diff options
Diffstat (limited to 'documentation/content/en/books/handbook/disks/_index.adoc')
| -rw-r--r-- | documentation/content/en/books/handbook/disks/_index.adoc | 131 |
1 files changed, 70 insertions, 61 deletions
diff --git a/documentation/content/en/books/handbook/disks/_index.adoc b/documentation/content/en/books/handbook/disks/_index.adoc index 5390274807..cf11fbd70f 100644 --- a/documentation/content/en/books/handbook/disks/_index.adoc +++ b/documentation/content/en/books/handbook/disks/_index.adoc @@ -1,10 +1,13 @@ --- -title: Chapter 18. Storage +title: Chapter 20. Storage part: Part III. System Administration prev: books/handbook/audit next: books/handbook/geom description: This chapter covers the use of disks and storage media in FreeBSD. This includes SCSI and IDE disks, CD and DVD media, memory-backed disks, and USB storage devices. tags: ["storage", "disks", "gpart", "mount", "quotas", "encrypt", "GPT", "cdrecord", "NTFS", "quotas", "swap", "HAST", "CD", "DVD", "resizing", "growing"] +showBookMenu: true +weight: 24 +path: "/books/handbook/disks/" --- [[disks]] @@ -15,33 +18,35 @@ tags: ["storage", "disks", "gpart", "mount", "quotas", "encrypt", "GPT", "cdreco :icons: font :sectnums: :sectnumlevels: 6 +:sectnumoffset: 20 +:partnums: :source-highlighter: rouge :experimental: -:skip-front-matter: -:xrefstyle: basic -:relfileprefix: ../ -:outfilesuffix: -:sectnumoffset: 18 - -ifeval::["{backend}" == "html5"] -:imagesdir: ../../../../images/books/handbook/disks/ -endif::[] - -ifeval::["{backend}" == "pdf"] -:imagesdir: ../../../../static/images/books/handbook/disks/ -endif::[] +:images-path: books/handbook/disks/ -ifeval::["{backend}" == "epub3"] -:imagesdir: ../../../../static/images/books/handbook/disks/ +ifdef::env-beastie[] +ifdef::backend-html5[] +:imagesdir: ../../../../images/{images-path} endif::[] - +ifndef::book[] include::shared/authors.adoc[] +include::shared/mirrors.adoc[] include::shared/releases.adoc[] -include::shared/en/mailing-lists.adoc[] -include::shared/en/teams.adoc[] -include::shared/en/urls.adoc[] +include::shared/attributes/attributes-{{% lang %}}.adoc[] +include::shared/{{% lang %}}/teams.adoc[] +include::shared/{{% lang %}}/mailing-lists.adoc[] +include::shared/{{% lang %}}/urls.adoc[] +toc::[] +endif::[] +ifdef::backend-pdf,backend-epub3[] +include::../../../../../shared/asciidoctor.adoc[] +endif::[] +endif::[] +ifndef::env-beastie[] toc::[] +include::../../../../../shared/asciidoctor.adoc[] +endif::[] [[disks-synopsis]] == Synopsis @@ -665,7 +670,7 @@ When used with `-R`, it produces a file system image that is identical to the sp The last option of general use is `-b`. This is used to specify the location of a boot image for use in producing an "El Torito" bootable CD. This option takes an argument which is the path to a boot image from the top of the tree being written to the CD. -By default, `mkisofs` creates an ISO image in "floppy disk emulation" mode, and thus expects the boot image to be exactly 1200, 1440 or 2880 KB in size. +By default, `mkisofs` creates an ISO image in "floppy disk emulation" mode, and thus expects the boot image to be exactly 1200, 1440 or 2880 KB in size. Some boot loaders, like the one used by the FreeBSD distribution media, do not use emulation mode. In this case, `-no-emul-boot` should be used. So, if [.filename]#/tmp/myboot# holds a bootable FreeBSD system with the boot image in [.filename]#/tmp/myboot/boot/cdboot#, this command would produce [.filename]#/tmp/bootable.iso#: @@ -872,7 +877,7 @@ To force the write speed, use `-speed=`. Refer to man:growisofs[1] for example u ==== In order to support working files larger than 4.38GB, an UDF/ISO-9660 hybrid file system must be created by passing `-udf -iso-level 3` to man:mkisofs[8] and all related programs, such as man:growisofs[1]. This is required only when creating an ISO image file or when writing files directly to a disk. -Since a disk created this way must be mounted as an UDF file system with man:mount_udf[8], it will be usable only on an UDF aware operating system. +Since a disk created this way must be mounted as an UDF file system with man:mount_udf[8], it will be usable only on an UDF aware operating system. Otherwise it will look as if it contains corrupted files. To create this type of ISO file: @@ -1240,21 +1245,21 @@ Instead of writing files and directories, `dump` writes the raw data blocks that [NOTE] ==== -If `dump` is used on the root directory, it will not back up [.filename]#/home#, [.filename]#/usr# or many other directories since these are typically mount points for other file systems or symbolic links into those file systems. +If `dump` is used on the root directory, it will not back up [.filename]#/home#, [.filename]#/usr#, or many other directories since these are typically mount points for other file systems or symbolic links into those file systems. ==== When used to restore data, `restore` stores temporary files in [.filename]#/tmp/# by default. -When using a recovery disk with a small [.filename]#/tmp#, set `TMPDIR` to a directory with more free space in order for the restore to succeed. +When using a recovery disk with a small [.filename]#/tmp#, set `TMPDIR` to a directory with more free space for the restore to succeed. When using `dump`, be aware that some quirks remain from its early days in Version 6 of AT&T UNIX(R),circa 1975. The default parameters assume a backup to a 9-track tape, rather than to another type of media or to the high-density tapes available today. These defaults must be overridden on the command line. -It is possible to backup a file system across the network to a another system or to a tape drive attached to another computer. +It is possible to backup a file system across the network to another system or a tape drive attached to another computer. While the man:rdump[8] and man:rrestore[8] utilities can be used for this purpose, they are not considered to be secure. -Instead, one can use `dump` and `restore` in a more secure fashion over an SSH connection. -This example creates a full, compressed backup of [.filename]#/usr# and sends the backup file to the specified host over a SSH connection. +Instead, one can use `dump` and `restore` more securely over an SSH connection. +This example creates a full, compressed backup of [.filename]#/usr# and sends the backup file to the specified host over an SSH connection. .Using `dump` over ssh [example] @@ -1266,7 +1271,7 @@ This example creates a full, compressed backup of [.filename]#/usr# and sends th .... ==== -This example sets `RSH` in order to write the backup to a tape drive on a remote system over a SSH connection: +This example sets `RSH` in order to write the backup to a tape drive on a remote system over an SSH connection: .Using `dump` over ssh with `RSH` Set [example] @@ -1277,6 +1282,11 @@ This example sets `RSH` in order to write the backup to a tape drive on a remote .... ==== +[TIP] +==== +Systems using the crossref:zfs[,Z file system (ZFS)] can make use of man:zfs[8] for creating snapshots, as well as crossref:zfs[zfs-zfs-send,sending and receiving] them to/from remote systems. +==== + === Directory Backups Several built-in utilities are available for backing up and restoring specified files and directories as needed. @@ -1298,7 +1308,7 @@ When creating a backup file, make sure that the backup is not saved to the same ==== To restore the entire backup, `cd` into the directory to restore into and specify the name of the backup. -Note that this will overwrite any newer versions of files in the restore directory. +Note that this will overwrite any newer versions of files in the restore directory. When in doubt, restore to a temporary directory or specify the name of the file within the backup to restore. .Restoring Up the Current Directory with `tar` @@ -1350,7 +1360,7 @@ While tape technology has continued to evolve, modern backup systems tend to com FreeBSD supports any tape drive that uses SCSI, such as LTO or DAT. There is limited support for SATA and USB tape drives. -For SCSI tape devices, FreeBSD uses the man:sa[4] driver and the [.filename]#/dev/sa0#, [.filename]#/dev/nsa0#, and [.filename]#/dev/esa0# devices. +For SCSI tape devices, FreeBSD uses the man:sa[4] driver and the [.filename]#/dev/sa0#, [.filename]#/dev/nsa0#, and [.filename]#/dev/esa0# devices. The physical device name is [.filename]#/dev/sa0#. When [.filename]#/dev/nsa0# is used, the backup application will not rewind the tape after writing a file, which allows writing more than one file to a tape. Using [.filename]#/dev/esa0# ejects the tape after the device is closed. @@ -1399,7 +1409,14 @@ To interactively restore files from a `dump` file on tape into the current direc The FreeBSD Ports Collection provides many third-party utilities which can be used to schedule the creation of backups, simplify tape backup, and make backups easier and more convenient. Many of these applications are client/server based and can be used to automate the backups of a single system or all of the computers in a network. -Popular utilities include Amanda, Bacula, rsync, and duplicity. +Popular utilities include: + + * Amanda (package:misc/amanda-server[] and package:misc/amanda-client[]), + * Bacula (package:sysutils/bacula13-server[] and package:sysutils/bacula13-client[]), + * Bareos (package:sysutils/bareos-server[] and package:sysutils/bareos-client[]), + * package:net/rsync[], + * package:sysutils/duply[], and + * package:sysutils/duplicity[]. === Emergency Recovery @@ -1409,18 +1426,13 @@ Create a print copy of the output of the following commands: * `gpart show` * `more /etc/fstab` +* `pkg prime-list` * `dmesg` Store this printout and a copy of the installation media in a secure location. Should an emergency restore be needed, boot into the installation media and select `Live CD` to access a rescue shell. This rescue mode can be used to view the current state of the system, and if needed, to reformat disks and restore data from backups. -[NOTE] -==== -The installation media for FreeBSD/i386 {rel112-current}-RELEASE does not include a rescue shell. -For this version, instead download and burn a Livefs CD image from link:ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/ISO-IMAGES/{rel112-current}/FreeBSD-{rel112-current}-RELEASE-i386-livefs.iso[ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/i386/ISO-IMAGES/{rel112-current}/FreeBSD-{rel112-current}-RELEASE-i386-livefs.iso]. -==== - Next, test the rescue shell and the backups. Make notes of the procedure. Store these notes with the media, the printouts, and the backups. @@ -1551,8 +1563,9 @@ For more details about `mdmfs`, refer to man:mdmfs[8]. FreeBSD offers a feature in conjunction with crossref:config[soft-updates,Soft Updates]: file system snapshots. -UFS snapshots allow a user to create images of specified file systems, and treat them as a file. -Snapshot files must be created in the file system that the action is performed on, and a user may create no more than 20 snapshots per file system. +UFS snapshots allow a user to create images of specified file systems, and treat them as a file. If you are using the crossref:zfs[,Z file system (ZFS)], refer to crossref:zfs[zfs-zfs-snapshot,"Managing Snapshots"] on how to use snapshots. + +Snapshot files must be created in the file system that the action is performed on, and a user may create no more than 20 snapshots per file system. Active snapshots are recorded in the superblock so they are persistent across unmount and remount operations along with system reboots. When a snapshot is no longer required, it can be removed using man:rm[1]. While snapshots may be removed in any order, all the used space may not be acquired because another snapshot will possibly claim some of the released blocks. @@ -1611,7 +1624,7 @@ For more information about `softupdates` and file system snapshots, including te [[quotas]] == Disk Quotas -Disk quotas can be used to limit the amount of disk space or the number of files a user or members of a group may allocate on a per-file system basis. +Disk quotas can be used to limit the amount of disk space or the number of files a user or members of a group may allocate on a per-file system basis. This prevents one user or group of users from consuming all of the available disk space. This section describes how to configure disk quotas for the UFS file system. @@ -1769,7 +1782,7 @@ The asterisk `*` indicates that the user is currently over the quota limit. Quotas are enforced by the quota subsystem on the NFS server. The man:rpc.rquotad[8] daemon makes quota information available to `quota` on NFS clients, allowing users on those machines to see their quota statistics. -On the NFS server, enable `rpc.rquotad` by removing the `#` from this line in [.filename]*/etc/inetd.conf*: +On the NFS server, enable `rpc.rquotad` by removing the `+#+` from this line in [.filename]*/etc/inetd.conf*: [.programlisting] .... @@ -1799,7 +1812,7 @@ It first demonstrates the process using `gbde` and then demonstrates the same ex === Disk Encryption with gbde -The objective of the man:gbde[4] facility is to provide a formidable challenge for an attacker to gain access to the contents of a _cold_ storage device. +The objective of the man:gbde[4] facility is to provide a formidable challenge for an attacker to gain access to the contents of a _cold_ storage device. However, if the computer is compromised while up and running and the storage device is actively attached, or the attacker has access to a valid passphrase, it offers no protection to the contents of the storage device. Thus, it is important to provide physical security while the system is running and to protect the passphrase used by the encryption mechanism. @@ -1856,7 +1869,6 @@ For use with the UFS file system, set the sector_size to 2048: [source,shell] .... # gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock -# $FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $ # # Sector size is the smallest unit of data which can be read or written. # Making it too small decreases performance and decreases available space. @@ -1971,7 +1983,7 @@ This control utility adds some features and uses a different scheme for doing cr It provides the following features: * Utilizes the man:crypto[9] framework and automatically uses cryptographic hardware when it is available. -* Supports multiple cryptographic algorithms such as AES, Blowfish, and 3DES. +* Supports multiple cryptographic algorithms such as AES-XTS, AES-CBC, and Camellia-CBCAES. * Allows the root partition to be encrypted. The passphrase used to access the encrypted root partition will be requested during system boot. * Allows the use of two independent keys. * It is fast as it performs simple sector-to-sector encryption. @@ -2166,12 +2178,12 @@ The size of the blocks data is broken into before it is encrypted. Larger sector sizes increase performance at the cost of higher storage overhead. The recommended size is 4096 bytes. -This example configures an encrypted swap partition using the Blowfish algorithm with a key length of 128 bits and a sectorsize of 4 kilobytes: +This example configures an encrypted swap partition using the AES-XTS algorithm with a key length of 128 bits and a sectorsize of 4 kilobytes: [.programlisting] .... # Device Mountpoint FStype Options Dump Pass# -/dev/ada0s1b.eli none swap sw,ealgo=blowfish,keylen=128,sectorsize=4096 0 0 +/dev/ada0s1b.eli none swap sw,ealgo=AES-XTS,keylen=128,sectorsize=4096 0 0 .... === Encrypted Swap Verification @@ -2199,7 +2211,7 @@ Device 1K-blocks Used Avail Capacity [[disks-hast]] == Highly Available Storage (HAST) -High availability is one of the main requirements in serious business applications and highly-available storage is a key component in such environments. +High availability is one of the main requirements in serious business applications and highly-available storage is a key component in such environments. In FreeBSD, the Highly Available STorage (HAST) framework allows transparent storage of the same data across several physically separated machines connected by a TCP/IP network. HAST can be understood as a network-based RAID1 (mirror), and is similar to the DRBD(R) storage system used in the GNU/Linux(R) platform. In combination with other high-availability features of FreeBSD like CARP, HAST makes it possible to build a highly-available storage cluster that is resistant to hardware failures. @@ -2228,7 +2240,7 @@ The HAST project was sponsored by The FreeBSD Foundation with support from http: === HAST Operation -HAST provides synchronous block-level replication between two physical machines: the _primary_ nodeand the _secondary_ node. +HAST provides synchronous block-level replication between two physical machines: the _primary_ node and the _secondary_ node. These two machines together are referred to as a cluster. Since HAST works in a primary-secondary configuration, it allows only one of the cluster nodes to be active at any given time. @@ -2276,7 +2288,7 @@ The nodes will be called `hasta`, with an IP address of `172.16.0.1`, and `hastb Both nodes will have a dedicated hard drive [.filename]#/dev/ad6# of the same size for HAST operation. The HAST pool, sometimes referred to as a resource or the GEOM provider in [.filename]#/dev/hast/#, will be called `test`. -Configuration of HAST is done using [.filename]#/etc/hast.conf#. +Configuration of HAST is done using [.filename]#/etc/hast.conf#. This file should be identical on both nodes. The simplest configuration is: @@ -2382,30 +2394,25 @@ In the event of CARP interfaces going up or down, the FreeBSD operating system g A state change on the CARP interface is an indication that one of the nodes failed or came back online. These state change events make it possible to run a script which will automatically handle the HAST failover. -To catch state changes on the CARP interfaces, add this configuration to [.filename]#/etc/devd.conf# on each node: +To catch state changes on the CARP interfaces, add this configuration to [.filename]#/etc/devd.conf# on each node, while replacing `<vhid>` with the virtual host id and `<ifname>` with the associated interface name: [.programlisting] .... notify 30 { - match "system" "IFNET"; - match "subsystem" "carp0"; - match "type" "LINK_UP"; + match "system" "CARP"; + match "subsystem" "<vhid>@<ifname>"; + match "type" "MASTER"; action "/usr/local/sbin/carp-hast-switch primary"; }; notify 30 { - match "system" "IFNET"; - match "subsystem" "carp0"; - match "type" "LINK_DOWN"; + match "system" "CARP"; + match "subsystem" "<vhid>@<ifname>"; + match "type" "BACKUP"; action "/usr/local/sbin/carp-hast-switch secondary"; }; .... -[NOTE] -==== -If the systems are running FreeBSD 10 or higher, replace [.filename]#carp0# with the name of the CARP-configured interface. -==== - Restart man:devd[8] on both nodes to put the new configuration into effect: [source,shell] @@ -2527,6 +2534,8 @@ For this example, a standard UFS file system was used. To reduce the time needed for recovery, a journal-enabled UFS or ZFS file system can be used instead. ==== +Instead of using the highly available storage locally, it can also be shared to other computers on a network via crossref:network-servers[network-nfs,NFS], crossref:network-servers[network-iscsi,iSCSI], man:sshfs[1], or programs in ports (i.e. package:net/samba419[]). + More detailed information with additional examples can be found at http://wiki.FreeBSD.org/HAST[http://wiki.FreeBSD.org/HAST]. === Troubleshooting |