diff --git a/Debian-Stretch-Root-on-ZFS.md b/Debian-Stretch-Root-on-ZFS.md index a161dae..2961214 100644 --- a/Debian-Stretch-Root-on-ZFS.md +++ b/Debian-Stretch-Root-on-ZFS.md @@ -58,13 +58,13 @@ If you have a second system, using SSH to access the target system can be conven 2.2 Partition your disk(s): Run this if you need legacy (BIOS) booting: - # sgdisk -a1 -n2:34:2047 -t2:EF02 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -a1 -n1:34:2047 -t1:EF02 /dev/disk/by-id/scsi-SATA_disk1 Run this for UEFI booting (for use now or in the future): - # sgdisk -n3:1M:+512M -t3:EF00 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -n2:1M:+512M -t2:EF00 /dev/disk/by-id/scsi-SATA_disk1 Run these in all cases: - # sgdisk -n1:0:0 -t1:BF01 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -n4:0:0 -t4:BF01 /dev/disk/by-id/scsi-SATA_disk1 Always use the long `/dev/disk/by-id/*` aliases with ZFS. Using the `/dev/sd*` device nodes directly can cause sporadic import failures, especially on systems that have more than one storage pool. @@ -81,17 +81,17 @@ Always use the long `/dev/disk/by-id/*` aliases with ZFS. Using the `/dev/sd*` -O acltype=posixacl -O canmount=off -O compression=lz4 \ -O normalization=formD -O relatime=on -O xattr=sa \ -O mountpoint=/ -R /mnt \ - rpool /dev/disk/by-id/scsi-SATA_disk1-part1 + rpool /dev/disk/by-id/scsi-SATA_disk1-part4 * The use of `ashift=12` is recommended here because many drives today have 4KiB (or larger) physical sectors, even though they present 512B logical sectors. Also, a future replacement drive may have 4KiB physical sectors (in which case `ashift=12` is desirable) or 4KiB logical sectors (in which case `ashift=12` is required). * Setting `-O acltype=posixacl` enables POSIX ACLs globally. If you do not want this, remove that option, but later add `-o acltype=posixacl` (note: lowercase "o") to the `zfs create` for `/var/log`, as [journald requires ACLs](https://askubuntu.com/questions/970886/journalctl-says-failed-to-search-journal-acl-operation-not-supported) * Setting `normalization=formD` eliminates some corner cases relating to UTF-8 filename normalization. It also implies `utf8only=on`, which means that only UTF-8 filenames are allowed. If you care to support non-UTF-8 filenames, do not use this option. For a discussion of why requiring UTF-8 filenames may be a bad idea, see [The problems with enforced UTF-8 only filenames](http://utcc.utoronto.ca/~cks/space/blog/linux/ForcedUTF8Filenames). * Setting `relatime=on` is a middle ground between classic POSIX `atime` behavior (with its significant performance impact) and `atime=off` (which provides the best performance by completely disabling atime updates). Since Linux 2.6.30, `relatime` has been the default for other filesystems. See [RedHat's documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/power_management_guide/relatime) for further information. * Setting `xattr=sa` [vastly improves the performance of extended attributes](https://github.com/zfsonlinux/zfs/commit/82a37189aac955c81a59a5ecc3400475adb56355). Inside ZFS, extended attributes are used to implement POSIX ACLs. Extended attributes can also be used by user-space applications. [They are used by some desktop GUI applications.](https://en.wikipedia.org/wiki/Extended_file_attributes#Linux) [They can be used by Samba to store Windows ACLs and DOS attributes; they are required for a Samba Active Directory domain controller.](https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs) Note that [`xattr=sa` is Linux-specific.](http://open-zfs.org/wiki/Platform_code_differences) If you move your `xattr=sa` pool to another OpenZFS implementation besides ZFS-on-Linux, extended attributes will not be readable (though your data will be). If portability of extended attributes is important to you, omit the `-O xattr=sa` above. Even if you do not want `xattr=sa` for the whole pool, it is probably fine to use it for `/var/log`. -* Make sure to include the `-part1` portion of the drive path. If you forget that, you are specifying the whole disk, which ZFS will then re-partition, and you will lose the bootloader partition(s). +* Make sure to include the `-part4` portion of the drive path. If you forget that, you are specifying the whole disk, which ZFS will then re-partition, and you will lose the bootloader partition(s). **Hints:** -* If you are doing a mirror or raidz topology, create the pool using `zpool create ... rpool mirror /dev/disk/by-id/scsi-SATA_disk1-part1 /dev/disk/by-id/scsi-SATA_disk2-part1` (or replace `mirror` with `raidz`, `raidz2`, or `raidz3` and list the partitions from additional disks). +* If you are doing a mirror or raidz topology, create the pool using `zpool create ... rpool mirror /dev/disk/by-id/scsi-SATA_disk1-part4 /dev/disk/by-id/scsi-SATA_disk2-part4` (or replace `mirror` with `raidz`, `raidz2`, or `raidz3` and list the partitions from additional disks). * The pool name is arbitrary. On systems that can automatically install to ZFS, the root pool is named `rpool` by default. If you work with multiple systems, it might be wise to use `hostname`, `hostname0`, or `hostname-1` instead. ## Step 3: System Installation @@ -244,10 +244,10 @@ Install GRUB to the disk(s), not the partition(s). 4.7b Install GRUB for UEFI booting # apt install dosfstools - # mkdosfs -F 32 -n EFI /dev/disk/by-id/scsi-SATA_disk1-part3 + # mkdosfs -F 32 -n EFI /dev/disk/by-id/scsi-SATA_disk1-part2 # mkdir /boot/efi # echo PARTUUID=$(blkid -s PARTUUID -o value \ - /dev/disk/by-id/scsi-SATA_disk1-part3) \ + /dev/disk/by-id/scsi-SATA_disk1-part2) \ /boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab # mount /boot/efi # apt install --yes grub-efi-amd64 diff --git a/Ubuntu-18.04-Root-on-ZFS.md b/Ubuntu-18.04-Root-on-ZFS.md index 947e5b0..a59ca64 100644 --- a/Ubuntu-18.04-Root-on-ZFS.md +++ b/Ubuntu-18.04-Root-on-ZFS.md @@ -62,21 +62,21 @@ If you have a second system, using SSH to access the target system can be conven 2.2 Partition your disk(s): Run this if you need legacy (BIOS) booting: - # sgdisk -a1 -n2:34:2047 -t2:EF02 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -a1 -n1:34:2047 -t1:EF02 /dev/disk/by-id/scsi-SATA_disk1 Run this for UEFI booting (for use now or in the future): - # sgdisk -n3:1M:+512M -t3:EF00 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -n2:1M:+512M -t2:EF00 /dev/disk/by-id/scsi-SATA_disk1 Choose one of the following options: 2.2a Unencrypted: - # sgdisk -n1:0:0 -t1:BF01 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -n4:0:0 -t4:BF01 /dev/disk/by-id/scsi-SATA_disk1 2.2b LUKS: - # sgdisk -n4:0:+512M -t4:8300 /dev/disk/by-id/scsi-SATA_disk1 - # sgdisk -n1:0:0 -t1:8300 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -n3:0:+512M -t3:8300 /dev/disk/by-id/scsi-SATA_disk1 + # sgdisk -n4:0:0 -t4:8300 /dev/disk/by-id/scsi-SATA_disk1 Always use the long `/dev/disk/by-id/*` aliases with ZFS. Using the `/dev/sd*` device nodes directly can cause sporadic import failures, especially on systems that have more than one storage pool. @@ -95,13 +95,13 @@ Choose one of the following options: -O acltype=posixacl -O canmount=off -O compression=lz4 \ -O normalization=formD -O relatime=on -O xattr=sa \ -O mountpoint=/ -R /mnt \ - rpool /dev/disk/by-id/scsi-SATA_disk1-part1 + rpool /dev/disk/by-id/scsi-SATA_disk1-part4 2.3b LUKS: # cryptsetup luksFormat -c aes-xts-plain64 -s 256 -h sha256 \ - /dev/disk/by-id/scsi-SATA_disk1-part1 - # cryptsetup luksOpen /dev/disk/by-id/scsi-SATA_disk1-part1 luks1 + /dev/disk/by-id/scsi-SATA_disk1-part4 + # cryptsetup luksOpen /dev/disk/by-id/scsi-SATA_disk1-part4 luks1 # zpool create -o ashift=12 \ -O acltype=posixacl -O canmount=off -O compression=lz4 \ -O normalization=formD -O relatime=on -O xattr=sa \ @@ -113,12 +113,12 @@ Choose one of the following options: * Setting `normalization=formD` eliminates some corner cases relating to UTF-8 filename normalization. It also implies `utf8only=on`, which means that only UTF-8 filenames are allowed. If you care to support non-UTF-8 filenames, do not use this option. For a discussion of why requiring UTF-8 filenames may be a bad idea, see [The problems with enforced UTF-8 only filenames](http://utcc.utoronto.ca/~cks/space/blog/linux/ForcedUTF8Filenames). * Setting `relatime=on` is a middle ground between classic POSIX `atime` behavior (with its significant performance impact) and `atime=off` (which provides the best performance by completely disabling atime updates). Since Linux 2.6.30, `relatime` has been the default for other filesystems. See [RedHat's documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/power_management_guide/relatime) for further information. * Setting `xattr=sa` [vastly improves the performance of extended attributes](https://github.com/zfsonlinux/zfs/commit/82a37189aac955c81a59a5ecc3400475adb56355). Inside ZFS, extended attributes are used to implement POSIX ACLs. Extended attributes can also be used by user-space applications. [They are used by some desktop GUI applications.](https://en.wikipedia.org/wiki/Extended_file_attributes#Linux) [They can be used by Samba to store Windows ACLs and DOS attributes; they are required for a Samba Active Directory domain controller.](https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs) Note that [`xattr=sa` is Linux-specific.](http://open-zfs.org/wiki/Platform_code_differences) If you move your `xattr=sa` pool to another OpenZFS implementation besides ZFS-on-Linux, extended attributes will not be readable (though your data will be). If portability of extended attributes is important to you, omit the `-O xattr=sa` above. Even if you do not want `xattr=sa` for the whole pool, it is probably fine to use it for `/var/log`. -* Make sure to include the `-part1` portion of the drive path. If you forget that, you are specifying the whole disk, which ZFS will then re-partition, and you will lose the bootloader partition(s). +* Make sure to include the `-part4` portion of the drive path. If you forget that, you are specifying the whole disk, which ZFS will then re-partition, and you will lose the bootloader partition(s). * For LUKS, the key size chosen is 256 bits. However, XTS mode requires two keys, so the LUKS key is split in half. Thus, `-s 256` means AES-128, which is the LUKS and Ubuntu default. * Your passphrase will likely be the weakest link. Choose wisely. See [section 5 of the cryptsetup FAQ](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#5-security-aspects) for guidance. **Hints:** -* If you are doing a mirror or raidz topology, create the pool using `zpool create ... rpool mirror /dev/disk/by-id/scsi-SATA_disk1-part1 /dev/disk/by-id/scsi-SATA_disk2-part1` (or replace `mirror` with `raidz`, `raidz2`, or `raidz3` and list the partitions from additional disks). +* If you are doing a mirror or raidz topology, create the pool using `zpool create ... rpool mirror /dev/disk/by-id/scsi-SATA_disk1-part4 /dev/disk/by-id/scsi-SATA_disk2-part4` (or replace `mirror` with `raidz`, `raidz2`, or `raidz3` and list the partitions from additional disks). * The pool name is arbitrary. On systems that can automatically install to ZFS, the root pool is named `rpool` by default. If you work with multiple systems, it might be wise to use `hostname`, `hostname0`, or `hostname-1` instead. ## Step 3: System Installation @@ -191,9 +191,9 @@ If you do nothing extra, `/tmp` will be stored as part of the root filesystem. A 3.4 For LUKS installs only: - # mke2fs -t ext2 /dev/disk/by-id/scsi-SATA_disk1-part4 + # mke2fs -t ext2 /dev/disk/by-id/scsi-SATA_disk1-part3 # mkdir /mnt/boot - # mount /dev/disk/by-id/scsi-SATA_disk1-part4 /mnt/boot + # mount /dev/disk/by-id/scsi-SATA_disk1-part3 /mnt/boot 3.5 Install the minimal system: @@ -273,13 +273,13 @@ Even if you prefer a non-English system language, always ensure that `en_US.UTF- 4.7 For LUKS installs only: # echo UUID=$(blkid -s UUID -o value \ - /dev/disk/by-id/scsi-SATA_disk1-part4) \ + /dev/disk/by-id/scsi-SATA_disk1-part3) \ /boot ext2 relatime 0 2 >> /etc/fstab # apt install --yes cryptsetup # echo luks1 UUID=$(blkid -s UUID -o value \ - /dev/disk/by-id/scsi-SATA_disk1-part1) none \ + /dev/disk/by-id/scsi-SATA_disk1-part4) none \ luks,discard,initramfs > /etc/crypttab * The use of `initramfs` is a work-around for [cryptsetup does not support ZFS](https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1612906). @@ -297,10 +297,10 @@ Install GRUB to the disk(s), not the partition(s). 4.8b Install GRUB for UEFI booting # apt install dosfstools - # mkdosfs -F 32 -n EFI /dev/disk/by-id/scsi-SATA_disk1-part3 + # mkdosfs -F 32 -n EFI /dev/disk/by-id/scsi-SATA_disk1-part2 # mkdir /boot/efi # echo PARTUUID=$(blkid -s PARTUUID -o value \ - /dev/disk/by-id/scsi-SATA_disk1-part3) \ + /dev/disk/by-id/scsi-SATA_disk1-part2) \ /boot/efi vfat nofail,x-systemd.device-timeout=1 0 1 >> /etc/fstab # mount /boot/efi # apt install --yes grub-efi-amd64 @@ -438,8 +438,8 @@ If you installed to multiple disks, install GRUB on the additional disks: # umount /boot/efi For the second and subsequent disks (increment ubuntu-2 to -3, etc.): - # dd if=/dev/disk/by-id/scsi-SATA_disk1-part3 \ - of=/dev/disk/by-id/scsi-SATA_disk2-part3 + # dd if=/dev/disk/by-id/scsi-SATA_disk1-part2 \ + of=/dev/disk/by-id/scsi-SATA_disk2-part2 # efibootmgr -c -g -d /dev/disk/by-id/scsi-SATA_disk2 \ -p 3 -L "ubuntu-2" -l '\EFI\Ubuntu\grubx64.efi' @@ -545,7 +545,7 @@ Go through [Step 1: Prepare The Install Environment](#step-1-prepare-the-install This will automatically import your pool. Export it and re-import it to get the mounts right: For LUKS, first unlock the disk: - # cryptsetup luksOpen /dev/disk/by-id/scsi-SATA_disk1-part4 luks1 + # cryptsetup luksOpen /dev/disk/by-id/scsi-SATA_disk1-part3 luks1 # zpool export -a # zpool import -N -R /mnt rpool