Author: roberto
Date: Thu May 15 02:27:10 2014
New Revision: 266107
URL: http://svnweb.freebsd.org/changeset/base/266107
Log:
Here is a patch for the bsdinstall root-on-zfs stuff that adds optional
encryption for swap, and optional gmirror for swap (which can be combined)
Submitted by: Allan Jude <free...@allanjude.com>
Requested By: roberto
Sponsored By: ScaleEngine Inc.
MFC after: 2 weeks
Modified:
head/usr.sbin/bsdinstall/scripts/zfsboot
Modified: head/usr.sbin/bsdinstall/scripts/zfsboot
==============================================================================
--- head/usr.sbin/bsdinstall/scripts/zfsboot Thu May 15 01:37:17 2014
(r266106)
+++ head/usr.sbin/bsdinstall/scripts/zfsboot Thu May 15 02:27:10 2014
(r266107)
@@ -108,6 +108,16 @@ f_include $BSDCFG_SHARE/variable.subr
: ${ZFSBOOT_SWAP_SIZE:=2g}
#
+# Should we use geli(8) to encrypt the swap?
+#
+: ${ZFSBOOT_SWAP_ENCRYPTION=}
+
+#
+# Should we use gmirror(8) to mirror the swap?
+#
+: ${ZFSBOOT_SWAP_MIRROR=}
+
+#
# Default ZFS datasets for root zpool
#
# NOTE: Requires /tmp, /var/tmp, /$ZFSBOOT_BOOTFS_NAME/$ZFSBOOT_BOOTFS_NAME
@@ -184,6 +194,7 @@ MOUNT_TYPE='mount -t %s "%s" "%s"'
PRINTF_CONF="printf '%s=\"%%s\"\\\n' %s >> \"%s\""
PRINTF_FSTAB='printf "$FSTAB_FMT" "%s" "%s" "%s" "%s" "%s" "%s" >> "%s"'
SHELL_TRUNCATE=':> "%s"'
+SWAP_GMIRROR_LABEL='gmirror label swap %s'
UMOUNT='umount "%s"'
ZFS_CREATE_WITH_OPTIONS='zfs create %s "%s"'
ZFS_SET='zfs set "%s" "%s"'
@@ -263,6 +274,10 @@ msg_select_a_disk_device="Select a disk
msg_select_virtual_device_type="Select Virtual Device type:"
msg_stripe_desc="Stripe - No Redundancy"
msg_stripe_help="[1+ Disks] Striping provides maximum storage but no
redundancy"
+msg_swap_encrypt="Encrypt Swap?"
+msg_swap_encrypt_help="Encrypt swap partitions with temporary keys, discarded
on reboot"
+msg_swap_mirror="Mirror Swap?"
+msg_swap_mirror_help="Mirror swap partitions for redundancy, breaks crash
dumps"
msg_swap_size="Swap Size"
msg_swap_size_help="Customize how much swap space is allocated to each
selected disk"
msg_these_disks_are_too_small="These disks are too small given the amount of
requested\nswap (%s) and/or geli(8) (%s) partitions, which would\ntake 50%% or
more of each of the following selected disk\ndevices (not recommended):\n\n
%s\n\nRecommend changing partition size(s) and/or selecting a\ndifferent set of
devices."
@@ -285,8 +300,12 @@ dialog_menu_main()
local prompt="$msg_configure_options"
local force4k="$msg_no"
local usegeli="$msg_no"
+ local swapgeli="$msg_no"
+ local swapmirror="$msg_no"
[ "$ZFSBOOT_GNOP_4K_FORCE_ALIGN" ] && force4k="$msg_yes"
[ "$ZFSBOOT_GELI_ENCRYPTION" ] && usegeli="$msg_yes"
+ [ "$ZFSBOOT_SWAP_ENCRYPTION" ] && swapgeli="$msg_yes"
+ [ "$ZFSBOOT_SWAP_MIRROR" ] && swapmirror="$msg_yes"
local disks n
f_count n $ZFSBOOT_DISKS
{ [ $n -eq 1 ] && disks=disk; } || disks=disks # grammar
@@ -309,6 +328,10 @@ dialog_menu_main()
'$msg_partition_scheme_help'
'S $msg_swap_size' '$ZFSBOOT_SWAP_SIZE'
'$msg_swap_size_help'
+ 'M $msg_swap_mirror' '$swapmirror'
+ '$msg_swap_mirror_help'
+ 'W $msg_swap_encrypt' '$swapgeli'
+ '$msg_swap_encrypt_help'
" # END-QUOTE
local defaultitem= # Calculated below
local hline="$hline_alnum_arrows_punc_tab_enter"
@@ -747,14 +770,14 @@ zfs_create_diskpart()
return $FAILURE
# NB: zpool will use the `zfs#' GPT labels
- bootpart=p2 targetpart=p2
+ bootpart=p2 swappart=p2 targetpart=p2
[ ${swapsize:-0} -gt 0 ] && targetpart=p3
#
# Prepare boot pool if enabled (e.g., for geli(8))
#
if [ "$ZFSBOOT_BOOT_POOL" ]; then
- bootpart=p2 targetpart=p3
+ bootpart=p2 swappart=p3 targetpart=p3
[ ${swapsize:-0} -gt 0 ] && targetpart=p4
f_eval_catch $funcname gpart \
"$GPART_ADD_LABEL_WITH_SIZE" boot$index \
@@ -781,12 +804,7 @@ zfs_create_diskpart()
return $FAILURE
# Pedantically nuke any old labels on the swap
f_eval_catch -d $funcname zpool "$ZPOOL_LABELCLEAR_F" \
- /dev/gpt/swap$index
- # Update fstab(5)
- f_eval_catch $funcname printf "$PRINTF_FSTAB" \
- /dev/gpt/swap$index none swap sw 0 0 \
- $BSDINSTALL_TMPETC/fstab ||
- return $FAILURE
+ /dev/$disk$swappart
fi
#
@@ -827,7 +845,7 @@ zfs_create_diskpart()
return $FAILURE
# NB: zpool will use s1a (no labels)
- bootpart=s1a targetpart=s1d mbrindex=4
+ bootpart=s1a swappart=s1b targetpart=s1d mbrindex=4
#
# Always prepare a boot pool on MBR
@@ -858,11 +876,6 @@ zfs_create_diskpart()
# Pedantically nuke any old labels on the swap
f_eval_catch -d $funcname zpool "$ZPOOL_LABELCLEAR_F" \
/dev/${disk}s1b
- # Update fstab(5)
- f_eval_catch $funcname printf "$PRINTF_FSTAB" \
- /dev/${disk}s1b none swap sw 0 0 \
- $BSDINSTALL_TMPETC/fstab ||
- return $FAILURE
fi
#
@@ -879,6 +892,33 @@ zfs_create_diskpart()
esac # $ZFSBOOT_PARTITION_SCHEME
+ # Update fstab(5)
+ if [ "$isswapmirror" ]; then
+ # This is not the first disk in the mirror, do nothing
+ elif [ "$ZFSBOOT_SWAP_ENCRYPTION" -a "$ZFSBOOT_SWAP_MIRROR" ]; then
+ f_eval_catch $funcname printf "$PRINTF_FSTAB" \
+ /dev/mirror/swap.eli none swap sw 0 0 \
+ $BSDINSTALL_TMPETC/fstab ||
+ return $FAILURE
+ isswapmirror=1
+ elif [ "$ZFSBOOT_SWAP_MIRROR" ]; then
+ f_eval_catch $funcname printf "$PRINTF_FSTAB" \
+ /dev/mirror/swap none swap sw 0 0 \
+ $BSDINSTALL_TMPETC/fstab ||
+ return $FAILURE
+ isswapmirror=1
+ elif [ "$ZFSBOOT_SWAP_ENCRYPTION" ]; then
+ f_eval_catch $funcname printf "$PRINTF_FSTAB" \
+ /dev/$disk${swappart}.eli none swap sw 0 0 \
+ $BSDINSTALL_TMPETC/fstab ||
+ return $FAILURE
+ else
+ f_eval_catch $funcname printf "$PRINTF_FSTAB" \
+ /dev/$disk$swappart none swap sw 0 0 \
+ $BSDINSTALL_TMPETC/fstab ||
+ return $FAILURE
+ fi
+
return $SUCCESS
}
@@ -893,10 +933,12 @@ zfs_create_boot()
local zroot_name="$1"
local zroot_vdevtype="$2"
local zroot_vdevs= # Calculated below
+ local swap_devs= # Calculated below
local boot_vdevs= # Used for geli(8) and/or MBR layouts
shift 2 # poolname vdev_type
local disks="$*" disk
- local bootpart targetpart # Set by zfs_create_diskpart() below
+ local isswapmirror
+ local bootpart targetpart swappart # Set by zfs_create_diskpart() below
#
# Pedantic checks; should never be seen
@@ -968,7 +1010,8 @@ zfs_create_boot()
local n=0
for disk in $disks; do
zfs_create_diskpart $disk $n || return $FAILURE
- # Now $bootpart and $targetpart are set (suffix for $disk)
+ # Now $bootpart, $targetpart, and $swappart are set (suffix
+ # for $disk)
# Forced 4k alignment support using Geom NOP (see gnop(8))
if [ "$ZFSBOOT_GNOP_4K_FORCE_ALIGN" ]; then
@@ -1087,6 +1130,16 @@ zfs_create_boot()
return $FAILURE
f_eval_catch -d $funcname umount "$UMOUNT" /mnt # tmpfs
fi
+ #
+ # Create the gmirror(8) GEOMS for swap
+ #
+ if [ "$ZFSBOOT_SWAP_MIRROR" ]; then
+ for disk in $disks; do
+ swap_devs="$swap_devs $disk$swappart"
+ done
+ f_eval_catch $funcname gmirror "$SWAP_GMIRROR_LABEL" \
+ "$swap_devs" || return $FAILURE
+ fi
#
# Create the ZFS root pool with desired type and disk devices
@@ -1215,6 +1268,14 @@ zfs_create_boot()
f_eval_catch $funcname echo "$ECHO_APPEND" \
'kern.geom.label.disk_ident.enable=\"0\"' \
$BSDINSTALL_TMPBOOT/loader.conf.zfs || return $FAILURE
+ f_eval_catch $funcname echo "$ECHO_APPEND" \
+ 'kern.geom.label.gptid.enable=\"0\"' \
+ $BSDINSTALL_TMPBOOT/loader.conf.zfs || return $FAILURE
+
+ if [ "$ZFSBOOT_SWAP_MIRROR" ]; then
+ f_eval_catch $funcname echo "$ECHO_APPEND"
'geom_mirror_load=\"YES\"' \
+ $BSDINSTALL_TMPBOOT/loader.conf.gmirror || return
$FAILURE
+ fi
# We're all done unless we should go on for boot pool
[ "$ZFSBOOT_BOOT_POOL" ] || return $SUCCESS
@@ -1448,6 +1509,22 @@ while :; do
"$ZFSBOOT_SWAP_SIZE" &&
ZFSBOOT_SWAP_SIZE="${input:-0}"
;;
+ ?" $msg_swap_mirror")
+ # Toggle the variable referenced both by the menu and later
+ if [ "$ZFSBOOT_SWAP_MIRROR" ]; then
+ ZFSBOOT_SWAP_MIRROR=
+ else
+ ZFSBOOT_SWAP_MIRROR=1
+ fi
+ ;;
+ ?" $msg_swap_encrypt")
+ # Toggle the variable referenced both by the menu and later
+ if [ "$ZFSBOOT_SWAP_ENCRYPTION" ]; then
+ ZFSBOOT_SWAP_ENCRYPTION=
+ else
+ ZFSBOOT_SWAP_ENCRYPTION=1
+ fi
+ ;;
esac
done
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
