Monday, July 10, 2017

OpenBSD and the modern laptop

Did you think that OpenBSD is suitable only for firewalls and high-security servers? Think again. Here are my steps to transform a modern mid to high range laptop into a useful Unix workstation with OpenBSD.

One thing that never ceases to amaze me is that whenever I'm out and about with my primary laptop at conferences and elsewhere geeks gather, a significant subset of the people I meet have a hard time believing that my laptop runs OpenBSD, and that it's the only system installed.

A typical exchange runs something like,
"So what system do you run on that laptop there?"
"It's OpenBSD. xfce is the window manager, and on this primary workstation I tend to just upgrade from snapshot to snapshot."
"Really? But ..."
and then it takes a bit of demonstrating that yes, the graphics runs with the best available resolution the hardware can offer, the wireless network is functional, suspend and resume does work, and so forth. And of course, yes, I do use that system when writing books and articles too. Apparently heavy users of other free operating systems do not always run them on their primary workstations.

I'm not sure at what time I permanently converted my then-primary workstation to run OpenBSD exclusively, but I do remember that when I took delivery of the ThinkPad R60 (mentioned in this piece) in 2006, the only way forward was to install the most recent OpenBSD snapshot. By mid-2014 the ThinkPad SL500 started falling to pieces, and its replacement was a Multicom Ultrabook W840, manufactured by Clevo. The Clevo Ultrabook has weathered my daily abuse and being dragged to various corners of the world for conferences well, but on the trek to BSDCan 2017 cracks started appearing in the glass on the display and the situation worsened on the return trip.

So the time came to shop around for a replacement. After a bit of shopping around I came back to Multicom, a small computers and parts supplier outfit in rural Åmli in southern Norway, the same place I had sourced the previous one.

One of the things that attracted me to that particular shop and their own-branded offerings is that they will let you buy those computers with no operating system installed. That is of course what you want to do when you source your operating system separately, as we OpenBSD users tend to do.

The last time around I had gone for a "Thin and lightweight" 14 inch model (Thickness 20mm, weight 2.0kg) with 16GB RAM, 240GB SSD for system disk and 1TB HD for /home (since swapped out for a same-size SSD, as the dmesg will show).

Three years later, the rough equivalent with some added oomph for me to stay comfortable for some years to come ended me with a 13.3 inch model, 18mm thick and advertised as 1.3kg (but actually weighing in at 1.5kg, possibly due to extra components), 32GB RAM, 512GB SSD and 2TB harddisk. For now the specification can be viewed online here (the site language is Norwegian, but product names and units of measure are not in fact different).

That system arrived today, in a slender box:



Here are the two machines, the old (2014-vintage) and the new side by side:



The OpenBSD installer is a wonder of straightforward, no-nonsense simplicity that simply gets the job done. Even so, if you are not yet familiar with OpenBSD, it is worth spending some time reading the OpenBSD FAQ's installation guidelines and the INSTALL.$platform file (in our case, INSTALL.amd64) to familiarize yourself with the procedure. If you're following this article to the letter and will be installing a snapshot, it is worth reading the notes on following -current too.

The main hurdle back when I was installing the 2014-vintage 14" model was getting the system to consider the SSD which showed up as sd1 the automatic choice for booting (I solved that by removing the MBR, setting the size of the MBR on the hard drive that showed up as sd0 to 0 and enlarging the OpenBSD part to fill the entire drive).

Let's see how the new one is configured, then. I try running with the default UEFI "Secure boot" option enabled, and it worked.

Here we see the last part of the messages that scroll across the screen when the new laptop boots from the USB thumbdrive that has had the most recent OpenBSD/amd64 install61.fs dd'ed onto it:



And as the kernel messages showed us during boot (yes, that scrolled off the top before I got around to taking the picture), the SSD came up as sd1 while the hard drive registered as sd0. Keep that in mind for later.



After the initial greeting from the installer, the first menu asks what we want to do. This is a new system, so only (A)utoinstall and (I)nstall would have any chance of working. I had not set up for automatic install this time around, so choosing (I)nstall was the obvious thing to do.

The next item the installer wants to know is which keyboard layout to use and to set as the default on the installed system. I'm used to using Norwegian keyboards, so no is the obvious choice for me here. If you want to see the list of available options, you press ? and then choose the one you find the must suitable.

Once you've chosen the keyboard layout, the installer prompts you for the system's host name. This is only the host part, the domain part comes later. I'm sure your site or organization has some kind of policy in place for choice of host names. Make sure you stay inside any local norms, the one illustrated here conforms with what we have here.

Next up the installer asks which network interfaces to configure. A modern laptop such as this one comes with at least two network interfaces: a wireless interface, in this case an Intel part that is supported in OpenBSD with the iwm(4) driver, and a wired gigabit ethernet interface which the installer kernel recognized as re0.

Quite a few pieces the hardware in a typical modern laptop requires the operating system to load firmware onto the device before it can start interacting meaningfully with the kernel. The Intel wireless network parts supported by the iwm(4) driver and the earlier iwn(4) all have that requirement. However, for some reason the OpenBSD project has not been granted permission to distribute the Intel firmware files, so with only the OpenBSD installer it is not possible to use iwm(4) devices during an initial install. So in this initial round I only configure the re0 interface. During the initial post-install boot the rc.firsttime script will run fw_update(1) command that will identify devices that require firmware files and download them from the most convenient OpenBSD firmware mirror site.

My network here has a DHCP server in place, so I simply choose the default dhcp for IPv4 address assignment and autoconf for IPv6.

With the IPv4 and IPv6 addresses set, the installer prompts for the domain name. Once again, the choice was not terribly hard in my case.



On OpenBSD, root is a real user, and you need to set that user's password even if you will rarely if ever log in directly as root. You will need to type that password twice, and as the install documentation states, the installer will only check that the passwords match. It's up to you to set a usefully strong password, and this too is one of the things organizations are likely to have specific guidelines for.

Once root's password is set, the installer asks whether you want to start sshd(8) by default. The default is the sensible yes, but if you answer no here, the installed system will not have any services listening on the system's reachable interfaces.

The next question is whether the machine will run the X Windows system. This is a laptop with a "Full HD" display and well supported hardware to drive it, so the obvious choice here is yes.

I've gotten used to running with xenodm(1) display manager and xfce as the windowing environment, so the question about xenodm is a clear yes too, in my case.

The next question is whether to create at least one regular user during the install. Creating a user for your systems adminstrator during install has one important advantage: the user you create at this point will be a member of the wheel group, which makes it slightly easier to move to other privilege levels via doas(1) or similar.

Here I create a user for myself, and it is added, behind the scenes, to the wheel group.

With a user in place, it is time to decide whether root will be able to log in via ssh. The sensible default is no, which means you too should just press enter here.

The installer guessed correctly for my time zone, so it's another Enter to move forward.

Next up is the part that people have traditionally found the most scary in OpenBSD installing: Disk setup.

If the machine had come with only one storage device, this would have been a no-brainer. But I have a fast SSD that I want to use as the system disk, and a slightly slower and roomier rotating rust device aka hard disk that I want primarily as the /home partition.

I noted during the bsd.rd boot that the SSD came up as sd1 and the hard drive came up as sd0, so we turn to the SSD (sd1) first.

Since the system successfully booted with the "Secure boot" options in place, I go for the Whole disk GPT option and move on to setting partition sizes.

The default suggestion for disk layout makes a lot of sense and will set sensible mount options, but I will be storing /home on a separate device, so I choose the (E)dit auto layout option and use the R for Resize option to redistribute the space left over to the other partitions.

Here is also where you decide the size of the swap space, traditionally on the boot device's b partition. Both crashdumps and suspend to disk use swap space for their storage needs, so if you care about any of these, you will need to allocate at least as much space as the amount of physical RAM installed in the system. Because I could, I allocated the double of that, or 64GB.

For sd0, I once again choose the Whole disk GPT option and make one honking big /home partition for myself.

The installer then goes on to create the file systems, and returns with the prompt to specify where to find install sets.

The USB drive that I dd'ed the install61.fs image to is the system's third sd device (sd2), so choosing disk and specifying sd2 with the subdirectory 6.1/amd64 makes sense here. On the other hand, if your network and the path to the nearest mirror is fast enough, you may actually save time choosing a http network install over installing from a relatively slow USB drive.

Anyway, the sets install proceeds and trundles through what is likely the longest period of forced inactivity that you will have during an OpenBSD install.

The installer verifies the signed sets and installs them.



Once the sets install is done, you get the offer of specifying more sets -- your site could have a site-specific items in an install set -- but I don't have any of those handy, so I just press enter to accept the default done.

If you get the option to correct system time here, accept it and have ntpd(8) set your system clock to a sane setting gleaned from well known NTP servers.

With everything else in place, the installer links the kernel with a unique layout, in what is right now a -current-only feature, but one that will most likely be one of the more talked-about items in the OpenBSD 6.2 release some time in the not too distant future.

With all items on the installer's agenda done, the installer exits and leaves you at a root shell prompt where the only useful action is to type reboot and press enter. Unless, of course you have specific items you know will need to be edited into the configuration before the reboot.

After completing the reboot, the system did unfortunately not, as expected, immediately present the xenodm login screen, but rather the text login prompt.

Looking at the /var/log/Xorg.0.log file pointed to driver problems, but after a little web searching on the obvious keywords, I found this gist note from notable OpenBSD developer Reyk Flöter that gave me the things to paste into my /etc/xorg.conf to yield a usable graphics display for now.

Update 2017-09-27: Kaby Lake support is now available. I installed the 2017-09-27 snapshot, and I am now running the machine with no xorg.conf. I preserved updated dmesg(8) output and xdpyinfo(1) output. It is worth noting that what is in that snapshot is likely very close to what will be in OpenBSD 6.2.

My task for this evening is to move my working environment to new hardware, so after install there are really only two items remaining, in no particular order:
  • move my (too large) accumulation of /home/ data to the new system, and
  • install the same selection of packages on the old machine to the new system.
The first item will take longer, so I shut down all the stuff I normally have running on the laptop such as web browsers, editors and various other client programs, and use pkg_info(1) to create the list of installed packages on the 'from' system:

$ pkg_info -mz >installed_packages

then I transfer the installed_packages file to the fresh system, but not before recording the df -h status of the pristine fresh install:

$ df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd1a     1005M   76.4M    878M     8%    /
/dev/sd0d      1.8T    552K    1.7T     0%    /home
/dev/sd1d     31.5G   12.0K   29.9G     0%    /tmp
/dev/sd1f     98.4G    629M   92.9G     1%    /usr
/dev/sd1g      9.8G    177M    9.2G     2%    /usr/X11R6
/dev/sd1h      108G    218K    103G     0%    /usr/local
/dev/sd1k      9.8G    2.0K    9.3G     0%    /usr/obj
/dev/sd1j     49.2G    2.0K   46.7G     0%    /usr/src
/dev/sd1e     98.4G    5.6M   93.5G     0%    /var

Not directly visible here is the amount of swap configured in the sd1b partition. As I mentioned earlier, crashdumps and suspend to disk both use swap space for their storage needs, so if you care about any of these, you will need to allocate at least as much space as the amount of physical RAM installed in the system. Because I could, I allocated the double of that, or 64GB.

I also take a peek at the old system's /etc/doas.conf and enter the same content on the new system to get the same path to higher privilege that I'm used to having. With those in hand, recreating the set of installed packages on the fresh system is then a matter of a single command:

$ doas pkg_add -l installed_packages

and pkg_add(1) proceeds to fetch and install the same packages I had on the old system.

Then there is the matter of transferring the I-refuse-to-admit-the-actual-number-of gigabytes that make up the content of my home directory. In many environments it would make sense to just restore from the most recent backup, but in my case where the source and destination sit side by side, i chose to go with a simple rsync transfer:

$ rsync  -rcpPCavu 192.168.103.69:/home/peter . | tee -a 20170710-transferlog.txt

(Yes, I'm aware that I could have done something similar with nc and tar, which are both in the base system. But rsync wins by being more easily resumable.)

While the data transfers, there is ample time to check for parts of the old system's configuration that should be transferred to the new one. Setting up the hostname.iwm0 file to hold the config for the wireless networks (see the hostname.if man page) by essentially copying across the previous one is an obvious thing, and this is the time when you discover tweaks you love that were not part of that package's default configuration.

Some time went by while the content transferred, and I can now announce that I'm typing away on the machine that is at the same time both the most lightweight and the most powerful machine I have ever owned.

I am slowly checking and finding that the stuff I care about just works, though I haven't bothered to check whether the webcam works yet. I know you've been dying to see the dmesg, which can be found here. I'm sure I'll get to the bottom of the 'not configured' items (yes, there are some) fairly soon. Look for updates that will be added to the end of this column.

And after all these years, I finally have a machine that matches my beard color:



If you have any questions on running OpenBSD as a primary working environment, I'm generally happy to answer but in almost all cases I would prefer that you use the mailing lists such as misc@openbsd.org or the OpenBSD Facebook group so the question and hopefully useful answers become available to the general public. Browsing the slides for my recent OpenBSD and you user group talk might be beneficial if you're not yet familiar with the system. And of course, comments on this article are welcome.


Update 2017-07-18: One useful thing to do once you have your system up and running is to submit your dmesg to the NYCBUG dmesg database. The one for the system described here is up as http://dmesgd.nycbug.org/index.cgi?do=view&id=3227.

Update 2017-08-18: Ars Technica reviews the same model, in a skinnier configuration, with a focus on Linux, in Review: System76’s Galago Pro solves “just works” Linux’s Goldilocks problem.

Update 2017-08-24: After questions about how the OpenBSD installer handles UEFI and the 'Secure boot' options, I recorded the output of fdisk -v in this file, which I hope clears up any ambiguity left by the original article.

Update 2017-09-27: Kaby Lake support is now available. I installed the 2017-09-27 snapshot, and I am now running the machine with no xorg.conf. I preserved updated dmesg(8) output and xdpyinfo(1) output. It is worth noting that what is in that snapshot is likely very close to what will be in OpenBSD 6.2.

30 comments:

  1. I'm a lurker and not even sure how I got here. I was wondering few things:

    - why openbsd over other *bsd?
    - how is your power consumption?
    - graphics driver? can your gpu decode and accelerate h.264 video?
    - does usb automounting work?
    - wifi still works when physicall swtich is toggled off/on? (rfkill)
    - you called your laptop a 'workstation', does it even have ECC memory?

    It is very cool to see openbsd with xfce on a laptop. Great work.

    ReplyDelete
    Replies
    1. Regarding graphics, IIRC inteldrm support for Skylake will arive in 6.2 and is available in current.

      Delete
    2. Workstation defines it's role, not it's hardware. Unless utterly ridiculous data manipulation is required, ECC isn't really a requirement anywhere. You'd be stupid not to have it on a server using software defined storage or performing financial transactions, but outside of those roles it's really more of a boon to troubleshooting than anything else.

      Delete
  2. Nice laptop.

    It's incidental but that exact laptop model is sold by a company called Slimbook here in Spain.

    They're pretty free software friendly too.

    This model https://slimbook.es/en/pro-ultrabook-13-aluminium

    ReplyDelete
  3. Lol TIL this laptop is also the same as the System76 Galago Pro (https://slimbook.es/en/pro-ultrabook-13-aluminium) here in the states. It's a bummer the SIM slot is forever a lie.

    ReplyDelete
  4. good job, very good job

    ReplyDelete
  5. Nice beard Peter, suits you like a charm ;-)

    One article suggestion now that you mention having configured IPv6 on your laptop: I would love seeing an article from you how to setup IPv6 on an OpenBSD firewall/router with SLAAC and PD (the typical setup for a home ISP).

    ReplyDelete
  6. You did not mention the layout of disks. Does suspend require separate mount?

    ReplyDelete
  7. If I remember correctly, suspend will use your swap space to store contents of system memory, and https://man.openbsd.org/apm seems to confirm that.


    Anyway, even if I only rarely do use the suspend feature, I tend to allocate swap space equal to double the amount of physical RAM.


    In some scenarios that's overkill, but for full system crashdumps and suspend you actually need the space.

    ReplyDelete
  8. Great article. My only thoughts might be to consider putting swap on the hdd and not the ssd, as the read/write lifespan is still limited on ssd. Thoughts? I do this on my desktops with the dual-disk configurations.

    ReplyDelete
    Replies
    1. Thanks! I'm happy to hear you liked it.

      You're probably right about the issue of placing swap on SSD vs hard drive.

      Here's hoping that with that amount of RAM, swapping won't be much of an issue even with the slightly heavy-duty lab work I have in mind for this one.

      Delete
    2. SSD's have a very long lifespan these days, a spinning laptop disk will probably die faster anyways. http://techreport.com/review/27909/the-ssd-endurance-experiment-theyre-all-dead

      Delete
  9. Peter, which browser are you using lately in your latest OpenBSD installations? Also, can you share the exact link to that computer in the website you mentioned in the article. I do not know Norwegian... :-D

    ReplyDelete
    Replies
    1. I tend to switch between Firefox and Chrome, the last few weeks Chrome has won. The model is "Talisa U831" and the configurable one ("Konfigurator"). The menu path is "PC & NETTBRETT" -> "Bærbar PC & tilbehør" -> "Ultrabook / tynne og lette" and browse to "Multicom Talisa U831 (konfigurator)" where the options are not actually translated to any large degree :)

      If you offer from there, you *will* get a Norwegian keyboard, though: https://www.multicom.no/systemconfigurator.aspx?q=st:10637291;c:100559;fl:0#4091-10500502-1;4086-10637290-1;4088-9101982-1;4089-9101991-1;4087-8562157-2

      Delete
  10. In terms of data transfer you could also use sftp(1) from base - nowadays it even supports resume! :^)

    ReplyDelete
  11. Not that I would ever to be able to run any OS on a machine like that.. but still, nice report, thanks for sharing :-)

    ReplyDelete
  12. Good article. People actually wonder about what OS you run? It has been my experience that the vast majority of people out there barely know what OS stands for, let alone notice that the one I am running is vastly different under the hood.

    I've been running current for well over a decade on my 'primary workstation'. The only reason I run OpenBSD is because I think UNIX is pretty swell, and I love to write c code. Go no further than the gold standard OpenBSD for that niche interest. Luckily, I've never been affected by any form of elitist ass-hat syndrome that seems to run strong in the developer clique. I still love my several Mac OS, iOS, Microsoft Windows machines for the awesome variety of software they run. ( i even run Linux for my Plex servers yikes). I enjoy your writing over the years. Your dedication to and mastery of BSD is pretty impressive.

    ReplyDelete
  13. Thanks for article! Really like the "OpenBSD and you" as well.

    I have a silly issue with OpenBSD 6.2 + Xfce + xenodm combination. I need to login twice to enable restart and shutdown options in logout ui.

    Not a big problem, but still a bit annoying. I have followed pkg_readmeas guidelines, but I suspect some race condition between dbus, consolekit and xfce.

    ReplyDelete
  14. Thanks for the article! Very comprehensive write-up.

    Since installing OpenBSD 6.2, my laptop began freezing during boot, with the screen going black and the system not responding to anything except the power button. I know my laptop is anything but new (a bulky 2012-era Dell), but 6.1 was working perfectly before the upgrade. I doubt OpenBSD would simply drop hardware support on a dime (especially with no warning), so I'm concerned this is either a bug in the kernel, or some problem with NVIDIA `dmesg` yielded nothing insightful.

    Do you know what might be the cause, or even how to go about debugging it? I've rolled back to 6.1 in the meantime, because there's only so much 80×25 emulation one can take before going cross-eyed... ;)

    Huge thanks in advance for any help or advice! :D

    - John

    PS: I did use `sendbug(1)` to report this issue before downgrading; however, it got held in queue. I hope it ended up getting through...

    ReplyDelete
  15. It’s been 6 years since the last time I read about OpenBSD installation tutorial so I felt it was time to update it for the newest OpenBSD (6.2)!

    ReplyDelete
  16. none of this worked for me. this Braswell laptop does not have an Ethernet port, so I must rely upon sneakernet and wifi. And of course the wifi firmware is a post-install process. So I have that all sorted. But there is no documentation I can find regarding any loading of device drivers after firmware installation.

    My first run with BSD was in 1987 with Sun 3/60 workstations and VAXen of various sorts. The Linux distro I tolerate best is Gentoo (and now Funtoo) because the system is relatively clean and BSD-like. I ran FreeBSD for a couple of years on my office workstations, but that was ten years ago. Around that time, 2007, I went back to OpenSolaris for the ZFS. And for 20 years, it's been NeXTStep and macOS for most everything.

    Overall, there are pain points with initial OpenBSD setup that I can't get past. It is wonderful to hear that It Just Works for everyone but me.

    And yet the frustration is there, I am back in 1987, reading the man pages.. They were literally printed out on paper back then, and were kept in monstrous binders on tables at the end of each row of workstations.

    This laptop needs to be plugged in, since the power management does not seem to be a thing, so I gotta get back to it...

    It takes a lot of work.

    ReplyDelete
    Replies
    1. What make and model are you referring to here? The machine featured in the article came with Ethernet (re) built in, and I think even the slimmer Clevos come with Ethernet, though some only as USB dongles.

      But if you did get the firmware installed, assuming the combination is indeed supported, and you have a meaningful hostname.if for the interface, a netstart for the interface should get you going.

      Delete
  17. (also, fwiw: OpenBSD works GREAT on my old PowerPC iBooks. and I bet the Lenovo laptops are really good. This HP Stream 11 is not that easy.)

    This blog does help me a lot, and wishing for better device support on walled-garden Atom SoCs is a bit silly of me.

    ReplyDelete
    Replies
    1. I haven't encountered any HP Stream 11s in the wild, at least not ones I could play with.

      If you're able to get a dmesg along with an explanation of what happens to misc@ and/or bugs@ that will hopefully produce some useful input.

      Delete
  18. Simply wish to say the frankness in your article is surprising.

    ReplyDelete
  19. It's an awesome post . I read this article . Just nice

    ReplyDelete
  20. PLease how do you configure your OpenBSD fur using the touchapd ?

    Thanks for your answer

    ReplyDelete
    Replies
    1. Assuming you are referring to running X (GUI), the touchpad on this machine (and as far as I recall all other machines I've set up with OpenBSD) did not require any specific configuration steps in order to work.

      Delete
  21. try i2c based machines and post back. Specifically chromebooks. They rock (not for power, for uptime) but criticism is down to the fact that when, ripped of their Googly bits (new coreboot loader) they suck. Arguments then being that i2c is rapidly being the norm now. Confucious says: OpenBSD rocks, on old junk.

    ReplyDelete
    Replies
    1. I2C is almost 40 years old. It has been used on every notebook motherboard that I have ever seen due to its need for only two lines thus reducing the space needed. Common uses are RTC, NVRAM, temperature sensors, fan controllers. It is also used in VGA, DVI, and HDMI connects. Usually, all of this is handled by the BIOS and is not an issue for the OS.

      Delete

Note: Comments are moderated. On-topic messages will be liberated from the holding queue at semi-random (hopefully short) intervals.

I invite comment on all aspects of the material I publish and I read all submitted comments. I occasionally respond in comments, but please do not assume that your comment will compel me to produce a public or immediate response.

Please note that comments consisting of only a single word or only a URL with no indication why that link is useful in the context will be immediately recycled so those poor electrons get another shot at a meaningful existence.

If your suggestions are useful enough to make me write on a specific topic, I will do my best to give credit where credit is due.