From c245e454791eb51e715f4e8ec1378ded4c6258d5 Mon Sep 17 00:00:00 2001 From: Warren Block Date: Thu, 2 Feb 2012 19:21:57 +0000 Subject: [PATCH] Whitespace-only commit, translators may ignore. Rewrap paragraphs, fix indentation. --- .../books/handbook/disks/chapter.sgml | 3213 +++++++++-------- 1 file changed, 1708 insertions(+), 1505 deletions(-) diff --git a/en_US.ISO8859-1/books/handbook/disks/chapter.sgml b/en_US.ISO8859-1/books/handbook/disks/chapter.sgml index 58e0f7ab92..fd1ee59976 100644 --- a/en_US.ISO8859-1/books/handbook/disks/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/disks/chapter.sgml @@ -10,44 +10,62 @@ Synopsis - This chapter covers the use of disks in FreeBSD. This includes memory-backed disks, network-attached disks, standard SCSI/IDE storage devices, and devices using the USB interface. After reading this chapter, you will know: + - The terminology FreeBSD uses to describe the - organization of data on a physical disk (partitions and slices). + + The terminology FreeBSD uses to describe the + organization of data on a physical disk (partitions and + slices). - How to add additional hard disks to your system. + + + How to add additional hard disks to your system. + How to configure &os; to use USB storage devices. - How to set up virtual file systems, such as memory - disks. + + + How to set up virtual file systems, such as memory + disks. + + How to use quotas to limit disk space usage. + - How to encrypt disks to secure them against attackers. + How to encrypt disks to secure them against + attackers. + How to create and burn CDs and DVDs on FreeBSD. + - The various storage media options for backups. + The various storage media options for backups. + - How to use backup programs available under FreeBSD. + How to use backup programs available under + FreeBSD. + - How to backup to floppy disks. + How to backup to floppy disks. + - What file system snapshots are and how to use them efficiently. + What file system snapshots are and how to use them + efficiently. @@ -55,11 +73,10 @@ - Know how to configure and install a new FreeBSD kernel - (). + Know how to configure and install a new FreeBSD kernel + (). - @@ -79,45 +96,56 @@ Drive device name + IDE hard drives ad + IDE CDROM drives acd + - SCSI hard drives and USB Mass storage devices + SCSI hard drives and USB Mass storage + devices da + SCSI CDROM drives cd + Assorted non-standard CDROM drives mcd for Mitsumi CD-ROM and - scd for Sony CD-ROM devices - + scd for Sony CD-ROM devices + Floppy drives fd + SCSI tape drives sa - + + IDE tape drives ast + Flash drives - fla for &diskonchip; Flash device + fla for &diskonchip; Flash + device + RAID drives aacd for &adaptec; AdvancedRAID, @@ -152,19 +180,20 @@ The following section will describe how to add a new - SCSI disk to a machine that - currently only has a single drive. First turn off the computer - and install the drive in the computer following the instructions - of the computer, controller, and drive manufacturer. Due to the - wide variations of procedures to do this, the details are beyond - the scope of this document. + SCSI disk to a machine that currently only + has a single drive. First turn off the computer and install the + drive in the computer following the instructions of the + computer, controller, and drive manufacturer. Due to the wide + variations of procedures to do this, the details are beyond the + scope of this document. - Login as user root. After you have installed the - drive, inspect /var/run/dmesg.boot to ensure the new - disk was found. Continuing with our example, the newly added drive will - be da1 and we want to mount it on - /1 (if you are adding an IDE drive, the device name - will be ad1). + Login as user root. After you have + installed the drive, inspect + /var/run/dmesg.boot to ensure the new disk + was found. Continuing with our example, the newly added drive + will be da1 and we want to mount it on + /1 (if you are adding an IDE drive, the + device name will be ad1). partitions slices @@ -172,19 +201,20 @@ fdisk - FreeBSD runs on IBM-PC compatible computers, therefore it must - take into account the PC BIOS partitions. These are different - from the traditional BSD partitions. A PC disk has up to four - BIOS partition entries. If the disk is going to be truly - dedicated to FreeBSD, you can use the + FreeBSD runs on IBM-PC compatible computers, therefore it + must take into account the PC BIOS partitions. These are + different from the traditional BSD partitions. A PC disk has up + to four BIOS partition entries. If the disk is going to be + truly dedicated to FreeBSD, you can use the dedicated mode. Otherwise, FreeBSD will have to live within one of the PC BIOS partitions. FreeBSD calls the PC BIOS partitions slices so as not to confuse them with traditional BSD partitions. You may also use slices on a disk that is dedicated to FreeBSD, but used in a computer that also has another operating system installed. - This is a good way to avoid confusing the fdisk utility of - other, non-FreeBSD operating systems. + This is a good way to avoid confusing the + fdisk utility of other, non-FreeBSD operating + systems. In the slice case the drive will be added as /dev/da1s1e. This is read as: SCSI disk, @@ -193,50 +223,55 @@ case, the drive will be added simply as /dev/da1e. - Due to the use of 32-bit integers to store the number of sectors, - &man.bsdlabel.8; is - limited to 2^32-1 sectors per disk or 2TB in most cases. The - &man.fdisk.8; format allows a starting sector of no more than - 2^32-1 and a length of no more than 2^32-1, limiting partitions to - 2TB and disks to 4TB in most cases. The &man.sunlabel.8; format - is limited to 2^32-1 sectors per partition and 8 partitions for - a total of 16TB. For larger disks, &man.gpart.8; may be used to - create GPT partitions. GPT - has the added benefit of not being limited to 4 slices. + Due to the use of 32-bit integers to store the number of + sectors, &man.bsdlabel.8; is limited to 2^32-1 sectors per disk + or 2TB in most cases. The &man.fdisk.8; format allows a + starting sector of no more than 2^32-1 and a length of no more + than 2^32-1, limiting partitions to 2TB and disks to 4TB in most + cases. The &man.sunlabel.8; format is limited to 2^32-1 sectors + per partition and 8 partitions for a total of 16TB. For larger + disks, &man.gpart.8; may be used to create + GPT partitions. GPT has + the added benefit of not being limited to 4 slices. Using &man.sysinstall.8; - sysinstall - adding disks + sysinstall + adding disks su + - Navigating <application>Sysinstall</application> + Navigating + <application>Sysinstall</application> - You may use sysinstall to - partition and label a new disk using its easy to use menus. - Either login as user root or use the + You may use sysinstall to partition + and label a new disk using its easy to use menus. Either + login as user root or use the su command. Run sysinstall and enter the Configure menu. Within the - FreeBSD Configuration Menu, scroll down and - select the Fdisk option. + FreeBSD Configuration Menu, scroll down + and select the Fdisk option. - <application>fdisk</application> Partition Editor - Once inside fdisk, pressing A will - use the entire disk for FreeBSD. When asked if you want to - remain cooperative with any future possible operating - systems, answer YES. Write the - changes to the disk using W. Now exit the - FDISK editor by pressing Q. Next you will be - asked about the Master Boot Record. Since you are adding a - disk to an already running system, choose + <application>fdisk</application> Partition + Editor + + Once inside fdisk, pressing + A will use the entire disk for FreeBSD. + When asked if you want to remain cooperative with + any future possible operating systems, answer + YES. Write the changes to the disk + using W. Now exit the FDISK editor by + pressing Q. Next you will be asked about + the Master Boot Record. Since you are + adding a disk to an already running system, choose None. @@ -244,48 +279,51 @@ Disk Label Editor BSD partitions - Next, you need to exit sysinstall - and start it again. Follow the directions above, although this - time choose the Label option. This will - enter the Disk Label Editor. This - is where you will create the traditional BSD partitions. A - disk can have up to eight partitions, labeled - a-h. - A few of the partition labels have special uses. The - a partition is used for the root partition - (/). Thus only your system disk (e.g, - the disk you boot from) should have an a - partition. The b partition is used for - swap partitions, and you may have many disks with swap - partitions. The c partition addresses the - entire disk in dedicated mode, or the entire FreeBSD slice in - slice mode. The other partitions are for general use. + Next, you need to exit + sysinstall and start it again. + Follow the directions above, although this time choose the + Label option. This will enter the + Disk Label Editor. This is where you + will create the traditional BSD partitions. A disk can + have up to eight partitions, labeled + a-h. A few of the partition labels + have special uses. The a partition is + used for the root partition (/). + Thus only your system disk (e.g, the disk you boot from) + should have an a partition. The + b partition is used for swap + partitions, and you may have many disks with swap + partitions. The c partition addresses + the entire disk in dedicated mode, or the entire FreeBSD + slice in slice mode. The other partitions are for general + use. sysinstall's Label editor - favors the e - partition for non-root, non-swap partitions. Within the - Label editor, create a single file system by pressing - C. When prompted if this will be a FS - (file system) or swap, choose FS and type in a - mount point (e.g, /mnt). When adding a - disk in post-install mode, sysinstall - will not create entries - in /etc/fstab for you, so the mount point - you specify is not important. + favors the e partition for non-root, + non-swap partitions. Within the Label editor, create a + single file system by pressing C. When + prompted if this will be a FS (file system) or swap, + choose FS and type in a mount point + (e.g, /mnt). When adding a disk in + post-install mode, sysinstall + will not create entries in /etc/fstab + for you, so the mount point you specify is not + important. - You are now ready to write the new label to the disk and - create a file system on it. Do this by pressing + You are now ready to write the new label to the disk + and create a file system on it. Do this by pressing W. Ignore any errors from - sysinstall that - it could not mount the new partition. Exit the Label Editor - and sysinstall completely. + sysinstall that it could not + mount the new partition. Exit the Label Editor and + sysinstall completely. Finish - The last step is to edit /etc/fstab - to add an entry for your new disk. + The last step is to edit + /etc/fstab to add an entry for your + new disk. @@ -313,20 +351,21 @@ &prompt.root; mount /dev/da1s1e /1 # Mount the partition(s) &prompt.root; vi /etc/fstab # Add the appropriate entry/entries to your /etc/fstab. - If you have an IDE disk, substitute ad - for da. + If you have an IDE disk, substitute + ad for da. Dedicated OS/2 - If you will not be sharing the new drive with another operating - system, you may use the dedicated mode. Remember - this mode can confuse Microsoft operating systems; however, no damage - will be done by them. IBM's &os2; however, will - appropriate any partition it finds which it does not - understand. + If you will not be sharing the new drive with another + operating system, you may use the + dedicated mode. Remember this mode can + confuse Microsoft operating systems; however, no damage will + be done by them. IBM's &os2; however, will + appropriate any partition it finds which it + does not understand. &prompt.root; dd if=/dev/zero of=/dev/da1 bs=1k count=1 &prompt.root; bsdlabel -Bw da1 auto @@ -364,6 +403,7 @@ Original work by + Jim @@ -373,103 +413,102 @@ -RAIDsoftware - - RAIDCCD - + RAIDsoftware + RAIDCCD Concatenated Disk Driver (CCD) Configuration + When choosing a mass storage solution the most important factors to consider are speed, reliability, and cost. It is - rare to have all three in balance; normally a fast, reliable mass - storage device is expensive, and to cut back on cost either speed - or reliability must be sacrificed. + rare to have all three in balance; normally a fast, reliable + mass storage device is expensive, and to cut back on cost + either speed or reliability must be sacrificed. - In designing the system described below, cost was chosen - as the most important factor, followed by speed, then reliability. - Data transfer speed for this system is ultimately - constrained by the network. And while reliability is very important, - the CCD drive described below serves online data that is already - fully backed up on CD-R's and can easily be replaced. - - Defining your own requirements is the first step - in choosing a mass storage solution. If your requirements prefer - speed or reliability over cost, your solution will differ from - the system described in this section. + In designing the system described below, cost was + chosen as the most important factor, followed by speed, + then reliability. Data transfer speed for this system is + ultimately constrained by the network. And while + reliability is very important, the CCD drive described + below serves online data that is already fully backed up + on CD-R's and can easily be replaced. + Defining your own requirements is the first step in + choosing a mass storage solution. If your requirements + prefer speed or reliability over cost, your solution will + differ from the system described in this section. Installing the Hardware In addition to the IDE system disk, three Western - Digital 30GB, 5400 RPM IDE disks form the core - of the CCD disk described below providing approximately - 90GB of online storage. Ideally, - each IDE disk would have its own IDE controller - and cable, but to minimize cost, additional + Digital 30GB, 5400 RPM IDE disks form the core of the CCD + disk described below providing approximately 90GB of + online storage. Ideally, each IDE disk would have its own + IDE controller and cable, but to minimize cost, additional IDE controllers were not used. Instead the disks were configured with jumpers so that each IDE controller has - one master, and one slave. + one master, and one slave. Upon reboot, the system BIOS was configured to - automatically detect the disks attached. More importantly, - FreeBSD detected them on reboot: + automatically detect the disks attached. More + importantly, FreeBSD detected them on reboot: ad0: 19574MB <WDC WD205BA> [39770/16/63] at ata0-master UDMA33 ad1: 29333MB <WDC WD307AA> [59598/16/63] at ata0-slave UDMA33 ad2: 29333MB <WDC WD307AA> [59598/16/63] at ata1-master UDMA33 ad3: 29333MB <WDC WD307AA> [59598/16/63] at ata1-slave UDMA33 - If FreeBSD does not detect all the disks, ensure - that you have jumpered them correctly. Most IDE drives - also have a Cable Select jumper. This is - not the jumper for the master/slave - relationship. Consult the drive documentation for help in - identifying the correct jumper. + If FreeBSD does not detect all the disks, ensure + that you have jumpered them correctly. Most IDE drives + also have a Cable Select jumper. This is + not the jumper for the master/slave + relationship. Consult the drive documentation for help in + identifying the correct jumper. - Next, consider how to attach them as part of the file - system. You should research both &man.vinum.4; () and &man.ccd.4;. In this - particular configuration, &man.ccd.4; was chosen. + Next, consider how to attach them as part of the file + system. You should research both &man.vinum.4; () and &man.ccd.4;. In this + particular configuration, &man.ccd.4; was chosen. Setting Up the CCD - The &man.ccd.4; driver allows you to take - several identical disks and concatenate them into one - logical file system. In order to use - &man.ccd.4;, you need a kernel with - &man.ccd.4; support built in. - Add this line to your kernel configuration file, rebuild, and - reinstall the kernel: + The &man.ccd.4; driver allows you to take several + identical disks and concatenate them into one logical file + system. In order to use &man.ccd.4;, you need a kernel + with &man.ccd.4; support built in. Add this line to your + kernel configuration file, rebuild, and reinstall the + kernel: device ccd - The &man.ccd.4; support can also be - loaded as a kernel loadable module. + The &man.ccd.4; support can also be loaded as a kernel + loadable module. - To set up &man.ccd.4;, you must first use - &man.bsdlabel.8; to label the disks: + To set up &man.ccd.4;, you must first use + &man.bsdlabel.8; to label the disks: bsdlabel -w ad1 auto bsdlabel -w ad2 auto bsdlabel -w ad3 auto - This creates a bsdlabel for ad1c, ad2c and ad3c that - spans the entire disk. + This creates a bsdlabel for + ad1c, + ad2c and + ad3c that spans the entire + disk. - The next step is to change the disk label type. You - can use &man.bsdlabel.8; to edit the - disks: + The next step is to change the disk label type. You + can use &man.bsdlabel.8; to edit the disks: bsdlabel -e ad1 bsdlabel -e ad2 bsdlabel -e ad3 - This opens up the current disk label on each disk with - the editor specified by the EDITOR - environment variable, typically &man.vi.1;. + This opens up the current disk label on each disk with + the editor specified by the EDITOR + environment variable, typically &man.vi.1;. An unmodified disk label will look something like this: @@ -478,95 +517,94 @@ bsdlabel -e ad3 # size offset fstype [fsize bsize bps/cpg] c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597) - Add a new e partition for &man.ccd.4; to use. This - can usually be copied from the c partition, - but the must - be 4.2BSD. The disk label should - now look something like this: + Add a new e partition for + &man.ccd.4; to use. This can usually be copied from the + c partition, but the + must be + 4.2BSD. The disk label should now + look something like this: 8 partitions: # size offset fstype [fsize bsize bps/cpg] c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597) e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597) - Building the File System Now that you have all the disks labeled, you must - build the &man.ccd.4;. To do that, - use &man.ccdconfig.8;, with options similar to the following: + build the &man.ccd.4;. To do that, use &man.ccdconfig.8;, + with options similar to the following: - ccdconfig ccd0 32 0 /dev/ad1e /dev/ad2e /dev/ad3e + ccdconfig ccd0 32 0 /dev/ad1e /dev/ad2e /dev/ad3e - The use and meaning of each option is shown below: + The use and meaning of each option is shown + below: - - - The first argument is the device to configure, in this case, - /dev/ccd0c. The /dev/ - portion is optional. - + + + The first argument is the device to configure, in + this case, /dev/ccd0c. The + /dev/ portion is optional. + - + + The interleave for the file system. The + interleave defines the size of a stripe in disk + blocks, each normally 512 bytes. So, an interleave of + 32 would be 16,384 bytes. + - The interleave for the file system. The interleave - defines the size of a stripe in disk blocks, each normally 512 bytes. - So, an interleave of 32 would be 16,384 bytes. - + + Flags for &man.ccdconfig.8;. If you want to + enable drive mirroring, you can specify a flag here. + This configuration does not provide mirroring for + &man.ccd.4;, so it is set at 0 (zero). + - - Flags for &man.ccdconfig.8;. If you want to enable drive - mirroring, you can specify a flag here. This - configuration does not provide mirroring for - &man.ccd.4;, so it is set at 0 (zero). - + + The final arguments to &man.ccdconfig.8; are the + devices to place into the array. Use the complete + pathname for each device. + + - - The final arguments to &man.ccdconfig.8; - are the devices to place into the array. Use the complete pathname - for each device. - - - - - After running &man.ccdconfig.8; the &man.ccd.4; - is configured. A file system can be installed. Refer to &man.newfs.8; - for options, or simply run: + After running &man.ccdconfig.8; the &man.ccd.4; is + configured. A file system can be installed. Refer to + &man.newfs.8; for options, or simply run: newfs /dev/ccd0c - - Making it All Automatic - Generally, you will want to mount the - &man.ccd.4; upon each reboot. To do this, you must - configure it first. Write out your current configuration to - /etc/ccd.conf using the following command: + Generally, you will want to mount the &man.ccd.4; upon + each reboot. To do this, you must configure it first. + Write out your current configuration to + /etc/ccd.conf using the following + command: ccdconfig -g > /etc/ccd.conf During reboot, the script /etc/rc - runs ccdconfig -C if /etc/ccd.conf - exists. This automatically configures the - &man.ccd.4; so it can be mounted. + runs ccdconfig -C if + /etc/ccd.conf exists. This + automatically configures the &man.ccd.4; so it can be + mounted. - If you are booting into single user mode, before you can - &man.mount.8; the &man.ccd.4;, you - need to issue the following command to configure the - array: + + If you are booting into single user mode, before you + can &man.mount.8; the &man.ccd.4;, you need to issue the + following command to configure the array: - ccdconfig -C - + ccdconfig -C + - To automatically mount the &man.ccd.4;, - place an entry for the &man.ccd.4; in - /etc/fstab so it will be mounted at - boot time: + To automatically mount the &man.ccd.4;, place an entry + for the &man.ccd.4; in /etc/fstab so + it will be mounted at boot time: /dev/ccd0c /media ufs rw 2 2 @@ -575,11 +613,14 @@ bsdlabel -e ad3 The Vinum Volume Manager -RAIDsoftware - - RAID - Vinum - + + RAID + software + + + RAID + Vinum + The Vinum Volume Manager is a block device driver which implements virtual disk drives. It isolates disk hardware @@ -602,29 +643,33 @@ bsdlabel -e ad3 hardware - FreeBSD also supports a variety of hardware RAID - controllers. These devices control a RAID subsystem - without the need for FreeBSD specific software to manage the - array. + FreeBSD also supports a variety of hardware + RAID controllers. These devices control a + RAID subsystem without the need for FreeBSD + specific software to manage the array. - Using an on-card BIOS, the card controls most of the disk operations - itself. The following is a brief setup description using a Promise IDE RAID - controller. When this card is installed and the system is started up, it - displays a prompt requesting information. Follow the instructions - to enter the card's setup screen. From here, you have the ability to - combine all the attached drives. After doing so, the disk(s) will look like - a single drive to FreeBSD. Other RAID levels can be set up - accordingly. - + Using an on-card BIOS, the card + controls most of the disk operations itself. The following is + a brief setup description using a Promise + IDE RAID controller. + When this card is installed and the system is started up, it + displays a prompt requesting information. Follow the + instructions to enter the card's setup screen. From here, you + have the ability to combine all the attached drives. After + doing so, the disk(s) will look like a single drive to + FreeBSD. Other RAID levels can be set up + accordingly. Rebuilding ATA RAID1 Arrays - FreeBSD allows you to hot-replace a failed disk in an array. This requires - that you catch it before you reboot. + FreeBSD allows you to hot-replace a failed disk in an + array. This requires that you catch it before you + reboot. - You will probably see something like the following in /var/log/messages or in the &man.dmesg.8; + You will probably see something like the following in + /var/log/messages or in the &man.dmesg.8; output: ad6 on monster1 suffered a hard error. @@ -635,7 +680,8 @@ ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11) status=59 error=40 ar0: WARNING - mirror lost - Using &man.atacontrol.8;, check for further information: + Using &man.atacontrol.8;, check for further + information: &prompt.root; atacontrol list ATA channel 0: @@ -659,8 +705,8 @@ ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADED - You will first need to detach the ata channel with the failed - disk so you can safely remove it: + You will first need to detach the ata channel with the + failed disk so you can safely remove it: &prompt.root; atacontrol detach ata3 @@ -755,17 +801,17 @@ device umass to the USB storage devices, your USB device will be seen as a SCSI device by the system. Depending on the USB chipset on your motherboard, you only need either device - uhci or device ohci for USB 1.X support, however - having both in the kernel configuration file is harmless. - Support for USB 2.0 controllers is provided by the - &man.ehci.4; driver (the device ehci line). Do - not forget to compile and install the new kernel if you added - any lines. + uhci or device ohci for USB 1.X + support, however having both in the kernel configuration file + is harmless. Support for USB 2.0 controllers is provided by + the &man.ehci.4; driver (the device ehci + line). Do not forget to compile and install the new kernel if + you added any lines. - If your USB device is a CD-R or DVD burner, the SCSI CD-ROM - driver, &man.cd.4;, must be added to the kernel via the - line: + If your USB device is a CD-R or DVD burner, the SCSI + CD-ROM driver, &man.cd.4;, must be added to the kernel via + the line: device cd @@ -863,9 +909,9 @@ add path 'da*' mode 0660 group operator is for root to create a subdirectory owned by that user as /mnt/username - (replace username by the login name of - the actual user and usergroup by the - user's primary group): + (replace username by the login name + of the actual user and usergroup by + the user's primary group): &prompt.root; mkdir /mnt/username &prompt.root; chown username:usergroup /mnt/username @@ -892,10 +938,11 @@ umass0: detached Further Reading Beside the Adding - Disks and Mounting and + Disks and Mounting and Unmounting File Systems sections, reading various manual pages may be also useful: &man.umass.4;, - &man.camcontrol.8;, and &man.usbconfig.8; under &os;  8.X or &man.usbdevs.8; under earlier versions of &os;. + &man.camcontrol.8;, and &man.usbconfig.8; under &os;  8.X + or &man.usbdevs.8; under earlier versions of &os;. @@ -922,63 +969,69 @@ umass0: detached Introduction CDs have a number of features that differentiate them from - conventional disks. Initially, they were not writable by the - user. They are designed so that they can be read continuously without - delays to move the head between tracks. They are also much easier - to transport between systems than similarly sized media were at the - time. + conventional disks. Initially, they were not writable by the + user. They are designed so that they can be read continuously + without delays to move the head between tracks. They are also + much easier to transport between systems than similarly sized + media were at the time. - CDs do have tracks, but this refers to a section of data to - be read continuously and not a physical property of the disk. To - produce a CD on FreeBSD, you prepare the data files that are going - to make up the tracks on the CD, then write the tracks to the - CD. + CDs do have tracks, but this refers to a section of data + to be read continuously and not a physical property of the + disk. To produce a CD on FreeBSD, you prepare the data files + that are going to make up the tracks on the CD, then write the + tracks to the CD. ISO 9660 - file systems - ISO 9660 + file systems + ISO 9660 + The ISO 9660 file system was designed to deal with these - differences. It unfortunately codifies file system limits that were - common then. Fortunately, it provides an extension mechanism that - allows properly written CDs to exceed those limits while still - working with systems that do not support those extensions. + differences. It unfortunately codifies file system limits + that were common then. Fortunately, it provides an extension + mechanism that allows properly written CDs to exceed those + limits while still working with systems that do not support + those extensions. - sysutils/cdrtools + sysutils/cdrtools + The sysutils/cdrtools port includes &man.mkisofs.8;, a program that you can use to produce a data file containing an ISO 9660 file - system. It has options that support various extensions, and is - described below. + system. It has options that support various extensions, and + is described below. - CD burner - ATAPI + CD burner + ATAPI - Which tool to use to burn the CD depends on whether your CD burner - is ATAPI or something else. ATAPI CD burners use the burncd program that is part of - the base system. SCSI and USB CD burners should use - cdrecord from - the sysutils/cdrtools port. - It is also possible to use cdrecord and other tools - for SCSI drives on ATAPI hardware with the ATAPI/CAM module. + + Which tool to use to burn the CD depends on whether your + CD burner is ATAPI or something else. ATAPI CD burners use + the burncd + program that is part of the base system. SCSI and USB CD + burners should use + cdrecord + from the sysutils/cdrtools + port. It is also possible to use + cdrecord + and other tools for SCSI drives on ATAPI hardware with the + ATAPI/CAM module. If you want CD burning software with a graphical user interface, you may wish to take a look at either X-CD-Roast or K3b. These tools are available as - packages or from the sysutils/xcdroast and sysutils/k3b ports. + packages or from the + sysutils/xcdroast and + sysutils/k3b ports. X-CD-Roast and - K3b require the ATAPI/CAM module with ATAPI + K3b require the + ATAPI/CAM module with ATAPI hardware. @@ -987,131 +1040,140 @@ umass0: detached The &man.mkisofs.8; program, which is part of the sysutils/cdrtools port, - produces an ISO 9660 file system - that is an image of a directory tree in the &unix; file system name - space. The simplest usage is: + produces an ISO 9660 file system that is an image of a + directory tree in the &unix; file system name space. The + simplest usage is: &prompt.root; mkisofs -o imagefile.iso /path/to/tree - file systems - ISO 9660 + file systems + ISO 9660 - This command will create an imagefile.iso - containing an ISO 9660 file system that is a copy of the tree at - /path/to/tree. In the process, it will - map the file names to names that fit the limitations of the - standard ISO 9660 file system, and will exclude files that have - names uncharacteristic of ISO file systems. + + This command will create an + imagefile.iso containing an ISO + 9660 file system that is a copy of the tree at + /path/to/tree. In the process, it + will map the file names to names that fit the limitations of + the standard ISO 9660 file system, and will exclude files that + have names uncharacteristic of ISO file systems. - file systems - HFS + file systems + HFS - file systems - Joliet + file systems + Joliet A number of options are available to overcome those - restrictions. In particular, enables the - Rock Ridge extensions common to &unix; systems, - enables Joliet extensions used by Microsoft systems, and - can be used to create HFS file systems used - by &macos;. + restrictions. In particular, enables the + Rock Ridge extensions common to &unix; systems, + enables Joliet extensions used by + Microsoft systems, and can be used to + create HFS file systems used by &macos;. For CDs that are going to be used only on FreeBSD systems, can be used to disable all filename - restrictions. When used with , it produces a - file system image that is identical to the FreeBSD tree you started - from, though it may violate the ISO 9660 standard in a number of - ways. + restrictions. When used with , it produces + a file system image that is identical to the FreeBSD tree you + started from, though it may violate the ISO 9660 standard in a + number of ways. - CDROMs - creating bootable + CDROMs + creating bootable - The last option of general use is . This is - used to specify the location of the boot image for use in producing an - El Torito bootable CD. This option takes an - argument which is the path to a boot image from the top of the - tree being written to the CD. By default, &man.mkisofs.8; creates an - ISO image in the so-called floppy disk emulation mode, - and thus expects the boot image to be exactly 1200, 1440 or - 2880 KB in size. Some boot loaders, like the one used by the - FreeBSD distribution disks, do not use emulation mode; in this case, - the option should be used. So, if - /tmp/myboot holds a bootable FreeBSD system - with the boot image in - /tmp/myboot/boot/cdboot, you could produce the - image of an ISO 9660 file system in + The last option of general use is . + This is used to specify the location of the boot image for use + in producing an El Torito bootable CD. This + option takes an argument which is the path to a boot image + from the top of the tree being written to the CD. By default, + &man.mkisofs.8; creates an ISO image in the so-called + floppy disk emulation mode, and thus expects + the boot image to be exactly 1200, 1440 or 2880 KB in + size. Some boot loaders, like the one used by the FreeBSD + distribution disks, do not use emulation mode; in this case, + the option should be used. So, + if /tmp/myboot holds a bootable FreeBSD + system with the boot image in + /tmp/myboot/boot/cdboot, you could + produce the image of an ISO 9660 file system in /tmp/bootable.iso like so: &prompt.root; mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot Having done that, if you have md - configured in your kernel, you can mount the file system with: + configured in your kernel, you can mount the file system + with: &prompt.root; mdconfig -a -t vnode -f /tmp/bootable.iso -u 0 &prompt.root; mount -t cd9660 /dev/md0 /mnt - At which point you can verify that /mnt - and /tmp/myboot are identical. + At which point you can verify that + /mnt and /tmp/myboot + are identical. There are many other options you can use with &man.mkisofs.8; to fine-tune its behavior. In particular: modifications to an ISO 9660 layout and the creation of Joliet - and HFS discs. See the &man.mkisofs.8; manual page for details. + and HFS discs. See the &man.mkisofs.8; manual page for + details. burncd - CDROMs - burning + CDROMs + burning If you have an ATAPI CD burner, you can use the burncd command to burn an ISO image onto a - CD. burncd is part of the base system, installed - as /usr/sbin/burncd. Usage is very simple, as - it has few options: + CD. burncd is part of the base system, + installed as /usr/sbin/burncd. Usage is + very simple, as it has few options: &prompt.root; burncd -f cddevice data imagefile.iso fixate - Will burn a copy of imagefile.iso on - cddevice. The default device is - /dev/acd0. See &man.burncd.8; for options to - set the write speed, eject the CD after burning, and write audio - data. + Will burn a copy of + imagefile.iso on + cddevice. The default device is + /dev/acd0. See &man.burncd.8; for + options to set the write speed, eject the CD after burning, + and write audio data. cdrecord - If you do not have an ATAPI CD burner, you will have to use - cdrecord to burn your - CDs. cdrecord is not part of the base system; - you must install it from either the port at sysutils/cdrtools - or the appropriate - package. Changes to the base system can cause binary versions of - this program to fail, possibly resulting in a - coaster. You should therefore either upgrade the - port when you upgrade your system, or if you are tracking -STABLE, upgrade the port when a - new version becomes available. + If you do not have an ATAPI CD burner, you will have to + use cdrecord to burn your CDs. + cdrecord is not part of the base system; + you must install it from either the port at + sysutils/cdrtools or the + appropriate package. Changes to the base system can cause + binary versions of this program to fail, possibly resulting in + a coaster. You should therefore either upgrade + the port when you upgrade your system, or if you are + tracking -STABLE, upgrade the + port when a new version becomes available. - While cdrecord has many options, basic usage - is even simpler than burncd. Burning an ISO 9660 - image is done with: + While cdrecord has many options, basic + usage is even simpler than burncd. Burning + an ISO 9660 image is done with: &prompt.root; cdrecord dev=device imagefile.iso - The tricky part of using cdrecord is finding - the to use. To find the proper setting, use - the flag of cdrecord, - which might produce results like this: + The tricky part of using cdrecord is + finding the to use. To find the proper + setting, use the flag of + cdrecord, which might produce results like + this: + - CDROMs - burning + CDROMs + burning &prompt.root; cdrecord -scanbus Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 Jörg Schilling @@ -1135,30 +1197,31 @@ scsibus1: 1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner 1,7,0 107) * - This lists the appropriate value for the - devices on the list. Locate your CD burner, and use the three - numbers separated by commas as the value for - . In this case, the CRW device is 1,5,0, so the - appropriate input would be - . There are easier - ways to specify this value; see &man.cdrecord.1; for - details. That is also the place to look for information on writing - audio tracks, controlling the speed, and other things. + This lists the appropriate value for + the devices on the list. Locate your CD burner, and use the + three numbers separated by commas as the value for + . In this case, the CRW device is 1,5,0, + so the appropriate input would be . + There are easier ways to specify this value; see + &man.cdrecord.1; for details. That is also the place to look + for information on writing audio tracks, controlling the + speed, and other things. Duplicating Audio CDs - You can duplicate an audio CD by extracting the audio data from - the CD to a series of files, and then writing these files to a blank - CD. The process is slightly different for ATAPI and SCSI - drives. + You can duplicate an audio CD by extracting the audio data + from the CD to a series of files, and then writing these files + to a blank CD. The process is slightly different for ATAPI + and SCSI drives. SCSI Drives - Use cdda2wav to extract the audio. + Use cdda2wav to extract the + audio. &prompt.user; cdda2wav -vall -D2,0 -B -Owav @@ -1170,7 +1233,8 @@ scsibus1: &prompt.user; cdrecord -v dev=2,0 -dao -useinfo *.wav Make sure that 2,0 is set - appropriately, as described in . + appropriately, as described in + . @@ -1178,8 +1242,8 @@ scsibus1: ATAPI Drives - With the help of the ATAPI/CAM module, + With the help of the + ATAPI/CAM module, cdda2wav can also be used on ATAPI drives. This tool is usually a better choice for most of users (jitter correction, endianness issues, etc.) than @@ -1189,10 +1253,10 @@ scsibus1: The ATAPI CD driver makes each track available as /dev/acddtnn, - where d is the drive number, and - nn is the track number written with two - decimal digits, prefixed with zero as needed. - So the first track on the first disk is + where d is the drive number, + and nn is the track number + written with two decimal digits, prefixed with zero as + needed. So the first track on the first disk is /dev/acd0t01, the second is /dev/acd0t02, the third is /dev/acd0t03, and so on. @@ -1205,8 +1269,9 @@ scsibus1: - Extract each track using &man.dd.1;. You must also use a - specific block size when extracting the files. + Extract each track using &man.dd.1;. You must also + use a specific block size when extracting the + files. &prompt.root; dd if=/dev/acd0t01 of=track1.cdr bs=2352 &prompt.root; dd if=/dev/acd0t02 of=track2.cdr bs=2352 @@ -1216,9 +1281,9 @@ scsibus1: Burn the extracted files to disk using - burncd. You must specify that these are audio - files, and that burncd should fixate the disk - when finished. + burncd. You must specify that these + are audio files, and that burncd should + fixate the disk when finished. &prompt.root; burncd -f /dev/acd0 audio track1.cdr track2.cdr ... fixate @@ -1230,10 +1295,10 @@ scsibus1: You can copy a data CD to a image file that is functionally equivalent to the image file created with - &man.mkisofs.8;, and you can use it to duplicate - any data CD. The example given here assumes that your CDROM - device is acd0. Substitute your - correct CDROM device. + &man.mkisofs.8;, and you can use it to duplicate any data CD. + The example given here assumes that your CDROM device is + acd0. Substitute your correct CDROM + device. &prompt.root; dd if=/dev/acd0 of=file.iso bs=2048 @@ -1252,26 +1317,25 @@ scsibus1: &prompt.root; mount /dev/cd0 /mnt you will get a complaint about Incorrect super - block, and no mount. The CDROM is not a - UFS file system, so attempts to mount it - as such will fail. You just need to tell &man.mount.8; that - the file system is of type ISO9660, and - everything will work. You do this by specifying the - option &man.mount.8;. For - example, if you want to mount the CDROM device, - /dev/cd0, under - /mnt, you would execute: + block, and no mount. The CDROM is not a + UFS file system, so attempts to mount it as + such will fail. You just need to tell &man.mount.8; that the + file system is of type ISO9660, and + everything will work. You do this by specifying the + option &man.mount.8;. For example, + if you want to mount the CDROM device, + /dev/cd0, under + /mnt, you would execute: - &prompt.root; mount -t cd9660 /dev/cd0 /mnt + &prompt.root; mount -t cd9660 /dev/cd0 /mnt - Note that your device name - (/dev/cd0 in this example) could be - different, depending on the interface your CDROM uses. Also, - the option just executes - &man.mount.cd9660.8;. The above example could be shortened - to: + Note that your device name (/dev/cd0 + in this example) could be different, depending on the + interface your CDROM uses. Also, the option just executes &man.mount.cd9660.8;. + The above example could be shortened to: -&prompt.root; mount_cd9660 /dev/cd0 /mnt + &prompt.root; mount_cd9660 /dev/cd0 /mnt You can generally use data CDROMs from any vendor in this way. Disks with certain ISO 9660 extensions might behave @@ -1283,7 +1347,7 @@ scsibus1: charset you use with the option. For more information, consult the &man.mount.cd9660.8; manual page. - + To be able to do this character conversion with the help of the option, the kernel will require @@ -1293,12 +1357,12 @@ scsibus1: cd9660_iconv_load="YES" - and then rebooting the machine, or by directly loading the - module with &man.kldload.8;. + and then rebooting the machine, or by directly loading + the module with &man.kldload.8;. Occasionally, you might get Device not - configured when trying to mount a CDROM. This + configured when trying to mount a CDROM. This usually means that the CDROM drive thinks that there is no disk in the tray, or that the drive is not visible on the bus. It can take a couple of seconds for a CDROM drive to realize @@ -1307,7 +1371,9 @@ scsibus1: Sometimes, a SCSI CDROM may be missed because it did not have enough time to answer the bus reset. If you have a SCSI CDROM please add the following option to your kernel - configuration and rebuild your kernel. + configuration and rebuild your + kernel. options SCSI_DELAY=15000 @@ -1327,15 +1393,15 @@ scsibus1: &prompt.root; burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate In order to retrieve the data burned to such a CD, you - must read data from the raw device node: + must read data from the raw device node: &prompt.root; tar xzvf /dev/acd1 You cannot mount this disk as you would a normal CDROM. - Such a CDROM cannot be read under any operating system - except FreeBSD. If you want to be able to mount the CD, or - share data with another operating system, you must use - &man.mkisofs.8; as described above. + Such a CDROM cannot be read under any operating system + except FreeBSD. If you want to be able to mount the CD, or + share data with another operating system, you must use + &man.mkisofs.8; as described above. @@ -1374,12 +1440,12 @@ scsibus1: support in your kernel, you will have to add this line to your kernel configuration file: - device atapicam + device atapicam - You also need the following lines in your kernel - configuration file: + You also need the following lines in your kernel + configuration file: - device ata + device ata device scbus device cd device pass @@ -1458,14 +1524,14 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c DVD-R: This was the first DVD recordable format - available. The DVD-R standard is defined by the DVD Forum. - This format is write once. + available. The DVD-R standard is defined by the + DVD + Forum. This format is write once. - DVD-RW: This is the rewritable version of - the DVD-R standard. A DVD-RW can be rewritten about 1000 + DVD-RW: This is the rewritable version of the + DVD-R standard. A DVD-RW can be rewritten about 1000 times. @@ -1497,13 +1563,15 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c 4485 MB (1 kilobyte is 1024 bytes). - A distinction must be made between the physical media and - the application. For example, a DVD-Video is a specific + A distinction must be made between the physical media + and the application. For example, a DVD-Video is a specific file layout that can be written on any recordable DVD physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing - the type of media, you must be sure that both the burner and the - DVD-Video player (a standalone player or a DVD-ROM drive on - a computer) are compatible with the media under consideration. + the type of media, you must be sure that both the burner and + the DVD-Video player (a standalone player or a DVD-ROM drive + on a computer) are compatible with the media under + consideration. + @@ -1519,9 +1587,9 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c These tools use the SCSI subsystem to access to the devices, therefore the ATAPI/CAM support must be added to your kernel. If your burner - uses the USB interface this addition is useless, and you should - read the for more details on USB - devices configuration. + uses the USB interface this addition is useless, and you + should read the for more details on + USB devices configuration. You also have to enable DMA access for ATAPI devices, this can be done in adding the following line to the @@ -1532,8 +1600,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Before attempting to use the dvd+rw-tools you should consult the dvd+rw-tools' - hardware compatibility notes for any information + url="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">dvd+rw-tools' + hardware compatibility notes for any information related to your DVD burner. @@ -1549,14 +1617,14 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Burning Data DVDs The &man.growisofs.1; command is a frontend to mkisofs, it will invoke + linkend="mkisofs">mkisofs, it will invoke &man.mkisofs.8; to create the file system layout and will perform the write on the DVD. This means you do not need to create an image of the data before the burning process. - To burn onto a DVD+R or a DVD-R the data from the /path/to/data directory, use the - following command: + To burn onto a DVD+R or a DVD-R the data from the + /path/to/data + directory, use the following command: &prompt.root; growisofs -dvd-compat -Z /dev/cd0 -J -R /path/to/data @@ -1571,8 +1639,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c DVD device, /dev/cd0, must be changed according to your configuration. The parameter will close the disk, - the recording will be unappendable. In return this should provide better - media compatibility with DVD-ROM drives. + the recording will be unappendable. In return this should + provide better media compatibility with DVD-ROM drives. It is also possible to burn a pre-mastered image, for example to burn the image @@ -1644,11 +1712,11 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c &prompt.root; growisofs -Z /dev/cd0 -dvd-video /path/to/video - The option will be passed down to - &man.mkisofs.8; and will instruct it to create a DVD-Video file system - layout. Beside this, the option - implies &man.growisofs.1; - option. + The option will be passed down + to &man.mkisofs.8; and will instruct it to create a DVD-Video + file system layout. Beside this, the + option implies + &man.growisofs.1; option. @@ -1781,8 +1849,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Multisession Very few DVD-ROM drives support - multisession DVDs, they will most of time, hopefully, only read - the first session. DVD+R, DVD-R and DVD-RW in sequential + multisession DVDs, they will most of time, hopefully, only + read the first session. DVD+R, DVD-R and DVD-RW in sequential format can accept multiple sessions, the notion of multiple sessions does not exist for the DVD+RW and the DVD-RW restricted overwrite formats. @@ -1793,11 +1861,11 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c &prompt.root; growisofs -M /dev/cd0 -J -R /path/to/nextdata - Using this command line with a DVD+RW or a DVD-RW in restricted - overwrite mode, will append data in merging the new session to - the existing one. The result will be a single-session disc. - This is the way used to add data after an initial write on these - medias. + Using this command line with a DVD+RW or a DVD-RW in + restricted overwrite mode, will append data in merging the new + session to the existing one. The result will be a + single-session disc. This is the way used to add data after + an initial write on these medias. Some space on the media is used between each session for @@ -1822,8 +1890,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c the &man.growisofs.1; manual page, on the dvd+rw-tools web site and in the cdwrite mailing - list archives. + url="http://lists.debian.org/cdwrite/">cdwrite mailing + list archives. The dvd+rw-mediainfo output of the @@ -1857,8 +1925,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c As previously mentioned in the chapter introduction, a DVD-RAM can be seen as a removable hard drive. As any other hard drive the DVD-RAM must be prepared - before the first use. In the example, the whole - disk space will be used with a standard UFS2 file system: + before the first use. In the example, the whole disk space + will be used with a standard UFS2 file system: &prompt.root; dd if=/dev/zero of=/dev/acd0 bs=2k count=1 &prompt.root; bsdlabel -Bw acd0 @@ -1876,7 +1944,8 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c &prompt.root; mount /dev/acd0 /mnt - After this the DVD-RAM will be both readable and writeable. + After this the DVD-RAM will be both readable and + writeable. @@ -1935,11 +2004,11 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c 1440kB is what most floppy disks are designed for. To low-level format the floppy disk you need to use - &man.fdformat.1;. This utility expects the device name as an - argument. + &man.fdformat.1;. This utility expects the device name as + an argument. - Make note of any error messages, as these can help - determine if the disk is good or bad. + Make note of any error messages, as these can help + determine if the disk is good or bad. Formatting Floppy Disks @@ -1950,7 +2019,6 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c disk in your drive and issue: &prompt.root; /usr/sbin/fdformat -f 1440 /dev/fd0 - @@ -1971,20 +2039,20 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c You can run now &man.bsdlabel.8; like so: &prompt.root; /sbin/bsdlabel -B -w /dev/fd0 fd1440 - The File System Now the floppy is ready to be high-level formated. This - will place a new file system on it, which will let FreeBSD read - and write to the disk. After creating the new file system, the - disk label is destroyed, so if you want to reformat the disk, you - will have to recreate the disk label. + will place a new file system on it, which will let FreeBSD + read and write to the disk. After creating the new file + system, the disk label is destroyed, so if you want to + reformat the disk, you will have to recreate the disk + label. The floppy's file system can be either UFS or FAT. - FAT is generally a better choice for floppies. + FAT is generally a better choice for floppies. To put a new file system on the floppy, issue: @@ -1993,13 +2061,13 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c The disk is now ready for use. - Using the Floppy - To use the floppy, mount it with &man.mount.msdosfs.8;. One can also use - emulators/mtools from the ports - collection. + To use the floppy, mount it with &man.mount.msdosfs.8;. + One can also use + emulators/mtools from the + ports collection. @@ -2007,191 +2075,212 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c Creating and Using Data Tapes tape media - The major tape media are the 4mm, 8mm, QIC, mini-cartridge and - DLT. + + The major tape media are the 4mm, 8mm, QIC, mini-cartridge + and DLT. 4mm (DDS: Digital Data Storage) - tape media + tape media DDS (4mm) tapes - tape media + tape media QIC tapes - 4mm tapes are replacing QIC as the workstation backup media of - choice. This trend accelerated greatly when Conner purchased Archive, - a leading manufacturer of QIC drives, and then stopped production of - QIC drives. 4mm drives are small and quiet but do not have the - reputation for reliability that is enjoyed by 8mm drives. The - cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51 - x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short - head life for the same reason, both use helical scan. + 4mm tapes are replacing QIC as the workstation backup + media of choice. This trend accelerated greatly when Conner + purchased Archive, a leading manufacturer of QIC drives, and + then stopped production of QIC drives. 4mm drives are small + and quiet but do not have the reputation for reliability that + is enjoyed by 8mm drives. The cartridges are less expensive + and smaller (3 x 2 x 0.5 inches, 76 x 51 x 12 mm) than 8mm + cartridges. 4mm, like 8mm, has comparatively short head life + for the same reason, both use helical scan. - Data throughput on these drives starts ~150 kB/s, peaking at ~500 kB/s. - Data capacity starts at 1.3 GB and ends at 2.0 GB. Hardware - compression, available with most of these drives, approximately - doubles the capacity. Multi-drive tape library units can have 6 - drives in a single cabinet with automatic tape changing. Library + Data throughput on these drives starts ~150 kB/s, + peaking at ~500 kB/s. Data capacity starts at + 1.3 GB and ends at 2.0 GB. Hardware compression, + available with most of these drives, approximately doubles the + capacity. Multi-drive tape library units can have 6 drives in + a single cabinet with automatic tape changing. Library capacities reach 240 GB. - The DDS-3 standard now supports tape capacities up to 12 GB (or - 24 GB compressed). + The DDS-3 standard now supports tape capacities up to + 12 GB (or 24 GB compressed). - 4mm drives, like 8mm drives, use helical-scan. All the benefits - and drawbacks of helical-scan apply to both 4mm and 8mm drives. + 4mm drives, like 8mm drives, use helical-scan. All the + benefits and drawbacks of helical-scan apply to both 4mm and + 8mm drives. - Tapes should be retired from use after 2,000 passes or 100 full - backups. + Tapes should be retired from use after 2,000 passes or 100 + full backups. 8mm (Exabyte) - tape media + tape media Exabyte (8mm) tapes - 8mm tapes are the most common SCSI tape drives; they are the best - choice of exchanging tapes. Nearly every site has an Exabyte 2 GB 8mm - tape drive. 8mm drives are reliable, convenient and quiet. Cartridges - are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm). - One downside of 8mm tape is relatively short head and tape life due to - the high rate of relative motion of the tape across the heads. + 8mm tapes are the most common SCSI tape drives; they are + the best choice of exchanging tapes. Nearly every site has an + Exabyte 2 GB 8mm tape drive. 8mm drives are reliable, + convenient and quiet. Cartridges are inexpensive and small + (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm). One downside of + 8mm tape is relatively short head and tape life due to the + high rate of relative motion of the tape across the + heads. - Data throughput ranges from ~250 kB/s to ~500 kB/s. Data sizes start - at 300 MB and go up to 7 GB. Hardware compression, available with - most of these drives, approximately doubles the capacity. These - drives are available as single units or multi-drive tape libraries - with 6 drives and 120 tapes in a single cabinet. Tapes are changed - automatically by the unit. Library capacities reach 840+ GB. + Data throughput ranges from ~250 kB/s to + ~500 kB/s. Data sizes start at 300 MB and go up to + 7 GB. Hardware compression, available with most of these + drives, approximately doubles the capacity. These drives are + available as single units or multi-drive tape libraries with 6 + drives and 120 tapes in a single cabinet. Tapes are changed + automatically by the unit. Library capacities reach + 840+ GB. - The Exabyte Mammoth model supports 12 GB on one tape - (24 GB with compression) and costs approximately twice as much as - conventional tape drives. + The Exabyte Mammoth model supports + 12 GB on one tape (24 GB with compression) and costs + approximately twice as much as conventional tape + drives. - Data is recorded onto the tape using helical-scan, the heads are - positioned at an angle to the media (approximately 6 degrees). The - tape wraps around 270 degrees of the spool that holds the heads. The - spool spins while the tape slides over the spool. The result is a - high density of data and closely packed tracks that angle across the - tape from one edge to the other. + Data is recorded onto the tape using helical-scan, the + heads are positioned at an angle to the media (approximately 6 + degrees). The tape wraps around 270 degrees of the spool that + holds the heads. The spool spins while the tape slides over + the spool. The result is a high density of data and closely + packed tracks that angle across the tape from one edge to the + other. QIC + - tape media + tape media QIC-150 - QIC-150 tapes and drives are, perhaps, the most common tape drive - and media around. QIC tape drives are the least expensive serious - backup drives. The downside is the cost of media. QIC tapes are - expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB - data storage. But, if your needs can be satisfied with a half-dozen - tapes, QIC may be the correct choice. QIC is the - most common tape drive. Every site has a QIC - drive of some density or another. Therein lies the rub, QIC has a - large number of densities on physically similar (sometimes identical) - tapes. QIC drives are not quiet. These drives audibly seek before - they begin to record data and are clearly audible whenever reading, - writing or seeking. QIC tapes measure 6 x 4 x 0.7 inches - (152 x 102 x 17 mm). + QIC-150 tapes and drives are, perhaps, the most common + tape drive and media around. QIC tape drives are the least + expensive serious backup drives. The downside + is the cost of media. QIC tapes are expensive compared to 8mm + or 4mm tapes, up to 5 times the price per GB data storage. + But, if your needs can be satisfied with a half-dozen tapes, + QIC may be the correct choice. QIC is the + most common tape drive. Every site has a + QIC drive of some density or another. Therein lies the rub, + QIC has a large number of densities on physically similar + (sometimes identical) tapes. QIC drives are not quiet. These + drives audibly seek before they begin to record data and are + clearly audible whenever reading, writing or seeking. QIC + tapes measure 6 x 4 x 0.7 inches (152 x + 102 x 17 mm). - Data throughput ranges from ~150 kB/s to ~500 kB/s. Data capacity - ranges from 40 MB to 15 GB. Hardware compression is available on many - of the newer QIC drives. QIC drives are less frequently installed; + Data throughput ranges from ~150 kB/s to + ~500 kB/s. Data capacity ranges from 40 MB to + 15 GB. Hardware compression is available on many of the + newer QIC drives. QIC drives are less frequently installed; they are being supplanted by DAT drives. - Data is recorded onto the tape in tracks. The tracks run along - the long axis of the tape media from one end to the other. The number - of tracks, and therefore the width of a track, varies with the tape's - capacity. Most if not all newer drives provide backward-compatibility - at least for reading (but often also for writing). QIC has a good - reputation regarding the safety of the data (the mechanics are simpler + Data is recorded onto the tape in tracks. The tracks run + along the long axis of the tape media from one end to the + other. The number of tracks, and therefore the width of a + track, varies with the tape's capacity. Most if not all newer + drives provide backward-compatibility at least for reading + (but often also for writing). QIC has a good reputation + regarding the safety of the data (the mechanics are simpler and more robust than for helical scan drives). - Tapes should be retired from use after 5,000 backups. + Tapes should be retired from use after 5,000 + backups. DLT - tape media + tape media DLT - DLT has the fastest data transfer rate of all the drive types - listed here. The 1/2" (12.5mm) tape is contained in a single spool - cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a - swinging gate along one entire side of the cartridge. The drive - mechanism opens this gate to extract the tape leader. The tape leader - has an oval hole in it which the drive uses to hook the tape. The - take-up spool is located inside the tape drive. All the other tape - cartridges listed here (9 track tapes are the only exception) have - both the supply and take-up spools located inside the tape cartridge - itself. + DLT has the fastest data transfer rate of all the drive + types listed here. The 1/2" (12.5mm) tape is contained in a + single spool cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). + The cartridge has a swinging gate along one entire side of the + cartridge. The drive mechanism opens this gate to extract the + tape leader. The tape leader has an oval hole in it which the + drive uses to hook the tape. The take-up spool + is located inside the tape drive. All the other tape + cartridges listed here (9 track tapes are the only exception) + have both the supply and take-up spools located inside the + tape cartridge itself. - Data throughput is approximately 1.5 MB/s, three times the throughput of - 4mm, 8mm, or QIC tape drives. Data capacities range from 10 GB to 20 GB - for a single drive. Drives are available in both multi-tape changers - and multi-tape, multi-drive tape libraries containing from 5 to 900 - tapes over 1 to 20 drives, providing from 50 GB to 9 TB of - storage. + Data throughput is approximately 1.5 MB/s, three + times the throughput of 4mm, 8mm, or QIC tape drives. Data + capacities range from 10 GB to 20 GB for a single + drive. Drives are available in both multi-tape changers and + multi-tape, multi-drive tape libraries containing from 5 to + 900 tapes over 1 to 20 drives, providing from 50 GB to + 9 TB of storage. - With compression, DLT Type IV format supports up to 70 GB - capacity. + With compression, DLT Type IV format supports up to + 70 GB capacity. - Data is recorded onto the tape in tracks parallel to the direction - of travel (just like QIC tapes). Two tracks are written at once. - Read/write head lifetimes are relatively long; once the tape stops - moving, there is no relative motion between the heads and the - tape. + Data is recorded onto the tape in tracks parallel to the + direction of travel (just like QIC tapes). Two tracks are + written at once. Read/write head lifetimes are relatively + long; once the tape stops moving, there is no relative motion + between the heads and the tape. AIT - tape media + tape media AIT - AIT is a new format from Sony, and can hold up to 50 GB (with - compression) per tape. The tapes contain memory chips which retain an - index of the tape's contents. This index can be rapidly read by the - tape drive to determine the position of files on the tape, instead of - the several minutes that would be required for other tapes. Software - such as SAMS:Alexandria can operate forty or more AIT tape libraries, - communicating directly with the tape's memory chip to display the - contents on screen, determine what files were backed up to which - tape, locate the correct tape, load it, and restore the data from the + AIT is a new format from Sony, and can hold up to + 50 GB (with compression) per tape. The tapes contain + memory chips which retain an index of the tape's contents. + This index can be rapidly read by the tape drive to determine + the position of files on the tape, instead of the several + minutes that would be required for other tapes. Software such + as SAMS:Alexandria can operate + forty or more AIT tape libraries, communicating directly with + the tape's memory chip to display the contents on screen, + determine what files were backed up to which tape, locate the + correct tape, load it, and restore the data from the tape. - Libraries like this cost in the region of $20,000, pricing them a - little out of the hobbyist market. + Libraries like this cost in the region of $20,000, pricing + them a little out of the hobbyist market. Using a New Tape for the First Time - The first time that you try to read or write a new, completely - blank tape, the operation will fail. The console messages should be - similar to: + The first time that you try to read or write a new, + completely blank tape, the operation will fail. The console + messages should be similar to: sa0(ncr1:4:0): NOT READY asc:4,1 sa0(ncr1:4:0): Logical unit is in process of becoming ready - The tape does not contain an Identifier Block (block number 0). - All QIC tape drives since the adoption of QIC-525 standard write an - Identifier Block to the tape. There are two solutions: + The tape does not contain an Identifier Block (block + number 0). All QIC tape drives since the adoption of QIC-525 + standard write an Identifier Block to the tape. There are two + solutions: - mt fsf 1 causes the tape drive to write an - Identifier Block to the tape. + mt fsf 1 causes the tape drive to + write an Identifier Block to the tape. @@ -2200,16 +2289,17 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready Re-insert the tape and dump data to the tape. - dump will report DUMP: End of tape - detected and the console will show: HARDWARE - FAILURE info:280 asc:80,96. + dump will report + DUMP: End of tape detected and the + console will show: HARDWARE FAILURE info:280 + asc:80,96. - rewind the tape using: mt rewind. + rewind the tape using: + mt rewind. Subsequent tape operations are successful. - @@ -2222,12 +2312,12 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready floppy disks Floppy disks are not really a suitable media for - making backups as: + making backups as: - The media is unreliable, especially over long periods of - time. + The media is unreliable, especially over long periods + of time. @@ -2235,19 +2325,20 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready - They have a very limited capacity (the days of backing up - an entire hard disk onto a dozen or so floppies has long since - passed). + They have a very limited capacity (the days of backing + up an entire hard disk onto a dozen or so floppies has + long since passed). - However, if you have no other method of backing up your data then - floppy disks are better than no backup at all. + However, if you have no other method of backing up your + data then floppy disks are better than no backup at + all. - If you do have to use floppy disks then ensure that you use good - quality ones. Floppies that have been lying around the office for a - couple of years are a bad choice. Ideally use new ones from a - reputable manufacturer. + If you do have to use floppy disks then ensure that you + use good quality ones. Floppies that have been lying around + the office for a couple of years are a bad choice. Ideally + use new ones from a reputable manufacturer. @@ -2258,36 +2349,37 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready volume) option, which allows backups to span multiple floppies. - To backup all the files in the current directory and sub-directory - use this (as root): + To backup all the files in the current directory and + sub-directory use this (as root): &prompt.root; tar Mcvf /dev/fd0 * - When the first floppy is full &man.tar.1; will prompt you to - insert the next volume (because &man.tar.1; is media independent it - refers to volumes; in this context it means floppy disk). + When the first floppy is full &man.tar.1; will prompt you + to insert the next volume (because &man.tar.1; is media + independent it refers to volumes; in this context it means + floppy disk). Prepare volume #2 for /dev/fd0 and hit return: - This is repeated (with the volume number incrementing) until all - the specified files have been archived. + This is repeated (with the volume number incrementing) + until all the specified files have been archived. Can I Compress My Backups? - tar + tar - gzip + gzip compression Unfortunately, &man.tar.1; will not allow the - option to be used for multi-volume archives. - You could, of course, &man.gzip.1; all the files, - &man.tar.1; them to the floppies, then - &man.gunzip.1; the files again! + option to be used for multi-volume + archives. You could, of course, &man.gzip.1; all the files, + &man.tar.1; them to the floppies, then &man.gunzip.1; the + files again! @@ -2303,14 +2395,15 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready &prompt.root; tar Mxvf /dev/fd0 filename - The utility &man.tar.1; will prompt you to insert subsequent floppies until it - finds the required file. + The utility &man.tar.1; will prompt you to insert + subsequent floppies until it finds the required file. - Alternatively, if you know which floppy the file is on then you - can simply insert that floppy and use the same command as above. Note - that if the first file on the floppy is a continuation from the - previous one then &man.tar.1; will warn you that it cannot - restore it, even if you have not asked it to! + Alternatively, if you know which floppy the file is on + then you can simply insert that floppy and use the same + command as above. Note that if the first file on the floppy + is a continuation from the previous one then &man.tar.1; will + warn you that it cannot restore it, even if you have not asked + it to! @@ -2328,195 +2421,208 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready Backup Strategies - The first requirement in devising a backup plan is to make sure that - all of the following problems are covered: + The first requirement in devising a backup plan is to make + sure that all of the following problems are covered: Disk failure + Accidental file deletion + Random file corruption + - Complete machine destruction (e.g. fire), including destruction - of any on-site backups. + Complete machine destruction (e.g. fire), including + destruction of any on-site backups. - It is perfectly possible that some systems will be best served by - having each of these problems covered by a completely different - technique. Except for strictly personal systems with very low-value - data, it is unlikely that one technique would cover all of them. + It is perfectly possible that some systems will be best + served by having each of these problems covered by a completely + different technique. Except for strictly personal systems with + very low-value data, it is unlikely that one technique would + cover all of them. Some of the techniques in the toolbox are: - Archives of the whole system, backed up onto permanent media - offsite. This actually provides protection against all of the - possible problems listed above, but is slow and inconvenient to - restore from. You can keep copies of the backups onsite and/or - online, but there will still be inconveniences in restoring files, - especially for non-privileged users. + Archives of the whole system, backed up onto permanent + media offsite. This actually provides protection against + all of the possible problems listed above, but is slow and + inconvenient to restore from. You can keep copies of the + backups onsite and/or online, but there will still be + inconveniences in restoring files, especially for + non-privileged users. - Filesystem snapshots. This is really only helpful in the - accidental file deletion scenario, but it can be - very helpful in that case, and is quick and - easy to deal with. + Filesystem snapshots. This is really only helpful in + the accidental file deletion scenario, but it can be + very helpful in that case, and is quick + and easy to deal with. - Copies of whole filesystems and/or disks (e.g. periodic &man.rsync.1; of - the whole machine). This is generally most useful in networks with - unique requirements. For general protection against disk failure, - it is usually inferior to RAID. For restoring - accidentally deleted files, it can be comparable to - UFS snapshots, but that depends on your - preferences. + Copies of whole filesystems and/or disks (e.g. periodic + &man.rsync.1; of the whole machine). This is generally most + useful in networks with unique requirements. For general + protection against disk failure, it is usually inferior to + RAID. For restoring accidentally deleted + files, it can be comparable to UFS + snapshots, but that depends on your preferences. - RAID. Minimizes or avoids downtime when a - disk fails. At the expense of having to deal with disk failures - more often (because you have more disks), albeit at a much lower - urgency. + RAID. Minimizes or avoids downtime + when a disk fails. At the expense of having to deal with + disk failures more often (because you have more disks), + albeit at a much lower urgency. - Checking fingerprints of files. The &man.mtree.8; utility is - very useful for this. Although it is not a backup technique, it - helps guarantee that you will notice when you need to resort to your - backups. This is particularly important for offline backups, and - should be checked periodically. + Checking fingerprints of files. The &man.mtree.8; + utility is very useful for this. Although it is not a + backup technique, it helps guarantee that you will notice + when you need to resort to your backups. This is + particularly important for offline backups, and should be + checked periodically. - It is quite easy to come up with even more techniques, many of them - variations on the ones listed above. Specialized requirements will - usually lead to specialized techniques (for example, backing up a live - database usually requires a method particular to the database software - as an intermediate step). The important thing is to know what dangers - you want to protect against, and how you will handle each. + It is quite easy to come up with even more techniques, many + of them variations on the ones listed above. Specialized + requirements will usually lead to specialized techniques (for + example, backing up a live database usually requires a method + particular to the database software as an intermediate step). + The important thing is to know what dangers you want to protect + against, and how you will handle each. Backup Basics - The three major backup programs are - &man.dump.8;, - &man.tar.1;, - and - &man.cpio.1;. + The three major backup programs are &man.dump.8;, + &man.tar.1;, and &man.cpio.1;. Dump and Restore + - backup software + backup software dump / restore - dump - restore + + dump + + + restore + The traditional &unix; backup programs are dump and restore. They operate on the drive as a collection of disk blocks, below the - abstractions of files, links and directories that are created by - the file systems. Unlike other backup software, - dump backs up an entire - file system on a device. It is unable to backup only part of a - file system or a directory tree that spans more than one - file system. The dump command does not write files and - directories to tape, but rather writes the raw data blocks that - comprise files and directories. When being used to extract - data, restore stores temporary files - in /tmp/ by default — if you are - operating from a recovery disk with a small + abstractions of files, links and directories that are created + by the file systems. Unlike other backup software, + dump backs up an entire file system on a + device. It is unable to backup only part of a file system or + a directory tree that spans more than one file system. The + dump command does not write files and + directories to tape, but rather writes the raw data blocks + that comprise files and directories. When being used to + extract data, restore stores temporary + files in /tmp/ by default — if you + are operating from a recovery disk with a small /tmp directory, you may need to set the - TMPDIR environment variable to a directory - with more free space for the restore to be successful. + TMPDIR environment variable to a directory with + more free space for the restore to be successful. - If you use dump on your root directory, you - would not back up /home, - /usr or many other directories since - these are typically mount points for other file systems or - symbolic links into those file systems. + + If you use dump on your root + directory, you would not back up /home, + /usr or many other directories since + these are typically mount points for other file systems or + symbolic links into those file systems. + - dump has quirks that remain from its early days in - Version 6 of AT&T UNIX (circa 1975). The default - parameters are suitable for 9-track tapes (6250 bpi), not the - high-density media available today (up to 62,182 ftpi). These - defaults must be overridden on the command line to utilize the - capacity of current tape drives. + dump has quirks that remain from its + early days in Version 6 of AT&T UNIX (circa 1975). The + default parameters are suitable for 9-track tapes (6250 bpi), + not the high-density media available today (up to 62,182 + ftpi). These defaults must be overridden on the command line + to utilize the capacity of current tape drives. - .rhosts + + .rhosts + It is also possible to backup data across the network to a - tape drive attached to another computer with rdump and - rrestore. Both programs rely upon &man.rcmd.3; and - &man.ruserok.3; to access the remote tape drive. Therefore, - the user performing the backup must be listed in the - .rhosts file on the remote computer. The - arguments to rdump and rrestore must be suitable - to use on the remote computer. When - rdumping from a FreeBSD computer to an - Exabyte tape drive connected to a Sun called - komodo, use: + tape drive attached to another computer with + rdump and rrestore. + Both programs rely upon &man.rcmd.3; and &man.ruserok.3; to + access the remote tape drive. Therefore, the user performing + the backup must be listed in the .rhosts + file on the remote computer. The arguments to + rdump and rrestore must + be suitable to use on the remote computer. When + rdumping from a FreeBSD computer to an + Exabyte tape drive connected to a Sun called + komodo, use: &prompt.root; /sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&1 - Beware: there are security implications to - allowing .rhosts authentication. Evaluate your - situation carefully. + Beware: there are security implications to allowing + .rhosts authentication. Evaluate your + situation carefully. It is also possible to use dump and - restore in a more secure fashion over - ssh. + restore in a more secure fashion over + ssh. - Using <command>dump</command> over <application>ssh</application> + Using <command>dump</command> over + <application>ssh</application> &prompt.root; /sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \ targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz - Or using dump's built-in method, - setting the environment variable RSH: + setting the environment variable RSH: - Using <command>dump</command> over <application>ssh</application> with <envar>RSH</envar> set + Using <command>dump</command> over + <application>ssh</application> with <envar>RSH</envar> + set &prompt.root; RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr - - <command>tar</command> - backup software - tar + backup software + tar &man.tar.1; also dates back to Version 6 of AT&T UNIX (circa 1975). tar operates in cooperation - with the file system; it writes files and - directories to tape. tar does not support the - full range of options that are available from &man.cpio.1;, but - it does not require the unusual command - pipeline that cpio uses. + with the file system; it writes files and directories to tape. + tar does not support the full range of + options that are available from &man.cpio.1;, but it does not + require the unusual command pipeline that + cpio uses. tar - To tar to an - Exabyte tape drive connected to a Sun called - komodo, use: + To tar to an Exabyte tape drive + connected to a Sun called komodo, use: &prompt.root; tar cf - . | rsh komodo dd of=tape-device obs=20b @@ -2528,42 +2634,49 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready <command>cpio</command> - backup software - cpio + backup software + cpio &man.cpio.1; is the original &unix; file interchange tape - program for magnetic media. cpio has options - (among many others) to perform byte-swapping, write a number of - different archive formats, and pipe the data to other programs. - This last feature makes cpio an excellent - choice for installation media. cpio does not - know how to walk the directory tree and a list of files must be - provided through stdin. - cpio + program for magnetic media. cpio has + options (among many others) to perform byte-swapping, write a + number of different archive formats, and pipe the data to + other programs. This last feature makes + cpio an excellent choice for installation + media. cpio does not know how to walk the + directory tree and a list of files must be provided through + stdin. + + + cpio + cpio does not support backups across - the network. You can use a pipeline and rsh - to send the data to a remote tape drive. + the network. You can use a pipeline and + rsh to send the data to a remote tape + drive. &prompt.root; for f in directory_list; do find $f >> backup.list done &prompt.root; cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device" - Where directory_list is the list of - directories you want to back up, - user@host is the - user/hostname combination that will be performing the backups, and - backup_device is where the backups should - be written to (e.g., /dev/nsa0). + Where directory_list is the + list of directories you want to back up, + user@host + is the user/hostname combination that will be performing the + backups, and backup_device is where + the backups should be written to (e.g., + /dev/nsa0). <command>pax</command> + - backup software - pax + backup software + pax pax POSIX @@ -2574,86 +2687,99 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready years the various versions of tar and cpio have gotten slightly incompatible. So rather than fight it out to fully standardize them, &posix; - created a new archive utility. pax attempts - to read and write many of the various cpio - and tar formats, plus new formats of its own. - Its command set more resembles cpio than - tar. + created a new archive utility. pax + attempts to read and write many of the various + cpio and tar formats, + plus new formats of its own. Its command set more resembles + cpio than tar. <application>Amanda</application> - backup software - Amanda + backup software + Amanda + + + Amanda - Amanda Amanda (Advanced Maryland - Network Disk Archiver) is a client/server backup system, - rather than a single program. An Amanda server will backup to - a single tape drive any number of computers that have Amanda - clients and a network connection to the Amanda server. A - common problem at sites with a number of large disks is - that the length of time required to backup to data directly to tape - exceeds the amount of time available for the task. Amanda - solves this problem. Amanda can use a holding disk to - backup several file systems at the same time. Amanda creates - archive sets: a group of tapes used over a period of time to - create full backups of all the file systems listed in Amanda's - configuration file. The archive set also contains nightly - incremental (or differential) backups of all the file systems. - Restoring a damaged file system requires the most recent full - backup and the incremental backups. + Network Disk Archiver) is a client/server backup system, + rather than a single program. An + Amanda server will backup to a + single tape drive any number of computers that have + Amanda clients and a network + connection to the Amanda server. A + common problem at sites with a number of large disks is that + the length of time required to backup to data directly to tape + exceeds the amount of time available for the task. + Amanda solves this problem. + Amanda can use a + holding disk to backup several file systems at + the same time. Amanda creates + archive sets: a group of tapes used over a + period of time to create full backups of all the file systems + listed in Amanda's configuration + file. The archive set also contains nightly + incremental (or differential) backups of all the file systems. + Restoring a damaged file system requires the most recent full + backup and the incremental backups. - The configuration file provides fine control of backups and the - network traffic that Amanda generates. Amanda will use any of the - above backup programs to write the data to tape. Amanda is available - as either a port or a package, it is not installed by default. - + The configuration file provides fine control of backups + and the network traffic that Amanda + generates. Amanda will use any of + the above backup programs to write the data to tape. + Amanda is available as either a + port or a package, it is not installed by default. + Do Nothing - Do nothing is not a computer program, but it is the - most widely used backup strategy. There are no initial costs. There - is no backup schedule to follow. Just say no. If something happens - to your data, grin and bear it! + Do nothing is not a computer program, but + it is the most widely used backup strategy. There are no + initial costs. There is no backup schedule to follow. Just + say no. If something happens to your data, grin and bear + it! - If your time and your data is worth little to nothing, then - Do nothing is the most suitable backup program for your - computer. But beware, &unix; is a useful tool, you may find that within - six months you have a collection of files that are valuable to - you. + If your time and your data is worth little to nothing, + then Do nothing is the most suitable backup + program for your computer. But beware, &unix; is a useful + tool, you may find that within six months you have a + collection of files that are valuable to you. Do nothing is the correct backup method for - /usr/obj and other directory trees that can be - exactly recreated by your computer. An example is the files that - comprise the HTML or &postscript; version of this Handbook. - These document formats have been created from SGML input - files. Creating backups of the HTML or &postscript; files is - not necessary. The SGML files are backed up regularly. + /usr/obj and other directory trees that + can be exactly recreated by your computer. An example is the + files that comprise the HTML or &postscript; version of this + Handbook. These document formats have been created from SGML + input files. Creating backups of the HTML or &postscript; + files is not necessary. The SGML files are backed up + regularly. Which Backup Program Is Best? - LISA + LISA - &man.dump.8; Period. Elizabeth D. Zwicky - torture tested all the backup programs discussed here. The clear - choice for preserving all your data and all the peculiarities of &unix; - file systems is dump. Elizabeth created file systems containing - a large variety of unusual conditions (and some not so unusual ones) - and tested each program by doing a backup and restore of those - file systems. The peculiarities included: files with holes, files with - holes and a block of nulls, files with funny characters in their - names, unreadable and unwritable files, devices, files that change - size during the backup, files that are created/deleted during the - backup and more. She presented the results at LISA V in Oct. 1991. - See &man.dump.8; Period. Elizabeth D. + Zwicky torture tested all the backup programs discussed here. + The clear choice for preserving all your data and all the + peculiarities of &unix; file systems is + dump. Elizabeth created file systems + containing a large variety of unusual conditions (and some not + so unusual ones) and tested each program by doing a backup and + restore of those file systems. The peculiarities included: + files with holes, files with holes and a block of nulls, files + with funny characters in their names, unreadable and + unwritable files, devices, files that change size during the + backup, files that are created/deleted during the backup and + more. She presented the results at LISA V in Oct. 1991. See + torture-testing Backup and Archive Programs. @@ -2667,14 +2793,13 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready There are only four steps that you need to perform in preparation for any disaster that may occur. - bsdlabel - + bsdlabel + - First, print the bsdlabel from each of your disks - (e.g. bsdlabel da0 | lpr), your file system table - (/etc/fstab) and all boot messages, - two copies of - each. + First, print the bsdlabel from each of your disks (e.g. + bsdlabel da0 | lpr), your file system + table (/etc/fstab) and all boot + messages, two copies of each. livefs CD Second, burn a livefs CDROM. This CDROM @@ -2685,76 +2810,84 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready &man.newfs.8;, &man.mount.8;, and more. Livefs CD image for &os;/&arch.i386; &rel.current;-RELEASE is available from . + url="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/ISO-IMAGES/&rel.current;/&os;-&rel.current;-RELEASE-&arch.i386;-livefs.iso">. - Third, create backup tapes regularly. Any changes that you make - after your last backup may be irretrievably lost. Write-protect the - backup tapes. + Third, create backup tapes regularly. Any changes that + you make after your last backup may be irretrievably lost. + Write-protect the backup tapes. - Fourth, test the livefs CDROM - you made in step two and backup tapes. Make notes of the - procedure. Store these notes with the CDROM, the - printouts and the backup tapes. You will be so distraught when - restoring that the notes may prevent you from destroying your backup - tapes (How? In place of tar xvf /dev/sa0, you - might accidentally type tar cvf /dev/sa0 and - over-write your backup tape). + Fourth, test the livefs CDROM you made in + step two and backup tapes. Make notes of the procedure. + Store these notes with the CDROM, the printouts and the + backup tapes. You will be so distraught when restoring that + the notes may prevent you from destroying your backup tapes + (How? In place of tar xvf /dev/sa0, you + might accidentally type tar cvf /dev/sa0 + and over-write your backup tape). - For an added measure of security, make livefs CDROM and two - backup tapes each time. Store one of each at a remote location. A - remote location is NOT the basement of the same office building. A - number of firms in the World Trade Center learned this lesson the - hard way. A remote location should be physically separated from - your computers and disk drives by a significant distance. + For an added measure of security, make + livefs CDROM and two backup tapes each time. + Store one of each at a remote location. A remote location + is NOT the basement of the same office building. A number + of firms in the World Trade Center learned this lesson the + hard way. A remote location should be physically separated + from your computers and disk drives by a significant + distance. After the Disaster - The key question is: did your hardware survive? You have been - doing regular backups so there is no need to worry about the - software. + The key question is: did your hardware survive? You + have been doing regular backups so there is no need to worry + about the software. - If the hardware has been damaged, the parts should be replaced - before attempting to use the computer. + If the hardware has been damaged, the parts should be + replaced before attempting to use the computer. If your hardware is okay, insert the - livefs CDROM in the CDROM drive and - boot the computer. The original install menu will be displayed on + livefs CDROM in the CDROM drive and boot the + computer. The original install menu will be displayed on the screen. Select the correct country, then choose Fixit -- Repair mode with CDROM/DVD/floppy or start a shell. option and select the CDROM/DVD -- Use the live filesystem CDROM/DVD item. The tool - restore and the other programs that you need are - located in /mnt2/rescue. + restore and the other programs that you + need are located in + /mnt2/rescue. + Recover each file system separately. - mount - + mount + root partition - bsdlabel - + bsdlabel + - newfs - - Try to mount (e.g. mount /dev/da0a - /mnt) the root partition of your first disk. If the - bsdlabel was damaged, use bsdlabel to re-partition and - label the disk to match the label that you printed and saved. Use - newfs to re-create the file systems. Re-mount the root - partition of the disk read-write (mount -u -o rw - /mnt). Use your backup program and backup tapes to - recover the data for this file system (e.g. restore vrf - /dev/sa0). Unmount the file system (e.g. umount - /mnt). Repeat for each file system that was - damaged. + newfs + - Once your system is running, backup your data onto new tapes. - Whatever caused the crash or data loss may strike again. Another - hour spent now may save you from further distress later. + Try to mount (e.g. + mount /dev/da0a /mnt) the root partition + of your first disk. If the bsdlabel was damaged, use + bsdlabel to re-partition and label the + disk to match the label that you printed and saved. Use + newfs to re-create the file systems. + Re-mount the root partition of the disk read-write + (mount -u -o rw /mnt). Use your backup + program and backup tapes to recover the data for this file + system (e.g. restore vrf /dev/sa0). + Unmount the file system (e.g. + umount /mnt). Repeat for each file + system that was damaged. + + Once your system is running, backup your data onto new + tapes. Whatever caused the crash or data loss may strike + again. Another hour spent now may save you from further + distress later. virtual - Aside from the disks you physically insert into your computer: - floppies, CDs, hard drives, and so forth; other forms of disks - are understood by FreeBSD - the virtual - disks. + Aside from the disks you physically insert into your + computer: floppies, CDs, hard drives, and so forth; other forms + of disks are understood by FreeBSD - the virtual + disks. NFS Coda @@ -2797,29 +2930,28 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready disks memory - These include network file systems such as the Network File System and Coda, memory-based - file systems and - file-backed file systems. + These include network file systems such as the + Network File System and Coda, + memory-based file systems and file-backed file systems. - According to the FreeBSD version you run, you will have to use - different tools for creation and use of file-backed and + According to the FreeBSD version you run, you will have to + use different tools for creation and use of file-backed and memory-based file systems. - Use &man.devfs.5; to allocate device nodes transparently for the - user. + Use &man.devfs.5; to allocate device nodes transparently + for the user. File-Backed File System - disks - file-backed + disks + file-backed - The utility &man.mdconfig.8; is used to configure and enable - memory disks, &man.md.4;, under FreeBSD. To use + The utility &man.mdconfig.8; is used to configure and + enable memory disks, &man.md.4;, under FreeBSD. To use &man.mdconfig.8;, you have to load &man.md.4; module or to add the support in your kernel configuration file: @@ -2834,17 +2966,19 @@ sa0(ncr1:4:0): Logical unit is in process of becoming ready To mount an existing file system image: - Using <command>mdconfig</command> to Mount an Existing File System - Image + Using <command>mdconfig</command> to Mount an Existing + File System Image &prompt.root; mdconfig -a -t vnode -f diskimage -u 0 &prompt.root; mount /dev/md0 /mnt - To create a new file system image with &man.mdconfig.8;: + To create a new file system image with + &man.mdconfig.8;: - Creating a New File-Backed Disk with <command>mdconfig</command> + Creating a New File-Backed Disk with + <command>mdconfig</command> &prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in @@ -2871,15 +3005,17 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on The utility &man.mdconfig.8; is very useful, however it asks many command lines to create a file-backed file system. - FreeBSD also comes with a tool called &man.mdmfs.8;, - this program configures a &man.md.4; disk using - &man.mdconfig.8;, puts a UFS file system on it using - &man.newfs.8;, and mounts it using &man.mount.8;. For example, - if you want to create and mount the same file system image as - above, simply type the following: + FreeBSD also comes with a tool called &man.mdmfs.8;, this + program configures a &man.md.4; disk using &man.mdconfig.8;, + puts a UFS file system on it using &man.newfs.8;, and mounts + it using &man.mount.8;. For example, if you want to create + and mount the same file system image as above, simply type the + following: - Configure and Mount a File-Backed Disk with <command>mdmfs</command> + Configure and Mount a File-Backed Disk with + <command>mdmfs</command> + &prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in 5120+0 records out @@ -2893,26 +3029,25 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to automatically select an unused device. For more details about &man.mdmfs.8;, please refer to the manual page. - Memory-Based File System + - disks - memory file system + disks + memory file system - For a - memory-based file system the swap backing - should normally be used. Using swap backing does not mean - that the memory disk will be swapped out to disk by default, - but merely that the memory disk will be allocated from a - memory pool which can be swapped out to disk if needed. It is - also possible to create memory-based disk which are - &man.malloc.9; backed, but using malloc backed memory disks, - especially large ones, can result in a system panic if the - kernel runs out of memory. + For a memory-based file system the + swap backing should normally be used. Using + swap backing does not mean that the memory disk will be + swapped out to disk by default, but merely that the memory + disk will be allocated from a memory pool which can be swapped + out to disk if needed. It is also possible to create + memory-based disk which are &man.malloc.9; backed, but using + malloc backed memory disks, especially large ones, can result + in a system panic if the kernel runs out of memory. Creating a New Memory-Based Disk with @@ -2934,6 +3069,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on <example> <title>Creating a New Memory-Based Disk with <command>mdmfs</command> + &prompt.root; mdmfs -s 5m md2 /mnt &prompt.root; df /mnt Filesystem 1K-blocks Used Avail Capacity Mounted on @@ -2943,16 +3079,17 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on Detaching a Memory Disk from the System + - disks - detaching a memory disk + disks + detaching a memory disk - When a memory-based or file-based file system - is not used, you should release all resources to the system. - The first thing to do is to unmount the file system, then use - &man.mdconfig.8; to detach the disk from the system and release - the resources. + When a memory-based or file-based file system is not used, + you should release all resources to the system. The first + thing to do is to unmount the file system, then use + &man.mdconfig.8; to detach the disk from the system and + release the resources. For example to detach and free all resources used by /dev/md4: @@ -2960,8 +3097,8 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on &prompt.root; mdconfig -d -u 4 It is possible to list information about configured - &man.md.4; devices in using the command mdconfig - -l. + &man.md.4; devices in using the command + mdconfig -l. @@ -2984,92 +3121,96 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on snapshots - FreeBSD offers a feature in conjunction with - Soft Updates: File system snapshots. + FreeBSD offers a feature in conjunction with + Soft Updates: File system + snapshots. - Snapshots allow a user to create images of specified file - systems, and treat them as a file. - Snapshot files must be created in the file system that the - action is performed on, and a user may create no more than 20 - snapshots per file system. Active snapshots are recorded - in the superblock so they are persistent across unmount and - remount operations along with system reboots. When a snapshot - is no longer required, it can be removed with the standard &man.rm.1; - command. Snapshots may be removed in any order, - however all the used space may not be acquired because another snapshot will - possibly claim some of the released blocks. + Snapshots allow a user to create images of specified file + systems, and treat them as a file. Snapshot files must be + created in the file system that the action is performed on, and + a user may create no more than 20 snapshots per file system. + Active snapshots are recorded in the superblock so they are + persistent across unmount and remount operations along with + system reboots. When a snapshot is no longer required, it can + be removed with the standard &man.rm.1; command. Snapshots may + be removed in any order, however all the used space may not be + acquired because another snapshot will possibly claim some of + the released blocks. - The un-alterable file flag is set + The un-alterable file flag is set by &man.mksnap.ffs.8; after initial creation of a snapshot file. - The &man.unlink.1; command makes an exception for snapshot files - since it allows them to be removed. + The &man.unlink.1; command makes an exception for snapshot files + since it allows them to be removed. - Snapshots are created with the &man.mount.8; command. To place - a snapshot of /var in the file - /var/snapshot/snap use the following - command: + Snapshots are created with the &man.mount.8; command. To + place a snapshot of /var in the file + /var/snapshot/snap use the following + command: -&prompt.root; mount -u -o snapshot /var/snapshot/snap /var + &prompt.root; mount -u -o snapshot /var/snapshot/snap /var - Alternatively, you can use &man.mksnap.ffs.8; to create - a snapshot: -&prompt.root; mksnap_ffs /var /var/snapshot/snap + Alternatively, you can use &man.mksnap.ffs.8; to create + a snapshot: - One can find snapshot files on a file system (e.g. /var) - by using the &man.find.1; command: -&prompt.root; find /var -flags snapshot + &prompt.root; mksnap_ffs /var /var/snapshot/snap - Once a snapshot has been created, it has several - uses: + One can find snapshot files on a file system (e.g. + /var) by using the &man.find.1; + command: - - - Some administrators will use a snapshot file for backup purposes, - because the snapshot can be transferred to CDs or tape. - + &prompt.root; find /var -flags snapshot - - The file system integrity checker, &man.fsck.8;, may be run on the snapshot. - Assuming that the file system was clean when it was mounted, you - should always get a clean (and unchanging) result. - This is essentially what the - background &man.fsck.8; process does. - + Once a snapshot has been created, it has several + uses: - - Run the &man.dump.8; utility on the snapshot. - A dump will be returned that is consistent with the - file system and the timestamp of the snapshot. &man.dump.8; - can also take a snapshot, create a dump image and then - remove the snapshot in one command using the - flag. - + + + Some administrators will use a snapshot file for backup + purposes, because the snapshot can be transferred to CDs or + tape. + - - &man.mount.8; the snapshot as a frozen image of the file system. - To &man.mount.8; the snapshot - /var/snapshot/snap run: + + The file system integrity checker, &man.fsck.8;, may be + run on the snapshot. Assuming that the file system was + clean when it was mounted, you should always get a clean + (and unchanging) result. This is essentially what the + background &man.fsck.8; process does. + -&prompt.root; mdconfig -a -t vnode -f /var/snapshot/snap -u 4 + + Run the &man.dump.8; utility on the snapshot. A dump + will be returned that is consistent with the file system and + the timestamp of the snapshot. &man.dump.8; can also take a + snapshot, create a dump image and then remove the snapshot + in one command using the flag. + + + + &man.mount.8; the snapshot as a frozen image of the file + system. To &man.mount.8; the snapshot + /var/snapshot/snap run: + + &prompt.root; mdconfig -a -t vnode -f /var/snapshot/snap -u 4 &prompt.root; mount -r /dev/md4 /mnt + + - - + You can now walk the hierarchy of your frozen + /var file system mounted at + /mnt. Everything will initially be in the + same state it was during the snapshot creation time. The only + exception is that any earlier snapshots will appear as zero + length files. When the use of a snapshot has delimited, it can + be unmounted with: - You can now walk the hierarchy of your frozen /var - file system mounted at /mnt. Everything will - initially be in the same state it was during the snapshot creation time. - The only exception is that any earlier snapshots will appear - as zero length files. When the use of a snapshot has delimited, - it can be unmounted with: - -&prompt.root; umount /mnt + &prompt.root; umount /mnt &prompt.root; mdconfig -d -u 4 - For more information about and - file system snapshots, including technical papers, you can visit - Marshall Kirk McKusick's website at - . + For more information about and + file system snapshots, including technical papers, you can visit + Marshall Kirk McKusick's website at + . @@ -3083,26 +3224,27 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on Quotas are an optional feature of the operating system that allow you to limit the amount of disk space and/or the number of files a user or members of a group may allocate on a per-file - system basis. This is used most often on timesharing systems where - it is desirable to limit the amount of resources any one user or - group of users may allocate. This will prevent one user or group - of users from consuming all of the available disk space. + system basis. This is used most often on timesharing systems + where it is desirable to limit the amount of resources any one + user or group of users may allocate. This will prevent one user + or group of users from consuming all of the available disk + space. Configuring Your System to Enable Disk Quotas - Before attempting to use disk quotas, it is necessary to make - sure that quotas are configured in your kernel. This is done by - adding the following line to your kernel configuration + Before attempting to use disk quotas, it is necessary to + make sure that quotas are configured in your kernel. This is + done by adding the following line to your kernel configuration file: options QUOTA - The stock GENERIC kernel does not have - this enabled by default, so you will have to configure, build and - install a custom kernel in order to use disk quotas. Please refer - to for more information on kernel - configuration. + The stock GENERIC kernel does not + have this enabled by default, so you will have to configure, + build and install a custom kernel in order to use disk quotas. + Please refer to for more + information on kernel configuration. Next you will need to enable disk quotas in /etc/rc.conf. This is done by adding the @@ -3110,116 +3252,118 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on enable_quotas="YES" - disk quotas - checking + disk quotas + checking For finer control over your quota startup, there is an - additional configuration variable available. Normally on bootup, - the quota integrity of each file system is checked by the - &man.quotacheck.8; program. The - &man.quotacheck.8; facility insures that the data in - the quota database properly reflects the data on the file system. - This is a very time consuming process that will significantly - affect the time your system takes to boot. If you would like to - skip this step, a variable in /etc/rc.conf - is made available for the purpose: + additional configuration variable available. Normally on + bootup, the quota integrity of each file system is checked by + the &man.quotacheck.8; program. The &man.quotacheck.8; + facility insures that the data in the quota database properly + reflects the data on the file system. This is a very time + consuming process that will significantly affect the time your + system takes to boot. If you would like to skip this step, a + variable in /etc/rc.conf is made + available for the purpose: check_quotas="NO" - Finally you will need to edit /etc/fstab - to enable disk quotas on a per-file system basis. This is where - you can either enable user or group quotas or both for all of your - file systems. + Finally you will need to edit + /etc/fstab to enable disk quotas on a + per-file system basis. This is where you can either enable + user or group quotas or both for all of your file + systems. To enable per-user quotas on a file system, add the option to the options field in the - /etc/fstab entry for the file system you want - to enable quotas on. For example: + /etc/fstab entry for the file system you + want to enable quotas on. For example: /dev/da1s2g /home ufs rw,userquota 1 2 Similarly, to enable group quotas, use the option instead of - . To enable both user and - group quotas, change the entry as follows: + . To enable both user and group + quotas, change the entry as follows: /dev/da1s2g /home ufs rw,userquota,groupquota 1 2 - By default, the quota files are stored in the root directory of - the file system with the names quota.user and + By default, the quota files are stored in the root + directory of the file system with the names + quota.user and quota.group for user and group quotas - respectively. See &man.fstab.5; for more - information. Even though the &man.fstab.5; manual page says that - you can specify - an alternate location for the quota files, this is not recommended - because the various quota utilities do not seem to handle this - properly. + respectively. See &man.fstab.5; for more information. Even + though the &man.fstab.5; manual page says that you can specify + an alternate location for the quota files, this is not + recommended because the various quota utilities do not seem to + handle this properly. At this point you should reboot your system with your new - kernel. /etc/rc will automatically run the - appropriate commands to create the initial quota files for all of - the quotas you enabled in /etc/fstab, so - there is no need to manually create any zero length quota - files. + kernel. /etc/rc will automatically run + the appropriate commands to create the initial quota files for + all of the quotas you enabled in + /etc/fstab, so there is no need to + manually create any zero length quota files. - In the normal course of operations you should not be required - to run the &man.quotacheck.8;, - &man.quotaon.8;, or &man.quotaoff.8; - commands manually. However, you may want to read their manual pages - just to be familiar with their operation. + In the normal course of operations you should not be + required to run the &man.quotacheck.8;, &man.quotaon.8;, or + &man.quotaoff.8; commands manually. However, you may want to + read their manual pages just to be familiar with their + operation. Setting Quota Limits - disk quotas - limits + disk quotas + limits - Once you have configured your system to enable quotas, verify - that they really are enabled. An easy way to do this is to - run: + Once you have configured your system to enable quotas, + verify that they really are enabled. An easy way to do this + is to run: &prompt.root; quota -v - You should see a one line summary of disk usage and current - quota limits for each file system that quotas are enabled - on. + You should see a one line summary of disk usage and + current quota limits for each file system that quotas are + enabled on. You are now ready to start assigning quota limits with the &man.edquota.8; command. You have several options on how to enforce limits on the - amount of disk space a user or group may allocate, and how many - files they may create. You may limit allocations based on disk - space (block quotas) or number of files (inode quotas) or a - combination of both. Each of these limits are further broken down - into two categories: hard and soft limits. + amount of disk space a user or group may allocate, and how + many files they may create. You may limit allocations based + on disk space (block quotas) or number of files (inode quotas) + or a combination of both. Each of these limits are further + broken down into two categories: hard and soft limits. hard limit A hard limit may not be exceeded. Once a user reaches his hard limit he may not make any further allocations on the file - system in question. For example, if the user has a hard limit of - 500 kbytes on a file system and is currently using 490 kbytes, the - user can only allocate an additional 10 kbytes. Attempting to - allocate an additional 11 kbytes will fail. + system in question. For example, if the user has a hard limit + of 500 kbytes on a file system and is currently using 490 + kbytes, the user can only allocate an additional 10 kbytes. + Attempting to allocate an additional 11 kbytes will + fail. soft limit - Soft limits, on the other hand, can be exceeded for a limited - amount of time. This period of time is known as the grace period, - which is one week by default. If a user stays over his or her - soft limit longer than the grace period, the soft limit will - turn into a hard limit and no further allocations will be allowed. - When the user drops back below the soft limit, the grace period - will be reset. + Soft limits, on the other hand, can be exceeded for a + limited amount of time. This period of time is known as the + grace period, which is one week by default. If a user stays + over his or her soft limit longer than the grace period, the + soft limit will turn into a hard limit and no further + allocations will be allowed. When the user drops back below + the soft limit, the grace period will be reset. - The following is an example of what you might see when you run - the &man.edquota.8; command. When the - &man.edquota.8; command is invoked, you are placed into - the editor specified by the EDITOR environment - variable, or in the vi editor if the - EDITOR variable is not set, to allow you to edit - the quota limits. + The following is an example of what you might see when you + run the &man.edquota.8; command. When the &man.edquota.8; + command is invoked, you are placed into the editor specified + by the EDITOR environment variable, or in the + vi editor if the + EDITOR variable is not set, to allow you to + edit the quota limits. &prompt.root; edquota -u test @@ -3229,12 +3373,13 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on /usr/var: kbytes in use: 0, limits (soft = 50, hard = 75) inodes in use: 0, limits (soft = 50, hard = 60) - You will normally see two lines for each file system that has - quotas enabled. One line for the block limits, and one line for - inode limits. Simply change the value you want updated to modify - the quota limit. For example, to raise this user's block limit - from a soft limit of 50 and a hard limit of 75 to a soft limit of - 500 and a hard limit of 600, change: + You will normally see two lines for each file system that + has quotas enabled. One line for the block limits, and one + line for inode limits. Simply change the value you want + updated to modify the quota limit. For example, to raise this + user's block limit from a soft limit of 50 and a hard limit of + 75 to a soft limit of 500 and a hard limit of 600, + change: /usr: kbytes in use: 65, limits (soft = 50, hard = 75) @@ -3245,37 +3390,37 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on The new quota limits will be in place when you exit the editor. - Sometimes it is desirable to set quota limits on a range of - UIDs. This can be done by use of the option - on the &man.edquota.8; command. First, assign the + Sometimes it is desirable to set quota limits on a range + of UIDs. This can be done by use of the + option on the &man.edquota.8; command. First, assign the desired quota limit to a user, and then run edquota -p protouser startuid-enduid. For - example, if user test has the desired quota - limits, the following command can be used to duplicate those quota - limits for UIDs 10,000 through 19,999: + example, if user test has the desired + quota limits, the following command can be used to duplicate + those quota limits for UIDs 10,000 through 19,999: &prompt.root; edquota -p test 10000-19999 - For more information see &man.edquota.8; manual page. + For more information see &man.edquota.8; manual + page. Checking Quota Limits and Disk Usage - disk quotas - checking + disk quotas + checking You can use either the &man.quota.1; or the - &man.repquota.8; commands to check quota limits and - disk usage. The &man.quota.1; command can be used to - check individual user or group quotas and disk usage. A user - may only examine his own quota, and the quota of a group he - is a member of. Only the super-user may view all user and group - quotas. The - &man.repquota.8; command can be used to get a summary - of all quotas and disk usage for file systems with quotas - enabled. + &man.repquota.8; commands to check quota limits and disk + usage. The &man.quota.1; command can be used to check + individual user or group quotas and disk usage. A user may + only examine his own quota, and the quota of a group he is a + member of. Only the super-user may view all user and group + quotas. The &man.repquota.8; command can be used to get a + summary of all quotas and disk usage for file systems with + quotas enabled. The following is some sample output from the quota -v command for a user that has quota @@ -3288,10 +3433,10 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on grace period On the /usr file system in the above - example, this user is currently 15 kbytes over the soft limit of - 50 kbytes and has 5 days of the grace period left. Note the - asterisk * which indicates that the user is - currently over his quota limit. + example, this user is currently 15 kbytes over the soft limit + of 50 kbytes and has 5 days of the grace period left. Note + the asterisk * which indicates that the + user is currently over his quota limit. Normally file systems that the user is not using any disk space on will not show up in the output from the @@ -3304,12 +3449,14 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on Quotas over NFS + NFS - Quotas are enforced by the quota subsystem on the NFS server. - The &man.rpc.rquotad.8; daemon makes quota information available - to the &man.quota.1; command on NFS clients, allowing users on - those machines to see their quota statistics. + Quotas are enforced by the quota subsystem on the NFS + server. The &man.rpc.rquotad.8; daemon makes quota + information available to the &man.quota.1; command on NFS + clients, allowing users on those machines to see their quota + statistics. Enable rpc.rquotad in /etc/inetd.conf like so: @@ -3322,7 +3469,6 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on - @@ -3339,33 +3485,37 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on Encrypting Disk Partitions + disks - encrypting + encrypting + FreeBSD offers excellent online protections against - unauthorized data access. File permissions and Mandatory - Access Control (MAC) (see ) help prevent - unauthorized third-parties from accessing data while the operating - system is active and the computer is powered up. However, - the permissions enforced by the operating system are irrelevant if an - attacker has physical access to a computer and can simply move - the computer's hard drive to another system to copy and analyze - the sensitive data. + unauthorized data access. File permissions and Mandatory Access + Control (MAC) (see ) help prevent + unauthorized third-parties from accessing data while the + operating system is active and the computer is powered up. + However, the permissions enforced by the operating system are + irrelevant if an attacker has physical access to a computer and + can simply move the computer's hard drive to another system to + copy and analyze the sensitive data. - Regardless of how an attacker may have come into possession of - a hard drive or powered-down computer, both GEOM - Based Disk Encryption (gbde) and - geli cryptographic subsystems in &os; are able - to protect the data on the computer's file systems against even - highly-motivated attackers with significant resources. Unlike - cumbersome encryption methods that encrypt only individual files, - gbde and geli transparently - encrypt entire file systems. No cleartext ever touches the hard - drive's platter. + Regardless of how an attacker may have come into possession + of a hard drive or powered-down computer, both GEOM + Based Disk Encryption (gbde) and + geli cryptographic subsystems in &os; are + able to protect the data on the computer's file systems against + even highly-motivated attackers with significant resources. + Unlike cumbersome encryption methods that encrypt only + individual files, gbde and + geli transparently encrypt entire file + systems. No cleartext ever touches the hard drive's + platter. - Disk Encryption with <application>gbde</application> + Disk Encryption with + <application>gbde</application> @@ -3379,7 +3529,8 @@ Password: - Add &man.gbde.4; Support to the Kernel Configuration File + Add &man.gbde.4; Support to the Kernel Configuration + File Add the following line to the kernel configuration file: @@ -3387,77 +3538,81 @@ Password: options GEOM_BDE Rebuild the kernel as described in . + linkend="kernelconfig">. Reboot into the new kernel. - - An alternative to recompiling the kernel is to use - kldload to load &man.gbde.4;: + + An alternative to recompiling the kernel is to use + kldload to load &man.gbde.4;: - &prompt.root; kldload geom_bde - + &prompt.root; kldload geom_bde + - - Preparing the Encrypted Hard Drive + + Preparing the Encrypted Hard Drive - The following example assumes that you are adding a new hard - drive to your system that will hold a single encrypted partition. - This partition will be mounted as /private. - gbde can also be used to encrypt - /home and /var/mail, but - this requires more complex instructions which exceed the scope of - this introduction. + The following example assumes that you are adding a new + hard drive to your system that will hold a single encrypted + partition. This partition will be mounted as + /private. + gbde can also be used to encrypt + /home and + /var/mail, but this requires more + complex instructions which exceed the scope of this + introduction. - - - Add the New Hard Drive + + + Add the New Hard Drive - Install the new drive to the system as explained in . For the purposes of this example, - a new hard drive partition has been added as - /dev/ad4s1c. The - /dev/ad0s1* - devices represent existing standard FreeBSD partitions on - the example system. + Install the new drive to the system as explained in + . For the purposes of this + example, a new hard drive partition has been added as + /dev/ad4s1c. The + /dev/ad0s1* + devices represent existing standard FreeBSD partitions + on the example system. - &prompt.root; ls /dev/ad* + &prompt.root; ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 /dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c /dev/ad0s1a /dev/ad0s1d /dev/ad4 - + - - Create a Directory to Hold gbde Lock Files + + Create a Directory to Hold gbde Lock Files - &prompt.root; mkdir /etc/gbde + &prompt.root; mkdir /etc/gbde - The gbde lock file contains - information that gbde requires to - access encrypted partitions. Without access to the lock file, - gbde will not be able to decrypt - the data contained in the encrypted partition without - significant manual intervention which is not supported by the - software. Each encrypted partition uses a separate lock - file. - + The gbde lock file + contains information that + gbde requires to access + encrypted partitions. Without access to the lock file, + gbde will not be able to + decrypt the data contained in the encrypted partition + without significant manual intervention which is not + supported by the software. Each encrypted partition + uses a separate lock file. + - - Initialize the gbde Partition + + Initialize the gbde Partition - A gbde partition must be - initialized before it can be used. This initialization needs to - be performed only once: + A gbde partition must be + initialized before it can be used. This initialization + needs to be performed only once: - &prompt.root; gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock + &prompt.root; gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock - &man.gbde.8; will open your editor, permitting you to set - various configuration options in a template. For use with UFS1 - or UFS2, set the sector_size to 2048: + &man.gbde.8; will open your editor, permitting you + to set various configuration options in a template. For + use with UFS1 or UFS2, set the sector_size to + 2048: - $FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $ # # Sector size is the smallest unit of data which can be read or written. @@ -3469,96 +3624,104 @@ sector_size = 2048 [...] - &man.gbde.8; will ask you twice to type the passphrase that - should be used to secure the data. The passphrase must be the - same both times. gbde's ability to - protect your data depends entirely on the quality of the - passphrase that you choose. - - For tips on how to select a secure passphrase that is easy - to remember, see the Diceware - Passphrase website. + &man.gbde.8; will ask you twice to type the + passphrase that should be used to secure the data. The + passphrase must be the same both times. + gbde's ability to protect + your data depends entirely on the quality of the + passphrase that you choose. + + For tips on how to select a secure passphrase + that is easy to remember, see the Diceware + Passphrase + website. - The gbde init command creates a lock - file for your gbde partition that in - this example is stored as - /etc/gbde/ad4s1c.lock. - gbde lock files must end in - .lock in order to be correctly detected by - the - /etc/rc.d/gbde start up script. + The gbde init command creates a + lock file for your gbde + partition that in this example is stored as + /etc/gbde/ad4s1c.lock. + gbde lock files must end in + .lock in order to be correctly detected + by the /etc/rc.d/gbde start up + script. - - gbde lock files - must be backed up together with the - contents of any encrypted partitions. While deleting a lock - file alone cannot prevent a determined attacker from - decrypting a gbde partition, - without the lock file, the legitimate owner will be unable - to access the data on the encrypted partition without a - significant amount of work that is totally unsupported by - &man.gbde.8; and its designer. - - + + gbde lock files + must be backed up together with + the contents of any encrypted partitions. While + deleting a lock file alone cannot prevent a determined + attacker from decrypting a + gbde partition, without the + lock file, the legitimate owner will be unable to + access the data on the encrypted partition without a + significant amount of work that is totally unsupported + by &man.gbde.8; and its designer. + + - - Attach the Encrypted Partition to the Kernel + + Attach the Encrypted Partition to the + Kernel - &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock + &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock - You will be asked to provide the passphrase that you - selected during the initialization of the encrypted partition. - The new encrypted device will show up in - /dev as - /dev/device_name.bde: + You will be asked to provide the passphrase that + you selected during the initialization of the encrypted + partition. The new encrypted device will show up in + /dev as + /dev/device_name.bde: - &prompt.root; ls /dev/ad* + &prompt.root; ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 /dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c /dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde - + - - Create a File System on the Encrypted Device + + Create a File System on the Encrypted + Device - Once the encrypted device has been attached to the kernel, - you can create a file system on the device. To create a file - system on the encrypted device, use &man.newfs.8;. Since it is - much faster to initialize a new UFS2 file system than it is to - initialize the old UFS1 file system, using &man.newfs.8; with - the option is recommended. + Once the encrypted device has been attached to the + kernel, you can create a file system on the device. To + create a file system on the encrypted device, use + &man.newfs.8;. Since it is much faster to initialize a + new UFS2 file system than it is to initialize the old + UFS1 file system, using &man.newfs.8; with the + option is recommended. - &prompt.root; newfs -U -O2 /dev/ad4s1c.bde + &prompt.root; newfs -U -O2 /dev/ad4s1c.bde - - The &man.newfs.8; command must be performed on an - attached gbde partition which - is identified by a - *.bde - extension to the device name. - - + + The &man.newfs.8; command must be performed on an + attached gbde partition + which is identified by a + *.bde + extension to the device name. + + - - Mount the Encrypted Partition + + Mount the Encrypted Partition - Create a mount point for the encrypted file system. + Create a mount point for the encrypted file + system. - &prompt.root; mkdir /private + &prompt.root; mkdir /private - Mount the encrypted file system. + Mount the encrypted file system. - &prompt.root; mount /dev/ad4s1c.bde /private - + &prompt.root; mount /dev/ad4s1c.bde /private + - - Verify That the Encrypted File System is Available + + Verify That the Encrypted File System is + Available - The encrypted file system should now be visible to - &man.df.1; and be available for use. + The encrypted file system should now be visible to + &man.df.1; and be available for use. - &prompt.user; df -H + &prompt.user; df -H Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1a 1037M 72M 883M 8% / /devfs 1.0K 1.0K 0B 100% /dev @@ -3566,102 +3729,106 @@ Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1e 1037M 1.1M 953M 0% /tmp /dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr /dev/ad4s1c.bde 150G 4.1K 138G 0% /private - - - + + + - - Mounting Existing Encrypted File Systems + + Mounting Existing Encrypted File Systems - After each boot, any encrypted file systems must be - re-attached to the kernel, checked for errors, and mounted, before - the file systems can be used. The required commands must be - executed as user root. + After each boot, any encrypted file systems must be + re-attached to the kernel, checked for errors, and mounted, + before the file systems can be used. The required commands + must be executed as user root. - - - Attach the gbde Partition to the Kernel + + + Attach the gbde Partition to the Kernel - &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock + &prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock - You will be asked to provide the passphrase that you - selected during initialization of the encrypted - gbde partition. - + You will be asked to provide the passphrase that you + selected during initialization of the encrypted + gbde partition. + - - Check the File System for Errors + + Check the File System for Errors - Since encrypted file systems cannot yet be listed in - /etc/fstab for automatic mounting, the - file systems must be checked for errors by running &man.fsck.8; - manually before mounting. + Since encrypted file systems cannot yet be listed in + /etc/fstab for automatic mounting, + the file systems must be checked for errors by running + &man.fsck.8; manually before mounting. - &prompt.root; fsck -p -t ffs /dev/ad4s1c.bde - + &prompt.root; fsck -p -t ffs /dev/ad4s1c.bde + - - Mount the Encrypted File System + + Mount the Encrypted File System - &prompt.root; mount /dev/ad4s1c.bde /private + &prompt.root; mount /dev/ad4s1c.bde /private - The encrypted file system is now available for use. - - + The encrypted file system is now available for + use. + + - - Automatically Mounting Encrypted Partitions + + Automatically Mounting Encrypted Partitions - It is possible to create a script to automatically attach, - check, and mount an encrypted partition, but for security reasons - the script should not contain the &man.gbde.8; password. Instead, - it is recommended that such scripts be run manually while - providing the password via the console or &man.ssh.1;. + It is possible to create a script to automatically + attach, check, and mount an encrypted partition, but for + security reasons the script should not contain the + &man.gbde.8; password. Instead, it is recommended that + such scripts be run manually while providing the password + via the console or &man.ssh.1;. - As an alternative, an rc.d script is - provided. Arguments for this script can be passed via - &man.rc.conf.5;, for example: + As an alternative, an rc.d script + is provided. Arguments for this script can be passed via + &man.rc.conf.5;, for example: - gbde_autoattach_all="YES" + gbde_autoattach_all="YES" gbde_devices="ad4s1c" gbde_lockdir="/etc/gbde" - This will require that the gbde - passphrase be entered at boot time. After typing the correct - passphrase, the gbde encrypted - partition will be mounted automatically. This can be very - useful when using gbde on - notebooks. - - + This will require that the + gbde passphrase be entered at + boot time. After typing the correct passphrase, the + gbde encrypted partition will + be mounted automatically. This can be very useful when + using gbde on notebooks. + + Cryptographic Protections Employed by gbde - &man.gbde.8; encrypts the sector payload using 128-bit AES in - CBC mode. Each sector on the disk is encrypted with a different - AES key. For more information on gbde's - cryptographic design, including how the sector keys are derived - from the user-supplied passphrase, see &man.gbde.4;. + &man.gbde.8; encrypts the sector payload using 128-bit + AES in CBC mode. Each sector on the disk is encrypted with + a different AES key. For more information on + gbde's cryptographic design, + including how the sector keys are derived from the + user-supplied passphrase, see &man.gbde.4;. Compatibility Issues &man.sysinstall.8; is incompatible with - gbde-encrypted devices. All - *.bde devices must be detached from the - kernel before starting &man.sysinstall.8; or it will crash during - its initial probing for devices. To detach the encrypted device - used in our example, use the following command: + gbde-encrypted devices. All + *.bde + devices must be detached from the kernel before starting + &man.sysinstall.8; or it will crash during its initial + probing for devices. To detach the encrypted device used in + our example, use the following command: + &prompt.root; gbde detach /dev/ad4s1c - Also note that, as &man.vinum.4; does not use the - &man.geom.4; subsystem, you cannot use - gbde with - vinum volumes. + Also note that, as &man.vinum.4; does not use the + &man.geom.4; subsystem, you cannot use + gbde with + vinum volumes. - @@ -3689,31 +3856,39 @@ gbde_lockdir="/etc/gbde" Utilizes the &man.crypto.9; framework — when - cryptographic hardware is available, geli - will use it automatically. + cryptographic hardware is available, + geli will use it automatically. + Supports multiple cryptographic algorithms (currently - AES, Blowfish, and 3DES). + AES, Blowfish, and 3DES). + Allows the root partition to be encrypted. The - passphrase used to access the encrypted root partition will - be requested during the system boot. + passphrase used to access the encrypted root partition + will be requested during the system boot. + Allows the use of two independent keys (e.g. a - key and a company key). + key and a + company key). + geli is fast - performs simple sector-to-sector encryption. + Allows backup and restore of Master Keys. When a user has to destroy his keys, it will be possible to get access - to the data again by restoring keys from the backup. + to the data again by restoring keys from the + backup. + Allows to attach a disk with a random, one-time key — useful for swap partitions and temporary file @@ -3725,16 +3900,17 @@ gbde_lockdir="/etc/gbde" &man.geli.8; manual page. The next steps will describe how to enable support for - geli in the &os; kernel and will explain how - to create and use a geli encryption provider. + geli in the &os; kernel and will explain + how to create and use a geli encryption + provider. - - Super-user privileges will be - required since modifications to the kernel are necessary. + Super-user privileges will be required since modifications + to the kernel are necessary. - Adding <command>geli</command> Support to the Kernel + Adding <command>geli</command> Support to the + Kernel Add the following lines to the kernel configuration file: @@ -3743,7 +3919,7 @@ gbde_lockdir="/etc/gbde" device crypto Rebuild the kernel as described in . + linkend="kernelconfig">. Alternatively, the geli module can be loaded at boot time. Add the following line to the @@ -3751,7 +3927,8 @@ device crypto geom_eli_load="YES" - &man.geli.8; should now be supported by the kernel. + &man.geli.8; should now be supported by the + kernel. @@ -3763,20 +3940,20 @@ device crypto /private. The key file will provide some random data used to encrypt the Master Key. The Master Key will be protected by a - passphrase as well. Provider's sector size will be 4kB big. - Furthermore, the discussion will describe how to attach the - geli provider, create a file system on - it, how to mount it, how to work with it, and finally how to - detach it. + passphrase as well. Provider's sector size will be 4kB + big. Furthermore, the discussion will describe how to + attach the geli provider, create a file + system on it, how to mount it, how to work with it, and + finally how to detach it. - It is recommended to use a bigger sector size (like 4kB) for - better performance. + It is recommended to use a bigger sector size (like + 4kB) for better performance. The Master Key will be protected with a passphrase and the data source for key file will be /dev/random. The sector size of /dev/da2.eli, which we call provider, - will be 4kB. + will be 4kB. &prompt.root; dd if=/dev/random of=/root/da2.key bs=64 count=1 &prompt.root; geli init -s 4096 -K /root/da2.key /dev/da2 @@ -3784,8 +3961,8 @@ Enter new passphrase: Reenter new passphrase: It is not mandatory that both a passphrase and a key - file are used; either method of securing the Master Key can - be used in isolation. + file are used; either method of securing the Master Key + can be used in isolation. If key file is given as -, standard input will be used. This example shows how more than one @@ -3814,8 +3991,8 @@ Enter passphrase: &prompt.root; newfs /dev/da2.eli &prompt.root; mount /dev/da2.eli /private - The encrypted file system should be visible to &man.df.1; - and be available for use now: + The encrypted file system should be visible to + &man.df.1; and be available for use now: &prompt.root; df -H Filesystem Size Used Avail Capacity Mounted on @@ -3825,17 +4002,16 @@ Filesystem Size Used Avail Capacity Mounted on /dev/ad0s1d 989M 1.5M 909M 0% /tmp /dev/ad0s1e 3.9G 1.3G 2.3G 35% /var /dev/da2.eli 150G 4.1K 138G 0% /private - Unmounting and Detaching the Provider Once the work on the encrypted partition is done, and - the /private partition - is no longer needed, it is prudent to consider unmounting - and detaching the geli encrypted - partition from the kernel. + the /private + partition is no longer needed, it is prudent to consider + unmounting and detaching the geli + encrypted partition from the kernel. &prompt.root; umount /private &prompt.root; geli detach da2.eli @@ -3843,36 +4019,39 @@ Filesystem Size Used Avail Capacity Mounted on More information about the use of &man.geli.8; can be - found in the manual page. + found in the manual page. - Using the <filename>geli</filename> <filename>rc.d</filename> Script + Using the <filename>geli</filename> + <filename>rc.d</filename> Script - geli comes with a rc.d script which - can be used to simplify the usage of geli. - An example of configuring geli through + geli comes with a + rc.d script which can be used to + simplify the usage of geli. An example + of configuring geli through &man.rc.conf.5; follows: geli_devices="da2" geli_da2_flags="-p -k /root/da2.key" This will configure /dev/da2 as a - geli provider of which the Master Key file - is located in /root/da2.key, and + geli provider of which the Master Key + file is located in /root/da2.key, and geli will not use a passphrase when - attaching the provider (note that this can only be used if - was given during the geli init phase). The - system will detach the geli provider from - the kernel before the system shuts down. + attaching the provider (note that this can only be used if + was given during the + geli init phase). The system will detach + the geli provider from the kernel before + the system shuts down. - More information about configuring rc.d is provided in the + More information about configuring + rc.d is provided in the rc.d section of the Handbook. - + - @@ -3885,49 +4064,52 @@ geli_da2_flags="-p -k /root/da2.key" Encrypting Swap Space + swap encrypting - Swap encryption in &os; is easy to configure - . Depending on which version - of &os; is being used, different options are available - and configuration can vary slightly. - The &man.gbde.8; or &man.geli.8; encryption systems can be used - for swap encryption. - Both systems use the encswap + Swap encryption in &os; is easy to configure. Depending on + which version of &os; is being used, different options are + available and configuration can vary slightly. The &man.gbde.8; + or &man.geli.8; encryption systems can be used for swap + encryption. Both systems use the encswap rc.d script. - The previous section, Encrypting - Disk Partitions, includes a short discussion on the different - encryption systems. + The previous section, Encrypting Disk Partitions, + includes a short discussion on the different encryption + systems. Why should Swap be Encrypted? - Like the encryption of disk partitions, encryption of swap space - is done to protect sensitive information. Imagine an application - that e.g. deals with passwords. As long as these passwords stay in - physical memory, all is well. However, if the operating system starts - swapping out memory pages to free space for other applications, the - passwords may be written to the disk platters unencrypted and easy to - retrieve for an adversary. Encrypting swap space can be a solution for - this scenario. + Like the encryption of disk partitions, encryption of swap + space is done to protect sensitive information. Imagine an + application that e.g. deals with passwords. As long as these + passwords stay in physical memory, all is well. However, if + the operating system starts swapping out memory pages to free + space for other applications, the passwords may be written to + the disk platters unencrypted and easy to retrieve for an + adversary. Encrypting swap space can be a solution for this + scenario. Preparation - For the remainder of this section, ad0s1b - will be the swap partition. + For the remainder of this section, + ad0s1b will be the swap + partition. - Up to this point the swap has been unencrypted. It is possible that - there are already passwords or other sensitive data on the disk platters - in cleartext. To rectify this, the data on the swap partition should be - overwritten with random garbage: + Up to this point the swap has been unencrypted. It is + possible that there are already passwords or other sensitive + data on the disk platters in cleartext. To rectify this, the + data on the swap partition should be overwritten with random + garbage: &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m @@ -3935,9 +4117,9 @@ geli_da2_flags="-p -k /root/da2.key" Swap Encryption with &man.gbde.8; - The - .bde suffix should be added to the device in the - respective /etc/fstab swap line: + The .bde suffix should be added to the + device in the respective /etc/fstab swap + line: # Device Mountpoint FStype Options Dump Pass# @@ -3948,31 +4130,33 @@ geli_da2_flags="-p -k /root/da2.key" Swap Encryption with &man.geli.8; - Alternatively, the procedure for using &man.geli.8; for swap - encryption is similar to that of using &man.gbde.8;. The - .eli suffix should be added to the device in the - respective /etc/fstab swap line: + Alternatively, the procedure for using &man.geli.8; for + swap encryption is similar to that of using &man.gbde.8;. The + .eli suffix should be added to the device + in the respective /etc/fstab swap + line: # Device Mountpoint FStype Options Dump Pass# /dev/ad0s1b.eli none swap sw 0 0 - &man.geli.8; uses the AES algorithm with - a key length of 256 bit by default. + &man.geli.8; uses the AES algorithm + with a key length of 256 bit by default. Optionally, these defaults can be altered using the geli_swap_flags option in - /etc/rc.conf. The following line tells the - encswap rc.d script to create &man.geli.8; swap - partitions using the Blowfish algorithm with a key length of 128 bit, - a sectorsize of 4 kilobytes and the detach on last close - option set: + /etc/rc.conf. The following line tells + the encswap rc.d script to create + &man.geli.8; swap partitions using the Blowfish algorithm with + a key length of 128 bit, a sectorsize of 4 kilobytes and the + detach on last close option set: geli_swap_flags="-e blowfish -l 128 -s 4096 -d" - Please refer to the description of the onetime command - in the &man.geli.8; manual page for a list of possible options. + Please refer to the description of the + onetime command in the &man.geli.8; manual + page for a list of possible options. @@ -4038,20 +4222,21 @@ Device 1K-blocks Used Avail Capacity Synopsis - High availability is one of the main requirements in serious - business applications and highly-available storage is a key - component in such environments. Highly Available STorage, or - HASTHighly Available - STorage, was developed by &a.pjd; as a - framework which allows transparent storage of the same data - across several physically separated machines connected by a - TCP/IP network. HAST can be understood as - a network-based RAID1 (mirror), and is similar to the - DRBD® storage system known from the GNU/&linux; platform. - In combination with other high-availability features of &os; - like CARP, HAST makes it - possible to build a highly-available storage cluster that is - resistant to hardware failures. + High availability is one of the main requirements in + serious business applications and highly-available storage is + a key component in such environments. Highly Available + STorage, or HASTHighly + Available STorage, was developed by + &a.pjd; as a framework which allows transparent storage of the + same data across several physically separated machines + connected by a TCP/IP network. HAST can be + understood as a network-based RAID1 (mirror), and is similar + to the DRBD® storage system known from the GNU/&linux; + platform. In combination with other high-availability + features of &os; like CARP, + HAST makes it possible to build a + highly-available storage cluster that is resistant to hardware + failures. After reading this section, you will know: @@ -4060,14 +4245,16 @@ Device 1K-blocks Used Avail Capacity What HAST is, how it works and which features it provides. + How to set up and use HAST on &os;. + How to integrate CARP and &man.devd.8; to build a robust storage system. - + Before reading this section, you should: @@ -4077,15 +4264,18 @@ Device 1K-blocks Used Avail Capacity Understand &unix; and &os; basics (). + Know how to configure network interfaces and other - core &os; subsystems (). + core &os; subsystems + (). + Have a good understanding of &os; networking (). + Use &os; 8.1-RELEASE or newer. @@ -4093,8 +4283,9 @@ Device 1K-blocks Used Avail Capacity The HAST project was sponsored by The &os; Foundation with the support from OMCnet Internet Service GmbH - and TransIP BV. + url="http://www.omc.net/">OMCnet Internet Service + GmbH and TransIP + BV. @@ -4104,29 +4295,34 @@ Device 1K-blocks Used Avail Capacity are: - + Can be used to mask I/O errors on local hard - drives. + drives. + File system agnostic; works with any file system supported by &os;. + Efficient and quick resynchronization, synchronizing only blocks that were modified during the downtime of a node. + + Can be used in an already deployed environment to add additional redundancy. + Together with CARP, Heartbeat, or other tools, it @@ -4149,7 +4345,7 @@ Device 1K-blocks Used Avail Capacity HAST is currently limited to two cluster nodes in - total. + total. Since HAST works in a @@ -4169,17 +4365,18 @@ Device 1K-blocks Used Avail Capacity local disk (on primary node) + disk on remote machine (secondary node) HAST operates synchronously on a block - level, making it transparent to file systems and - applications. HAST provides regular GEOM - providers in /dev/hast/ - directory for use by other tools or applications, thus there is - no difference between using HAST-provided + level, making it transparent to file systems and applications. + HAST provides regular GEOM providers in + /dev/hast/ directory + for use by other tools or applications, thus there is no + difference between using HAST-provided devices and raw disks, partitions, etc. Each write, delete or flush operation is sent to the local @@ -4215,13 +4412,15 @@ Device 1K-blocks Used Avail Capacity memsync replication mode is currently not implemented. + fullsync: report write - operation as completed when local write completes and when - remote write completes. This is the safest and the + operation as completed when local write completes and + when remote write completes. This is the safest and the slowest replication mode. This mode is the default. + async: report write operation as completed when local write completes. This is the @@ -4234,8 +4433,8 @@ Device 1K-blocks Used Avail Capacity - Only the fullsync replication mode - is currently supported. + Only the fullsync replication + mode is currently supported. @@ -4261,13 +4460,16 @@ Device 1K-blocks Used Avail Capacity parts from the operating system's point of view: - + the &man.hastd.8; daemon responsible for the data synchronization, + - the &man.hastctl.8; userland management utility, + the &man.hastctl.8; userland management + utility, + the &man.hast.conf.5; configuration file. @@ -4283,11 +4485,12 @@ Device 1K-blocks Used Avail Capacity hastb with an IP address 172.16.0.2. Both of these nodes will have a dedicated hard drive - /dev/ad6 of - the same size for HAST operation. - The HAST pool (sometimes also referred to - as a resource, i.e. the GEOM provider in /dev/hast/) will be called + /dev/ad6 + of the same size for HAST operation. The + HAST pool (sometimes also referred to as a + resource, i.e. the GEOM provider in + /dev/hast/) will be + called test. Configuration of HAST is done @@ -4319,8 +4522,8 @@ Device 1K-blocks Used Avail Capacity Now that the configuration exists on both nodes, the HAST pool can be created. Run these - commands on both nodes to place the initial metadata - onto the local disk, and start the &man.hastd.8; daemon: + commands on both nodes to place the initial metadata onto the + local disk, and start the &man.hastd.8; daemon: &prompt.root; hastctl create test &prompt.root; /etc/rc.d/hastd onestart @@ -4335,10 +4538,9 @@ Device 1K-blocks Used Avail Capacity A HAST node's role (primary or - secondary) is selected by an administrator - or other - software like Heartbeat using the - &man.hastctl.8; utility. Move to the primary node + secondary) is selected by an administrator + or other software like Heartbeat + using the &man.hastctl.8; utility. Move to the primary node (hasta) and issue this command: @@ -4350,12 +4552,11 @@ Device 1K-blocks Used Avail Capacity &prompt.root; hastctl role secondary test - When the nodes are unable to - communicate with each other, and both are configured as - primary nodes, the condition is called - split-brain. To troubleshoot - this situation, follow the steps described in . + When the nodes are unable to communicate with each + other, and both are configured as primary nodes, the + condition is called split-brain. To + troubleshoot this situation, follow the steps described in + . Verify the result with the @@ -4377,9 +4578,9 @@ Device 1K-blocks Used Avail Capacity GEOM provider and mount it. This must be done on the primary node, as /dev/hast/test - appears only on the primary node. - Creating the filesystem can take a few minutes, depending on the - size of the hard drive: + appears only on the primary node. Creating + the filesystem can take a few minutes, depending on the size + of the hard drive: &prompt.root; newfs -U /dev/hast/test &prompt.root; mkdir /hast/test @@ -4387,8 +4588,8 @@ Device 1K-blocks Used Avail Capacity Once the HAST framework is configured properly, the final step is to make sure that - HAST is started automatically during the system - boot. Add this line to + HAST is started automatically during the + system boot. Add this line to /etc/rc.conf: hastd_enable="YES" @@ -4398,25 +4599,24 @@ Device 1K-blocks Used Avail Capacity The goal of this example is to build a robust storage system which is resistant to the failure of any given node. - The scenario is that a - primary node of the cluster fails. If - this happens, the secondary node is there to - take over seamlessly, check and mount the file system, and - continue to work without missing a single bit of data. + The scenario is that a primary node of + the cluster fails. If this happens, the + secondary node is there to take over + seamlessly, check and mount the file system, and continue to + work without missing a single bit of data. To accomplish this task, another &os; feature provides for automatic failover on the IP layer — - CARP. CARP (Common Address - Redundancy Protocol) allows multiple hosts - on the same network segment to share an IP address. Set up - CARP on both nodes of the cluster according - to the documentation available in . - After setup, each node will have its own - carp0 interface with a shared IP - address 172.16.0.254. - The primary HAST node of the - cluster must be the master CARP - node. + CARP. CARP (Common + Address Redundancy Protocol) allows multiple hosts on the + same network segment to share an IP address. Set up + CARP on both nodes of the cluster + according to the documentation available in + . After setup, each node will have its + own carp0 interface with a shared + IP address 172.16.0.254. The + primary HAST node of the cluster must be + the master CARP node. The HAST pool created in the previous section is now ready to be exported to the other hosts on @@ -4428,13 +4628,13 @@ Device 1K-blocks Used Avail Capacity should the primary node fail. In the event of CARP interfaces going - up or down, the &os; operating system generates a &man.devd.8; - event, making it possible to watch for the state changes - on the CARP interfaces. A state change on - the CARP interface is an indication that - one of the nodes failed or came back online. These state change - events make it possible to run a script which will - automatically handle the HAST failover. + up or down, the &os; operating system generates a + &man.devd.8; event, making it possible to watch for the + state changes on the CARP interfaces. A + state change on the CARP interface is an + indication that one of the nodes failed or came back online. + These state change events make it possible to run a script + which will automatically handle the HAST failover. To be able to catch state changes on the CARP interfaces, add this @@ -4455,24 +4655,24 @@ notify 30 { action "/usr/local/sbin/carp-hast-switch slave"; }; - Restart &man.devd.8; on both nodes to put the new configuration - into effect: + Restart &man.devd.8; on both nodes to put the new + configuration into effect: &prompt.root; /etc/rc.d/devd restart - When the carp0 - interface goes up or down (i.e. the interface state changes), - the system generates a notification, allowing the &man.devd.8; + When the carp0 interface goes + up or down (i.e. the interface state changes), the system + generates a notification, allowing the &man.devd.8; subsystem to run an arbitrary script, in this case /usr/local/sbin/carp-hast-switch. This - is the script which will handle the automatic - failover. For further clarification about the above - &man.devd.8; configuration, please consult the - &man.devd.conf.5; manual page. + is the script which will handle the automatic failover. For + further clarification about the above &man.devd.8; + configuration, please consult the &man.devd.conf.5; manual + page. An example of such a script could be: -#!/bin/sh + #!/bin/sh # Original script by Freddie Cash <fjwcash@gmail.com> # Modified by Michael W. Lucas <mwlucas@BlackHelicopters.org> @@ -4556,8 +4756,8 @@ case "$1" in ;; esac - In a nutshell, the script takes these actions when a node - becomes master / + In a nutshell, the script takes these actions when a + node becomes master / primary: @@ -4565,10 +4765,12 @@ esac Promotes the HAST pools to primary on a given node. + Checks the file system under the HAST pool. + Mounts the pools at an appropriate place. @@ -4581,6 +4783,7 @@ esac Unmounts the HAST pools. + Degrades the HAST pools to secondary. @@ -4602,55 +4805,55 @@ esac be used. - More detailed information with additional examples can be - found in the HAST Wiki + More detailed information with additional examples can + be found in the + HAST Wiki page. + Troubleshooting General Troubleshooting Tips - HAST should generally work - without issues. However, as with any other software - product, there may be times when it does not work as - supposed. The sources of the problems may be different, but - the rule of thumb is to ensure that the time is synchronized - between all nodes of the cluster. + HAST should generally work without + issues. However, as with any other software product, there + may be times when it does not work as supposed. The sources + of the problems may be different, but the rule of thumb is + to ensure that the time is synchronized between all nodes of + the cluster. When troubleshooting HAST problems, - the debugging level of &man.hastd.8; should be increased - by starting the - &man.hastd.8; daemon with the -d - argument. Note that this argument may be specified - multiple times to further increase the debugging level. A - lot of useful information may be obtained this way. Consider - also using the -F - argument, which starts the &man.hastd.8; daemon in the - foreground. - + the debugging level of &man.hastd.8; should be increased by + starting the &man.hastd.8; daemon with the + -d argument. Note that this argument may + be specified multiple times to further increase the + debugging level. A lot of useful information may be + obtained this way. Consider also using the + -F argument, which starts the + &man.hastd.8; daemon in the foreground. + Recovering from the Split-brain Condition Split-brain is when the nodes of the cluster are unable to communicate with each other, and both - are configured as primary. This is a dangerous - condition because it allows both nodes to make incompatible - changes to the data. This problem must be corrected - manually by the system administrator. + are configured as primary. This is a dangerous condition + because it allows both nodes to make incompatible changes to + the data. This problem must be corrected manually by the + system administrator. - The administrator must - decide which node has more important changes (or merge them - manually) and let HAST perform - full synchronization of the node which has the broken - data. To do this, issue these commands on the node - which needs to be resynchronized: + The administrator must decide which node has more + important changes (or merge them manually) and let + HAST perform full synchronization of the + node which has the broken data. To do this, issue these + commands on the node which needs to be + resynchronized: - &prompt.root; hastctl role init <resource> + &prompt.root; hastctl role init <resource> &prompt.root; hastctl create <resource> &prompt.root; hastctl role secondary <resource>