Notes for running OpenBSD
UNDER CONSTRUCTION
Please be advised that what you are reading are only my notes on this subject. They are written from the perspective of a "how-to" guide although they are really just intended for my benefit. I am not an expert nor do I pretend to be one, and I reserve the right to be wrong about anything and everything on this page. So, if you have any questions about this page or something useful to add to it, I'd like to hear from you (contact: apk at sonic dot net). Special thanks to H.J.R.
Last updated: Sunday, June 21, 2003
(Go To: Basic Configuration | Installation Notes and Help | Direct Serial Connection on PC | Keyboard and Monitor | Direct Network Connection on PC | DHCP Configuration | Troubleshooting Boot Messages | Troubleshooting Sendmail | Quick Tips)
This machine is currently configured as a "headless server" with 80 Meg of RAM and a 4 GB Hard Disk, built-in color GX framebuffer and one open SBUS slot. It has a built-in 10BaseT/RJ45 ethernet port, two serial ports, and external SCSI connector, and is running GNU development systems and other software. An excellent, general purpose box. [See pictures of inside and back]
OpenBSD is generally a more secure UNIX operating system than Solaris or Red Hat Linux for Sparc, but it also features less system overhead, making this machine seem faster than it's nominal 110MHz clock rate would suggest.
The SS4 is a sun4m architecture machine and will run all Sparc versions of SunOS/Solaris through Solaris 9.
The specifications from the Sun Hardware FAQ are:
SPARCstation 4
Processor(s): microSPARC II @ 85MHz, 110MHz;
57.0/64.0/? SPECint92, 47.3/54.6/? SPECfp92,
1352/1518/? SPECintRate92, 1122/1295/? SPECfpRate92
Bus: SBus
Memory: 256M physical
Architecture: sun4m
Notes: 16M standard in 70MHz model, 32M standard in
85MHz model. 8 SIMM slots, 8M or 32M SIMMs,
mixable except that any 32M SIMMs must be in
slots before any 8M SIMMs.
Uses SCA connector for
internal SCSI drive. Socketed CPU chip.
The official install guide: ftp://ftp.openbsd.org/pub/OpenBSD/3.0/sparc/INSTALL.sparc
Click here for my notes (screen capture) on installing OpenBSD 3.3 on a SS5.
This page "Setting up an OpenBSD box" is also helpful though intended for i386 machines. It covers the install routine and hardening instructions for OpenBSD 2.8. Also works for 3.0, but some of the packages have changed names.
OpenBSB help:
http://www.holland-consulting.net/tech/ocep/index.html
OpenBSD forums:
http://news.gw.com/openbsd.sparc/
http://marc.theaimsgroup.com/?l=openbsd-sparc&r=1&w=2
Unix forums:
http://computing.net/unix/wwwboard/wwwboard.html
Sun SPARC machines are designed to be completely maintainable with a serial console, and unlike some other platforms, it is not necessary to make any changes to /etc/ttys to use a serial console. Simply remove the keyboard from the machine, and the system will run serial. If the SS4 is not equipted with a Sun keyboard and SVGA monitor, it will assume Serial Port A is the console. The port is the lower DB25 female connector (the higher one is a parallel port). Note that most PCs use a male connector for serial ports, but Sun uses a female port just to be different.
Making the connection:
You will need a null modem adapter and a cable that'll make with your PC (you'll probably need a DB9 female to DB25 male standard modem cable if you have a normal PC). Many electronics and computer stores sell both 9 pin (DB9) and 25 pin (DB25) null modem adapters -- either will work -- and you only need one. Let's assume you got a 25 pin version and that you're connected to port COM1 on the PC...
Plug the 9 pin end on the serial cable into the serial port on the PC. Plug the 25 pin end of the cable into the null modem adapter. Plug the null modem adapter into the SS4 and you should be in business.
Go to Start --> Programs --> Accessories --> Communications --> HyperTerminal on the PC.
This will bring up a terminal emulation screen on your PC. HyperTerm will ask you set up a "connection". Name the connections something like "Direct to COM1". HyperTerm will look for your modem by default. In the box labelled "Connect using", use the pull down tab to select COM1. Set the Hyperterm session to 9600 baud, 8 data bits, 1 stop bit, and hardware flow control.
You should be able to fire up the SS4 and you'll see the start up messages on the HyperTerm screen.
And it does not have to be COM1 on the PC -- any serial port will work even if you've got a laptop communicating through a USB serial port adapter. Just substitute the real COM port designation for COM1 above.
Why a null modem adapter?
The pins in a serial cable are configured in either of two ways: Data Terminal Equipment (DTE) or Data Communications Equipment (DCE). For a serial cable to work, both ends must be wired for the correct configuration. A standard modem cable is designed to connect DTE (a PC serial port is wired as a DTE device) to a DCE device (an external modem, for example, is wired as DCE). It will fit the connectors, but is effectively wired wrong -- the Sun SS4, like the PC, is ALSO a DTE configured device.
The difference between DCE and DTE is that three pairs of wires at the connector are swapped. What the null modem adapter does is swaps these three pairs of wires and effectively converts a normal serial cable from DTE to DCE -- or DCE to DTE. If all of the wires in the cable are wired right through (as they are in a standard serial modem cable), it won't matter which end of the cable the null modem adapter goes on -- it'll just change the configuration of that end.
Related info:
Default entry in /etc/ttys:
# name getty type status comments console "/usr/libexec/getty suncons" sun on secure
Default entry in /etc/gettytab:
# 8 bit clean Sun console S|suncons|Sun Console:\ :np:sp#9600:
The "suncons" entries are actually for the console device as determined at boot time -- the boot routine in the PROM checks to see if there is a Sun keyboard and video adapter attached. If it finds them, the Boot Prom assignes the console function to the keyboard and video -- if it doesn't find them, it makes Serial Port A (/dev/ttya) the console. The "9600" reference in the suncons entry is simply a placeholder and has no meaning (that I'm aware of) in relation to the operation of the console. If you want to change the speed of the SERIAL console, you have to change the ttya line in the /etc/ttys file AND change the tty port speed setting in the PROM.
See also OpenBSD FAQ - Keyboard and Display Controls
Error:
Plugging the keyboard back in doesn't return you a functioning keyboard and monitor. Basically, you want to use serial console but not turn off the keyboard.
Solution:
I have not tried this, it is from the Openboot Manual available at http://docs.sun.com/db/doc/805-4436 (chapter 3). Setting output to screen and input to keyboard should give the normal behaviour.
setenv output-device ttya setenv input-device ttya
Assuming the PC and the SS4 are both on the same network segment and operational. And assuming you know the IP address assigned to the SS4, all you have to do is to go to Start --> Run --> and type in "telnet" (without the quotes) and hit enter. A DOS-like box will open with a prompt like
Microsoft Telnet>
Enter "open 192.168.0.164" (or whatever address is assigned to the SS4) and you'll get a login prompt.
Note that OpenBSD (and most UNIXes) will not let you log in as root on a remote session. You have to log in as "admin" and then use the su command to change to root. On the serial connection you are on the console, so root access is allowed, but not through telnet.
PuTTY is a free implementation of Telnet and SSH for Win32 platforms, along with an xterm terminal emulator. Give it a try.
Assumes PC is acting as a DNS server and that you have a network connection (Control Panel --> Network Connections) for your ISP. The basic files to change are in the /etc directory. Words in italics are my exact entries.
See here for a copy of my boot message.
It is a good idea to include default values in the control files even for a DHCP machine, because if the DHCP call is not successful, it still has usable values from the files. If the DHCP call is successful, any or all of the information in the control files, including hostname in some cases, is superceeded.
Normally, the hostname.xxx file contains the address information and would read something like: "inet 192.168.1.5 255.255.255.0 NONE" giving the static address of the port and the netmask. Look at the man page for "hostname.if" for a fuller description.
Error:
mount: can't find fstab entry for /.
and
/sbin/dhclient-script[93]: cannot create /etc/resolv.conf: Read-only file system
/sbin/dhclient-script[93]: cannot create /etc/resolv.conf: Read-only file system
/sbin/dhclient-script[93]: cannot create /etc/resolv.conf: Read-only file system
/sbin/dhclient-script[93]: cannot create /etc/resolv.conf: Read-only file system
/sbin/dhclient-script[93]: cannot create /etc/resolv.conf: Read-only file system
and
chmod: /dev/ttyp0: Read-only file system
chmod: /dev/ttyp1: Read-only file system
chmod: /dev/ttyp2: Read-only file system
chmod: /dev/ttyp3: Read-only file system
chmod: /dev/ttyp4: Read-only file system etc...
Diagnosis:
Woops, you may have inadvertantly (or purposefully) deleted all or part of your fstab file. Since mount cannot find the fstab entry for /, the file system is mounted as read-only. As a result, you cannot edit your fstab file or any other file for that matter. A real catch-22.
Solution:
You need to have an alternate boot media such as cd-rom or network boot. Generate a break signal through the serial line. If you are using a term program, try control \ then type b. If that doesn't work, try plugging a keyboard into the sparc for a second (the machine should beep) then pull it out to get the ok prompt (works for me). Once you've got the ok prompt, boot from your alternate media.
The following example assumes you have the OpenBSD 3.3 install cd in the cd-rom drive. At the ok prompt, type:
boot cdrom 3.3/sparc/bsd.rd
When prompted for either install, upgrade, or shell, type s for shell:
(I)nstall, (U)pgrade or (S)hell? s
Next, mount the file system onto /usr and repair the fstab file as follows:
# df -k Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/rd0a 1943 1534 409 79% / # mount /dev/rd0a on / type ffs (local) # cd / # ls .profile etc install.sub sbin usr bin install mnt tmp var dev install.md mnt2 upgrade # mount /dev/sd0a /usr # cd /usr # ls .cshrc altroot boot dev home root stand tmp var .profile bin bsd etc mnt sbin sys usr # mount /dev/rd0a on / type ffs (local) /dev/sd0a on /usr type ffs (local) # cd /usr/etc # ls afs hostname.le0 mtree resolv.conf.tail amd hosts mygate rmt authpf hosts.equiv myname rpc bootptab hosts.lpd netstart security ccd.conf inetd.conf networks services changelist isakmpd newsyslog.conf shells csh.cshrc kerberosIV nologin skel csh.login kerberosV passwd sliphome csh.logout ksh.kshrc pf.conf spamd.conf daily localtime phones spwd.db dhclient.conf locate.rc portal.conf ssh dhcpd.conf login.conf ppp ssl dhcpd.interfaces lynx.cfg printcap sudoers disklabels magic protocols sysctl.conf disktab mail pwd.db syslog.conf dumpdates mail.rc rbootd.conf systrace exports mailer.conf rc termcap fbtab man.conf rc.conf ttys fstab master.passwd rc.local weekly ftpchroot moduli rc.securelevel wsconsctl.conf ftpusers monthly rc.shutdown gettytab motd remote group mrouted.conf resolv.conf # cp ./fstab ./orig_fstab # mv ./fstab bad_fstab # echo /dev/sd0a / ffs rw 1 1 > /usr/etc/fstab # echo /dev/sd0f /home ffs rw,nodev,nosuid 1 2 >> /usr/etc/fstab # echo /dev/sd0d /usr ffs rw,nodev 1 2 >> fstab # echo /dev/sd0e /var ffs rw,nodev,nosuid 1 2 >> fstab # cat fstab
/dev/sd0a / ffs rw
/dev/sd0f /home ffs rw,nodev,nosuid 1 2
/dev/sd0d /usr ffs rw,nodev 1 2
/dev/sd0e /var ffs rw,nodev,nosuid 1 2 # reboot syncing disks... done rebooting Resetting ...
Error:
THE FOLLOWING FILE SYSTEM HAD AN UNEXPECTED INCONSISTENCY: ffs: /dev/rsd0g (/usr) Automatic file system check failed; help! Enter pathname of shell or RETURN for sh:
or
init: can't exec getty '/usr/libexec/getty' for port /dev/console: No such file or directory
Diagnosis:
For whatever reason, the /usr partition is not passing the unix consistancy check and the machine is not mounting the partition and it is keeping you in single user mode.
Solution:
When it gives you the prompt (hit 'return' for sh), enter the command:
fsck -y /dev/rsd0g
The fsck command invokes filesystem-specific programs to check the special devices listed in the fstab file or in the command line for consistency.
Error:
route: "hostname": bad value
Diagnosis:
This is a DHCP issue on OpenBSD. I don't believe it causes any problems if you successfully get a response from the DHCP server (or your ISP); however, it may also be related to a Sendmail error (see "TROUBLESHOOTING SENDMAIL " below) .What is going on is that the machine has a name specified in /etc/myname of "hostname". When the boot process begins to load the network, it runs a routine named /etc/netstart. The netstart routine attempts to build a default route command from the value in /etc/myname, looking up the host address in /etc/hosts. It won't find it (because DHCP has not assigned it yet), so you get the error message.
Solution:
Take the address you got the last time you had a successfull DHCP call and plug it into the /etc/hosts file. To figure that out, boot the system and get a connection to you ISP. Run the command:
ifconfig le0
You will get a bunch of stuff back that looks something like:
le0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 media: Ethernet autoselect (10baseT) status: active inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.255 inet6 fe80::250:bfff:fe70:7439%le0 prefixlen 64 scopeid 0x1
What you want is the address after the word "inet". Take that value and edit the /etc/hosts line for your hostname - it will be something like:
xxx.xxx.xxx.xxx machine.domain.com hostname
Error:
"unable to qualify my own domain name"
or
"Domain of sender address xxxx@xxxx does not exist"
Diagnosis:
When Sendmail starts it will try to determine the name of the server by using the gethostname and getbyhostname system call. The entry for your system in /etc/hosts must have a fully-qualified domain name.
Solution:
Add a fully-qualified domain name to your /etc/hosts file, e.g.,
105.69.1.234 myhost.mydomain.com myhost
A common mistake is to have the short name first, e.g. "105.69.1.234 myhost myhost.mydomain.com" or to omit the fully qualified domain name entirely, e.g. "105.69.1.234 myhost".
Single-user mode: press Ctrl+Break during boot. Then type boot -s at the ok prompt to get into single user mode.
Mount cd-rom: mount /dev/cd0a /mnt
Sample text editing using ed:
# cat fstab /dev/sd0a / ffs rw /dev/sd0f /home ffs rw,nodev,nosuid 1 2 /dev/sd0d /usr ffs rw,nodev 1 2 /dev/sd0e /var ffs rw,nodev,nosuid 1 2 # ed fstab 130 1 /dev/sd0a / ffs rw i /dev/sd0a / ffs rw 1 1 wq 153 # cat fstab /dev/sd0a / ffs rw 1 1 /dev/sd0a / ffs rw /dev/sd0f /home ffs rw,nodev,nosuid 1 2 /dev/sd0d /usr ffs rw,nodev 1 2 /dev/sd0e /var ffs rw,nodev,nosuid 1 2 # ed fstab 153 2 /dev/sd0a / ffs rw d wq 134 # cat fstab /dev/sd0a / ffs rw 1 1 /dev/sd0f /home ffs rw,nodev,nosuid 1 2 /dev/sd0d /usr ffs rw,nodev 1 2 /dev/sd0e /var ffs rw,nodev,nosuid 1 2