My name is Rex Morgan and I'm a Cloud Architect in Austin, TX working at Dovetail Software.

I love learning new languages and tinkering with new technologies. I'm currently having fun with Elixir, Elm, C#, and Kubernetes.

OpenBSD Machine Setup

I recently decided to give OpenBSD a shot and wanted to document the process I used to get the system up and running for anyone else that might find this. These steps have been tested to work on OpenBSD 6.4.

Installing OpenBSD

My laptop doesn't have a supported wireless adapter, so I'm unable to download the file sets during the installation process. Because of that, I need to make sure I have the file sets included on the disk image. For my installation, I downloaded the installXX.fs disk image which includes the file sets. If your wireless adapter is supported and you have internet access during the installation process, you could use minirootXX.fs and download the file sets during installation.

I created a bootable USB flash drive with Rufus. Then, I booted my laptop up with the flash drive in UEFI mode. When prompted, I opted for the (S)hell insetad of starting the installer so I could prepare the a special EFI system parittion where the UEFI bootloader would be copied after installation.

I installed to sd0 so I ran the following command to initialize the partition table.

fdisk -i -b 960 sd0

After this, I ran install to start the installer. When I got to the portion about disk layout, I chose the OpenBSD option.

After installation, when it prompted to reboot, I went back into the (S)hell and ran the following commands to format the partition and copy the UEFI bootloader.

/mnt/sbin/newfs_msdos sd0i
mount /dev/sd0i /mnt2
mkdir -p /mnt2/efi/boot
cp /mnt/usr/mdec/BOOTX64.EFI /mnt2/efi/boot

I then rebooted the machine and everything came up without an issue.

Setting up doas

You'll want to setup doas so you can run commands with root permissions without having to be logged in as root. This will also allow you to skip having to enter a password. doas is OpenBSD's version of sudo.

# echo 'permit nopass username' > /etc/doas.conf

Improving Disk Performance

To increase disk performance, there are a couple of options we can enable in /etc/fstab.

The noatime option will stop updating the time that files are accessed. This means that reading a file won't also include a write to update the access time, so it can reduce disk activity.

The softdep option makes metadata stop being written immediately and instead will write it "in an ordered fasion to keep the on-disk state of the file system consistent." It can result in significant speedups for file create/delete operations. This can only be used with partitions formatted with the Fast File System (FFS).

To apply these changes, replace any rw in /etc/fstab with rw,softdep,noatime. Make a backup to /etc/fstab.bak incase anything goes wrong, you can go back to the old version without any trouble.

# sed -i.bak 's/rw/rw,softdep,noatime/' /etc/fstab

Reboot after this to apply the changes when the file systems are mounted again.

Installing firmware for USB Wireless Adapter

As I mentioned above, my laptop's built in wireless adapter (Broadcom BCM4313) isn't supported at all by OpenBSD. In order to get an internet connection, I bought an Edimax EW-7811Un for $10 off of Amazon which is supported by the urtwn firmware. The connection is a bit lackluster, I'm maxing out at around 7Mpbs down and 500Kbps up, however it's very small and doesn't have a huge antenna sticking out.

In order to get the firmware, I had to download it from the OpenBSD firmware server and save it to a flash drive on another computer. Once I got the firmware on a flash drive, I popped it in, figured out which parition I had written it to, mounted it, and installed it.

When you insert your flash drive, the name of the device will show up in xconsole. It will look similar to this:

sd1 at scsibus4 targ 1 lun 0: <Samsung, Flash Drive, 1100>
sd1: 30594MB, 512 bytes/sector, 62656641 sectors

After seeing this, I could tell that my USB flash drive was labeled sd1.

I then needed to figure out which partition I had written it to. I've heard you can assume i, but I like to double check.

# disklabel sd1
#        size       offset   fstype
  c:   ######            0   unused
  i:   ######         ####    MSDOS

From this I could tell that my information was on the i partition, because it's formatted using MSDOS.

I then mounted and installed the firmware.

# mkdir -p /mnt/usb
# mount /dev/sd1i /mnt/usb
# fw_update -p /mnt/usb urtwn

Setting up the Wireless Connection

OpenBSD 6.4 introduced support to auto-join wireless networks. What this means is that OpenBSD can remember all of the networks you want to connect to along with all of their security settings. It will then decide which network to connect to and automatically switch when that network is no longer available and another is in range.

According to Peter Hessler, the developer that worked on auto-join:

It basically uses the Apple algorithm that is used on iPhones. As long the signal strength is good enough: Strongest security, then 5GHz, then 11n vs not-n, then pure signal strength. You can also force it to choose a different one with "nwid foo". The auto-join algorithm will take the saved security settings for "foo" and apply them when it attempts to connect.

We want our network connection to automatically come up when we boot. In order to do this, we'll need to create a /etc/hostname.if file. You'll replace the extension if with your wireless interface name. For me, the file is /etc/hostname.urtwn0. When I was first setting up my wireless connection, I thought that hostname needed to be replaced with the actual hostname of my machine. That is NOT the case, my file is literally named /etc/hostname.urtwn0.

To use auto-join, we'll use the join option followed by the network id and any necessary wpakey or nwkey arguments.

join NETWORKID wpakey PASSWORD
join coffee-shop
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up

You can list as many join statements as you'd like and OpenBSD will switch between them as the networks disappear and become available.

Overriding DNS Servers

The wireless router provided by my ISP doesn't allow me to set my DNS servers that are broadcast by its DHCP server. Since I don't want to use my ISP's DNS servers, I need to tell dhclient not to write the DNS servers it gets when establishing my network connection.

Create a /etc/dhclient.conf file and enter the following:

supersede domain-name-servers 1.1.1.1, 1.0.0.1;
ignore domain-name;

This will replace the DNS servers that dhclient gets from the network's DHCP server with the servers you specify, Cloudflare's DNS in this case. My ISP also tries to set a search domain, which I'm telling dhclient to ignore.

You may want to use prepend insetad of supersede for the DNS servers. Doing this would make dhclient prefer the DNS servers you specify, but fall back to the DNS servers it got via DHCP.

Setting up the Install URL

Now that we have our internet connection setup, we're going to want to install system patches and add packages. Before we can do that, though, we'll want to make sure we have a mirror set in /etc/installurl. This tells the OpenBSD tools where it should attempt to download packages and patches. This is setup by default in 6.4, but if yours is empty for some reason, set it.

I chose to use the CDN so I don't have to worry about which mirror is closest. This is also the default in 6.4.

# echo 'https://cdn.openbsd.org/pub/OpenBSD' > /etc/installurl

Installing System Patches

To update your system with the latest patches, run syspatch. This will install patches for issues that have been fixed since the release of the version you're installing. If there are no patches to install, this will do nothing.

You can check which patches will be installed by looking over the errata.

# syspatch

Install Firmware

We manually downloaded and installed the firmware for our wireless adapter because we didn't already have an internet connection. Now that we have a connection, we can download the rest of the firmware that our computer might need.

# fw_udpate

Configuring Power Management

If you're running on a laptop, you may want to enable the Advanced Power Management daemon or apmd. This will automatically tune your performance to help conserve battery and will also automatically hibernate or suspend your machine if your battery drops below the specified percentage.

With these commands we're telling rc to start apmd when the system starts, setting the flags for rc to pass apmd when it starts, and starting it manually.

The flags we're telling rc to pass to apmd are:

  • -A to start in automatic performance adjustment mode
  • -z 7 to automatically suspend the system if the battery is at or below 7% battery, and the system is currently not plugged in.

Check man apmd for more options.

# rcctl enable apmd
# rcctl set apmd flags -A -z 7
# rcctl start apmd
apmd(ok)

References

While I was setting up my machine, I found and used several guides. I've decided to merge them into a single post for myself, and anyone else that might find this, to reference later.

Also, the OpenBSD man pages are very thorough and accessible. For more information on any of the steps in this post, check out the man pages.

# man fdisk
# man doas
# man doas.conf
# man fstab
# man mount
# man disklabel
# man fw_update
# man ifconfig
# man hostname.if
# man dhclient.conf
# man syspatch
# man apmd
# man rcctl