Once the boot messages pass, you should see the following text:

Welcome to the OpenBSD/amd64 5.3 installation program.
(I)nstall, (U)pgrade or (S)hell? i

As you can see, there are three options: Install, Upgrade, and Shell. The OpenBSD installer is a shell script that calls programs to download files, format disks, and otherwise prepare your system. It might not be pretty, but it is extremely fast and, in educated hands, extremely powerful.

The Shell option will drop you into an OpenBSD command line, where you have access to the commands on the installation disk. These minimal commands might suffice to repair a damaged system. We’ll examine the Upgrade option in Chapter 20.

Enter i to choose Install. You should see a welcome message and a few basic instructions:

  At any prompt except password prompts you can escape to a shell by
  typing '!'. Default answers are shown in []'s and are selected by
  pressing RETURN.  You can exit this program at any time by pressing
  Control-C, but this can leave your system in an inconsistent state.
1 Terminal type? [vt220]
2 System hostname? (short form, e.g. 'foo') caddis

The installer shows default answers in square brackets. To use the default, just press ENTER.

If your system has a standard keyboard and monitor, OpenBSD will use it as the standard VT220 terminal, as shown at 1. If you have an unusual terminal connected to your system, you’re probably an old geezer who knows exactly what terminal type it is. If you’re a young kid using some ancient, unidentified, dust-covered terminal found in a disused laboratory at the back of an abandoned fireworks factory because you thought it would be nifty, stop now and get a standard monitor and keyboard. While OpenBSD probably supports that antediluvian console, this is not the time to try it.

Next, the installer should prompt you for the system’s short hostname at 2, which will be a single word to identify your system. This particular computer is named caddis; you can name yours whatever you like.

Now to configure the network:

1 Available network interfaces are: em0 em1 vlan0.
2 Which one do you wish to configure? (or 'done') [em0]
3 IPv4 address for em0? (or 'dhcp' or 'none') [dhcp] 192.0.2.85
4 Netmask? [255.255.255.0] 255.255.255.128
5 IPv6 address for em0? (or 'rtsol' or 'none') [none]
  Available network interfaces are: em0 em1 vlan0.
6 Which one do you wish to configure? (or 'done') [done]
7 Default IPv4 route? (IPv4 address, 'dhcp' or 'none') 192.0.2.1
  add net default: gateway 192.0.2.1
8 DNS domain name? (e.g. 'bar.com') [my.domain] blackhelicopters.org
9 DNS nameservers? (IP address list or 'none') [none] 192.0.2.2 192.0.2.10

At 1, the installer lists the network interfaces it recognizes on your machine. It has found three: em0, em1, and vlan0. The first two, em0 and em1, are network cards. I chose em0 at 2, the installer’s default, by pressing ENTER. Avoid configuring a virtual local area network (VLAN) during installation if possible, especially on your first installation. If you need a VLAN to connect to the Internet, see Chapter 12.

When asked at 3 if you want to give a static IP address, you can choose to use DHCP by pressing ENTER. I chose to enter a static address because I’ll be using this machine as a server. (If you don’t need a static address, you can just let DHCP automatically assign you an IP address.)

When you use a static address, you must also enter a netmask at 4 and (if desired) an IPv6 address at 5. Now, having configured one network card, OpenBSD asks at 6 if you’ve finished configuring the network. If you wanted the installer to walk you through configuring the second network card, you would enter em1 instead of accepting the default of done.

If you assign a static IP address, you must also configure a static route if you want to access the Internet, as shown at 7. Similarly, you need to tell your host its domain name at 8 and the IP address of at least one name server at 9.

At this point, you should be on your local network. If you can’t access the network, you probably entered something incorrectly. If nothing else, you can use an exclamation point (!) to interrupt the installation and get a shell prompt. (Chapter 12 discusses OpenBSD’s network configuration in greater depth.)

Our example server has multiple network interfaces. I chose to configure interface em0 because that machine was in front of me, and if I chose the wrong network card, I could move the cable. But what if you don’t have physical access to your machine? If you had two different network cards (say, an Intel and a 3Com), you would have a better idea which card is which, but having two identical cards leaves you guessing which card has a cable plugged into which network.

Luckily, the OpenBSD installer lets you escape to a command prompt to do a little investigating. How is this useful here? Network interfaces that are plugged in will tell you what kind of connection they have, and disconnected or otherwise failed interfaces will report that they have no media. Here’s how you can interrupt the installer to identify the live interface:

  Available network interfaces are: em0 em1 vlan0.
1 Which one do you wish to configure? (or 'done') [em0] !
  Type 'exit' to return to install.
2 # ifconfig
  lo0: flags=8008<LOOPBACK,MULTICAST> mtu 33152
  em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0c:29:aa:09:21
3       media: Ethernet autoselect (1000baseT full-duplex,master)
        status: unknown
  em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0c:29:aa:09:2b
4       media: Ethernet autoselect (none)
        status: unknown
  vlan0: flags=0<> mtu 1500
        lladdr 00:00:00:00:00:00

Rather than choosing an interface, escape to a command prompt at 1 by entering an exclamation point (!). Then ask OpenBSD at 2 to tell you about its network interfaces by running ifconfig. You can see interfaces em0 and em1 in the output. While em0 reports at 3 that it’s running 1000baseT at full-duplex, at 4 you can see that em1 has a media type of none. Interface em0 is plugged in, so that’s the interface I want to configure. Enter exit to return to the installer, and proceed to configure card em0.

The installer should now ask you to configure some basic system parameters:

1 Password for root account? (will not echo)
  Password for root account? (again)
2 Start sshd(8) by default? [yes]
3 Start ntpd(8) by default? [no] yes
  NTP server? (hostname or 'default') [default]
4 Do you expect to run the X Window System? [yes]
5 Do you want the X Window System to be started by xdm(1)? [no]
6 Change the default console to com0? [no]

At 1, enter your root password twice. If the passwords don’t match, the installer will make you do it over until they do.

You can enable the Secure Shell (SSH) daemon at 2 so that you can remotely connect to this machine immediately after installation. If you enable SSH but do not create a user later in the installation, you can SSH to the machine as root. This is a Very Bad Idea when using password authentication and will let intruders more easily compromise your server. If you enable sshd here, be absolutely certain to create a user during the installation process! If you don’t, at least disable SSH logins by the root account immediately after installing OpenBSD, as discussed in Chapter 4.

Correct time is important on a network. I usually enable the Network Time Protocol (NTP) daemon ntpd(8) during the installation process, as shown at 3. OpenBSD chooses a set of publicly accessible time servers by default, but you can specify a local time server if you have one available.

Now tell the installer at 4 if you intend to run X Windows. X requires that software be permitted fairly broad access into the kernel. If the installer detects a graphic console, it defaults to permitting X. If you don’t need a graphic console, disable X access.

If you’re running X, you might also want the X display manager xdm(1). At 5, tell the installer if you want xdm. By default, OpenBSD doesn’t start xdm when it boots; you’re generally better off installing OpenBSD on your system than configuring X, so I’ve accepted the default of no here.

If you want this system to use a serial port as the console, you can set that during the installation at 6. I discuss serial consoles in Chapter 5.

Now to set up your first user.

Setup a user? (enter a lower-case loginname, or 'no') [no] mwlucas
Full user name for mwlucas? [mwlucas] Michael W Lucas
Password for mwlucas account? (will not echo)
Password for mwlucas account? (again)
Since you set up a user, disable sshd(8) logins to root? [yes]

My usual user account name is mwlucas. Here, I enter that username, along with a real name entry. The installer creates this account and gives it permission to use the root password (see Chapter 6). You should be prompted twice for the user’s password.

Set your time zone during installation. If you have Internet access when you install OpenBSD, the installer should try to determine your time zone. OpenBSD assumes that the BIOS clock is set in Coordinated Universal Time (UTC). If the BIOS clock is set in some other time zone, you’ll need to correct the system time after installation.

I’m in Detroit, Michigan. If you’re familiar with US geography, you might think that I need US Eastern Time, but my state has its own time zone.

1 What timezone are you in? ('?' for list) [US/Eastern] ?
  Africa/      Chile/       GB-Eire      Israel       NZ-CHAT      UCT
  America/     Cuba         GMT          Jamaica      Navajo       US/
  Antarctica/  EET          GMT+0        Japan        PRC          UTC
  Arctic/      EST          GMT-0        Kwajalein    PST8PDT      Universal
  Asia/        EST5EDT      GMT0         Libya        Pacific/     W-SU
  Atlantic/    Egypt        Greenwich    MET          Poland       WET
  Australia/   Eire         HST          MST          Portugal     Zulu
  Brazil/      Etc/         Hongkong     MST7MDT      ROC          posix/
  CET          Europe/      Iceland      Mexico/      ROK          posixrules
  CST6CDT      Factory      Indian/      Mideast/     Singapore    right/
  Canada/      GB           Iran         NZ           Turkey
2 What timezone are you in? ('?' for list) [US/Eastern] US
3 What sub-timezone of 'US' are you in? ('?' for list) ?
  Alaska          Central         Hawaii          Mountain        Samoa
  Aleutian        East-Indiana    Indiana-Starke  Pacific
  Arizona         Eastern         Michigan        Pacific-New
4 What timezone are you in? ('?' for list) [US/Eastern] US/Michigan

I don’t recall my exact time zone, but I know it isn’t plain old US Eastern Time. I enter a question mark (?) at 1 to see the available options. I don’t recognize any of the time zones listed at 2 as correct for my city, but I know I’m in a US time zone, so I enter US. I don’t know what my choices of sub-time zones are, so I enter a question mark (?) at 3 to see the US time zones. And there’s Michigan! At 4, I enter the full time zone name.^[9]

As noted earlier, in a dedicated installation, the installer erases all data on the drive. Unlike most other operating system installers, the OpenBSD installer doesn’t warn you about this; it assumes that you understand the implications of repartitioning your hard drive.

For this first installation, we’ll use OpenBSD’s default partitioning scheme. (We’ll discuss custom partitioning later in this chapter.) Our demo server has a single disk. We’ll first create an MBR partition on this disk and then add OpenBSD partitions.

Available disks are: sd0.
Which one is the root disk? (or 'done') [sd0]
Use DUIDs rather than device names in fstab? [yes]

The installer tells us that it sees one disk, device sd0. The installer must know which disk will hold the root partition. (With only a single disk this seems superfluous, but it becomes important if you system has we’ll see an example with multiple disks, as discussed in Custom Disk Layout.) When you have only one disk, OpenBSD assumes that you’ll use it. It also asks if you want to use the disk’s DUID in the filesystem table rather than the device name. For reasons we’ll discuss in Chapter 8, always answer yes to this.

The installer will now show you the MBR partition table.

Disk: sd0       geometry: 6527/ 255/ 63 [ 104857600 Sectors]
Offset: 0       Signature: 0xAA55
            Starting         Ending         LBA Info:
 #: id      C   H   S -      C   H   S [       start:        size ]
------------------------------------------------------------------------------
 0: 00      0   0   0 -      0   0   0 [           0:           0 ] unused
 1: 00      0   0   0 -      0   0   0 [           0:           0 ] unused
 2: 00      0   0   0 -      0   0   0 [           0:           0 ] unused
 3: 00      0   0   0 -      0   0   0 [           0:           0 ] unused
Use (W)hole disk, use the (O)penBSD area, or (E)dit the MBR? [whole]
Setting OpenBSD MBR partition to whole sd0…done.

The first line shows the detected hard drive geometry. This particular drive has 6527 cylinders, 255 heads, and 63 sectors per cylinder. If you compare this to the label on the physical drive, it almost certainly won’t match (because hard drives lie). But note that this translated geometry has exactly the same number of sectors as shown in the hard drive documentation.

Beneath this line, you see the existing MBR partition table. The partitions are all zeroed out, which means that this drive has no partitions. We want only OpenBSD on this machine, so take the default and let OpenBSD swallow the whole drive.

Now it’s time to consider your OpenBSD partitions.

  The auto-allocated layout for sd0 is:
    #              size           offset  fstype [fsize bsize cpg]
1   a:             1.0G               64  4.2BSD   2048 16384    1 # /
    b:             1.2G          2097216    swap
    c:            50.0G                0  unused
    d:             3.6G          4716480  4.2BSD   2048 16384    1 # /tmp
    e:             5.7G         12176320  4.2BSD   2048 16384    1 # /var
    f:             2.0G         24063040  4.2BSD   2048 16384    1 # /usr
    g:             1.0G         28257344  4.2BSD   2048 16384    1 # /usr/X11R6
    h:             6.3G         30354496  4.2BSD   2048 16384    1 # /usr/local
    i:             1.9G         43566400  4.2BSD   2048 16384    1 # /usr/src
    j:             2.0G         47467072  4.2BSD   2048 16384    1 # /usr/obj
    k:            25.4G         51661376  4.2BSD   2048 16384    1 # /home
2 Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
3 /dev/rsd0a: 1024.0MB in 2097152 sectors of 512 bytes
  6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
  …

Our first partition at 1 is a, which occupies 1GB and will be used as the root partition (/). On the installed system, this will be known as partition sd0a. Look down the list to see all of the standard partitions discussed in Chapter 2.

We could do custom disk partitioning at this point, but for our first installation, we’ll use the defaults, as shown at 2. The installer should then label the disk and 3 create filesystems on all the partitions.

Now that you have allocated disk space, let’s put the operating system onto the disk. The installer starts by asking some basic questions about how to get the sets.

Let's install the sets!
Location of sets? (cd disk ftp http or 'done') [cd] 1 ftp
HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
Server? (hostname, list#, 'done' or '?') [ftp5.usa.openbsd.org] 2 ftp.lambdaserver.com
Server directory? [pub/OpenBSD/5.3/amd64]
Login? [anonymous]

Although I booted this system off a CD, I’m going to install the file sets via 1 FTP. If my network needed to use a proxy to access the Internet, I would tell the installer.

While the installer will choose an FTP server for you at 2, you can specify an FTP server that you know is close or fast. If you’re installing a snapshot, give the file path to the desired snapshot on the FTP server. Finally, if this FTP server requires a username and password, enter it here.

At this point, the installer should log in to the FTP server, find all available file sets, and display them for your approval.

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-' to the set name, name pattern or 'all'. Selected
sets are labelled '[X]'.
    [X] bsd           [X] etc53.tgz     [X] xbase53.tgz   [X] xserv53.tgz
    [X] bsd.rd        [X] comp53.tgz    [X] xetc53.tgz
    [X] bsd.mp        [X] man53.tgz     [X] xshare53.tgz
    [X] base53.tgz    [X] game53.tgz    [X] xfont53.tgz
Set name(s)? (or 'abort' or 'done') [done]

I suggest you install everything, but you can choose to remove one or more sets.

For example, suppose you are building a firewall machine. Firewalls traditionally don’t have compilers, documentation, or X. You can remove file sets by entering a minus sign (-) and the name of the file set.

Set name(s)? (or 'abort' or 'done') [done] 1 -comp53.tgz -man53.tgz
    [X] bsd           [X] etc53.tgz     [X] xbase53.tgz   [X] xserv53.tgz
    [X] bsd.rd        [ ] comp53.tgz    [X] xetc53.tgz
    [X] bsd.mp        [ ] man53.tgz     [X] xshare53.tgz
    [X] base53.tgz    [X] game53.tgz    [X] xfont53.tgz
Set name(s)? (or 'abort' or 'done') [done]

This example removes the compiler and manual file sets at 1. You can see that they’re no longer selected in the list of file sets.

You can also use wildcards when selecting file sets. For example, here’s how to remove all file sets beginning with an x:

Set name(s)? (or 'abort' or 'done') [done] -x*
    [X] bsd           [X] etc53.tgz     [ ] xbase53.tgz   [ ] xserv53.tgz
    [X] bsd.rd        [ ] comp53.tgz    [ ] xetc53.tgz
    [X] bsd.mp        [ ] man53.tgz     [ ] xshare53.tgz
    [X] base53.tgz    [X] game53.tgz    [ ] xfont53.tgz
Set name(s)? (or 'abort' or 'done') [done]

If you change your mind, you can add file sets back in by entering a plus (+) sign and the file set name. Here, I add back everything by using a wildcard (*):

Set name(s)? (or 'abort' or 'done') [done] *
    [X] bsd           [X] etc53.tgz     [X] xbase53.tgz   [X] xserv53.tgz
    [X] bsd.rd        [X] comp53.tgz    [X] xetc53.tgz
    [X] bsd.mp        [X] man53.tgz     [X] xshare53.tgz
    [X] base53.tgz    [X] game53.tgz    [X] xfont53.tgz
Set name(s)? (or 'abort' or 'done') [done]

Once you’re ready, press ENTER to install the default or selected file sets.

After the installer unpacks all of the file sets on the hard drive, it will ask if you have more file sets to install.

Location of sets? (cd disk ftp http or 'done') [done]

If you have any custom file sets, you could install them at this point.

After unpacking the file sets, the installer cleans up after itself and tells you it’s finished with this message:

CONGRATULATIONS! Your OpenBSD install has been successfully completed!
To boot the new system, enter 'reboot' at the command prompt.
When you login to your new system the first time, please read your mail
using the 'mail' command.

Do as you’re told and enter reboot, and then remove the CD if necessary. If you’re content with a default installation, you can skip to Chapter 4 now.