Install 13.2 RELEASE amd64 BIOS, GPT, mirror, encrypted swap, encrypted root
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 04 Mar 2024 09:28:38 UTC
freebsd-questions:
Using BIOS booting, choosing Auto (UFS) partitioning, Entire Disk, and
GPT, I have installed:
FreeBSD-13.2-RELEASE-amd64-bootonly.iso
onto a Samsung MMBRE16G5MSP-OVA 2.5" SATA SSD 16 GB in a computer with
an Intel S1200V3RPL motherboard [1], Xeon E3-1225 v3 processor [2], 2 @
Kingston KVR16LE11S8/4HB ECC memory modules [3], and 2 @ KVR16LE11S8/4HD
ECC memory modules [4]:
root@f5:~ # freebsd-version -kru
13.2-RELEASE
13.2-RELEASE
13.2-RELEASE
root@f5:~ # uname -a
FreeBSD f5.tracy.holgerdanske.com 13.2-RELEASE FreeBSD 13.2-RELEASE
releng/13.2-n254617-525ecfdad597 GENERIC amd64
root@f5:~ # gpart show -p ada0
=> 40 31277152 ada0 GPT (15G)
40 1024 ada0p1 freebsd-boot (512K)
1064 29359104 ada0p2 freebsd-ufs (14G)
29360168 1564672 ada0p3 freebsd-swap (764M)
30924840 352352 - free - (172M)
root@f5:~ # mount root@f5:~ # cat /etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0p2 / ufs rw 1 1
/dev/ada0p3 none swap sw 0 0
root@f5:~ # mount
/dev/ada0p2 on / (ufs, local, soft-updates, journaled soft-updates)
devfs on /dev (devfs)
root@f5:~ # swapinfo
Device 1K-blocks Used Avail Capacity
/dev/ada0p3 782336 0 782336 0%
root@f5:~ # top -d 1 | head
last pid: 1251; load averages: 0.20, 0.21, 0.16 up 0+00:46:45
00:58:10
27 processes: 1 running, 26 sleeping
CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.9% idle
Mem: 17M Active, 3156K Inact, 241M Wired, 48M Buf, 15G Free
Swap: 764M Total, 764M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU
COMMAND
880 ntpd 1 20 0 21M 5064K select 0 0:00 0.00% ntpd
974 dpchrist 1 20 0 21M 9800K select 3 0:00 0.00% sshd
979 root 1 20 0 14M 3988K pause 1 0:00 0.00% csh
I would now like to remove the Samsung SSD and install FreeBSD onto a
mirror of 3 @ Intel SSD 520 Series 180 GB 2.5" SATA with
passphrase-encrypted root and random encrypted swap.
Looking at the FreeBSD Handbook [5], section 2.6.5. Shell Mode
Partitioning and Lucas FreeBSD Mastery: Storage Essentials [6] pages
185-190, I see how to use bsdinstall(8), partition via the shell to
implement the mirror, but I am unclear about encryption.
Looking at the FreeBSD Hanbook [5], section 21.3. RAID1 - Mirroring, I
see procedures for migrating from a single disk to a mirror:
21.3.2. Creating a Mirror with Two New Disks
21.3.3. Creating a Mirror with an Existing Drive
The bsdinstall(8) manual page [7] has a section SCRIPTING, and Lucas [6]
page 191 mentions this, but RTFM and STFW I am unable to determine:
1. How do I write a bsdinstall(8) script to accomplish my goal?
2. How do I invoke bsdinstall(8) to run that script?
As I plan to repeat this exercise on several FreeBSD 12.4R computers, I
would prefer a repeatable solution with minimal opportunities for finger
fumbles. The bsdinstall(8) scripting approach looks best.
Alternatively, I could boot the Samsung SSD instance and attempt to
write a shell script to do a manual install per Lucas [6] pages 185-191
-- assuming I can figure out encryption and all the other tasks provided
by bsdinstall(8).
How do experienced sysadmins install FreeBSD onto mirrors with encrypted
swap and root?
TIA,
David
[1]
https://www.intel.com/content/www/us/en/products/sku/71384/intel-server-board-s1200v3rpl/ordering.html?wapkw=s1200v3rpl
[2]
https://www.intel.com/content/www/us/en/products/sku/75461/intel-xeon-processor-e31225-v3-8m-cache-3-20-ghz/ordering.html?wapkw=intel%20xeon%20e3-1225%20v3
[3]
https://www.kingston.com/en/memory/search/discontinuedmodels?partid=KVR16LE11S8%2F4HB
[4]
https://www.kingston.com/en/memory/search/discontinuedmodels?partid=KVR16LE11S8%2F4HD
[5] https://docs.freebsd.org/en/books/handbook/
[6] https://mwl.io/nonfiction/os#fmse
[7]
https://man.freebsd.org/cgi/man.cgi?query=bsdinstall&apropos=0&sektion=0&manpath=FreeBSD+13.2-RELEASE&arch=default&format=html