Some time ago I found a good, reliable way of using and installing FreeBSD and described it in my Modern FreeBSD Install [1] [2] HOWTO. Now, more then a year later I come back with my experiences about that setup and a proposal of newer and probably better way of doing it.
Same as year ago, I assume that You would want to create fresh installation of FreeBSD using one or more hard disks, but also with (laptops) and without GELI based full disk encryption.
This guide was written when FreeBSD 9.0 and 8.3 were available and definitely works for 9.0, but I did not try all this on the older 8.3, if You find some issues on 8.3, let me know I will try to address them in this guide.
Earlier, I was not that confident about booting from the ZFS pool, but there is some very neat feature that made me think ZFS boot is now mandatory. If You just smiled, You know that I am thinking about Boot Environments feature from Illumos/Solaris systems.
In case You are not familiar with the Boot Environments feature, check the Managing Boot Environments with Solaris 11 Express PDF white paper [3]. Illumos/Solaris has the beadm(1M) [4] utility and while Philipp Wuensche wrote the manageBE script as replacement [5], it uses older style used at times when OpenSolaris (and SUN) were still having a great time.I spent last couple of days writing an up-to-date replacement for FreeBSD compatible beadm utility, and with some tweaks from today I just made it available at SourceForge [6] if You wish to test it. Currently its about 200 lines long, si it should be pretty simple to take a look at it. I tried to make it as compatible as possible with the 'upstream' version, along with some small improvements, it currently supports basic functions like list, create, destroy and activate.
# beadm usage: beadm subcommand cmd_options subcommands: beadm activate beName beadm create [-e nonActiveBe | beName@snapshot] beName beadm create beName@snapshot beadm destroy beName beadm destroy beName@snapshot beadm list
There are several subtle differences between mine implementation and Philipp's one, he defines and then relies upon ZFS property called freebsd:boot-environment=1 for each boot environment, I do not set any other additional ZFS properties. There is already org.freebsd:swap property used for SWAP on FreeBSD, so we may use org.freebsd:be in the future, but is just a thought, right now its not used. My version also supports activating boot environments received with zfs recv command from other systems (it just updates appreciate /boot/zfs/zpool.cache file).
My implementation is also style compatible with current Illumos/Solaris beadm(1M) which is like the example below.# beadm create -e default upgrade-test Created successfully # beadm list BE Active Mountpoint Space Policy Created default N / 1.06M static 2012-02-03 15:08 upgrade-test R - 560M static 2012-04-24 22:22 new - - 8K static 2012-04-24 23:40 # zfs list -r sys/ROOT NAME USED AVAIL REFER MOUNTPOINT sys/ROOT 562M 8.15G 144K none sys/ROOT/default 1.48M 8.15G 558M legacy sys/ROOT/new 8K 8.15G 558M none sys/ROOT/upgrade-test 560M 8.15G 558M none # beadm activate default Activated successfully # beadm list BE Active Mountpoint Space Policy Created default NR / 1.06M static 2012-02-03 15:08 upgrade-test - - 560M static 2012-04-24 22:22 new - - 8K static 2012-04-24 23:40
The boot environments are located in the same plase as in Illumos/Solaris, at pool/ROOT/environment place.
The main purpose of the Boot Environments concept is to make all risky tasks harmless, to provide an easy way back from possible troubles. Think about upgrading the system to newer version, an update of 30+ installed packages to latest versions, testing software or various solutions before taking the final decision, and much more. All these tasks are now harmless thanks to the Boot Environments, but this is just the tip of the iceberg.
You can now move desired boot environment to other machine, physical or virtual and check how it will behave there, check hardware support on the other hardware for example or make a painless hardware upgrade. You may also clone Your desired boot environment and ... start it as a Jail for some more experiments or move Your old physical server install into FreeBSD Jail because its not that heavily used anymore but it still have to be available.
Other good example may be just created server on Your laptop inside VirtualBox virtual machine. After you finish the creation process and tests, You may move this boot environment to the real server and put it into production. Or even move it into VMware ESX/vSphere virtual machine and use it there.
As You see the possibilities with Boot Environments are unlimited.
I created 3 possible schemas which should cover most demands, choose one and continue to the next step.
I assume that this server has 2 disks and we will create ZFS mirror across them, so if any of them will be gone the system will still work as usual. I also assume that these disks are ada0 and ada1. If You have SCSI/SAS drives there, they may be named da0 and da1 accordingly. The procedures below will wipe all data on these disks, You have been warned.
After these instructions and reboot we have these GPT partitions available, this example is on a 512MB disk.
# gpart show
=> 34 1048509 ada0 GPT (512M)
34 256 1 freebsd-boot (128k)
290 1048253 2 freebsd-zfs (511M)
=> 34 1048509 ada1 GPT (512M)
34 256 1 freebsd-boot (128k)
290 1048253 2 freebsd-zfs (511M)
# gpart list | grep label
label: bootcode0
label: sys0
label: bootcode1
label: sys1
# zpool status
pool: sys
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
sys ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
gpt/sys0 ONLINE 0 0 0
gpt/sys1 ONLINE 0 0 0
errors: No known data errors
If Your server configuration has only one disk, lets assume its ada0, then You need different points 5. and 7. to make, use these instead of the ones above.
All other steps are the same.
The procedure is quite diffrent for Laptop because we will use the full disk encryption mechanism provided by GELI and then setup the ZFS pool. Its not currently possible to boot off from the ZFS pool on top of encrypted GELI provider, so we will use setup similar to the Server with ... one but with additional local pool for /home and /root partitions. It will be password based and You will be asked to type-in that password at every boot. The install process is generally the same with new instructions added for the GELI encrypted local pool, I put them with different color to make the difference more visible.
After these instructions and reboot we have these GPT partitions available, this example is on a 4GB disk.
# gpart show
=> 34 8388541 ada0 GPT (4.0G)
34 256 1 freebsd-boot (128k)
290 2097152 2 freebsd-zfs (1.0G)
2097442 6291133 3 freebsd-zfs (3G)
# gpart list | grep label
label: bootcode0
label: sys0
label: local0
# zpool status
pool: local
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
sys ONLINE 0 0 0
gpt/local0.eli ONLINE 0 0 0
errors: No known data errors
pool: sys
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
sys ONLINE 0 0 0
gpt/sys0 ONLINE 0 0 0
errors: No known data errors
login: root password: [ENTER]
If You used the Server with ... type, then use this to add swap.
# zfs create -V 1G -o org.freebsd:swap=on \
-o checksum=off \
-o sync=disabled \
-o primarycache=none \
-o secondarycache=none sys/swap
# swapon /dev/zvol/sys/swap
If You used the Road Warrior Laptop one, then use this one below, this was the swap space will also be encrypted.
# zfs create -V 1G -o org.freebsd:swap=on \
-o checksum=off \
-o sync=disabled \
-o primarycache=none \
-o secondarycache=none local/swap
# swapon /dev/zvol/local/swap
After You configured Your fresh FreeBSD system, added needed packages and services, create snapshot called configured or production so if You mess something, You can always go back in time to bring working configuration back. mess something.
# zfs snapshot -r sys/ROOT/default@configuredHere are some simple instructions on how to download and enable the beadm command line utility for easy Boot Environments administration.
# fetch https://downloads.sourceforge.net/project/beadm/beadm -o /usr/sbin/beadm # chmod +x /usr/sbin/beadm # rehash # beadm list BE Active Mountpoint Space Policy Created default NR / 592M static 2012-04-25 02:03
Now we have a working ZFS only FreeBSD system, I will put some example here about what You now can do with this type of installation and of course the Boot Environments feature.
You are now free to do anything You like fo or the upgrade process, but even if You break everything, You still have a working default working environment.
This concept is about creating new boot environment from the desired one, lets call it jailed, then start that new environment inside a FreeBSD Jail and perform upgrade there. After You have finished all tasks related to this upgrade and You are satisfied with the achieved results, shutdown that Jail, set the boot environment into that just upgraded Jail called jailed and reboot into just upgraded system without any risks.
# beadm create -e default jailed Created successfully
# /etc/rc.d/jail start Configuring jails:. Starting jails: jailed.
# jls
JID IP Address Hostname Path
1 10.20.30.40 jailed /usr/jails/jailed
# /etc/rc.d/jail stop Stopping jails: jailed.
# bootfs-beadm activate jailed Activated successfully
Lets assume, that You need to upgrade or do some major modification to some of Your servers, You will then create new boot environment from the default one, move it to other 'free' machine, perform these tasks there and after everything is done, move the modified boot environment to the production without any risks. You may as well trasnport that environment into You laptop/workstation and upgrade it in a Jail like in step 6.2 of this guide.
# beadm create upgrade Created successfully.
# beadm activate upgrade Activated successfully.
# beadm activate upgrade Activated successfully.
The last part of the HOWTO remains the same as Year ago ...
You can now add your users, services and packages as usual on any FreeBSD system, have fun ;)