FreeBSD 10 installer and ZFS root

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Mar 10 07:18:42 UTC 2014 

On 10/03/2014 05:47, David Christensen wrote:
> freebsd-questions:
> 
> I am testing FreeBSD-10.0-RELEASE-amd64-dvd1.iso on a system with:
> 
>     Intel D945GTPLKR motherboard
>     Intel Pentium 4 640 processor
>     4 GB RAM
>     Maxtor 5T030H3 30 GB EIDE hard drive
> 
> 
> I have installed FreeBSD using the encrypted ZFS root option, similar to
> the screenshot at the bottom of:
> 
>     http://www.bsdnow.tv/tutorials/fde
> 
> Except that I set Partition Scheme to "MBR" and Swap Size to "4g".
> 
> Question -- do I need to make swap size equal to or larger than RAM?

No.  You don't /need/ to do this, especially nowadays with machines
having large amounts of RAM (by which I mean much more than just 4GB,
which is a fairly routine amount nowadays). In your case I'd advise a
swap size of something between RAM+delta or 2 x RAM.  4GB is about the
minimum you can run a serious ZFS based server with, although for light
duties or experimental purposes you can manage ZFS with much less RAM.

> The system boots and appears to work.  Do I understand the following
> correctly?
> 
> 1.    root at p43200:~ # gpart show -p
>     =>      63  60030369    ada0  MBR  (29G)
>             63  60030369  ada0s1  freebsd  [active]  (29G)
> 
>     =>       0  60030369   ada0s1  BSD  (29G)
>              0   4194304  ada0s1a  freebsd-zfs  (2.0G)
>        4194304   8388608  ada0s1b  freebsd-swap  (4.0G)
>       12582912  47447457  ada0s1d  freebsd-zfs  (23G)

I wouldn't make ada0s1a a ZFS partition if all it is intended to do is
hold an unencrypted /boot -- UFS gives you everything you need for that
use case, and all the extra ZFS goodness isn't really relevant there.

>     The disk has an MBR partition table and yields five GEOM providers
> -- ada0, ada0s1, ada0s1a, ada0s1b, and adas1d:
> 
>     ada0 is the raw block device.
> 
>     ada0s1 is a primary partition table entry pointing to an extended
> partition table.
> 
>     The extended partition table contains partitions ada0s1a, ada0s1b,
> and ada0s1d.

Yes, that is correct.

>     Question -- can I adjust the size of ada0s1a and ada0s1d during
> installation?

I take it you mean 'can I install using different partition sizes?'
rather than 'can I change the sizes of the partitions after the fact?'

The installer contains a pretty reasonable partition editor, or it is
entirely possible to boot the install media to a live FS and set up your
drives from the command line, and then continue the installation using
the installer.

If you're asking about changing the size of existing partitions, then
the answer is 'maybe'.  You can't shrink the size of a partition with a
ZFS or UFS filesystem on it easily, and you can't move the beginning of
such a partition.  You can add space to the end of a partition with a FS
on it, and you can do pretty much whatever you want to a swap area.

> 
> 2.    root at p43200:~ # swapinfo
>     Device          1K-blocks     Used    Avail Capacity
>     /dev/ada0s1b      4194304        0  4194304     0%
> 
>     ada0s1b is used for swap.
> 
>     swap is unencrypted.
> 
>     Question -- can I arrange for swap to be encrypted during installation?

Set this up after installation

>     Question -- if not, is section 18.15 of the FreeBSD handbook correct
> for FreeBSD 10?
> 
> 
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypting.html
> 
> 
>     E.g. to encrypt swap using a one-time random key at boot, add the
> following line, or something similar per geli(8), to /etc/rc.conf:
> 
>     geli_swap_flags="-e blowfish -l 128 -s 4096 -d"

Yes -- this is the way to go.

> 
> 3.      root at p43200:~ # zpool list -v
>     NAME            SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
>     bootpool       1.98G   447M  1.55G    21%  1.00x  ONLINE  -
>       ada0s1a      1.98G   447M  1.55G         -
>     zroot          22.5G  1.73G  20.8G     7%  1.00x  ONLINE  -
>       ada0s1d.eli  22.5G  1.73G  20.8G         -
> 
>     There are two ZFS pools, bootpool and zroot.
> 
>     bootpool is based upon ada0s1a.
> 
>     zroot is based upon ada0s1d.eli.
> 
>     Question -- can I set ZFS pool options for bootpool and zroot during
> installation?

No, but the installer sets the options you'ld want already.  Hint: you
do *not* want dedup -- it sounds attractive, but really it's only useful
in some quite limited circumstances and it needs a system with a very
much larger quantity of RAM than you have.

You can easily change zpool or ZFS properties after installation, but
generally this leaves anything already written with the original settings.

> 
> 4.      root at p43200:~ # zfs list -r -t all bootpool
>     NAME       USED  AVAIL  REFER  MOUNTPOINT
>     bootpool   447M  1.52G   446M  /bootpool
> 
>     bootpool has only the default file system.
> 
>     Question -- can I set ZFS file system options for bootpool during
> installation?

No, not unless you go down the route of setting up your pools etc.
manually. Set the options once you've got the machine up and running.


> 5.      root at p43200:~ # geli list
>     Geom name: ada0s1d.eli
>     State: ACTIVE
>     EncryptionAlgorithm: AES-XTS
>     KeyLength: 256
>     Crypto: software
>     Version: 7
>     UsedKey: 0
>     Flags: BOOT
>     KeysAllocated: 6
>     KeysTotal: 6
>     Providers:
>     1. Name: ada0s1d.eli
>        Mediasize: 24293097472 (23G)
>        Sectorsize: 4096
>        Mode: r1w1e1
>     Consumers:
>     1. Name: ada0s1d
>        Mediasize: 24293097984 (23G)
>        Sectorsize: 512
>        Stripesize: 0
>        Stripeoffset: 2147515904
>        Mode: r1w1e1
> 
>     ada0s1d is consumed by geom_eli (GELI) and yields provider ada0s1d.eli.
> 
>     Question -- can I set encryption options for ada0s1d.eli during
> installation?

Not sure.  Unless you know exactly what you're doing with crypto stuff,
I'd advise taking the defaults the installer gives you, or you could
accidentally end up with something less secure than you intended.

> 6.      root at p43200:~ # zfs list -r -t all zroot
>     NAME                 USED  AVAIL  REFER  MOUNTPOINT
>     zroot               1.73G  20.4G   144K  none
>     zroot/ROOT           411M  20.4G   144K  none
>     zroot/ROOT/default   411M  20.4G   411M  /
>     zroot/tmp            176K  20.4G   176K  /tmp
>     zroot/usr           1.33G  20.4G   144K  /usr
>     zroot/usr/home       144K  20.4G   144K  /usr/home
>     zroot/usr/ports      813M  20.4G   813M  /usr/ports
>     zroot/usr/src        545M  20.4G   545M  /usr/src
>     zroot/var           1.31M  20.4G   688K  /var
>     zroot/var/crash      148K  20.4G   148K  /var/crash
>     zroot/var/log        212K  20.4G   212K  /var/log
>     zroot/var/mail       144K  20.4G   144K  /var/mail
>     zroot/var/tmp        152K  20.4G   152K  /var/tmp
> 
>     zroot has many file systems.
> 
>     Question -- can I set ZFS file system options during installation?

No -- this is a post installation job.  The installer gets it pretty
much right already in any case.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.

PGP: http://www.infracaninophile.co.uk/pgpkey
JID: matthew at infracaninophile.co.uk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1036 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140310/5be1297e/attachment.sig>

More information about the freebsd-questions mailing list