Ezjail host: Difference between revisions
Line 61: | Line 61: | ||
WARNING - Don't export ZFS pool "tank"! | WARNING - Don't export ZFS pool "tank"! | ||
[root@rescue ~]# | [root@rescue ~]# | ||
</pre> | </pre> |
Revision as of 10:47, 24 May 2012
Basic install with mfsbsd
After receiving the server from Hetzner I boot it using the rescue system which puts me at an mfsbsd prompt. I then edit the zfsinstall script /root/bin/zfsinstall
and add "usr" to FS_LIST near the top of the script. I do this because I like to have /usr as a seperate ZFS dataset.
I then run the zfsinstall script like below. I am only using 30G so I can get a basic jail host system up and running. The actual jails and data will be on another ZFS pool which will be built on top of an encrypted GELI device.
Note that the disks are new-ish (Power_On_Hours is 73 on both drives according to smartctl, which the mfsbsd author has been clever enough to include on mfsbsd) but I still found an MBR partition that needed to be deleted first. This can be done with the destroygeom command like shown below:
[root@rescue ~]# zfsinstall -d ad4 -d ad6 -r mirror -s 5G -t /nfs/mfsbsd/9.0-amd64-zfs.tar.xz -z 30G Error: /dev/ad4 already contains a partition table. => 63 5860533105 ad4 MBR (2.7T) 63 5860533105 - free - (2.7T) You may erase the partition table manually with the destroygeom command [root@rescue ~]# destroygeom Usage: /root/bin/destroygeom [-h] -d geom [-d geom ...] [-p zpool ...] [root@rescue ~]# destroygeom -d ad4 -d ad6 Destroying geom ad4: Destroying geom ad6: [root@rescue ~]# zfsinstall -d ad4 -d ad6 -r mirror -s 5G -t /nfs/mfsbsd/9.0-amd64-zfs.tar.xz -z 30G Creating GUID partitions on ad4 ... done Configuring ZFS bootcode on ad4 ... done => 34 5860533101 ad4 GPT (2.7T) 34 2014 - free - (1.0M) 2048 128 1 freebsd-boot (64K) 2176 10485760 2 freebsd-swap (5.0G) 10487936 62914560 3 freebsd-zfs (30G) 73402496 5787130639 - free - (2.7T) Creating GUID partitions on ad6 ... done Configuring ZFS bootcode on ad6 ... done => 34 5860533101 ad6 GPT (2.7T) 34 2014 - free - (1.0M) 2048 128 1 freebsd-boot (64K) 2176 10485760 2 freebsd-swap (5.0G) 10487936 62914560 3 freebsd-zfs (30G) 73402496 5787130639 - free - (2.7T) Creating ZFS pool tank on ad4p3 ad6p3 ... done Creating tank root partition: ... done Creating tank partitions: var tmp usr ... done Setting bootfs for tank to tank/root ... done NAME USED AVAIL REFER MOUNTPOINT tank 208K 29.3G 21K none tank/root 88K 29.3G 25K /mnt tank/root/tmp 21K 29.3G 21K /mnt/tmp tank/root/usr 21K 29.3G 21K /mnt/usr tank/root/var 21K 29.3G 21K /mnt/var Extracting FreeBSD distribution ... done Writing /boot/loader.conf... done Writing /etc/fstab...Writing /etc/rc.conf... done Copying /boot/zfs/zpool.cache ... done Installation complete. The system will boot from ZFS with clean install on next reboot You may type "chroot /mnt" and make any adjustments you need. For example, change the root password or edit/create /etc/rc.conf for for system services. WARNING - Don't export ZFS pool "tank"! [root@rescue ~]#
Encrypted zvol
[tykling@latency ~]$ zfs list NAME USED AVAIL REFER MOUNTPOINT zfstank 1.41G 72.9G 21K none zfstank/root 1.41G 72.9G 1.32G / zfstank/root/tmp 35K 72.9G 35K /tmp zfstank/root/var 94.4M 72.9G 94.4M /var [tykling@latency ~]$ sudo zfs create -V 65G zfstank/encrypted [tykling@latency ~]$ zfs list NAME USED AVAIL REFER MOUNTPOINT zfstank 66.4G 7.89G 21K none zfstank/encrypted 65G 72.9G 16K - zfstank/root 1.43G 7.89G 1.34G / zfstank/root/tmp 35K 7.89G 35K /tmp zfstank/root/var 95.2M 7.89G 95.2M /var [tykling@latency ~]$ ls -l /dev/zvol/zfstank/encrypted crw-r----- 1 root operator 0, 81 Dec 8 19:42 /dev/zvol/zfstank/encrypted [tykling@latency ~]$ sudo geli init -s 4096 -K /root/encrypted.key /dev/zvol/zfstank/encrypted Enter new passphrase: Reenter new passphrase: [tykling@latency ~]$ sudo geli attach -k /root/encrypted.key /dev/zvol/zfstank/encrypted Enter passphrase: [tykling@latency ~]$ sudo zpool create cryptopool /dev/zvol/zfstank/encrypted.eli [tykling@latency ~]$ sudo zpool list NAME SIZE USED AVAIL CAP HEALTH ALTROOT cryptopool 64.5G 572K 64.5G 0% ONLINE - zfstank 75.5G 1.73G 73.8G 2% ONLINE - [tykling@latency ~]$ zpool status cryptopool pool: cryptopool state: ONLINE scrub: none requested config: NAME STATE READ WRITE CKSUM cryptopool ONLINE 0 0 0 zvol/zfstank/encrypted.eli ONLINE 0 0 0 errors: No known data errors [tykling@latency ~]$ [tykling@latency ~]$ zfs list NAME USED AVAIL REFER MOUNTPOINT cryptopool 352K 63.5G 112K /cryptopool zfstank 66.9G 7.45G 21K none zfstank/encrypted 65G 72.5G 32K - zfstank/root 1.87G 7.45G 1.78G / zfstank/root/tmp 35K 7.45G 35K /tmp zfstank/root/var 95.3M 7.45G 95.3M /var [tykling@latency ~]$ sudo zfs set mountpoint=none cryptopool [tykling@latency ~]$ sudo zfs create -o compression=gzip -o mountpoint=/usr/jails cryptopool/jails [tykling@latency ~]$ zfs list NAME USED AVAIL REFER MOUNTPOINT cryptopool 536K 63.5G 112K none cryptopool/jails 112K 63.5G 112K /usr/jails zfstank 66.9G 7.44G 21K none zfstank/encrypted 65G 72.4G 2.17M - zfstank/root 1.88G 7.44G 1.79G / zfstank/root/tmp 35K 7.44G 35K /tmp zfstank/root/var 95.3M 7.44G 95.3M /var [tykling@latency ~]$