Add instructions on manual crypto and non-crypto installations

[ikiwiki.git] / docs / handbook / Installation / index.mdwn

# Chapter 2 Installation from CD or USB

This document describes the installation of DragonFly BSD. This process uses a bootable DragonFly CD or USB disk image, usually referred to as a 'live CD' or 'USB disk image'.  These are available at one of the current mirrors, which distribute the images by various protocols. The authoritative list can be found at the [DragonFly website](http://www.dragonflybsd.org/download/).

We recommend installing from a USB disk image, which has more pre-installed packages (including X).


[[!toc  levels=3]]

<!-- XXX: add stuff about usb stick -->


----



## First steps 



Upon booting, you see the following screen:

<img src="http://leaf.dragonflybsd.org/~alexh/images/2.png"/>
<!-- XXX: insert image 2.png -->


As you can see, it gives you the option of logging in as `root` to run the live CD and play around or logging in as `installer` to install DragonFly to your hard drive. 

Log in as `installer`. You will then see the following screen:

<img src="http://leaf.dragonflybsd.org/~alexh/images/3.png"/>
<!-- XXX: insert image 3.png -->



## Set up Disk for Installation 

Note the warning to backup important data. Things can always go wrong and if, for example, you have another partition with important files, a mistype or other error might lose all the information on that partition. Assuming this is done, or that you aren't worried about other data on the machine, again, select install DragonFly BSD and you will be taken to the next screen:

<img src="http://leaf.dragonflybsd.org/~alexh/images/5.png"/>
<!-- XXX: insert image 5.png -->

If you have multiple disks installed, chose one where you want to install DragonFly.  We chose `da0` here.

<img src="http://leaf.dragonflybsd.org/~alexh/images/6.png"/>
<!-- XXX: insert image 6.png -->

After selecting the disk we need to decide how much of the disk we want to use.  We choose to use the entire disk and see the next screen.  Now we can chose between the two file systems on DragonFly.  HAMMER is the brand-new file system with a big number of features like snapshots, history tracking, mirroring etc.  UFS is the old BSD file system.
<!-- XXX: mention stuf about UFS+HAMMER being the default setup, and why. -->

<img src="http://leaf.dragonflybsd.org/~alexh/images/8.png"/>
<!-- XXX: insert image 8.png -->

We select HAMMER and see now the following screen:

<img src="http://leaf.dragonflybsd.org/~alexh/images/9.png"/>
<!-- XXX: insert image 9.png -->

The screen (shown above) gives the default partition scheme for this drive. As the screen says, the * indicates that it will use remainder of the disk.  If you chose HAMMER as your file system there is no need to change the default settings.  One swap partition is created and the remaining space is assigned to the root partition.  The installer will automatically add sub-partitions (called Pseudo File Systems (PFS) in HAMMER) for /home, /usr, /var, /var/crash, /var/tmp and /tmp for you.  If you want to get more information about HAMMER, have a look in the man page.





## Install to Disk 

The following steps show how DragonFly can be installed to your hard disk:

<img src="http://leaf.dragonflybsd.org/~alexh/images/10.png"/>
<!-- XXX: image 10.png -->

Depending on your hardware installing DragonFly will take some time. Once installation is complete, you are given an option to install bootblocks. Note that if you are installing bootblocks and the DragonFly installation is above the 1024th cylinder (approximately 8 gigs) accept the default of having packet mode selected:

<img src="http://leaf.dragonflybsd.org/~alexh/images/12.png"/>
<!-- XXX: image 12.png -->

Next, we are given an option to configure the system or reboot:

<img src="http://leaf.dragonflybsd.org/~alexh/images/13.png"/>
<!-- XXX: image 13.png -->





## Set up your system 


The following menu of the installer allows you to configure your previously installed system.

<img src="http://leaf.dragonflybsd.org/~alexh/images/14.png"/>
<!-- XXX: image 14.png -->

This includes setting a password for your `root` account:

<img src="http://leaf.dragonflybsd.org/~alexh/images/15.png"/>
<!-- XXX: image 15.png -->

Be sure to select the correct keyboard map for your system, and configure a hostname.


### Add a new user 

To perform your daily work, it is recommended to work as an unprivileged user.  Use the following screen to create such an account.  If you want to allow your user to use [su(1)](http://leaf.dragonflybsd.org/cgi/web-man?command=su&section1), also add him to the `wheel` group:

<img src="http://leaf.dragonflybsd.org/~alexh/images/16.png"/>
<!-- XXX: image 16.png -->

### Configure the Network 

The next screen allows you to setup your network.  The installed card seen here is an Intel Ethernet 1000 powered by [em(4)](http://leaf.dragonflybsd.org/cgi/web-man?command=em&section4):

<img src="http://leaf.dragonflybsd.org/~alexh/images/17.png"/>
<!-- XXX: image 17.png -->

After finishing your configuration you can escape into a live shell or reboot the system into your installation.

If you find that your network is working with numeric ips but not working with domain names, you might want to make sure you have a file called `/etc/resolv.conf` and that it has your local DNS server in it, something like this:

    nameserver 192.168.1.1


If you find that the ethernet auto-configuration feature is unable to reach your DHCP server, you can still let it create your network configuration file which is called `/etc/rc.conf`.  If you are familiar with Linux device names you might notice that in BSD flavour Unixes, device names like `/dev/de0` or `/dev/em0` are the BSD equivalent of the Linux name `/dev/eth0`.

# Manual Installation (all types) (assumes whole disk)

WARNING! These instructions assume that 'da0' is the drive you are installing to and that you booted from somewhere else.  'da0' in these instructions must not contain anything you used to boot the system from.  Normally you will have booted from some other media, such as a USB stick, CD, or the network.  

WARNING! These instructions assume that you are not sharing the drive with any other operating system and have no data on the drive that you wish to keep.  Generally speaking, my recommendation is to not have multi-OS boot setups (its too easy to mistakenly wipe them when messing around with other installations).  Instead, invest in a hot-swap drive bay and put each OS on its own SSD.

To do a manual installation you need to initialize the disk.  DragonFlyBSD uses a modified fdisk which works on any-sized disk by having the kernel recognize the maximum size fdisk supports and translate that to the whole disk's actual size.  You need to install the boot sector and also setup a bootable DragonFlyBSD disklabel.

fdisk -IB /dev/da0

disklabel -r -w -B /dev/da0s1 auto

Edit the label and create three partitions: a, b, and c.  The 'a' partition is going to be /boot and needs to be a 1GB UFS partition.  'b' is your swap and should be roughly 2x main memory (we recommend at least 4GB or more, particularly if you will be running browsers).  'd' is your root partition.

disklabel -e da0s1

a: 1G 0 4.2BSD

b: 8G * swap

d: * * HAMMER

# Manual Non-Crypto Installation

Format the filesystems and mount them:

newfs /dev/da0s1a

newfs_hammer -L ROOT /dev/da0s1d

mount /dev/da0s1d /mnt

mkdir /mnt/boot

mount /dev/da0s1a /mnt/boot

Once you have them mounted, copy from a working DragonFly installation.  This can be from installation media or via NFS if you have setup the network and have a server somewhere.  Two cpdup commands are needed since we have two partitions.  If the source of your image is broken up into additional partitions, you may have to cpdup each one (cpdup nominally stops at mount boundaries on the source):

cpdup /boot /mnt/boot

cpdup / /mnt

Finally, edit "/mnt/boot/loader.conf", "/mnt/etc/fstab", and "/mnt/etc/rc.conf" to point to your disk.  At a minimum you will need this line in your "/mnt/boot/loader.conf" (we recommend configuring by serial number, which you can get from the dmesg output, but if you don't want to then use the drive name which might be something like 'da0s1d').

vfs.root.mountfrom="hammer:serno/SERIALNUMOFDISK.s1d"

Your "/etc/fstab" file should contain something like the below:

serno/SERIALNUMOFDISK.s1a    /boot           ufs     rw              1 1

serno/SERIALNUMOFDISK.s1b    none            swap    sw              0 0

serno/SERIALNUMOFDISK.s1d    /               hammer  rw              1 1

# Manual Crypto Installation

To setup a crypto system follow the generic non-crypto steps above.  Make sure that your boot drive has a "/boot/kernel/initrd.img.gz" file in as the system will need to bootstrap through MD0 in order to mount an encrypted root.  In this example I am also encrypting swap.

If your drive partitions previously contained unencrypted data and you want to wipe it, you can dd /dev/urandom to the target partitions.  It can take many hours to do this so you might decide to skip this optional step:

dd if=/dev/urandom of=/dev/da0s1b bs=32k

dd if=/dev/urandom of=/dev/da0s1d bs=32k

Setup an encrypted swap and root partition as shown below:

kldload dm

cryptsetup --key-size 256 --hash sha512 -y luksFormat /dev/da0s1b

cryptsetup --key-size 256 --hash sha512 -y luksFormat /dev/da0s1d

cryptsetup luksOpen /dev/da0s1b swap
cryptsetup luksOpen /dev/da0s1d root

Format the filesystems and mount them.  Note that the boot partition is not encrypted.

newfs /dev/da0s1a

newfs_hammer -L ROOT /dev/mapper/root

mount /dev/mapper/root /mnt

mkdir /mnt/boot

mount /dev/da0s1a /mnt/boot

Once you have them mounted, copy from a working DragonFly installation.  This can be from installation media or via NFS if you have setup the network and have a server somewhere.  Two cpdup commands are needed since we have two partitions.  If the source of your image is broken up into additional partitions, you may have to cpdup each one (cpdup nominally stops at mount boundaries on the source):

cpdup /boot /mnt/boot

cpdup / /mnt

Finally, edit "/mnt/boot/loader.conf", "/mnt/etc/fstab", and "/mnt/etc/rc.conf" to point to your disk.  At a minimum you will need this line in your "/mnt/boot/loader.conf" (we recommend configuring by serial number, which you can get from the dmesg output, but if you don't want to then use the drive name which might be something like 'da0s1d').

initrd.img_load="YES"

initrd.img_type="md_image"

vfs.root.mountfrom="ufs:md0s0"

vfs.root.mountfrom="crypt:hammer:serno/SERIALNUMOFDISK.s1d:root"

dm_load="YES"

dm_target_crypt_load="YES"

Your "/etc/fstab" file should contain something like the below:

serno/SERIALNUMOFDISK.s1a    /boot           ufs     rw              1 1

/dev/mapper/root              /               hammer  rw              1 1

You can setup the encrypted swap via the "/etc/rc.local" file with the following lines:

cryptsetup luksOpen /dev/serno/SERIALNUMOFDISK.s1b swap
swapon /dev/mapper/swap