Date: Tue, 24 Mar 2015 12:34:31 +0100 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: freebsd-questions@freebsd.org Subject: Re: Possible (or smart) to put freebsd-boot on USB stick for root-on-ZFS? Message-ID: <36a7230b.16ee04db@fabiankeil.de> In-Reply-To: <CAA=KUhsDHNFfyoPY0706juUXnERij8bKbQMAsNosCZjEikP_YQ@mail.gmail.com> References: <CAA=KUhvYfhJ9i_CU6Lhni0EB03zjPMBpBHOHLJ92THVs2owZxw@mail.gmail.com> <CAOgwaMtJpBboseqb295fr1Fdtw09dqFLqG5BVS4rWHPd_h2f7A@mail.gmail.com> <20150324092914.ed0ebb7f.freebsd@edvax.de> <CAOgwaMtW4RyPD1Y8U7W4JDic6PJm82Am8a%2B2P3J92i9rP4e=VQ@mail.gmail.com> <CAA=KUhvUb5-yrpvJ6QnFcvCWxv3BxbpdqFtUT8x=Tu5qJrV4zQ@mail.gmail.com> <CAA=KUhsDHNFfyoPY0706juUXnERij8bKbQMAsNosCZjEikP_YQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/_QcipiFMh377mmS+Yk/ngQI
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Jason Birch <jbirch@jbirch.net> wrote:
> On Tue, Mar 24, 2015 at 7:56 PM, Mehmet Erol Sanliturk
> <m.e.sanliturk@gmail.com> wrote:
> > On Tue, Mar 24, 2015 at 1:29 AM, Polytropon <freebsd@edvax.de> wrote:
> >> On Tue, 24 Mar 2015 00:49:46 -0700, Mehmet Erol Sanliturk wrote:
>=20
> While I appreciate the discussion this has generated, it's not quite
> related to the questions I had around the freebsd-boot partition alone
> being on some removable media, and I'd like to try and steer the
> discussion back in that direction for my benefit (obviously ;)) and
> for the benefit of anyone trawling the lists looking for a similar
> answer.
>=20
> For the record, this will be for a reasonably large ZFS file server,
> and so having things like the home directories live on the larger ZFS
> volume (and not the mirrored SSDs) is something I'll probably be
> doing. However, it's more about the partitioning and device
> arrangement once the machine has booted, and that's not quite what I'm
> having difficulties understanding.
The freebsd-boot partition merely contains gptzfsboot(8).
The kernel gets loaded from a freebsd-zfs partition which
can, but doesn't have to, also contain (parts of) the ZFS
root pool.
Given how small it is, I don't see any advantage in putting
the freebsd-boot partition and the freebsd-zfs partition that
contains the kernel on different devices, but putting both on
multiple devices obviously makes the system more robust against
certain failures.
Kernel parts that aren't required for the system to boot do not
have to be on the same ZFS pool as the kernel parts that are.
Nowadays I use system disk layouts like this:
$ gpart show ada0
=3D> 40 1250263648 ada0 GPT (596G)
40 128 1 freebsd-boot (64K)
168 1880 - free - (940K)
2048 409600 2 freebsd-zfs (200M)
411648 8388608 3 freebsd-zfs (4.0G)
8800256 8388608 4 freebsd-swap (4.0G)
17188864 1233074816 5 freebsd-zfs (588G)
1250263680 8 - free - (4.0K)
That's ElectroBSD's default layout but obviously also works for vanilla
FreeBSD. Partition 2 contains the (unencrypted) ZFS boot pool with the
kernel parts required for booting, partition 3 contains the encrypted
root pool with a complete /boot, and partition 5 contains an encrypted
ZFS data pool (optional).
Once the system is up, the ZFS boot pool can be erased to harden the
system against unsophisticated physical attacks. If you aren't using
encryption, splitting /boot probably has no advantage.
To finally answer the question in the subject: I think it's a pretty
good idea to keep a bootable USB stick around for recovery purposes,
but on production servers I do not put the standard ZFS pools or the
standard freebsd-boot partition on USB sticks.
I sometimes do it for test systems, though. On most of my systems it
works out of the box, some need the patch from:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D198563
Fabian
--Sig_/_QcipiFMh377mmS+Yk/ngQI
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlURS8cACgkQBYqIVf93VJ3aIACeOGho1SrpoFHHpiRUzz5bqblR
IBkAnjtNBLmGeXPznpI9e45Bl4h6dn55
=701F
-----END PGP SIGNATURE-----
--Sig_/_QcipiFMh377mmS+Yk/ngQI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36a7230b.16ee04db>