From owner-svn-src-all@FreeBSD.ORG Thu May 15 02:27:11 2014 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8A415A05; Thu, 15 May 2014 02:27:11 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B0762509; Thu, 15 May 2014 02:27:11 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4F2RBe4098904; Thu, 15 May 2014 02:27:11 GMT (envelope-from roberto@svn.freebsd.org) Received: (from roberto@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4F2RB1R098903; Thu, 15 May 2014 02:27:11 GMT (envelope-from roberto@svn.freebsd.org) Message-Id: <201405150227.s4F2RB1R098903@svn.freebsd.org> From: Ollivier Robert Date: Thu, 15 May 2014 02:27:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r266107 - head/usr.sbin/bsdinstall/scripts X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2014 02:27:11 -0000 Author: roberto Date: Thu May 15 02:27:10 2014 New Revision: 266107 URL: http://svnweb.freebsd.org/changeset/base/266107 Log: Here is a patch for the bsdinstall root-on-zfs stuff that adds optional encryption for swap, and optional gmirror for swap (which can be combined) Submitted by: Allan Jude Requested By: roberto Sponsored By: ScaleEngine Inc. MFC after: 2 weeks Modified: head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Thu May 15 01:37:17 2014 (r266106) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Thu May 15 02:27:10 2014 (r266107) @@ -108,6 +108,16 @@ f_include $BSDCFG_SHARE/variable.subr : ${ZFSBOOT_SWAP_SIZE:=2g} # +# Should we use geli(8) to encrypt the swap? +# +: ${ZFSBOOT_SWAP_ENCRYPTION=} + +# +# Should we use gmirror(8) to mirror the swap? +# +: ${ZFSBOOT_SWAP_MIRROR=} + +# # Default ZFS datasets for root zpool # # NOTE: Requires /tmp, /var/tmp, /$ZFSBOOT_BOOTFS_NAME/$ZFSBOOT_BOOTFS_NAME @@ -184,6 +194,7 @@ MOUNT_TYPE='mount -t %s "%s" "%s"' PRINTF_CONF="printf '%s=\"%%s\"\\\n' %s >> \"%s\"" PRINTF_FSTAB='printf "$FSTAB_FMT" "%s" "%s" "%s" "%s" "%s" "%s" >> "%s"' SHELL_TRUNCATE=':> "%s"' +SWAP_GMIRROR_LABEL='gmirror label swap %s' UMOUNT='umount "%s"' ZFS_CREATE_WITH_OPTIONS='zfs create %s "%s"' ZFS_SET='zfs set "%s" "%s"' @@ -263,6 +274,10 @@ msg_select_a_disk_device="Select a disk msg_select_virtual_device_type="Select Virtual Device type:" msg_stripe_desc="Stripe - No Redundancy" msg_stripe_help="[1+ Disks] Striping provides maximum storage but no redundancy" +msg_swap_encrypt="Encrypt Swap?" +msg_swap_encrypt_help="Encrypt swap partitions with temporary keys, discarded on reboot" +msg_swap_mirror="Mirror Swap?" +msg_swap_mirror_help="Mirror swap partitions for redundancy, breaks crash dumps" msg_swap_size="Swap Size" msg_swap_size_help="Customize how much swap space is allocated to each selected disk" msg_these_disks_are_too_small="These disks are too small given the amount of requested\nswap (%s) and/or geli(8) (%s) partitions, which would\ntake 50%% or more of each of the following selected disk\ndevices (not recommended):\n\n %s\n\nRecommend changing partition size(s) and/or selecting a\ndifferent set of devices." @@ -285,8 +300,12 @@ dialog_menu_main() local prompt="$msg_configure_options" local force4k="$msg_no" local usegeli="$msg_no" + local swapgeli="$msg_no" + local swapmirror="$msg_no" [ "$ZFSBOOT_GNOP_4K_FORCE_ALIGN" ] && force4k="$msg_yes" [ "$ZFSBOOT_GELI_ENCRYPTION" ] && usegeli="$msg_yes" + [ "$ZFSBOOT_SWAP_ENCRYPTION" ] && swapgeli="$msg_yes" + [ "$ZFSBOOT_SWAP_MIRROR" ] && swapmirror="$msg_yes" local disks n f_count n $ZFSBOOT_DISKS { [ $n -eq 1 ] && disks=disk; } || disks=disks # grammar @@ -309,6 +328,10 @@ dialog_menu_main() '$msg_partition_scheme_help' 'S $msg_swap_size' '$ZFSBOOT_SWAP_SIZE' '$msg_swap_size_help' + 'M $msg_swap_mirror' '$swapmirror' + '$msg_swap_mirror_help' + 'W $msg_swap_encrypt' '$swapgeli' + '$msg_swap_encrypt_help' " # END-QUOTE local defaultitem= # Calculated below local hline="$hline_alnum_arrows_punc_tab_enter" @@ -747,14 +770,14 @@ zfs_create_diskpart() return $FAILURE # NB: zpool will use the `zfs#' GPT labels - bootpart=p2 targetpart=p2 + bootpart=p2 swappart=p2 targetpart=p2 [ ${swapsize:-0} -gt 0 ] && targetpart=p3 # # Prepare boot pool if enabled (e.g., for geli(8)) # if [ "$ZFSBOOT_BOOT_POOL" ]; then - bootpart=p2 targetpart=p3 + bootpart=p2 swappart=p3 targetpart=p3 [ ${swapsize:-0} -gt 0 ] && targetpart=p4 f_eval_catch $funcname gpart \ "$GPART_ADD_LABEL_WITH_SIZE" boot$index \ @@ -781,12 +804,7 @@ zfs_create_diskpart() return $FAILURE # Pedantically nuke any old labels on the swap f_eval_catch -d $funcname zpool "$ZPOOL_LABELCLEAR_F" \ - /dev/gpt/swap$index - # Update fstab(5) - f_eval_catch $funcname printf "$PRINTF_FSTAB" \ - /dev/gpt/swap$index none swap sw 0 0 \ - $BSDINSTALL_TMPETC/fstab || - return $FAILURE + /dev/$disk$swappart fi # @@ -827,7 +845,7 @@ zfs_create_diskpart() return $FAILURE # NB: zpool will use s1a (no labels) - bootpart=s1a targetpart=s1d mbrindex=4 + bootpart=s1a swappart=s1b targetpart=s1d mbrindex=4 # # Always prepare a boot pool on MBR @@ -858,11 +876,6 @@ zfs_create_diskpart() # Pedantically nuke any old labels on the swap f_eval_catch -d $funcname zpool "$ZPOOL_LABELCLEAR_F" \ /dev/${disk}s1b - # Update fstab(5) - f_eval_catch $funcname printf "$PRINTF_FSTAB" \ - /dev/${disk}s1b none swap sw 0 0 \ - $BSDINSTALL_TMPETC/fstab || - return $FAILURE fi # @@ -879,6 +892,33 @@ zfs_create_diskpart() esac # $ZFSBOOT_PARTITION_SCHEME + # Update fstab(5) + if [ "$isswapmirror" ]; then + # This is not the first disk in the mirror, do nothing + elif [ "$ZFSBOOT_SWAP_ENCRYPTION" -a "$ZFSBOOT_SWAP_MIRROR" ]; then + f_eval_catch $funcname printf "$PRINTF_FSTAB" \ + /dev/mirror/swap.eli none swap sw 0 0 \ + $BSDINSTALL_TMPETC/fstab || + return $FAILURE + isswapmirror=1 + elif [ "$ZFSBOOT_SWAP_MIRROR" ]; then + f_eval_catch $funcname printf "$PRINTF_FSTAB" \ + /dev/mirror/swap none swap sw 0 0 \ + $BSDINSTALL_TMPETC/fstab || + return $FAILURE + isswapmirror=1 + elif [ "$ZFSBOOT_SWAP_ENCRYPTION" ]; then + f_eval_catch $funcname printf "$PRINTF_FSTAB" \ + /dev/$disk${swappart}.eli none swap sw 0 0 \ + $BSDINSTALL_TMPETC/fstab || + return $FAILURE + else + f_eval_catch $funcname printf "$PRINTF_FSTAB" \ + /dev/$disk$swappart none swap sw 0 0 \ + $BSDINSTALL_TMPETC/fstab || + return $FAILURE + fi + return $SUCCESS } @@ -893,10 +933,12 @@ zfs_create_boot() local zroot_name="$1" local zroot_vdevtype="$2" local zroot_vdevs= # Calculated below + local swap_devs= # Calculated below local boot_vdevs= # Used for geli(8) and/or MBR layouts shift 2 # poolname vdev_type local disks="$*" disk - local bootpart targetpart # Set by zfs_create_diskpart() below + local isswapmirror + local bootpart targetpart swappart # Set by zfs_create_diskpart() below # # Pedantic checks; should never be seen @@ -968,7 +1010,8 @@ zfs_create_boot() local n=0 for disk in $disks; do zfs_create_diskpart $disk $n || return $FAILURE - # Now $bootpart and $targetpart are set (suffix for $disk) + # Now $bootpart, $targetpart, and $swappart are set (suffix + # for $disk) # Forced 4k alignment support using Geom NOP (see gnop(8)) if [ "$ZFSBOOT_GNOP_4K_FORCE_ALIGN" ]; then @@ -1087,6 +1130,16 @@ zfs_create_boot() return $FAILURE f_eval_catch -d $funcname umount "$UMOUNT" /mnt # tmpfs fi + # + # Create the gmirror(8) GEOMS for swap + # + if [ "$ZFSBOOT_SWAP_MIRROR" ]; then + for disk in $disks; do + swap_devs="$swap_devs $disk$swappart" + done + f_eval_catch $funcname gmirror "$SWAP_GMIRROR_LABEL" \ + "$swap_devs" || return $FAILURE + fi # # Create the ZFS root pool with desired type and disk devices @@ -1215,6 +1268,14 @@ zfs_create_boot() f_eval_catch $funcname echo "$ECHO_APPEND" \ 'kern.geom.label.disk_ident.enable=\"0\"' \ $BSDINSTALL_TMPBOOT/loader.conf.zfs || return $FAILURE + f_eval_catch $funcname echo "$ECHO_APPEND" \ + 'kern.geom.label.gptid.enable=\"0\"' \ + $BSDINSTALL_TMPBOOT/loader.conf.zfs || return $FAILURE + + if [ "$ZFSBOOT_SWAP_MIRROR" ]; then + f_eval_catch $funcname echo "$ECHO_APPEND" 'geom_mirror_load=\"YES\"' \ + $BSDINSTALL_TMPBOOT/loader.conf.gmirror || return $FAILURE + fi # We're all done unless we should go on for boot pool [ "$ZFSBOOT_BOOT_POOL" ] || return $SUCCESS @@ -1448,6 +1509,22 @@ while :; do "$ZFSBOOT_SWAP_SIZE" && ZFSBOOT_SWAP_SIZE="${input:-0}" ;; + ?" $msg_swap_mirror") + # Toggle the variable referenced both by the menu and later + if [ "$ZFSBOOT_SWAP_MIRROR" ]; then + ZFSBOOT_SWAP_MIRROR= + else + ZFSBOOT_SWAP_MIRROR=1 + fi + ;; + ?" $msg_swap_encrypt") + # Toggle the variable referenced both by the menu and later + if [ "$ZFSBOOT_SWAP_ENCRYPTION" ]; then + ZFSBOOT_SWAP_ENCRYPTION= + else + ZFSBOOT_SWAP_ENCRYPTION=1 + fi + ;; esac done