wd0and the third SCSI-like disk will be
sd2. Note that OpenBSD will not necessarily number drives in the same order as your boot ROM.
p. A few labels are special:
a: The boot disk's
apartition is your root partition.
b: The boot disk's
bpartition is usually a swap partition.
cpartition is always the entire disk.
# newfs sd2aThus, a device name plus a disklabel identify an OpenBSD filesystem. For example, the identifier
sd2arefers to the filesystem on the
apartition of the third
sddevice. Its device files would be
/dev/sd2afor the block device and
/dev/rsd2afor the raw (character) device. Remembering whether a rarely used command needs a block or a character device is difficult. Therefore, many commands make use of the opendev(3) function, which automatically expands
$ sysctl hw.disknames hw.disknames=wd0:bfb4775bb8397569,cd0:,wd1:56845c8da732ee7b,wd2:f18e359c8fa2522bYou can specify partitions on the disk by appending a period and the partition letter. For example,
dpartition of the disk
f18e359c8fa2522band will always refer to the same chunk of storage, no matter what order the devices attached to the system, or what kind of interface it is attached to. If you put data on
wd2d, then later remove
wd1from the system and reboot, your data is now on
wd1d, as your old
wd1. However, a drive's DUID won't change after boot.
View your partition table with:
# fdisk sd0 Disk: sd0 geometry: 553/255/63 [8883945 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start: size ] ------------------------------------------------------------------------ 0: 12 0 1 1 - 2 254 63 [ 63: 48132 ] Compaq Diag. 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 3 0 1 - 552 254 63 [ 48195: 8835750 ] OpenBSDHere, the OpenBSD partition (id
A6) is marked with a
*to indicate that it is the bootable partition.
A totally blank disk will need to have the master boot record's boot code written to the disk before it can boot. Normally, all you need to do is:
# fdisk -iy sd0Alternatively, use the
updatecommands in interactive mode.
-e flag starts interactive editing mode:
# fdisk -e sd0 Enter 'help' for information fdisk: 1>Beware that
quitsaves changes and exits the program, while
exitexits without saving. This is the opposite of what many people are now used to in other environments. Note also that fdisk does not warn before saving the changes.
If your system has a maintenance or diagnostic partition, it is recommended that you leave it in place or install it before installing OpenBSD.
This can help overcome some architectures' disk partitioning limitations. For example, on i386, there are only four primary MBR partitions available. With disk labels, one of these primary partitions contains all your OpenBSD partitions, while the other three are still available for other operating systems.
On platforms using fdisk, you should leave the first logical track unused, both in disklabel and in fdisk. For this reason, the default is to start the first partition at block 64.
Don't put swap at the very beginning of your disk on sparc64. While Solaris often did that, OpenBSD requires the boot partition to be at the beginning of the disk.
A copy of the disklabel for each disk is saved in
part of the daily system maintenance.
Assuming you still have the
/var partition, you can simply read the
output, and put it back into disklabel with the
In the event that you can no longer see that partition, there are two options:
Fix enough of the disk so you can see it, or fix enough of the disk so that you
can get your data off.
The scan_ffs(8) utility will look
through a disk to find partitions.
You can use the information it finds to recreate the disklabel.
If you just want
/var back, you can recreate the partition for
/var, then recover the backed up label and add the rest from that.
The disklabel(8) utility will
both update the kernel's understanding of the disklabel and attempt to write
the label to disk.
Therefore, even if the area of the disk containing the disklabel is unreadable,
you will be able to mount until the next reboot.
/boot. The PBR loads the boot(8) program which has the task of locating and loading the kernel.
Using drive 0, partition 3. <- MBR Loading...... <- PBR probing: pc0 com0 com1 mem[638K 1918M a20=on] <- /boot disk: hd0+ hd1+ >> OpenBSD/amd64 BOOT 3.33 boot> booting hd0a:/bsd 4464500+838332 [58+204240+181750]=0x56cfd0 entry point at 0x100120 [ using 386464 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 <- Kernel The Regents of the University of California. All rights reserved.
Enabling soft updates must be done with a mount-time option.
When mounting a partition with the
utility, you can specify that you wish to have soft updates enabled on
Below is a sample fstab(5)
entry that has one partition
sd0a that we wish to have mounted
with soft updates.
/dev/sd0a / ffs rw,softdep 1 1
/altrootfacility in the daily(8) scripts. If the environment variable
ROOTBACKUP=1is set in either
/etc/daily.localor root's crontab(5), and a partition is specified in fstab(5) as mounting to
/altrootwith the mount options of
xx, every night the entire contents of the root partition will be duplicated to the
Assuming you want to back up your root partition to the partition specified
by the DUID
add the following to
bfb4775bb8397569.a /altroot ffs xx 0 0and set the appropriate environment variable in
# echo ROOTBACKUP=1 >>/etc/daily.localAs the
/altrootprocess will capture your
/etcdirectory, this will make sure any configuration changes there are updated daily. This is a "disk image" copy done with dd(1) not a file-by-file copy, so your
/altrootpartition should be at least the same size as your root partition. Generally, you will want your
/altrootpartition to be on a different disk that has been configured to be fully bootable should the primary disk fail.
/DSTwith dump(8) and restore(8), do:
# cd /SRC && dump 0f - . | (cd /DST && restore -rf - )or use tar(1):
# cd /SRC && tar cf - . | (cd /DST && tar xpf - )
Use the keywords
groupquota to mark each
filesystem in fstab(5) on which you
want to enforce quotas.
By default, the files
be created at the root of those filesystems.
Here is an example
0123456789abcdef.k /home ffs rw,nodev,nosuid,userquota 1 2To set the users' quotas, use edquota(8). For example, issue
# edquota ericjand edit the soft and hard limits:
Quotas for user ericj: /home: KBytes in use: 62, limits (soft = 1000000, hard = 1500000) inodes in use: 25, limits (soft = 0, hard = 0)In this example, the soft limit is set to 1000000k, and the hard limit is set to 1500000k. No limits on the number of inodes will be enforced, since the corresponding soft and hard limits are set to 0. Users who exceed their soft limit are warned and are given a grace period to get their disk usage below their limits. Grace periods can be set by using the
-toption on edquota(8). After the grace period is over, the soft limit is handled as a hard limit. This usually results in an allocation failure.
Use quotaon(8) to enable quotas:
# quotaon -aThis will scan through fstab(5) and enable quotas on the filesystems with quota options. View quota statistics with quota(1).
$ man -k -s 8 mountNote that support may be limited to read-only operation.
/tmp/ISO.image, you would take the following steps to mount the image.
# vnconfig vnd0 /tmp/ISO.image # mount -t cd9660 /dev/vnd0c /mntSince this is an ISO 9660 image, as used by CDs and DVDs, you must specify type of
cd9660when mounting it.
To unmount the image and unconfigure the vnd(4) device, do:
# umount /mnt # vnconfig -u vnd0For more information, refer to vnconfig(8) and mount(8).
disklabel -E sd0and modify the size of the partition using the
mcommand. Adjust the filesystem to use the entire partition with growfs(8):
# growfs sd0hBefore the partition can be mounted again, its integrity must be checked with fsck(8):
# fsck /dev/sd0h
Before using the install script, you will drop to a shell and set up a softraid(4) device.
The install kernel only has the
/dev entries for one
wd(4) device and one
sd(4) device on boot, so you will need
to manually create more disk devices if your desired softraid setup requires
For example, if you need to support a second and third
sd(4) device for a mirrored setup, you
could do the following from the shell prompt:
Welcome to the OpenBSD/amd64 X.X installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s # cd /dev # sh MAKEDEV sd0 sd1 sd2You now have full support for the
Next, initialize the disks with fdisk(8) and create RAID partitions with disklabel(8).
If you're booting from MBR, do:
# fdisk -iy sd0 # fdisk -iy sd1If you use GPT for UEFI booting, do:
# fdisk -iy -g -b 960 sd0 # fdisk -iy -g -b 960 sd1Create the partition layout on the first device:
# disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> a a offset:  size:  * FS type: [4.2BSD] RAID sd0*> w sd0> q No label changes.Copy the partition layout to the second device:
# disklabel sd0 > layout # disklabel -R sd1 layout # rm layoutAssemble the mirror with the bioctl(8) command:
# bioctl -c 1 -l sd0a,sd1a softraid0 scsibus1 at softraid0: 1 targets sd2 at scsibus2 targ 0 lun 0: <OPENBSD, SR RAID 1, 005> SCSI2 0/direct fixed sd2: 10244MB, 512 bytes/sec, 20980362 sec totalThis shows that we now have a new SCSI bus and a new disk,
sd2. This volume will be automatically detected and assembled when the system boots.
Even if you create multiple RAID arrays, the device name will always be
There won't be a
softraid1 or anything else.
Because the new device probably has a lot of garbage where you expect
a master boot record and disklabel, zeroing the first chunk of it is
Be very careful with this command; issuing it on the wrong device
could lead to a very bad day.
This assumes that the new softraid device was created as
# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1You are now ready to install OpenBSD on your system. Perform the install as normal by invoking "install" or "exit" at the boot media console. Create all the partitions on your new softraid disk (
sd2in the example here) that should be there, rather than on
sd1(the non-RAID disks).
To check on the status of the mirror, issue the following command:
# bioctl sd2A nightly cron job to check the status might be a good idea.
sd2and you are replacing the failed device with
sd1m, the following commands should work:
# bioctl -R /dev/sd1m sd2This can also be performed in single user mode or from the install kernel.
Select (S)hell at the initial prompt.
Welcome to the OpenBSD/amd64 X.X installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? sFrom here, you'll be given a shell within the live environment to manipulate the disks. For this example, we will install to the
sd0SATA drive, erasing all of its previous contents.
Since the installer does not have many device nodes by default, make
/dev/sd0 device exists:
# cd /dev && sh MAKEDEV sd0You may want to write random data to the drive first with something like the following:
# dd if=/dev/urandom of=/dev/rsd0c bs=1mThis can be a very time-consuming process, depending on the speed of your CPU and disk, as well as the size of the disk. If you don't write random data to the whole device, it may be possible for an adversary to deduce how much space is actually being used.
Next, initialize the disk with fdisk(8) and create the softraid partition with disklabel(8).
If you're booting from MBR, do:
# fdisk -iy sd0If you use GPT for UEFI booting, do:
# fdisk -iy -g -b 960 sd0Next, create the partition layout:
# disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> a a offset:  size:  * FS type: [4.2BSD] RAID sd0*> w sd0> q No label changes.We'll use the entire disk, but note that the encrypted device can be split up into multiple partitions as if it were a regular hard drive.
Now we can build the encrypted device on our "a" partition.
# bioctl -c C -l sd0a softraid0 New passphrase: Re-type passphrase: sd1 at scsibus2 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed sd1: 19445MB, 512 bytes/sector, 39824607 sectors softraid0: CRYPTO volume attached as sd1Instead of a passphrase, you may want to use a keydisk.
Make sure the
/dev/sd1 device is accounted for:
# cd /dev && sh MAKEDEV sd1All data written to
sd1will now be encrypted with AES in XTS mode.
As in the previous example, we'll overwrite the first megabyte of our new pseudo-device.
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1Type
exitto return to the main installer, then choose this new device as the one for your installation.
[...] Available disks are: sd0 sd1. Which disk is the root disk? ('?' for details) [sd0] sd1You will be prompted for the passphrase on startup, but all other operations should be handled transparently.
Initialize your keydisk with
fdisk(8), then use
to create a 1 MB RAID partition for the key data.
If your keydisk is
sd1 and the drive you want to encrypt is
sd0, the output will look something like this:
# bioctl -c C -k sd1a -l sd0a softraid0 sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 005> SCSI2 0/direct fixed sd2: 19445MB, 512 bytes/sector, 39824607 sectors softraid0: CRYPTO volume attached as sd2You won't be prompted to enter a passphrase because you used a keydisk instead. The keydisk must be inserted at startup time.
You can backup and restore your keydisk using dd(1):
# dd bs=8192 skip=1 if=/dev/rsd1a of=backup-keydisk.img # dd bs=8192 seek=1 if=backup-keydisk.img of=/dev/rsd1a
sd3being the USB drive.
# dd if=/dev/urandom of=/dev/rsd3c bs=1m # fdisk -iy sd3 # disklabel -E sd3 # make an "a" partition of type RAID # bioctl -c C -l sd3a softraid0 New passphrase: Re-type passphrase: softraid0: CRYPTO volume attached as sd4 # dd if=/dev/zero of=/dev/rsd4c bs=1m count=1 # fdisk -iy sd4 # disklabel -E sd4 # make an "i" partition # newfs sd4i # mkdir -p /mnt/secretstuff # mount /dev/sd4i /mnt/secretstuff # mv somefile /mnt/secretstuff/ # umount /mnt/secretstuff # bioctl -d sd4The same bioctl(8) command used to create the volume can be used to attach it later on.