Skip to content

Instantly share code, notes, and snippets.

@forquare

forquare/FreeBSD 12.1 Manual ZFS no GELI

Created January 5, 2020 20:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save forquare/8049282d742c94b67f08a81d828e8d13 to your computer and use it in GitHub Desktop.
Save forquare/8049282d742c94b67f08a81d828e8d13 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
FreeBSD 12.1 Manual ZFS no GELI
# Booting from: FreeBSD-12.1-RELEASE-amd64-disc1.iso
# SHA256: aa9d34b458826486999ed3e872436b6712ae38cede5ea41de4ab923e3419d461
# We will set up a VERY simple test install
# This will have a ZFS mirror (2x16GB disks)
# There will be NO SWAP
# Install
# Set keyboard to UK
# Hostname: zfs
# No optional system components
# Select shell for disk config
############################################################################################################
# gpart create -s gpt ada0
ada0 created
# gpart create -s gpt ada1
ada1 created
# gpart add -a 4k -t efi -s 200m -l efiboot0 ada0
ada0p1 added
# gpart add -a 1m -t freebsd-swap -s 1g -l swap0 ada0
ada0p2 added
# gpart add -a 1m -t freebsd-zfs -l zfs0 ada0
ada0p3 added
# gpart add -a 4k -t efi -s 200m -l efiboot1 ada1
ada1p1 added
# gpart add -a 1m -t freebsd-swap -s 1g -l swap1 ada1
ada1p2 added
# gpart add -a 1m -t freebsd-zfs -l zfs1 ada1
ada1p3 added
# gpart show
=> 9 444331 cd0 MBR (868M)
9 444331 - free - (868M)
=> 9 444331 iso9660/12_1_RELEASE_AMD64_CD MBR (868M)
9 444331 - free - (868M)
=> 40 33554352 ada0 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
=> 40 33554352 ada1 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
=> 40 33554352 diskid/DISK-VB45c440a1-edf638e6 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
=> 40 33554352 diskid/DISK-VB7c3d3930-0e5e6786 GPT (16G)
40 409600 1 efi (200M)
409640 2008 - free - (1.0M)
411648 2097152 2 freebsd-swap (1.0G)
2508800 31043584 3 freebsd-zfs (15G)
33552384 2008 - free - (1.0M)
# newfs_msdos -F 16 -L EFISYS /dev/ada0p1
/dev/ada0p1: 409360 sectors in 25585 FAT16 clusters (8192 bytes/cluster)
BytesPerSec=512 SecPerClust=16 ResSectors=1 FATs=2 RootDirEnts=512 Media=0xf0 FATsecs=100 SecPerTrack=63 Heads=16 HiddenSecs=0 HugeSectors=409600
# mount_msdosfs /dev/ada0p1 /mnt
# mkdir -p /mnt/efi/boot
# cp /boot/loader.efi /mnt/efi/boot/BOOTx64.efi
# echo BOOTx64.efi
# umount /mnt
# newfs_msdos -F 16 -L EFISYS /dev/ada1p1
/dev/ada1p1: 409360 sectors in 25585 FAT16 clusters (8192 bytes/cluster)
BytesPerSec=512 SecPerClust=16 ResSectors=1 FATs=2 RootDirEnts=512 Media=0xf0 FATsecs=100 SecPerTrack=63 Heads=16 HiddenSecs=0 HugeSectors=409600
# mount_msdosfs /dev/ada1p1 /mnt
# mkdir -p /mnt/efi/boot
# cp /boot/loader.efi /mnt/efi/boot/BOOTx64.efi
# echo BOOTx64.efi
# umount /mnt
# zpool create -o 'altroot=/mnt' -O 'compress=lz4' -O 'atime=off' -m none -f zroot mirror gpt/zfs0 gpt/zfs1
# zfs create -o 'mountpoint=none' zroot/ROOT
# zfs create -o 'mountpoint=/' zroot/ROOT/default
# zfs create -o 'mountpoint=/tmp' -o 'exec=on' -o 'setuid=off' zroot/tmp
# zfs create -o 'mountpoint=/usr' -o 'canmount=off' zroot/usr
# zfs create zroot/usr/home
# zfs create -o 'setuid=off' zroot/usr/ports
# zfs create zroot/usr/src
# zfs create -o 'mountpoint=/var' -o 'canmount=off' zroot/var
# zfs create -o 'exec=off' -o 'setuid=off' zroot/var/audit
# zfs create -o 'exec=off' -o 'setuid=off' zroot/var/crash
# zfs create -o 'exec=off' -o 'setuid=off' zroot/var/log
# zfs create -o 'atime=on' zroot/var/mail
# zfs create -o 'setuid=off' zroot/var/tmp
# zfs set 'mountpoint=/zroot' zroot
# zpool set 'bootfs=zroot/ROOT/default' zroot
# mkdir -p /mnt/boot/zfs/
# zpool set 'cachefile=/mnt/boot/zfs/zpool.cache' zroot
# zfs set 'canmount=noauto' zroot/ROOT/default
# exit
############################################################################################################
# Set root password
# Set up networking
# Disable dumpdev
# Enable all system hardening
# Don't add users
# Exit
# Go into shell
# Enable ZFS in rc.conf:
### zfs_enable=yes
# Set up /boot/loader.conf:
### security.bsd.allow_destructive_dtrace=0
### kern.geom.label.disk_ident.enable="0"
### kern.geom.label.gptid.enable="0"
### opensolaris_load="YES"
### zfs_load="YES"
# Reboot without CD
############################################################################################################
############################################################################################################
# Boot system
# Log into system
# Show zpool status:
root@zfs:~ # zpool status
pool: zroot
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
gpt/zfs0 ONLINE 0 0 0
gpt/zfs1 ONLINE 0 0 0
errors: No known data errors
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment