sdk/make-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update 2023-11-06 13:21:19

Browse Source
This commit is contained in:
c0dev0id 2023-11-06 13:21:20 +01:00
parent ff6e92e279
commit 90ac97ef6b
1 changed files with 241 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

241
src/posts/2023-11-06-OpenBSD_Install_Guide.pm Normal file
View File

@ -0,0 +1,241 @@
# OpenBSD Install Guide
Let's walk through an OpenBSD Installation, shall we?
## Download
Let's quikly hop over to https://www.openbsd.org/faq/faq4.html#Download (or openbsd.org -> Download) and grab the miniroot74.img. Then `dd` it to an USB stick.
It's also assumed that you have network access, using an ethernet cable.
After starting from the USB stick, you're greeted with the installer prompt.
```
Welcome to the OpenBSD/amd64 7.4 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
```
The right answer her is "I"
Next, you will see this little text:
```
At any prompt except password prompts you can escape to a shell by
typing '!'. Default answers are shown in []'s and are selected by
pressing RETURN. You can exit this program at any time by pressing
Control-C, but this can leave your system in an inconsistent state.
```
People tend to not read it. So let me spell it out again: On most questions in the installer, you can enter "!" to get to a shell. When you quit the shell, the installer continues.
```
Choose your keyboard layout ('?' or 'L' for list) [default] de
```
The default is US querty on the amd64 platform. So default doesn't mean autodetect. You can display the list of available layouts with L or ?. I have a german keyboard, so I enter "de" here.
```
System hostname? (short form, e.g. 'foo') puffy
```
Well, my computer shall be called by the name "puffy". So I enter that.
```
Available network interfaces are: re0 iwx0 vlan0.
Network interface to configure? (name, lladdr, '?', or 'done') [re0]
```
This can be a tricky one for first timers. Ideally you can research the device names on another device. They have manpages (without the number) so figure out on https://man.openbsd.org/re.4 what kind of device what it is.
If you don't have that option, you can make use of the "!" feature to look at the boot message again and see if the devices come with a meaningful description.
```
Network interface to configure? (name, lladdr, '?', or 'done') [re0] !
Type 'exit' to return to install.
puffy #
puffy# dmesg | grep ^iwx0
iwx0 at pci3 dev 0 function 0 "Intel Wi-Fi 6 AX200" rev 0x1a, msix
puffy# dmesg | grep ^re0
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0e: RTL8168EP/8111EP (0x5000), msi, address 8c:8c:aa:d7:23:f1
puffy# exit
Network interface to configure? (name, lladdr, '?', or 'done') [re0]
```
Now I have an idea what these devices are. Iwx0 is my wireless device. However, I can't use it yet, because it needs a firmware which is not available at install time. You can use wifi to set up OpenBSD, but you need a wifi adapter that works without firmware. I know that [run(4)](https://man.openbsd.org/run.4) and [urtwn(4)](https://man.openbsd.org/urtwn.4) work. The installer will list them accordingly as run0 and urtwn0.
Therefore we go with the ethernet device, which is re0 in this case. The suggestion in square brackets is what I use, so I don't need to enter it again. Just slapping enter here.
```
IPv4 address for re0? (or 'autoconf' or 'none') [autoconf]
Using DNS nameservers at 192.168.1.1
Using DNS domainname home.codevoid.de
```
My home network runs with DHCP, so IPs are handed out by my router. That's another slap on enter.
If your dhcp server does not hand out a domain name, you will get asked for it. If you don't know it, just go with the default. You can always change it later.
```
IPv6 address for re0? (or 'autoconf' or 'none') [none]
```
The next question is regarding IPv6... and we don't need that for the installation right now. If you need it, enter "autoconf". For me, ist's yet another slap on enter.
```
Network interface to configure? (name, lladdr, '?', or 'done') [done]
```
We know this question already. It's repeated in case we want to configure another device. The default has switched to "done", which means we're done configuring devices. Slap. On. Enter.
```
Password for root account? (will not echo)
Password for root account? (again)
```
Enter your root password twice + enter.
```
Start sshd(8) by default? [yes]
```
Aaand yes. Enter.
```
Setup a user? (enter a lower-case loginname, or 'no') [no]
```
I setup my system user here. Please note that this is not a yes/no question. It's a no/username question.
```
Setup a user? (enter a lower-case loginname, or 'no') [no] sdk
Full name for user sdk? [sdk] Stefan
Password for user sdk? (will not echo)
Password for user sdk? (again)
```
Enter all the things...
```
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no]
```
Remote ssh logons root are _never_ a good idea. So the only sane answers here are "no" and "prohibit-password". I'm going with the default here. Slap.
```
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0]
```
On which disk do we want to install OpenBSD? The default here is just the first available disk and this might be wrong. Fortunately, we don't need to do the "!"-shell dance on this question. A simple "?" shows a list of installed disks with description.
```
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: NVMe, Samsung SSD 980, 3B2Q (1863.0G)
sd1: Lexar, USB Flash Drive, 1100 (16.0G)
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0]
```
So, yeah, sd0 looks right. And ... enter, slap.
```
Encrypt the root disk with a (p)assphrase or (k)eydisk? [no] p
```
Here we can go with no encryption "no". Or we can answer "k" if we have a keydisk prepared. The installer doesn't help with that (yet?). So I'm going with a traditional password here. "p", slap.
```
Configuring the crypto chunk sd0...
Disk: sd0 geometry: 522/255/63 [8388608 Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start: size ]
-------------------------------------------------------------------------------
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] Unused
*3: A6 0 1 2 - 522 42 32 [ 64: 8388544 ] OpenBSD
Use (W)hole disk MBR, whole disk (G)PT, (O)penBSD area or (E)dit? [OpenBSD] W
```
This screen will look differnt for you the partition layout on the disk "right now".
The installer looks for an "OpenBSD" typed partition. If you have one already, it suggests to use it.
You can also choose "E", which is start [fdisk(1)](https://man.openbsd.org/fdisk.1) and let's you configure the partitions and create an OpenBSD partition somewhere, so the installer can continue.
Most people would tell the installer to use the whole disk. The two options "W" and "G" are using the whole disk. Choose "W" for BIOS based systems and "G" for UEFI based system.
I'm using an older computer, so my choice is "W".
```
Setting OpenBSD MBR partition to whole sd0...done.
New passphrase:
Re-type passphrase:
sd2 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
sd2: 4095MB, 512 bytes/sector, 8388016 sectors
Configuring the root disk sd2...
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole]
```
I said I wanted the disk encrypted, so now is the time to enter the password twice and watch the system configuring the encrypted loop device.
But... now it asks the same question again - why?
Encryption on OpenBSD works using crypto device. This means /dev/sd0 is now encrypted and the data on this device makes no sense. But there is a driver in place, that can read this mess and decrypt it. This driver provides a new device (sd2 in this case), which is used from the system from now on.
So we have the choice again for the encrypted volume. How do we want to partition it?
To my knowledge the only answer here can be "whole". If anyone knows a usecase for the other options - please tell me.
```
Setting OpenBSD MBR partition to whole sd2...done.
The auto-allocated layout for sd2 is:
# size offset fstype [fsize bsize cpg]
a: 883.0M 64 4.2BSD 2048 16384 1 # /
b: 246.0M 1808384 swap
c: 4095.7M 0 unused
d: 2594.5M 2312128 4.2BSD 2048 16384 1 # /usr
e: 372.2M 7625728 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
```
TODO: slices.
```
/dev/rsd2a: 883.0MB in 1808320 sectors of 512 bytes
5 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
newfs: reduced number of fragments per cylinder group from 47640 to 47256 to enlarge last cylinder group
/dev/rsd2e: 372.2MB in 762272 sectors of 512 bytes
5 cylinder groups of 92.30MB, 5907 blocks, 11840 inodes each
/dev/rsd2d: 2594.5MB in 5313600 sectors of 512 bytes
13 cylinder groups of 202.50MB, 12960 blocks, 25920 inodes each
Available disks are: sd1.
Which disk do you wish to initialize? (or 'done') [done]
```
TODO: slap
```
/dev/sd2a (9c585400ea3f9907.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd2e (9c585400ea3f9907.e) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd2d (9c585400ea3f9907.d) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
Let's install the sets!
Location of sets? (disk http nfs or 'done') [http]
```
```
HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
```
```
HTTP Server? (hostname or 'done') ftp.hostserver.de
```