zfs-root and "safe" atomic updates
Andriy Gapon
avg at FreeBSD.org
Fri May 27 11:42:02 UTC 2011
on 27/05/2011 14:08 tzim at tzim.net said the following:
> I use zfs on / for quite some time now on 8-stable.
>
> Each time I want to update base, I use those steps :
>
> - zfs snapshot tank/root at old
> - zfs clone tank/root at old tank/root.old
> - csup / Rebuild world and kernel
> - install world & kernel
> - reboot
> - (mergemaster and all usual post-update stuff)
>
> This way, if I unfortunately can't boot, I can revert to old userland & kernel by :
>
> - dropping into loader prompt
> - setting vfs.root.mountfrom to zfs:tank/root.old
> - booting kernel.old
Just for the records, I would like to poin out that kernel.old would be loaded
from zfs:tank/root.
> - then rollback tank/root to pre-update snapshot and reboot (again)
>
>
> I see 2 drawbacks to my method :
>
> - This wont work if the update screws the loader.
> - I must be able to access the loader prompt (can't do it on a remote server).
Yes.
> Also, world is updated "in place".
>
> I think it should be possible to do the installworld & installkernel on a root
> clone then boot into it (changing tank bootfs property), but then : how to revert
> to previous state in case of failure ? Is there a "nextboot" thing planed for zfs ?
I am not aware of any plans to implement nextboot for zfs as it would require at
least some write support for zpool and there is none (for boot code) at the moment.
> What do you think ? How do you address the problem ?
I have some patches that allow to boot a different loader or a kernel from a
different (non-bootfs) ZFS dataset:
http://lists.freebsd.org/pipermail/freebsd-fs/2010-July/008976.html
But that still requires access to zfs boot and/or loader command interface.
--
Andriy Gapon
More information about the freebsd-stable
mailing list