geli+Root on ZFS installation

yudi v yudi.tux at
Fri Sep 20 09:10:01 UTC 2013


I managed to install with "geli+root on ZFS" setup but have a few
questions.  Most of the instructions just list commands but offer very
little explanation.
I adapted the instructions in  to suit my needs.

Here's the process I used for the test on a VM:

two HDDs 8 GB each mirrored - three partitions

for boot code 128 KB
for /boot 2 GB
for the rest of the system and encrypted

no key file for encrypted partitions, only passphrase
using 9.1-RELEASE
there will be no swap or handling of 4k drives, just to keep it as simple
as possible.

*Create the basic three partitions:*

gpart destroy -F da0
gpart destroy -F da1
gpart create -s gpt da0
gpart create -s gpt da1
gpart add -s 128 -t freebsd-boot da0
gpart add -s 128 -t freebsd-boot da1
gpart add -s 2G -t freebsd-zfs da0
gpart add -s 2G -t freebsd-zfs da1
gpart add -t freebsd-zfs da0
gpart add -t freebsd-zfs da1

*Write boot code to both disks:*

gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da1

*Load necessary modules:*

kldload zfs
kldload geom_eli
Encrypt the disks with only a passphrase:*

geli init -b -s 4096 /dev/da0p3
geli init -b -s 4096 /dev/da1p3

geli attach /dev/da0p3
geli attach /dev/da1p3

*Creating ZFS datasets:*

zpool create bootdir mirror /dev/da0p2 /dev/da1p2
zpool set bootfs=bootdir bootdir

zpool create -R /mnt -O canmount=off tank mirror /dev/da0p3.eli
zfs create -o mountpoint=/    tank/ROOT
zfs set mountpoint=/mnt/bootdir    bootdir
zfs mount bootdir

*Then exit out of the shell and go back to bsdinstall. Install as normal
and then get back to the shell after bsdinstall finishes ( do not reboot

Once in the newly installed system:

mount -t devfs devfs /dev   ( to use ZFS commands in the new environment)

*Add the necessary variables/settings:*

echo ‘zfs_enable=”YES”‘ >> /etc/rc.conf
echo ‘vfs.root.mountfrom=”zfs:tank/ROOT”‘  >> /boot/loader.conf
echo ‘zfs_load=”YES”‘ >> /boot/loader.conf
echo ‘geom_eli_load=”YES”‘ >> /boot/loader.conf

*Then create a zpool cache file:*

 zpool set cachefile=/boot/zfs/zpool.cache tank.

*Then move the boot folder to the second partition under the bootdir

mv boot bootdir/
Then set the final mount points:*

zfs set mountpoint=legacy tank
zfs set mountpoint=/bootdir bootdir

*then reboot.*
It should boot fine into the new system.

---------------------  My questions:  ---------------------------------

*1.*   Almost all the guides  I came across, do not install to the root
dataset, they only seem to use it to derive/mount other
    One of the reasons is to user boot environments, what are the other
possible reasons for doing this?

*2*.   Is it necessary to create a symbolic link to the /boot dir? Again
one of the howtos on the web had this step (

ln -fs bootdir/boot

*3*.   This below option is where I had most trouble. This definitely needs
to be present when using geli+ZFS, if it's only ZFS, then I think the
bootfs flag suffices. Can someone with more knowledge of this please shed
some light on when this entry is needed.


*4.* In the wiki link above, what is the purpose of:

# zfs set mountpoint=/      zroot/ROOT
# zfs set mountpoint=/zroot     zroot

I cannot understand the logic behind the second command.
Does that mean zroot  will display under / (root of the filesystem)?  and

looking at the rest of the commands:

# zfs set mountpoint=/tmp zroot/tmp
 # zfs set mountpoint=/usr zroot/usr
 # zfs set mountpoint=/var zroot/var

so if ROOT is set to /
then tmp, usr and var all appear under ROOT, is that right?

*5.* There seems to be lot of variation on how the system directories are
mounted under ZFS. In the above wiki link, there seems to be separate
filesystems created under the root dataset for usr, var, tmp, usr/home ....
  What's the logic? Are there any general guidelines/best practice

Thank you.

More information about the freebsd-questions mailing list