Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-22 Thread Christopher J. Ruwe 
On Tue, 12 Jul 2011 00:25:38 +0400
Pan Tsu iny...@gmail.com wrote:

 Christopher J. Ruwe c...@cruwe.de writes:
 
 [...]
  In this setup, I should not have any problems. However, I do not
  realize (and very much doubt) that I changed anything in the order
  of the services (lacking the capability to deterministically do so,
  anyway).
 
  From rcorder I understand that all that is required to set rcorder
  right would be to change /etc/rc.d/zfs to include a REQUIRE: geli,
  so that my geli-encrypted volume would be unlocked before all
  zfs-datasets are mounted?
 
 Yep, or revert to default where rc.d/zfs depends on
 rc.d/mountcritlocal.
 
   $ svn co -qr223699 svn://svn.freebsd.org/base/stable/8/etc/rc.d
   $ rcorder rc.d/* | nl | sed /zfs/q
1  rc.d/hostid
2  rc.d/zvol
3  rc.d/dumpon
4  rc.d/ddb
5  rc.d/initrandom
6  rc.d/geli
7  rc.d/gbde
8  rc.d/encswap
9  rc.d/ccd
   10  rc.d/swap1
   11  rc.d/fsck
   12  rc.d/root
   13  rc.d/hostid_save
   14  rc.d/mdconfig
   15  rc.d/mountcritlocal
   16  rc.d/zfs
 
  If so, what could be the reason that my rcorder-setup deviates from
  the standard and how could I coerce it back to standard?
 
 No idea. Try basic check with
 
   $ diff -ur /usr/src/etc/rc.d /etc/rc.d
   $ mergemaster
   $ mergemaster -s
 
 unless someone else can reproduce your issue.


Please accept my apologies for replying so late, I was stuck up in work and 
could not find time to test this issue.

Your proposed solution of reverting to the default setup worked as expected. My 
idea of adding a REQUIRE: geli to /etc/rc.d/zfs did not, although rcorder 
showed geli before zfs then.

However, with my problem solved, I have no incentive to research why I deviated 
from default rc.d in the first place ... the only thing I am sure of is, that 
it was not intentionally.

Anyhow, thank you for your help, it is really appreciated.
-- 
Christopher J. Ruwe
TZ GMT + 2
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-11 Thread Christopher J. Ruwe 
On Sun, 10 Jul 2011 22:23:36 +0400
Pan Tsu iny...@gmail.com wrote:

 Christopher J. Ruwe c...@cruwe.de writes:
 
 [...]
  /etc/rc.d/zvol
  /etc/rc.d/zfs
  /etc/rc.d/dumpon
  /etc/rc.d/ddb
  /etc/rc.d/initrandom
  /etc/rc.d/geli
  /etc/rc.d/gbde
  /etc/rc.d/encswap
  /etc/rc.d/ccd
  /etc/rc.d/swap1
  /etc/rc.d/fsck
  /etc/rc.d/root
  /etc/rc.d/hostid_save
  /etc/rc.d/mdconfig
  /etc/rc.d/mountcritlocal
 
  This makes sense to me and reflects the order I assumed in my
  description. The question remains, however, if my configuration is
  of any in {unusual, ..., stupid} as I require first zfs mount of /,
  then GELI-unlock and then zfs mount of {/usr,/usr/local, ...}.
 
 Do you mount the root pool over smth else? Otherwise, root should be
 mounted by kernel before init(8) is started. And /etc/rc.d doesn't
 exist before root is mounted.

I mount root-pool via 

zfs_load=YES
vfs.root.mountfrom=zfs:rpool/root

in /boot/loader.conf.  So far, all is right from what I understand.
 
 I think the correct order is
 
   0 vfs_mountroot*
   ..
   2 rc.d/zvol (pre v28)
   ..
   6 rc.d/geli
   ..
   15 rc.d/mountcritlocal
   16 rc.d/zfs
 
 where extra datasets from the root pool can be mounted via fstab at
 rc.d/mountcritlocal time. Not sure if you import geli pool during boot
 or not and leak its configuration via zpool.cache.

In this setup, I should not have any problems. However, I do not realize (and 
very much doubt) that I changed anything in the order of the services (lacking 
the capability to deterministically do so, anyway).

From rcorder I understand that all that is required to set rcorder right would 
be to change /etc/rc.d/zfs to include a REQUIRE: geli, so that my 
geli-encrypted volume would be unlocked before all zfs-datasets are mounted?
If so, what could be the reason that my rcorder-setup deviates from the 
standard and how could I coerce it back to standard?

Thank you for your help so far, cheers
-- 
Christopher J. Ruwe
TZ GMT + 2


signature.asc
Description: PGP signature

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-11 Thread Pan Tsu 
Christopher J. Ruwe c...@cruwe.de writes:

[...]
 In this setup, I should not have any problems. However, I do not
 realize (and very much doubt) that I changed anything in the order of
 the services (lacking the capability to deterministically do so,
 anyway).

 From rcorder I understand that all that is required to set rcorder
 right would be to change /etc/rc.d/zfs to include a REQUIRE: geli, so
 that my geli-encrypted volume would be unlocked before all
 zfs-datasets are mounted?

Yep, or revert to default where rc.d/zfs depends on rc.d/mountcritlocal.

  $ svn co -qr223699 svn://svn.freebsd.org/base/stable/8/etc/rc.d
  $ rcorder rc.d/* | nl | sed /zfs/q
   1  rc.d/hostid
   2  rc.d/zvol
   3  rc.d/dumpon
   4  rc.d/ddb
   5  rc.d/initrandom
   6  rc.d/geli
   7  rc.d/gbde
   8  rc.d/encswap
   9  rc.d/ccd
  10  rc.d/swap1
  11  rc.d/fsck
  12  rc.d/root
  13  rc.d/hostid_save
  14  rc.d/mdconfig
  15  rc.d/mountcritlocal
  16  rc.d/zfs

 If so, what could be the reason that my rcorder-setup deviates from
 the standard and how could I coerce it back to standard?

No idea. Try basic check with

  $ diff -ur /usr/src/etc/rc.d /etc/rc.d
  $ mergemaster
  $ mergemaster -s

unless someone else can reproduce your issue.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Fw: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Christopher J. Ruwe 
Nearly a week ago I posted this question to freebsd-fs, but probalby my
question is a) worded too complicatedly, b) not really a
filesystem-issue or c) both.

To rephrase: In setups requiring one or more ZFS-dataset to be mounted before 
another service is activated (GELI in my case) and the rest of the ZFS-datasets 
after that service is activated (because they require GELI), it seems to be 
necessary to add a `zfs mount -a` to mountcritlocal. Is this considered correct 
behaviour and wouldn't it make sense to add such a line to mountcritlocal in 
the standard setup?

Thank you, cheers,
-- 
Christopher J. Ruwe
TZ GMT + 2

Begin forwarded message:

Date: Tue, 5 Jul 2011 20:59:48 +0200
From: Christopher J. Ruwe c...@cruwe.de
To: freebsd...@freebsd.org
Subject: zpool-zfs'es on a GELI-encrypted volume are not mounted at
boot [patch included]


I run my notebook under FreeBSD 8.2-stable,  r223699. I have setup my
disks with ZFS so that I boot from a very small rpool and mount
datasets, among these /usr from another pool configured on top of an
AES encrypted GELI.

When installing a new world using this setup, it is necessary to
manually adapt /etc/rc.d/mountcritlocal, mountcritlocal_start() to do a
zfs mount -a. Failing to do so causes my rootpool to be mounted (which
follows from rc.conf), then the GELI volume to be unlocked. After this,
the boot routine hangs, as /usr (which resides) on the encrypted vol,
which is not mounted, as the canonical zfs mounts are mounted before
GELI. 

I cannot imagine that I am the only one to run ZFSes on an encrypted
GELI volume. Am I booting this setup in an inadvisable way, so that I
need to run into problems? If not, then it might be an idea to
include a zfs mount -a in mountcritlocal in the canonical rc.d-setup.

Am I getting this right or could you please comment?

Thank you, cheers,
-- 
Christopher J. Ruwe
TZ GMT + 2
*** /usr/src/etc/rc.d/mountcritlocal	2011-06-30 21:37:46.097575355 +0200
--- /etc/rc.d/mountcritlocal	2011-07-01 18:03:43.518493334 +0200
***
*** 36,41 
--- 36,42 
  	done
  	mount_excludes=${mount_excludes%,}
  	mount -a -t ${mount_excludes}
+ 	zfs mount -a
  	err=$?
  	check_startmsgs  echo '.'
  
___
freebsd...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-fs
To unsubscribe, send any mail to freebsd-fs-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Fw: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Pan Tsu 
Christopher J. Ruwe c...@cruwe.de writes:

 Nearly a week ago I posted this question to freebsd-fs, but probalby my
 question is a) worded too complicatedly, b) not really a
 filesystem-issue or c) both.

 To rephrase: In setups requiring one or more ZFS-dataset to be mounted
 before another service is activated (GELI in my case) and the rest of
 the ZFS-datasets after that service is activated (because they require
 GELI), it seems to be necessary to add a `zfs mount -a` to
 mountcritlocal. Is this considered correct behaviour and wouldn't it
 make sense to add such a line to mountcritlocal in the standard setup?
[...]

Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8)
output rc.d/zfs should come just after rc.d/mountcritlocal.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Christopher J. Ruwe 
On Sun, 10 Jul 2011 16:38:43 +0400
Pan Tsu iny...@gmail.com wrote:

 Christopher J. Ruwe c...@cruwe.de writes:
 
  Nearly a week ago I posted this question to freebsd-fs, but
  probalby my question is a) worded too complicatedly, b) not really a
  filesystem-issue or c) both.
 
  To rephrase: In setups requiring one or more ZFS-dataset to be
  mounted before another service is activated (GELI in my case) and
  the rest of the ZFS-datasets after that service is activated
  (because they require GELI), it seems to be necessary to add a `zfs
  mount -a` to mountcritlocal. Is this considered correct behaviour
  and wouldn't it make sense to add such a line to mountcritlocal in
  the standard setup?
 [...]
 
 Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8)
 output rc.d/zfs should come just after rc.d/mountcritlocal.

zfs_enable=YES is set. rcorder gives curious output, so maybe my etcs are 
wrong?

$ rcorder /etc/rc.d/zfs
rcorder: file `/etc/rc.d/zfs' is before unknown provision `mountlate'
/etc/rc.d/zfs

$ rcorder /etc/rc.d/mountcritlocal
rcorder: requirement `root' in file `/etc/rc.d/mountcritlocal' has no providers.
/etc/rc.d/mountcritlocal

However, I fear I have not made my intent clear. My boot-sequence should be as 
follows (intermittent steps left out):

1) mount zfs root-fs, which is on plain standard zpool A
2) unlock another, GELI-encrypted zpool B
3) mount all other fs (/usr,...), which reside on zpool B

What my system does is first to mount the fs on zpool A, then GELI-unlock and 
then halt because the contents of /usr are not accessible (yet)

What I want my system to do is to first  mount root, then unlock GELI and then 
mount all other remaining fs on zpool B.

I could either mount all remaining zfs'es in mountcritlocal, which
requires another line there, which I have added locally as put in my
patch. I cannot shift the order so that GELI-unlock comes first, because
my keys for GELI reside on /boot, which resides on zpool A.

So, is my setup anything from unfortunate to plain stupid or is
mountcritlocal missing a statement catering for such cases as I
described?

Thank you for your help, cheers,
-- 
Christopher J. Ruwe
TZ GMT + 2


signature.asc
Description: PGP signature

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Jeremy Chadwick 
On Sun, Jul 10, 2011 at 04:05:04PM +0200, Christopher J. Ruwe wrote:
 On Sun, 10 Jul 2011 16:38:43 +0400
 Pan Tsu iny...@gmail.com wrote:
 
  Christopher J. Ruwe c...@cruwe.de writes:
  
   Nearly a week ago I posted this question to freebsd-fs, but
   probalby my question is a) worded too complicatedly, b) not really a
   filesystem-issue or c) both.
  
   To rephrase: In setups requiring one or more ZFS-dataset to be
   mounted before another service is activated (GELI in my case) and
   the rest of the ZFS-datasets after that service is activated
   (because they require GELI), it seems to be necessary to add a `zfs
   mount -a` to mountcritlocal. Is this considered correct behaviour
   and wouldn't it make sense to add such a line to mountcritlocal in
   the standard setup?
  [...]
  
  Have you tried to set zfs_enable=YES in rc.conf? Based on rcorder(8)
  output rc.d/zfs should come just after rc.d/mountcritlocal.
 
 zfs_enable=YES is set. rcorder gives curious output, so maybe my etcs are 
 wrong?
 
 $ rcorder /etc/rc.d/zfs
 rcorder: file `/etc/rc.d/zfs' is before unknown provision `mountlate'
 /etc/rc.d/zfs
 
 $ rcorder /etc/rc.d/mountcritlocal
 rcorder: requirement `root' in file `/etc/rc.d/mountcritlocal' has no 
 providers.
 /etc/rc.d/mountcritlocal

You're using rcorder wrong here.  rcorder /etc/rc.d/* will get you
what you're looking for.  Yes, literally an asterisk.

-- 
| Jeremy Chadwickjdc at parodius.com |
| Parodius Networking   http://www.parodius.com/ |
| UNIX Systems Administrator   Mountain View, CA, US |
| Making life hard for others since 1977.   PGP 4BD6C0CB |

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Christopher J. Ruwe 
On Sun, 10 Jul 2011 07:50:44 -0700
Jeremy Chadwick free...@jdc.parodius.com wrote:

 On Sun, Jul 10, 2011 at 04:05:04PM +0200, Christopher J. Ruwe wrote:
  On Sun, 10 Jul 2011 16:38:43 +0400
  Pan Tsu iny...@gmail.com wrote:
  
   Christopher J. Ruwe c...@cruwe.de writes:
   
Nearly a week ago I posted this question to freebsd-fs, but
probalby my question is a) worded too complicatedly, b) not
really a filesystem-issue or c) both.
   
To rephrase: In setups requiring one or more ZFS-dataset to be
mounted before another service is activated (GELI in my case)
and the rest of the ZFS-datasets after that service is activated
(because they require GELI), it seems to be necessary to add a
`zfs mount -a` to mountcritlocal. Is this considered correct
behaviour and wouldn't it make sense to add such a line to
mountcritlocal in the standard setup?
   [...]
   
   Have you tried to set zfs_enable=YES in rc.conf? Based on
   rcorder(8) output rc.d/zfs should come just after
   rc.d/mountcritlocal.
  
  zfs_enable=YES is set. rcorder gives curious output, so maybe my
  etcs are wrong?
  
  $ rcorder /etc/rc.d/zfs
  rcorder: file `/etc/rc.d/zfs' is before unknown provision
  `mountlate' /etc/rc.d/zfs
  
  $ rcorder /etc/rc.d/mountcritlocal
  rcorder: requirement `root' in file `/etc/rc.d/mountcritlocal' has
  no providers. /etc/rc.d/mountcritlocal
 
 You're using rcorder wrong here.  rcorder /etc/rc.d/* will get you
 what you're looking for.  Yes, literally an asterisk.
 

I see. Thank you. That gives me (I skip the rest after mountcritlocal)

/etc/rc.d/zvol
/etc/rc.d/zfs
/etc/rc.d/dumpon
/etc/rc.d/ddb
/etc/rc.d/initrandom
/etc/rc.d/geli
/etc/rc.d/gbde
/etc/rc.d/encswap
/etc/rc.d/ccd
/etc/rc.d/swap1
/etc/rc.d/fsck
/etc/rc.d/root
/etc/rc.d/hostid_save
/etc/rc.d/mdconfig
/etc/rc.d/mountcritlocal

This makes sense to me and reflects the order I assumed in my description. The 
question remains, however, if my configuration is of any in {unusual, ..., 
stupid} as I require first zfs mount of /, then GELI-unlock and then zfs mount 
of {/usr,/usr/local, ...}.

Anyhow, thanks for setting me up on the proper usage of rcorder.

Cheers, 
-- 
Christopher J. Ruwe
TZ GMT + 2


signature.asc
Description: PGP signature

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Pan Tsu 
Christopher J. Ruwe c...@cruwe.de writes:

[...]
 /etc/rc.d/zvol
 /etc/rc.d/zfs
 /etc/rc.d/dumpon
 /etc/rc.d/ddb
 /etc/rc.d/initrandom
 /etc/rc.d/geli
 /etc/rc.d/gbde
 /etc/rc.d/encswap
 /etc/rc.d/ccd
 /etc/rc.d/swap1
 /etc/rc.d/fsck
 /etc/rc.d/root
 /etc/rc.d/hostid_save
 /etc/rc.d/mdconfig
 /etc/rc.d/mountcritlocal

 This makes sense to me and reflects the order I assumed in my
 description. The question remains, however, if my configuration is of
 any in {unusual, ..., stupid} as I require first zfs mount of /, then
 GELI-unlock and then zfs mount of {/usr,/usr/local, ...}.

Do you mount the root pool over smth else? Otherwise, root should be
mounted by kernel before init(8) is started. And /etc/rc.d doesn't exist
before root is mounted.

I think the correct order is

  0 vfs_mountroot*
  ..
  2 rc.d/zvol (pre v28)
  ..
  6 rc.d/geli
  ..
  15 rc.d/mountcritlocal
  16 rc.d/zfs

where extra datasets from the root pool can be mounted via fstab at
rc.d/mountcritlocal time. Not sure if you import geli pool during boot
or not and leak its configuration via zpool.cache.


 Anyhow, thanks for setting me up on the proper usage of rcorder.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: zpool-zfs'es on a GELI-encrypted volume are not mounted at boot [patch included]

2011-07-10 Thread Doug Barton 
On 07/10/2011 07:05, Christopher J. Ruwe wrote:
 $ rcorder /etc/rc.d/zfs

You want to use: service -r


-- 

Nothin' ever doesn't change, but nothin' changes much.
-- OK Go

Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price.  :)  http://SupersetSolutions.com/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org