Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
On Tue, 12 Jul 2011 00:25:38 +0400 Pan Tsu iny...@gmail.com wrote: Christopher J. Ruwe c...@cruwe.de writes: [...] In this setup, I should not have any problems. However, I do not realize (and very much doubt) that I changed anything in the order of the services (lacking the capability to deterministically do so, anyway). From rcorder I understand that all that is required to set rcorder right would be to change /etc/rc.d/zfs to include a REQUIRE: geli, so that my geli-encrypted volume would be unlocked before all zfs-datasets are mounted? Yep, or revert to default where rc.d/zfs depends on rc.d/mountcritlocal. $ svn co -qr223699 svn://svn.freebsd.org/base/stable/8/etc/rc.d $ rcorder rc.d/* | nl | sed /zfs/q 1 rc.d/hostid 2 rc.d/zvol 3 rc.d/dumpon 4 rc.d/ddb 5 rc.d/initrandom 6 rc.d/geli 7 rc.d/gbde 8 rc.d/encswap 9 rc.d/ccd 10 rc.d/swap1 11 rc.d/fsck 12 rc.d/root 13 rc.d/hostid_save 14 rc.d/mdconfig 15 rc.d/mountcritlocal 16 rc.d/zfs If so, what could be the reason that my rcorder-setup deviates from the standard and how could I coerce it back to standard? No idea. Try basic check with $ diff -ur /usr/src/etc/rc.d /etc/rc.d $ mergemaster $ mergemaster -s unless someone else can reproduce your issue. Please accept my apologies for replying so late, I was stuck up in work and could not find time to test this issue. Your proposed solution of reverting to the default setup worked as expected. My idea of adding a REQUIRE: geli to /etc/rc.d/zfs did not, although rcorder showed geli before zfs then. However, with my problem solved, I have no incentive to research why I deviated from default rc.d in the first place ... the only thing I am sure of is, that it was not intentionally. Anyhow, thank you for your help, it is really appreciated. -- Christopher J. Ruwe TZ GMT + 2 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
On Sun, 10 Jul 2011 22:23:36 +0400 Pan Tsu iny...@gmail.com wrote: Christopher J. Ruwe c...@cruwe.de writes: [...] /etc/rc.d/zvol /etc/rc.d/zfs /etc/rc.d/dumpon /etc/rc.d/ddb /etc/rc.d/initrandom /etc/rc.d/geli /etc/rc.d/gbde /etc/rc.d/encswap /etc/rc.d/ccd /etc/rc.d/swap1 /etc/rc.d/fsck /etc/rc.d/root /etc/rc.d/hostid_save /etc/rc.d/mdconfig /etc/rc.d/mountcritlocal This makes sense to me and reflects the order I assumed in my description. The question remains, however, if my configuration is of any in {unusual, ..., stupid} as I require first zfs mount of /, then GELI-unlock and then zfs mount of {/usr,/usr/local, ...}. Do you mount the root pool over smth else? Otherwise, root should be mounted by kernel before init(8) is started. And /etc/rc.d doesn't exist before root is mounted. I mount root-pool via zfs_load=YES vfs.root.mountfrom=zfs:rpool/root in /boot/loader.conf. So far, all is right from what I understand. I think the correct order is 0 vfs_mountroot* .. 2 rc.d/zvol (pre v28) .. 6 rc.d/geli .. 15 rc.d/mountcritlocal 16 rc.d/zfs where extra datasets from the root pool can be mounted via fstab at rc.d/mountcritlocal time. Not sure if you import geli pool during boot or not and leak its configuration via zpool.cache. In this setup, I should not have any problems. However, I do not realize (and very much doubt) that I changed anything in the order of the services (lacking the capability to deterministically do so, anyway). From rcorder I understand that all that is required to set rcorder right would be to change /etc/rc.d/zfs to include a REQUIRE: geli, so that my geli-encrypted volume would be unlocked before all zfs-datasets are mounted? If so, what could be the reason that my rcorder-setup deviates from the standard and how could I coerce it back to standard? Thank you for your help so far, cheers -- Christopher J. Ruwe TZ GMT + 2 signature.asc Description: PGP signature
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
Christopher J. Ruwe c...@cruwe.de writes: [...] In this setup, I should not have any problems. However, I do not realize (and very much doubt) that I changed anything in the order of the services (lacking the capability to deterministically do so, anyway). From rcorder I understand that all that is required to set rcorder right would be to change /etc/rc.d/zfs to include a REQUIRE: geli, so that my geli-encrypted volume would be unlocked before all zfs-datasets are mounted? Yep, or revert to default where rc.d/zfs depends on rc.d/mountcritlocal. $ svn co -qr223699 svn://svn.freebsd.org/base/stable/8/etc/rc.d $ rcorder rc.d/* | nl | sed /zfs/q 1 rc.d/hostid 2 rc.d/zvol 3 rc.d/dumpon 4 rc.d/ddb 5 rc.d/initrandom 6 rc.d/geli 7 rc.d/gbde 8 rc.d/encswap 9 rc.d/ccd 10 rc.d/swap1 11 rc.d/fsck 12 rc.d/root 13 rc.d/hostid_save 14 rc.d/mdconfig 15 rc.d/mountcritlocal 16 rc.d/zfs If so, what could be the reason that my rcorder-setup deviates from the standard and how could I coerce it back to standard? No idea. Try basic check with $ diff -ur /usr/src/etc/rc.d /etc/rc.d $ mergemaster $ mergemaster -s unless someone else can reproduce your issue. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Fw: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
Nearly a week ago I posted this question to freebsd-fs, but probalby my question is a) worded too complicatedly, b) not really a filesystem-issue or c) both. To rephrase: In setups requiring one or more ZFS-dataset to be mounted before another service is activated (GELI in my case) and the rest of the ZFS-datasets after that service is activated (because they require GELI), it seems to be necessary to add a `zfs mount -a` to mountcritlocal. Is this considered correct behaviour and wouldn't it make sense to add such a line to mountcritlocal in the standard setup? Thank you, cheers, -- Christopher J. Ruwe TZ GMT + 2 Begin forwarded message: Date: Tue, 5 Jul 2011 20:59:48 +0200 From: Christopher J. Ruwe c...@cruwe.de To: freebsd...@freebsd.org Subject: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included] I run my notebook under FreeBSD 8.2-stable, r223699. I have setup my disks with ZFS so that I boot from a very small rpool and mount datasets, among these /usr from another pool configured on top of an AES encrypted GELI. When installing a new world using this setup, it is necessary to manually adapt /etc/rc.d/mountcritlocal, mountcritlocal_start() to do a zfs mount -a. Failing to do so causes my rootpool to be mounted (which follows from rc.conf), then the GELI volume to be unlocked. After this, the boot routine hangs, as /usr (which resides) on the encrypted vol, which is not mounted, as the canonical zfs mounts are mounted before GELI. I cannot imagine that I am the only one to run ZFSes on an encrypted GELI volume. Am I booting this setup in an inadvisable way, so that I need to run into problems? If not, then it might be an idea to include a zfs mount -a in mountcritlocal in the canonical rc.d-setup. Am I getting this right or could you please comment? Thank you, cheers, -- Christopher J. Ruwe TZ GMT + 2 *** /usr/src/etc/rc.d/mountcritlocal 2011-06-30 21:37:46.097575355 +0200 --- /etc/rc.d/mountcritlocal 2011-07-01 18:03:43.518493334 +0200 *** *** 36,41 --- 36,42 done mount_excludes=${mount_excludes%,} mount -a -t ${mount_excludes} + zfs mount -a err=$? check_startmsgs echo '.' ___ freebsd...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-fs To unsubscribe, send any mail to freebsd-fs-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Fw: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
Christopher J. Ruwe c...@cruwe.de writes: Nearly a week ago I posted this question to freebsd-fs, but probalby my question is a) worded too complicatedly, b) not really a filesystem-issue or c) both. To rephrase: In setups requiring one or more ZFS-dataset to be mounted before another service is activated (GELI in my case) and the rest of the ZFS-datasets after that service is activated (because they require GELI), it seems to be necessary to add a `zfs mount -a` to mountcritlocal. Is this considered correct behaviour and wouldn't it make sense to add such a line to mountcritlocal in the standard setup? [...] Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8) output rc.d/zfs should come just after rc.d/mountcritlocal. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
On Sun, 10 Jul 2011 16:38:43 +0400 Pan Tsu iny...@gmail.com wrote: Christopher J. Ruwe c...@cruwe.de writes: Nearly a week ago I posted this question to freebsd-fs, but probalby my question is a) worded too complicatedly, b) not really a filesystem-issue or c) both. To rephrase: In setups requiring one or more ZFS-dataset to be mounted before another service is activated (GELI in my case) and the rest of the ZFS-datasets after that service is activated (because they require GELI), it seems to be necessary to add a `zfs mount -a` to mountcritlocal. Is this considered correct behaviour and wouldn't it make sense to add such a line to mountcritlocal in the standard setup? [...] Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8) output rc.d/zfs should come just after rc.d/mountcritlocal. zfs_enable=YES is set. rcorder gives curious output, so maybe my etcs are wrong? $ rcorder /etc/rc.d/zfs rcorder: file `/etc/rc.d/zfs' is before unknown provision `mountlate' /etc/rc.d/zfs $ rcorder /etc/rc.d/mountcritlocal rcorder: requirement `root' in file `/etc/rc.d/mountcritlocal' has no providers. /etc/rc.d/mountcritlocal However, I fear I have not made my intent clear. My boot-sequence should be as follows (intermittent steps left out): 1) mount zfs root-fs, which is on plain standard zpool A 2) unlock another, GELI-encrypted zpool B 3) mount all other fs (/usr,...), which reside on zpool B What my system does is first to mount the fs on zpool A, then GELI-unlock and then halt because the contents of /usr are not accessible (yet) What I want my system to do is to first mount root, then unlock GELI and then mount all other remaining fs on zpool B. I could either mount all remaining zfs'es in mountcritlocal, which requires another line there, which I have added locally as put in my patch. I cannot shift the order so that GELI-unlock comes first, because my keys for GELI reside on /boot, which resides on zpool A. So, is my setup anything from unfortunate to plain stupid or is mountcritlocal missing a statement catering for such cases as I described? Thank you for your help, cheers, -- Christopher J. Ruwe TZ GMT + 2 signature.asc Description: PGP signature
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
On Sun, Jul 10, 2011 at 04:05:04PM +0200, Christopher J. Ruwe wrote: On Sun, 10 Jul 2011 16:38:43 +0400 Pan Tsu iny...@gmail.com wrote: Christopher J. Ruwe c...@cruwe.de writes: Nearly a week ago I posted this question to freebsd-fs, but probalby my question is a) worded too complicatedly, b) not really a filesystem-issue or c) both. To rephrase: In setups requiring one or more ZFS-dataset to be mounted before another service is activated (GELI in my case) and the rest of the ZFS-datasets after that service is activated (because they require GELI), it seems to be necessary to add a `zfs mount -a` to mountcritlocal. Is this considered correct behaviour and wouldn't it make sense to add such a line to mountcritlocal in the standard setup? [...] Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8) output rc.d/zfs should come just after rc.d/mountcritlocal. zfs_enable=YES is set. rcorder gives curious output, so maybe my etcs are wrong? $ rcorder /etc/rc.d/zfs rcorder: file `/etc/rc.d/zfs' is before unknown provision `mountlate' /etc/rc.d/zfs $ rcorder /etc/rc.d/mountcritlocal rcorder: requirement `root' in file `/etc/rc.d/mountcritlocal' has no providers. /etc/rc.d/mountcritlocal You're using rcorder wrong here. rcorder /etc/rc.d/* will get you what you're looking for. Yes, literally an asterisk. -- | Jeremy Chadwickjdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB | ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
On Sun, 10 Jul 2011 07:50:44 -0700 Jeremy Chadwick free...@jdc.parodius.com wrote: On Sun, Jul 10, 2011 at 04:05:04PM +0200, Christopher J. Ruwe wrote: On Sun, 10 Jul 2011 16:38:43 +0400 Pan Tsu iny...@gmail.com wrote: Christopher J. Ruwe c...@cruwe.de writes: Nearly a week ago I posted this question to freebsd-fs, but probalby my question is a) worded too complicatedly, b) not really a filesystem-issue or c) both. To rephrase: In setups requiring one or more ZFS-dataset to be mounted before another service is activated (GELI in my case) and the rest of the ZFS-datasets after that service is activated (because they require GELI), it seems to be necessary to add a `zfs mount -a` to mountcritlocal. Is this considered correct behaviour and wouldn't it make sense to add such a line to mountcritlocal in the standard setup? [...] Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8) output rc.d/zfs should come just after rc.d/mountcritlocal. zfs_enable=YES is set. rcorder gives curious output, so maybe my etcs are wrong? $ rcorder /etc/rc.d/zfs rcorder: file `/etc/rc.d/zfs' is before unknown provision `mountlate' /etc/rc.d/zfs $ rcorder /etc/rc.d/mountcritlocal rcorder: requirement `root' in file `/etc/rc.d/mountcritlocal' has no providers. /etc/rc.d/mountcritlocal You're using rcorder wrong here. rcorder /etc/rc.d/* will get you what you're looking for. Yes, literally an asterisk. I see. Thank you. That gives me (I skip the rest after mountcritlocal) /etc/rc.d/zvol /etc/rc.d/zfs /etc/rc.d/dumpon /etc/rc.d/ddb /etc/rc.d/initrandom /etc/rc.d/geli /etc/rc.d/gbde /etc/rc.d/encswap /etc/rc.d/ccd /etc/rc.d/swap1 /etc/rc.d/fsck /etc/rc.d/root /etc/rc.d/hostid_save /etc/rc.d/mdconfig /etc/rc.d/mountcritlocal This makes sense to me and reflects the order I assumed in my description. The question remains, however, if my configuration is of any in {unusual, ..., stupid} as I require first zfs mount of /, then GELI-unlock and then zfs mount of {/usr,/usr/local, ...}. Anyhow, thanks for setting me up on the proper usage of rcorder. Cheers, -- Christopher J. Ruwe TZ GMT + 2 signature.asc Description: PGP signature
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
Christopher J. Ruwe c...@cruwe.de writes: [...] /etc/rc.d/zvol /etc/rc.d/zfs /etc/rc.d/dumpon /etc/rc.d/ddb /etc/rc.d/initrandom /etc/rc.d/geli /etc/rc.d/gbde /etc/rc.d/encswap /etc/rc.d/ccd /etc/rc.d/swap1 /etc/rc.d/fsck /etc/rc.d/root /etc/rc.d/hostid_save /etc/rc.d/mdconfig /etc/rc.d/mountcritlocal This makes sense to me and reflects the order I assumed in my description. The question remains, however, if my configuration is of any in {unusual, ..., stupid} as I require first zfs mount of /, then GELI-unlock and then zfs mount of {/usr,/usr/local, ...}. Do you mount the root pool over smth else? Otherwise, root should be mounted by kernel before init(8) is started. And /etc/rc.d doesn't exist before root is mounted. I think the correct order is 0 vfs_mountroot* .. 2 rc.d/zvol (pre v28) .. 6 rc.d/geli .. 15 rc.d/mountcritlocal 16 rc.d/zfs where extra datasets from the root pool can be mounted via fstab at rc.d/mountcritlocal time. Not sure if you import geli pool during boot or not and leak its configuration via zpool.cache. Anyhow, thanks for setting me up on the proper usage of rcorder. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]
On 07/10/2011 07:05, Christopher J. Ruwe wrote: $ rcorder /etc/rc.d/zfs You want to use: service -r -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org