From owner-freebsd-stable@FreeBSD.ORG  Fri May 27 11:08:54 2011
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B58991065670
	for <freebsd-stable@freebsd.org>; Fri, 27 May 2011 11:08:54 +0000 (UTC)
	(envelope-from tzim@tzim.net)
Received: from orlith.tzim.net (unknown
	[IPv6:2001:41d0:2:1d32:21c:c0ff:fe82:92c6])
	by mx1.freebsd.org (Postfix) with ESMTP id 562F38FC16
	for <freebsd-stable@freebsd.org>; Fri, 27 May 2011 11:08:54 +0000 (UTC)
Received: from localhost ([127.0.0.1] helo=secure.tzim.net)
	by orlith.tzim.net with esmtp (Exim 4.76 (FreeBSD))
	(envelope-from <tzim@tzim.net>) id 1QPuuT-0007E0-9J
	for freebsd-stable@freebsd.org; Fri, 27 May 2011 13:08:53 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 27 May 2011 13:08:53 +0200
From: tzim@tzim.net
To: <freebsd-stable@freebsd.org>
Message-ID: <63454684d7d46c2ef76cfcc979500612@tzim.net>
X-Sender: tzim@tzim.net
User-Agent: RoundCube Webmail/0.5.2
Subject: zfs-root and "safe" atomic updates
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2011 11:08:54 -0000

I use zfs on / for quite some time now on 8-stable.

Each time I want to update base, I use those steps :

  - zfs snapshot tank/root@old
  - zfs clone tank/root@old tank/root.old
  - csup / Rebuild world and kernel
  - install world & kernel
  - reboot
  - (mergemaster and all usual post-update stuff)

This way, if I unfortunately can't boot, I can revert to old userland & 
kernel by :

  - dropping into loader prompt
  - setting vfs.root.mountfrom to zfs:tank/root.old
  - booting kernel.old
  - then rollback tank/root to pre-update snapshot and reboot (again)


I see 2 drawbacks to my method :

  - This wont work if the update screws the loader.
  - I must be able to access the loader prompt (can't do it on a remote 
server).

Also, world is updated "in place".

I think it should be possible to do the installworld & installkernel on 
a root clone then boot into it (changing tank bootfs property), but then 
: how to revert to previous state in case of failure ? Is there a 
"nextboot" thing planed for zfs ?

What do you think ? How do you address the problem ?