aboutsummaryrefslogtreecommitdiff
path: root/el_GR.ISO8859-7/books/handbook/disks/chapter.xml
diff options
context:
space:
mode:
authorSergio Carlavilla Delgado <carlavilla@FreeBSD.org>2021-01-25 23:31:29 +0000
committerSergio Carlavilla Delgado <carlavilla@FreeBSD.org>2021-01-25 23:31:29 +0000
commit989d921f5d4ac8d8b7c831c13b8954ad1901be24 (patch)
treea5d768f9af4b55422fdf5b17064879ae1c7ce032 /el_GR.ISO8859-7/books/handbook/disks/chapter.xml
parent0cff342f42461c5081b98bce7581f43df319e4f4 (diff)
downloaddoc-989d921f5d4ac8d8b7c831c13b8954ad1901be24.tar.gz
doc-989d921f5d4ac8d8b7c831c13b8954ad1901be24.zip
Migrate doc to Hugo/AsciiDoctor
I'm very pleased to announce the release of our new website and documentation using the new toolchain with Hugo and AsciiDoctor. To get more information about the new toolchain please read the FreeBSD Documentation Project Primer[1], Hugo docs[2] and AsciiDoctor docs[3]. Acknowledgment: Benedict Reuschling <bcr@> Glen Barber <gjb@> Hiroki Sato <hrs@> Li-Wen Hsu <lwhsu@> Sean Chittenden <seanc@> The FreeBSD Foundation [1] https://docs.FreeBSD.org/en/books/fdp-primer/ [2] https://gohugo.io/documentation/ [3] https://docs.asciidoctor.org/home/ Approved by: doceng, core
Diffstat (limited to 'el_GR.ISO8859-7/books/handbook/disks/chapter.xml')
-rw-r--r--el_GR.ISO8859-7/books/handbook/disks/chapter.xml4015
1 files changed, 0 insertions, 4015 deletions
diff --git a/el_GR.ISO8859-7/books/handbook/disks/chapter.xml b/el_GR.ISO8859-7/books/handbook/disks/chapter.xml
deleted file mode 100644
index 55142fd69b..0000000000
--- a/el_GR.ISO8859-7/books/handbook/disks/chapter.xml
+++ /dev/null
@@ -1,4015 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-7"?>
-<!--
-
- Το Εγχειρίδιο του FreeBSD: Αποθηκευτικά Μέσα
-
- The FreeBSD Greek Documentation Project
-
- $FreeBSD$
-
- %SOURCE% en_US.ISO8859-1/books/handbook/disks/chapter.xml
- %SRCID% 43449
-
--->
-<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="disks">
- <title>Αποθηκευτικά Μέσα</title>
-
- <sect1 xml:id="disks-synopsis">
- <title>Σύνοψη</title>
-
-
- <para>Το κεφάλαιο αυτό καλύπτει την χρήση των δίσκων στο &os;.
- Περιλαμβάνει δίσκους που υποστηρίζονται από μνήμη, δίσκους συνδεδεμένους
- απευθείας στο δίκτυο, τις τυπικές συσκευές αποθήκευσης SCSI/IDE, καθώς
- και συσκευές που χρησιμοποιούν διεπαφή USB.</para>
-
- <para>Αφού διαβάσετε αυτό το κεφάλαιο, θα ξέρετε:</para>
- <itemizedlist>
- <listitem><para>Την ορολογία που χρησιμοποιεί το &os; για να περιγράψει
- την οργάνωση των δεδομένων στο φυσικό μέσο του δίσκου
- (partitions - κατατμήσεις - και slices).</para>
- </listitem>
-
- <listitem><para>Πως να προσθέσετε νέους σκληρούς δίσκους στο
- σύστημα σας.</para>
- </listitem>
- <listitem>
- <para>Πως να ρυθμίσετε το &os; να χρησιμοποιεί συσκευές
- αποθήκευσης USB.</para>
- </listitem>
- <listitem><para>Πως να ρυθμίσετε εικονικά συστήματα αρχείων, όπως
- δίσκους που αποθηκεύονται σε μνήμη RAM.</para></listitem>
- <listitem>
- <para>Πως να χρησιμοποιήσετε quotas για να περιορίσετε τη χρήση
- χώρου στο δίσκο.</para>
- </listitem>
- <listitem>
- <para>Πως να κρυπτογραφήσετε δίσκους για να τους ασφαλίσετε
- από επιθέσεις.</para>
- </listitem>
- <listitem>
- <para>Πως να δημιουργήσετε και να γράψετε CD και DVD
- στο &os;.</para>
- </listitem>
- <listitem>
- <para>Πως να χρησιμοποιήσετε προγράμματα λήψης αντιγράφων
- ασφαλείας στο &os;.</para>
- </listitem>
- <listitem>
- <para>Τι είναι οι εικόνες (snapshots) σε ένα σύστημα αρχείων και πως
- να τις χρησιμοποιήσετε αποδοτικά.</para>
- </listitem>
- </itemizedlist>
-
- <para>Πριν διαβάσετε αυτό το κεφάλαιο, θα πρέπει:</para>
-
- <itemizedlist>
- <listitem>
- <para>Να ξέρετε πως να <link linkend="kernelconfig">ρυθμίσετε και
- να εγκαταστήσετε ένα νέο πυρήνα του &os;</link>.</para>
- </listitem>
- </itemizedlist>
- </sect1>
-
- <sect1 xml:id="disks-naming">
- <title>Device Names</title>
-
- <para>The following is a list of physical storage devices
- supported in &os; and their associated device names.</para>
-
- <table xml:id="disk-naming-physical-table" frame="none">
- <title>Physical Disk Naming Conventions</title>
-
- <tgroup cols="2">
- <thead>
- <row>
- <entry>Drive type</entry>
- <entry>Drive device name</entry>
- </row>
- </thead>
-
- <tbody>
- <row>
- <entry>IDE hard drives</entry>
- <entry><literal>ad</literal> or
- <literal>ada</literal></entry>
- </row>
-
- <row>
- <entry>IDE CD-ROM drives</entry>
- <entry><literal>acd</literal> or
- <literal>cd</literal></entry>
- </row>
-
- <row>
- <entry>SATA hard drives</entry>
- <entry><literal>ad</literal> or
- <literal>ada</literal></entry>
- </row>
-
- <row>
- <entry>SATA CD-ROM drives</entry>
- <entry><literal>acd</literal> or
- <literal>cd</literal></entry>
- </row>
-
- <row>
- <entry>SCSI hard drives and USB Mass storage
- devices</entry>
- <entry><literal>da</literal></entry>
- </row>
-
- <row>
- <entry>SCSI CD-ROM drives</entry>
- <entry><literal>cd</literal></entry>
- </row>
-
- <row>
- <entry>Assorted non-standard CD-ROM drives</entry>
- <entry><literal>mcd</literal> for Mitsumi CD-ROM and
- <literal>scd</literal> for Sony CD-ROM devices</entry>
- </row>
-
- <row>
- <entry>Floppy drives</entry>
- <entry><literal>fd</literal></entry>
- </row>
-
- <row>
- <entry>SCSI tape drives</entry>
- <entry><literal>sa</literal></entry>
- </row>
-
- <row>
- <entry>IDE tape drives</entry>
- <entry><literal>ast</literal></entry>
- </row>
-
- <row>
- <entry>Flash drives</entry>
- <entry><literal>fla</literal> for &diskonchip; Flash
- device</entry>
- </row>
-
- <row>
- <entry>RAID drives</entry>
- <entry><literal>aacd</literal> for &adaptec; AdvancedRAID,
- <literal>mlxd</literal> and <literal>mlyd</literal>
- for &mylex;,
- <literal>amrd</literal> for AMI &megaraid;,
- <literal>idad</literal> for Compaq Smart RAID,
- <literal>twed</literal> for &tm.3ware; RAID.</entry>
- </row>
- </tbody>
- </tgroup>
- </table>
- </sect1>
-
- <sect1 xml:id="disks-adding">
- <info>
- <title>Adding Disks</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>David</firstname>
- <surname>O'Brien</surname>
- </personname>
- <contrib>Originally contributed by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>disks</primary>
- <secondary>adding</secondary>
- </indexterm>
-
- <para>This section describes how to add a new
- <acronym>SATA</acronym> disk to a machine that currently only
- has a single drive. First, turn off the computer and install
- the drive in the computer following the instructions of the
- computer, controller, and drive manufacturers. Reboot the
- system and become
- <systemitem class="username">root</systemitem>.</para>
-
- <para>Inspect <filename>/var/run/dmesg.boot</filename> to ensure
- the new disk was found. In this example, the newly added
- <acronym>SATA</acronym> drive will appear as
- <filename>ada1</filename>.</para>
-
- <indexterm><primary>partitions</primary></indexterm>
- <indexterm>
- <primary><command>gpart</command></primary>
- </indexterm>
-
- <para>For this example, a single large partition will be created
- on the new disk. The <link
- xlink:href="http://en.wikipedia.org/wiki/GUID_Partition_Table">
- <acronym>GPT</acronym></link> partitioning scheme will be
- used in preference to the older and less versatile
- <acronym>MBR</acronym> scheme.</para>
-
- <note>
- <para>If the disk to be added is not blank, old partition
- information can be removed with
- <command>gpart delete</command>. See &man.gpart.8; for
- details.</para>
- </note>
-
- <para>The partition scheme is created, and then a single partition
- is added:</para>
-
- <screen>&prompt.root; <userinput>gpart create -s GPT ada1</userinput>
-&prompt.root; <userinput>gpart add -t freebsd-ufs ada1</userinput></screen>
-
- <para>Depending on use, several smaller partitions may be desired.
- See &man.gpart.8; for options to create partitions smaller than
- a whole disk.</para>
-
- <para>A file system is created on the new blank disk:</para>
-
- <screen>&prompt.root; <userinput>newfs -U /dev/ada1p1</userinput></screen>
-
- <para>An empty directory is created as a
- <emphasis>mountpoint</emphasis>, a location for mounting the new
- disk in the original disk's file system:</para>
-
- <screen>&prompt.root; <userinput>mkdir /newdisk</userinput></screen>
-
- <para>Finally, an entry is added to
- <filename>/etc/fstab</filename> so the new disk will be mounted
- automatically at startup:</para>
-
- <programlisting>/dev/ada1p1 /newdisk ufs rw 2 2</programlisting>
-
- <para>The new disk can be mounted manually, without restarting the
- system:</para>
-
- <screen>&prompt.root; <userinput>mount /newdisk</userinput></screen>
- </sect1>
-
- <sect1 xml:id="usb-disks">
- <info>
- <title>USB Storage Devices</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Marc</firstname>
- <surname>Fonvieille</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>USB</primary>
- <secondary>disks</secondary>
- </indexterm>
-
- <para>Many external storage solutions, such as hard drives, USB
- thumbdrives, and CD/DVD burners, use the Universal Serial Bus
- (USB). &os; provides support for these devices.</para>
-
- <sect2>
- <title>Configuration</title>
-
- <para>The USB mass storage devices driver, &man.umass.4;, is
- built into the <filename>GENERIC</filename> kernel and
- provides support for USB storage devices. For a custom
- kernel, be sure that the following lines are present in the
- kernel configuration file:</para>
-
- <programlisting>device scbus
-device da
-device pass
-device uhci
-device ohci
-device ehci
-device usb
-device umass</programlisting>
-
- <para>Since the &man.umass.4; driver uses the SCSI subsystem to
- access the USB storage devices, any USB device will be seen as
- a SCSI device by the system. Depending on the USB chipset on
- the motherboard, <literal>device uhci</literal> or
- <literal>device ohci</literal> is used to provide USB 1.X
- support. Support for USB 2.0 controllers is provided by
- <literal>device ehci</literal>.</para>
-
- <note>
- <para>If the USB device is a CD or DVD burner, &man.cd.4;,
- must be added to the kernel via the line:</para>
-
- <programlisting>device cd</programlisting>
-
- <para>Since the burner is seen as a SCSI drive, the driver
- &man.atapicam.4; should not be used in the kernel
- configuration.</para>
- </note>
- </sect2>
-
- <sect2>
- <title>Testing the Configuration</title>
-
- <para>To test the USB configuration, plug in the USB device. In
- the system message buffer, &man.dmesg.8;, the drive should
- appear as something like:</para>
-
- <screen>umass0: USB Solid state disk, rev 1.10/1.00, addr 2
-GEOM: create disk da0 dp=0xc2d74850
-da0 at umass-sim0 bus 0 target 0 lun 0
-da0: &lt;Generic Traveling Disk 1.11&gt; Removable Direct Access SCSI-2 device
-da0: 1.000MB/s transfers
-da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C)</screen>
-
- <para>The brand, device node (<filename>da0</filename>), and
- other details will differ according to the device.</para>
-
- <para>Since the USB device is seen as a SCSI one,
- <command>camcontrol</command> can be used to list the USB
- storage devices attached to the system:</para>
-
- <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
-&lt;Generic Traveling Disk 1.11&gt; at scbus0 target 0 lun 0 (da0,pass0)</screen>
-
- <para>If the drive comes with a file system, it can be mounted.
- Refer to <xref linkend="disks-adding"/> for
- instructions on how to format and create partitions on the USB
- drive.</para>
-
- <warning>
- <para>Allowing untrusted users to mount arbitrary media, by
- enabling <varname>vfs.usermount</varname> as
- described below, should not be considered safe from a
- security point of view. Most file systems in &os; were not
- built to safeguard against malicious devices.</para>
- </warning>
-
- <para>To make the device mountable as a normal user, one
- solution is to make all users of the device a member of the
- <systemitem class="groupname">operator</systemitem> group
- using &man.pw.8;. Next, ensure that the
- <systemitem class="groupname">operator</systemitem> group is
- able to read and write the device by adding these lines to
- <filename>/etc/devfs.rules</filename>:</para>
-
- <programlisting>[localrules=5]
-add path 'da*' mode 0660 group operator</programlisting>
-
- <note>
- <para>If SCSI disks are installed in the system, change
- the second line as follows:</para>
-
- <programlisting>add path 'da[3-9]*' mode 0660 group operator</programlisting>
-
- <para>This will exclude the first three SCSI disks
- (<filename>da0</filename> to
- <filename>da2</filename>)from belonging to the
- <systemitem class="groupname">operator</systemitem>
- group.</para>
- </note>
-
- <para>Next, enable the &man.devfs.rules.5; ruleset in
- <filename>/etc/rc.conf</filename>:</para>
-
- <programlisting>devfs_system_ruleset="localrules"</programlisting>
-
- <para>Next, instruct the running kernel to allow regular users
- to mount file systems. The easiest way is to add the
- following line to
- <filename>/etc/sysctl.conf</filename>:</para>
-
- <programlisting>vfs.usermount=1</programlisting>
-
- <para>Since this only takes effect after the next reboot use
- &man.sysctl.8; to set this variable now.</para>
-
- <para>The final step is to create a directory where the file
- system is to be mounted. This directory needs to be owned by
- the user that is to mount the file system. One way to do that
- is for <systemitem class="username">root</systemitem> to
- create a subdirectory owned by that user as
- <filename>/mnt/username</filename>. In the following example,
- replace <replaceable>username</replaceable> with the login
- name of the user and <replaceable>usergroup</replaceable> with
- the user's primary group:</para>
-
- <screen>&prompt.root; <userinput>mkdir /mnt/username</userinput>
-&prompt.root; <userinput>chown username:usergroup /mnt/username</userinput></screen>
-
- <para>Suppose a USB thumbdrive is plugged in, and a device
- <filename>/dev/da0s1</filename> appears. If the device is
- preformatted with a FAT file system, it can be mounted
- using:</para>
-
- <screen>&prompt.user; <userinput>mount -t msdosfs -o -m=644,-M=755 /dev/da0s1 /mnt/username</userinput></screen>
-
- <para>Before the device can be unplugged, it
- <emphasis>must</emphasis> be unmounted first. After device
- removal, the system message buffer will show messages similar
- to the following:</para>
-
- <screen>umass0: at uhub0 port 1 (addr 2) disconnected
-(da0:umass-sim0:0:0:0): lost device
-(da0:umass-sim0:0:0:0): removing device entry
-GEOM: destroy disk da0 dp=0xc2d74850
-umass0: detached</screen>
- </sect2>
-
- <sect2>
- <title>Further Reading</title>
-
- <para>Beside the <link linkend="disks-adding">Adding
- Disks</link> and <link linkend="mount-unmount">Mounting and
- Unmounting File Systems</link> sections, reading various
- manual pages may also be useful: &man.umass.4;,
- &man.camcontrol.8;, and &man.usbconfig.8; under &os;&nbsp; 8.X
- or &man.usbdevs.8; under earlier versions of &os;.</para>
- </sect2>
- </sect1>
-
- <sect1 xml:id="creating-cds">
- <info>
- <title>Creating and Using CD Media</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Mike</firstname>
- <surname>Meyer</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>CD-ROMs</primary>
- <secondary>creating</secondary>
- </indexterm>
-
- <sect2>
- <title>Introduction</title>
-
- <para>CD media provide a number of features that differentiate
- them from conventional disks. Initially, they were not
- writable by the user. They are designed so that they can be
- read continuously without delays to move the head between
- tracks. They are also much easier to transport between
- systems.</para>
-
- <para>CD media do have tracks, but this refers to a section of
- data to be read continuously and not a physical property of
- the disk. For example, to produce a CD on &os;, prepare the
- data files that are going to make up the tracks on the CD,
- then write the tracks to the CD.</para>
-
- <indexterm><primary>ISO 9660</primary></indexterm>
- <indexterm>
- <primary>file systems</primary>
- <secondary>ISO 9660</secondary>
- </indexterm>
-
- <para>The ISO 9660 file system was designed to deal with these
- differences. To overcome the original file system limits, it
- provides an extension mechanism that allows properly written
- CDs to exceed those limits while still working with systems
- that do not support those extensions.</para>
-
- <indexterm>
- <primary><package>sysutils/cdrtools</package></primary>
- </indexterm>
-
- <para>The <package>sysutils/cdrtools</package>
- port includes &man.mkisofs.8;, a program that can be used to
- produce a data file containing an ISO 9660 file system. It
- has options that support various extensions, and is described
- below.</para>
-
- <indexterm>
- <primary>CD burner</primary>
- <secondary>ATAPI</secondary>
- </indexterm>
-
- <para>Which tool to use to burn the CD depends on whether the
- CD burner is ATAPI or something else. ATAPI CD burners use
- <command>burncd</command> which is part of the base system.
- SCSI and USB CD burners should use <command>cdrecord</command>
- from the <package>sysutils/cdrtools</package> port. It is
- also possible to use <command>cdrecord</command> and other
- tools for SCSI drives on ATAPI hardware with the
- <link linkend="atapicam">ATAPI/CAM module</link>.</para>
-
- <para>For CD burning software with a graphical user
- interface, consider <application>X-CD-Roast</application> or
- <application>K3b</application>. These tools are available as
- packages or from the <package>sysutils/xcdroast</package> and
- <package>sysutils/k3b</package> ports.
- <application>X-CD-Roast</application> and
- <application>K3b</application> require the
- <link linkend="atapicam">ATAPI/CAM module</link> with ATAPI
- hardware.</para>
- </sect2>
-
- <sect2 xml:id="mkisofs">
- <title><application>mkisofs</application></title>
-
- <para>The <package>sysutils/cdrtools</package>
- port also installs &man.mkisofs.8;, which produces an ISO 9660
- file system that is an image of a directory tree in the &unix;
- file system name space. The simplest usage is:</para>
-
- <screen>&prompt.root; <userinput>mkisofs -o imagefile.iso /path/to/tree</userinput></screen>
-
- <indexterm>
- <primary>file systems</primary>
- <secondary>ISO 9660</secondary>
- </indexterm>
-
- <para>This command creates an
- <replaceable>imagefile.iso</replaceable> containing an ISO
- 9660 file system that is a copy of the tree at
- <replaceable>/path/to/tree</replaceable>. In the process, it
- maps the file names to names that fit the limitations of
- the standard ISO 9660 file system, and will exclude files that
- have names uncharacteristic of ISO file systems.</para>
-
- <indexterm>
- <primary>file systems</primary>
- <secondary>HFS</secondary>
- </indexterm>
- <indexterm>
- <primary>file systems</primary>
- <secondary>Joliet</secondary>
- </indexterm>
- <para>A number of options are available to overcome these
- restrictions. In particular, <option>-R</option> enables the
- Rock Ridge extensions common to &unix; systems,
- <option>-J</option> enables Joliet extensions used by
- Microsoft systems, and <option>-hfs</option> can be used to
- create HFS file systems used by &macos;.</para>
-
- <para>For CDs that are going to be used only on &os; systems,
- <option>-U</option> can be used to disable all filename
- restrictions. When used with <option>-R</option>, it produces
- a file system image that is identical to the specified &os;
- tree, though it may violate the ISO 9660 standard in a number
- of ways.</para>
-
- <indexterm>
- <primary>CD-ROMs</primary>
- <secondary>creating bootable</secondary>
- </indexterm>
- <para>The last option of general use is <option>-b</option>.
- This is used to specify the location of the boot image for use
- in producing an <quote>El Torito</quote> bootable CD. This
- option takes an argument which is the path to a boot image
- from the top of the tree being written to the CD. By default,
- &man.mkisofs.8; creates an ISO image in
- <quote>floppy disk emulation</quote> mode, and thus expects
- the boot image to be exactly 1200, 1440 or 2880&nbsp;KB in
- size. Some boot loaders, like the one used by the &os;
- distribution disks, do not use emulation mode. In this case,
- <option>-no-emul-boot</option> should be used. So, if
- <filename>/tmp/myboot</filename> holds a bootable &os; system
- with the boot image in
- <filename>/tmp/myboot/boot/cdboot</filename>, this command
- would produce the image of an ISO 9660 file system as
- <filename>/tmp/bootable.iso</filename>:</para>
-
- <screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>
-
- <para>If <filename>md</filename> is configured in the
- kernel, the file system can be mounted as a memory disk
- with:</para>
-
- <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
-&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>
-
- <para>One can then verify that <filename>/mnt</filename> and
- <filename>/tmp/myboot</filename> are identical.</para>
-
- <para>There are many other options available for
- &man.mkisofs.8; to fine-tune its behavior. Refer to
- &man.mkisofs.8; for details.</para>
- </sect2>
-
- <sect2 xml:id="burncd">
- <title><application>burncd</application></title>
-
- <indexterm>
- <primary>CD-ROMs</primary>
- <secondary>burning</secondary>
- </indexterm>
- <para>For an ATAPI CD burner, <command>burncd</command> can be
- used to burn an ISO image onto a CD.
- <command>burncd</command> is part of the base system,
- installed as <filename>/usr/sbin/burncd</filename>. Usage is
- very simple, as it has few options:</para>
-
- <screen>&prompt.root; <userinput>burncd -f cddevice data imagefile.iso fixate</userinput></screen>
-
- <para>This command will burn a copy of
- <replaceable>imagefile.iso</replaceable> on
- <replaceable>cddevice</replaceable>. The default device is
- <filename>/dev/acd0</filename>. See &man.burncd.8; for
- options to set the write speed, eject the CD after burning,
- and write audio data.</para>
- </sect2>
-
- <sect2 xml:id="cdrecord">
- <title><application>cdrecord</application></title>
-
- <para>For systems without an ATAPI CD burner,
- <command>cdrecord</command> can be used to burn CDs.
- <command>cdrecord</command> is not part of the base system and
- must be installed from either the
- <package>sysutils/cdrtools</package> package or port. Changes
- to the base system can cause binary versions of this program
- to fail, possibly resulting in a <quote>coaster</quote>. It
- is recommended to either upgrade the port when the system is
- upgraded, or for users
- <link linkend="stable">tracking -STABLE</link>, to upgrade the
- port when a new version becomes available.</para>
-
- <para>While <command>cdrecord</command> has many options, basic
- usage is simple. Burning an ISO 9660 image is done
- with:</para>
-
- <screen>&prompt.root; <userinput>cdrecord dev=device imagefile.iso</userinput></screen>
-
- <para>The tricky part of using <command>cdrecord</command> is
- finding the <option>dev</option> to use. To find the proper
- setting, use <option>-scanbus</option> which might produce
- results like this:</para>
-
- <indexterm>
- <primary>CD-ROMs</primary>
- <secondary>burning</secondary>
- </indexterm>
- <screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
-Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 J&ouml;rg Schilling
-Using libscg version 'schily-0.1'
-scsibus0:
- 0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
- 0,1,0 1) 'SEAGATE ' 'ST39173W ' '5958' Disk
- 0,2,0 2) *
- 0,3,0 3) 'iomega ' 'jaz 1GB ' 'J.86' Removable Disk
- 0,4,0 4) 'NEC ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
- 0,5,0 5) *
- 0,6,0 6) *
- 0,7,0 7) *
-scsibus1:
- 1,0,0 100) *
- 1,1,0 101) *
- 1,2,0 102) *
- 1,3,0 103) *
- 1,4,0 104) *
- 1,5,0 105) 'YAMAHA ' 'CRW4260 ' '1.0q' Removable CD-ROM
- 1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner
- 1,7,0 107) *</screen>
-
- <para>This lists the appropriate <option>dev</option> value for
- the devices on the list. Locate the CD burner, and use the
- three numbers separated by commas as the value for
- <option>dev</option>. In this case, the CRW device is 1,5,0,
- so the appropriate input is <option>dev=1,5,0</option>.
- Refer to &man.cdrecord.1; for easier ways to specify this
- value and for information on writing audio tracks and
- controlling the write speed.</para>
- </sect2>
-
- <sect2 xml:id="duplicating-audiocds">
- <title>Duplicating Audio CDs</title>
-
- <para>To duplicate an audio CD, extract the audio data from the
- CD to a series of files, then write these files to a blank CD.
- The process is slightly different for ATAPI and SCSI
- drives.</para>
-
- <procedure>
- <title>SCSI Drives</title>
-
- <step>
- <para>Use <command>cdda2wav</command> to extract the
- audio:</para>
-
- <screen>&prompt.user; <userinput>cdda2wav -vall -D2,0 -B -Owav</userinput></screen>
- </step>
-
- <step>
- <para>Use <command>cdrecord</command> to write the
- <filename>.wav</filename> files:</para>
-
- <screen>&prompt.user; <userinput>cdrecord -v dev=2,0 -dao -useinfo *.wav</userinput></screen>
-
- <para>Make sure that <replaceable>2,0</replaceable> is set
- appropriately, as described in
- <xref linkend="cdrecord"/>.</para>
- </step>
- </procedure>
-
- <procedure>
- <title>ATAPI Drives</title>
-
- <note>
- <para>With the help of the
- <link linkend="atapicam">ATAPI/CAM module</link>,
- <command>cdda2wav</command> can also be used on ATAPI
- drives. This tool is usually a better choice for most of
- users, as it supports jitter correction and endianness,
- than the method proposed below.</para>
- </note>
-
- <step>
- <para>The ATAPI CD driver makes each track available as
- <filename>/dev/acddtnn</filename>,
- where <replaceable>d</replaceable> is the drive number,
- and <replaceable>nn</replaceable> is the track number
- written with two decimal digits, prefixed with zero as
- needed. So the first track on the first disk is
- <filename>/dev/acd0t01</filename>, the second is
- <filename>/dev/acd0t02</filename>, the third is
- <filename>/dev/acd0t03</filename>, and so on.</para>
-
- <para>Make sure the appropriate files exist in
- <filename>/dev</filename>. If the entries are missing,
- force the system to retaste the media:</para>
-
- <screen>&prompt.root; <userinput>dd if=/dev/acd0 of=/dev/null count=1</userinput></screen>
- </step>
-
- <step>
- <para>Extract each track using &man.dd.1;, making sure to
- specify a block size when extracting the files:</para>
-
- <screen>&prompt.root; <userinput>dd if=/dev/acd0t01 of=track1.cdr bs=2352</userinput>
-&prompt.root; <userinput>dd if=/dev/acd0t02 of=track2.cdr bs=2352</userinput>
-...</screen>
- </step>
-
- <step>
- <para>Burn the extracted files to disk using
- <command>burncd</command>. Specify that these are audio
- files, and that <command>burncd</command> should fixate
- the disk when finished:</para>
-
- <screen>&prompt.root; <userinput>burncd -f /dev/acd0 audio track1.cdr track2.cdr ... fixate</userinput></screen>
- </step>
- </procedure>
- </sect2>
-
- <sect2 xml:id="imaging-cd">
- <title>Duplicating Data CDs</title>
-
- <para>It is possible to copy a data CD to an image file that is
- functionally equivalent to the image file created with
- &man.mkisofs.8;, and then use it to duplicate any data CD.
- The example given here assumes that the CD-ROM device is
- <filename>acd0</filename>. Substitute the correct CD-ROM
- device.</para>
-
- <screen>&prompt.root; <userinput>dd if=/dev/acd0 of=file.iso bs=2048</userinput></screen>
-
- <para>Now that there is an image, it can be burned to CD as
- described above.</para>
- </sect2>
-
- <sect2 xml:id="mounting-cd">
- <title>Using Data CDs</title>
-
- <para>It is possible to mount and read the data on a standard
- data CD. By default, &man.mount.8; assumes that a file system
- is of type <literal>ufs</literal>. Running this
- command:</para>
-
- <screen>&prompt.root; <userinput>mount /dev/cd0 /mnt</userinput></screen>
-
- <para>will generate an error about <errorname>Incorrect super
- block</errorname>, and will fail to mount the CD. The CD
- does not use the <literal>UFS</literal> file system, so
- attempts to mount it as such will fail. Instead, tell
- &man.mount.8; that the file system is of type
- <literal>ISO9660</literal> by specifying
- <option>-t cd9660</option> to &man.mount.8;. For example,
- to mount the CD-ROM device, <filename>/dev/cd0</filename>,
- under <filename>/mnt</filename>,
- use:</para>
-
- <screen>&prompt.root; <userinput>mount -t cd9660 /dev/cd0 /mnt</userinput></screen>
-
- <para>Replace <filename>/dev/cd0</filename> with the device
- name for the CD device. Also, <option>-t cd9660</option>
- executes &man.mount.cd9660.8;, meaning the above command is
- equivalent to:</para>
-
- <screen>&prompt.root; <userinput>mount_cd9660 /dev/cd0 /mnt</userinput></screen>
-
- <para>While data CD-ROMs from any vendor can be mounted this
- way, disks with certain ISO 9660 extensions might behave
- oddly. For example, Joliet disks store all filenames in
- two-byte Unicode characters. The &os; kernel does not speak
- Unicode, but the &os; CD9660 driver is able to convert Unicode
- characters on the fly. If some non-English characters show up
- as question marks, specify the local charset with
- <option>-C</option>. For more information, refer to
- &man.mount.cd9660.8;.</para>
-
- <note>
- <para>In order to do this character conversion with the help
- of <option>-C</option>, the kernel requires the
- <filename>cd9660_iconv.ko</filename> module to be loaded.
- This can be done either by adding this line to
- <filename>loader.conf</filename>:</para>
-
- <programlisting>cd9660_iconv_load="YES"</programlisting>
-
- <para>and then rebooting the machine, or by directly loading
- the module with &man.kldload.8;.</para>
- </note>
-
- <para>Occasionally, <errorname>Device not configured</errorname>
- will be displayed when trying to mount a CD-ROM. This
- usually means that the CD-ROM drive thinks that there is no
- disk in the tray, or that the drive is not visible on the bus.
- It can take a couple of seconds for a CD-ROM drive to realize
- that a media is present, so be patient.</para>
-
- <para>Sometimes, a SCSI CD-ROM may be missed because it did not
- have enough time to answer the bus reset. To resolve this,
- add the following option to the kernel configuration and
- <link linkend="kernelconfig-building">rebuild the
- kernel</link>.</para>
-
- <programlisting>options SCSI_DELAY=15000</programlisting>
-
- <para>This tells the SCSI bus to pause 15 seconds during boot,
- to give the CD-ROM drive every possible chance to answer the
- bus reset.</para>
- </sect2>
-
- <sect2 xml:id="rawdata-cd">
- <title>Burning Raw Data CDs</title>
-
- <para>It is possible to burn a file directly to CD, without
- creating an ISO 9660 file system. Some people do this for
- backup purposes. This command runs more quickly than burning
- a standard CD:</para>
-
- <screen>&prompt.root; <userinput>burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate</userinput></screen>
-
- <para>In order to retrieve the data burned to such a CD, the
- data must be read from the raw device node:</para>
-
- <screen>&prompt.root; <userinput>tar xzvf /dev/acd1</userinput></screen>
-
- <para>This type of disk can not be mounted as a normal CD-ROM
- and the data cannot be read under any operating system except
- &os;. In order to mount the CD, or to share the data with
- another operating system, &man.mkisofs.8; must be used as
- described above.</para>
- </sect2>
-
- <sect2 xml:id="atapicam">
- <info>
- <title>Using the ATAPI/CAM Driver</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Marc</firstname>
- <surname>Fonvieille</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>CD burner</primary>
- <secondary>ATAPI/CAM driver</secondary>
- </indexterm>
-
- <para>This driver allows ATAPI devices, such as CD/DVD drives,
- to be accessed through the SCSI subsystem, and so allows the
- use of applications like <package>sysutils/cdrdao</package> or
- &man.cdrecord.1;.</para>
-
- <para>To use this driver, add the following line to
- <filename>/boot/loader.conf</filename>:</para>
-
- <programlisting>atapicam_load="YES"</programlisting>
-
- <para>then, reboot the system.</para>
-
- <note>
- <para>Users who prefer to statically compile &man.atapicam.4;
- support into the kernel, should add this line to the
- kernel configuration file:</para>
-
- <programlisting>device atapicam</programlisting>
-
- <para>Ensure the following lines are still in the kernel
- configuration file:</para>
-
- <programlisting>device ata
-device scbus
-device cd
-device pass</programlisting>
-
- <para>Then rebuild, install the new kernel, and reboot the
- machine.</para>
- </note>
-
- <para>During the boot process, the burner should show up, like
- so:</para>
-
- <screen>acd0: CD-RW &lt;MATSHITA CD-RW/DVD-ROM UJDA740&gt; at ata1-master PIO4
-cd0 at ata1 bus 0 target 0 lun 0
-cd0: &lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; Removable CD-ROM SCSI-0 device
-cd0: 16.000MB/s transfers
-cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed</screen>
-
- <para>The drive can now be accessed via the
- <filename>/dev/cd0</filename> device name. For example, to
- mount a CD-ROM on <filename>/mnt</filename>,
- type the following:</para>
-
- <screen>&prompt.root; <userinput>mount -t cd9660 /dev/cd0 /mnt</userinput></screen>
-
- <para>As <systemitem class="username">root</systemitem>, run the
- following command to get the SCSI address of the
- burner:</para>
-
- <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
-&lt;MATSHITA CDRW/DVD UJDA740 1.00&gt; at scbus1 target 0 lun 0 (pass0,cd0)</screen>
-
- <para>In this example, <literal>1,0,0</literal> is the SCSI
- address to use with &man.cdrecord.1; and other SCSI
- applications.</para>
-
- <para>For more information about ATAPI/CAM and SCSI system,
- refer to &man.atapicam.4; and &man.cam.4;.</para>
- </sect2>
- </sect1>
-
- <sect1 xml:id="creating-dvds">
- <info>
- <title>Creating and Using DVD Media</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Marc</firstname>
- <surname>Fonvieille</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- <authorgroup>
- <author>
- <personname>
- <firstname>Andy</firstname>
- <surname>Polyakov</surname>
- </personname>
- <contrib>With inputs from </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>DVD</primary>
- <secondary>burning</secondary>
- </indexterm>
-
- <sect2>
- <title>Introduction</title>
-
- <para>Compared to the CD, the DVD is the next generation of
- optical media storage technology. The DVD can hold more data
- than any CD and is the standard for video publishing.</para>
-
- <para>Five physical recordable formats can be defined for a
- recordable DVD:</para>
-
- <itemizedlist>
- <listitem>
- <para>DVD-R: This was the first DVD recordable format
- available. The DVD-R standard is defined by the
- <link xlink:href="http://www.dvdforum.com/forum.shtml">DVD
- Forum</link>. This format is write once.</para>
- </listitem>
-
- <listitem>
- <para>DVD-RW: This is the rewritable version of the
- DVD-R standard. A DVD-RW can be rewritten about 1000
- times.</para>
- </listitem>
-
- <listitem>
- <para>DVD-RAM: This is a rewritable format which can be seen
- as a removable hard drive. However, this media is not
- compatible with most DVD-ROM drives and DVD-Video players
- as only a few DVD writers support the DVD-RAM format.
- Refer to <xref linkend="creating-dvd-ram"/> for more
- information on DVD-RAM use.</para>
- </listitem>
-
- <listitem>
- <para>DVD+RW: This is a rewritable format defined by
- the <link xlink:href="http://www.dvdrw.com/">DVD+RW
- Alliance</link>. A DVD+RW can be rewritten about 1000
- times.</para>
- </listitem>
-
- <listitem>
- <para>DVD+R: This format is the write once variation
- of the DVD+RW format.</para>
- </listitem>
- </itemizedlist>
-
- <para>A single layer recordable DVD can hold up to
- 4,700,000,000&nbsp;bytes which is actually 4.38&nbsp;GB or
- 4485&nbsp;MB as 1 kilobyte is 1024 bytes.</para>
-
- <note>
- <para>A distinction must be made between the physical media
- and the application. For example, a DVD-Video is a specific
- file layout that can be written on any recordable DVD
- physical media such as DVD-R, DVD+R, or DVD-RW. Before
- choosing the type of media, ensure that both the burner and
- the DVD-Video player are compatible with the media under
- consideration.</para>
- </note>
- </sect2>
-
- <sect2>
- <title>Configuration</title>
-
- <para>To perform DVD recording, use &man.growisofs.1;. This
- command is part of the
- <package>sysutils/dvd+rw-tools</package> utilities which
- support all DVD media types.</para>
-
- <para>These tools use the SCSI subsystem to access the devices,
- therefore <link linkend="atapicam">ATAPI/CAM support</link>
- must be loaded or statically compiled into the kernel. This
- support is not needed if the burner uses the USB interface.
- Refer to <xref linkend="usb-disks"/> for more details
- on USB device configuration.</para>
-
- <para>DMA access must also be enabled for ATAPI devices, by
- adding the following line to
- <filename>/boot/loader.conf</filename>:</para>
-
- <programlisting>hw.ata.atapi_dma="1"</programlisting>
-
- <para>Before attempting to use
- <application>dvd+rw-tools</application>, consult the <link
- xlink:href="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">Hardware
- Compatibility Notes</link>.</para>
-
- <note>
- <para>For a graphical user interface, consider using
- <package>sysutils/k3b</package> which provides a user
- friendly interface to &man.growisofs.1; and many other
- burning tools.</para>
- </note>
- </sect2>
-
- <sect2>
- <title>Burning Data DVDs</title>
-
- <para>Since &man.growisofs.1; is a front-end to
- <link linkend="mkisofs">mkisofs</link>, it will invoke
- &man.mkisofs.8; to create the file system layout and perform
- the write on the DVD. This means that an image of the data
- does not need to be created before the burning process.</para>
-
- <para>To burn to a DVD+R or a DVD-R the data in
- <filename>/path/to/data</filename>,
- use the following command:</para>
-
- <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z /dev/cd0 -J -R /path/to/data</userinput></screen>
-
- <para>In this example, <option>-J -R</option> is passed to
- &man.mkisofs.8; to create an ISO 9660 file system with Joliet
- and Rock Ridge extensions. Refer to &man.mkisofs.8; for more
- details.</para>
-
- <para>For the initial session recording, <option>-Z</option> is
- used for both single and multiple sessions. Replace
- <replaceable>/dev/cd0</replaceable>, with the name of the DVD
- device. Using <option>-dvd-compat</option> indicates that the
- disk will be closed and that the recording will be
- unappendable. This should also provide better media
- compatibility with DVD-ROM drives.</para>
-
- <para>To burn a pre-mastered image, such as
- <replaceable>imagefile.iso</replaceable>, use:</para>
-
- <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z /dev/cd0=imagefile.iso</userinput></screen>
-
- <para>The write speed should be detected and automatically set
- according to the media and the drive being used. To force the
- write speed, use <option>-speed=</option>. Refer to
- &man.growisofs.1; for example usage.</para>
-
- <note>
- <para>In order to support working files larger than 4.38GB, an
- UDF/ISO-9660 hybrid filesystem must be created by passing
- <option>-udf -iso-level 3</option> to &man.mkisofs.8; and
- all related programs, such as &man.growisofs.1;. This is
- required only when creating an ISO image file or when
- writing files directly to a disk. Since a disk created this
- way must be mounted as an UDF filesystem with
- &man.mount.udf.8;, it will be usable only on an UDF aware
- operating system. Otherwise it will look as if it contains
- corrupted files.</para>
-
- <para>To create this type of ISO file:</para>
-
- <screen>&prompt.user; <userinput>mkisofs -R -J -udf -iso-level 3 -o imagefile.iso /path/to/data</userinput></screen>
-
- <para>To burn files directly to a disk:</para>
-
- <screen>&prompt.root; <userinput>growisofs -dvd-compat -udf -iso-level 3 -Z /dev/cd0 -J -R /path/to/data</userinput></screen>
-
- <para>When an ISO image already contains large files, no
- additional options are required for &man.growisofs.1; to
- burn that image on a disk.</para>
-
- <para>Be sure to use an up-to-date version of
- <package>sysutils/cdrtools</package>, which contains
- &man.mkisofs.8;, as an older version may not contain large
- files support. If the latest version does not work, install
- <package>sysutils/cdrtools-devel</package> and read its
- &man.mkisofs.8;.</para>
- </note>
- </sect2>
-
- <sect2>
- <title>Burning a DVD-Video</title>
-
- <indexterm>
- <primary>DVD</primary>
- <secondary>DVD-Video</secondary>
- </indexterm>
-
- <para>A DVD-Video is a specific file layout based on the ISO
- 9660 and micro-UDF (M-UDF) specifications. Since DVD-Video
- presents a specific data structure hierarchy, a particular
- program such as <package>multimedia/dvdauthor</package> is
- needed to author the DVD.</para>
-
- <para>If an image of the DVD-Video file system already exists,
- it can be burned in the same way as any other image. If
- <command>dvdauthor</command> was used to make the DVD and the
- result is in <filename>/path/to/video</filename>, the
- following command should be used to burn the DVD-Video:</para>
-
- <screen>&prompt.root; <userinput>growisofs -Z /dev/cd0 -dvd-video /path/to/video</userinput></screen>
-
- <para><option>-dvd-video</option> is passed to &man.mkisofs.8;
- to instruct it to create a DVD-Video file system layout.
- This option implies the <option>-dvd-compat</option>
- &man.growisofs.1; option.</para>
- </sect2>
-
- <sect2>
- <title>Using a DVD+RW</title>
-
- <indexterm>
- <primary>DVD</primary>
- <secondary>DVD+RW</secondary>
- </indexterm>
-
- <para>Unlike CD-RW, a virgin DVD+RW needs to be formatted before
- first use. It is <emphasis>recommended</emphasis> to let
- &man.growisofs.1; take care of this automatically whenever
- appropriate. However, it is possible to use
- <command>dvd+rw-format</command> to format the DVD+RW:</para>
-
- <screen>&prompt.root; <userinput>dvd+rw-format /dev/cd0</userinput></screen>
-
- <para>Only perform this operation once and keep in mind that
- only virgin DVD+RW medias need to be formatted. Once
- formatted, the DVD+RW can be burned as usual.</para>
-
- <para>To burn a totally new file system and not just append some
- data onto a DVD+RW, the media does not need to be blanked
- first. Instead, write over the previous recording like
- this:</para>
-
- <screen>&prompt.root; <userinput>growisofs -Z /dev/cd0 -J -R /path/to/newdata</userinput></screen>
-
- <para>The DVD+RW format supports appending data to a previous
- recording. This operation consists of merging a new session
- to the existing one as it is not considered to be
- multi-session writing. &man.growisofs.1; will
- <emphasis>grow</emphasis> the ISO 9660 file system present on
- the media.</para>
-
- <para>For example, to append data to a DVD+RW, use the
- following:</para>
-
- <screen>&prompt.root; <userinput>growisofs -M /dev/cd0 -J -R /path/to/nextdata</userinput></screen>
-
- <para>The same &man.mkisofs.8; options used to burn the
- initial session should be used during next writes.</para>
-
- <note>
- <para>Use <option>-dvd-compat</option> for better media
- compatibility with DVD-ROM drives. When using DVD+RW, this
- option will not prevent the addition of data.</para>
- </note>
-
- <para>To blank the media, use:</para>
-
- <screen>&prompt.root; <userinput>growisofs -Z /dev/cd0=/dev/zero</userinput></screen>
- </sect2>
-
- <sect2>
- <title>Using a DVD-RW</title>
-
- <indexterm>
- <primary>DVD</primary>
- <secondary>DVD-RW</secondary>
- </indexterm>
-
- <para>A DVD-RW accepts two disc formats: incremental sequential
- and restricted overwrite. By default, DVD-RW discs are in
- sequential format.</para>
-
- <para>A virgin DVD-RW can be directly written without being
- formatted. However, a non-virgin DVD-RW in sequential format
- needs to be blanked before writing a new initial
- session.</para>
-
- <para>To blank a DVD-RW in sequential mode:</para>
-
- <screen>&prompt.root; <userinput>dvd+rw-format -blank=full /dev/cd0</userinput></screen>
-
- <note>
- <para>A full blanking using <option>-blank=full</option> will
- take about one hour on a 1x media. A fast blanking can be
- performed using <option>-blank</option>, if the DVD-RW will
- be recorded in Disk-At-Once (DAO) mode. To burn the DVD-RW
- in DAO mode, use the command:</para>
-
- <screen>&prompt.root; <userinput>growisofs -use-the-force-luke=dao -Z /dev/cd0=imagefile.iso</userinput></screen>
-
- <para>Since &man.growisofs.1; automatically attempts to detect
- fast blanked media and engage DAO write,
- <option>-use-the-force-luke=dao</option> should not be
- required.</para>
-
- <para>One should instead use restricted overwrite mode with
- any DVD-RW as this format is more flexible than the default
- of incremental sequential.</para>
- </note>
-
- <para>To write data on a sequential DVD-RW, use the same
- instructions as for the other DVD formats:</para>
-
- <screen>&prompt.root; <userinput>growisofs -Z /dev/cd0 -J -R /path/to/data</userinput></screen>
-
- <para>To append some data to a previous recording, use
- <option>-M</option> with &man.growisofs.1;. However, if data
- is appended on a DVD-RW in incremental sequential mode, a new
- session will be created on the disc and the result will be a
- multi-session disc.</para>
-
- <para>A DVD-RW in restricted overwrite format does not need to
- be blanked before a new initial session. Instead, overwrite
- the disc with <option>-Z</option>. It is also possible to
- grow an existing ISO 9660 file system written on the disc with
- <option>-M</option>. The result will be a one-session
- DVD.</para>
-
- <para>To put a DVD-RW in restricted overwrite format, the
- following command must be used:</para>
-
- <screen>&prompt.root; <userinput>dvd+rw-format /dev/cd0</userinput></screen>
-
- <para>To change back to sequential format, use:</para>
-
- <screen>&prompt.root; <userinput>dvd+rw-format -blank=full /dev/cd0</userinput></screen>
- </sect2>
-
- <sect2>
- <title>Multi-Session</title>
-
- <para>Few DVD-ROM drives support multi-session DVDs and most of
- the time only read the first session. DVD+R, DVD-R and DVD-RW
- in sequential format can accept multiple sessions. The notion
- of multiple sessions does not exist for the DVD+RW and the
- DVD-RW restricted overwrite formats.</para>
-
- <para>Using the following command after an initial non-closed
- session on a DVD+R, DVD-R, or DVD-RW in sequential format,
- will add a new session to the disc:</para>
-
- <screen>&prompt.root; <userinput>growisofs -M /dev/cd0 -J -R /path/to/nextdata</userinput></screen>
-
- <para>Using this command with a DVD+RW or a DVD-RW in restricted
- overwrite mode will append data while merging the new session
- to the existing one. The result will be a single-session
- disc. Use this method to add data after an initial write on
- these types of media.</para>
-
- <note>
- <para>Since some space on the media is used between each
- session to mark the end and start of sessions, one should
- add sessions with a large amount of data to optimize media
- space. The number of sessions is limited to 154 for a
- DVD+R, about 2000 for a DVD-R, and 127 for a DVD+R Double
- Layer.</para>
- </note>
- </sect2>
-
- <sect2>
- <title>For More Information</title>
-
- <para>To obtain more information about a DVD, use
- <command>dvd+rw-mediainfo
- /dev/cd0</command> while the disc
- in the specified drive.</para>
-
- <para>More information about
- <application>dvd+rw-tools</application> can be found in
- &man.growisofs.1;, on the <link
- xlink:href="http://fy.chalmers.se/~appro/linux/DVD+RW/">dvd+rw-tools
- web site</link>, and in the <link
- xlink:href="http://lists.debian.org/cdwrite/">cdwrite
- mailing list</link> archives.</para>
-
- <note>
- <para>When creating a problem report related to the use of
- <application>dvd+rw-tools</application>, always include the
- output of <command>dvd+rw-mediainfo</command>.</para>
- </note>
- </sect2>
-
- <sect2 xml:id="creating-dvd-ram">
- <title>Using a DVD-RAM</title>
-
- <indexterm>
- <primary>DVD</primary>
- <secondary>DVD-RAM</secondary>
- </indexterm>
-
- <sect3>
- <title>Configuration</title>
-
- <para>DVD-RAM writers can use either a SCSI or ATAPI
- interface. For ATAPI devices, DMA access has to be
- enabled by adding the following line to
- <filename>/boot/loader.conf</filename>:</para>
-
- <programlisting>hw.ata.atapi_dma="1"</programlisting>
- </sect3>
-
- <sect3>
- <title>Preparing the Media</title>
-
- <para>A DVD-RAM can be seen as a removable hard drive. Like
- any other hard drive, the DVD-RAM must be formatted before
- it can be used. In this example, the whole disk space will
- be formatted with a standard UFS2 file system:</para>
-
- <screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/acd0 bs=2k count=1</userinput>
-&prompt.root; <userinput>bsdlabel -Bw acd0</userinput>
-&prompt.root; <userinput>newfs /dev/acd0</userinput></screen>
-
- <para>The DVD device, <filename>acd0</filename>, must be
- changed according to the configuration.</para>
- </sect3>
-
- <sect3>
- <title>Using the Media</title>
-
- <para>Once the DVD-RAM has been formatted, it can be mounted
- as a normal hard drive:</para>
-
- <screen>&prompt.root; <userinput>mount /dev/acd0 /mnt</userinput></screen>
-
- <para>Once mounted, the DVD-RAM will be both readable and
- writeable.</para>
- </sect3>
- </sect2>
- </sect1>
-
- <sect1 xml:id="floppies">
- <info>
- <title>Creating and Using Floppy Disks</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Julio</firstname>
- <surname>Merino</surname>
- </personname>
- <contrib>Original work by </contrib>
- </author>
- </authorgroup>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Martin</firstname>
- <surname>Karlsson</surname>
- </personname>
- <contrib>Rewritten by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <para>Storing data on floppy disks is sometimes useful, for
- example when one does not have any other removable storage media
- or when one needs to transfer small amounts of data to another
- computer.</para>
-
- <para>This section explains how to use floppy disks in &os;. It
- covers formatting and usage of 3.5inch DOS floppies, but the
- concepts are similar for other floppy disk formats.</para>
-
- <sect2>
- <title>Formatting Floppies</title>
-
- <sect3>
- <title>The Device</title>
-
- <para>Floppy disks are accessed through entries in
- <filename>/dev</filename>, just like other
- devices. To access the raw floppy disk, simply use
- <filename>/dev/fdN</filename>.</para>
- </sect3>
-
- <sect3>
- <title>Formatting</title>
-
- <para>A floppy disk needs to be low-level formatted before it
- can be used. This is usually done by the vendor, but
- formatting is a good way to check media integrity. Although
- it is possible to force other disk sizes, 1440kB is what
- most floppy disks are designed for.</para>
-
- <para>To low-level format the floppy disk, use
- &man.fdformat.1;. This utility expects the device name as
- an argument.</para>
-
- <para>Make note of any error messages, as these can help
- determine if the disk is good or bad.</para>
-
- <sect4>
- <title>Formatting Floppy Disks</title>
-
- <para>To format the floppy, insert a new 3.5inch floppy
- disk into the first floppy drive and issue:</para>
-
- <screen>&prompt.root; <userinput>/usr/sbin/fdformat -f 1440 /dev/fd0</userinput></screen>
- </sect4>
- </sect3>
- </sect2>
-
- <sect2>
- <title>The Disk Label</title>
-
- <para>After low-level formatting the disk, a disk label needs to
- placed on it. This disk label will be destroyed later, but
- it is needed by the system to determine the size of the disk
- and its geometry.</para>
-
- <para>The new disk label will take over the whole disk and will
- contain all the proper information about the geometry of the
- floppy. The geometry values for the disk label are listed in
- <filename>/etc/disktab</filename>.</para>
-
- <para>To write the disk label, use &man.bsdlabel.8;:</para>
-
- <screen>&prompt.root; <userinput>/sbin/bsdlabel -B -w /dev/fd0 fd1440</userinput></screen>
- </sect2>
-
- <sect2>
- <title>The File System</title>
-
- <para>The floppy is now ready to be high-level formatted. This
- will place a new file system on it so that &os; can read and
- write to the disk. Since creating the new file system
- destroys the disk label, the disk label needs to be recreated
- whenever the disk is reformatted.</para>
-
- <para>The floppy's file system can be either UFS or FAT.
- FAT is generally a better choice for floppies.</para>
-
- <para>To put a new file system on the floppy, issue:</para>
-
- <screen>&prompt.root; <userinput>/sbin/newfs_msdos /dev/fd0</userinput></screen>
-
- <para>The disk is now ready for use.</para>
- </sect2>
-
- <sect2>
- <title>Using the Floppy</title>
-
- <para>To use the floppy, mount it with &man.mount.msdosfs.8;.
- One can also use
- <package>emulators/mtools</package> from the
- Ports Collection.</para>
- </sect2>
- </sect1>
-
- <sect1 xml:id="backups-tapebackups">
- <title>Creating and Using Data Tapes</title>
-
- <indexterm><primary>tape media</primary></indexterm>
-
- <para>Tape technology has continued to evolve but is less likely
- to be used in a modern system. Modern backup systems tend to
- use off site combined with local removable disk drive
- technologies. Still, &os; will support any tape drive that
- uses SCSI, such as LTO and older devices such as DAT. There is
- limited support for SATA and USB tape drives.</para>
-
- <sect2 xml:id="tapes-sa0">
- <title>Serial Access with &man.sa.4;</title>
-
- <indexterm>
- <primary>tape drives</primary>
- </indexterm>
-
- <para>&os; uses the &man.sa.4; driver, providing
- <filename>/dev/sa0</filename>,
- <filename>/dev/nsa0</filename>, and
- <filename>/dev/esa0</filename>. In normal use, only
- <filename>/dev/sa0</filename> is needed.
- <filename>/dev/nsa0</filename> is the same physical drive
- as <filename>/dev/sa0</filename> but does not rewind the
- tape after writing a file. This allows writing more than one
- file to a tape. Using <filename>/dev/esa0</filename>
- ejects the tape after the device is closed, if
- applicable.</para>
- </sect2>
-
- <sect2>
- <title xml:id="tapes-mt">Controlling the Tape Drive with
- &man.mt.1;</title>
-
- <indexterm>
- <primary>tape media</primary>
- <secondary>mt</secondary>
- </indexterm>
-
- <para>&man.mt.1; is the &os; utility for controlling other
- operations of the tape drive, such as seeking through files on
- a tape or writing tape control marks to the tape.</para>
-
- <para>For example, the first three files on a tape can be
- preserved by skipping past them before writing a new
- file:</para>
-
- <screen>&prompt.root; <userinput>mt -f /dev/nsa0 fsf 3</userinput></screen>
- </sect2>
-
- <sect2>
- <title xml:id="tapes-tar">Using &man.tar.1; to Read and
- Write Tape Backups</title>
-
- <para>An example of writing a single file to tape using
- &man.tar.1;:</para>
-
- <screen>&prompt.root; <userinput>tar cvf /dev/sa0 file</userinput></screen>
-
- <para>Recovering files from a &man.tar.1; archive on tape into
- the current directory:</para>
-
- <screen>&prompt.root; <userinput>tar xvf /dev/sa0</userinput></screen>
- </sect2>
-
- <sect2>
- <title xml:id="tapes-dumprestore">Using &man.dump.8; and
- &man.restore.8; to Create and Restore Backups</title>
-
- <para>A simple backup of <filename>/usr</filename> with
- &man.dump.8;:</para>
-
- <screen>&prompt.root; <userinput>dump -0aL -b64 -f /dev/nsa0 /usr</userinput></screen>
-
- <para>Interactively restoring files from a &man.dump.8; file on
- tape into the current directory:</para>
-
- <screen>&prompt.root; <userinput>restore -i -f /dev/nsa0</userinput></screen>
- </sect2>
-
- <sect2>
- <title xml:id="tapes-othersofware">Other Tape Software</title>
-
- <para>Higher-level programs are available to simplify tape
- backup. The most popular are
- <application>Amanda</application> and
- <application>Bacula</application>. These programs aim to make
- backups easier and more convenient, or to automate complex
- backups of multiple machines. The Ports Collection contains
- both these and other tape utility applications.</para>
- </sect2>
- </sect1>
-
- <sect1 xml:id="backup-strategies">
- <info>
- <title>Backup Strategies</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Lowell</firstname>
- <surname>Gilbert</surname>
- </personname>
- <contrib>Original work by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <para>The first requirement in devising a backup plan is to make
- sure that all of the following problems are covered:</para>
-
- <itemizedlist>
- <listitem>
- <para>Disk failure.</para>
- </listitem>
-
- <listitem>
- <para>Accidental file deletion.</para>
- </listitem>
-
- <listitem>
- <para>Random file corruption.</para>
- </listitem>
-
- <listitem>
- <para>Complete machine destruction, say by fire, including
- destruction of any on-site backups.</para>
- </listitem>
- </itemizedlist>
-
- <para>Some systems will be best served by having each of these
- problems covered by a completely different technique. Except
- for strictly personal systems with low-value data, it is
- unlikely that one technique will cover all of them.</para>
-
- <para>Some possible techniques include:</para>
-
- <itemizedlist>
- <listitem>
- <para>Archives of the whole system, backed up onto permanent,
- off-site media. This provides protection against all of the
- problems listed above, but is slow and inconvenient to
- restore from. Copies of the backups can be stored on site
- or online, but there will still be inconveniences in
- restoring files, especially for non-privileged users.</para>
- </listitem>
-
- <listitem>
- <para>Filesystem snapshots, which are really only helpful in
- the accidental file deletion scenario, but can be
- <emphasis>very</emphasis> helpful in that case, as well as
- quick and easy to deal with.</para>
- </listitem>
-
- <listitem>
- <para>Copies of whole file systems or disks which can be
- created with a periodic <package>net/rsync</package> of the
- whole machine. This is generally most useful in networks
- with unique requirements. For general protection against
- disk failure, this is usually inferior to
- <acronym>RAID</acronym>. For restoring accidentally deleted
- files, it can be comparable to <acronym>UFS</acronym>
- snapshots.</para>
- </listitem>
-
- <listitem>
- <para><acronym>RAID</acronym>, which minimizes or avoids
- downtime when a disk fails at the expense of having to deal
- with disk failures more often, because there are more disks,
- albeit at a much lower urgency.</para>
- </listitem>
-
- <listitem>
- <para>Checking fingerprints of files using &man.mtree.8;.
- Although this is not a backup, this technique indicates
- when one needs to resort to backups. This is particularly
- important for offline backups, and should be checked
- periodically.</para>
- </listitem>
- </itemizedlist>
-
- <para>It is quite easy to come up with more techniques, many
- of them variations on the ones listed above. Specialized
- requirements usually lead to specialized techniques. For
- example, backing up a live database usually requires a method
- particular to the database software as an intermediate step.
- The important thing is to know which dangers should be protected
- against, and how each will be handled.</para>
- </sect1>
-
- <sect1 xml:id="backup-basics">
- <title>Backup Basics</title>
-
- <para>The major backup programs built into &os; are
- &man.dump.8;, &man.tar.1;, &man.cpio.1;, and
- &man.pax.1;.</para>
-
- <sect2>
- <title>Dump and Restore</title>
-
- <indexterm>
- <primary>backup software</primary>
- <secondary>dump / restore</secondary>
- </indexterm>
- <indexterm>
- <primary><command>dump</command></primary>
- </indexterm>
- <indexterm>
- <primary><command>restore</command></primary>
- </indexterm>
-
- <para>The traditional &unix; backup programs are
- <command>dump</command> and <command>restore</command>. They
- operate on the drive as a collection of disk blocks, below the
- abstractions of files, links and directories that are created
- by the file systems. Unlike other backup software,
- <command>dump</command> backs up an entire file system on a
- device. It is unable to backup only part of a file system or
- a directory tree that spans more than one file system.
- <command>dump</command> does not write files and directories,
- but rather writes the raw data blocks that comprise files and
- directories. When used to extract data,
- <command>restore</command> stores temporary files in
- <filename>/tmp/</filename> by default. When using a recovery
- disk with a small <filename>/tmp</filename>, set
- <envar>TMPDIR</envar> to a directory with more free space in
- order for the restore to succeed.</para>
-
- <note>
- <para>If <command>dump</command> is used on the root
- directory, it will not back up <filename>/home</filename>,
- <filename>/usr</filename> or many other
- directories since these are typically mount points for other
- file systems or symbolic links into those file
- systems.</para>
- </note>
-
- <para><command>dump</command> has quirks that remain from its
- early days in Version 6 of AT&amp;T &unix;,circa 1975. The
- default parameters are suitable for 9-track tapes (6250 bpi),
- not the high-density media available today (up to 62,182
- ftpi). These defaults must be overridden on the command line
- to utilize the capacity of current tape drives.</para>
-
- <indexterm>
- <primary><filename>.rhosts</filename></primary>
- </indexterm>
- <para>It is also possible to backup data across the network to a
- tape drive attached to another computer with
- <command>rdump</command> and <command>rrestore</command>.
- Both programs rely upon &man.rcmd.3; and &man.ruserok.3; to
- access the remote tape drive. Therefore, the user performing
- the backup must be listed in <filename>.rhosts</filename> on
- the remote computer. The arguments to
- <command>rdump</command> and <command>rrestore</command> must
- be suitable to use on the remote computer. For example, to
- <command>rdump</command> from a &os; computer to an Exabyte
- tape drive connected to a host called
- <systemitem>komodo</systemitem>, use:</para>
-
- <screen>&prompt.root; <userinput>/sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2&gt;&amp;1</userinput></screen>
-
- <para>There are security implications to allowing
- <filename>.rhosts</filename> authentication, so use
- with caution.</para>
-
- <para>It is also possible to use <command>dump</command> and
- <command>restore</command> in a more secure fashion over
- <command>ssh</command>.</para>
-
- <example>
- <title>Using <command>dump</command> over
- <application>ssh</application></title>
-
- <screen>&prompt.root; <userinput>/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
- targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz</userinput></screen>
- </example>
-
- <para>Or, use the built-in <envar>RSH</envar>:</para>
-
- <example>
- <title>Using <command>dump</command> over
- <application>ssh</application> with <envar>RSH</envar>
- Set</title>
-
- <screen>&prompt.root; <userinput>env RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr</userinput></screen>
- </example>
- </sect2>
-
- <sect2>
- <title><command>tar</command></title>
-
- <indexterm>
- <primary>backup software</primary>
- <secondary><command>tar</command></secondary>
- </indexterm>
-
- <para>&man.tar.1; also dates back to Version 6 of AT&amp;T
- &unix;, circa 1975. <command>tar</command> operates in
- cooperation with the file system and writes files and
- directories to tape. <command>tar</command> does not support
- the full range of options that are available from
- &man.cpio.1;, but it does not require the unusual command
- pipeline that <command>cpio</command> uses.</para>
-
- <indexterm><primary><command>tar</command></primary></indexterm>
-
- <para>To <command>tar</command> to an Exabyte tape drive
- connected to a host called
- <systemitem>komodo</systemitem>:</para>
-
- <screen>&prompt.root; <userinput>tar cf - . | rsh komodo dd of=tape-device obs=20b</userinput></screen>
-
- <para>When backing up over an insecure network, instead use
- <command>ssh</command>.</para>
- </sect2>
-
- <sect2>
- <title><command>cpio</command></title>
-
- <indexterm>
- <primary>backup software</primary>
- <secondary><command>cpio</command></secondary>
- </indexterm>
-
- <para>&man.cpio.1; is the original &unix; file interchange tape
- program for magnetic media. <command>cpio</command> includes
- options to perform byte-swapping, write a number of different
- archive formats, and pipe the data to other programs. This
- last feature makes <command>cpio</command> an excellent choice
- for installation media. <command>cpio</command> does not know
- how to walk the directory tree and a list of files must be
- provided through <filename>stdin</filename>.</para>
-
- <indexterm>
- <primary><command>cpio</command></primary>
- </indexterm>
-
- <para>Since <command>cpio</command> does not support backups
- across the network, use a pipeline and <command>ssh</command>
- to send the data to a remote tape drive.</para>
-
- <screen>&prompt.root; <userinput>for f in directory_list; do</userinput>
-<userinput>find $f &gt;&gt; backup.list</userinput>
-<userinput>done</userinput>
-&prompt.root; <userinput>cpio -v -o --format=newc &lt; backup.list | ssh user@host "cat &gt; backup_device"</userinput></screen>
-
- <para>Where <replaceable>directory_list</replaceable> is the
- list of directories to back up,
- <replaceable>user</replaceable>@<replaceable>host</replaceable>
- is the user/hostname combination that will be performing the
- backups, and <replaceable>backup_device</replaceable> is where
- the backups should be written to, such as
- <filename>/dev/nsa0</filename>).</para>
- </sect2>
-
- <sect2>
- <title><command>pax</command></title>
-
- <indexterm>
- <primary>backup software</primary>
- <secondary><command>pax</command></secondary>
- </indexterm>
- <indexterm><primary><command>pax</command></primary></indexterm>
- <indexterm><primary>POSIX</primary></indexterm>
- <indexterm><primary>IEEE</primary></indexterm>
-
- <para>&man.pax.1; is the IEEE/&posix; answer to
- <command>tar</command> and <command>cpio</command>. Over the
- years the various versions of <command>tar</command> and
- <command>cpio</command> have become slightly incompatible. So
- rather than fight it out to fully standardize them, &posix;
- created a new archive utility. <command>pax</command>
- attempts to read and write many of the various
- <command>cpio</command> and <command>tar</command> formats,
- plus new formats of its own. Its command set more resembles
- <command>cpio</command> than <command>tar</command>.</para>
- </sect2>
-
- <sect2 xml:id="backups-programs-amanda">
- <title><application>Amanda</application></title>
-
- <indexterm>
- <primary>backup software</primary>
- <secondary><application>Amanda</application></secondary>
- </indexterm>
- <indexterm>
- <primary><application>Amanda</application></primary>
- </indexterm>
-
- <!-- Remove link until <port> tag is available -->
- <para><application>Amanda</application> (Advanced Maryland
- Network Disk Archiver) is a client/server backup system,
- rather than a single program. An
- <application>Amanda</application> server will backup to a
- single tape drive any number of computers that have
- <application>Amanda</application> clients and a network
- connection to the <application>Amanda</application> server. A
- common problem at sites with a number of large disks is that
- the length of time required to backup to data directly to tape
- exceeds the amount of time available for the task.
- <application>Amanda</application> solves this problem by using
- a <quote>holding disk</quote> to backup several file systems
- at the same time. <application>Amanda</application> creates
- <quote>archive sets</quote>: a group of tapes used over a
- period of time to create full backups of all the file systems
- listed in <application>Amanda</application>'s configuration
- file. The <quote>archive set</quote> also contains nightly
- incremental, or differential, backups of all the file systems.
- Restoring a damaged file system requires the most recent full
- backup and the incremental backups.</para>
-
- <para>The configuration file provides fine grained control of
- backups and the network traffic that
- <application>Amanda</application> generates.
- <application>Amanda</application> will use any of the above
- backup programs to write the data to tape.
- <application>Amanda</application> is not installed by
- but is available as either a port or package.</para>
- </sect2>
-
- <sect2>
- <title>Do Nothing</title>
-
- <para><quote>Do nothing</quote> is not a computer program, but
- it is the most widely used backup strategy. There are no
- initial costs. There is no backup schedule to follow. Just
- say no. If something happens to your data, grin and bear
- it!</para>
-
- <para>If your time and data is worth little to nothing, then
- <quote>Do nothing</quote> is the most suitable backup program
- for the computer. But beware, &os; is a useful tool and
- over time it can be used to create a valuable collection of
- files.</para>
-
- <para><quote>Do nothing</quote> is the correct backup method for
- <filename>/usr/obj</filename> and other
- directory trees that can be exactly recreated by the computer.
- An example is the files that comprise the HTML or &postscript;
- version of this Handbook. These document formats have been
- created from XML input files. Creating backups of the HTML or
- &postscript; files is not necessary if the XML files are
- backed up regularly.</para>
- </sect2>
-
- <sect2>
- <title>Which Backup Program Is Best?</title>
-
- <indexterm>
- <primary>LISA</primary>
- </indexterm>
-
- <para>&man.dump.8; <emphasis>Period.</emphasis> Elizabeth D.
- Zwicky torture tested all the backup programs discussed here.
- The clear choice for preserving all your data and all the
- peculiarities of &unix; file systems is
- <command>dump</command>. Elizabeth created file systems
- containing a large variety of unusual conditions (and some not
- so unusual ones) and tested each program by doing a backup and
- restore of those file systems. The peculiarities included:
- files with holes, files with holes and a block of nulls, files
- with funny characters in their names, unreadable and
- unwritable files, devices, files that change size during the
- backup, files that are created/deleted during the backup and
- more. She presented the results at LISA V in Oct. 1991. See
- <link
- xlink:href="http://www.coredumps.de/doc/dump/zwicky/testdump.doc.html">torture-testing
- Backup and Archive Programs</link>.</para>
- </sect2>
-
- <sect2>
- <title>Emergency Restore Procedure</title>
-
- <sect3>
- <title>Before the Disaster</title>
-
- <para>There are four steps which should be performed in
- preparation for any disaster that may occur.</para>
- <indexterm>
- <primary><command>bsdlabel</command></primary>
- </indexterm>
-
- <para>First, print the bsdlabel of each disk using a command
- such as <command>bsdlabel da0 | lpr</command>. Also print a
- copy of <filename>/etc/fstab</filename> and all boot
- messages.</para>
-
- <indexterm><primary>livefs CD</primary></indexterm>
- <para>Second, burn a <quote>livefs</quote> CD. This CD
- contains support for booting into a &os;
- <quote>livefs</quote> rescue mode, allowing the user to
- perform many tasks like running &man.dump.8;,
- &man.restore.8;, &man.fdisk.8;, &man.bsdlabel.8;,
- &man.newfs.8;, &man.mount.8;, and more. The livefs CD image
- for &os;/&arch.i386;&nbsp;&rel2.current;-RELEASE is
- available from <uri
- xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/ISO-IMAGES/&rel2.current;/&os;-&rel2.current;-RELEASE-&arch.i386;-livefs.iso">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/ISO-IMAGES/&rel2.current;/&os;-&rel2.current;-RELEASE-&arch.i386;-livefs.iso</uri>.</para>
-
- <note>
- <para>Livefs CD images are not available for
- &os;&nbsp;&rel.current;-RELEASE and later. In addition to
- the CD-ROM installation images, flash drive installation
- images may be used to recover a system. The
- <quote>memstick</quote> image for
- &os;/&arch.i386;&nbsp;&rel.current;-RELEASE is available
- from <uri
- xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/&arch.i386;/ISO-IMAGES/&rel.current;/&os;-&rel.current;-RELEASE-&arch.i386;-memstick.img">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/&arch.i386;/ISO-IMAGES/&rel.current;/&os;-&rel.current;-RELEASE-&arch.i386;-memstick.img</uri>.</para>
- </note>
-
- <para>Third, create backup tapes regularly. Any changes that
- made after the last backup may be irretrievably lost.
- Write-protect the backup media.</para>
-
- <para>Fourth, test the <quote>livefs</quote> CD and the
- backups. Make notes of the procedure. Store these notes
- with the CD, the printouts, and the backups. These notes
- may prevent the inadvertent destruction of the backups while
- under the stress of performing an emergency
- recovery.</para>
-
- <para>For an added measure of security, store an extra
- <quote>livefs</quote> CD and the latest backup at a
- remote location, where a remote location is
- <emphasis>not</emphasis> the basement of the same building.
- A remote location should be physically separated from the
- computers and disk drives by a significant distance.</para>
- </sect3>
-
- <sect3>
- <title>After the Disaster</title>
-
- <para>First, determine if the hardware survived. Thanks
- to regular, off-site backups, there is no need to worry
- about the software.</para>
-
- <para>If the hardware has been damaged, the parts should be
- replaced before attempting to use the computer.</para>
-
- <para>If the hardware is okay, insert the
- <quote>livefs</quote> CD and boot the computer. The
- original install menu will be displayed on the screen.
- Select the correct country, then choose
- <guimenuitem>Fixit -- Repair mode with CD-ROM/DVD/floppy or
- start a shell.</guimenuitem> then select
- <guimenuitem>CD-ROM/DVD -- Use the live filesystem
- CD-ROM/DVD</guimenuitem>.
- <command>restore</command> and the other needed programs
- are located in <filename>/mnt2/rescue</filename>.</para>
-
- <para>Recover each file system separately.</para>
-
- <indexterm>
- <primary><command>mount</command></primary>
- </indexterm>
- <indexterm><primary>root partition</primary></indexterm>
- <indexterm>
- <primary><command>bsdlabel</command></primary>
- </indexterm>
- <indexterm>
- <primary><command>newfs</command></primary>
- </indexterm>
-
- <para>Try to <command>mount</command> the root partition
- of the first disk using <command>mount /dev/da0a
- /mnt</command>. If the bsdlabel was damaged, use
- <command>bsdlabel</command> to re-partition and label the
- disk to match the label that was printed and saved. Use
- <command>newfs</command> to re-create the file systems.
- Re-mount the root partition of the disk read-write using
- <command>mount -u -o rw /mnt</command>. Use the backups
- to recover the data for this file system. Unmount the file
- system with <command>umount /mnt</command>. Repeat for each
- file system that was damaged.</para>
-
- <para>Once the system is running, backup the data onto new
- media as whatever caused the crash or data loss may strike
- again. Another hour spent now may save further distress
- later.</para>
- </sect3>
- </sect2>
- </sect1>
-
- <sect1 xml:id="disks-virtual">
- <info>
- <title>Network, Memory, and File-Backed File Systems</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Marc</firstname>
- <surname>Fonvieille</surname>
- </personname>
- <contrib>Reorganized and enhanced by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm><primary>virtual disks</primary></indexterm>
- <indexterm>
- <primary>disks</primary>
- <secondary>virtual</secondary>
- </indexterm>
-
- <para>In addition to physical disks such as floppies, CDs, and
- hard drives, &os; also supports
- <firstterm>virtual disks</firstterm>.</para>
-
- <indexterm><primary>NFS</primary></indexterm>
- <indexterm><primary>Coda</primary></indexterm>
- <indexterm>
- <primary>disks</primary>
- <secondary>memory</secondary>
- </indexterm>
- <para>These include network file systems such as the
- <link linkend="network-nfs">Network File System</link> and Coda,
- memory-based file systems, and file-backed file systems.</para>
-
- <para>According to the &os; version, the tools used for the
- creation and use of file-backed and memory-based file systems
- differ.</para>
-
- <note>
- <para>Use &man.devfs.5; to allocate device nodes transparently
- for the user.</para>
- </note>
-
- <sect2 xml:id="disks-mdconfig">
- <title>File-Backed File System</title>
-
- <indexterm>
- <primary>disks</primary>
- <secondary>file-backed</secondary>
- </indexterm>
-
- <para>&man.mdconfig.8; is used to configure and enable memory
- disks, &man.md.4;, under &os;. To use &man.mdconfig.8;,
- &man.md.4; must be first loaded. When using a custom kernel
- configuration file, ensure it includes this line:</para>
-
- <programlisting>device md</programlisting>
-
- <para>&man.mdconfig.8; supports several types of memory backed
- virtual disks: memory disks allocated with &man.malloc.9; and
- memory disks using a file or swap space as backing. One
- possible use is the mounting of CD images.</para>
-
- <para>To mount an existing file system image:</para>
-
- <example>
- <title>Using <command>mdconfig</command> to Mount an Existing
- File System Image</title>
-
- <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f diskimage -u 0</userinput>
-&prompt.root; <userinput>mount /dev/md0 /mnt</userinput></screen>
- </example>
-
- <para>To create a new file system image with
- &man.mdconfig.8;:</para>
-
- <example>
- <title>Creating a New File-Backed Disk with
- <command>mdconfig</command></title>
-
- <screen>&prompt.root; <userinput>dd if=/dev/zero of=newimage bs=1k count=5k</userinput>
-5120+0 records in
-5120+0 records out
-&prompt.root; <userinput>mdconfig -a -t vnode -f newimage -u 0</userinput>
-&prompt.root; <userinput>bsdlabel -w md0 auto</userinput>
-&prompt.root; <userinput>newfs md0a</userinput>
-/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
- using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
-super-block backups (for fsck -b #) at:
- 160, 2720, 5280, 7840
-&prompt.root; <userinput>mount /dev/md0a /mnt</userinput>
-&prompt.root; <userinput>df /mnt</userinput>
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md0a 4710 4 4330 0% /mnt</screen>
- </example>
-
- <para>If unit number is not specified with
- <option>-u</option>, &man.mdconfig.8; uses the
- &man.md.4; automatic allocation to select an unused device.
- The name of the allocated unit will be output to stdout, such
- as <filename>md4</filename>. Refer to &man.mdconfig.8;
- for more details about.</para>
-
- <para>While &man.mdconfig.8; is useful, it takes several
- command lines to create a file-backed file system. &os; also
- comes with &man.mdmfs.8; which automatically configures a
- &man.md.4; disk using &man.mdconfig.8;, puts a UFS file system
- on it using &man.newfs.8;, and mounts it using &man.mount.8;.
- For example, to create and mount the same file system image as
- above, type the following:</para>
-
- <example>
- <title>Configure and Mount a File-Backed Disk with
- <command>mdmfs</command></title>
-
- <screen>&prompt.root; <userinput>dd if=/dev/zero of=newimage bs=1k count=5k</userinput>
-5120+0 records in
-5120+0 records out
-&prompt.root; <userinput>mdmfs -F newimage -s 5m md0 /mnt</userinput>
-&prompt.root; <userinput>df /mnt</userinput>
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md0 4718 4 4338 0% /mnt</screen>
- </example>
-
- <para>When <option>md</option> is used without a unit number,
- &man.mdmfs.8; uses the &man.md.4; auto-unit feature to
- automatically select an unused device. For more details
- about &man.mdmfs.8;, refer to its manual page.</para>
- </sect2>
-
- <sect2 xml:id="disks-md-freebsd5">
- <title>Memory-Based File System</title>
-
- <indexterm>
- <primary>disks</primary>
- <secondary>memory file system</secondary>
- </indexterm>
-
- <para>For a memory-based file system, <quote>swap
- backing</quote> should normally be used. This does not mean
- that the memory disk will be swapped out to disk by default,
- but rather that the memory disk will be allocated from a
- memory pool which can be swapped out to disk if needed. It is
- also possible to create memory-based disks which are
- &man.malloc.9; backed, but using large malloc backed memory
- disks can result in a system panic if the kernel runs out of
- memory.</para>
-
- <example>
- <title>Creating a New Memory-Based Disk with
- <command>mdconfig</command></title>
-
- <screen>&prompt.root; <userinput>mdconfig -a -t swap -s 5m -u 1</userinput>
-&prompt.root; <userinput>newfs -U md1</userinput>
-/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
- using 4 cylinder groups of 1.27MB, 81 blks, 192 inodes.
- with soft updates
-super-block backups (for fsck -b #) at:
- 160, 2752, 5344, 7936
-&prompt.root; <userinput>mount /dev/md1 /mnt</userinput>
-&prompt.root; <userinput>df /mnt</userinput>
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md1 4718 4 4338 0% /mnt</screen>
- </example>
-
- <example>
- <title>Creating a New Memory-Based Disk with
- <command>mdmfs</command></title>
-
- <screen>&prompt.root; <userinput>mdmfs -s 5m md2 /mnt</userinput>
-&prompt.root; <userinput>df /mnt</userinput>
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md2 4846 2 4458 0% /mnt</screen>
- </example>
- </sect2>
-
- <sect2>
- <title>Detaching a Memory Disk from the System</title>
-
- <indexterm>
- <primary>disks</primary>
- <secondary>detaching a memory disk</secondary>
- </indexterm>
-
- <para>When a memory-based or file-based file system is no
- longer in use, its resources should be released back to
- the system. First, unmount the file system, then use
- &man.mdconfig.8; to detach the disk from the system and
- release the resources.</para>
-
- <para>For example, to detach and free all resources used by
- <filename>/dev/md4</filename>:</para>
-
- <screen>&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>
-
- <para>It is possible to list information about configured
- &man.md.4; devices by running
- <command>mdconfig -l</command>.</para>
- </sect2>
- </sect1>
-
- <sect1 xml:id="snapshots">
- <info>
- <title>File System Snapshots</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Tom</firstname>
- <surname>Rhodes</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>file systems</primary>
- <secondary>snapshots</secondary>
- </indexterm>
-
- <para>&os; offers a feature in conjunction with
- <link linkend="soft-updates">Soft Updates</link>: file system
- snapshots.</para>
-
- <para>UFS snapshots allow a user to create images of specified
- file systems, and treat them as a file. Snapshot files must be
- created in the file system that the action is performed on, and
- a user may create no more than 20 snapshots per file system.
- Active snapshots are recorded in the superblock so they are
- persistent across unmount and remount operations along with
- system reboots. When a snapshot is no longer required, it can
- be removed using &man.rm.1;. While snapshots may be removed in
- any order, all the used space may not be acquired because
- another snapshot will possibly claim some of the released
- blocks.</para>
-
- <para>The un-alterable <option>snapshot</option> file flag is set
- by &man.mksnap.ffs.8; after initial creation of a snapshot file.
- &man.unlink.1; makes an exception for snapshot files since it
- allows them to be removed.</para>
-
- <para>Snapshots are created using &man.mount.8;. To place a
- snapshot of <filename>/var</filename> in the
- file <filename>/var/snapshot/snap</filename>, use the following
- command:</para>
-
- <screen>&prompt.root; <userinput>mount -u -o snapshot /var/snapshot/snap /var</userinput></screen>
-
- <para>Alternatively, use &man.mksnap.ffs.8; to create the
- snapshot:</para>
-
- <screen>&prompt.root; <userinput>mksnap_ffs /var /var/snapshot/snap</userinput></screen>
-
- <para>One can find snapshot files on a file system, such as
- <filename>/var</filename>, using
- &man.find.1;:</para>
-
- <screen>&prompt.root; <userinput>find /var -flags snapshot</userinput></screen>
-
- <para>Once a snapshot has been created, it has several
- uses:</para>
-
- <itemizedlist>
- <listitem>
- <para>Some administrators will use a snapshot file for backup
- purposes, because the snapshot can be transferred to CDs or
- tape.</para>
- </listitem>
-
- <listitem>
- <para>The file system integrity checker, &man.fsck.8;, may be
- run on the snapshot. Assuming that the file system was
- clean when it was mounted, this should always provide a
- clean and unchanging result.</para>
- </listitem>
-
- <listitem>
- <para>Running &man.dump.8; on the snapshot will produce a dump
- file that is consistent with the file system and the
- timestamp of the snapshot. &man.dump.8; can also take a
- snapshot, create a dump image, and then remove the snapshot
- in one command by using <option>-L</option>.</para>
- </listitem>
-
- <listitem>
- <para>The snapshot can be mounted as a frozen image of the
- file system. To &man.mount.8; the snapshot
- <filename>/var/snapshot/snap</filename> run:</para>
-
- <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /var/snapshot/snap -u 4</userinput>
-&prompt.root; <userinput>mount -r /dev/md4 /mnt</userinput></screen>
- </listitem>
- </itemizedlist>
-
- <para>The frozen <filename>/var</filename> is now available
- through <filename>/mnt</filename>. Everything will initially be
- in the same state it was during the snapshot creation time. The
- only exception is that any earlier snapshots will appear as zero
- length files. To unmount the snapshot, use:</para>
-
- <screen>&prompt.root; <userinput>umount /mnt</userinput>
-&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>
-
- <para>For more information about <option>softupdates</option> and
- file system snapshots, including technical papers, visit
- Marshall Kirk McKusick's website at <uri
- xlink:href="http://www.mckusick.com/">http://www.mckusick.com/</uri>.</para>
- </sect1>
-
- <sect1 xml:id="quotas">
- <title>File System Quotas</title>
-
- <indexterm>
- <primary>accounting</primary>
- <secondary>disk space</secondary>
- </indexterm>
- <indexterm><primary>disk quotas</primary></indexterm>
-
- <para>Quotas are an optional feature of the operating system that
- can be used to limit the amount of disk space or the number of
- files a user or members of a group may allocate on a per-file
- system basis. This is used most often on timesharing systems
- where it is desirable to limit the amount of resources any one
- user or group of users may allocate. This prevents one user or
- group of users from consuming all of the available disk
- space.</para>
-
- <sect2>
- <title>Configuring the System to Enable Disk Quotas</title>
-
- <para>Before using disk quotas, quota support must be added to
- the kernel by adding the following line to the kernel
- configuration file:</para>
-
- <programlisting>options QUOTA</programlisting>
-
- <para>Before &os;&nbsp;9.2, the <filename>GENERIC</filename>
- kernel usually did not include this option.
- <command>sysctl kern.features.ufs_quota</command> can be used
- to test whether the current kernel supports quotas. If the
- option is not present, a custom kernel must be compiled.
- Refer to <xref linkend="kernelconfig"/> for more information
- on kernel configuration.</para>
-
- <para>Next, enable disk quotas in
- <filename>/etc/rc.conf</filename>:</para>
-
- <programlisting>quota_enable="YES"</programlisting>
-
- <indexterm>
- <primary>disk quotas</primary>
- <secondary>checking</secondary>
- </indexterm>
- <para>For finer control over quota startup, an additional
- configuration variable is available. Normally on bootup, the
- quota integrity of each file system is checked by
- &man.quotacheck.8;. This program insures that the data in the
- quota database properly reflects the data on the file system.
- This is a time consuming process that will significantly
- affect the time the system takes to boot. To skip this step,
- add this variable to <filename>/etc/rc.conf</filename>:</para>
-
- <programlisting>check_quotas="NO"</programlisting>
-
- <para>Finally, edit <filename>/etc/fstab</filename> to enable
- disk quotas on a per-file system basis. This is when user or
- group quotas can be enabled on the file systems.</para>
-
- <para>To enable per-user quotas on a file system, add
- <option>userquota</option> to the options field in the
- <filename>/etc/fstab</filename> entry for the file system to
- enable quotas on. For example:</para>
-
- <programlisting>/dev/da1s2g /home ufs rw,userquota 1 2</programlisting>
-
- <para>To enable group quotas, instead use
- <option>groupquota</option>. To enable both user and group
- quotas, change the entry as follows:</para>
-
- <programlisting>/dev/da1s2g /home ufs rw,userquota,groupquota 1 2</programlisting>
-
- <para>By default, the quota files are stored in the root
- directory of the file system as
- <filename>quota.user</filename> and
- <filename>quota.group</filename>. Refer to &man.fstab.5; for
- more information. Even though an alternate location for the
- quota files can be specified, this is not recommended because
- the various quota utilities do not seem to handle this
- properly.</para>
-
- <para>Once the configuration is complete, reboot the system
- with the new kernel. <filename>/etc/rc</filename> will
- automatically run the appropriate commands to create the
- initial quota files for all of the quotas enabled in
- <filename>/etc/fstab</filename>. There is no need to
- manually create any zero length quota files.</para>
-
- <para>In the normal course of operations, there should be no
- need to manually run &man.quotacheck.8;, &man.quotaon.8;, or
- &man.quotaoff.8;. However, one should read their manual pages
- to be familiar with their operation.</para>
- </sect2>
-
- <sect2>
- <title>Setting Quota Limits</title>
-
- <indexterm>
- <primary>disk quotas</primary>
- <secondary>limits</secondary>
- </indexterm>
-
- <para>Once the system has been configured to enable quotas,
- verify they really are enabled by running:</para>
-
- <screen>&prompt.root; <userinput>quota -v</userinput></screen>
-
- <para>There should be a one line summary of disk usage and
- current quota limits for each file system that quotas are
- enabled on.</para>
-
- <para>The system is now ready to be assigned quota limits with
- &man.edquota.8;.</para>
-
- <para>Several options are available to enforce limits on the
- amount of disk space a user or group may allocate, and how
- many files they may create. Allocations can be limited based
- on disk space (block quotas), number of files (inode quotas),
- or a combination of both. Each limits is further broken down
- into two categories: hard and soft limits.</para>
-
- <indexterm><primary>hard limit</primary></indexterm>
- <para>A hard limit may not be exceeded. Once a user reaches a
- hard limit, no further allocations can be made on that file
- system by that user. For example, if the user has a hard
- limit of 500 kbytes on a file system and is currently using
- 490 kbytes, the user can only allocate an additional 10
- kbytes. Attempting to allocate an additional 11 kbytes will
- fail.</para>
-
- <indexterm><primary>soft limit</primary></indexterm>
- <para>Soft limits can be exceeded for a limited amount of time,
- known as the grace period, which is one week by default. If a
- user stays over their limit longer than the grace period, the
- soft limit turns into a hard limit and no further allocations
- are allowed. When the user drops back below the soft limit,
- the grace period is reset.</para>
-
- <para>The following is an example output from &man.edquota.8;.
- When &man.edquota.8; is invoked, the editor specified by
- <envar>EDITOR</envar> is opened in order to edit the quota
- limits. The default editor is set to
- <application>vi</application>.</para>
-
- <screen>&prompt.root; <userinput>edquota -u test</userinput></screen>
-
- <programlisting>Quotas for user test:
-/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
- inodes in use: 7, limits (soft = 50, hard = 60)
-/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
- inodes in use: 0, limits (soft = 50, hard = 60)</programlisting>
-
- <para>There are normally two lines for each file system that
- has quotas enabled. One line represents the block limits and
- the other represents the inode limits. Change the value to
- modify the quota limit. For example, to raise this
- user's block limit from a soft limit of 50 and a hard limit of
- 75 to a soft limit of 500 and a hard limit of 600,
- change:</para>
-
- <programlisting>/usr: kbytes in use: 65, limits (soft = 50, hard = 75)</programlisting>
-
- <para>to:</para>
-
- <programlisting>/usr: kbytes in use: 65, limits (soft = 500, hard = 600)</programlisting>
-
- <para>The new quota limits take affect upon exiting the
- editor.</para>
-
- <para>Sometimes it is desirable to set quota limits on a range
- of UIDs. This can be done by passing <option>-p</option> to
- &man.edquota.8;. First, assign the desired quota limit to a
- user, then run
- <command>edquota -p protouser startuid-enduid</command>. For
- example, if <systemitem class="username">test</systemitem> has
- the desired quota limits, the following command will duplicate
- those quota limits for UIDs 10,000 through 19,999:</para>
-
- <screen>&prompt.root; <userinput>edquota -p test 10000-19999</userinput></screen>
-
- <para>For more information, refer to &man.edquota.8;.</para>
- </sect2>
-
- <sect2>
- <title>Checking Quota Limits and Disk Usage</title>
-
- <indexterm>
- <primary>disk quotas</primary>
- <secondary>checking</secondary>
- </indexterm>
-
- <para>Either &man.quota.1; or &man.repquota.8; can be used to
- check quota limits and disk usage. To check individual user
- or group quotas and disk usage, use &man.quota.1;. A user
- may only examine their own quota and the quota of a group they
- are a member of. Only the superuser may view all user and
- group quotas. To get a summary of all quotas and disk usage
- for file systems with quotas enabled, use
- &man.repquota.8;.</para>
-
- <para>The following is sample output from
- <command>quota -v</command> for a user that has quota limits
- on two file systems.</para>
-
- <programlisting>Disk quotas for user test (uid 1002):
- Filesystem usage quota limit grace files quota limit grace
- /usr 65* 50 75 5days 7 50 60
- /usr/var 0 50 75 0 50 60</programlisting>
-
- <indexterm><primary>grace period</primary></indexterm>
-
- <para>In this example, the user is currently 15 kbytes over the
- soft limit of 50 kbytes on <filename>/usr</filename> and has 5
- days of grace period left. The asterisk <literal>*</literal>
- indicates that the user is currently over the quota
- limit.</para>
-
- <para>Normally, file systems that the user is not using any disk
- space on will not show in the output of &man.quota.1;, even if
- the user has a quota limit assigned for that file system. Use
- <option>-v</option> to display those file systems, such as
- <filename>/usr/var</filename> in the above
- example.</para>
- </sect2>
-
- <sect2>
- <title>Quotas over NFS</title>
-
- <indexterm><primary>NFS</primary></indexterm>
-
- <para>Quotas are enforced by the quota subsystem on the NFS
- server. The &man.rpc.rquotad.8; daemon makes quota
- information available to &man.quota.1; on NFS clients,
- allowing users on those machines to see their quota
- statistics.</para>
-
- <para>Enable <command>rpc.rquotad</command> in
- <filename>/etc/inetd.conf</filename> like so:</para>
-
- <programlisting>rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad</programlisting>
-
- <para>Now restart <command>inetd</command>:</para>
-
- <screen>&prompt.root; <userinput>service inetd restart</userinput></screen>
- </sect2>
- </sect1>
-
- <sect1 xml:id="disks-encrypting">
- <info>
- <title>Encrypting Disk Partitions</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Lucky</firstname>
- <surname>Green</surname>
- </personname>
- <contrib>Contributed by </contrib>
- <affiliation>
- <address>
- <email>shamrock@cypherpunks.to</email>
- </address>
- </affiliation>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>disks</primary>
- <secondary>encrypting</secondary>
- </indexterm>
-
- <para>&os; offers excellent online protections against
- unauthorized data access. File permissions and
- <link linkend="mac">Mandatory Access Control</link> (MAC) help
- prevent unauthorized users from accessing data while the
- operating system is active and the computer is powered up.
- However, the permissions enforced by the operating system are
- irrelevant if an attacker has physical access to a computer and
- can move the computer's hard drive to another system to copy and
- analyze the data.</para>
-
- <para>Regardless of how an attacker may have come into possession
- of a hard drive or powered-down computer, both the GEOM Based
- Disk Encryption (<command>gbde</command>) and
- <command>geli</command> cryptographic subsystems in &os; are
- able to protect the data on the computer's file systems against
- even highly-motivated attackers with significant resources.
- Unlike cumbersome encryption methods that encrypt only
- individual files, <command>gbde</command> and
- <command>geli</command> transparently encrypt entire file
- systems. No cleartext ever touches the hard drive's
- platter.</para>
-
- <sect2>
- <title>Disk Encryption with
- <application>gbde</application></title>
-
- <procedure>
- <step>
- <para>Configuring <application>gbde</application> requires
- superuser privileges.</para>
-
- <screen>&prompt.user; <userinput>su -</userinput>
-Password:</screen>
- </step>
-
- <step>
- <para>If using a custom kernel configuration file, ensure it
- contains this line:</para>
-
- <para><literal>options GEOM_BDE</literal></para>
-
- <para>If the kernel already contains this support, use
- <command>kldload</command> to load &man.gbde.4;:</para>
-
- <screen>&prompt.root; <userinput>kldload geom_bde</userinput></screen>
- </step>
- </procedure>
-
- <sect3>
- <title>Preparing the Encrypted Hard Drive</title>
-
- <para>The following example demonstrates adding a new hard
- drive to a system that will hold a single encrypted
- partition. This partition will be mounted as
- <filename>/private</filename>.
- <application>gbde</application> can also be used to encrypt
- <filename>/home</filename> and
- <filename>/var/mail</filename>, but this
- requires more complex instructions which exceed the scope of
- this introduction.</para>
-
- <procedure>
- <step>
- <title>Add the New Hard Drive</title>
-
- <para>Install the new drive to the system as explained in
- <xref linkend="disks-adding"/>. For the purposes
- of this example, a new hard drive partition has been
- added as <filename>/dev/ad4s1c</filename> and
- <filename>/dev/ad0s1*</filename>
- represents the existing standard &os; partitions.</para>
-
- <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
-/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
-/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
-/dev/ad0s1a /dev/ad0s1d /dev/ad4</screen>
- </step>
-
- <step>
- <title>Create a Directory to Hold <command>gbde</command>
- Lock Files</title>
-
- <screen>&prompt.root; <userinput>mkdir /etc/gbde</userinput></screen>
-
- <para>The <application>gbde</application> lock file
- contains information that
- <application>gbde</application> requires to access
- encrypted partitions. Without access to the lock file,
- <application>gbde</application> will not be able to
- decrypt the data contained in the encrypted partition
- without significant manual intervention which is not
- supported by the software. Each encrypted partition
- uses a separate lock file.</para>
- </step>
-
- <step>
- <title>Initialize the <command>gbde</command>
- Partition</title>
-
- <para>A <application>gbde</application> partition must be
- initialized before it can be used. This initialization
- needs to be performed only once:</para>
-
- <screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock</userinput></screen>
-
- <para>&man.gbde.8; will open the default editor, in order
- to set various configuration options in a template. For
- use with UFS1 or UFS2, set the sector_size to
- 2048:</para>
-
- <programlisting># &dollar;FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $
-#
-# Sector size is the smallest unit of data which can be read or written.
-# Making it too small decreases performance and decreases available space.
-# Making it too large may prevent filesystems from working. 512 is the
-# minimum and always safe. For UFS, use the fragment size
-#
-sector_size = 2048
-[...]</programlisting>
-
- <para>&man.gbde.8; will ask the user twice to type the
- passphrase used to secure the data. The passphrase must
- be the same both times. The ability of
- <application>gbde</application> to protect data depends
- entirely on the quality of the passphrase. For tips on
- how to select a secure passphrase that is easy to
- remember, see the <link
- xlink:href="http://world.std.com/~reinhold/diceware.html">Diceware
- Passphrase</link> website.</para>
-
- <para><command>gbde init</command>creates a lock file for
- the <application>gbde</application> partition. In this
- example, it is stored as
- <filename>/etc/gbde/ad4s1c.lock</filename>.
- <application>gbde</application> lock files must end in
- <quote>.lock</quote> in order to be correctly detected
- by the <filename>/etc/rc.d/gbde</filename> start up
- script.</para>
-
- <caution>
- <para><application>gbde</application> lock files
- <emphasis>must</emphasis> be backed up together with
- the contents of any encrypted partitions. While
- deleting a lock file alone cannot prevent a determined
- attacker from decrypting a
- <application>gbde</application> partition, without the
- lock file, the legitimate owner will be unable to
- access the data on the encrypted partition without a
- significant amount of work that is totally unsupported
- by &man.gbde.8;.</para>
- </caution>
- </step>
-
- <step>
- <title>Attach the Encrypted Partition to the
- Kernel</title>
-
- <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock</userinput></screen>
-
- <para>This command will prompt to input the passphrase
- that was selected during the initialization of the
- encrypted partition. The new encrypted device will
- appear in
- <filename>/dev</filename> as
- <filename>/dev/device_name.bde</filename>:</para>
-
- <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
-/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
-/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
-/dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde</screen>
- </step>
-
- <step>
- <title>Create a File System on the Encrypted
- Device</title>
-
- <para>Once the encrypted device has been attached to the
- kernel, a file system can be created on the device using
- &man.newfs.8;. This example creates a UFS2 file
- system with soft updates enabled.</para>
-
- <screen>&prompt.root; <userinput>newfs -U /dev/ad4s1c.bde</userinput></screen>
-
- <note>
- <para>&man.newfs.8; must be performed on an attached
- <application>gbde</application> partition which is
- identified by a
- <filename>*.bde</filename>
- extension to the device name.</para>
- </note>
- </step>
-
- <step>
- <title>Mount the Encrypted Partition</title>
-
- <para>Create a mount point for the encrypted file
- system:</para>
-
- <screen>&prompt.root; <userinput>mkdir /private</userinput></screen>
-
- <para>Mount the encrypted file system:</para>
-
- <screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
- </step>
-
- <step>
- <title>Verify That the Encrypted File System is
- Available</title>
-
- <para>The encrypted file system should now be visible to
- &man.df.1; and be available for use.</para>
-
- <screen>&prompt.user; <userinput>df -H</userinput>
-Filesystem Size Used Avail Capacity Mounted on
-/dev/ad0s1a 1037M 72M 883M 8% /
-/devfs 1.0K 1.0K 0B 100% /dev
-/dev/ad0s1f 8.1G 55K 7.5G 0% /home
-/dev/ad0s1e 1037M 1.1M 953M 0% /tmp
-/dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr
-/dev/ad4s1c.bde 150G 4.1K 138G 0% /private</screen>
- </step>
- </procedure>
- </sect3>
-
- <sect3>
- <title>Mounting Existing Encrypted File Systems</title>
-
- <para>After each boot, any encrypted file systems must be
- re-attached to the kernel, checked for errors, and mounted,
- before the file systems can be used. The required commands
- must be executed as
- <systemitem class="username">root</systemitem>.</para>
-
- <procedure>
- <step>
- <title>Attach the <command>gbde</command> Partition to the
- Kernel</title>
-
- <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock</userinput></screen>
-
- <para>This command will prompt for the passphrase that was
- selected during initialization of the encrypted
- <application>gbde</application> partition.</para>
- </step>
-
- <step>
- <title>Check the File System for Errors</title>
-
- <para>Since encrypted file systems cannot yet be listed in
- <filename>/etc/fstab</filename> for automatic mounting,
- the file systems must be checked for errors by running
- &man.fsck.8; manually before mounting:</para>
-
- <screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
- </step>
-
- <step>
- <title>Mount the Encrypted File System</title>
-
- <screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
-
- <para>The encrypted file system is now available for
- use.</para>
- </step>
- </procedure>
-
- <sect4>
- <title>Automatically Mounting Encrypted Partitions</title>
-
- <para>It is possible to create a script to automatically
- attach, check, and mount an encrypted partition, but for
- security reasons the script should not contain the
- &man.gbde.8; password. Instead, it is recommended that
- such scripts be run manually while providing the password
- via the console or &man.ssh.1;.</para>
-
- <para>As an alternative, an <filename>rc.d</filename> script
- is provided. Arguments for this script can be passed via
- &man.rc.conf.5;:</para>
-
- <programlisting>gbde_autoattach_all="YES"
-gbde_devices="ad4s1c"
-gbde_lockdir="/etc/gbde"</programlisting>
-
- <para>This requires that the
- <application>gbde</application> passphrase be entered at
- boot time. After typing the correct passphrase, the
- <application>gbde</application> encrypted partition will
- be mounted automatically. This can be useful when using
- <application>gbde</application> on laptops.</para>
- </sect4>
- </sect3>
-
- <sect3>
- <title>Cryptographic Protections Employed by
- <command>gbde</command></title>
-
- <para>&man.gbde.8; encrypts the sector payload using 128-bit
- AES in CBC mode. Each sector on the disk is encrypted with
- a different AES key. For more information on the
- cryptographic design, including how the sector keys are
- derived from the user-supplied passphrase, refer to
- &man.gbde.4;.</para>
- </sect3>
-
- <sect3>
- <title>Compatibility Issues</title>
-
- <para>&man.sysinstall.8; is incompatible with
- <application>gbde</application>-encrypted devices. All
- <filename>*.bde</filename>
- devices must be detached from the kernel before starting
- &man.sysinstall.8; or it will crash during its initial
- probing for devices. To detach the encrypted device used in
- the example, use the following command:</para>
-
- <screen>&prompt.root; <userinput>gbde detach /dev/ad4s1c</userinput></screen>
-
- </sect3>
- </sect2>
-
- <sect2>
- <info>
- <title>Disk Encryption with <command>geli</command></title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Daniel</firstname>
- <surname>Gerzo</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <para>An alternative cryptographic GEOM class is available
- through &man.geli.8;. <command>geli</command> differs from
- <command>gbde</command>; offers different features, and uses
- a different scheme for doing cryptographic work.</para>
-
- <para>&man.geli.8; provides the following features:</para>
-
- <itemizedlist>
- <listitem>
- <para>Utilizes the &man.crypto.9; framework and, when
- cryptographic hardware is available,
- <command>geli</command> uses it automatically.</para>
- </listitem>
-
- <listitem>
- <para>Supports multiple cryptographic algorithms such as
- AES, Blowfish, and 3DES.</para>
- </listitem>
-
- <listitem>
- <para>Allows the root partition to be encrypted. The
- passphrase used to access the encrypted root partition
- will be requested during system boot.</para>
- </listitem>
-
- <listitem>
- <para>Allows the use of two independent keys such as a
- <quote>key</quote> and a
- <quote>company key</quote>.</para>
- </listitem>
-
- <listitem>
- <para><command>geli</command> is fast as it performs simple
- sector-to-sector encryption.</para>
- </listitem>
-
- <listitem>
- <para>Allows backup and restore of master keys. If a user
- destroys their keys, it is still possible to get access
- to the data by restoring keys from the backup.</para>
- </listitem>
-
- <listitem>
- <para>Allows a disk to attach with a random, one-time key
- which is useful for swap partitions and temporary file
- systems.</para>
- </listitem>
- </itemizedlist>
-
- <para>More <command>geli</command> features can be found in
- &man.geli.8;.</para>
-
- <para>This section describes how to enable support for
- <command>geli</command> in the &os; kernel and explains how
- to create and use a <command>geli</command> encryption
- provider.</para>
-
- <para>Superuser privileges are required since modifications
- to the kernel are necessary.</para>
-
- <procedure>
- <step>
- <title>Adding <command>geli</command> Support to the
- Kernel</title>
-
- <para>For a custom kernel, ensure the kernel configuration
- file contains these lines:</para>
-
- <programlisting>options GEOM_ELI
-device crypto</programlisting>
-
- <para>Alternatively, the <command>geli</command> module can
- be loaded at boot time by adding the following line to
- <filename>/boot/loader.conf</filename>:</para>
-
- <programlisting>geom_eli_load="YES"</programlisting>
-
- <para>&man.geli.8; should now be supported by the
- kernel.</para>
- </step>
-
- <step>
- <title>Generating the Master Key</title>
-
- <para>The following example describes how to generate a
- key file which will be used as part of the master key for
- the encrypted provider mounted under
- <filename>/private</filename>. The key
- file will provide some random data used to encrypt the
- master key. The master key will also be protected by a
- passphrase. The provider's sector size will be 4kB.
- The example will describe how to attach to the
- <command>geli</command> provider, create a file system on
- it, mount it, work with it, and finally, how to detach
- it.</para>
-
- <para>It is recommended to use a bigger sector size, such as
- 4kB, for better performance.</para>
-
- <para>The master key will be protected with a passphrase and
- the data source for the key file will be
- <filename>/dev/random</filename>. The sector size of
- the provider <filename>/dev/da2.eli</filename> will be
- 4kB.</para>
-
- <screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput>
-&prompt.root; <userinput>geli init -s 4096 -K /root/da2.key /dev/da2</userinput>
-Enter new passphrase:
-Reenter new passphrase:</screen>
-
- <para>It is not mandatory to use both a passphrase and a key
- file as either method of securing the master key can be
- used in isolation.</para>
-
- <para>If the key file is given as <quote>-</quote>, standard
- input will be used. This example shows how more than one
- key file can be used:</para>
-
- <screen>&prompt.root; <userinput>cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2</userinput></screen>
- </step>
-
- <step>
- <title>Attaching the Provider with the Generated Key</title>
-
- <screen>&prompt.root; <userinput>geli attach -k /root/da2.key /dev/da2</userinput>
-Enter passphrase:</screen>
-
- <para>The new plaintext device will be named
- <filename>/dev/da2.eli</filename>.</para>
-
- <screen>&prompt.root; <userinput>ls /dev/da2*</userinput>
-/dev/da2 /dev/da2.eli</screen>
- </step>
-
- <step>
- <title>Creating the New File System</title>
-
- <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/da2.eli bs=1m</userinput>
-&prompt.root; <userinput>newfs /dev/da2.eli</userinput>
-&prompt.root; <userinput>mount /dev/da2.eli /private</userinput></screen>
-
- <para>The encrypted file system should now be visible to
- &man.df.1; and be available for use:</para>
-
- <screen>&prompt.root; <userinput>df -H</userinput>
-Filesystem Size Used Avail Capacity Mounted on
-/dev/ad0s1a 248M 89M 139M 38% /
-/devfs 1.0K 1.0K 0B 100% /dev
-/dev/ad0s1f 7.7G 2.3G 4.9G 32% /usr
-/dev/ad0s1d 989M 1.5M 909M 0% /tmp
-/dev/ad0s1e 3.9G 1.3G 2.3G 35% /var
-/dev/da2.eli 150G 4.1K 138G 0% /private</screen>
- </step>
-
- <step>
- <title>Unmounting and Detaching the Provider</title>
-
- <para>Once the work on the encrypted partition is done, and
- the <filename>/private</filename>
- partition is no longer needed, it is prudent to consider
- unmounting and detaching the <command>geli</command>
- encrypted partition from the kernel:</para>
-
- <screen>&prompt.root; <userinput>umount /private</userinput>
-&prompt.root; <userinput>geli detach da2.eli</userinput></screen>
- </step>
- </procedure>
-
- <para>More information about the use of &man.geli.8; can be
- found in its manual page.</para>
-
- <sect3>
- <title>Using the <filename>geli</filename>
- <filename>rc.d</filename> Script</title>
-
- <para><command>geli</command> comes with a
- <filename>rc.d</filename> script which can be used to
- simplify the usage of <command>geli</command>. An example
- of configuring <command>geli</command> through
- &man.rc.conf.5; follows:</para>
-
- <programlisting>geli_devices="da2"
-geli_da2_flags="-p -k /root/da2.key"</programlisting>
-
- <para>This configures <filename>/dev/da2</filename> as a
- <command>geli</command> provider of which the master key
- file is located in <filename>/root/da2.key</filename>.
- <command>geli</command> will not use a passphrase when
- attaching to the provider if
- <option>-P</option> was given during the
- <literal>geli init</literal> phase. The system will detach
- the <command>geli</command> provider from the kernel before
- the system shuts down.</para>
-
- <para>More information about configuring
- <filename>rc.d</filename> is provided in the
- <link linkend="configtuning-rcd">rc.d</link> section of the
- Handbook.</para>
- </sect3>
- </sect2>
- </sect1>
-
- <sect1 xml:id="swap-encrypting">
- <info>
- <title>Encrypting Swap Space</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Christian</firstname>
- <surname>Br&uuml;ffer</surname>
- </personname>
- <contrib>Written by </contrib>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>swap</primary>
- <secondary>encrypting</secondary>
- </indexterm>
-
- <para>Like the encryption of disk partitions, encryption of swap
- space is used to protect sensitive information. Consider an
- application that deals with passwords. As long as these
- passwords stay in physical memory, these passwords will not be
- written to disk and be cleared after a reboot. If &os; starts
- swapping out memory pages to free space for other applications,
- the passwords may be written to the disk platters unencrypted.
- Encrypting swap space can be a solution for this
- scenario.</para>
-
- <para>The &man.gbde.8; or &man.geli.8; encryption systems may be
- used for swap encryption. Both systems use the
- <filename>encswap</filename>
- <link linkend="configtuning-rcd">rc.d</link> script.</para>
-
- <note>
- <para>For the remainder of this section,
- <filename>ad0s1b</filename> will be the swap
- partition.</para>
- </note>
-
- <para>Swap partitions are not encrypted by default and should
- be cleared of any sensitive data before continuing. To
- overwrite the current swap parition with random garbage,
- execute the following command:</para>
-
- <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput></screen>
-
- <sect2>
- <title>Swap Encryption with &man.gbde.8;</title>
-
- <para>The <literal>.bde</literal> suffix should be added to the
- device in the respective <filename>/etc/fstab</filename> swap
- line:</para>
-
- <programlisting># Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.bde none swap sw 0 0</programlisting>
- </sect2>
-
- <sect2>
- <title>Swap Encryption with &man.geli.8;</title>
-
- <para>The procedure for instead using &man.geli.8; for swap
- encryption is similar to that of using &man.gbde.8;. The
- <literal>.eli</literal> suffix should be added to the device
- in the respective <filename>/etc/fstab</filename> swap
- line:</para>
-
- <programlisting># Device Mountpoint FStype Options Dump Pass#
-/dev/ad0s1b.eli none swap sw 0 0</programlisting>
-
- <para>&man.geli.8; uses the <acronym>AES</acronym> algorithm
- with a key length of 128 bit by default. These defaults can
- be altered by using <literal>geli_swap_flags</literal> in
- <filename>/etc/rc.conf</filename>. The following line tells
- the <filename>encswap</filename> rc.d script to create
- &man.geli.8; swap partitions using the Blowfish algorithm with
- a key length of 128 bits and a sectorsize of 4 kilobytes, and
- sets <quote>detach on last close</quote>:</para>
-
- <programlisting>geli_swap_flags="-e blowfish -l 128 -s 4096 -d"</programlisting>
-
- <para>Refer to the description of
- <command>onetime</command> in &man.geli.8; for a list of
- possible options.</para>
- </sect2>
-
- <sect2>
- <title>Encrypted Swap Verification</title>
-
- <para>Once the system has rebooted, proper operation of the
- encrypted swap can be verified using
- <command>swapinfo</command>.</para>
-
- <para>If &man.gbde.8; is being used:</para>
-
- <screen>&prompt.user; <userinput>swapinfo</userinput>
-Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.bde 542720 0 542720 0%</screen>
-
- <para>If &man.geli.8; is being used:</para>
-
- <screen>&prompt.user; <userinput>swapinfo</userinput>
-Device 1K-blocks Used Avail Capacity
-/dev/ad0s1b.eli 542720 0 542720 0%</screen>
- </sect2>
- </sect1>
-
- <sect1 xml:id="disks-hast">
- <info>
- <title>Highly Available Storage (HAST)</title>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Daniel</firstname>
- <surname>Gerzo</surname>
- </personname>
- <contrib>Contributed by </contrib>
- </author>
- </authorgroup>
-
- <authorgroup>
- <author>
- <personname>
- <firstname>Freddie</firstname>
- <surname>Cash</surname>
- </personname>
- <contrib>With inputs from </contrib>
- </author>
-
- <author>
- <personname>
- <firstname>Pawel Jakub</firstname>
- <surname>Dawidek</surname>
- </personname>
- </author>
-
- <author>
- <personname>
- <firstname>Michael W.</firstname>
- <surname>Lucas</surname>
- </personname>
- </author>
-
- <author>
- <personname>
- <firstname>Viktor</firstname>
- <surname>Petersson</surname>
- </personname>
- </author>
- </authorgroup>
- </info>
-
- <indexterm>
- <primary>HAST</primary>
- <secondary>high availability</secondary>
- </indexterm>
-
- <sect2>
- <title>Synopsis</title>
-
- <para>High availability is one of the main requirements in
- serious business applications and highly-available storage is
- a key component in such environments. Highly Available
- STorage, or <acronym>HAST<remark role="acronym">Highly
- Available STorage</remark></acronym>, was developed by
- &a.pjd.email; as a framework which allows transparent storage
- of the same data across several physically separated machines
- connected by a TCP/IP network. <acronym>HAST</acronym> can be
- understood as a network-based RAID1 (mirror), and is similar
- to the DRBD&reg; storage system known from the GNU/&linux;
- platform. In combination with other high-availability
- features of &os; like <acronym>CARP</acronym>,
- <acronym>HAST</acronym> makes it possible to build a
- highly-available storage cluster that is resistant to hardware
- failures.</para>
-
- <para>After reading this section, you will know:</para>
-
- <itemizedlist>
- <listitem>
- <para>What <acronym>HAST</acronym> is, how it works and
- which features it provides.</para>
- </listitem>
-
- <listitem>
- <para>How to set up and use <acronym>HAST</acronym> on
- &os;.</para>
- </listitem>
-
- <listitem>
- <para>How to integrate <acronym>CARP</acronym> and
- &man.devd.8; to build a robust storage system.</para>
- </listitem>
- </itemizedlist>
-
- <para>Before reading this section, you should:</para>
-
- <itemizedlist>
- <listitem>
- <para>Understand &unix; and
- <link linkend="basics">&os; basics</link>.</para>
- </listitem>
-
- <listitem>
- <para>Know how to
- <link linkend="config-tuning">configure</link> network
- interfaces and other core &os; subsystems.</para>
- </listitem>
-
- <listitem>
- <para>Have a good understanding of
- <link linkend="network-communication">&os;
- networking</link>.</para>
- </listitem>
- </itemizedlist>
-
- <para>The <acronym>HAST</acronym> project was sponsored by The
- &os; Foundation with support from
- <link xlink:href="http://www.omc.net/">OMCnet Internet Service
- GmbH</link> and <link
- xlink:href="http://www.transip.nl/">TransIP
- BV</link>.</para>
- </sect2>
-
- <sect2>
- <title>HAST Features</title>
-
- <para>The main features of the <acronym>HAST</acronym> system
- are:</para>
-
- <itemizedlist>
- <listitem>
- <para>Can be used to mask I/O errors on local hard
- drives.</para>
- </listitem>
-
- <listitem>
- <para>File system agnostic as it works with any file
- system supported by &os;.</para>
- </listitem>
-
- <listitem>
- <para>Efficient and quick resynchronization, synchronizing
- only blocks that were modified during the downtime of a
- node.</para>
- </listitem>
-
- <!--
- <listitem>
- <para>Has several synchronization modes to allow for fast
- failover.</para>
- </listitem>
- -->
-
- <listitem>
- <para>Can be used in an already deployed environment to add
- additional redundancy.</para>
- </listitem>
-
- <listitem>
- <para>Together with <acronym>CARP</acronym>,
- <application>Heartbeat</application>, or other tools, it
- can be used to build a robust and durable storage
- system.</para>
- </listitem>
- </itemizedlist>
- </sect2>
-
- <sect2>
- <title>HAST Operation</title>
-
- <para>As <acronym>HAST</acronym> provides a synchronous
- block-level replication of any storage media to several
- machines, it requires at least two physical machines:
- the <literal>primary</literal>, also known as the
- <literal>master</literal> node, and the
- <literal>secondary</literal> or <literal>slave</literal>
- node. These two machines together are referred to as a
- cluster.</para>
-
- <note>
- <para>HAST is currently limited to two cluster nodes in
- total.</para>
- </note>
-
- <para>Since <acronym>HAST</acronym> works in a
- primary-secondary configuration, it allows only one of the
- cluster nodes to be active at any given time. The
- <literal>primary</literal> node, also called
- <literal>active</literal>, is the one which will handle all
- the I/O requests to <acronym>HAST</acronym>-managed
- devices. The <literal>secondary</literal> node is
- automatically synchronized from the <literal>primary</literal>
- node.</para>
-
- <para>The physical components of the <acronym>HAST</acronym>
- system are:</para>
-
- <itemizedlist>
- <listitem>
- <para>local disk on primary node, and</para>
- </listitem>
-
- <listitem>
- <para>disk on remote, secondary node.</para>
- </listitem>
- </itemizedlist>
-
- <para><acronym>HAST</acronym> operates synchronously on a block
- level, making it transparent to file systems and applications.
- <acronym>HAST</acronym> provides regular GEOM providers in
- <filename>/dev/hast/</filename> for use by
- other tools or applications, thus there is no difference
- between using <acronym>HAST</acronym>-provided devices and
- raw disks or partitions.</para>
-
- <para>Each write, delete, or flush operation is sent to the
- local disk and to the remote disk over TCP/IP. Each read
- operation is served from the local disk, unless the local disk
- is not up-to-date or an I/O error occurs. In such case, the
- read operation is sent to the secondary node.</para>
-
- <sect3>
- <title>Synchronization and Replication Modes</title>
-
- <para><acronym>HAST</acronym> tries to provide fast failure
- recovery. For this reason, it is very important to reduce
- synchronization time after a node's outage. To provide fast
- synchronization, <acronym>HAST</acronym> manages an on-disk
- bitmap of dirty extents and only synchronizes those during a
- regular synchronization, with an exception of the initial
- sync.</para>
-
- <para>There are many ways to handle synchronization.
- <acronym>HAST</acronym> implements several replication modes
- to handle different synchronization methods:</para>
-
- <itemizedlist>
- <listitem>
- <para><emphasis>memsync</emphasis>: report write operation
- as completed when the local write operation is finished
- and when the remote node acknowledges data arrival, but
- before actually storing the data. The data on the
- remote node will be stored directly after sending the
- acknowledgement. This mode is intended to reduce
- latency, but still provides very good
- reliability.</para>
- </listitem>
-
- <listitem>
- <para><emphasis>fullsync</emphasis>: report write
- operation as completed when local write completes and
- when remote write completes. This is the safest and the
- slowest replication mode. This mode is the
- default.</para>
- </listitem>
-
- <listitem>
- <para><emphasis>async</emphasis>: report write operation
- as completed when local write completes. This is the
- fastest and the most dangerous replication mode. It
- should be used when replicating to a distant node where
- latency is too high for other modes.</para>
- </listitem>
- </itemizedlist>
- </sect3>
- </sect2>
-
- <sect2>
- <title>HAST Configuration</title>
-
- <para><acronym>HAST</acronym> requires
- <literal>GEOM_GATE</literal> support which is not present in
- the default <literal>GENERIC</literal> kernel. However, the
- <varname>geom_gate.ko</varname> loadable module is available
- in the default &os; installation. Alternatively, to build
- <literal>GEOM_GATE</literal> support into the kernel
- statically, add this line to the custom kernel configuration
- file:</para>
-
- <programlisting>options GEOM_GATE</programlisting>
-
- <para>The <acronym>HAST</acronym> framework consists of several
- parts from the operating system's point of view:</para>
-
- <itemizedlist>
- <listitem>
- <para>the &man.hastd.8; daemon responsible for data
- synchronization,</para>
- </listitem>
-
- <listitem>
- <para>the &man.hastctl.8; userland management
- utility,</para>
- </listitem>
-
- <listitem>
- <para>and the &man.hast.conf.5; configuration file.</para>
- </listitem>
- </itemizedlist>
-
- <para>The following example describes how to configure two nodes
- in <literal>master</literal>-<literal>slave</literal> /
- <literal>primary</literal>-<literal>secondary</literal>
- operation using <acronym>HAST</acronym> to replicate the data
- between the two. The nodes will be called
- <literal>hasta</literal> with an IP address of
- <replaceable>172.16.0.1</replaceable> and
- <literal>hastb</literal> with an IP of address
- <replaceable>172.16.0.2</replaceable>. Both nodes will have a
- dedicated hard drive <filename>/dev/ad6</filename> of the same
- size for <acronym>HAST</acronym> operation. The
- <acronym>HAST</acronym> pool, sometimes also referred to as a
- resource or the GEOM provider in
- <filename>/dev/hast/</filename>, will be called
- <filename>test</filename>.</para>
-
- <para>Configuration of <acronym>HAST</acronym> is done using
- <filename>/etc/hast.conf</filename>. This file should be the
- same on both nodes. The simplest configuration possible
- is:</para>
-
- <programlisting>resource test {
- on hasta {
- local /dev/ad6
- remote 172.16.0.2
- }
- on hastb {
- local /dev/ad6
- remote 172.16.0.1
- }
-}</programlisting>
-
- <para>For more advanced configuration, refer to
- &man.hast.conf.5;.</para>
-
- <tip>
- <para>It is also possible to use host names in the
- <literal>remote</literal> statements. In such a case, make
- sure that these hosts are resolvable and are defined in
- <filename>/etc/hosts</filename> or in the local
- <acronym>DNS</acronym>.</para>
- </tip>
-
- <para>Now that the configuration exists on both nodes,
- the <acronym>HAST</acronym> pool can be created. Run these
- commands on both nodes to place the initial metadata onto the
- local disk and to start &man.hastd.8;:</para>
-
- <screen>&prompt.root; <userinput>hastctl create test</userinput>
-&prompt.root; <userinput>service hastd onestart</userinput></screen>
-
- <note>
- <para>It is <emphasis>not</emphasis> possible to use GEOM
- providers with an existing file system or to convert an
- existing storage to a <acronym>HAST</acronym>-managed pool.
- This procedure needs to store some metadata on the provider
- and there will not be enough required space
- available on an existing provider.</para>
- </note>
-
- <para>A HAST node's <literal>primary</literal> or
- <literal>secondary</literal> role is selected by an
- administrator, or software like
- <application>Heartbeat</application>, using &man.hastctl.8;.
- On the primary node,
- <literal>hasta</literal>, issue
- this command:</para>
-
- <screen>&prompt.root; <userinput>hastctl role primary test</userinput></screen>
-
- <para>Similarly, run this command on the secondary node,
- <literal>hastb</literal>:</para>
-
- <screen>&prompt.root; <userinput>hastctl role secondary test</userinput></screen>
-
- <caution>
- <para>When the nodes are unable to communicate with each
- other, and both are configured as primary nodes, the
- condition is called <literal>split-brain</literal>. To
- troubleshoot this situation, follow the steps described in
- <xref linkend="disks-hast-sb"/>.</para>
- </caution>
-
- <para>Verify the result by running &man.hastctl.8; on each
- node:</para>
-
- <screen>&prompt.root; <userinput>hastctl status test</userinput></screen>
-
- <para>The important text is the <literal>status</literal> line,
- which should say <literal>complete</literal>
- on each of the nodes. If it says <literal>degraded</literal>,
- something went wrong. At this point, the synchronization
- between the nodes has already started. The synchronization
- completes when <command>hastctl status</command>
- reports 0 bytes of <literal>dirty</literal> extents.</para>
-
-
- <para>The next step is to create a filesystem on the
- <filename>/dev/hast/test</filename>
- GEOM provider and mount it. This must be done on the
- <literal>primary</literal> node, as
- <filename>/dev/hast/test</filename>
- appears only on the <literal>primary</literal> node. Creating
- the filesystem can take a few minutes, depending on the size
- of the hard drive:</para>
-
- <screen>&prompt.root; <userinput>newfs -U /dev/hast/test</userinput>
-&prompt.root; <userinput>mkdir /hast/test</userinput>
-&prompt.root; <userinput>mount /dev/hast/test /hast/test</userinput></screen>
-
- <para>Once the <acronym>HAST</acronym> framework is configured
- properly, the final step is to make sure that
- <acronym>HAST</acronym> is started automatically during
- system boot. Add this line to
- <filename>/etc/rc.conf</filename>:</para>
-
- <programlisting>hastd_enable="YES"</programlisting>
-
- <sect3>
- <title>Failover Configuration</title>
-
- <para>The goal of this example is to build a robust storage
- system which is resistant to the failure of any given node.
- The scenario is that a <literal>primary</literal> node of
- the cluster fails. If this happens, the
- <literal>secondary</literal> node is there to take over
- seamlessly, check and mount the file system, and continue to
- work without missing a single bit of data.</para>
-
- <para>To accomplish this task, another &os; feature,
- <acronym>CARP</acronym>, provides for automatic failover on
- the IP layer. <acronym>CARP</acronym> (Common
- Address Redundancy Protocol) allows multiple hosts on the
- same network segment to share an IP address. Set up
- <acronym>CARP</acronym> on both nodes of the cluster
- according to the documentation available in
- <xref linkend="carp"/>. After setup, each node will
- have its own <filename>carp0</filename> interface with a
- shared IP address of
- <replaceable>172.16.0.254</replaceable>. The primary
- <acronym>HAST</acronym> node of the cluster must be the
- master <acronym>CARP</acronym> node.</para>
-
- <para>The <acronym>HAST</acronym> pool created in the previous
- section is now ready to be exported to the other hosts on
- the network. This can be accomplished by exporting it
- through <acronym>NFS</acronym> or
- <application>Samba</application>, using the shared IP
- address <replaceable>172.16.0.254</replaceable>. The only
- problem which remains unresolved is an automatic failover
- should the primary node fail.</para>
-
- <para>In the event of <acronym>CARP</acronym> interfaces going
- up or down, the &os; operating system generates a
- &man.devd.8; event, making it possible to watch for state
- changes on the <acronym>CARP</acronym> interfaces. A state
- change on the <acronym>CARP</acronym> interface is an
- indication that one of the nodes failed or came back online.
- These state change events make it possible to run a script
- which will automatically handle the HAST failover.</para>
-
- <para>To be able to catch state changes on the
- <acronym>CARP</acronym> interfaces, add this
- configuration to
- <filename>/etc/devd.conf</filename> on each node:</para>
-
- <programlisting>notify 30 {
- match "system" "IFNET";
- match "subsystem" "carp0";
- match "type" "LINK_UP";
- action "/usr/local/sbin/carp-hast-switch master";
-};
-
-notify 30 {
- match "system" "IFNET";
- match "subsystem" "carp0";
- match "type" "LINK_DOWN";
- action "/usr/local/sbin/carp-hast-switch slave";
-};</programlisting>
-
- <para>Restart &man.devd.8; on both nodes to put the new
- configuration into effect:</para>
-
- <screen>&prompt.root; <userinput>service devd restart</userinput></screen>
-
- <para>When the <filename>carp0</filename> interface state
- changes by going up or down , the system generates a
- notification, allowing the &man.devd.8; subsystem to run an
- arbitrary script, in this case
- <filename>/usr/local/sbin/carp-hast-switch</filename>. This
- script handles the automatic failover. For further
- clarification about the above &man.devd.8; configuration,
- refer to &man.devd.conf.5;.</para>
-
- <para>An example of such a script could be:</para>
-
- <programlisting>#!/bin/sh
-
-# Original script by Freddie Cash &lt;fjwcash@gmail.com&gt;
-# Modified by Michael W. Lucas &lt;mwlucas@BlackHelicopters.org&gt;
-# and Viktor Petersson &lt;vpetersson@wireload.net&gt;
-
-# The names of the HAST resources, as listed in /etc/hast.conf
-resources="test"
-
-# delay in mounting HAST resource after becoming master
-# make your best guess
-delay=3
-
-# logging
-log="local0.debug"
-name="carp-hast"
-
-# end of user configurable stuff
-
-case "$1" in
- master)
- logger -p $log -t $name "Switching to primary provider for ${resources}."
- sleep ${delay}
-
- # Wait for any "hastd secondary" processes to stop
- for disk in ${resources}; do
- while $( pgrep -lf "hastd: ${disk} \(secondary\)" &gt; /dev/null 2&gt;&amp;1 ); do
- sleep 1
- done
-
- # Switch role for each disk
- hastctl role primary ${disk}
- if [ $? -ne 0 ]; then
- logger -p $log -t $name "Unable to change role to primary for resource ${disk}."
- exit 1
- fi
- done
-
- # Wait for the /dev/hast/* devices to appear
- for disk in ${resources}; do
- for I in $( jot 60 ); do
- [ -c "/dev/hast/${disk}" ] &amp;&amp; break
- sleep 0.5
- done
-
- if [ ! -c "/dev/hast/${disk}" ]; then
- logger -p $log -t $name "GEOM provider /dev/hast/${disk} did not appear."
- exit 1
- fi
- done
-
- logger -p $log -t $name "Role for HAST resources ${resources} switched to primary."
-
-
- logger -p $log -t $name "Mounting disks."
- for disk in ${resources}; do
- mkdir -p /hast/${disk}
- fsck -p -y -t ufs /dev/hast/${disk}
- mount /dev/hast/${disk} /hast/${disk}
- done
-
- ;;
-
- slave)
- logger -p $log -t $name "Switching to secondary provider for ${resources}."
-
- # Switch roles for the HAST resources
- for disk in ${resources}; do
- if ! mount | grep -q "^/dev/hast/${disk} on "
- then
- else
- umount -f /hast/${disk}
- fi
- sleep $delay
- hastctl role secondary ${disk} 2&gt;&amp;1
- if [ $? -ne 0 ]; then
- logger -p $log -t $name "Unable to switch role to secondary for resource ${disk}."
- exit 1
- fi
- logger -p $log -t $name "Role switched to secondary for resource ${disk}."
- done
- ;;
-esac</programlisting>
-
- <para>In a nutshell, the script takes these actions when a
- node becomes <literal>master</literal> /
- <literal>primary</literal>:</para>
-
- <itemizedlist>
- <listitem>
- <para>Promotes the <acronym>HAST</acronym> pools to
- primary on a given node.</para>
- </listitem>
-
- <listitem>
- <para>Checks the file system under the
- <acronym>HAST</acronym> pool.</para>
- </listitem>
-
- <listitem>
- <para>Mounts the pools at an appropriate place.</para>
- </listitem>
- </itemizedlist>
-
- <para>When a node becomes <literal>backup</literal> /
- <literal>secondary</literal>:</para>
-
- <itemizedlist>
- <listitem>
- <para>Unmounts the <acronym>HAST</acronym> pools.</para>
- </listitem>
-
- <listitem>
- <para>Degrades the <acronym>HAST</acronym> pools to
- secondary.</para>
- </listitem>
- </itemizedlist>
-
- <caution>
- <para>Keep in mind that this is just an example script which
- serves as a proof of concept. It does not handle all the
- possible scenarios and can be extended or altered in any
- way, for example, to start/stop required services.</para>
- </caution>
-
- <tip>
- <para>For this example, a standard UFS file system was used.
- To reduce the time needed for recovery, a journal-enabled
- UFS or ZFS file system can be used instead.</para>
- </tip>
-
- <para>More detailed information with additional examples can
- be found in the <link
- xlink:href="http://wiki.FreeBSD.org/HAST">HAST Wiki</link>
- page.</para>
- </sect3>
- </sect2>
-
- <sect2>
- <title>Troubleshooting</title>
-
- <sect3>
- <title>General Troubleshooting Tips</title>
-
- <para><acronym>HAST</acronym> should generally work without
- issues. However, as with any other software product, there
- may be times when it does not work as supposed. The sources
- of the problems may be different, but the rule of thumb is
- to ensure that the time is synchronized between all nodes of
- the cluster.</para>
-
- <para>When troubleshooting <acronym>HAST</acronym> problems,
- the debugging level of &man.hastd.8; should be increased by
- starting &man.hastd.8; with <literal>-d</literal>. This
- argument may be specified multiple times to further increase
- the debugging level. A lot of useful information may be
- obtained this way. Consider also using
- <literal>-F</literal>, which starts &man.hastd.8; in the
- foreground.</para>
- </sect3>
-
- <sect3 xml:id="disks-hast-sb">
- <title>Recovering from the Split-brain Condition</title>
-
- <para><literal>Split-brain</literal> is when the nodes of the
- cluster are unable to communicate with each other, and both
- are configured as primary. This is a dangerous condition
- because it allows both nodes to make incompatible changes to
- the data. This problem must be corrected manually by the
- system administrator.</para>
-
- <para>The administrator must decide which node has more
- important changes (or merge them manually) and let
- <acronym>HAST</acronym> perform full synchronization of the
- node which has the broken data. To do this, issue these
- commands on the node which needs to be
- resynchronized:</para>
-
- <screen>&prompt.root; <userinput>hastctl role init &lt;resource&gt;</userinput>
-&prompt.root; <userinput>hastctl create &lt;resource&gt;</userinput>
-&prompt.root; <userinput>hastctl role secondary &lt;resource&gt;</userinput></screen>
- </sect3>
- </sect2>
- </sect1>
-</chapter>