Thus, a device name plus a disklabel identify an OpenBSD filesystem. For example, the identifier sd2a refers to the filesystem on the a partition of the third sd device. Its device files would be /dev/sd2a for the block device and /dev/rsd2a for the raw (character) device. Remembering whether a rarely used command needs a block or a character device is difficult. Therefore, many commands make use of the opendev(3) function, which automatically expands sd0 to /dev/rsd0c or wd0a to /dev/wd0a, as appropriate.
A few labels are special:
View your partition table with:
Here, the OpenBSD partition (id A6) is marked with a * to indicate that it is the bootable partition.# fdisk sd0 Disk: sd0 geometry: 553/255/63 [8883945 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------ 0: 12 0 1 1 - 2 254 63 [ 63: 48132 ] Compaq Diag. 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 3 0 1 - 552 254 63 [ 48195: 8835750 ] OpenBSD
A totally blank disk will need to have the master boot record's boot code written to the disk before it can boot. Normally, all you need to do is:
Alternatively, use the reinit or update commands in interactive mode.# fdisk -iy sd0
The -e flag starts interactive editing mode:
Beware that q saves changes and exits the program, while x exits without saving. This is the opposite of what many people are now used to in other environments. Note also that fdisk does not warn before saving the changes.# fdisk -e sd0 Enter 'help' for information fdisk: 1>
If your system has a maintenance or diagnostic partition, it is recommended that you leave it in place or install it before installing OpenBSD.
This can help overcome some architectures' disk partitioning limitations. For example, on i386, there are only four primary MBR partitions available. With disk labels, one of these primary partitions contains all your OpenBSD partitions, while the other three are still available for other operating systems.
On platforms using fdisk, you should leave the first logical track unused, both in disklabel and in fdisk. For this reason, the default is to start the first partition at block 64.
Don't put swap at the very beginning of your disk on sparc64. While Solaris often did that, OpenBSD requires the boot partition to be at the beginning of the disk.
A copy of the disklabel for each disk is saved in /var/backups as part of the daily system maintenance. Assuming you still have the /var partition, you can simply read the output, and put it back into disklabel with the -R flag.
In the event that you can no longer see that partition, there are two options: Fix enough of the disk so you can see it, or fix enough of the disk so that you can get your data off. The scan_ffs(8) utility will look through a disk to find partitions. You can use the information it finds to recreate the disklabel. If you just want /var back, you can recreate the partition for /var, then recover the backed up label and add the rest from that. The disklabel(8) utility will both update the kernel's understanding of the disklabel and attempt to write the label to disk. Therefore, even if the area of the disk containing the disklabel is unreadable, you will be able to mount until the next reboot.
Using drive 0, partition 3. <- MBR Loading.... <- PBR probing: pc0 com0 com1 apm mem[636k 190M a20=on] <- /boot disk: fd0 hd0+ >> OpenBSD/i386 BOOT 3.26 boot> booting hd0a:/bsd 4464500+838332 [58+204240+181750]=0x56cfd0 entry point at 0x100120 [ using 386464 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 <- Kernel The Regents of the University of California. All rights reserved.
Enabling soft updates must be done with a mount-time option. When mounting a partition with the mount(8) utility, you can specify that you wish to have soft updates enabled on that partition. Below is a sample fstab(5) entry that has one partition sd0a that we wish to have mounted with soft updates.
/dev/sd0a / ffs rw,softdep 1 1
Assuming you want to back up your root partition to the partition specified by the DUID bfb4775bb8397569.a, add the following to /etc/fstab
and set the appropriate environment variable in /etc/daily.local:bfb4775bb8397569.a /altroot ffs xx 0 0
As the /altroot process will capture your /etc directory, this will make sure any configuration changes there are updated daily. This is a "disk image" copy done with dd(1) not a file-by-file copy, so your /altroot partition should be at least the same size as your root partition. Generally, you will want your /altroot partition to be on a different disk that has been configured to be fully bootable should the primary disk fail.# echo ROOTBACKUP=1 >>/etc/daily.local
Note that support may be limited to read-only operation.$ man -k -s 8 mount
Since this is an ISO 9660 image, as used by CDs and DVDs, you must specify type of cd9660 when mounting it.# vnconfig vnd0 /tmp/ISO.image # mount -t cd9660 /dev/vnd0c /mnt
To unmount the image and unconfigure the vnd(4) device, do:
For more information, refer to vnconfig(8) and mount(8).# umount /mnt # vnconfig -u vnd0
When a filesystem is created with newfs(8), some of the available space is held in reserve from normal users. This provides a margin of error when you accidentally fill the disk, and helps keep disk fragmentation to a minimum. Default for this is 5% of the disk capacity, so if the root user has been carelessly filling the disk, you may see up to 105% of the available capacity in use.
If the 5% value is not appropriate for you, you can change it with the tunefs(8) command.
Before using the install script, you will drop to a shell and set up a softraid(4) device.
The install kernel only has the /dev entries for one wd(4) device and one sd(4) device on boot, so you will need to manually create more disk devices if your desired softraid setup requires them. For example, if you need to support a second and third sd(4) device for a mirrored setup, you could do the following from the shell prompt:
You now have full support for the sd0, the sd1 and sd2 devices.Welcome to the OpenBSD/amd64 X.X installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s # cd /dev # sh MAKEDEV sd1 sd2
Next, we'll initialize the disks with fdisk(8) and create RAID partitions with disklabel(8).
If you're booting from MBR, do:
If you use GPT for UEFI booting, do:# fdisk -iy sd0 # fdisk -iy sd1
Create the partition layout on the first device:# fdisk -iy -g -b 960 sd0 # fdisk -iy -g -b 960 sd1
Copy the partition layout to the second device:# disklabel -E sd0 Label editor (enter '?' for help at any prompt) > a a offset:  size:  * FS type: [4.2BSD] RAID > w > q No label changes.
Assemble the mirror with the bioctl(8) command:# disklabel sd0 > layout # disklabel -R sd1 layout # rm layout
This shows that we now have a new SCSI bus and a new disk, sd2. This volume will be automatically detected and assembled when the system boots.# bioctl -c 1 -l sd0a,sd1a softraid0 scsibus1 at softraid0: 1 targets sd2 at scsibus2 targ 0 lun 0: <OPENBSD, SR RAID 1, 005> SCSI2 0/direct fixed sd2: 10244MB, 512 bytes/sec, 20980362 sec total
Even if you create multiple RAID arrays, the device name will always be softraid0. There won't be a softraid1 or anything else.
Because the new device probably has a lot of garbage where you expect a master boot record and disklabel, zeroing the first chunk of it is highly recommended. Be very careful with this command; issuing it on the wrong device could lead to a very bad day. This assumes that the new softraid device was created as sd2.
You are now ready to install OpenBSD on your system. Perform the install as normal by invoking "install" or "exit" at the boot media console. Create all the partitions on your new softraid disk (sd2 in our example here) that should be there, rather than on sd0 or sd1 (the non-RAID disks).# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
To check on the status of your mirror, issue the following command:
A nightly cron job to check the status might be a good idea.# bioctl sd2
These steps can be performed in either single user mode or from the install kernel.# bioctl -R /dev/sd1m sd2 # reboot
Select (S)hell at the initial prompt.
From here, you'll be given a shell within the live environment to manipulate the disks. For this example, we will install to the sd0 SATA drive, erasing all of its previous contents. You may want to write random data to the drive first with something like the following:Welcome to the OpenBSD/amd64 X.X installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s
This can be a very time-consuming process, depending on the speed of your CPU and disk, as well as the size of the disk. If you don't write random data to the whole device, it may be possible for an adversary to deduce how much space is actually being used.# dd if=/dev/random of=/dev/rsd0c bs=1m
Next, we'll initialize the disk with fdisk(8) and create the softraid partition with disklabel(8).
If you're booting from MBR, do:
If you use GPT for UEFI booting, do:# fdisk -iy sd0
Next, create the partition layout:# fdisk -iy -g -b 960 sd0
We'll use the entire disk, but note that the encrypted device can be split up into multiple partitions as if it were a regular hard drive.# disklabel -E sd0 Label editor (enter '?' for help at any prompt) > a a offset:  size:  * FS type: [4.2BSD] RAID > w > q No label changes.
Now we can build the encrypted device on our "a" partition.
Since the installer does not have many device nodes by default, we'll make sure the /dev/sd1 device is accounted for.# bioctl -c C -l sd0a softraid0 New passphrase: Re-type passphrase: sd1 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed sd1: 19445MB, 512 bytes/sector, 39824607 sectors softraid0: CRYPTO volume attached as sd1
All data written to sd1 will now be encrypted with AES in XTS mode.# cd /dev && sh MAKEDEV sd1
As in the previous example, we'll overwrite the first megabyte of our new pseudo-device.
Type exit to return to the main installer, then choose this new device as the one for your installation.# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
You will be prompted for the passphrase on startup, but all other operations should be handled transparently.[...] Available disks are: sd0 sd1. Which disk is the root disk? ('?' for details) [sd0] sd1
Next time you need to access the drive, simply use bioctl(8) to attach it and then repeat the last four commands as needed.# dd if=/dev/random of=/dev/rsd3c bs=1m # fdisk -iy sd3 # disklabel -E sd3 (create an "a" partition, see above for more info) # bioctl -c C -l sd3a softraid0 New passphrase: Re-type passphrase: softraid0: CRYPTO volume attached as sd4 # dd if=/dev/zero of=/dev/rsd4c bs=1m count=1 # fdisk -iy sd4 # disklabel -E sd4 (create an "i" partition, see above for more info) # newfs sd4i # mkdir -p /mnt/secretstuff # mount /dev/sd4i /mnt/secretstuff # mv somefile /mnt/secretstuff/ # umount /mnt/secretstuff # bioctl -d sd4
The man page for this looks a little scary, as the -d command is described as "deleting" the volume. In the case of crypto, however, it just deactivates the encrypted volume so it can't be accessed until it is activated again with the passphrase.