![[LOGO IMG]](/img/logo.jpg){kind=logo}
![[English IMAGE]](/img/gb.gif)
How to Install OpenBSD on a Soekris board
The next tutorial is based on:
http://www.dbnet.ece.ntua.gr/~adamo/howto/Soekris/
I simple add a few important things to make the installation more usable.
1. Setup a DHCP server to use PXEboot
This example use the ISC DHCP server. The relevant part in the dhcpd.conf is:
host foo {
hardware ethernet XX:XX:XX:XX:XX:XX;
fixed-address foo.bar.tee.gr;
filename "pxeboot";
}
The above configuration presupposes that your DHCP server is going to be used as a TFTP server also.
Actually, you only need to add the line > filename "pxeboot"; < to your global configuration and will work exactly the same.
2. Stuff to do on the TFTP server
Assume that the tftp root directory is /tftpboot. Place on /tftpboot the file pxeboot that is found on the OpenBSD distribution.
Also, place on /tftpboot the install kernel, bsd.rd.
Next, mkdir /tftpboot/etc. Create a file named /tftpboot/etc/boot.conf with the following contents:
set tty com0 stty com0 9600 boot bsd.rd
If your 4801 console is setup to a different baud rate, either change this here, or on your 4801's console. Refer to the Soekris BIOS documentation on how to do this.
If your inetd/xinetd makes use of /etc/hosts.{allow,deny} then take care to allow foo.bar.tee.gr to access the tftp server.
3. Netboot your Soekris 4801
According to the Soekris documentation on the Soekris BIOS prompt you should type:
boot f0
4. Install OpenBSD 4.0
This procedure is best covered by the OpenBSD documentation.
What you need to remember is that you are installing on a Compact Flash. Therefore you do not need a swap partition. But OpenBSD does not install unless you have a swap partition. So you can create a swap partition with size of 1 (yes one):
Initial label editor (enter '?' for help at any prompt) > p device: /dev/rwd0c type: ESDI disk: TOSHIBA THNCF25 label: bytes/sector: 512 sectors/track: 32 tracks/cylinder: 16 sectors/cylinder: 512 cylinders: 978 total sectors: 500736 free sectors: 0 rpm: 3600 16 partitions: # size offset fstype [fsize bsize cpg] a: 500703 32 4.2BSD 2048 16384 578 b: 1 500735 swap c: 500704 32 unused 0 0 > w > q
When you need to select what sets to install, you select only:
[X] bsd [ ] bsd.rd [ ] bsd.mp [X] base40.tgz [X] etc40.tgz [ ] misc40.tgz [ ] comp40.tgz [ ] man40.tgz [ ] game40.tgz [ ] xbase40.tgz [ ] xetc40.tgz [ ] xshare40.tgz [ ] xfont40.tgz [ ] xserv40.tgz Set name? (or 'done') [bsd.mp] done
This is a minimal that you need to the OpenBSD works correctly, but if you prefer a more complete system install the rest.
After the installation over, halt the system.
5. Configure the System
Boot in single user mode. Interrupt the OpenBSD boot procedure (not the Soekris BIOS one) and type boot -s. When the system boots, perform the next steps:
mount -o rw / mkdir /mfs
Modify /etc/rc (adding a line after the rm -f /fastboot entry in /etc/rc with: ". /usr/local/sbin/setup_mfs.sh") to execute the following script:
#Create the mfs and populate it # echo mfs: mounting /mfs... mount_mfs -s 16384 /dev/wd0b /mfs mkdir -p /mfs/var/run mkdir -p /mfs/var/tmp mkdir -p /mfs/var/db mkdir -p /mfs/var/db/pkg mkdir -p /mfs/var/cron mkdir -p /mfs/dev chmod 1777 /mfs/var/tmp cp -Rp /var/log.template /mfs/var/log cp -Rp /var/spool/mqueue /mfs/mqueue cp -Rp /var/spool/clientmqueue /mfs/clientmqueue cp -Rp /var/mail.template /mfs/mail cp -Rp /var/db.old /mfs/var/db cp -Rp /var/tmp.old /mfs/var/tmp cp -Rp /var/run.old /mfs/var/run cp -Rp /var/cron.old /mfs/var/cronecho /dev... tar cf - -C /dev/devtmp . | tar xpf - -C /mfs/dev # # EOF
Change to the right permissions:
chmod 700 /usr/local/sbin/setup_mfs.sh
Edit /etc/mail/sendmail.cf and /etc/mail/submit.cf and change the entries for clientmqueue and mqueue to point at /mfs/{clientmqueue,mqueue}
Modify the /etc/syslogd.conf to use the /mfs/var instead of /var/ or to output the logs for the console. I suggested that you use the syslogd.conf from flasdist.
After that do:
rm -rf /tmp mv /var/tmp /var/tmp.old mv /var/db /var/db.old mv /var/run /var/run.old mv /var/cron /var/cron.old mv /var/log /var/log.template mv /var/mail /var/mail.template ln -s /mfs/var/tmp /tmp ln -s /mfs/var/tmp /var/tmp ln -s /mfs/var/run /var/run ln -s /mfs/var/log /var/log ln -s /mfs/mail /var/mail ln -s /mfs/var/db /var/db mkdir /dev/devtmp cd /dev/devtmp sh ../MAKEDEV pty0 rm ../ttyp* ../ptyp* for i in *; do ln -s /mfs/dev/$i /dev/$i done
You have to take care with the script above and the shell lines wich create the links! You need to add all the other directories/files where your system need to write, to the /mfs.
And don't forget: you can't have any program writing to the CF! Or you may have problems to mount the / as read-only.
mount -o ro /
After this you can halt the system.
6. After the first reboot, edit /etc/fstab to mount / as read-only:
/dev/wd0a / ffs ro 1 1
On a 1GB Compact Flash:
# mount /dev/wd0a on / type ffs (local, read-only) mfs:301 on /mfs type mfs (asynchronous, local, size=16128 512-blocks) # df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 959M 146M 765M 16% / mfs:301 7.7M 158K 7.2M 2% /mfs
Francisco Rente, 12-2006 <frente at cognitrap dot org>
syslog.conf from Flashdist
# $OpenBSD: syslog.conf,v 1.12 2001/08/23 13:27:52 camield Exp $ # *.err;kern.debug;auth.notice;authpriv.none;mail.crit /dev/console *.err root *.notice;auth.debug root *.alert root *.emerg * # You need to run syslogd with the -u option on the remote host. When # that host runs with -u, you are vulnerable to syslog bombing, and should # block external syslog packets from untrusted hosts. This reduces the # vulnerability from hosts which do not send spoofed packets. *.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none MESSAGES kern.debug,user.info,syslog.info,daemon.info MESSAGES auth.info,authpriv.debug AUTHLOG # Uncomment to log messages from sudo(8) and chat(8) to their own # respective log files. Matches are done based on the program name # Program-specific logs: #!sudo #*.* /var/log/sudo #!chat #*.* /var/log/chat
