From owner-freebsd-questions@FreeBSD.ORG Tue Mar 24 11:39:56 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DEF3B358 for ; Tue, 24 Mar 2015 11:39:55 +0000 (UTC) Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.18.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 68E43A01 for ; Tue, 24 Mar 2015 11:39:54 +0000 (UTC) Received: from [87.79.194.195] (helo=fabiankeil.de) by smtprelay02.ispgateway.de with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.84) (envelope-from ) id 1YaN6K-0005Bt-SB for freebsd-questions@freebsd.org; Tue, 24 Mar 2015 12:34:29 +0100 Date: Tue, 24 Mar 2015 12:34:31 +0100 From: Fabian Keil To: freebsd-questions@freebsd.org Subject: Re: Possible (or smart) to put freebsd-boot on USB stick for root-on-ZFS? Message-ID: <36a7230b.16ee04db@fabiankeil.de> In-Reply-To: References: <20150324092914.ed0ebb7f.freebsd@edvax.de> Reply-To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/_QcipiFMh377mmS+Yk/ngQI"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Mar 2015 11:39:56 -0000 --Sig_/_QcipiFMh377mmS+Yk/ngQI Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Jason Birch wrote: > On Tue, Mar 24, 2015 at 7:56 PM, Mehmet Erol Sanliturk > wrote: > > On Tue, Mar 24, 2015 at 1:29 AM, Polytropon wrote: > >> On Tue, 24 Mar 2015 00:49:46 -0700, Mehmet Erol Sanliturk wrote: >=20 > While I appreciate the discussion this has generated, it's not quite > related to the questions I had around the freebsd-boot partition alone > being on some removable media, and I'd like to try and steer the > discussion back in that direction for my benefit (obviously ;)) and > for the benefit of anyone trawling the lists looking for a similar > answer. >=20 > For the record, this will be for a reasonably large ZFS file server, > and so having things like the home directories live on the larger ZFS > volume (and not the mirrored SSDs) is something I'll probably be > doing. However, it's more about the partitioning and device > arrangement once the machine has booted, and that's not quite what I'm > having difficulties understanding. The freebsd-boot partition merely contains gptzfsboot(8). The kernel gets loaded from a freebsd-zfs partition which can, but doesn't have to, also contain (parts of) the ZFS root pool. Given how small it is, I don't see any advantage in putting the freebsd-boot partition and the freebsd-zfs partition that contains the kernel on different devices, but putting both on multiple devices obviously makes the system more robust against certain failures. Kernel parts that aren't required for the system to boot do not have to be on the same ZFS pool as the kernel parts that are. Nowadays I use system disk layouts like this: $ gpart show ada0 =3D> 40 1250263648 ada0 GPT (596G) 40 128 1 freebsd-boot (64K) 168 1880 - free - (940K) 2048 409600 2 freebsd-zfs (200M) 411648 8388608 3 freebsd-zfs (4.0G) 8800256 8388608 4 freebsd-swap (4.0G) 17188864 1233074816 5 freebsd-zfs (588G) 1250263680 8 - free - (4.0K) That's ElectroBSD's default layout but obviously also works for vanilla FreeBSD. Partition 2 contains the (unencrypted) ZFS boot pool with the kernel parts required for booting, partition 3 contains the encrypted root pool with a complete /boot, and partition 5 contains an encrypted ZFS data pool (optional). Once the system is up, the ZFS boot pool can be erased to harden the system against unsophisticated physical attacks. If you aren't using encryption, splitting /boot probably has no advantage. To finally answer the question in the subject: I think it's a pretty good idea to keep a bootable USB stick around for recovery purposes, but on production servers I do not put the standard ZFS pools or the standard freebsd-boot partition on USB sticks. I sometimes do it for test systems, though. On most of my systems it works out of the box, some need the patch from: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D198563 Fabian --Sig_/_QcipiFMh377mmS+Yk/ngQI Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlURS8cACgkQBYqIVf93VJ3aIACeOGho1SrpoFHHpiRUzz5bqblR IBkAnjtNBLmGeXPznpI9e45Bl4h6dn55 =701F -----END PGP SIGNATURE----- --Sig_/_QcipiFMh377mmS+Yk/ngQI--