort of dummy skeleton of a FreeBSD system is kept. A similar directory can be found for Linux binaries in /emul/linux.
    If you have trouble running binaries from supported platforms, each of them has a manpage that has specific troubleshooting tips:
  • man compat_freebsd
  • man compat_linux
  • man compat_svr4
  • man compat_ibsc2
  • man compat_aout
  • man compat_bsdos


Custom Kernel Configurations

Most people will never have to recompile the OpenBSD kernel.
  • If you're working on a system where you measure memory or storage in kilobytes, or 
  • if your hardware is supported in OpenBSD but is not compiled into the GENERIC kernel
you can use the instructions in this section to trim your kernel down or build a kernel with the hardware support you need. You must have the OpenBSD base system source code installed in order to continue with this section.

Creating a custom OpenBSD kernel
You can find the default kernel configuration file in the /sys/arch/i386/conf directory (The /sys directory is actually a symlink to /usr/src/sys). Make sure you substitute amd64 for i386 if necessary. It's a plain text file, so you can view it with the less command or edit it with your preferred text editor.
    Feel free to have a look at GENERIC, but don't touch. If you want to create your own kernel config file, copy GENERIC to some other name so that if things go wrong or if you want to go back to a stock kernel, it's as easy as recompiling with a different config name. So copy GENERIC to a filename like MYKERNEL, and then work with that instead.
    The lines that have a # preceding them are commented out, so they are not compiled into the kernel. You'll probably notice, looking through the default configuration that most things are compiled into the kernel. To remove something from the kernel you're compiling, comment it out; to put something in that isn't there now, uncomment it.
There is a separate configuration for multi-CPU configurations or multi-core processors: GENERIC.MP. It contains an include to pull in the contents of GENERIC and adds these three lines:
option MULTIPROCESSOR
cpu* at mainbus?
ioapic* at mainbus?
If you need a custom SMP kernel, it might be easier to copy and paste these three lines somewhere in your MYKERNEL configuration rather than create a MYKERNEL.MP.
    Once you've got your kernel configuration the way you want it, follow this process to compile and install it:
  1. Run this command (assuming you followed the example and used MYKERNEL as the custom config filename): /usr/sbin/config MYKERNEL
  2. Then change to the directory the preceding command created: cd ../compile/MYKERNEL
  3. Now it's time to compile: make clean && make depend && make && make install
If your config file is in order, the kernel should compile and install properly. At this point, all you have to do is restart the system for the new kernel to take effect. If you need a detailed description of kernel configuration options, see the options manpage.



Basic Configuration
All of the steps here must be performed as root. You must avoid use of the root account whenever possible. That's not necessary yet, however.


Time Zone
All of the time zones OpenBSD supports are in the /usr/share/zoneinfo directory tree. You'll find quite a few time zone names in this directory. You'll also find several subdirectories for various countries or continents, each containing either city names or local time zones. Find the file for the time zone you like or for a city whose time zone you share. To set the time zone, just create a new symbolic link to the file from /etc/localtime.
# ln -fs /usr/share/zoneinfo/America/Detroit /etc/localtime
OpenBSD also supports POSIX-style time zones, which have their own rules. Those time zone files are stored in /usr/share/zoneinfo/Etc. Do not use POSIX times unless you are absolutely certain you understand them.


Date
Now that you have a time zone, set the correct date. OpenBSD supports programs such as xntpd(8) and ntpdate(8), but does not include them by default. OpenBSD does include rdate(8), if you have a time server accessible from your network. (This may not be an option behind a firewall, of course.) You might have to set the date by hand.
    Date(1) can be used to set the system date. Confirm that you know the current year, month, day of the month, and time (in 24-hour format). To give them to date(1), just run them all together in order. In the following example, we set the date to the year 2002, month of August, day 16 of the month, and 1:24 p.m. (13:24).
# date 200208161324
Fri Aug 16 13:24:00 EDT 2002
#
Fortunately, date(1) spits out the date as it understands it, so you can check your work easily.
If you have access to a NTP server, you can set the time with rdate(8). While rdate(8) is generally used for older time protocols, OpenBSD's rdate(8) will speak to a NTP server if you use the -n flag.
# rdate -n timeserver.company.com

Set Host Name
You can set the system's host name in /etc/myname. For example, my test system is called openbsdtest.AbsoluteOpenBSD.com.
# cat /etc/myname
openbsdtest.AbsoluteOpenBSD.com
#

Ethernet Interface Configuration
If you have installed OpenBSD over the network, your Ethernet network card is already set up and working. If you installed from CD-ROM, you probably want to configure any network cards in the system. (If you want to connect to a network via PPP, be patient for later). For a complete list of cards recognized by your installed OpenBSD system, run

ifconfig -a
If you're not familiar with Ethernet, IP addresses, default routes, and so on, you probably want to wait to configure your network until you get it. This section is meant for experienced systems administrators who already know what they want to do, and just need to know which files to touch to do it. For a complete description of the configuration options for your version of OpenBSD, check hostname.if(5).
    Each Ethernet card has its own configuration file, named /etc/hostname. interfacename. For example, the network card fxp1 has a configuration file named /etc/hostname.fxp1. The format of the file is very simple when using IPv4 addresses:
inet  ipaddress  netmask  broadcastaddress  options

This string is used as an argument to ifconfig(8).
  • The IPaddress  is standard dotted-quad notation, such as 10.8.3.250.
  • The netmask can be given in dotted-quad format (255.255.255.0) or in hexadecimal (0xffffff00).
  • The broadcastaddress gives you an option to hard-code the broadcast address on this network. If you put in the word NONE instead of an address, however, OpenBSD will compute the correct broadcast address from the IP address and the netmask you gave earlier.
  • Finally, the options can be any valid arguments at the end of an ifconfig(8) statement. If you don't want any options, you can set this to the word NONE.
For example, if you wanted to give the fxp1 card an IP address of 192.168.1.250, without any extra options and letting OpenBSD figure out its own netmask, you would use the following entry in /etc/hostname.fxp1.
192.168.1.250 255.255.255.0 NONE NONE

The next time you reboot, the system will get the network information from this file and configure your interfaces appropriately.For more complicated uses of /etc/hostname.interfacename, take a look at section "Networking".  
DHCP
If this machine is a DHCP client, you can just put the string "dhcp" in /etc/hostname.interface.


Default Gateway
To set your default gateway on an Ethernet network, just place the IP address of the default gateway on a single line in /etc/mygate. This file should have no other entries. On your next reboot, the system will read this file and by default route packets to this IP.


Nameservice
If you want to contact other machines on the Internet from your OpenBSD machine, you probably want to configure your DNS client. Configure DNS resolution in /etc/resolv.conf.
    The first line of /etc/resolv.conf tells the computer its local domain name. Label the domain name with the "domain" keyword.
    Nameservers can appear on subsequent lines, each labeled with an IP address. Remember to use an IP address for a nameserver, not a host name. (It's very difficult to use a nameserver to look up a host name when you cannot find the nameserver!) When you're finished, /etc/resolv.conf should look something like this.

domain AbsoluteOpenBSD.com
nameserver 192.168.8.33

We discuss /etc/resolv.conf in greater detail later in  "etc" section.


Mail Aliases
Every standard OpenBSD system sends status emails on a regular basis. If you're on a middle-sized network, you probably have central systems administration email accounts that go to the proper people. Edit the mail aliases file, /etc/mail/ aliases, to direct those emails to that central account.
In /etc/mail/aliases, you'll see a section that looks like this.

# Well-known aliases -- these should be filled in!
# root:
# manager:
# dumper:

Remove the leading pound sign from each of the "root," "manager," and "dumper" lines. Then put in your correct email address after the colon.

# Well-known aliases -- these should be filled in!
root: support@AbsoluteOpenBSD.com
manager: support@AbsoluteOpenBSD.com
dumper: support@AbsoluteOpenBSD.com

Once you have done this, run newaliases(8) without any arguments to update the aliases database. Emails will now start going to the appropriate accounts.


Testing your Work
Once you have everything set up, reboot your system. After the reboot, log in and confirm that everything worked correctly. Generally speaking, if you follow the steps above you should get sensible answers from date(1), uname(1) should return the correct host name, and you should be able to ping sites on the Internet by name.



Installing the Source Code

At various points, we'll refer to the OpenBSD system source code. I recommend installing it immediately, as it will save you minor annoyance later.
    The source code is available on one of the CD-ROMs in the set. If you installed OpenBSD via FTP, you can also download the source code via FTP. You can find the source code on the same FTP server you installed OpenBSD from, in the release directory, as a file called "src.tar.gz." Just extract this directory under /usr/src.
# cd /usr/src
# tar -xzvpf srcsys.tar.gz
...


Installing the Ports Collection

You will almost certainly want the OpenBSD ports collection. For details why, see section "Addon software". You can grab the ports collection from the CD-ROM or from the FTP server you installed from as a file called "ports.tar.gz." Extract this under /usr.
# cd /usr
# tar -xzvpf ports.tar.gz
...


Integrated Program Configuration

OpenBSD includes a wide variety of programs that have been hooked into the operating system, for ease of management. These are programs that both are widely useful and can be secured in a sensible manner. These programs are enabled, disabled, and (to some extent) configured via /etc/rc.conf.
   When the OpenBSD kernel finishes its initial system setup and hands control of the system over to userland, init(8) runs the shell script /etc/rc. This script starts all the programs that are integrated with the system and performs general system configuration, such as configuring network interfaces and starting servers. It also has hooks to identify programs that you add commonly, but which are not part of the base system. When /etc/rc finishes, the system is considered "fully booted" and is ready for general use.
    /etc/rc.conf contains shell script variable assignments. These assignments control what /etc/rc runs and the command-line options those programs receive. Each variable assignment has three legitimate values:
  • a NO in all upper case. A NO means that this particular piece of functionality is not enabled. In our example below, the FTP server is not running in standalone mode.
  • empty quote marks (""). If you just use empty quote marks, /etc/rc will try to start the program controlled by that variable without any command-line arguments. This may or may not be appropriate, depending on the program you're trying to run.
  • command-line flags in quote marks ("-D"). Anything within quote marks is used as command-line arguments to the program run by /etc/rc.conf. If the program has typical "default" flags, they're usually given in the comment after the variable assignment. In our example above, if we were to enable ftpd in standalone mode, "-D" would be a sensible value for this flag.
Each variable looks something like this:
ftpd_flags=NO   # for non-inetd use: "-D"

/etc/rc Daemon Configuration
The /etc/rc script only performs command-line configuration. It does not affect any configuration files used by the programs it starts. For example, OpenBSD includes the Apache web server. /etc/rc.conf contains command-line arguments used to start the httpd process, but it does not affect the httpd.conf file used by Apache. Edit a daemon's configuration files appropriately before enabling it!


Common /etc/rc.conf Assignments

The following are the /etc/rc.conf entries found in an OpenBSD 3.2 system. They may differ slightly from the flags found in your particular release of OpenBSD. If you come across an unfamiliar variable, check /etc/rc to see what it does.
    This section deliberately does not list all possible options to each variable. Check the manual page for the program the variable starts for specific details. This section merely gives a few basic pointers on what is available and hints about things you might want to look at.


Routing Options
The following options configure OpenBSD's routing management, for both IPv4 and IPv6.

routed_flags
This enables the routing daemon, routed(8). Routed(8) handles RIP (version 1 and 2) and IRDP routing. If you need anything more complicated than routed(8), you probably want to install gated(8).

mrouted_flags
This controls the multicast routing daemon, turning your OpenBSD system into a multicast router. Under normal (non-multicast) environments, you do not want to enable this! For multicast routing to work properly, be sure to enable multicast_router later in this file.

multicast_host
This tells the system that it will support multicasting. Multicasting is a very tricky process, and if you're really interested in it read /etc/netstart for details on how this variable is used.

multicast_router
If you set this to YES, OpenBSD will look for a multicast router running on the local system. If this entry is set to an interface name, OpenBSD will look for a multicast router outside that interface.

gated
This manages the gated(8) routing program. Note that gated is not installed by default; you must install it before using it.

gated_flags
This gives any flags to gated(8), if you install and run it.


Packet Filtering
These variables control the behavior of the integrated packet filter, pf(4). We go into great detail about pf(4) in later sections.

pf
If you are using packet filtering or NAT, set this to YES.

pf_rules
This points to the file containing all the packet filter rules, /etc/pf.conf by default.

pflogd_flags
This gives additional flags to be given to pflog(8). The pflog program starts automatically if pf(4) is enabled. 




Diskless Clients
The following variables control OpenBSD's support for servers for various sorts of diskless clients.

bootparamd_flags
This enables and manages rpc.bootparamd(8). If you provide boot information to diskless clients from this machine, you want this.

rbootd_flags
This enables the remote booting protocol used by diskless HP workstations. Take a look at rbootd(8) for details.

mopd_flags
mopd services bootfile requests from MOP diskless clients (generally, older DEC workstations).




Time Management
OpenBSD supports two different styles of time server, timed(8) and ntpd(8). Timed is older, but is integrated with OpenBSD. Ntpd is newer and used more widely, but is an add-on; we install ntpd in our example in "Add on software" section. Both must run very early in the startup process, so they have hooks in /etc/rc. The two protocols are not interchangeable!

rdate_flags
You can run rdate(8) at boot, to set the system time from a central time server. If you want to use this, put the name or IP address of your rdate server in quotes here. Do not confuse this with ntpdate(8), however; it is a different program, and does not interoperate with Network Time Protocol!

timed_flags
The timed(8) program is used to synchronize time on a network. This is different than ntpd. However, do not confuse the two; they do not interoperate!

ntpdate_flags
This enables setting the system clock from a central time server via Network Time Protocol. If you want to use ntpdate, give this variable the value of the NTP server you want to update from.

ntpd
This starts and the ntpd continuous time synchronization client.


Daemons

The following variables control the assorted network daemons integrated with OpenBSD.

sshd_flags=""
This manages the ssh daemon, sshd(8). You will find the global configuration files in /etc/ssh.

named_flags
This enables and configures the nameserver, good old-fashioned ISC BIND. Setting this to two empty quotes starts the nameserver in the default configuration. Note that OpenBSD includes BIND version 8. This version of BIND supports the most commonly used functionality and has been independently audited by the OpenBSD team. You're welcome to install a newer version of BIND, if you need it.

named_user
named(8) should run as a regular user, not as root. The default user, called "named," is good for almost all circumstances.

named_chroot
This is the directory where named(8) should chroot after starting. The default, /var/named, is fine for just about any installation.

sendmail_flags
This enables and gives command-line options to sendmail(8). By default, OpenBSD's sendmail listens only on the localhost address.

httpd_flags
OpenBSD includes the Apache web server. Note that in normal use on OpenBSD, Apache is run in a chroot environment. To have Apache not chroot, use the "-u" flag. This is not recommended.

dhcpd_flags
This enables and starts the DHCP server daemon, dhcpd(8). It is configured via /etc/dhcpd.conf.

lpd_flags
This starts and configures the Line Printer Daemon.

ftpd_flags
If you only have a few FTP connections, you can choose to run ftpd(8) out of inetd. Set this variable to "-D" if you want ftpd(8) to run in standalone mode. This is suitable if your server is primarily a FTP server.

inetd
This starts and manages the inetd server. See section "Managing PF" for some hints on running inetd.

identd_flags
This starts and configures the identification daemon identd(8). While it's most commonly used out of inetd(8), you can run it in standalone mode by giving this variable the proper flags.

rwhod
If you set this to YES, OpenBSD will start rwhod(8) upon boot.

syslogd_flags
This starts and configures the system logger, syslogd(8).

wsmoused_flags
When set to empty quotes, this turns on PS/2 or USB mice in console mode. You can highlight, cut, and paste in a text-mode console with console mice. See moused(8) for other possible options.


IPv6 features

/etc/rc.conf includes several variables for IPv6 and related features. Although we aren't covering IPv6 here, we'll only mention these just so you have some sort of clue what they mean when you stumble across them.

isakmpd_flags
This manages the other IPSec key management daemon, isakmpd(8).

rtadvd_flags
This enables and configures router advertisements for IPv6 routing.

route6d_flags
Route6d supports RIP over IPv6. If you need to route RIP over IPv6, you want this. Be sure to enable IPv6 packet forwarding if you want this!

rtsold_flags=NO
rtsold(8) helps a system find an IPv6 router. Set this to the name of your network interface if you want to use it. Be sure to set the sysctl net.inet6.ip6.aceept_rtadv to 1 if you enable this.


NFS

While you need to configure NFS in /etc/exports, /etc/rc.conf tells the system how to start a variety of programs and services that support NFS.

nfs_server
If you set this to YES, OpenBSD will start the NFS server.

lockd
If you set this to YES, OpenBSD will start rpc.lockd(8). You need to have the NFS server enabled to run this properly.

amd
This starts and configures the automounter daemon, amd(8).

amd_dir
This variable gives the location where amd(8)-mounted directories are mounted.

amd_master
This variable points to the file containing amd(8)'s master map.

portmap
Set this to YES to enable portmap(8). If you are using NFS in almost any way, you want this.

nfsd_flags
This gives any flags to the server-side NFS request services, nfsd(8). Nfsd starts automatically if the machine is configured as a NFS server. 




AFS configuration

OpenBSD has considerable support for AFS. If you're not using AFS, you can leave all of these settings unchanged.

afs
This enables mounting and running AFS file systems. For this to work, you must also set afs_mount_point and afs_device.

afs_mount_point
This is the directory where AFS files are mounted.

afs_device
This is the device name used by afsd(8).

afsd_flags
These are extra flags handed to afsd(8). Afsd runs automatically if you set afs=YES.





Kerberos Setup

OpenBSD includes Kerberos version V.

krb5_master_kdc
This enables the Kerberos V ("Heidmal") domain controller server.

krb5_slave_kdc
This enables the Kerberos V slave domain controller server.




Miscellaneous Variables

The following is a catch-all of other variables that appear in /etc/rc.conf.

rarpd_flags
This enables and manages the rarpd(8) daemon, which provides a TCP wrappers-style service for MAC addresses.

apmd_flags
This starts and configures the Advanced Power Management daemon, apmd(8).

xdm_flags
This manages the xdm(1) X display manager.

check_quotas
When set to YES, OpenBSD will regularly limit users' disk usage as described in quota(1).

savecore_flags
This gives options to savecore(8), should the system find a kernel dump upon rebooting after a panic.

ypserv_flags
This gives any flags to the ypserv(8) information services daemon. Ypserv starts automatically if YP services are configured.

yppasswdd_flags
This allows you to hand any flags to the yppasswd daemon. Yppasswd starts automatically if YP services are configured.

shlib_dirs
Put extra directories to be included by ldconfig(8) during boot here.


Further Setup

Now that you have the system basically configured, you'll probably have a few other tasks you want to accomplish. Refer tothe OpenBSD FAQ, and the manual pages to learn how to proceed.


OpenBSD as a Desktop Operating System

Believe it or not, OpenBSD makes
  • a fine desktop operating system for Unix-savvy people who don't play 3-D games or have high-performance computing requirements
  • It also makes a great development platform for practically any modern computer programming language.
You definitely want the Ports tree installed for a desktop operating environment because you'll probably be installing a relatively large number of programs.



Configuring X.org

There is no clean way to install X.org after OpenBSD has been installed. The best (and officially supported) way to do it is during installation. If you did not install X.org and want to install it now, it would be easiest to reinstall OpenBSD. Configuring X.org is simple. Just run this command from a root terminal:
X -configure
The preceding command is reasonably competent when it comes to auto-detecting your hardware and settings. The best way to test it is to use it with the window manager or desktop environment that you plan on being in most often. The configuration file will be saved to /root/xorg.conf.new. Go ahead and move it over to the proper directory with this command:
mv /root/xorg.conf.new /etc/X11/xorg.conf
If you want to test the configuration right away, you can do so with the default OpenBSD window manager, fvwm. The startx script is already configured to use it, so just type startx and press Enter to test out the settings. When you want to leave fvwm, you can press Ctrl-Alt-Backspace to kill the X session.
If you see some X.org settings that need to be changed, or if X fails to start with the startx script, you can edit /etc/X11/xorg.conf and make any necessary changes.
Configuring X.org is a subject unto itself, so here are a few basic pointers:

  • If the scroll wheel does not work on your mouse, add this line to the mouse's InputDevice section: Option ZAxisMapping "4 5"
  •  If you get no display at all, go to the Device section for the video card and change the Driver line from its current setting (it's probably something like ati, nv or fbdev) to vesaa generic setting that should work with any video card, but won't force you into a low resolution or color depth. Since OpenBSD can't do 3-D acceleration anyway, you've got nothing to lose. 
  • If the color depth and/or screen resolution are not to your liking, you need to adjust the Screen section. Since the default configuration doesn't show you the options you need, here is a good example that you can copy and paste into your xorg.conf file (be sure to completely replace any existing Subsection "Screen" section):
Section "Screen"
        Identifier "Screen0"
        Device "Card0"
        Monitor "Monitor0"
        SubSection "Display"
                Viewport 0 0
                Depth 24
                Modes "1280x1024" "1024x768" "800x600"
                Virtual 0 0
        EndSubSection
EndSection
In the above sample configuration,
  • Depth is color depth in bits (24 is the highest you can go), and 
  • Modes are the resolutions you want to be able to use. The first resolution is the default startup resolution; it is perfectly acceptable to list only one resolution here. 
  • Leave Virtual and Viewport alone; they set screen parameters that you usually don't need to touch.
At this point, you've configured X.org as much as you can without installing your preferred window manager or desktop environment.



Installing a Desktop Environment or Window Manager

Now that you have X.org reasonably well configured, it's time to install the window manager or desktop environment that you prefer to work from. Here's where to find them:
  • KDE: /usr/ports/x11/kde
  • GNOME: /usr/ports/x11/gnome
  • Xfce: /usr/ports/x11/xfce4
  • Enlightenment (E16): /usr/ports/x11/enlightenment
  • Fluxbox: /usr/ports/x11/fluxbox
  • Blackbox: /usr/ports/x11/blackbox
  • IceWM: /usr/ports/x11/icewm
  • Windowmaker: /usr/ports/x11/windowmaker
If your window manager of preference isn't listed here, take a look through /usr/ports/x11 and see if you can find it there. There is currently no support for Enlightenment E17 through Ports, but it very well may compile from source.
    There are many extras and add-ons for various desktop environments and window managers in the /usr/ports/x11 directory, so you should definitely take a look through it to make sure you've got everything you need. Lastly, you can hack the Makefile for many of these packages if you want only certain components installed.



Starting X.org

The /usr/X11R6/bin/xinit script is the default method of starting the X server from a user account, though you can also use startx or the GNOME desktop manager (GDM) or KDE desktop manager (KDM) if you have either one of those desktop environments installed.
Only the root user can run the gdm or kdm binaries from the command line, so unless you want to run this service as root (a security risk), you will have to either configure xinit to start KDE or GNOME, or set GDM or KDM to start as a boot service. Theoretically you could start your window manager of preference by adding it as a command-line argument to xinit, but realistically you'll probably just want to have one graphical environment.
The default X.org login manager is the old, traditional, and relatively boring XDM. There are two good things about XDM in OpenBSD:
  1. it is easily started as a boot service, and 
  2. it is fairly easy to configure.
XDM is configured through the /usr/X11R6/lib/X11/xdm/xdm-config file, though that file draws on other config files in the same directory. By default, XDM starts the plain-old fvwm window manager, which most people will probably want to change. To do this, edit the /usr/X11R6/lib/X11/xdm/Xsession file and look for this line: /usr/X11R6/bin/fvwm
    Change this path and executable to the one for your window manager or desktop environment of choice. If you aren't sure what the executable is, just take a look through the /usr/X11R6/bin and /usr/local/bin directories.
    GNOME and KDE are tricky; you have to use these executables to start them outside of GDM and KDM:
/usr/local/bin/gnome-session
/usr/local/bin/startkde

To make OpenBSD start XDM by default (instead of going to the terminal login screen), edit /etc/rc.conf, and in the following line, change NO to empty double quotes "":
xdm_flags=NO         # for normal use: ""

If you want to use GDM or KDM instead of XDM, you have to go through /etc/rc.local instead of /etc/rc.conf. At the end of the rc.local file, insert one of these lines:
/usr/local/bin/gdm
/usr/local/bin/kdm

If you don't want to log in graphically and will be using X.org only part-time, it makes more sense to use the xinit script instead of a login manager. You could edit the /etc/X11/xinit/xinitrc script directly, but it would be better to copy it to the home directories of the users who need to use X.org and rename it ~/.xinitrc.
    This is the local user override for the global xinitrc. Edit it as you prefer, replacing the #Start some nice programs section with your own preferred applications (or just type the path and executable for your favorite window manager or desktop environment as explained above, and don't start any desktop applications by default).
    To start xinit, just type xinit and press Enter. By default, X.org looks in the current user's home directory for a .xinitrc file, and if there isn't one, the default settings are used.


Finding and Installing Desktop-Oriented Programs
This part is tricky because desktop programs are hidden all over the place in the OpenBSD Ports tree. You have to think about the programs you want and what categories they might fit into, and then browse the Ports tree and see if you can find them. Some of the more common programs and their locations are listed here:
  • OpenOffice.org: /usr/ports/editors/openoffice (OpenOffice.org is broken in OpenBSD 4.0, but it does work in the development branch, which a later section will show you how to convert to if you wish.)
  • AbiWord: /usr/ports/editors/abiword
  • LyX: /usr/ports/print/lyx
  • Vim: /usr/ports/editors/vim
  • Emacs: /usr/ports/editors/emacs21
  • XEmacs: /usr/ports/editors/xemacs21
  • Eclipse (you need to install a JDK first; see the section on Java for instructions): /usr/ports/devel/eclipse
  • Gnumeric: /usr/ports/math/gnumeric
  • Firefox: /usr/ports/www/mozilla-firefox
  • Opera: /usr/ports/www/opera (this is the GNU/Linux edition, so Linux binary compatibility is required)
  • Adobe Flash Player/Plugin: /usr/ports/www/opera-flashplugin (this is the GNU/Linux edition, so Linux binary compatibility is required)
  • Adobe Acrobat Reader/Plugin: /usr/ports/print/acroread (this is the GNU/Linux edition, so Linux binary compatibility is required)
  • Evolution: /usr/ports/mail/evolution
  • Bluefish: /usr/ports/www/bluefish
  • The GIMP: /usr/ports/graphics/gimp
  • Grip: /usr/ports/audio/grip
  • XMMS: /usr/ports/audio/xmms
  • AmaroK: /usr/ports/audio/amarok
  • Rhythmbox: /usr/ports/audio/rhythmbox
  • Audacity: /usr/ports/audio/audacity 

Font Configuration

Now for the tricky part, achieving antialiased fonts. Most desktop operating systems have elaborate software frameworks and predefined configuration files so that you don't ever have to give any thought to the smoothness of your fonts, but OpenBSD makes you work for your reward.
    The first thing you're going to need are more fonts, and as a general rule, the more proprietary they are, the better they will look. Specifically, you want fonts from Microsoft and Adobe, and they're in the following directories:
/usr/ports/x11/msttcorefonts
/usr/ports/print/ghostscript
It might be helpful to install these font packages as well, though they aren't necessary to achieve optimal font rendering quality:
/usr/ports/x11/freefonts
/usr/ports/x11/artwiz-aleczapka
If you have any additional fonts that you transferred from another operating system (font files are generally interchangeable between OSes), transfer them to the /usr/X11R6/lib/X11/fonts/misc directory (or create your own directory in /usr/X11R6/lib/X11/fonts for those files if you wish, but make sure you add it to the configuration file below).
    Now you need to make sure that X.org is configured to use these new fonts. Edit the /etc/X11/xorg.conf from a root terminal, and then add the following lines to the "Section Files" section:
FontPath "/usr/local/lib/X11/fonts/freefont/"
FontPath "/usr/local/lib/X11/fonts/artwiz-aleczapka/"
FontPath "/usr/local/lib/X11/fonts/mscorefonts/"
FontPath "/usr/local/lib/X11/fonts/ghostscript/"
Save the file, but don't restart the X server just yet; there are a few more things that have to be done to fully enable antialiasing.
Now you have to tell Xft about those same font directories, so edit the /etc/X11/fs/config file and find the line that starts with catalogue =. Note that this file may be read-only by default. If it is, run this command prior to editing the file:
chmod +w /etc/X11/fs/config
Once inside the file, you should see some font directories there similar to (but not the same as) the ones listed above. Add your new font directories to the catalogue line, separated by commas. You should end up with something similar to this (new entries are shown in bold):
catalogue = /usr/X11R6/lib/X11/fonts/misc/,/usr/local/lib/X11/fonts/freefont/,/usr/local/lib/X11/fonts/artwiz-aleczapka/,/usr/local/lib/X11/fonts/mscorefonts/,/usr/local/lib/X11/fonts/ghostscript/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11/fonts/CID/,/usr/X11R6/lib/X11/fonts/75dpi/,/usr/X11R6/lib/X11/fonts/100dpi/
Next, use your preferred text editor to create the /etc/fonts/local.conf file and put this into it:
/usr/local/lib/X11/fonts/freefont/
/usr/local/lib/X11/fonts/artwiz-aleczapka/
/usr/local/lib/X11/fonts/mscorefonts/
/usr/local/lib/X11/fonts/ghostscript/
The above configuration will register the new font directories with the fontconfig program. The "real" configuration file is /etc/fonts/fonts.conf, but it has an include statement for local.conf, so your changes will be properly recognized. In general it's a good idea to follow this practice (modifying local configuration files rather than the master ones) for as many system configuration files as you can with OpenBSD because the master files tend to be overwritten when you upgrade OpenBSD or certain subsystems.
    Finally, you need to initialize all of your new font directories with fontconfig. To do so, first switch to each new directory:
cd /usr/local/lib/X11/fonts/freefont
Then run these commands:
mkfontscale && mkfontdir
Repeat the above for each font directory you installed:
/usr/local/lib/X11/fonts/artwiz-aleczapka
/usr/local/lib/X11/fonts/mscorefonts
/usr/local/lib/X11/fonts/ghostscript
Do you use any programs that require the Qt graphics toolkit (KDE depends on Qt)? If soor if you're not sure run this command from a terminal:
qtconfig
If nothing happens when you run that, then you don't have Qt installed and don't need to worry about changing settings. If the qtconfig window comes up, look over its settings and change them to your preferences. Of particular interest should be the Fonts and Appearances tabs. Make sure you select a default font that is antialiased (I suggest Times New Roman at a size of 12pt). In the GUI Style drop-down box in the Appearances tab, select either Platinum or Windows for smoother edges in your window elements. Go to the File menu and select Exit when you're done.
    Do you use any programs that require the GTK+ graphics toolkit? If soor if you're not sure edit your user's ~/.profile configuration file and add this line to it:
export GDK_USE_XFT=1
Now it's time to kill the X server and then log out (type exit and press Enter to log out, or if you've started from XDM, GDM, or KDM, press Ctrl-Alt-Backspace to restart the X server). When you log back in again, you should have much more attractive fonts than before.


Troubleshooting
If you've followed the directions and your fonts still look jagged, run this command from a terminal:
/usr/X11R6/bin/xdpyinfo
If you don't see the word RENDER in the list of extensions, your video card driver doesn't support the technology necessary to render antialiased fonts. This should be a relatively rare situation.
    If you see a little improvement in some applications but no change in others, you're likely experiencing configuration problems with GNOME, KDE, or the individual programs that you're using. The Opera Web browser, for instance, has its own font settings. GNOME and KDE both have font antialiasing settings for GTK- and Qt-based programs, respectively. Firefox also has its own antialiasing settings that you can adjust through the about:config page. Fine-tuning these programs is an issue specific to each of them individually, not to OpenBSD or its implementation of X.org.
    Linux and FreeBSD binaries may need some special attention when it comes to fonts because they actually have their own X11 directories in /emul. This is generally a problem only for people upgrading from OpenBSD 3.9, who may have more than one version of their emulation environment.


 ➪


Resources

  • OpenBSD101
  • Faq
  • Documentation
  • Mailing lists
  • IRC chat: #openbsd
  • OpenBSD News
  • OpenBSD support
  • Forums
  • Absolute OpenBSD: UNIX for the Practical Paranoid
    by Michael W. Lucas
    (No Starch Press  2003)
    ISBN:1886411999
  • The OpenBSD 4.0 Crash Course
    By Jem Matzan (O'Reilly 2007)
    ISBN-10: 0-596-51015-2
  • BSD UNIX Toolbox: 1000+ Commands for FreeBSD, OpenBSD, and NetBSD  Power Users by Christopher Negus,  François Caen (Wiley 2008)
    ISBN: 978-0-470-37603-4

2 comments:

  1. I want to install OpenBSD. thanks are guided on how to install this linux.

    ReplyDelete
  2. Sorry to see this so late, but as an experienced OBSD user, I have to say this was well written. Very complete and high quality!

    As you know, OBSD doesn't stand still, updating itself twice a year. With such a great article, it would be good to see it account for this and not anchor to a particular installation in time. I think it would drive more traffic to your blog, for instance, and give more life to the work you put into this.

    ReplyDelete