Things I'd do if I ever have time

Wish list

Please help a man further his career by donating expensive hardware. Cash works too.

OpenBSD Minimalist Install

Published: 09/16/2009

I don't profess to be a BSD expert - far from it, actually. However, I've been using OpenBSD for basic infrastructure needs (NTP, syslog, pf, basic routing, httpd, IPsec tunnels, etc.) for a while now and although I have some really minor gripes about it, as a general-purpose server operating platform it is often the first thing I grab off the shelf when the requirements call for something other than Windows.

If you're new to OpenBSD, the installation might feel confusing at first, especially on the partitioning section. There's no fancy GUIs (or text-based GUIs) to guide you through the installation process. However, if you know what you're doing you can get through it in 4 to 10 minutes depending on the options you select. This article demonstrates how to do a slim OS install. The less software code there is on the machine, the less you have to patch and maintain due to the low overall footprint.

The following is an example install log (based on CD media install for i386) on a 4-year old Dell PowerEdge 400SC for OpenBSD 4.5. I set the partitioning in the following manner:

100 MB for /
1 GB for swap
1 GB for /tmp
5 GB for /usr
and everything else for /var

This is just an example. Your server needs may be drastically different. Season to taste.

From start to finish in just a few minutes

Everything in red below will clue you in as to what to type when you encounter the various prompts during install. When you finally finish, eject the CD, and reboot ... you're done. That's it. Windows or Red Hat doesn't install nearly this quick. And when you log in as root for the first time, do a df -h and top and see how much resources are actually used up. Very, very little.

Show installation screen


boot> 
booting cd0a:/4.5/i386/bsd.rd: 5197108+918896 [52+205088+189820]=0x635ae8
entry point at 0x200120

Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2009 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009
    deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,
MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 535871488 (511MB)
avail mem = 511508480 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/15/04, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 
0xf0450 (92 entries)
bios0: vendor Dell Computer Corporation version "A06" date 04/15/2004
bios0: Dell Computer Corporation PowerEdge 400SC
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP SSDT APIC BOOT ASF!
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
bios0: ROM list: 0xc0000/0xf000 0xcf000/0x1800! 0xd0800/0x3800
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82875P AGP" rev 0x02
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "NVIDIA GeForce4 MX 420" rev 0xa3
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16 (irq 11)
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 19 (irq 10)
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 18 (irq 9)
uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16 (irq 11)
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1 int 23 (irq 5)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
pci2 at ppb1 bus 2
em0 at pci2 dev 12 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: apic 1 int 18 (irq 9), 
address 00:11:11:30:65:75
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 0 configured 
to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38146MB, 78125000 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 configured to 
native-PCI, channel 1 configured to native-PCI
pciide1: using apic 1 int 18 (irq 9) for native-PCI interrupt
"Intel 82801EB/ER SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
"Intel 82801EB/ER AC97" rev 0x02 at pci0 dev 31 function 5 not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
rd0: fixed, 3800 blocks
softraid0 at root
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T
(I)nstall, (U)pgrade or (S)hell? i

Welcome to the OpenBSD/i386 4.5 install program.

This program will help you install OpenBSD. At any prompt except password
prompts you can escape to a shell by typing '!'. Default answers are shown
in []'s and are selected by pressing RETURN.  At any time you can exit this
program by pressing Control-C, but exiting during an install can leave your
system in an inconsistent state.

Terminal type? [vt220] [ENTER]
kbd(8) mapping? ('L' for list) [none] [ENTER]

IS YOUR DATA BACKED UP? As with anything that modifies disk contents, this
program can cause SIGNIFICANT data loss.

It is often helpful to have the installation notes handy. For complex disk
configurations, relevant disk hardware manuals and a calculator are useful.

Proceed with install? [no] yes
Cool! Let's get to it.

You will now initialize the disk(s) that OpenBSD will use. To enable all
available security features you should configure the disk(s) to allow the
creation of separate filesystems for /, /tmp, /var, /usr, and /home.

Available disks are: wd0.
Which one is the root disk? (or 'done') [wd0] [ENTER]
Do you want to use *all* of wd0 for OpenBSD? [no] yes
Putting all of wd0 into an active OpenBSD MBR partition (type 'A6')...done.

You will now create an OpenBSD disklabel inside the OpenBSD MBR
partition. The disklabel defines how OpenBSD splits up the MBR partition
into OpenBSD partitions in which filesystems and swap space are created.

The offsets used in the disklabel are ABSOLUTE, i.e. relative to the
start of the disk, NOT the start of the OpenBSD MBR partition.

# Inside MBR partition 3: type A6 start 63 size 78124032
Treating sectors 63-78124095 as the OpenBSD portion of the disk.
You can use the 'b' command to change this.

Initial label editor (enter '?' for help at any prompt)
> a
partition: [a] [ENTER]
offset: [63] [ENTER]
size: [78124032] 100M
Rounding to cylinder: 208782
FS type: [4.2BSD] [ENTER]
mount point: [none] /
> a
partition: [b] [ENTER]
offset: [208845] [ENTER]
size: [77915250] 1G    
Rounding to cylinder: 2104515
FS type: [swap] [ENTER]
> a
partition: [d] [ENTER]
offset: [2313360] [ENTER]
size: [75810735] 1G
Rounding to cylinder: 2104515
FS type: [4.2BSD] [ENTER]
mount point: [none] /tmp
> a
partition: [e] [ENTER]
offset: [4417875] [ENTER]
size: [73706220] 5G
Rounding to cylinder: 10490445
FS type: [4.2BSD] [ENTER]
mount point: [none] /usr
> a
partition: [f] [ENTER]
offset: [14908320] [ENTER]
size: [63215775] [ENTER]
FS type: [4.2BSD] [ENTER]
mount point: [none] /var
> q
Write new label?: [y] [ENTER]
Mount point for wd0d (1024 MBytes)? (or 'none' or 'done') [/tmp] done
No more disks to initialize.

OpenBSD filesystems:
wd0a /
wd0d /tmp
wd0e /usr
wd0f /var

The next step *DESTROYS* all existing data on these partitions!
Are you really sure that you're ready to proceed? [no] yes
newfs: reduced number of fragments per cylinder group from 13048 to 12984 to enlarge last cylinder group
/dev/rwd0a: 101.9MB in 208780 sectors of 512 bytes
5 cylinder groups of 25.36MB, 1623 blocks, 3328 inodes each
/dev/rwd0d: 1027.6MB in 2104512 sectors of 512 bytes
6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rwd0e: 5122.3MB in 10490444 sectors of 512 bytes
26 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rwd0f: 30867.1MB in 63215772 sectors of 512 bytes
153 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/wd0a on /mnt type ffs (rw, asynchronous, local, ctime=Wed Sep 16 17:33:42 2009)
/dev/wd0d on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid, ctime=Wed Sep 16 17:33:42 2009)
/dev/wd0e on /mnt/usr type ffs (rw, asynchronous, local, nodev, ctime=Wed Sep 16 17:33:42 2009)
/dev/wd0f on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid, ctime=Wed Sep 16 17:33:43 2009)

System hostname? (short form, e.g. 'foo') myserver01
Configure the network? [yes] [ENTER]
Available interfaces are: em0.
Which one do you wish to initialize? (or 'done') [em0] [ENTER]
Symbolic (host) name for em0? [myserver01] [ENTER]
The media options for em0 are currently
        media: Ethernet autoselect (none)
Do you want to change the media options? [no] [ENTER]
IPv4 address for em0? (or 'none' or 'dhcp') [dhcp] 10.1.1.51
Netmask? [255.255.255.0] [ENTER]
IPv6 address for em0? (or 'rtsol' or 'none') [none] [ENTER]
No more interfaces to initialize.
DNS domain name? (e.g. 'bar.com') [my.domain] corp.mycompany.com
DNS nameserver? (IP address or 'none') [none] 10.1.1.101
Use the nameserver now? [yes] [ENTER]
Default IPv4 route? (IPv4 address, 'dhcp' or 'none') 10.1.1.1
add net default: gateway 10.1.1.1
Edit hosts with ed? [no] [ENTER]
Do you want to do any manual network configuration? [no] [ENTER]
Password for root account? (will not echo) this.is.my.password.blah.blah
Password for root account? (again) this.is.my.password.blah.blah

Let's install the sets!
Location of sets? (cd disk ftp http or 'done') [cd] [ENTER]
Available CD-ROMs are: cd0.
Which one contains the install media? (or 'done') [cd0] [ENTER]
Pathname to the sets? (or 'done') [4.5/i386] [ENTER]

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, file name pattern or 'all'. Selected
sets are labelled '[X]'.

        [X] bsd
        [X] bsd.rd
        [ ] bsd.mp
        [X] base45.tgz
        [X] etc45.tgz
        [X] misc45.tgz
        [X] comp45.tgz
        [X] man45.tgz
        [X] game45.tgz
        [ ] xbase45.tgz
        [ ] xetc45.tgz
        [ ] xshare45.tgz
        [ ] xfont45.tgz
        [ ] xserv45.tgz
Set name? (or 'done') [bsd.mp] -bsd.rd

        [X] bsd
        [ ] bsd.rd
        [ ] bsd.mp
        [X] base45.tgz
        [X] etc45.tgz
        [X] misc45.tgz
        [X] comp45.tgz
        [X] man45.tgz
        [X] game45.tgz
        [ ] xbase45.tgz
        [ ] xetc45.tgz
        [ ] xshare45.tgz
        [ ] xfont45.tgz
        [ ] xserv45.tgz
Set name? (or 'done') [bsd.rd] -misc45.tgz

        [X] bsd
        [ ] bsd.rd
        [ ] bsd.mp
        [X] base45.tgz
        [X] etc45.tgz
        [ ] misc45.tgz
        [X] comp45.tgz
        [X] man45.tgz
        [X] game45.tgz
        [ ] xbase45.tgz
        [ ] xetc45.tgz
        [ ] xshare45.tgz
        [ ] xfont45.tgz
        [ ] xserv45.tgz
Set name? (or 'done') [bsd.rd] -comp45.tgz

        [X] bsd
        [ ] bsd.rd
        [ ] bsd.mp
        [X] base45.tgz
        [X] etc45.tgz
        [ ] misc45.tgz
        [ ] comp45.tgz
        [X] man45.tgz
        [X] game45.tgz
        [ ] xbase45.tgz
        [ ] xetc45.tgz
        [ ] xshare45.tgz
        [ ] xfont45.tgz
        [ ] xserv45.tgz
Set name? (or 'done') [bsd.rd] -game45.tgz

        [X] bsd
        [ ] bsd.rd
        [ ] bsd.mp
        [X] base45.tgz
        [X] etc45.tgz
        [ ] misc45.tgz
        [ ] comp45.tgz
        [X] man45.tgz
        [ ] game45.tgz
        [ ] xbase45.tgz
        [ ] xetc45.tgz
        [ ] xshare45.tgz
        [ ] xfont45.tgz
        [ ] xserv45.tgz
Set name? (or 'done') [bsd.rd] done
Ready to install sets? [yes] [ENTER]
Getting bsd ...
100% |**************************************************|  6539 KB    00:02    
Getting base45.tgz ...
100% |**************************************************| 46941 KB    00:20    
Getting etc45.tgz ...
100% |**************************************************|   501 KB    00:00    
Getting man45.tgz ...
100% |**************************************************|  8032 KB    00:04    
Location of sets? (cd disk ftp http or 'done') [cd] done
Start sshd(8) by default? [yes] [ENTER]
Start ntpd(8) by default? [no] [ENTER]
Do you expect to run the X Window System? [no] [ENTER]
Change the default console to com0? [no] [ENTER]
Saving configuration files...done.
Generating initial host.random file...done.
What timezone are you in? ('?' for list) [Canada/Mountain] US/Pacific
Setting local timezone to 'US/Pacific'...done.
Making all device nodes...done.
Installing boot block...
boot: /mnt/boot
proto: /usr/mdec/biosboot
device: /dev/rwd0c
/usr/mdec/biosboot: entry point 0
proto bootblock size 512
/mnt/boot is 3 blocks x 16384 bytes
fs block shift 2; part offset 63; inode block 120, offset 2856
using MBR partition 3: type 166 (0xa6) offset 63 (0x3f)
done.

CONGRATULATIONS! Your OpenBSD install has been successfully completed!
To boot the new system, enter halt at the command prompt. Once the
system has halted, reset the machine and boot from the disk.
# halt
syncing disks... done

The operating system has halted.
Please press any key to reboot.

Congratulations, you now have a fully-working server in record time.

Keep in mind I intentionally removed a few packages from the default install selection, such as compilers and games. I could have slimmed it all down a little more, but I like keeping man pages handy.

If you happen to screw up in the partitioning section, you can always press ? to see your options. p will display your current setup and d will allow you to delete existing partitions of your choice and start over on the disk slicing.

OpenBSD by default doesn't require much to run. If you have an old Pentium II system with only 64 MB of memory, that will suffice for starters. There will be no complaints about needing at least 256 MB of memory just to install. You can have a perfectly functioning router or firewall with 128 MB of memory or less depending on how many clients are being served, so that 10-year old PII clunker collecting dust in the closet can have some life again.

Some post-install notes: create a new user account to administrate the system with and provide it sudo access:


# useradd -m adminguy
# passwd adminguy
# visudo

    # User privilege specification
    root        ALL=(ALL) ALL
    adminguy    ALL=(ALL) ALL

Then update /etc/ssh/sshd_config so the root account can't log in remotely.


PermitRootLogin no

There's also an afterboot man page which you might want to check out if this is your first time using OpenBSD:


# man afterboot

Update: 09/17/09 - installing the OS for no money down

If you don't feel like shelling out the measly $50 for an official OpenBSD 4.5 CD set, then get the basic installer bootstrap CD ISO (5.5 MB) from:

ftp://ftp.openbsd.org/pub/OpenBSD/4.5/i386/cd45.iso

then burn it to a CD, ensure that your machine has Internet connectivity and can resolve public DNS, then boot from it. You'll be presented with nearly the same options as above. When it gets to the point where it asks you where to install from, instead of selecting cd type in ftp and you'll be presented an opportunity to list the various download locations and select from it. Unless you're on dial-up or some other high-latency Internet connection, installing the OS shouldn't take long at all.

Go back to the main articles list.

Bits&Pieces

Things I'd do if I ever have time

Wish list

OpenBSD Minimalist Install

From start to finish in just a few minutes

Update: 09/17/09 - installing the OS for no money down