OpenBSD has long been respected for its simple and consistent installation process across platforms.
Most architectures follow a similar installation procedure, though some details differ between platforms. In any case, you should read the INSTALL document specific to your architecture found in the “platform” directory on the CD-ROM or on the FTP mirrors (for example i386/INSTALL.i386, macppc/INSTALL.macppc or sparc/INSTALL.sparc).
OpenBSD installation uses a special kernel (see http://openbsd.org/faq/fr/faq4.html#bsd.rd) that contains a number of utilities and installer scripts in a preloaded RAM disk. After this kernel boots, the system is extracted from several compressed tar(1) archives (.tgz) located outside of the RAM disk. There are several ways to boot this installation kernel:
Not all architectures support every boot option; consult the platform list (http://openbsd.org/fr/plat.html) for details. For example:
After the installer kernel has booted, you have several options to obtain the installation sets. Again, support varies between architectures:
Before you begin, you should know the following at minimum:
As examples, consider the images available for i386 and sparc. i386 has several images, including install50.iso, floppy50.fs and others. sparc provides floppy50.fs, cd50.iso, miniroot50.fs and install50.iso. On modern platforms you will generally prefer CD boot images because floppy images may lack drivers and utilities present on larger platforms.
Use an ISO image such as cd50.iso or install50.iso. On OpenBSD you can burn an ISO with cdio(1):
cdio tao cd50.iso
Other platforms provide similar tools (cdrkit, system utilities, or commercial burning software).
Exact device names vary; use the appropriate commands for your system. For example, format a floppy with fdformat and write the image to the device.
fdformat /dev/rfd0c
If the disk formats cleanly, write the image with dd:
dd if=floppy50.fs of=/dev/rfd0c bs=32k
cmp /dev/rfd0c floppy50.fs
If cmp returns no output, the image was written correctly.
Under Windows, first format the disk with the native tools and check it for bad sectors. Then write the installation image with ntrw.exe, available from the OpenBSD tools/ directory on the mirrors:
ntrw floppy50.fs a:
On PC platforms, configure the BIOS or firmware to boot from the medium you prepared. Older systems that cannot boot directly from CD often still work fine by booting from floppy and then installing from CD.
You can also boot bsd.rd from an existing OpenBSD partition or, on supported systems, via PXE.
On Sun hardware, you typically reach the ROM monitor prompt (ok) using Stop-A on a Sun keyboard or a BREAK on the serial console. You can then boot from floppy or CD:
boot floppy
boot cdrom
The OpenBSD installer is designed so that a usable system can be installed with very little interaction. In many cases, repeatedly pressing Enter is enough to get a sane default system.
Once the boot kernel has loaded, the installer offers three choices:
Install: perform a fresh installationUpgrade: install new sets over an existing OpenBSD installation without overwriting user dataShell: open a maintenance shell from the ramdisk environmentFor a new system, choose Install.
The installer then walks through the system configuration:
sshd(8)ntpd(8)com0If DHCP is available, you can usually accept the defaults for the first network interface. Otherwise, the installer will ask for the IPv4 address, netmask, default route, DNS domain, and DNS servers.
If you answer yes to manual network configuration, the installer drops you into a shell so you can run ifconfig, set wireless keys, force media options, and so on, then resume setup with exit.
Disk partitioning is often the trickiest part of an OpenBSD install.
On i386, amd64, macppc, zaurus, and armish, setup happens in two layers:
fdisk(8) defines the OpenBSD area on the diskdisklabel(8) splits that OpenBSD area into native OpenBSD partitionsFor simple installations, the easiest route is to let the installer use the whole disk and accept the automatic disklabel layout. That creates a bootable OpenBSD MBR partition and then allocates common mount points such as /, /tmp, /var, /usr, /usr/local, and /home.
The exact defaults vary with disk size, but the automatic layout is generally a good starting point.
The installer can fetch sets from several sources:
For FTP or HTTP installs, you specify the mirror, server directory, and login information if needed. You then select the sets to install.
At minimum you need:
bsdbase50.tgzetc50.tgzIn practice, new users should keep the default selection unless they know exactly what they want to exclude.
Examples of set selection syntax:
-comp50.tgz removes the compiler set+bsd.mp adds the multiprocessor kernel-x* removes all X11 setsWhen the sets finish installing, the installer saves configuration files, creates device nodes, and offers a final reboot. On first boot, OpenBSD generates SSH host keys. On modern machines this is quick; on very old hardware it can take a long time.
After the first login, one of the first documents you should read is afterboot(8).
If DHCP is unavailable, configure the interface manually during install. A typical sequence looks like this:
IPv4 address for xl0? 192.168.1.37
Netmask? 255.255.254.0
Default IPv4 route? 192.168.1.1
DNS domain name? example.org
DNS nameservers? 192.168.1.250 192.168.1.251
If additional tuning is required, choose manual network configuration and run ifconfig directly from the installer shell.
OpenBSD stores time in UTC and uses timezone data to convert it to local time. If you do not know the exact zone name, enter ? at the prompt and the installer will guide you through continent and city choices until you find the most accurate zone.
The installer ultimately creates /etc/localtime as a symlink into /usr/share/zoneinfo/.
fdisk(8)On i386 and amd64, fdisk(8) defines the OpenBSD MBR partition. If you are installing alongside another operating system, avoid Use whole disk and edit the MBR manually instead.
In a dual-boot setup you would typically:
A6 for OpenBSDThe installer uses absolute sector offsets. On modern disks, the default 64-sector starting offset is fine and often recommended for alignment reasons.
disklabel(8)Inside the OpenBSD area, disklabel(8) creates the native OpenBSD partitions. By convention:
a is the root filesystemb is swapc represents the whole disk and must not be alteredThe remaining letters are available for mount points such as /usr, /var, /tmp, /usr/local, /usr/X11R6, /usr/src, /usr/obj, and /home.
If you are building a specialized machine such as a web server, it is often worth deviating from the automatic layout. For example, a static web server may need a much larger /var/www and a much smaller /home.
An OpenBSD release is split into multiple file sets. The important ones are:
bsd: the kernel, requiredbsd.mp: SMP kernel on supported platformsbsd.rd: ramdisk kernelbase50.tgz: base system, requiredetc50.tgz: /etc, requiredcomp50.tgz: compiler, headers, and build toolsman50.tgz: manual pagesmisc50.tgz: assorted extra files and documentationgame50.tgz: gamesxbase50.tgz, xetc50.tgz, xfont50.tgz, xserv50.tgz, xshare50.tgz: X11 componentsDuring upgrades, etc50.tgz and xetc50.tgz are not reinstalled automatically, which is why /etc merging remains a manual task.
Even if you do not plan to run a desktop, some ports depend on X libraries or utilities. In many cases, installing xbase50.tgz is the simplest way to satisfy these dependencies.
Installing X does not by itself start a graphical environment or materially change the external security profile of the system. If a package needs X components, installing the correct set is usually the cleanest choice.
That is perfectly valid for a small or slow system, but it is not a serious security measure by itself. If someone already has sufficient access to your machine, the absence of a compiler rarely stops them. The real tradeoff is operational: without the compiler set you usually need another machine to build software or patches.
Partitioning depends on your workload, but OpenBSD traditionally prefers several filesystems instead of a single giant root partition. Common reasons include:
nodev, nosuid, noexec, or read-only mounts/tmp, /var, and /homeTypical mount points created by default are:
/swap/tmp/var/usr/usr/X11R6/usr/local/usr/src/usr/obj/homeIf you know a certain directory will grow heavily, such as /var/www, it is often worth giving it a dedicated partition.
Running OpenBSD alongside another operating system is possible, but it is easy to make mistakes. The most conservative advice is still to learn OpenBSD first on a dedicated test machine or disk.
Common multiboot strategies include:
For Windows 7 specifically, OpenBSD can be chained by copying the OpenBSD partition boot record into a Windows-accessible file and registering it with bcdedit.
If you need a Linux/OpenBSD dual-boot system, refer to INSTALL.linux for the details relevant to the platform and release.
OpenBSD expects the hardware clock to use UTC. Some other operating systems expect local time instead. On a multiboot machine, one side or the other must therefore be adjusted to avoid clock drift.
If you forgot to install a base set such as comp50.tgz, there are two straightforward ways to add it later.
Boot the install media again, choose Upgrade, and select only the set you forgot.
tar(1) directlyThe install sets are just compressed tar archives. From the root of the filesystem:
cd /
tar xzvpf comp50.tgz
Do not forget the p flag, which restores permissions correctly.
If you install xbase this way without rebooting, you may need to refresh the shared-library cache manually:
ldconfig -m /usr/X11R6/lib
bsd.rd?bsd.rd is the ramdisk kernel. Instead of mounting its root filesystem from disk, it embeds a minimal root environment in memory. This makes it useful both for installation and for rescue work.
On many systems, it is enough to replace the normal boot target /bsd with /bsd.rd to enter the installer or maintenance environment.
Certain old Compaq systems require a manual memory declaration from the bootloader, for example:
machine mem +0x3000000@0x1000000
This can be placed in /etc/boot.conf after installation.
Common causes include:
fdisk(8)In many cases, booting the install media and running fdisk -u wd0 is enough to rewrite usable MBR boot code.
ssh-keygenOn very old hardware, generating SSH host keys can take an extremely long time. This is not a crash; the machine simply needs time.
This is normal during parts of the pre-release development cycle. The installer may try to access a mirror path that does not exist yet. If so, choose a mirror manually and continue.
fdisk partition table looks empty or corruptedThis usually comes from creating the OpenBSD partition starting at sector 0 instead of using the normal track offset. The system may still boot from the PBR, but the disk layout should be corrected.
Possible workarounds include:
siteXX.tgzOpenBSD supports a user-defined archive named siteXX.tgz where XX is the release number. It is unpacked after the official sets and can therefore add or overwrite files. This is useful for:
/etc/skel, pf.conf, or rc.conf.localYou can also create host-specific archives such as site50-myhost.tgz.
install.site and upgrade.siteAt the end of installation or upgrade, the installer looks for executable scripts named install.site or upgrade.site in the target root and runs them in a chroot(8) environment. These scripts are powerful enough to:
rdate(8)rc.firsttime(8)Combined with siteXX.tgz, these scripts provide a clean way to automate custom deployments without rebuilding official install sets.
If you need to deploy several similar OpenBSD systems, the most practical tools are:
siteXX.tgzinstall.site / upgrade.sitedump(8) backups from install mediadd(1) when identical disk geometry is acceptableDisk imaging is the bluntest tool: it copies everything, including unused space, but it is often enough for simple replication workflows.