b4346b9b2d
- Reflect the rename in referencing files Approved by: doceng (implicit)
3949 lines
149 KiB
XML
3949 lines
149 KiB
XML
<?xml version="1.0" encoding="big5" standalone="no"?>
|
||
<!--
|
||
The FreeBSD Documentation Project
|
||
|
||
$FreeBSD$
|
||
Original revision: 1.246
|
||
-->
|
||
|
||
<chapter id="disks">
|
||
<title>儲存設備篇</title>
|
||
|
||
<sect1 id="disks-synopsis">
|
||
<title>概述</title>
|
||
|
||
|
||
<para>本章涵蓋如何在 FreeBSD 下使用碟片裝置
|
||
<footnote>
|
||
<para>譯註:雖然有些設備沒有『碟片』,例如 USB 隨身碟,
|
||
不過在此仍把 Disk 譯為『碟片裝置』。此外,為方便起見,
|
||
後文所有的 Disk 都譯為『磁碟』。</para></footnote>
|
||
包含 memory-backed disk (用記憶體作為磁碟使用)、跨網路使用的磁碟、
|
||
標準 SCSI/IDE 磁碟、USB 介面的設備等。</para>
|
||
|
||
<para>閱讀本章後,您裝學會:</para>
|
||
<itemizedlist>
|
||
<listitem><para>FreeBSD 如何描述資料在磁碟上的劃分情形
|
||
(partition 和 slices)。</para>
|
||
</listitem>
|
||
<listitem><para>如何在系統上加入磁碟</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>如何設定 &os; 來使用 USB 裝置。</para>
|
||
</listitem>
|
||
<listitem><para>如何設定虛擬檔案系統 (virtual file systems),
|
||
例如 memory disks (用記憶體作為磁碟使用)。</para></listitem>
|
||
<listitem>
|
||
<para>如何用 quota 來限制磁碟空間的使用。</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>如何對磁碟加密以應付攻擊。</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>如何在 FreeBSD 下建立、燒錄 CD 和 DVD。</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>各種不同的備份設備。</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>如何使用 FreeBSD 提供的備份工具。</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>如何備份到軟碟。</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>什麼是 snapshots ,且如何有效率地使用之。</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>在閱讀之前,您應該:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>知道如何設定、安裝新的 FreeBSD kernel。
|
||
(<xref linkend="kernelconfig"/>).</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
</sect1>
|
||
|
||
<sect1 id="disks-naming">
|
||
<title>裝置名稱</title>
|
||
|
||
<para>下面是 FreeBSD 支援的儲存媒體列表,及它們對應的裝置名稱。</para>
|
||
|
||
<table id="disk-naming-physical-table" frame="none">
|
||
<title>命名規則</title>
|
||
|
||
<tgroup cols="2">
|
||
<thead>
|
||
<row>
|
||
<entry>裝置類型</entry>
|
||
<entry>裝置名稱</entry>
|
||
</row>
|
||
</thead>
|
||
<tbody>
|
||
<row>
|
||
<entry>IDE 磁碟機</entry>
|
||
<entry><literal>ad</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>IDE 光碟機</entry>
|
||
<entry><literal>acd</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>SCSI 磁碟機和 USB 碟</entry>
|
||
<entry><literal>da</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>SCSI 光碟機</entry>
|
||
<entry><literal>cd</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>非標準規格光碟機</entry>
|
||
<entry>Mitsumi 光碟機用 <literal>mcd</literal>,
|
||
Sony 光碟機用 <literal>scd</literal>。
|
||
</entry>
|
||
</row>
|
||
<row>
|
||
<entry>軟碟機</entry>
|
||
<entry><literal>fd</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>SCSI 碟帶機</entry>
|
||
<entry><literal>sa</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>IDE 碟帶機</entry>
|
||
<entry><literal>ast</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>Flash 磁碟機</entry>
|
||
<entry>&diskonchip; Flash 磁碟機用 <literal>fla</literal></entry>
|
||
</row>
|
||
<row>
|
||
<entry>RAID 磁碟機</entry>
|
||
<entry>&adaptec; AdvancedRAID 用<literal>aacd</literal>,
|
||
&mylex; 用 <literal>mlxd</literal> 和 <literal>mlyd</literal>,
|
||
AMI &megaraid; 用 <literal>amrd</literal>,
|
||
Compaq Smart RAID 用 <literal>idad</literal>,
|
||
&tm.3ware; RAID 用 <literal>twed</literal>。</entry>
|
||
</row>
|
||
</tbody>
|
||
</tgroup>
|
||
</table>
|
||
</sect1>
|
||
|
||
<sect1 id="disks-adding">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>David</firstname>
|
||
<surname>O'Brien</surname>
|
||
<contrib>Originally contributed by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- 26 Apr 1998 -->
|
||
</sect1info>
|
||
|
||
<title>新增磁碟</title>
|
||
|
||
<indexterm>
|
||
<primary>disk</primary>
|
||
<secondary>adding</secondary>
|
||
</indexterm>
|
||
|
||
<para>假設我們想新增 SCSI 磁碟到一臺原先只有一顆磁碟的機器上,
|
||
首先將電腦關機,依製造商的指示將磁碟裝上去,
|
||
詳細的操作方式請參考製造商的說明文件。</para>
|
||
|
||
<para>安裝好磁碟後,用 <username>root</username> 登入系統,
|
||
看一下 <filename>/var/run/dmesg.boot</filename> 以確認系統是否抓到新磁碟。
|
||
繼續剛才的範例,新增的磁碟會是 <devicename>da1</devicename>,
|
||
假設我們想將它掛載到 <filename>/1</filename> 這個位置
|
||
(如果您新增的是 IDE 磁碟的話,請用 <devicename>ad1</devicename>)。</para>
|
||
|
||
<indexterm><primary>partitions</primary></indexterm>
|
||
<indexterm><primary>slices</primary></indexterm>
|
||
<indexterm>
|
||
<primary><command>fdisk</command></primary>
|
||
</indexterm>
|
||
|
||
<para>FreeBSD 為了在 IBM-PC 相容電腦上執行,
|
||
必須配合 PC BIOS partition,因此和傳統的 BSD partition 有很大的不同。
|
||
在 PC 裡磁碟最多可以有四筆 BIOS partition 資訊(亦即最多可分割成四個
|
||
partition)。如果這個磁碟打算全部讓 FreeBSD 使用,可選擇
|
||
<emphasis>dedicated</emphasis> 模式,
|
||
不然的話 FreeBSD 必須置身於其中一個 PC BIOS partition 中。
|
||
在 FreeBSD 裡,PC BIOS partition 稱為 <emphasis>slice</emphasis>,
|
||
這是為了不要和傳統的 BSD partition 搞混了。
|
||
<footnote><para>譯註:基於相同的理由,
|
||
現在 BSD partition 常稱為 BSD label,或簡稱 label。</para></footnote>
|
||
不論是完全由 FreeBSD 使用的磁碟,還是安裝了其它作業系統的磁碟,
|
||
您都可以使用 slice。這樣的好處是,其它非 FreeBSD 作業系統的
|
||
<command>fdisk</command> 工具可以順利操作。</para>
|
||
|
||
<para>如果使用 slice,這個新增的磁碟會是
|
||
<filename>/dev/da1s1e</filename>。可以這樣來解讀它:SCSI 磁碟、
|
||
unit number 1(第二個 SCSI 磁碟)、slice 1(第一個 PC BIOS partition)、
|
||
及 <filename>e</filename> BSD partition。在 dedicated 模式的話,
|
||
新磁碟則是 <filename>/dev/da1e</filename>。</para>
|
||
|
||
<para>因為 &man.bsdlabel.8; 是用 32-bit 整數來儲存 sector(磁區) 數,
|
||
因此限制一個磁碟最大只能有 2^32-1 個 sector,亦即 2TB 的空間。
|
||
而 &man.fdisk.8; 的格式容許起始 sector 編號不超過 2^32-1,
|
||
長度也不超過 2^32-1,因此 partition 最大空間是 2TB,而磁碟最大是 4TB。
|
||
&man.sunlabel.8; 則限制 partition 最大是 2TB,磁碟最多可有 8 個
|
||
partition,因此最大是 16TB。 如果要使用更大的磁碟,請使用
|
||
&man.gpt.8;。</para>
|
||
|
||
<sect2>
|
||
<title>使用 &man.sysinstall.8;</title>
|
||
<indexterm>
|
||
<primary><application>sysinstall</application></primary>
|
||
<secondary>新增磁碟</secondary>
|
||
</indexterm>
|
||
<indexterm>
|
||
<primary>su</primary>
|
||
</indexterm>
|
||
<procedure>
|
||
<step>
|
||
<title>操作 <application>Sysinstall</application></title>
|
||
|
||
<para>透過 <command>sysinstall</command> 的選單介面,
|
||
可以輕易為磁碟分割 BIOS partition(slice) 和 BSD patition。
|
||
必須以 root 身份使用 <command>sysinstall</command>,
|
||
要嘛用 root 登入,要嘛用 <command>su</command> 切換到 root。
|
||
執行 <command>sysinstall</command> 後,選
|
||
<literal>Configure</literal>,在
|
||
<literal>FreeBSD Configuration Menu</literal> 裡移到
|
||
<literal>Fdisk</literal> 選項。</para>
|
||
</step>
|
||
|
||
<step>
|
||
<title><application>fdisk</application> Partition 編輯器</title>
|
||
|
||
<para>在 <application>fdisk</application> 裡,按下
|
||
<userinput>A</userinput> 表示整個磁碟都給 FreeBSD 使用。
|
||
接著會提示您『是否要相容其它的作業系統』,回答
|
||
<literal>YES</literal>。 按 <userinput>W</userinput>
|
||
會將這些改變立即寫入磁碟,再按 <userinput>q</userinput> 可以離開
|
||
FDISK 編輯器。 接下來會問您要將 <quote>Master Boot Record</quote>
|
||
安裝於何處,由於現在是新增磁碟,表示作業系統已經裝在別的磁碟上了,
|
||
所以可以選 <literal>None</literal> 就行了。</para>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Disk Label Editor(磁碟 Label 編輯器)</title>
|
||
<indexterm><primary>BSD partitions</primary></indexterm>
|
||
|
||
<para>接著請關閉 <application>sysinstall</application>,再重開一次。
|
||
照著上一節的指示,不過這次改選 <literal>Label</literal>
|
||
進入 <literal>Disk Label Editor</literal>,在此您可以編輯傳統的
|
||
BSD partition。 一個磁碟(或著一個 slice) 最多可切分成 8 個
|
||
BSD partition,依序用 <literal>a-h</literal> 來表示。
|
||
有些字母有特別的意義,<literal>a</literal> partition 表示這是
|
||
root partition(根分割區,<filename>/</filename>),
|
||
因此只有安裝系統的磁碟(例如用來開機的磁碟) 有
|
||
<literal>a</literal> partition。 <literal>b</literal> partition
|
||
表示這是 swap partitions(交換分割區),每個磁碟上都可以有 swap。
|
||
<literal>c</literal> partition 用來表示整個磁碟(如果使用 dedicated
|
||
mode 的話)或整個 slice。 其它的字母則用來表示普通的 BSD partition
|
||
。</para>
|
||
|
||
<para><application>sysinstall</application> 的
|
||
Label editor(磁碟 Label 編輯器) 偏好用 <literal>e</literal>
|
||
來表示非 root、也非 swap 的分割區
|
||
<footnote>
|
||
<para>譯註:老實說我看不懂這句指的是什麼?原文是
|
||
<application>sysinstall</application> Label editor
|
||
favors the <literal>e</literal> partition for non-root,
|
||
non-swap partitions. </para>
|
||
</footnote> 在 Label editor 裡,按 <userinput>C</userinput>
|
||
可以新增一個檔案系統(BSD label),它會問您這是一個 FS(file system
|
||
,檔案系統) 或是 swap(交換分割區),選擇 <literal>FS</literal>
|
||
接著輸入要掛載的位置(例如 <filename>/mnt</filename>)。
|
||
如果系統安裝完後才新增磁碟,<application>sysinstall</application>
|
||
不會幫您把這筆掛載資料加入 <filename>/etc/fstab</filename>,
|
||
所以掛載的位置不太重要。</para>
|
||
|
||
<para>當您準備好將新的 label 寫入磁碟、建立檔案系統,按
|
||
<userinput>W</userinput> 即可。如果出現在什麼錯誤,
|
||
<application>sysinstall</application> 可能無法幫您掛載這個新分割區。
|
||
結束 Label Editor、結束 <application>sysinstall</application>
|
||
就行了。</para>
|
||
</step>
|
||
|
||
<step>
|
||
<title>完成</title>
|
||
|
||
<para>最後要做的是編輯 <filename>/etc/fstab</filename>,
|
||
加入您新增的分割區資訊。</para>
|
||
</step>
|
||
</procedure>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>使用命令列工具</title>
|
||
|
||
<sect3>
|
||
<title>使用 Slices(BIOS partitions)</title>
|
||
|
||
<para>這種模式能讓您的磁碟分割區與其它作業系統的
|
||
<command>fdisk</command> 工具和平共處,因此我們建議您使用 slice 模式。
|
||
如果您一定要使用 <literal>dedicated</literal> 模式,
|
||
您得有個好理由!
|
||
<footnote>
|
||
<para>譯註:如果您自始至終都不打算將這個磁碟用於 FreeBSD
|
||
之外的作業系統,那可以算是個好理由。不過就算如此,
|
||
用 slice 模式也沒什麼壞處就是了:-)。</para></footnote></para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
|
||
&prompt.root; <userinput>fdisk -BI da1</userinput> # 初始您的磁碟。
|
||
&prompt.root; <userinput>bsdlabel -B -w -r da1s1 auto</userinput> # 建立 bsdlabel。
|
||
&prompt.root; <userinput>bsdlabel -e da1s1</userinput> # 編輯 bsdlabel 以新增 label。
|
||
&prompt.root; <userinput>mkdir -p /1</userinput>
|
||
&prompt.root; <userinput>newfs /dev/da1s1e</userinput> # 如果您新增了多個 label,對每個 label 重覆這個步驟。
|
||
&prompt.root; <userinput>mount /dev/da1s1e /1</userinput> # 掛載這些新 label。
|
||
&prompt.root; <userinput>vi /etc/fstab</userinput> # 在 <filename>/etc/fstab</filename> 加入適當的資訊。</screen>
|
||
|
||
<para>如果您新增的是 IDE 磁碟,將 <filename>da</filename>
|
||
改成 <filename>ad</filename> 即可
|
||
<footnote>
|
||
<para>譯註:da 是 direct access (disk) 的縮寫;
|
||
ad 是 ata disk 的縮寫。</para></footnote>。</para>
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>Dedicated</title>
|
||
<indexterm><primary>OS/2</primary></indexterm>
|
||
|
||
<para>如果您不打算將新磁碟用於其它的作業系統,
|
||
您可以使用 <literal>dedicated</literal> 模式。注意:
|
||
Microsoft 的作業系統認不得這個模式,不過也不會去破壞它;
|
||
然而 IBM 的 &os2; 就沒那麼好心了,它會去調整所有它不認得的分割區
|
||
<footnote>
|
||
<para>譯註:我對這句的意思沒什麼信心,原文是 IBM's &os2; however,
|
||
will <quote>appropriate</quote> any partition it finds which it
|
||
does not understand.</para></footnote>。</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 bs=1k count=1</userinput>
|
||
&prompt.root; <userinput>bsdlabel -Brw da1 auto</userinput>
|
||
&prompt.root; <userinput>bsdlabel -e da1</userinput> # 建立 `e' partition。
|
||
&prompt.root; <userinput>newfs -d0 /dev/da1e</userinput>
|
||
&prompt.root; <userinput>mkdir -p /1</userinput>
|
||
&prompt.root; <userinput>vi /etc/fstab</userinput> # 新增一筆 /dev/da1e 的資訊。
|
||
&prompt.root; <userinput>mount /1</userinput></screen>
|
||
|
||
<para>另一種方法:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/zero of=/dev/da1 count=2</userinput>
|
||
&prompt.root; <userinput>bsdlabel /dev/da1 | bsdlabel -BrR da1 /dev/stdin</userinput>
|
||
&prompt.root; <userinput>newfs /dev/da1e</userinput>
|
||
&prompt.root; <userinput>mkdir -p /1</userinput>
|
||
&prompt.root; <userinput>vi /etc/fstab</userinput> # 新增一筆 /dev/da1e 的資訊。
|
||
&prompt.root; <userinput>mount /1</userinput></screen>
|
||
|
||
</sect3>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="raid">
|
||
<title>RAID</title>
|
||
|
||
<sect2 id="raid-soft">
|
||
<title>軟體 RAID</title>
|
||
|
||
<sect3 id="ccd">
|
||
<sect3info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Christopher</firstname>
|
||
<surname>Shumway</surname>
|
||
<contrib>Original work by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Jim</firstname>
|
||
<surname>Brown</surname>
|
||
<contrib>Revised by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
</sect3info>
|
||
|
||
<title>連接式磁碟裝置驅動程式(CCD, Concatenated Disk Driver) 設定</title>
|
||
|
||
<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
|
||
<indexterm>
|
||
<primary>RAID</primary><secondary>CCD</secondary>
|
||
</indexterm>
|
||
|
||
<para>對大容量儲存設備而言,最關鍵的要素乃是速度、可靠性及價格。
|
||
然而這三者往往難以兼顧:快速可靠的設備通常很貴;
|
||
而降低成本通常也犧牲了速度或可靠性。</para>
|
||
|
||
<para>接下來要介紹的系統,價格是最重要的考量,接下來是速度,
|
||
最後才是可靠性。 順序如此是因為資料傳輸的速度最終取決於網路,
|
||
而儘管可靠性十分重要,卻有簡單的取代方案:
|
||
將資料完整備份於 CD-R 中。</para>
|
||
|
||
<para>選擇大容量儲存設備方案時,首先要定義您的需求。
|
||
如果您重視速度或可靠性甚於價格,接下來的介紹恐非您所需。</para>
|
||
|
||
<sect4 id="ccd-installhw">
|
||
<title>安裝硬體</title>
|
||
|
||
<para>除了系統磁碟外,下面介紹的 CCD 磁碟陣列將使用到三顆 30GB、
|
||
5400 RPM 的 Western Digital IDE 磁碟,以提供約 90GB 的儲存空間。
|
||
最理想的情況是每個磁碟由獨立使用的排線連接獨立使用的 IDE 控制器,
|
||
不過為了降低成本,利用 jumper 設定磁碟,使每個 IDE 控制器可連接
|
||
一個主磁碟加一個副磁碟,如此可不必加裝額外的 IDE 控制器。</para>
|
||
|
||
<para>開機後,BIOS 應該設定成自重偵測磁碟。更重要的是 FreeBSD 應該
|
||
要偵測到它們:</para>
|
||
|
||
<programlisting>ad0: 19574MB <WDC WD205BA> [39770/16/63] at ata0-master UDMA33
|
||
ad1: 29333MB <WDC WD307AA> [59598/16/63] at ata0-slave UDMA33
|
||
ad2: 29333MB <WDC WD307AA> [59598/16/63] at ata1-master UDMA33
|
||
ad3: 29333MB <WDC WD307AA> [59598/16/63] at ata1-slave UDMA33</programlisting>
|
||
|
||
<note>
|
||
<para>如果 FreeBSD 沒有偵測到所有磁碟,請確認 jumper 都設定正確。
|
||
許多 IDE 磁碟可以設定成 <quote>Cable Select</quote>
|
||
(根據排線位置決定),這<emphasis>並非</emphasis> master(主磁碟)
|
||
或 slave(副磁碟)。 請參閱磁碟的說明文件以正確設定 jumper
|
||
。</para></note>
|
||
|
||
<para>接下來,考慮如何將它們變成檔案系統的一部份。您可以參考
|
||
&man.vinum.8;(<xref linkend="vinum-vinum"/>) 及 &man.ccd.4。
|
||
在此我們選擇 &man.ccd.4;。</para>
|
||
</sect4>
|
||
|
||
<sect4 id="ccd-setup">
|
||
<title>設定 CCD</title>
|
||
|
||
<para>&man.ccd.4; 可以將多個磁碟接起來成為一個大磁碟。要使用
|
||
&man.ccd.4;,您的 kernel 需要支援 &man.ccd.4;。將這行加入到
|
||
kernel 設定檔,並重編、重安裝 kernel:</para>
|
||
|
||
<programlisting>device ccd</programlisting>
|
||
|
||
<para>也可以載入 kernel 動態模組來支援 &man.ccd.4;。</para>
|
||
|
||
<para>使用 &man.ccd.4; 請先用 &man.bsdlabel.8; 來初始磁碟:</para>
|
||
|
||
<programlisting>bsdlabel -r -w ad1 auto
|
||
bsdlabel -r -w ad2 auto
|
||
bsdlabel -r -w ad3 auto</programlisting>
|
||
|
||
<para>上述指令會建立 <devicename>ad1c</devicename>,
|
||
<devicename>ad2c</devicename> 和 <devicename>ad3c</devicename>,
|
||
這些 bsdlabel 都使用了整個磁碟。</para>
|
||
|
||
<para>下一步是修改 label type,同樣用 &man.bsdlabel.8; 來處理:</para>
|
||
|
||
<programlisting>bsdlabel -e ad1
|
||
bsdlabel -e ad2
|
||
bsdlabel -e ad3</programlisting>
|
||
|
||
<para>這個指令會打開一個編輯器(預設是 &man.vi.1;,可以用
|
||
<envar>EDITOR</envar> 環境變數來指定其它編輯器),並將目前磁碟的 label
|
||
資訊顯示在該編輯器裡。</para>
|
||
|
||
<para>一個還未變動過的磁碟 label 資訊看起來會像這樣:</para>
|
||
|
||
<programlisting>8 partitions:
|
||
# size offset fstype [fsize bsize bps/cpg]
|
||
c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)</programlisting>
|
||
|
||
<para>在此我們要新增一個 <literal>e</literal> partition 給
|
||
&man.ccd.4; 使用。 通常複製 <literal>c</literal> partition 那一行,
|
||
再把 <option>fstype</option> 那一行改成
|
||
<userinput>4.2BSD</userinput> 就可以了。
|
||
改完之後看起來應該會像這樣:</para>
|
||
|
||
<programlisting>8 partitions:
|
||
# size offset fstype [fsize bsize bps/cpg]
|
||
c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)
|
||
e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597)</programlisting>
|
||
|
||
</sect4>
|
||
|
||
<sect4 id="ccd-buildingfs">
|
||
<title>建立檔案系統</title>
|
||
|
||
<para>現在所有的磁碟都已經建好 bsdlabel 了,可以開始建立 &man.ccd.4;。
|
||
用 &man.ccdconfig.8; 來建立 &man.ccd.4;,參考下面的指令:</para>
|
||
|
||
<programlisting>ccdconfig ccd0<co id="co-ccd-dev"/> 32<co id="co-ccd-interleave"/> 0<co id="co-ccd-flags"/> /dev/ad1e<co id="co-ccd-devs"/> /dev/ad2e /dev/ad3e</programlisting>
|
||
|
||
<para>每個參數的作用如下:</para>
|
||
|
||
<calloutlist>
|
||
<callout arearefs="co-ccd-dev">
|
||
<para>第一個參數是要設定的裝置名稱,在這個例子裡是
|
||
<filename>/dev/ccd0c</filename>。其中 <filename>/dev/</filename>
|
||
可有可無。</para>
|
||
</callout>
|
||
|
||
<callout arearefs="co-ccd-interleave">
|
||
|
||
<para>「interleave」的大小。所謂 interleave 是指一排磁碟區塊
|
||
(disk block)的大小,通常以 512 bytes 為單位,所以 interleave
|
||
設為 32 即為 16,384 bytes。</para>
|
||
</callout>
|
||
|
||
<callout arearefs="co-ccd-flags">
|
||
<para>&man.ccdconfig.8; 設定模式的參數。如果您打算啟用磁碟鏡設
|
||
(drive mirroring),您可以在此指定參數。這個例子沒有使用鏡設,
|
||
所以設成 0。</para>
|
||
</callout>
|
||
|
||
<callout arearefs="co-ccd-devs">
|
||
<para>&man.ccdconfig.8; 最後的參數是要加入到陣列的所有磁碟。
|
||
請使用完整的路徑。</para>
|
||
</callout>
|
||
</calloutlist>
|
||
|
||
|
||
<para>執行 &man.ccdconfig.8; 之後,&man.ccd.4;
|
||
已設定完成可供建立檔案系統。 請參考 &man.newfs.8; 或輸入:</para>
|
||
|
||
<programlisting>newfs /dev/ccd0c</programlisting>
|
||
|
||
|
||
</sect4>
|
||
|
||
<sect4 id="ccd-auto">
|
||
<title>讓一切自動完成</title>
|
||
|
||
<para>通常您會希望每次開機時都能自動掛上(mount) &man.ccd.4;。
|
||
用下面的指令將您目前的設定寫入 <filename>/etc/ccd.conf</filename>
|
||
:</para>
|
||
|
||
<programlisting>ccdconfig -g > /etc/ccd.conf</programlisting>
|
||
|
||
<para>如果 <filename>/etc/ccd.conf</filename> 存在,每次開機時
|
||
<command>/etc/rc</command> 都會執行 <command>ccdconfig -C</command>
|
||
。 如此便可自動設定 &man.ccd.4; 以便之後掛上(mount)檔案系統。
|
||
</para>
|
||
|
||
<note><para>如果您開機時選擇進入單人模式(single mode),在掛上
|
||
(&man.mount.8;) &man.ccd.4; 的檔案系統之前您得先執行設定的指令:
|
||
</para>
|
||
|
||
<programlisting>ccdconfig -C</programlisting>
|
||
</note>
|
||
|
||
<para>要在每次開機時自動掛上(mount) &man.ccd.4;,請在
|
||
<filename>/etc/fstab</filename> 加入 &man.ccd.4;:
|
||
</para>
|
||
|
||
<programlisting>/dev/ccd0c /media ufs rw 2 2</programlisting>
|
||
</sect4>
|
||
</sect3>
|
||
|
||
<sect3 id="vinum">
|
||
<title>Vinum 容量管理系統</title>
|
||
|
||
<indexterm><primary>RAID</primary><secondary>software</secondary></indexterm>
|
||
<indexterm>
|
||
<primary>RAID</primary>
|
||
<secondary>Vinum</secondary>
|
||
</indexterm>
|
||
|
||
<para>Vinum 容量管理系統(以下簡稱 Vinum) 可視為一種虛擬磁碟。
|
||
它將區塊裝置(block device) 的介面與對應資料的方式切割開來,比起原本
|
||
slice 劃分的磁碟,Vinum 可增加了彈性、效能和穩定度
|
||
<footnote><para>譯註:原文這裡是用「和」,但要視實際使用方式而定。
|
||
例如用 RAID-0 就不會增加穩定度 :)。</para></footnote>
|
||
&man.vinum.8; 實作了 RAID-0、RAID-1 和 RAID-5 等模組,
|
||
它們都可以單獨使用,也可以互相搭配使用。</para>
|
||
|
||
<para>請見 <xref linkend="vinum-vinum"/> 以參考更多關於
|
||
&man.vinum.8; 的資訊。</para>
|
||
</sect3>
|
||
</sect2>
|
||
|
||
<sect2 id="raid-hard">
|
||
<title>硬體 RAID</title>
|
||
|
||
<indexterm>
|
||
<primary>RAID</primary>
|
||
<secondary>hardware</secondary>
|
||
</indexterm>
|
||
|
||
<para>FreeBSD 也支援許多硬體 <acronym>RAID</acronym> 控制器。
|
||
這些控制器自行掌控一個小型的 <acronym>RAID</acronym> 系統,
|
||
因此不需要特定軟體來管理。</para>
|
||
|
||
<para>透過控制器上的 <acronym>BIOS</acronym> 幾乎能控制所有的操作。
|
||
接下來將簡單介紹如何設定 Promise <acronym>IDE</acronym>
|
||
<acronym>RAID</acronym> 控制卡。首先確認控制卡已安裝,接著開機。
|
||
它應該會提示一些資訊<footnote><para>譯註:例如按 F1 可以進入控制卡
|
||
BIOS 之類的資訊。</para></footnote>。依指示進入控制卡的設定畫面,
|
||
從這裡您可以將全部的硬體結合成一個大磁碟。完成之後,FreeBSD
|
||
將只會看到這個大磁碟。當然您也可以使用其它的
|
||
<acronym>RAID</acronym> 模式。</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>重建(rebuild) ATA RAID1 陣列</title>
|
||
|
||
<para>FreeBSD 允許您熱插拔磁碟陣列裡壞掉的磁碟,
|
||
當然在重開機前就得先發現。</para>
|
||
|
||
<para>也許您會在 <filename>/var/log/messages</filename>(或 &man.dmesg.8;
|
||
的輸出) 看到類似下面的訊息:</para>
|
||
|
||
<programlisting>ad6 on monster1 suffered a hard error.
|
||
ad6: READ command timeout tag=0 serv=0 - resetting
|
||
ad6: trying fallback to PIO mode
|
||
ata3: resetting devices .. done
|
||
ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11)\\
|
||
status=59 error=40
|
||
ar0: WARNING - mirror lost</programlisting>
|
||
|
||
<para>請用 &man.atacontrol.8; 來得到更多資訊:</para>
|
||
|
||
<screen>&prompt.root; <userinput>atacontrol list</userinput>
|
||
ATA channel 0:
|
||
Master: no device present
|
||
Slave: acd0 <HL-DT-ST CD-ROM GCR-8520B/1.00> ATA/ATAPI rev 0
|
||
|
||
ATA channel 1:
|
||
Master: no device present
|
||
Slave: no device present
|
||
|
||
ATA channel 2:
|
||
Master: ad4 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5
|
||
Slave: no device present
|
||
|
||
ATA channel 3:
|
||
Master: ad6 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5
|
||
Slave: no device present
|
||
|
||
&prompt.root; <userinput>atacontrol status ar0</userinput>
|
||
ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADED</screen>
|
||
|
||
<procedure>
|
||
<step>
|
||
<para>首先您得將損壞磁碟所在的 ata channel 卸載(detach),
|
||
如此才能安全地移除:</para>
|
||
|
||
<screen>&prompt.root; <userinput>atacontrol detach ata3</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>用好的磁碟換下損壞的。</para>
|
||
</step>
|
||
|
||
<step>
|
||
<para>重新載入(re-attach) ata channel:</para>
|
||
|
||
<screen>&prompt.root; <userinput>atacontrol attach ata3</userinput>
|
||
Master: ad6 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5
|
||
Slave: no device present</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>將新的磁碟加入原本的磁碟陣列成為備援(spare) 磁碟:</para>
|
||
|
||
<screen>&prompt.root; <userinput>atacontrol addspare ar0 ad6</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>重建磁碟陣列:</para>
|
||
|
||
<screen>&prompt.root; <userinput>atacontrol rebuild ar0</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>可以用下面指定來確認重建的進度:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dmesg | tail -10</userinput>
|
||
[output removed]
|
||
ad6: removed from configuration
|
||
ad6: deleted from ar0 disk1
|
||
ad6: inserted into ar0 disk1 as spare
|
||
|
||
&prompt.root; <userinput>atacontrol status ar0</userinput>
|
||
ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completed</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>等重建完就完成了。</para>
|
||
</step>
|
||
</procedure>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="usb-disks">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Marc</firstname>
|
||
<surname>Fonvieille</surname>
|
||
<contrib>Contributed by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- Jul 2004 -->
|
||
</sect1info>
|
||
|
||
<title>USB 儲存裝置</title>
|
||
<indexterm>
|
||
<primary>USB</primary>
|
||
<secondary>disks</secondary>
|
||
</indexterm>
|
||
|
||
<para>在現在,有許多外部儲存裝置採用 USB(Universal Serial Bus) 介面,
|
||
例如硬碟、USB 拇指碟、CD-R 燒錄機等。 &os; 提供對這些裝置的支援。</para>
|
||
|
||
<sect2>
|
||
<title>設定</title>
|
||
|
||
<para>USB mass 儲存裝置驅動程式(&man.umass.4;)提供 USB 儲存裝置的支援。
|
||
但如果是用 <filename>GENERIC</filename> kernel,就不需要做任何設定變動
|
||
。 若是自訂 kernel,請確認 kernel 設定檔含有下面這幾行:</para>
|
||
|
||
<programlisting>device scbus
|
||
device da
|
||
device pass
|
||
device uhci
|
||
device ohci
|
||
device usb
|
||
device umass</programlisting>
|
||
|
||
<para>&man.umass.4; 驅動程式透過 SCSI 子系統存取 USB 儲存裝置,
|
||
您的 USB 裝置會被系統辨識成 SCSI 裝置。 依照您主機板上 USB 晶片型號,
|
||
您只需要 <literal>device uhci</literal> 或
|
||
<literal>device ohci</literal> 其中一個。
|
||
然而,將兩者都編進 kernel 也無妨。 只要別忘了在修改 kernel
|
||
設定後重新編譯及安裝新的 kernel 就行了。</para>
|
||
|
||
<note>
|
||
<para>如果您的 USB 裝置是 CD-R 或 DVD 燒錄機,則 SCSI 光碟機驅動程式
|
||
&man.cd.4; 必須寫入 kernel 設定檔,像這樣:</para>
|
||
|
||
<programlisting>device cd</programlisting>
|
||
|
||
<para>因為燒錄機會被當成 SCSI 裝置,所以 &man.atapicam.4;
|
||
驅動程式不需要編入 kernel。</para>
|
||
</note>
|
||
|
||
<para>USB 2.0 控制器的支援由 &os;; 提供,然而必須在 kernel
|
||
設定檔增加下面這行以提供 USB 2.0 支援:</para>
|
||
|
||
<programlisting>device ehci</programlisting>
|
||
|
||
<para>注意,如果您需要 USB 1.x 支援,您仍然需要將 &man.uhci.4; 及
|
||
&man.ohci.4; 驅動程式編入 kernel。</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>測試設定</title>
|
||
|
||
<para>The configuration is ready to be tested: plug in your USB
|
||
device, and in the system message buffer (&man.dmesg.8;), the
|
||
drive should appear as something like:</para>
|
||
|
||
<screen>umass0: USB Solid state disk, rev 1.10/1.00, addr 2
|
||
GEOM: create disk da0 dp=0xc2d74850
|
||
da0 at umass-sim0 bus 0 target 0 lun 0
|
||
da0: <Generic Traveling Disk 1.11> Removable Direct Access SCSI-2 device
|
||
da0: 1.000MB/s transfers
|
||
da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C)</screen>
|
||
|
||
<para>Of course, the brand, the device node
|
||
(<devicename>da0</devicename>) and other details can differ
|
||
according to your configuration.</para>
|
||
|
||
<para>Since the USB device is seen as a SCSI one, the
|
||
<command>camcontrol</command> command can be used to list the
|
||
USB storage devices attached to the system:</para>
|
||
|
||
<screen>&prompt.root; <userinput>camcontrol devlist</userinput>
|
||
<Generic Traveling Disk 1.11> at scbus0 target 0 lun 0 (da0,pass0)</screen>
|
||
|
||
<para>If the drive comes with a file system, you should be able
|
||
to mount it. The <xref linkend="disks-adding"/> will help you
|
||
to format and create partitions on the USB drive if
|
||
needed.</para>
|
||
|
||
<para>If you unplug the device (the disk must be unmounted
|
||
before), you should see, in the system message buffer,
|
||
something like the following:</para>
|
||
|
||
<screen>umass0: at uhub0 port 1 (addr 2) disconnected
|
||
(da0:umass-sim0:0:0:0): lost device
|
||
(da0:umass-sim0:0:0:0): removing device entry
|
||
GEOM: destroy disk da0 dp=0xc2d74850
|
||
umass0: detached</screen>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Further Reading</title>
|
||
|
||
<para>Beside the <link linkend="disks-adding">Adding
|
||
Disks</link> and <link linkend="mount-unmount">Mounting and
|
||
Unmounting File Systems</link> sections, reading various
|
||
manual pages may be also useful: &man.umass.4;,
|
||
&man.camcontrol.8;, and &man.usbdevs.8;.</para>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="creating-cds">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Mike</firstname>
|
||
<surname>Meyer</surname>
|
||
<contrib>Contributed by </contrib>
|
||
<!-- mwm@mired.org -->
|
||
</author>
|
||
</authorgroup>
|
||
<!-- Apr 2001 -->
|
||
</sect1info>
|
||
|
||
<title>Creating and Using Optical Media (CDs)</title>
|
||
<indexterm>
|
||
<primary>CDROMs</primary>
|
||
<secondary>creating</secondary>
|
||
</indexterm>
|
||
|
||
<sect2>
|
||
<title>Introduction</title>
|
||
|
||
<para>CDs have a number of features that differentiate them from
|
||
conventional disks. Initially, they were not writable by the
|
||
user. They are designed so that they can be read continuously without
|
||
delays to move the head between tracks. They are also much easier
|
||
to transport between systems than similarly sized media were at the
|
||
time.</para>
|
||
|
||
<para>CDs do have tracks, but this refers to a section of data to
|
||
be read continuously and not a physical property of the disk. To
|
||
produce a CD on FreeBSD, you prepare the data files that are going
|
||
to make up the tracks on the CD, then write the tracks to the
|
||
CD.</para>
|
||
|
||
<indexterm><primary>ISO 9660</primary></indexterm>
|
||
<indexterm>
|
||
<primary>file systems</primary>
|
||
<secondary>ISO 9660</secondary>
|
||
</indexterm>
|
||
<para>The ISO 9660 file system was designed to deal with these
|
||
differences. It unfortunately codifies file system limits that were
|
||
common then. Fortunately, it provides an extension mechanism that
|
||
allows properly written CDs to exceed those limits while still
|
||
working with systems that do not support those extensions.</para>
|
||
|
||
<indexterm>
|
||
<primary><filename role="package">sysutils/cdrtools</filename></primary>
|
||
</indexterm>
|
||
<para>The <filename role="package">sysutils/cdrtools</filename>
|
||
port includes &man.mkisofs.8;, a program that you can use to
|
||
produce a data file containing an ISO 9660 file
|
||
system. It has options that support various extensions, and is
|
||
described below.</para>
|
||
|
||
<indexterm>
|
||
<primary>CD burner</primary>
|
||
<secondary>ATAPI</secondary>
|
||
</indexterm>
|
||
<para>Which tool to use to burn the CD depends on whether your CD burner
|
||
is ATAPI or something else. ATAPI CD burners use the <command><link
|
||
linkend="burncd">burncd</link></command> program that is part of
|
||
the base system. SCSI and USB CD burners should use
|
||
<command><link linkend="cdrecord">cdrecord</link></command> from
|
||
the <filename role="package">sysutils/cdrtools</filename> port.</para>
|
||
|
||
<para><command>burncd</command> has a limited number of
|
||
supported drives. To find out if a drive is supported, see the
|
||
<ulink url="http://www.freebsd.dk/ata/">CD-R/RW supported
|
||
drives</ulink> list.</para>
|
||
|
||
<note>
|
||
<indexterm>
|
||
<primary>CD burner</primary>
|
||
<secondary>ATAPI/CAM driver</secondary>
|
||
</indexterm>
|
||
<para>If you run &os; 5.X, &os; 4.8-RELEASE version or
|
||
higher, it will be possible to use <command><link
|
||
linkend="cdrecord">cdrecord</link></command> and other tools
|
||
for SCSI drives on an ATAPI hardware with the <link
|
||
linkend="atapicam">ATAPI/CAM module</link>.</para>
|
||
</note>
|
||
|
||
<para>If you want a CD burning software with a graphical user
|
||
interface, you should have a look to
|
||
<application>X-CD-Roast</application> or
|
||
<application>K3b</application>. These tools are available as
|
||
packages or from the <filename
|
||
role="package">sysutils/xcdroast</filename> and <filename
|
||
role="package">sysutils/k3b</filename> ports.
|
||
<application>X-CD-Roast</application> and
|
||
<application>K3b</application> require the <link
|
||
linkend="atapicam">ATAPI/CAM module</link> with ATAPI
|
||
hardware.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="mkisofs">
|
||
<title>mkisofs</title>
|
||
|
||
<para>The &man.mkisofs.8; program, which is part of the
|
||
<filename role="package">sysutils/cdrtools</filename> port,
|
||
produces an ISO 9660 file system
|
||
that is an image of a directory tree in the &unix; file system name
|
||
space. The simplest usage is:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mkisofs -o <replaceable>imagefile.iso</replaceable> <replaceable>/path/to/tree</replaceable></userinput></screen>
|
||
|
||
<indexterm>
|
||
<primary>file systems</primary>
|
||
<secondary>ISO 9660</secondary>
|
||
</indexterm>
|
||
<para>This command will create an <replaceable>imagefile.iso</replaceable>
|
||
containing an ISO 9660 file system that is a copy of the tree at
|
||
<replaceable>/path/to/tree</replaceable>. In the process, it will
|
||
map the file names to names that fit the limitations of the
|
||
standard ISO 9660 file system, and will exclude files that have
|
||
names uncharacteristic of ISO file systems.</para>
|
||
|
||
<indexterm>
|
||
<primary>file systems</primary>
|
||
<secondary>HFS</secondary>
|
||
</indexterm>
|
||
<indexterm>
|
||
<primary>file systems</primary>
|
||
<secondary>Joliet</secondary>
|
||
</indexterm>
|
||
<para>A number of options are available to overcome those
|
||
restrictions. In particular, <option>-R</option> enables the
|
||
Rock Ridge extensions common to &unix; systems, <option>-J</option>
|
||
enables Joliet extensions used by Microsoft systems, and
|
||
<option>-hfs</option> can be used to create HFS file systems used
|
||
by &macos;.</para>
|
||
|
||
<para>For CDs that are going to be used only on FreeBSD systems,
|
||
<option>-U</option> can be used to disable all filename
|
||
restrictions. When used with <option>-R</option>, it produces a
|
||
file system image that is identical to the FreeBSD tree you started
|
||
from, though it may violate the ISO 9660 standard in a number of
|
||
ways.</para>
|
||
|
||
<indexterm>
|
||
<primary>CDROMs</primary>
|
||
<secondary>creating bootable</secondary>
|
||
</indexterm>
|
||
<para>The last option of general use is <option>-b</option>. This is
|
||
used to specify the location of the boot image for use in producing an
|
||
<quote>El Torito</quote> bootable CD. This option takes an
|
||
argument which is the path to a boot image from the top of the
|
||
tree being written to the CD. By default, &man.mkisofs.8; creates an
|
||
ISO image in the so-called <quote>floppy disk emulation</quote> mode,
|
||
and thus expects the boot image to be exactly 1200, 1440 or
|
||
2880 KB in size. Some boot loaders, like the one used by the
|
||
FreeBSD distribution disks, do not use emulation mode; in this case,
|
||
the <option>-no-emul-boot</option> option should be used. So, if
|
||
<filename>/tmp/myboot</filename> holds a bootable FreeBSD system
|
||
with the boot image in
|
||
<filename>/tmp/myboot/boot/cdboot</filename>, you could produce the
|
||
image of an ISO 9660 file system in
|
||
<filename>/tmp/bootable.iso</filename> like so:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>
|
||
|
||
<para>Having done that, if you have <devicename>md</devicename>
|
||
configured in your kernel, you can mount the file system with:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
|
||
&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>
|
||
|
||
<para>At which point you can verify that <filename>/mnt</filename>
|
||
and <filename>/tmp/myboot</filename> are identical.</para>
|
||
|
||
<para>There are many other options you can use with
|
||
&man.mkisofs.8; to fine-tune its behavior. In particular:
|
||
modifications to an ISO 9660 layout and the creation of Joliet
|
||
and HFS discs. See the &man.mkisofs.8; manual page for details.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="burncd">
|
||
<title>burncd</title>
|
||
<indexterm>
|
||
<primary>CDROMs</primary>
|
||
<secondary>burning</secondary>
|
||
</indexterm>
|
||
<para>If you have an ATAPI CD burner, you can use the
|
||
<command>burncd</command> command to burn an ISO image onto a
|
||
CD. <command>burncd</command> is part of the base system, installed
|
||
as <filename>/usr/sbin/burncd</filename>. Usage is very simple, as
|
||
it has few options:</para>
|
||
|
||
<screen>&prompt.root; <userinput>burncd -f <replaceable>cddevice</replaceable> data <replaceable>imagefile.iso</replaceable> fixate</userinput></screen>
|
||
|
||
<para>Will burn a copy of <replaceable>imagefile.iso</replaceable> on
|
||
<replaceable>cddevice</replaceable>. The default device is
|
||
<filename>/dev/acd0</filename>. See &man.burncd.8; for options to
|
||
set the write speed, eject the CD after burning, and write audio
|
||
data.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="cdrecord">
|
||
<title>cdrecord</title>
|
||
|
||
<para>If you do not have an ATAPI CD burner, you will have to use
|
||
<command>cdrecord</command> to burn your
|
||
CDs. <command>cdrecord</command> is not part of the base system;
|
||
you must install it from either the port at <filename role="package">sysutils/cdrtools</filename>
|
||
or the appropriate
|
||
package. Changes to the base system can cause binary versions of
|
||
this program to fail, possibly resulting in a
|
||
<quote>coaster</quote>. You should therefore either upgrade the
|
||
port when you upgrade your system, or if you are <link
|
||
linkend="stable">tracking -STABLE</link>, upgrade the port when a
|
||
new version becomes available.</para>
|
||
|
||
<para>While <command>cdrecord</command> has many options, basic usage
|
||
is even simpler than <command>burncd</command>. Burning an ISO 9660
|
||
image is done with:</para>
|
||
|
||
<screen>&prompt.root; <userinput>cdrecord dev=<replaceable>device</replaceable> <replaceable>imagefile.iso</replaceable></userinput></screen>
|
||
|
||
<para>The tricky part of using <command>cdrecord</command> is finding
|
||
the <option>dev</option> to use. To find the proper setting, use
|
||
the <option>-scanbus</option> flag of <command>cdrecord</command>,
|
||
which might produce results like this:</para>
|
||
<indexterm>
|
||
<primary>CDROMs</primary>
|
||
<secondary>burning</secondary>
|
||
</indexterm>
|
||
<screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
|
||
Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 Jörg Schilling
|
||
Using libscg version 'schily-0.1'
|
||
scsibus0:
|
||
0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
|
||
0,1,0 1) 'SEAGATE ' 'ST39173W ' '5958' Disk
|
||
0,2,0 2) *
|
||
0,3,0 3) 'iomega ' 'jaz 1GB ' 'J.86' Removable Disk
|
||
0,4,0 4) 'NEC ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
|
||
0,5,0 5) *
|
||
0,6,0 6) *
|
||
0,7,0 7) *
|
||
scsibus1:
|
||
1,0,0 100) *
|
||
1,1,0 101) *
|
||
1,2,0 102) *
|
||
1,3,0 103) *
|
||
1,4,0 104) *
|
||
1,5,0 105) 'YAMAHA ' 'CRW4260 ' '1.0q' Removable CD-ROM
|
||
1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner
|
||
1,7,0 107) *</screen>
|
||
|
||
<para>This lists the appropriate <option>dev</option> value for the
|
||
devices on the list. Locate your CD burner, and use the three
|
||
numbers separated by commas as the value for
|
||
<option>dev</option>. In this case, the CRW device is 1,5,0, so the
|
||
appropriate input would be
|
||
<option>dev=1,5,0</option>. There are easier
|
||
ways to specify this value; see &man.cdrecord.1; for
|
||
details. That is also the place to look for information on writing
|
||
audio tracks, controlling the speed, and other things.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="duplicating-audiocds">
|
||
<title>Duplicating Audio CDs</title>
|
||
|
||
<para>You can duplicate an audio CD by extracting the audio data from
|
||
the CD to a series of files, and then writing these files to a blank
|
||
CD. The process is slightly different for ATAPI and SCSI
|
||
drives.</para>
|
||
|
||
<procedure>
|
||
<title>SCSI Drives</title>
|
||
|
||
<step>
|
||
<para>Use <command>cdda2wav</command> to extract the audio.</para>
|
||
|
||
<screen>&prompt.user; <userinput>cdda2wav -v255 -D2,0 -B -Owav</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>Use <command>cdrecord</command> to write the
|
||
<filename>.wav</filename> files.</para>
|
||
|
||
<screen>&prompt.user; <userinput>cdrecord -v dev=<replaceable>2,0</replaceable> -dao -useinfo *.wav</userinput></screen>
|
||
|
||
<para>Make sure that <replaceable>2,0</replaceable> is set
|
||
appropriately, as described in <xref linkend="cdrecord"/>.</para>
|
||
</step>
|
||
</procedure>
|
||
|
||
<procedure>
|
||
<title>ATAPI Drives</title>
|
||
|
||
<step>
|
||
<para>The ATAPI CD driver makes each track available as
|
||
<filename>/dev/acd<replaceable>d</replaceable>t<replaceable>nn</replaceable></filename>,
|
||
where <replaceable>d</replaceable> is the drive number, and
|
||
<replaceable>nn</replaceable> is the track number written with two
|
||
decimal digits, prefixed with zero as needed.
|
||
So the first track on the first disk is
|
||
<filename>/dev/acd0t01</filename>, the second is
|
||
<filename>/dev/acd0t02</filename>, the third is
|
||
<filename>/dev/acd0t03</filename>, and so on.</para>
|
||
|
||
<para>Make sure the appropriate files exist in
|
||
<filename>/dev</filename>. If the entries are missing,
|
||
force the system to retaste the media:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/acd0 of=/dev/null count=1</userinput></screen>
|
||
|
||
</step>
|
||
|
||
<step>
|
||
<para>Extract each track using &man.dd.1;. You must also use a
|
||
specific block size when extracting the files.</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/acd0t01 of=track1.cdr bs=2352</userinput>
|
||
&prompt.root; <userinput>dd if=/dev/acd0t02 of=track2.cdr bs=2352</userinput>
|
||
...
|
||
</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<para>Burn the extracted files to disk using
|
||
<command>burncd</command>. You must specify that these are audio
|
||
files, and that <command>burncd</command> should fixate the disk
|
||
when finished.</para>
|
||
|
||
<screen>&prompt.root; <userinput>burncd -f <replaceable>/dev/acd0</replaceable> audio track1.cdr track2.cdr <replaceable>...</replaceable> fixate</userinput></screen>
|
||
</step>
|
||
</procedure>
|
||
</sect2>
|
||
|
||
<sect2 id="imaging-cd">
|
||
<title>Duplicating Data CDs</title>
|
||
|
||
<para>You can copy a data CD to a image file that is
|
||
functionally equivalent to the image file created with
|
||
&man.mkisofs.8;, and you can use it to duplicate
|
||
any data CD. The example given here assumes that your CDROM
|
||
device is <devicename>acd0</devicename>. Substitute your
|
||
correct CDROM device.</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/acd0 of=file.iso bs=2048</userinput></screen>
|
||
|
||
<para>Now that you have an image, you can burn it to CD as
|
||
described above.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="mounting-cd">
|
||
<title>Using Data CDs</title>
|
||
|
||
<para>Now that you have created a standard data CDROM, you
|
||
probably want to mount it and read the data on it. By
|
||
default, &man.mount.8; assumes that a file system is of type
|
||
<literal>ufs</literal>. If you try something like:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mount /dev/cd0 /mnt</userinput></screen>
|
||
|
||
<para>you will get a complaint about <errorname>Incorrect super
|
||
block</errorname>, and no mount. The CDROM is not a
|
||
<literal>UFS</literal> file system, so attempts to mount it
|
||
as such will fail. You just need to tell &man.mount.8; that
|
||
the file system is of type <literal>ISO9660</literal>, and
|
||
everything will work. You do this by specifying the
|
||
<option>-t cd9660</option> option &man.mount.8;. For
|
||
example, if you want to mount the CDROM device,
|
||
<filename>/dev/cd0</filename>, under
|
||
<filename>/mnt</filename>, you would execute:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mount -t cd9660 /dev/cd0 /mnt</userinput></screen>
|
||
|
||
<para>Note that your device name
|
||
(<filename>/dev/cd0</filename> in this example) could be
|
||
different, depending on the interface your CDROM uses. Also,
|
||
the <option>-t cd9660</option> option just executes
|
||
&man.mount.cd9660.8;. The above example could be shortened
|
||
to:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mount_cd9660 /dev/cd0 /mnt</userinput></screen>
|
||
|
||
<para>You can generally use data CDROMs from any vendor in this
|
||
way. Disks with certain ISO 9660 extensions might behave
|
||
oddly, however. For example, Joliet disks store all filenames
|
||
in two-byte Unicode characters. The FreeBSD kernel does not
|
||
speak Unicode (yet!), so non-English characters show up as
|
||
question marks. (The FreeBSD
|
||
CD9660 driver includes hooks to load an appropriate Unicode
|
||
conversion table on the fly. Modules for some of the common
|
||
encodings are available via the
|
||
<filename role="package">sysutils/cd9660_unicode</filename> port.)</para>
|
||
|
||
<para>Occasionally, you might get <errorname>Device not
|
||
configured</errorname> when trying to mount a CDROM. This
|
||
usually means that the CDROM drive thinks that there is no
|
||
disk in the tray, or that the drive is not visible on the bus.
|
||
It can take a couple of seconds for a CDROM drive to realize
|
||
that it has been fed, so be patient.</para>
|
||
|
||
<para>Sometimes, a SCSI CDROM may be missed because it did not
|
||
have enough time to answer the bus reset. If you have a SCSI
|
||
CDROM please add the following option to your kernel
|
||
configuration and <link linkend="kernelconfig-building">rebuild your kernel</link>.</para>
|
||
|
||
<programlisting>options SCSI_DELAY=15000</programlisting>
|
||
|
||
<para>This tells your SCSI bus to pause 15 seconds during boot,
|
||
to give your CDROM drive every possible chance to answer the
|
||
bus reset.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="rawdata-cd">
|
||
<title>Burning Raw Data CDs</title>
|
||
|
||
<para>You can choose to burn a file directly to CD, without
|
||
creating an ISO 9660 file system. Some people do this for
|
||
backup purposes. This runs more quickly than burning a
|
||
standard CD:</para>
|
||
|
||
<screen>&prompt.root; <userinput>burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate</userinput></screen>
|
||
|
||
<para>In order to retrieve the data burned to such a CD, you
|
||
must read data from the raw device node:</para>
|
||
|
||
<screen>&prompt.root; <userinput>tar xzvf /dev/acd1</userinput></screen>
|
||
|
||
<para>You cannot mount this disk as you would a normal CDROM.
|
||
Such a CDROM cannot be read under any operating system
|
||
except FreeBSD. If you want to be able to mount the CD, or
|
||
share data with another operating system, you must use
|
||
&man.mkisofs.8; as described above.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="atapicam">
|
||
<sect2info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Marc</firstname>
|
||
<surname>Fonvieille</surname>
|
||
<contrib>Contributed by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
</sect2info>
|
||
|
||
<title>Using the ATAPI/CAM Driver</title>
|
||
|
||
<indexterm>
|
||
<primary>CD burner</primary>
|
||
<secondary>ATAPI/CAM driver</secondary>
|
||
</indexterm>
|
||
|
||
<para>This driver allows ATAPI devices (CD-ROM, CD-RW, DVD
|
||
drives etc...) to be accessed through the SCSI subsystem, and
|
||
so allows the use of applications like <filename
|
||
role="package">sysutils/cdrdao</filename> or
|
||
&man.cdrecord.1;.</para>
|
||
|
||
<para>To use this driver, you will need to add the following
|
||
line to your kernel configuration file:</para>
|
||
|
||
<programlisting>device atapicam</programlisting>
|
||
|
||
<para>You also need the following lines in your kernel
|
||
configuration file:</para>
|
||
|
||
<programlisting>device ata
|
||
device scbus
|
||
device cd
|
||
device pass</programlisting>
|
||
|
||
<para>which should already be present.</para>
|
||
|
||
<para>Then rebuild, install your new kernel, and reboot your
|
||
machine. During the boot process, your burner should show up,
|
||
like so:</para>
|
||
|
||
<screen>acd0: CD-RW <MATSHITA CD-RW/DVD-ROM UJDA740> at ata1-master PIO4
|
||
cd0 at ata1 bus 0 target 0 lun 0
|
||
cd0: <MATSHITA CDRW/DVD UJDA740 1.00> Removable CD-ROM SCSI-0 device
|
||
cd0: 16.000MB/s transfers
|
||
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed</screen>
|
||
|
||
<para>The drive could now be accessed via the
|
||
<filename>/dev/cd0</filename> device name, for example to
|
||
mount a CD-ROM on <filename>/mnt</filename>, just type the
|
||
following:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mount -t cd9660 <replaceable>/dev/cd0</replaceable> /mnt</userinput></screen>
|
||
|
||
<para>As <username>root</username>, you can run the following
|
||
command to get the SCSI address of the burner:</para>
|
||
|
||
<screen>&prompt.root; <userinput>camcontrol devlist</userinput>
|
||
<MATSHITA CDRW/DVD UJDA740 1.00> at scbus1 target 0 lun 0 (pass0,cd0)</screen>
|
||
|
||
<para>So <literal>1,0,0</literal> will be the SCSI address to
|
||
use with &man.cdrecord.1; and other SCSI application.</para>
|
||
|
||
<para>For more information about ATAPI/CAM and SCSI system,
|
||
refer to the &man.atapicam.4; and &man.cam.4; manual
|
||
pages.</para>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="creating-dvds">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Marc</firstname>
|
||
<surname>Fonvieille</surname>
|
||
<contrib>Contributed by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Andy</firstname>
|
||
<surname>Polyakov</surname>
|
||
<contrib>With inputs from </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- Feb 2004 -->
|
||
</sect1info>
|
||
|
||
<title>Creating and Using Optical Media (DVDs)</title>
|
||
<indexterm>
|
||
<primary>DVD</primary>
|
||
<secondary>burning</secondary>
|
||
</indexterm>
|
||
|
||
<sect2>
|
||
<title>Introduction</title>
|
||
|
||
<para>Compared to the CD, the DVD is the next generation of
|
||
optical media storage technology. The DVD can hold more data
|
||
than any CD and is nowadays the standard for video
|
||
publishing.</para>
|
||
|
||
<para>Five physical recordable formats can be defined for what
|
||
we will call a recordable DVD:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>DVD-R: This was the first DVD recordable format
|
||
available. The DVD-R standard is defined by the <ulink
|
||
url="http://www.dvdforum.com/forum.shtml">DVD Forum</ulink>.
|
||
This format is write once.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>DVD-RW: This is the rewriteable version of
|
||
the DVD-R standard. A DVD-RW can be rewritten about 1000
|
||
times.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>DVD-RAM: This is also a rewriteable format
|
||
supported by the DVD Forum. A DVD-RAM can be seen as a
|
||
removable hard drive. However, this media is not
|
||
compatible with most DVD-ROM drives and DVD-Video players;
|
||
only a few DVD writers support the DVD-RAM format.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>DVD+RW: This is a rewriteable format defined by
|
||
the <ulink url="http://www.dvdrw.com/">DVD+RW
|
||
Alliance</ulink>. A DVD+RW can be rewritten about 1000
|
||
times.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>DVD+R: This format is the write once variation
|
||
of the DVD+RW format.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>A single layer recordable DVD can hold up to
|
||
4,700,000,000 bytes which is actually 4.38 GB or
|
||
4485 MB (1 kilobyte is 1024 bytes).</para>
|
||
|
||
<note>
|
||
<para>A distinction must be made between the physical media and
|
||
the application. For example, a DVD-Video is a specific
|
||
file layout that can be written on any recordable DVD
|
||
physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing
|
||
the type of media, you must be sure that both the burner and the
|
||
DVD-Video player (a standalone player or a DVD-ROM drive on
|
||
a computer) are compatible with the media under consideration.</para></note>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Configuration</title>
|
||
|
||
<para>The program &man.growisofs.1; will be used to perform DVD
|
||
recording. This command is part of the
|
||
<application>dvd+rw-tools</application> utilities (<filename
|
||
role="package">sysutils/dvd+rw-tools</filename>). The
|
||
<application>dvd+rw-tools</application> support all DVD media
|
||
types.</para>
|
||
|
||
<para>These tools use the SCSI subsystem to access to the
|
||
devices, therefore the <link linkend="atapicam">ATAPI/CAM
|
||
support</link> must be added to your kernel. If your burner
|
||
uses the USB interface this addition is useless, and you should
|
||
read the <xref linkend="usb-disks"/> for more details on USB
|
||
devices configuration.</para>
|
||
|
||
<para>You also have to enable DMA access for ATAPI devices, this
|
||
can be done in adding the following line to the
|
||
<filename>/boot/loader.conf</filename> file:</para>
|
||
|
||
<programlisting>hw.ata.atapi_dma="1"</programlisting>
|
||
|
||
<para>Before attempting to use the
|
||
<application>dvd+rw-tools</application> you should consult the
|
||
<ulink
|
||
url="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">dvd+rw-tools'
|
||
hardware compatibility notes</ulink> for any information
|
||
related to your DVD burner.</para>
|
||
|
||
<note>
|
||
<para>If you want a graphical user interface, you should have
|
||
a look to <application>K3b</application> (<filename
|
||
role="package">sysutils/k3b</filename>) which provides a
|
||
user friendly interface to &man.growisofs.1; and many others
|
||
burning tools.</para>
|
||
</note>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Burning Data DVDs</title>
|
||
|
||
<para>The &man.growisofs.1; command is a frontend to <link
|
||
linkend="mkisofs">mkisofs</link>, it will invoke
|
||
&man.mkisofs.8; to create the file system layout and will
|
||
perform the write on the DVD. This means you do not need to
|
||
create an image of the data before the burning process.</para>
|
||
|
||
<para>To burn onto a DVD+R or a DVD-R the data from the <filename
|
||
class="directory">/path/to/data</filename> directory, use the
|
||
following command:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
|
||
|
||
<para>The options <option>-J -R</option> are passed to
|
||
&man.mkisofs.8; for the file system creation (in this case: an
|
||
ISO 9660 file system with Joliet and Rock Ridge extensions),
|
||
consult the &man.mkisofs.8; manual page for more
|
||
details.</para>
|
||
|
||
<para>The option <option>-Z</option> is used for the initial
|
||
session recording in any case: multiple sessions or not. The
|
||
DVD device, <replaceable>/dev/cd0</replaceable>, must be
|
||
changed according to your configuration. The
|
||
<option>-dvd-compat</option> parameter will close the disk,
|
||
the recording will be unappendable. In return this should provide better
|
||
media compatibility with DVD-ROM drives.</para>
|
||
|
||
<para>It is also possible to burn a pre-mastered image, for
|
||
example to burn the image
|
||
<replaceable>imagefile.iso</replaceable>, we will run:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
|
||
|
||
<para>The write speed should be detected and automatically set
|
||
according to the media and the drive being used. If you want
|
||
to force the write speed, use the <option>-speed=</option>
|
||
parameter. For more information, read the &man.growisofs.1;
|
||
manual page.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Burning a DVD-Video</title>
|
||
|
||
<indexterm>
|
||
<primary>DVD</primary>
|
||
<secondary>DVD-Video</secondary>
|
||
</indexterm>
|
||
|
||
<para>A DVD-Video is a specific file layout based on ISO 9660
|
||
and the micro-UDF (M-UDF) specifications. The DVD-Video also
|
||
presents a specific data structure hierarchy, it is the reason
|
||
why you need a particular program such as <filename
|
||
role="package">multimedia/dvdauthor</filename> to author the
|
||
DVD.</para>
|
||
|
||
<para>If you already have an image of the DVD-Video file system,
|
||
just burn it in the same way as for any image, see the
|
||
previous section for an example. If you have made the DVD
|
||
authoring and the result is in, for example, the directory
|
||
<filename class="directory">/path/to/video</filename>, the
|
||
following command should be used to burn the DVD-Video:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -dvd-video <replaceable>/path/to/video</replaceable></userinput></screen>
|
||
|
||
<para>The <option>-dvd-video</option> option will be passed down to
|
||
&man.mkisofs.8; and will instruct it to create a DVD-Video file system
|
||
layout. Beside this, the <option>-dvd-video</option> option
|
||
implies <option>-dvd-compat</option> &man.growisofs.1;
|
||
option.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Using a DVD+RW</title>
|
||
|
||
<indexterm>
|
||
<primary>DVD</primary>
|
||
<secondary>DVD+RW</secondary>
|
||
</indexterm>
|
||
|
||
<para>Unlike CD-RW, a virgin DVD+RW needs to be formatted before
|
||
first use. The &man.growisofs.1; program will take care of it
|
||
automatically whenever appropriate, which is the
|
||
<emphasis>recommended</emphasis> way. However you can use the
|
||
<command>dvd+rw-format</command> command to format the
|
||
DVD+RW:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
|
||
|
||
<para>You need to perform this operation just once, keep in mind
|
||
that only virgin DVD+RW medias need to be formatted. Then you
|
||
can burn the DVD+RW in the way seen in previous
|
||
sections.</para>
|
||
|
||
<para>If you want to burn new data (burn a totally new file
|
||
system not append some data) onto a DVD+RW, you do not need to
|
||
blank it, you just have to write over the previous recording
|
||
(in performing a new initial session), like this:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/newdata</replaceable></userinput></screen>
|
||
|
||
<para>DVD+RW format offers the possibility to easily append data
|
||
to a previous recording. The operation consists in merging a
|
||
new session to the existing one, it is not multisession
|
||
writing, &man.growisofs.1; will <emphasis>grow</emphasis> the
|
||
ISO 9660 file system present on the media.</para>
|
||
|
||
<para>For example, if we want to append data to our previous
|
||
DVD+RW, we have to use the following:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
|
||
|
||
<para>The same &man.mkisofs.8; options we used to burn the
|
||
initial session should be used during next writes.</para>
|
||
|
||
<note>
|
||
<para>You may want to use the <option>-dvd-compat</option>
|
||
option if you want better media compatibility with DVD-ROM
|
||
drives. In the DVD+RW case, this will not prevent you from
|
||
adding data.</para>
|
||
</note>
|
||
|
||
<para>If for any reason you really want to blank the media, do
|
||
the following:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable>=<replaceable>/dev/zero</replaceable></userinput></screen>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Using a DVD-RW</title>
|
||
|
||
<indexterm>
|
||
<primary>DVD</primary>
|
||
<secondary>DVD-RW</secondary>
|
||
</indexterm>
|
||
|
||
<para>A DVD-RW accepts two disc formats: the incremental
|
||
sequential one and the restricted overwrite. By default
|
||
DVD-RW discs are in sequential format.</para>
|
||
|
||
<para>A virgin DVD-RW can be directly written without the need
|
||
of a formatting operation, however a non-virgin DVD-RW in
|
||
sequential format needs to be blanked before to be able to
|
||
write a new initial session.</para>
|
||
|
||
<para>To blank a DVD-RW in sequential mode, run:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
|
||
|
||
<note>
|
||
<para>A full blanking (<option>-blank=full</option>) will take
|
||
about one hour on a 1x media. A fast blanking can be
|
||
performed using the <option>-blank</option> option if the
|
||
DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn
|
||
the DVD-RW in DAO mode, use the command:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -use-the-force-luke=dao -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>
|
||
|
||
<para>The <option>-use-the-force-luke=dao</option> option
|
||
should not be required since &man.growisofs.1; attempts to
|
||
detect minimally (fast blanked) media and engage DAO
|
||
write.</para>
|
||
|
||
<para>In fact one should use restricted overwrite mode with
|
||
any DVD-RW, this format is more flexible than the default
|
||
incremental sequential one.</para>
|
||
</note>
|
||
|
||
<para>To write data on a sequential DVD-RW, use the same
|
||
instructions as for the other DVD formats:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>
|
||
|
||
<para>If you want to append some data to your previous
|
||
recording, you will have to use the &man.growisofs.1;
|
||
<option>-M</option> option. However, if you perform data
|
||
addition on a DVD-RW in incremental sequential mode, a new
|
||
session will be created on the disc and the result will be a
|
||
multi-session disc.</para>
|
||
|
||
<para>A DVD-RW in restricted overwrite format does not need to
|
||
be blanked before a new initial session, you just have to
|
||
overwrite the disc with the <option>-Z</option> option, this
|
||
is similar to the DVD+RW case. It is also possible to grow an
|
||
existing ISO 9660 file system written on the disc in a same
|
||
way as for a DVD+RW with the <option>-M</option> option. The
|
||
result will be a one-session DVD.</para>
|
||
|
||
<para>To put a DVD-RW in the restricted overwrite format, the
|
||
following command must be used:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>
|
||
|
||
<para>To change back to the sequential format use:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Multisession</title>
|
||
|
||
<para>Very few DVD-ROM drives support
|
||
multisession DVDs, they will most of time, hopefully, only read
|
||
the first session. DVD+R, DVD-R and DVD-RW in sequential
|
||
format can accept multiple sessions, the notion of multiple
|
||
sessions does not exist for the DVD+RW and the DVD-RW
|
||
restricted overwrite formats.</para>
|
||
|
||
<para>Using the following command after an initial (non-closed)
|
||
session on a DVD+R, DVD-R, or DVD-RW in sequential format,
|
||
will add a new session to the disc:</para>
|
||
|
||
<screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>
|
||
|
||
<para>Using this command line with a DVD+RW or a DVD-RW in restricted
|
||
overwrite mode, will append data in merging the new session to
|
||
the existing one. The result will be a single-session disc.
|
||
This is the way used to add data after an initial write on these
|
||
medias.</para>
|
||
|
||
<note>
|
||
<para>Some space on the media is used between each session for
|
||
end and start of sessions. Therefore, one should add
|
||
sessions with large amount of data to optimize media space.
|
||
The number of sessions is limited to 154 for a DVD+R,
|
||
about 2000 for a DVD-R, and 127 for a DVD+R Double
|
||
Layer.</para>
|
||
</note>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>For More Information</title>
|
||
|
||
<para>To obtain more information about a DVD, the
|
||
<command>dvd+rw-mediainfo
|
||
<replaceable>/dev/cd0</replaceable></command> command can be
|
||
ran with the disc in the drive.</para>
|
||
|
||
<para>More information about the
|
||
<application>dvd+rw-tools</application> can be found in
|
||
the &man.growisofs.1; manual page, on the <ulink
|
||
url="http://fy.chalmers.se/~appro/linux/DVD+RW/">dvd+rw-tools
|
||
web site</ulink> and in the <ulink
|
||
url="http://lists.debian.org/cdwrite/">cdwrite mailing
|
||
list</ulink> archives.</para>
|
||
|
||
<note>
|
||
<para>The <command>dvd+rw-mediainfo</command> output of the
|
||
resulting recording or the media with issues is mandatory
|
||
for any problem report. Without this output, it will be
|
||
quite impossible to help you.</para>
|
||
</note>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="floppies">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Julio</firstname>
|
||
<surname>Merino</surname>
|
||
<contrib>Original work by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- 24 Dec 2001 -->
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Martin</firstname>
|
||
<surname>Karlsson</surname>
|
||
<contrib>Rewritten by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- 27 Apr 2003 -->
|
||
</sect1info>
|
||
|
||
<title>Creating and Using Floppy Disks</title>
|
||
|
||
<para>Storing data on floppy disks is sometimes useful, for
|
||
example when one does not have any other removable storage media
|
||
or when one needs to transfer small amounts of data to another
|
||
computer.</para>
|
||
|
||
<para>This section will explain how to use floppy disks in
|
||
FreeBSD. It will primarily cover formatting and usage of
|
||
3.5inch DOS floppies, but the concepts are similar for other
|
||
floppy disk formats.</para>
|
||
|
||
<sect2>
|
||
<title>Formatting Floppies</title>
|
||
|
||
<sect3>
|
||
<title>The Device</title>
|
||
|
||
<para>Floppy disks are accessed through entries in
|
||
<filename>/dev</filename>, just like other devices. To
|
||
access the raw floppy disk, simply use
|
||
<filename>/dev/fd<replaceable>N</replaceable></filename>.</para>
|
||
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>Formatting</title>
|
||
|
||
<para>A floppy disk needs to be low-level formated before it
|
||
can be used. This is usually done by the vendor, but
|
||
formatting is a good way to check media integrity. Although
|
||
it is possible to force larger (or smaller) disk sizes,
|
||
1440kB is what most floppy disks are designed for.</para>
|
||
|
||
<para>To low-level format the floppy disk you need to use
|
||
&man.fdformat.1;. This utility expects the device name as an
|
||
argument.</para>
|
||
|
||
<para>Make note of any error messages, as these can help
|
||
determine if the disk is good or bad.</para>
|
||
|
||
<sect4>
|
||
<title>Formatting Floppy Disks</title>
|
||
|
||
<para>Use the
|
||
<filename>/dev/fd<replaceable>N</replaceable></filename>
|
||
devices to format the floppy. Insert a new 3.5inch floppy
|
||
disk in your drive and issue:</para>
|
||
|
||
<screen>&prompt.root; <userinput>/usr/sbin/fdformat -f 1440 /dev/fd0</userinput></screen>
|
||
|
||
</sect4>
|
||
</sect3>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>The Disk Label</title>
|
||
|
||
<para>After low-level formatting the disk, you will need to
|
||
place a disk label on it. This disk label will be destroyed
|
||
later, but it is needed by the system to determine the size of
|
||
the disk and its geometry later.</para>
|
||
|
||
<para>The new disk label will take over the whole disk, and will
|
||
contain all the proper information about the geometry of the
|
||
floppy. The geometry values for the disk label are listed in
|
||
<filename>/etc/disktab</filename>.</para>
|
||
|
||
<para>You can run now &man.bsdlabel.8; like so:</para>
|
||
|
||
<screen>&prompt.root; <userinput>/sbin/bsdlabel -B -r -w /dev/fd0 fd1440</userinput></screen>
|
||
|
||
<note><para>Since &os; 5.1-RELEASE, the &man.bsdlabel.8;
|
||
utility replaces the old &man.bsdlabel.8; program. With
|
||
&man.bsdlabel.8; a number of obsolete options and parameters
|
||
have been retired; in the example above the option
|
||
<option>-r</option> should be removed. For more
|
||
information, please refer to the &man.bsdlabel.8;
|
||
manual page.</para></note>
|
||
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>The File System</title>
|
||
|
||
<para>Now the floppy is ready to be high-level formated. This
|
||
will place a new file system on it, which will let FreeBSD read
|
||
and write to the disk. After creating the new file system, the
|
||
disk label is destroyed, so if you want to reformat the disk, you
|
||
will have to recreate the disk label.</para>
|
||
|
||
<para>The floppy's file system can be either UFS or FAT.
|
||
FAT is generally a better choice for floppies.</para>
|
||
|
||
<para>To put a new file system on the floppy, issue:</para>
|
||
|
||
<screen>&prompt.root; <userinput>/sbin/newfs_msdos /dev/fd0</userinput></screen>
|
||
|
||
<para>The disk is now ready for use.</para>
|
||
</sect2>
|
||
|
||
|
||
<sect2>
|
||
<title>Using the Floppy</title>
|
||
|
||
<para>To use the floppy, mount it with &man.mount.msdos.8;. One can also use
|
||
<filename role="package">emulators/mtools</filename> from the ports
|
||
collection.</para>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="backups-tapebackups">
|
||
<title>Creating and Using Data Tapes</title>
|
||
|
||
<indexterm><primary>tape media</primary></indexterm>
|
||
<para>The major tape media are the 4mm, 8mm, QIC, mini-cartridge and
|
||
DLT.</para>
|
||
|
||
<sect2 id="backups-tapebackups-4mm">
|
||
<title>4mm (DDS: Digital Data Storage)</title>
|
||
|
||
<indexterm>
|
||
<primary>tape media</primary>
|
||
<secondary>DDS (4mm) tapes</secondary>
|
||
</indexterm>
|
||
<indexterm>
|
||
<primary>tape media</primary>
|
||
<secondary>QIC tapes</secondary>
|
||
</indexterm>
|
||
<para>4mm tapes are replacing QIC as the workstation backup media of
|
||
choice. This trend accelerated greatly when Conner purchased Archive,
|
||
a leading manufacturer of QIC drives, and then stopped production of
|
||
QIC drives. 4mm drives are small and quiet but do not have the
|
||
reputation for reliability that is enjoyed by 8mm drives. The
|
||
cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51
|
||
x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short
|
||
head life for the same reason, both use helical scan.</para>
|
||
|
||
<para>Data throughput on these drives starts ~150 kB/s, peaking at ~500 kB/s.
|
||
Data capacity starts at 1.3 GB and ends at 2.0 GB. Hardware
|
||
compression, available with most of these drives, approximately
|
||
doubles the capacity. Multi-drive tape library units can have 6
|
||
drives in a single cabinet with automatic tape changing. Library
|
||
capacities reach 240 GB.</para>
|
||
|
||
<para>The DDS-3 standard now supports tape capacities up to 12 GB (or
|
||
24 GB compressed).</para>
|
||
|
||
<para>4mm drives, like 8mm drives, use helical-scan. All the benefits
|
||
and drawbacks of helical-scan apply to both 4mm and 8mm drives.</para>
|
||
|
||
<para>Tapes should be retired from use after 2,000 passes or 100 full
|
||
backups.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="backups-tapebackups-8mm">
|
||
<title>8mm (Exabyte)</title>
|
||
<indexterm>
|
||
<primary>tape media</primary>
|
||
<secondary>Exabyte (8mm) tapes</secondary>
|
||
</indexterm>
|
||
|
||
<para>8mm tapes are the most common SCSI tape drives; they are the best
|
||
choice of exchanging tapes. Nearly every site has an Exabyte 2 GB 8mm
|
||
tape drive. 8mm drives are reliable, convenient and quiet. Cartridges
|
||
are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm).
|
||
One downside of 8mm tape is relatively short head and tape life due to
|
||
the high rate of relative motion of the tape across the heads.</para>
|
||
|
||
<para>Data throughput ranges from ~250 kB/s to ~500 kB/s. Data sizes start
|
||
at 300 MB and go up to 7 GB. Hardware compression, available with
|
||
most of these drives, approximately doubles the capacity. These
|
||
drives are available as single units or multi-drive tape libraries
|
||
with 6 drives and 120 tapes in a single cabinet. Tapes are changed
|
||
automatically by the unit. Library capacities reach 840+ GB.</para>
|
||
|
||
<para>The Exabyte <quote>Mammoth</quote> model supports 12 GB on one tape
|
||
(24 GB with compression) and costs approximately twice as much as
|
||
conventional tape drives.</para>
|
||
|
||
<para>Data is recorded onto the tape using helical-scan, the heads are
|
||
positioned at an angle to the media (approximately 6 degrees). The
|
||
tape wraps around 270 degrees of the spool that holds the heads. The
|
||
spool spins while the tape slides over the spool. The result is a
|
||
high density of data and closely packed tracks that angle across the
|
||
tape from one edge to the other.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="backups-tapebackups-qic">
|
||
<title>QIC</title>
|
||
<indexterm>
|
||
<primary>tape media</primary>
|
||
<secondary>QIC-150</secondary>
|
||
</indexterm>
|
||
|
||
<para>QIC-150 tapes and drives are, perhaps, the most common tape drive
|
||
and media around. QIC tape drives are the least expensive <quote>serious</quote>
|
||
backup drives. The downside is the cost of media. QIC tapes are
|
||
expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB
|
||
data storage. But, if your needs can be satisfied with a half-dozen
|
||
tapes, QIC may be the correct choice. QIC is the
|
||
<emphasis>most</emphasis> common tape drive. Every site has a QIC
|
||
drive of some density or another. Therein lies the rub, QIC has a
|
||
large number of densities on physically similar (sometimes identical)
|
||
tapes. QIC drives are not quiet. These drives audibly seek before
|
||
they begin to record data and are clearly audible whenever reading,
|
||
writing or seeking. QIC tapes measure (6 x 4 x 0.7 inches; 152 x
|
||
102 x 17 mm).</para>
|
||
|
||
<para>Data throughput ranges from ~150 kB/s to ~500 kB/s. Data capacity
|
||
ranges from 40 MB to 15 GB. Hardware compression is available on many
|
||
of the newer QIC drives. QIC drives are less frequently installed;
|
||
they are being supplanted by DAT drives.</para>
|
||
|
||
<para>Data is recorded onto the tape in tracks. The tracks run along
|
||
the long axis of the tape media from one end to the other. The number
|
||
of tracks, and therefore the width of a track, varies with the tape's
|
||
capacity. Most if not all newer drives provide backward-compatibility
|
||
at least for reading (but often also for writing). QIC has a good
|
||
reputation regarding the safety of the data (the mechanics are simpler
|
||
and more robust than for helical scan drives).</para>
|
||
|
||
<para>Tapes should be retired from use after 5,000 backups.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="backups-tapebackups-dlt">
|
||
<title>DLT</title>
|
||
<indexterm>
|
||
<primary>tape media</primary>
|
||
<secondary>DLT</secondary>
|
||
</indexterm>
|
||
|
||
<para>DLT has the fastest data transfer rate of all the drive types
|
||
listed here. The 1/2" (12.5mm) tape is contained in a single spool
|
||
cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a
|
||
swinging gate along one entire side of the cartridge. The drive
|
||
mechanism opens this gate to extract the tape leader. The tape leader
|
||
has an oval hole in it which the drive uses to <quote>hook</quote> the tape. The
|
||
take-up spool is located inside the tape drive. All the other tape
|
||
cartridges listed here (9 track tapes are the only exception) have
|
||
both the supply and take-up spools located inside the tape cartridge
|
||
itself.</para>
|
||
|
||
<para>Data throughput is approximately 1.5 MB/s, three times the throughput of
|
||
4mm, 8mm, or QIC tape drives. Data capacities range from 10 GB to 20 GB
|
||
for a single drive. Drives are available in both multi-tape changers
|
||
and multi-tape, multi-drive tape libraries containing from 5 to 900
|
||
tapes over 1 to 20 drives, providing from 50 GB to 9 TB of
|
||
storage.</para>
|
||
|
||
<para>With compression, DLT Type IV format supports up to 70 GB
|
||
capacity.</para>
|
||
|
||
<para>Data is recorded onto the tape in tracks parallel to the direction
|
||
of travel (just like QIC tapes). Two tracks are written at once.
|
||
Read/write head lifetimes are relatively long; once the tape stops
|
||
moving, there is no relative motion between the heads and the
|
||
tape.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title id="backups-tapebackups-ait">AIT</title>
|
||
<indexterm>
|
||
<primary>tape media</primary>
|
||
<secondary>AIT</secondary>
|
||
</indexterm>
|
||
|
||
<para>AIT is a new format from Sony, and can hold up to 50 GB (with
|
||
compression) per tape. The tapes contain memory chips which retain an
|
||
index of the tape's contents. This index can be rapidly read by the
|
||
tape drive to determine the position of files on the tape, instead of
|
||
the several minutes that would be required for other tapes. Software
|
||
such as <application>SAMS:Alexandria</application> can operate forty or more AIT tape libraries,
|
||
communicating directly with the tape's memory chip to display the
|
||
contents on screen, determine what files were backed up to which
|
||
tape, locate the correct tape, load it, and restore the data from the
|
||
tape.</para>
|
||
|
||
<para>Libraries like this cost in the region of $20,000, pricing them a
|
||
little out of the hobbyist market.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Using a New Tape for the First Time</title>
|
||
|
||
<para>The first time that you try to read or write a new, completely
|
||
blank tape, the operation will fail. The console messages should be
|
||
similar to:</para>
|
||
|
||
<screen>sa0(ncr1:4:0): NOT READY asc:4,1
|
||
sa0(ncr1:4:0): Logical unit is in process of becoming ready</screen>
|
||
|
||
<para>The tape does not contain an Identifier Block (block number 0).
|
||
All QIC tape drives since the adoption of QIC-525 standard write an
|
||
Identifier Block to the tape. There are two solutions:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para><command>mt fsf 1</command> causes the tape drive to write an
|
||
Identifier Block to the tape.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Use the front panel button to eject the tape.</para>
|
||
|
||
<para>Re-insert the tape and <command>dump</command> data to
|
||
the tape.</para>
|
||
|
||
<para><command>dump</command> will report <errorname>DUMP: End of tape
|
||
detected</errorname> and the console will show: <errorname>HARDWARE
|
||
FAILURE info:280 asc:80,96</errorname>.</para>
|
||
|
||
<para>rewind the tape using: <command>mt rewind</command>.</para>
|
||
|
||
<para>Subsequent tape operations are successful.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="backups-floppybackups">
|
||
<title>Backups to Floppies</title>
|
||
|
||
<sect2 id="floppies-using">
|
||
<title>Can I Use Floppies for Backing Up My Data?</title>
|
||
<indexterm><primary>backup floppies</primary></indexterm>
|
||
<indexterm><primary>floppy disks</primary></indexterm>
|
||
|
||
<para>Floppy disks are not really a suitable media for
|
||
making backups as:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>The media is unreliable, especially over long periods of
|
||
time.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Backing up and restoring is very slow.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>They have a very limited capacity (the days of backing up
|
||
an entire hard disk onto a dozen or so floppies has long since
|
||
passed).</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>However, if you have no other method of backing up your data then
|
||
floppy disks are better than no backup at all.</para>
|
||
|
||
<para>If you do have to use floppy disks then ensure that you use good
|
||
quality ones. Floppies that have been lying around the office for a
|
||
couple of years are a bad choice. Ideally use new ones from a
|
||
reputable manufacturer.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="floppies-creating">
|
||
<title>So How Do I Backup My Data to Floppies?</title>
|
||
|
||
<para>The best way to backup to floppy disk is to use
|
||
&man.tar.1; with the <option>-M</option> (multi
|
||
volume) option, which allows backups to span multiple
|
||
floppies.</para>
|
||
|
||
<para>To backup all the files in the current directory and sub-directory
|
||
use this (as <username>root</username>):</para>
|
||
|
||
<screen>&prompt.root; <userinput>tar Mcvf /dev/fd0 *</userinput></screen>
|
||
|
||
<para>When the first floppy is full &man.tar.1; will prompt you to
|
||
insert the next volume (because &man.tar.1; is media independent it
|
||
refers to volumes; in this context it means floppy disk).</para>
|
||
|
||
<screen>Prepare volume #2 for /dev/fd0 and hit return:</screen>
|
||
|
||
<para>This is repeated (with the volume number incrementing) until all
|
||
the specified files have been archived.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="floppies-compress">
|
||
<title>Can I Compress My Backups?</title>
|
||
<indexterm>
|
||
<primary><command>tar</command></primary>
|
||
</indexterm>
|
||
<indexterm>
|
||
<primary><command>gzip</command></primary>
|
||
</indexterm>
|
||
<indexterm><primary>compression</primary></indexterm>
|
||
|
||
<para>Unfortunately, &man.tar.1; will not allow the
|
||
<option>-z</option> option to be used for multi-volume archives.
|
||
You could, of course, &man.gzip.1; all the files,
|
||
&man.tar.1; them to the floppies, then
|
||
&man.gunzip.1; the files again!</para>
|
||
</sect2>
|
||
|
||
<sect2 id="floppies-restoring">
|
||
<title>How Do I Restore My Backups?</title>
|
||
|
||
<para>To restore the entire archive use:</para>
|
||
|
||
<screen>&prompt.root; <userinput>tar Mxvf /dev/fd0</userinput></screen>
|
||
|
||
<para>There are two ways that you can use to restore only
|
||
specific files. First, you can start with the first floppy
|
||
and use:</para>
|
||
|
||
<screen>&prompt.root; <userinput>tar Mxvf /dev/fd0 <replaceable>filename</replaceable></userinput></screen>
|
||
|
||
<para>The utility &man.tar.1; will prompt you to insert subsequent floppies until it
|
||
finds the required file.</para>
|
||
|
||
<para>Alternatively, if you know which floppy the file is on then you
|
||
can simply insert that floppy and use the same command as above. Note
|
||
that if the first file on the floppy is a continuation from the
|
||
previous one then &man.tar.1; will warn you that it cannot
|
||
restore it, even if you have not asked it to!</para>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="backup-strategies">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Lowell</firstname>
|
||
<surname>Gilbert</surname>
|
||
<contrib>Original work by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- 3 Dec 2005 -->
|
||
</sect1info>
|
||
|
||
<title>Backup Strategies</title>
|
||
|
||
<para>The first requirement in devising a backup plan is to make sure that
|
||
all of the following problems are covered:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>Disk failure</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Accidental file deletion</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Random file corruption</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Complete machine destruction (e.g. fire), including destruction
|
||
of any on-site backups.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>It is perfectly possible that some systems will be best served by
|
||
having each of these problems covered by a completely different
|
||
technique. Except for strictly personal systems with very low-value
|
||
data, it is unlikely that one technique would cover all of them.</para>
|
||
|
||
<para>Some of the techniques in the toolbox are:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>Archives of the whole system, backed up onto permanent media
|
||
offsite. This actually provides protection against all of the
|
||
possible problems listed above, but is slow and inconvenient to
|
||
restore from. You can keep copies of the backups onsite and/or
|
||
online, but there will still be inconveniences in restoring files,
|
||
especially for non-privileged users.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Filesystem snapshots. This is really only helpful in the
|
||
accidental file deletion scenario, but it can be
|
||
<emphasis>very</emphasis> helpful in that case, and is quick and
|
||
easy to deal with.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Copies of whole filesystems and/or disks (e.g. periodic rsync of
|
||
the whole machine). This is generally most useful in networks with
|
||
unique requirements. For general protection against disk failure,
|
||
it is usually inferior to <acronym>RAID</acronym>. For restoring
|
||
accidentally deleted files, it can be comparable to
|
||
<acronym>UFS</acronym> snapshots, but that depends on your
|
||
preferences.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><acronym>RAID</acronym>. Minimizes or avoids downtime when a
|
||
disk fails. At the expense of having to deal with disk failures
|
||
more often (because you have more disks), albeit at a much lower
|
||
urgency.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Checking fingerprints of files. The &man.mtree.8; utility is
|
||
very useful for this. Although it is not a backup technique, it
|
||
helps guarantee that you will notice when you need to resort to your
|
||
backups. This is particularly important for offline backups, and
|
||
should be checked periodically.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>It is quite easy to come up with even more techniques, many of them
|
||
variations on the ones listed above. Specialized requirements will
|
||
usually lead to specialized techniques (for example, backing up a live
|
||
database usually requires a method particular to the database software
|
||
as an intermediate step). The important thing is to know what dangers
|
||
you want to protect against, and how you will handle each.</para>
|
||
</sect1>
|
||
|
||
<sect1 id="backup-basics">
|
||
<title>Backup Basics</title>
|
||
|
||
<para>The three major backup programs are
|
||
&man.dump.8;,
|
||
&man.tar.1;,
|
||
and
|
||
&man.cpio.1;.</para>
|
||
|
||
<sect2>
|
||
<title>Dump and Restore</title>
|
||
<indexterm>
|
||
<primary>backup software</primary>
|
||
<secondary>dump / restore</secondary>
|
||
</indexterm>
|
||
<indexterm><primary><command>dump</command></primary></indexterm>
|
||
<indexterm><primary><command>restore</command></primary></indexterm>
|
||
|
||
<para>The traditional &unix; backup programs are
|
||
<command>dump</command> and <command>restore</command>. They
|
||
operate on the drive as a collection of disk blocks, below the
|
||
abstractions of files, links and directories that are created by
|
||
the file systems. <command>dump</command> backs up an entire
|
||
file system on a device. It is unable to backup only part of a
|
||
file system or a directory tree that spans more than one
|
||
file system. <command>dump</command> does not write files and
|
||
directories to tape, but rather writes the raw data blocks that
|
||
comprise files and directories.</para>
|
||
|
||
<note><para>If you use <command>dump</command> on your root directory, you
|
||
would not back up <filename>/home</filename>,
|
||
<filename>/usr</filename> or many other directories since
|
||
these are typically mount points for other file systems or
|
||
symbolic links into those file systems.</para></note>
|
||
|
||
<para><command>dump</command> has quirks that remain from its early days in
|
||
Version 6 of AT&T UNIX (circa 1975). The default
|
||
parameters are suitable for 9-track tapes (6250 bpi), not the
|
||
high-density media available today (up to 62,182 ftpi). These
|
||
defaults must be overridden on the command line to utilize the
|
||
capacity of current tape drives.</para>
|
||
|
||
<indexterm><primary><filename>.rhosts</filename></primary></indexterm>
|
||
<para>It is also possible to backup data across the network to a
|
||
tape drive attached to another computer with <command>rdump</command> and
|
||
<command>rrestore</command>. Both programs rely upon &man.rcmd.3; and
|
||
&man.ruserok.3; to access the remote tape drive. Therefore,
|
||
the user performing the backup must be listed in the
|
||
<filename>.rhosts</filename> file on the remote computer. The
|
||
arguments to <command>rdump</command> and <command>rrestore</command> must be suitable
|
||
to use on the remote computer. When
|
||
<command>rdump</command>ing from a FreeBSD computer to an
|
||
Exabyte tape drive connected to a Sun called
|
||
<hostid>komodo</hostid>, use:</para>
|
||
|
||
<screen>&prompt.root; <userinput>/sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&1</userinput></screen>
|
||
|
||
<para>Beware: there are security implications to
|
||
allowing <filename>.rhosts</filename> authentication. Evaluate your
|
||
situation carefully.</para>
|
||
|
||
<para>It is also possible to use <command>dump</command> and
|
||
<command>restore</command> in a more secure fashion over
|
||
<command>ssh</command>.</para>
|
||
|
||
<example>
|
||
<title>Using <command>dump</command> over <application>ssh</application></title>
|
||
|
||
<screen>&prompt.root; <userinput>/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
|
||
targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz</userinput></screen>
|
||
|
||
</example>
|
||
|
||
<para>Or using <command>dump</command>'s built-in method,
|
||
setting the environment variable <envar>RSH</envar>:</para>
|
||
|
||
<example>
|
||
<title>Using <command>dump</command> over <application>ssh</application> with <envar>RSH</envar> set</title>
|
||
|
||
<screen>&prompt.root; <userinput>RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr</userinput></screen>
|
||
|
||
</example>
|
||
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title><command>tar</command></title>
|
||
<indexterm>
|
||
<primary>backup software</primary>
|
||
<secondary><command>tar</command></secondary>
|
||
</indexterm>
|
||
|
||
<para>&man.tar.1; also dates back to Version 6 of AT&T UNIX
|
||
(circa 1975). <command>tar</command> operates in cooperation
|
||
with the file system; it writes files and
|
||
directories to tape. <command>tar</command> does not support the
|
||
full range of options that are available from &man.cpio.1;, but
|
||
it does not require the unusual command
|
||
pipeline that <command>cpio</command> uses.</para>
|
||
|
||
<indexterm><primary><command>tar</command></primary></indexterm>
|
||
|
||
<para>On FreeBSD 5.3 and later, both GNU <command>tar</command>
|
||
and the default <command>bsdtar</command> are available. The
|
||
GNU version can be invoked with <command>gtar</command>. It
|
||
supports remote devices using the same syntax as
|
||
<command>rdump</command>. To <command>tar</command> to an
|
||
Exabyte tape drive connected to a Sun called
|
||
<hostid>komodo</hostid>, use:</para>
|
||
|
||
<screen>&prompt.root; <userinput>/usr/bin/gtar cf komodo:/dev/nsa8 . 2>&1</userinput></screen>
|
||
|
||
<para>The same could be accomplished with
|
||
<command>bsdtar</command> by using a pipeline and
|
||
<command>rsh</command> to send the data to a remote tape
|
||
drive.</para>
|
||
|
||
<screen>&prompt.root; <userinput>tar cf - . | rsh <replaceable>hostname</replaceable> dd of=<replaceable>tape-device</replaceable> obs=20b</userinput></screen>
|
||
|
||
<para>If you are worried about the security of backing up over a
|
||
network you should use the <command>ssh</command> command
|
||
instead of <command>rsh</command>.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title><command>cpio</command></title>
|
||
<indexterm>
|
||
<primary>backup software</primary>
|
||
<secondary><command>cpio</command></secondary>
|
||
</indexterm>
|
||
|
||
<para>&man.cpio.1; is the original &unix; file interchange tape
|
||
program for magnetic media. <command>cpio</command> has options
|
||
(among many others) to perform byte-swapping, write a number of
|
||
different archive formats, and pipe the data to other programs.
|
||
This last feature makes <command>cpio</command> an excellent
|
||
choice for installation media. <command>cpio</command> does not
|
||
know how to walk the directory tree and a list of files must be
|
||
provided through <filename>stdin</filename>.</para>
|
||
<indexterm><primary><command>cpio</command></primary></indexterm>
|
||
|
||
<para><command>cpio</command> does not support backups across
|
||
the network. You can use a pipeline and <command>rsh</command>
|
||
to send the data to a remote tape drive.</para>
|
||
|
||
<screen>&prompt.root; <userinput>for f in <replaceable>directory_list; do</replaceable></userinput>
|
||
<userinput>find $f >> backup.list</userinput>
|
||
<userinput>done</userinput>
|
||
&prompt.root; <userinput>cpio -v -o --format=newc < backup.list | ssh <replaceable>user</replaceable>@<replaceable>host</replaceable> "cat > <replaceable>backup_device</replaceable>"</userinput></screen>
|
||
|
||
<para>Where <replaceable>directory_list</replaceable> is the list of
|
||
directories you want to back up,
|
||
<replaceable>user</replaceable>@<replaceable>host</replaceable> is the
|
||
user/hostname combination that will be performing the backups, and
|
||
<replaceable>backup_device</replaceable> is where the backups should
|
||
be written to (e.g., <filename>/dev/nsa0</filename>).</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title><command>pax</command></title>
|
||
<indexterm>
|
||
<primary>backup software</primary>
|
||
<secondary><command>pax</command></secondary>
|
||
</indexterm>
|
||
<indexterm><primary><command>pax</command></primary></indexterm>
|
||
<indexterm><primary>POSIX</primary></indexterm>
|
||
<indexterm><primary>IEEE</primary></indexterm>
|
||
|
||
<para>&man.pax.1; is IEEE/&posix;'s answer to
|
||
<command>tar</command> and <command>cpio</command>. Over the
|
||
years the various versions of <command>tar</command> and
|
||
<command>cpio</command> have gotten slightly incompatible. So
|
||
rather than fight it out to fully standardize them, &posix;
|
||
created a new archive utility. <command>pax</command> attempts
|
||
to read and write many of the various <command>cpio</command>
|
||
and <command>tar</command> formats, plus new formats of its own.
|
||
Its command set more resembles <command>cpio</command> than
|
||
<command>tar</command>.</para>
|
||
</sect2>
|
||
|
||
<sect2 id="backups-programs-amanda">
|
||
<title><application>Amanda</application></title>
|
||
<indexterm>
|
||
<primary>backup software</primary>
|
||
<secondary><application>Amanda</application></secondary>
|
||
</indexterm>
|
||
<indexterm><primary><application>Amanda</application></primary></indexterm>
|
||
|
||
<!-- Remove link until <port> tag is available -->
|
||
<para><application>Amanda</application> (Advanced Maryland
|
||
Network Disk Archiver) is a client/server backup system,
|
||
rather than a single program. An <application>Amanda</application> server will backup to
|
||
a single tape drive any number of computers that have <application>Amanda</application>
|
||
clients and a network connection to the <application>Amanda</application> server. A
|
||
common problem at sites with a number of large disks is
|
||
that the length of time required to backup to data directly to tape
|
||
exceeds the amount of time available for the task. <application>Amanda</application>
|
||
solves this problem. <application>Amanda</application> can use a <quote>holding disk</quote> to
|
||
backup several file systems at the same time. <application>Amanda</application> creates
|
||
<quote>archive sets</quote>: a group of tapes used over a period of time to
|
||
create full backups of all the file systems listed in <application>Amanda</application>'s
|
||
configuration file. The <quote>archive set</quote> also contains nightly
|
||
incremental (or differential) backups of all the file systems.
|
||
Restoring a damaged file system requires the most recent full
|
||
backup and the incremental backups.</para>
|
||
|
||
<para>The configuration file provides fine control of backups and the
|
||
network traffic that <application>Amanda</application> generates. <application>Amanda</application> will use any of the
|
||
above backup programs to write the data to tape. <application>Amanda</application> is available
|
||
as either a port or a package, it is not installed by default.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Do Nothing</title>
|
||
|
||
<para><quote>Do nothing</quote> is not a computer program, but it is the
|
||
most widely used backup strategy. There are no initial costs. There
|
||
is no backup schedule to follow. Just say no. If something happens
|
||
to your data, grin and bear it!</para>
|
||
|
||
<para>If your time and your data is worth little to nothing, then
|
||
<quote>Do nothing</quote> is the most suitable backup program for your
|
||
computer. But beware, &unix; is a useful tool, you may find that within
|
||
six months you have a collection of files that are valuable to
|
||
you.</para>
|
||
|
||
<para><quote>Do nothing</quote> is the correct backup method for
|
||
<filename>/usr/obj</filename> and other directory trees that can be
|
||
exactly recreated by your computer. An example is the files that
|
||
comprise the HTML or &postscript; version of this Handbook.
|
||
These document formats have been created from SGML input
|
||
files. Creating backups of the HTML or &postscript; files is
|
||
not necessary. The SGML files are backed up regularly.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Which Backup Program Is Best?</title>
|
||
<indexterm>
|
||
<primary>LISA</primary>
|
||
</indexterm>
|
||
|
||
<para>&man.dump.8; <emphasis>Period.</emphasis> Elizabeth D. Zwicky
|
||
torture tested all the backup programs discussed here. The clear
|
||
choice for preserving all your data and all the peculiarities of &unix;
|
||
file systems is <command>dump</command>. Elizabeth created file systems containing
|
||
a large variety of unusual conditions (and some not so unusual ones)
|
||
and tested each program by doing a backup and restore of those
|
||
file systems. The peculiarities included: files with holes, files with
|
||
holes and a block of nulls, files with funny characters in their
|
||
names, unreadable and unwritable files, devices, files that change
|
||
size during the backup, files that are created/deleted during the
|
||
backup and more. She presented the results at LISA V in Oct. 1991.
|
||
See <ulink
|
||
url="http://berdmann.dyndns.org/zwicky/testdump.doc.html">torture-testing
|
||
Backup and Archive Programs</ulink>.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Emergency Restore Procedure</title>
|
||
|
||
<sect3>
|
||
<title>Before the Disaster</title>
|
||
|
||
<para>There are only four steps that you need to perform in
|
||
preparation for any disaster that may occur.</para>
|
||
<indexterm>
|
||
<primary><command>bsdlabel</command></primary>
|
||
</indexterm>
|
||
|
||
<para>First, print the bsdlabel from each of your disks
|
||
(e.g. <command>bsdlabel da0 | lpr</command>), your file system table
|
||
(<filename>/etc/fstab</filename>) and all boot messages,
|
||
two copies of
|
||
each.</para>
|
||
|
||
<indexterm><primary>fix-it floppies</primary></indexterm>
|
||
<para>Second, determine that the boot and fix-it floppies
|
||
(<filename>boot.flp</filename> and <filename>fixit.flp</filename>)
|
||
have all your devices. The easiest way to check is to reboot your
|
||
machine with the boot floppy in the floppy drive and check the boot
|
||
messages. If all your devices are listed and functional, skip on to
|
||
step three.</para>
|
||
|
||
<para>Otherwise, you have to create two custom bootable
|
||
floppies which have a kernel that can mount all of your disks
|
||
and access your tape drive. These floppies must contain:
|
||
<command>fdisk</command>, <command>bsdlabel</command>,
|
||
<command>newfs</command>, <command>mount</command>, and
|
||
whichever backup program you use. These programs must be
|
||
statically linked. If you use <command>dump</command>, the
|
||
floppy must contain <command>restore</command>.</para>
|
||
|
||
<para>Third, create backup tapes regularly. Any changes that you make
|
||
after your last backup may be irretrievably lost. Write-protect the
|
||
backup tapes.</para>
|
||
|
||
<para>Fourth, test the floppies (either <filename>boot.flp</filename>
|
||
and <filename>fixit.flp</filename> or the two custom bootable
|
||
floppies you made in step two.) and backup tapes. Make notes of the
|
||
procedure. Store these notes with the bootable floppy, the
|
||
printouts and the backup tapes. You will be so distraught when
|
||
restoring that the notes may prevent you from destroying your backup
|
||
tapes (How? In place of <command>tar xvf /dev/sa0</command>, you
|
||
might accidentally type <command>tar cvf /dev/sa0</command> and
|
||
over-write your backup tape).</para>
|
||
|
||
<para>For an added measure of security, make bootable floppies and two
|
||
backup tapes each time. Store one of each at a remote location. A
|
||
remote location is NOT the basement of the same office building. A
|
||
number of firms in the World Trade Center learned this lesson the
|
||
hard way. A remote location should be physically separated from
|
||
your computers and disk drives by a significant distance.</para>
|
||
|
||
<example>
|
||
<title>A Script for Creating a Bootable Floppy</title>
|
||
|
||
<programlisting><![ CDATA [#!/bin/sh
|
||
#
|
||
# create a restore floppy
|
||
#
|
||
# format the floppy
|
||
#
|
||
PATH=/bin:/sbin:/usr/sbin:/usr/bin
|
||
|
||
fdformat -q fd0
|
||
if [ $? -ne 0 ]
|
||
then
|
||
echo "Bad floppy, please use a new one"
|
||
exit 1
|
||
fi
|
||
|
||
# place boot blocks on the floppy
|
||
#
|
||
bsdlabel -w -B /dev/fd0c fd1440
|
||
|
||
#
|
||
# newfs the one and only partition
|
||
#
|
||
newfs -t 2 -u 18 -l 1 -c 40 -i 5120 -m 5 -o space /dev/fd0a
|
||
|
||
#
|
||
# mount the new floppy
|
||
#
|
||
mount /dev/fd0a /mnt
|
||
|
||
#
|
||
# create required directories
|
||
#
|
||
mkdir /mnt/dev
|
||
mkdir /mnt/bin
|
||
mkdir /mnt/sbin
|
||
mkdir /mnt/etc
|
||
mkdir /mnt/root
|
||
mkdir /mnt/mnt # for the root partition
|
||
mkdir /mnt/tmp
|
||
mkdir /mnt/var
|
||
|
||
#
|
||
# populate the directories
|
||
#
|
||
if [ ! -x /sys/compile/MINI/kernel ]
|
||
then
|
||
cat << EOM
|
||
The MINI kernel does not exist, please create one.
|
||
Here is an example config file:
|
||
#
|
||
# MINI -- A kernel to get FreeBSD onto a disk.
|
||
#
|
||
machine "i386"
|
||
cpu "I486_CPU"
|
||
ident MINI
|
||
maxusers 5
|
||
|
||
options INET # needed for _tcp _icmpstat _ipstat
|
||
# _udpstat _tcpstat _udb
|
||
options FFS #Berkeley Fast File System
|
||
options FAT_CURSOR #block cursor in syscons or pccons
|
||
options SCSI_DELAY=15 #Be pessimistic about Joe SCSI device
|
||
options NCONS=2 #1 virtual consoles
|
||
options USERCONFIG #Allow user configuration with -c XXX
|
||
|
||
config kernel root on da0 swap on da0 and da1 dumps on da0
|
||
|
||
device isa0
|
||
device pci0
|
||
|
||
device fdc0 at isa? port "IO_FD1" bio irq 6 drq 2 vector fdintr
|
||
device fd0 at fdc0 drive 0
|
||
|
||
device ncr0
|
||
|
||
device scbus0
|
||
|
||
device sc0 at isa? port "IO_KBD" tty irq 1 vector scintr
|
||
device npx0 at isa? port "IO_NPX" irq 13 vector npxintr
|
||
|
||
device da0
|
||
device da1
|
||
device da2
|
||
|
||
device sa0
|
||
|
||
pseudo-device loop # required by INET
|
||
pseudo-device gzip # Exec gzipped a.out's
|
||
EOM
|
||
exit 1
|
||
fi
|
||
|
||
cp -f /sys/compile/MINI/kernel /mnt
|
||
|
||
gzip -c -best /sbin/init > /mnt/sbin/init
|
||
gzip -c -best /sbin/fsck > /mnt/sbin/fsck
|
||
gzip -c -best /sbin/mount > /mnt/sbin/mount
|
||
gzip -c -best /sbin/halt > /mnt/sbin/halt
|
||
gzip -c -best /sbin/restore > /mnt/sbin/restore
|
||
|
||
gzip -c -best /bin/sh > /mnt/bin/sh
|
||
gzip -c -best /bin/sync > /mnt/bin/sync
|
||
|
||
cp /root/.profile /mnt/root
|
||
|
||
cp -f /dev/MAKEDEV /mnt/dev
|
||
chmod 755 /mnt/dev/MAKEDEV
|
||
|
||
chmod 500 /mnt/sbin/init
|
||
chmod 555 /mnt/sbin/fsck /mnt/sbin/mount /mnt/sbin/halt
|
||
chmod 555 /mnt/bin/sh /mnt/bin/sync
|
||
chmod 6555 /mnt/sbin/restore
|
||
|
||
#
|
||
# create the devices nodes
|
||
#
|
||
cd /mnt/dev
|
||
./MAKEDEV std
|
||
./MAKEDEV da0
|
||
./MAKEDEV da1
|
||
./MAKEDEV da2
|
||
./MAKEDEV sa0
|
||
./MAKEDEV pty0
|
||
cd /
|
||
|
||
#
|
||
# create minimum file system table
|
||
#
|
||
cat > /mnt/etc/fstab <<EOM
|
||
/dev/fd0a / ufs rw 1 1
|
||
EOM
|
||
|
||
#
|
||
# create minimum passwd file
|
||
#
|
||
cat > /mnt/etc/passwd <<EOM
|
||
root:*:0:0:Charlie &:/root:/bin/sh
|
||
EOM
|
||
|
||
cat > /mnt/etc/master.passwd <<EOM
|
||
root::0:0::0:0:Charlie &:/root:/bin/sh
|
||
EOM
|
||
|
||
chmod 600 /mnt/etc/master.passwd
|
||
chmod 644 /mnt/etc/passwd
|
||
/usr/sbin/pwd_mkdb -d/mnt/etc /mnt/etc/master.passwd
|
||
|
||
#
|
||
# umount the floppy and inform the user
|
||
#
|
||
/sbin/umount /mnt
|
||
echo "The floppy has been unmounted and is now ready."]]></programlisting>
|
||
|
||
</example>
|
||
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>After the Disaster</title>
|
||
|
||
<para>The key question is: did your hardware survive? You have been
|
||
doing regular backups so there is no need to worry about the
|
||
software.</para>
|
||
|
||
<para>If the hardware has been damaged, the parts should be replaced
|
||
before attempting to use the computer.</para>
|
||
|
||
<para>If your hardware is okay, check your floppies. If you are using
|
||
a custom boot floppy, boot single-user (type <literal>-s</literal>
|
||
at the <prompt>boot:</prompt> prompt). Skip the following
|
||
paragraph.</para>
|
||
|
||
<para>If you are using the <filename>boot.flp</filename> and
|
||
<filename>fixit.flp</filename> floppies, keep reading. Insert the
|
||
<filename>boot.flp</filename> floppy in the first floppy drive and
|
||
boot the computer. The original install menu will be displayed on
|
||
the screen. Select the <literal>Fixit--Repair mode with CDROM or
|
||
floppy.</literal> option. Insert the
|
||
<filename>fixit.flp</filename> when prompted.
|
||
<command>restore</command> and the other programs that you need are
|
||
located in <filename class="directory">/mnt2/rescue</filename>
|
||
(<filename class="directory">/mnt2/stand</filename> for
|
||
&os; versions older than 5.2).</para>
|
||
|
||
<para>Recover each file system separately.</para>
|
||
|
||
<indexterm>
|
||
<primary><command>mount</command></primary>
|
||
</indexterm>
|
||
<indexterm><primary>root partition</primary></indexterm>
|
||
<indexterm>
|
||
<primary><command>bsdlabel</command></primary>
|
||
</indexterm>
|
||
<indexterm>
|
||
<primary><command>newfs</command></primary>
|
||
</indexterm>
|
||
<para>Try to <command>mount</command> (e.g. <command>mount /dev/da0a
|
||
/mnt</command>) the root partition of your first disk. If the
|
||
bsdlabel was damaged, use <command>bsdlabel</command> to re-partition and
|
||
label the disk to match the label that you printed and saved. Use
|
||
<command>newfs</command> to re-create the file systems. Re-mount the root
|
||
partition of the floppy read-write (<command>mount -u -o rw
|
||
/mnt</command>). Use your backup program and backup tapes to
|
||
recover the data for this file system (e.g. <command>restore vrf
|
||
/dev/sa0</command>). Unmount the file system (e.g. <command>umount
|
||
/mnt</command>). Repeat for each file system that was
|
||
damaged.</para>
|
||
|
||
<para>Once your system is running, backup your data onto new tapes.
|
||
Whatever caused the crash or data loss may strike again. Another
|
||
hour spent now may save you from further distress later.</para>
|
||
</sect3>
|
||
|
||
<![ %not.published; [
|
||
|
||
<sect3>
|
||
<title>* I Did Not Prepare for the Disaster, What Now?</title>
|
||
|
||
<para></para>
|
||
</sect3>
|
||
]]>
|
||
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="disks-virtual">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Marc</firstname>
|
||
<surname>Fonvieille</surname>
|
||
<contrib>Reorganized and enhanced by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
</sect1info>
|
||
<title>Network, Memory, and File-Backed File Systems</title>
|
||
<indexterm><primary>virtual disks</primary></indexterm>
|
||
<indexterm>
|
||
<primary>disks</primary>
|
||
<secondary>virtual</secondary>
|
||
</indexterm>
|
||
|
||
<para>Aside from the disks you physically insert into your computer:
|
||
floppies, CDs, hard drives, and so forth; other forms of disks
|
||
are understood by FreeBSD - the <firstterm>virtual
|
||
disks</firstterm>.</para>
|
||
|
||
<indexterm><primary>NFS</primary></indexterm>
|
||
<indexterm><primary>Coda</primary></indexterm>
|
||
<indexterm>
|
||
<primary>disks</primary>
|
||
<secondary>memory</secondary>
|
||
</indexterm>
|
||
<para>These include network file systems such as the <link
|
||
linkend="network-nfs">Network File System</link> and Coda, memory-based
|
||
file systems and
|
||
file-backed file systems.</para>
|
||
|
||
<para>According to the FreeBSD version you run, you will have to use
|
||
different tools for creation and use of file-backed and
|
||
memory-based file systems.</para>
|
||
|
||
<note>
|
||
<para>Use &man.devfs.5; to allocate device nodes transparently for the
|
||
user.</para>
|
||
</note>
|
||
|
||
<sect2 id="disks-mdconfig">
|
||
<title>File-Backed File System</title>
|
||
<indexterm>
|
||
<primary>disks</primary>
|
||
<secondary>file-backed</secondary>
|
||
</indexterm>
|
||
|
||
<para>The utility &man.mdconfig.8; is used to configure and enable
|
||
memory disks, &man.md.4;, under FreeBSD. To use
|
||
&man.mdconfig.8;, you have to load &man.md.4; module or to add
|
||
the support in your kernel configuration file:</para>
|
||
|
||
<programlisting>device md</programlisting>
|
||
|
||
<para>The &man.mdconfig.8; command supports three kinds of
|
||
memory backed virtual disks: memory disks allocated with
|
||
&man.malloc.9;, memory disks using a file or swap space as
|
||
backing. One possible use is the mounting of floppy
|
||
or CD images kept in files.</para>
|
||
|
||
<para>To mount an existing file system image:</para>
|
||
|
||
<example>
|
||
<title>Using <command>mdconfig</command> to Mount an Existing File System
|
||
Image</title>
|
||
|
||
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>diskimage</replaceable> -u <replaceable>0</replaceable></userinput>
|
||
&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>
|
||
</example>
|
||
|
||
<para>To create a new file system image with &man.mdconfig.8;:</para>
|
||
|
||
<example>
|
||
<title>Creating a New File-Backed Disk with <command>mdconfig</command></title>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
|
||
5120+0 records in
|
||
5120+0 records out
|
||
&prompt.root; <userinput>mdconfig -a -t vnode -f <replaceable>newimage</replaceable> -u <replaceable>0</replaceable></userinput>
|
||
&prompt.root; <userinput>bsdlabel -w md<replaceable>0</replaceable> auto</userinput>
|
||
&prompt.root; <userinput>newfs md<replaceable>0</replaceable>a</userinput>
|
||
/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
|
||
using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
|
||
super-block backups (for fsck -b #) at:
|
||
160, 2720, 5280, 7840
|
||
&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable>a <replaceable>/mnt</replaceable></userinput>
|
||
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
|
||
Filesystem 1K-blocks Used Avail Capacity Mounted on
|
||
/dev/md0a 4710 4 4330 0% /mnt</screen>
|
||
</example>
|
||
|
||
<para>If you do not specify the unit number with the
|
||
<option>-u</option> option, &man.mdconfig.8; will use the
|
||
&man.md.4; automatic allocation to select an unused device.
|
||
The name of the allocated unit will be output on stdout like
|
||
<devicename>md4</devicename>. For more details about
|
||
&man.mdconfig.8;, please refer to the manual page.</para>
|
||
|
||
<para>The utility &man.mdconfig.8; is very useful, however it
|
||
asks many command lines to create a file-backed file system.
|
||
FreeBSD also comes with a tool called &man.mdmfs.8;,
|
||
this program configures a &man.md.4; disk using
|
||
&man.mdconfig.8;, puts a UFS file system on it using
|
||
&man.newfs.8;, and mounts it using &man.mount.8;. For example,
|
||
if you want to create and mount the same file system image as
|
||
above, simply type the following:</para>
|
||
|
||
<example>
|
||
<title>Configure and Mount a File-Backed Disk with <command>mdmfs</command></title>
|
||
<screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
|
||
5120+0 records in
|
||
5120+0 records out
|
||
&prompt.root; <userinput>mdmfs -F <replaceable>newimage</replaceable> -s <replaceable>5</replaceable>m md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput>
|
||
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
|
||
Filesystem 1K-blocks Used Avail Capacity Mounted on
|
||
/dev/md0 4718 4 4338 0% /mnt</screen>
|
||
</example>
|
||
|
||
<para>If you use the option <option>md</option> without unit
|
||
number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to
|
||
automatically select an unused device. For more details
|
||
about &man.mdmfs.8;, please refer to the manual page.</para>
|
||
|
||
</sect2>
|
||
|
||
<sect2 id="disks-md-freebsd5">
|
||
<title>Memory-Based File System</title>
|
||
<indexterm>
|
||
<primary>disks</primary>
|
||
<secondary>memory file system</secondary>
|
||
</indexterm>
|
||
|
||
<para>For a
|
||
memory-based file system the <quote>swap backing</quote>
|
||
should normally be used. Using swap backing does not mean
|
||
that the memory disk will be swapped out to disk by default,
|
||
but merely that the memory disk will be allocated from a
|
||
memory pool which can be swapped out to disk if needed. It is
|
||
also possible to create memory-based disk which are
|
||
&man.malloc.9; backed, but using malloc backed memory disks,
|
||
especially large ones, can result in a system panic if the
|
||
kernel runs out of memory.</para>
|
||
|
||
<example>
|
||
<title>Creating a New Memory-Based Disk with
|
||
<command>mdconfig</command></title>
|
||
|
||
<screen>&prompt.root; <userinput>mdconfig -a -t malloc -s <replaceable>5</replaceable>m -u <replaceable>1</replaceable></userinput>
|
||
&prompt.root; <userinput>newfs -U md<replaceable>1</replaceable></userinput>
|
||
/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
|
||
using 4 cylinder groups of 1.27MB, 81 blks, 256 inodes.
|
||
with soft updates
|
||
super-block backups (for fsck -b #) at:
|
||
32, 2624, 5216, 7808
|
||
&prompt.root; <userinput>mount /dev/md<replaceable>1</replaceable> <replaceable>/mnt</replaceable></userinput>
|
||
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
|
||
Filesystem 1K-blocks Used Avail Capacity Mounted on
|
||
/dev/md1 4846 2 4458 0% /mnt</screen>
|
||
</example>
|
||
|
||
<example>
|
||
<title>Creating a New Memory-Based Disk with
|
||
<command>mdmfs</command></title>
|
||
<screen>&prompt.root; <userinput>mdmfs -M -s <replaceable>5</replaceable>m md<replaceable>2</replaceable> <replaceable>/mnt</replaceable></userinput>
|
||
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
|
||
Filesystem 1K-blocks Used Avail Capacity Mounted on
|
||
/dev/md2 4846 2 4458 0% /mnt</screen>
|
||
</example>
|
||
|
||
<para>Instead of using a &man.malloc.9; backed file system, it is
|
||
possible to use swap, for that just replace
|
||
<option>malloc</option> with <option>swap</option> in the
|
||
command line of &man.mdconfig.8;. The &man.mdmfs.8; utility
|
||
by default (without <option>-M</option>) creates a swap-based
|
||
disk. For more details, please refer to &man.mdconfig.8;
|
||
and &man.mdmfs.8; manual pages.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Detaching a Memory Disk from the System</title>
|
||
<indexterm>
|
||
<primary>disks</primary>
|
||
<secondary>detaching a memory disk</secondary>
|
||
</indexterm>
|
||
|
||
<para>When a memory-based or file-based file system
|
||
is not used, you should release all resources to the system.
|
||
The first thing to do is to unmount the file system, then use
|
||
&man.mdconfig.8; to detach the disk from the system and release
|
||
the resources.</para>
|
||
|
||
<para>For example to detach and free all resources used by
|
||
<filename>/dev/md4</filename>:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mdconfig -d -u <replaceable>4</replaceable></userinput></screen>
|
||
|
||
<para>It is possible to list information about configured
|
||
&man.md.4; devices in using the command <command>mdconfig
|
||
-l</command>.</para>
|
||
|
||
</sect2>
|
||
</sect1>
|
||
|
||
<sect1 id="snapshots">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Tom</firstname>
|
||
<surname>Rhodes</surname>
|
||
<contrib>Contributed by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- 15 JUL 2002 -->
|
||
</sect1info>
|
||
|
||
<title>File System Snapshots</title>
|
||
|
||
<indexterm>
|
||
<primary>file systems</primary>
|
||
<secondary>snapshots</secondary>
|
||
</indexterm>
|
||
|
||
<para>FreeBSD offers a feature in conjunction with
|
||
<link linkend="soft-updates">Soft Updates</link>: File system snapshots.</para>
|
||
|
||
<para>Snapshots allow a user to create images of specified file
|
||
systems, and treat them as a file.
|
||
Snapshot files must be created in the file system that the
|
||
action is performed on, and a user may create no more than 20
|
||
snapshots per file system. Active snapshots are recorded
|
||
in the superblock so they are persistent across unmount and
|
||
remount operations along with system reboots. When a snapshot
|
||
is no longer required, it can be removed with the standard &man.rm.1;
|
||
command. Snapshots may be removed in any order,
|
||
however all the used space may not be acquired because another snapshot will
|
||
possibly claim some of the released blocks.</para>
|
||
|
||
<para>The un-alterable <option>snapshot</option> file flag is set
|
||
by &man.mksnap.ffs.8; after initial creation of a snapshot file.
|
||
The &man.unlink.1; command makes an exception for snapshot files
|
||
since it allows them to be removed.</para>
|
||
|
||
<para>Snapshots are created with the &man.mount.8; command. To place
|
||
a snapshot of <filename>/var</filename> in the file
|
||
<filename>/var/snapshot/snap</filename> use the following
|
||
command:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mount -u -o snapshot /var/snapshot/snap /var</userinput></screen>
|
||
|
||
<para>Alternatively, you can use &man.mksnap.ffs.8; to create
|
||
a snapshot:</para>
|
||
<screen>&prompt.root; <userinput>mksnap_ffs /var /var/snapshot/snap</userinput></screen>
|
||
|
||
<para>One can find snapshot files on a file system (e.g. <filename>/var</filename>)
|
||
by using the &man.find.1; command:</para>
|
||
<screen>&prompt.root; <userinput>find /var -flags snapshot</userinput></screen>
|
||
|
||
<para>Once a snapshot has been created, it has several
|
||
uses:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>Some administrators will use a snapshot file for backup purposes,
|
||
because the snapshot can be transfered to CDs or tape.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>File integrity, &man.fsck.8; may be ran on the snapshot.
|
||
Assuming that the file system was clean when it was mounted, you
|
||
should always get a clean (and unchanging) result.
|
||
This is essentially what the
|
||
background &man.fsck.8; process does.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Run the &man.dump.8; utility on the snapshot.
|
||
A dump will be returned that is consistent with the
|
||
file system and the timestamp of the snapshot. &man.dump.8;
|
||
can also take a snapshot, create a dump image and then
|
||
remove the snapshot in one command using the
|
||
<option>-L</option> flag.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>&man.mount.8; the snapshot as a frozen image of the file system.
|
||
To &man.mount.8; the snapshot
|
||
<filename>/var/snapshot/snap</filename> run:</para>
|
||
|
||
<screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /var/snapshot/snap -u 4</userinput>
|
||
&prompt.root; <userinput>mount -r /dev/md4 /mnt</userinput></screen>
|
||
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>You can now walk the hierarchy of your frozen <filename>/var</filename>
|
||
file system mounted at <filename>/mnt</filename>. Everything will
|
||
initially be in the same state it was during the snapshot creation time.
|
||
The only exception is that any earlier snapshots will appear
|
||
as zero length files. When the use of a snapshot has delimited,
|
||
it can be unmounted with:</para>
|
||
|
||
<screen>&prompt.root; <userinput>umount /mnt</userinput>
|
||
&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>
|
||
|
||
<para>For more information about <option>softupdates</option> and
|
||
file system snapshots, including technical papers, you can visit
|
||
Marshall Kirk McKusick's website at
|
||
<ulink url="http://www.mckusick.com/"></ulink>.</para>
|
||
</sect1>
|
||
|
||
<sect1 id="quotas">
|
||
<title>磁碟空間配額(Quota)</title>
|
||
<indexterm>
|
||
<primary>accounting</primary>
|
||
<secondary>disk space</secondary>
|
||
</indexterm>
|
||
<indexterm><primary>disk quotas</primary></indexterm>
|
||
|
||
<para>磁碟配額(Quota)屬於作業系統上的選用功能,
|
||
可以用來限制使用者或群組的可用空間大小,或者檔案的總數多寡。
|
||
這功能通常用在多人共用的系統環境上,
|
||
因為要限制各使用者或各群組所能運用的系統資源。
|
||
如此一來,就可避免磁碟空間被某使用者或某群組全部耗盡。</para>
|
||
|
||
<sect2>
|
||
<title>啟用磁碟配額</title>
|
||
|
||
<para>在用磁碟配額之前,請先確認 kernel 已經有作相關設定,也就是
|
||
kernel 設定檔要有下面這行:</para>
|
||
|
||
<programlisting>options QUOTA</programlisting>
|
||
|
||
<para>預設的 <filename>GENERIC</filename> kernel 並不會加上這項,
|
||
所以若要啟用就必需加上,並重新編譯、安裝 kernel。 kernel
|
||
設定部分可參閱 <xref linkend="kernelconfig"/> 的說明。</para>
|
||
|
||
<para>接著就是在 <filename>/etc/rc.conf</filename> 設定啟動磁碟配額。
|
||
請加上下列這行:</para>
|
||
|
||
<programlisting>enable_quotas="YES"</programlisting>
|
||
<indexterm>
|
||
<primary>disk quotas</primary>
|
||
<secondary>checking</secondary>
|
||
</indexterm>
|
||
<para>為了能更完善的控管磁碟配額的啟動,還有一個設定可以用。 通常開機時,
|
||
&man.quotacheck.8; 程式會檢查各檔案系統上的配額。
|
||
&man.quotacheck.8; 可以確保配額資料庫的資料與實際檔案系統的資料有符合。
|
||
但這功能也會在開機時,會對啟動時間造成相當明顯的影響。
|
||
若想跳過這步驟,則可以在 <filename>/etc/rc.conf</filename> 加上:</para>
|
||
|
||
<programlisting>check_quotas="NO"</programlisting>
|
||
|
||
<para>最後,要記得改 <filename>/etc/fstab</filename>
|
||
來啟用以檔案系統為對象的磁碟配額功能。 也可以啟用針對使用者或群組,
|
||
或者兩者皆有之的磁碟配額。</para>
|
||
|
||
<para>若要啟用針對使用者的配額,可以在 <filename>/etc/fstab</filename>
|
||
內要設定的檔案系統加上 <option>userquota</option> 選項。 比如:</para>
|
||
|
||
<programlisting>/dev/da1s2g /home ufs rw,userquota 1 2</programlisting>
|
||
|
||
<para>同理若要啟用針對群組的配額,則把剛剛的 <option>userquota</option>
|
||
換成 <option>groupquota</option> 即可。 而若要兩者同時啟用,
|
||
那麼則是:</para>
|
||
|
||
<programlisting>/dev/da1s2g /home ufs rw,userquota,groupquota 1 2</programlisting>
|
||
|
||
<para>針對使用者以及群組的磁碟配額設定檔,預設分別會放在該檔案系統根目錄的
|
||
<filename>quota.user</filename> 以及 <filename>quota.group</filename>
|
||
。 細節部分請參閱 &man.fstab.5;。
|
||
雖然 &man.fstab.5; 提到可以為配額設定檔指定其他地方,但並不建議如此作,
|
||
因為各種磁碟配額管理工具並不見得對這些預設值能隨之彈性變化。</para>
|
||
|
||
<para>接下來就可以用新 kernel 來重開機。 <filename>/etc/rc</filename>
|
||
會自動執行相關指令以對 <filename>/etc/fstab</filename>
|
||
有設定配額管理的部分,作初始設定。
|
||
所以並不需要逐一手動產生相關空的配額設定檔。</para>
|
||
|
||
<para>正常操作過程中,並不需要手動執行 &man.quotacheck.8;、&man.quotaon.8;
|
||
、&man.quotaoff.8; 這些指令。 不過,若要更熟悉相關操作方式的話,
|
||
或許可以閱讀相關的 manual 線上說明。</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>設定配額限制</title>
|
||
<indexterm>
|
||
<primary>disk quotas</primary>
|
||
<secondary>limits</secondary>
|
||
</indexterm>
|
||
|
||
<para>一旦開始啟用配額管理之後,請記得確認是否有真的啟用。
|
||
可以打下列指令來作簡單檢查:</para>
|
||
|
||
<screen>&prompt.root; <userinput>quota -v</userinput></screen>
|
||
|
||
<para>應該可以看到有關各檔案系統的配額限量,
|
||
以及現在使用量的摘要訊息。</para>
|
||
|
||
<para>現在可以開始用 &man.edquota.8; 來設定各磁碟配額的限制。</para>
|
||
|
||
<para>有幾種選項可以用來限制使用者或群組所能運用的磁碟空間,
|
||
以及所能建立的檔案數量多寡。 可以依磁碟空間(block 配額)或檔案數量
|
||
(inode 配額),或者搭配兩者一起設定。 而每種限制還可以細分為兩類:
|
||
hard(硬性)上限、soft(彈性)上限。</para>
|
||
|
||
<indexterm><primary>hard limit</primary></indexterm>
|
||
<para>硬性上限是不能超過的。 一旦使用者達到硬性上限時,
|
||
就無法在該檔案系統上繼續使用更多的使用空間了。
|
||
舉例來說,若有位使用者的硬性上限為 500 KB,而目前用了 490 KB,
|
||
那麼他就只能再多用 10 KB 而已,若要新增的檔案有 11 KB 就會失敗。</para>
|
||
|
||
<indexterm><primary>soft limit</primary></indexterm>
|
||
<para>然而,彈性上限則可允許一定時間內的超額使用,這段期間稱為
|
||
grace period(寬限期),預設值是一週。 若使用者持續超額使用並超出
|
||
grace period 而逾期,則彈性上限就會轉為硬性上限,
|
||
而不允許該使用者繼續新增空間。
|
||
直到該使用者的空間已經清到低於彈性上限之後,才會重設
|
||
grace period。</para>
|
||
|
||
<para>下面則是使用 &man.edquota.8; 的例子。 在執行 &man.edquota.8;
|
||
時,會進入設定磁碟配額上限的編輯器內,至於是哪一種編輯器則視您的
|
||
<envar>EDITOR</envar> 環境變數而定,若沒設定 <envar>EDITOR</envar>
|
||
的話,則會用 <application>vi</application> 編輯器。</para>
|
||
|
||
<screen>&prompt.root; <userinput>edquota -u test</userinput></screen>
|
||
|
||
<programlisting>Quotas for user test:
|
||
/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
|
||
inodes in use: 7, limits (soft = 50, hard = 60)
|
||
/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
|
||
inodes in use: 0, limits (soft = 50, hard = 60)</programlisting>
|
||
|
||
<para>一般來說,每個啟動了磁碟配額的檔案系統都會有兩行設定。
|
||
第一行是 block 上限,而另一行則是 inode 上限。
|
||
若要更改磁碟配額上限,只需要修改後面的數值即可。 舉例來說,
|
||
要增加這位使用者的 block 上限部分:把彈性上限 50 調為 500,
|
||
硬性上限則由 75 調為 600 ,只需修改下面這行:</para>
|
||
|
||
<programlisting>/usr: kbytes in use: 65, limits (soft = 50, hard = 75)</programlisting>
|
||
|
||
<para>改為下列:</para>
|
||
|
||
<programlisting>/usr: kbytes in use: 65, limits (soft = 500, hard = 600)</programlisting>
|
||
|
||
<para>然後存檔離開後,新的配額設定就會立即生效。</para>
|
||
|
||
<para>有時候會想一次改大範圍 UID 的帳號設定,這時可以用 &man.edquota.8;
|
||
的 <option>-p</option> 參數功能來完成。 首先,
|
||
把某個帳號調為想要的相關配額,然後可以用
|
||
<command>edquota -p protouser startuid-enduid</command> 之類的方式來改。
|
||
舉例來說,假設 <username>test</username> 這帳號已經設定好相關配額,
|
||
然後要改的對象為 UID 從 10,000 到 19,999 的帳號,
|
||
那麼就可以下列指令來設定同樣的配額:</para>
|
||
|
||
<screen>&prompt.root; <userinput>edquota -p test 10000-19999</userinput></screen>
|
||
|
||
<para>細節說明請參閱 &man.edquota.8;。</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>檢查磁碟配額設定、磁碟使用量</title>
|
||
<indexterm>
|
||
<primary>disk quotas</primary>
|
||
<secondary>checking</secondary>
|
||
</indexterm>
|
||
|
||
<para>可以用 &man.quota.1; 或 &man.repquota.8; 來檢查磁碟配額設定,
|
||
以及磁碟使用量。 &man.quota.1; 可用來檢查單一使用者或群組的磁碟配額、
|
||
磁碟使用量。 不過一般帳號只能查自己的以及自己群組的磁碟配額、
|
||
磁碟使用量,只有系統管理者帳號才能察看所有使用者、
|
||
群組的配額設定與使用量。 而 &man.repquota.8;
|
||
則可以看到所有已啟動磁碟配額的檔案系統設定、磁碟使用量摘要。</para>
|
||
|
||
<para>下面例子則是在兩個有配額設定的檔案系統上,打
|
||
<command>quota -v</command> 的顯示結果:</para>
|
||
|
||
<programlisting>Disk quotas for user test (uid 1002):
|
||
Filesystem usage quota limit grace files quota limit grace
|
||
/usr 65* 50 75 5days 7 50 60
|
||
/usr/var 0 50 75 0 50 60</programlisting>
|
||
|
||
<indexterm><primary>grace period</primary></indexterm>
|
||
<para>在上面這例中,該使用者在 <filename>/usr</filename> 的彈性配額是
|
||
50 KB,實際上已經超額多用 15 KB,而 grace period 還有 5 天就逾期。
|
||
請注意這個星號 <literal>*</literal>
|
||
是表示目前該使用者已經超越其配額的彈性上限了。</para>
|
||
|
||
<para>一般來說,若使用者並沒有用到某個檔案系統,
|
||
那麼就算該檔案有啟用磁碟配額,在 &man.quota.1; 也不會顯示出來。
|
||
而 <option>-v</option> 參數則可以把這些檔案系統都全部列出來,
|
||
比如上例中的 <filename>/usr/var</filename>。</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>透過 NFS 使用磁碟配額</title>
|
||
<indexterm><primary>NFS</primary></indexterm>
|
||
|
||
<para>NFS server 端可以強制以 quota subsystem(配額子系統)來用磁碟配額。
|
||
而 NFS client 端則可以透過 &man.rpc.rquotad.8; daemon 來讓 &man.quota.1;
|
||
指令抓到相關配額資料,也就可以讓 client
|
||
端的使用者察看其配額的統計資料。</para>
|
||
|
||
<para>若要啟用 <command>rpc.rquotad</command>,可以在
|
||
<filename>/etc/inetd.conf</filename> 加上下列類似設定:</para>
|
||
|
||
<programlisting>rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad</programlisting>
|
||
|
||
<para>然後重啟 <command>inetd</command> 即可:</para>
|
||
|
||
<screen>&prompt.root; <userinput>kill -HUP `cat /var/run/inetd.pid`</userinput></screen>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
|
||
<sect1 id="disks-encrypting">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Lucky</firstname>
|
||
<surname>Green</surname>
|
||
<contrib>Contributed by </contrib>
|
||
<affiliation>
|
||
<address><email>shamrock@cypherpunks.to</email></address>
|
||
</affiliation>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- 11 MARCH 2003 -->
|
||
</sect1info>
|
||
|
||
<title>Encrypting Disk Partitions</title>
|
||
<indexterm>
|
||
<primary>disks</primary>
|
||
<secondary>encrypting</secondary></indexterm>
|
||
|
||
<para>FreeBSD offers excellent online protections against
|
||
unauthorized data access. File permissions and Mandatory
|
||
Access Control (MAC) (see <xref linkend="mac"/>) help prevent
|
||
unauthorized third-parties from accessing data while the operating
|
||
system is active and the computer is powered up. However,
|
||
the permissions enforced by the operating system are irrelevant if an
|
||
attacker has physical access to a computer and can simply move
|
||
the computer's hard drive to another system to copy and analyze
|
||
the sensitive data.</para>
|
||
|
||
<para>Regardless of how an attacker may have come into possession of
|
||
a hard drive or powered-down computer, both <application>GEOM
|
||
Based Disk Encryption (gbde)</application> and
|
||
<command>geli</command> cryptographic subsystems in &os; are able
|
||
to protect the data on the computer's file systems against even
|
||
highly-motivated attackers with significant resources. Unlike
|
||
cumbersome encryption methods that encrypt only individual files,
|
||
<command>gbde</command> and <command>geli</command> transparently
|
||
encrypt entire file systems. No cleartext ever touches the hard
|
||
drive's platter.</para>
|
||
|
||
<sect2>
|
||
<title>Disk Encryption with <application>gbde</application></title>
|
||
|
||
<procedure>
|
||
<step>
|
||
<title>Become <username>root</username></title>
|
||
|
||
<para>Configuring <application>gbde</application> requires
|
||
super-user privileges.</para>
|
||
|
||
<screen>&prompt.user; <userinput>su -</userinput>
|
||
Password:</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Add &man.gbde.4; Support to the Kernel Configuration File</title>
|
||
|
||
<para>Add the following line to the kernel configuration
|
||
file:</para>
|
||
|
||
<para><literal>options GEOM_BDE</literal></para>
|
||
|
||
<para>Rebuild the kernel as described in <xref
|
||
linkend="kernelconfig"/>.</para>
|
||
|
||
<para>Reboot into the new kernel.</para>
|
||
</step>
|
||
</procedure>
|
||
|
||
<sect3>
|
||
<title>Preparing the Encrypted Hard Drive</title>
|
||
|
||
<para>The following example assumes that you are adding a new hard
|
||
drive to your system that will hold a single encrypted partition.
|
||
This partition will be mounted as <filename>/private</filename>.
|
||
<application>gbde</application> can also be used to encrypt
|
||
<filename>/home</filename> and <filename>/var/mail</filename>, but
|
||
this requires more complex instructions which exceed the scope of
|
||
this introduction.</para>
|
||
|
||
<procedure>
|
||
<step>
|
||
<title>Add the New Hard Drive</title>
|
||
|
||
<para>Install the new drive to the system as explained in <xref
|
||
linkend="disks-adding"/>. For the purposes of this example,
|
||
a new hard drive partition has been added as
|
||
<filename>/dev/ad4s1c</filename>. The
|
||
<filename>/dev/ad0s1<replaceable>*</replaceable></filename>
|
||
devices represent existing standard FreeBSD partitions on
|
||
the example system.</para>
|
||
|
||
<screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
|
||
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
|
||
/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
|
||
/dev/ad0s1a /dev/ad0s1d /dev/ad4</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Create a Directory to Hold gbde Lock Files</title>
|
||
|
||
<screen>&prompt.root; <userinput>mkdir /etc/gbde</userinput></screen>
|
||
|
||
<para>The <application>gbde</application> lock file contains
|
||
information that <application>gbde</application> requires to
|
||
access encrypted partitions. Without access to the lock file,
|
||
<application>gbde</application> will not be able to decrypt
|
||
the data contained in the encrypted partition without
|
||
significant manual intervention which is not supported by the
|
||
software. Each encrypted partition uses a separate lock
|
||
file.</para>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Initialize the gbde Partition</title>
|
||
|
||
<para>A <application>gbde</application> partition must be
|
||
initialized before it can be used. This initialization needs to
|
||
be performed only once:</para>
|
||
|
||
<screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c</userinput></screen>
|
||
|
||
<para>&man.gbde.8; will open your editor, permitting you to set
|
||
various configuration options in a template. For use with UFS1
|
||
or UFS2, set the sector_size to 2048:</para>
|
||
|
||
<programlisting>$<!-- This is not the space you are looking
|
||
for-->FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $
|
||
#
|
||
# Sector size is the smallest unit of data which can be read or written.
|
||
# Making it too small decreases performance and decreases available space.
|
||
# Making it too large may prevent filesystems from working. 512 is the
|
||
# minimum and always safe. For UFS, use the fragment size
|
||
#
|
||
sector_size = 2048
|
||
[...]
|
||
</programlisting>
|
||
|
||
<para>&man.gbde.8; will ask you twice to type the passphrase that
|
||
should be used to secure the data. The passphrase must be the
|
||
same both times. <application>gbde</application>'s ability to
|
||
protect your data depends entirely on the quality of the
|
||
passphrase that you choose.
|
||
<footnote>
|
||
<para>For tips on how to select a secure passphrase that is easy
|
||
to remember, see the <ulink
|
||
url="http://world.std.com/~reinhold/diceware.html">Diceware
|
||
Passphrase</ulink> website.</para></footnote></para>
|
||
|
||
<para>The <command>gbde init</command> command creates a lock
|
||
file for your <application>gbde</application> partition that in
|
||
this example is stored as
|
||
<filename>/etc/gbde/ad4s1c</filename>.</para>
|
||
|
||
<caution>
|
||
<para><application>gbde</application> lock files
|
||
<emphasis>must</emphasis> be backed up together with the
|
||
contents of any encrypted partitions. While deleting a lock
|
||
file alone cannot prevent a determined attacker from
|
||
decrypting a <application>gbde</application> partition,
|
||
without the lock file, the legitimate owner will be unable
|
||
to access the data on the encrypted partition without a
|
||
significant amount of work that is totally unsupported by
|
||
&man.gbde.8; and its designer.</para>
|
||
</caution>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Attach the Encrypted Partition to the Kernel</title>
|
||
|
||
<screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
|
||
|
||
<para> You will be asked to provide the passphrase that you
|
||
selected during the initialization of the encrypted partition.
|
||
The new encrypted device will show up in
|
||
<filename>/dev</filename> as
|
||
<filename>/dev/device_name.bde</filename>:</para>
|
||
|
||
<screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
|
||
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
|
||
/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
|
||
/dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bde</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Create a File System on the Encrypted Device</title>
|
||
|
||
<para>Once the encrypted device has been attached to the kernel,
|
||
you can create a file system on the device. To create a file
|
||
system on the encrypted device, use &man.newfs.8;. Since it is
|
||
much faster to initialize a new UFS2 file system than it is to
|
||
initialize the old UFS1 file system, using &man.newfs.8; with
|
||
the <option>-O2</option> option is recommended.</para>
|
||
|
||
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
|
||
|
||
<note>
|
||
<para>The &man.newfs.8; command must be performed on an
|
||
attached <application>gbde</application> partition which
|
||
is identified by a
|
||
<filename><replaceable>*</replaceable>.bde</filename>
|
||
extension to the device name.</para>
|
||
</note>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Mount the Encrypted Partition</title>
|
||
|
||
<para>Create a mount point for the encrypted file system.</para>
|
||
|
||
<screen>&prompt.root; <userinput>mkdir /private</userinput></screen>
|
||
|
||
<para>Mount the encrypted file system.</para>
|
||
|
||
<screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Verify That the Encrypted File System is Available</title>
|
||
|
||
<para>The encrypted file system should now be visible to
|
||
&man.df.1; and be available for use.</para>
|
||
|
||
<screen>&prompt.user; <userinput>df -H</userinput>
|
||
Filesystem Size Used Avail Capacity Mounted on
|
||
/dev/ad0s1a 1037M 72M 883M 8% /
|
||
/devfs 1.0K 1.0K 0B 100% /dev
|
||
/dev/ad0s1f 8.1G 55K 7.5G 0% /home
|
||
/dev/ad0s1e 1037M 1.1M 953M 0% /tmp
|
||
/dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr
|
||
/dev/ad4s1c.bde 150G 4.1K 138G 0% /private</screen>
|
||
</step>
|
||
</procedure>
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>Mounting Existing Encrypted File Systems</title>
|
||
|
||
<para>After each boot, any encrypted file systems must be
|
||
re-attached to the kernel, checked for errors, and mounted, before
|
||
the file systems can be used. The required commands must be
|
||
executed as user <username>root</username>.</para>
|
||
|
||
<procedure>
|
||
<step>
|
||
<title>Attach the gbde Partition to the Kernel</title>
|
||
|
||
<screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c</userinput></screen>
|
||
|
||
<para>You will be asked to provide the passphrase that you
|
||
selected during initialization of the encrypted
|
||
<application>gbde</application> partition.</para>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Check the File System for Errors</title>
|
||
|
||
<para>Since encrypted file systems cannot yet be listed in
|
||
<filename>/etc/fstab</filename> for automatic mounting, the
|
||
file systems must be checked for errors by running &man.fsck.8;
|
||
manually before mounting.</para>
|
||
|
||
<screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Mount the Encrypted File System</title>
|
||
|
||
<screen>&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
|
||
|
||
<para>The encrypted file system is now available for use.</para>
|
||
</step>
|
||
</procedure>
|
||
|
||
<sect4>
|
||
<title>Automatically Mounting Encrypted Partitions</title>
|
||
|
||
<para>It is possible to create a script to automatically attach,
|
||
check, and mount an encrypted partition, but for security reasons
|
||
the script should not contain the &man.gbde.8; password. Instead,
|
||
it is recommended that such scripts be run manually while
|
||
providing the password via the console or &man.ssh.1;.</para>
|
||
|
||
<para>As of &os; 5.2-RELEASE, there is a new <filename>rc.d</filename> script
|
||
provided. Arguments for this script can be passed via
|
||
&man.rc.conf.5;, for example:</para>
|
||
|
||
<screen>gbde_autoattach_all="YES"
|
||
gbde_devices="ad4s1c"</screen>
|
||
|
||
<para>This will require that the <application>gbde</application>
|
||
passphrase be entered at boot time. After typing the correct
|
||
passphrase, the <application>gbde</application> encrypted
|
||
partition will be mounted automatically. This can be very
|
||
useful when using <application>gbde</application> on
|
||
notebooks.</para>
|
||
</sect4>
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>Cryptographic Protections Employed by gbde</title>
|
||
|
||
<para>&man.gbde.8; encrypts the sector payload using 128-bit AES in
|
||
CBC mode. Each sector on the disk is encrypted with a different
|
||
AES key. For more information on <application>gbde</application>'s
|
||
cryptographic design, including how the sector keys are derived
|
||
from the user-supplied passphrase, see &man.gbde.4;.</para>
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>Compatibility Issues</title>
|
||
|
||
<para>&man.sysinstall.8; is incompatible with
|
||
<application>gbde</application>-encrypted devices. All
|
||
<devicename><replaceable>*</replaceable>.bde</devicename> devices must be detached from the
|
||
kernel before starting &man.sysinstall.8; or it will crash during
|
||
its initial probing for devices. To detach the encrypted device
|
||
used in our example, use the following command:</para>
|
||
<screen>&prompt.root; <userinput>gbde detach /dev/ad4s1c</userinput></screen>
|
||
|
||
<para>Also note that, as &man.vinum.4; does not use the
|
||
&man.geom.4; subsystem, you cannot use
|
||
<application>gbde</application> with
|
||
<application>vinum</application> volumes.</para>
|
||
</sect3>
|
||
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<sect2info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Daniel</firstname>
|
||
<surname>Gerzo</surname>
|
||
<contrib>Contributed by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
<!-- Date of writing: 28 November 2005 -->
|
||
</sect2info>
|
||
|
||
<title>Disk Encryption with <command>geli</command></title>
|
||
|
||
<para>A new cryptographic GEOM class is available as of &os; 6.0 -
|
||
<command>geli</command>. It is currently being developed by
|
||
&a.pjd;. <command>Geli</command> is different to
|
||
<command>gbde</command>; it offers different features and uses
|
||
a different scheme for doing cryptographic work.</para>
|
||
|
||
<para>The most important features of &man.geli.8; are:</para>
|
||
|
||
<itemizedlist>
|
||
<listitem>
|
||
<para>Utilizes the &man.crypto.9; framework — when
|
||
cryptographic hardware is available, <command>geli</command>
|
||
will use it automatically.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Supports multiple cryptographic algorithms (currently
|
||
AES, Blowfish, and 3DES).</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Allows the root partition to be encrypted. The
|
||
passphrase used to access the encrypted root partition will
|
||
be requested during the system boot.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Allows the use of two independent keys (e.g. a
|
||
<quote>key</quote> and a <quote>company key</quote>).</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para><command>geli</command> is fast - performs simple
|
||
sector-to-sector encryption.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Allows backup and restore of Master Keys. When a user
|
||
has to destroy his keys, it will be possible to get access
|
||
to the data again by restoring keys from the backup.</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>Allows to attach a disk with a random, one-time key
|
||
— useful for swap partitions and temporary file
|
||
systems.</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
<para>More <command>geli</command> features can be found in the
|
||
&man.geli.8; manual page.</para>
|
||
|
||
<para>The next steps will describe how to enable support for
|
||
<command>geli</command> in the &os; kernel and will explain how
|
||
to create a new <command>geli</command> encryption provider. At
|
||
the end it will be demonstrated how to create an encrypted swap
|
||
partition using features provided by <command>geli</command>.</para>
|
||
|
||
<para>In order to use <command>geli</command>, you must be running
|
||
&os; 6.0-RELEASE or later. Super-user privileges will be
|
||
required since modifications to the kernel are necessary.</para>
|
||
|
||
<procedure>
|
||
<step>
|
||
<title>Adding <command>geli</command> Support to the Kernel
|
||
Configuration File</title>
|
||
|
||
<para>Add the following lines to the kernel configuration
|
||
file:</para>
|
||
|
||
<screen>options GEOM_ELI
|
||
device crypto</screen>
|
||
|
||
<para>Rebuild the kernel as described in <xref
|
||
linkend="kernelconfig"/>.</para>
|
||
|
||
<para>Alternatively, the <command>geli</command> module can
|
||
be loaded at boot time. Add the following line to the
|
||
<filename>/boot/loader.conf</filename>:</para>
|
||
|
||
<para><literal>geom_eli_load="YES"</literal></para>
|
||
|
||
<para>&man.geli.8; should now be supported by the kernel.</para>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Generating the Master Key</title>
|
||
|
||
<para>The following example will describe how to generate a
|
||
key file, which will be used as part of the Master Key for
|
||
the encrypted provider mounted under
|
||
<filename role="directory">/private</filename>. The key
|
||
file will provide some random data used to encrypt the
|
||
Master Key. The Master Key will be protected by a
|
||
passphrase as well. Provider's sector size will be 4kB big.
|
||
Furthermore, the discussion will describe how to attach the
|
||
<command>geli</command> provider, create a file system on
|
||
it, how to mount it, how to work with it, and finally how to
|
||
detach it.</para>
|
||
|
||
<para>It is recommended to use a bigger sector size (like 4kB) for
|
||
better performance.</para>
|
||
|
||
<para>The Master Key will be protected with a passphrase and
|
||
the data source for key file will be
|
||
<filename>/dev/random</filename>. The sector size of
|
||
<filename>/dev/da2.eli</filename>, which we call provider,
|
||
will be 4kB.</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput>
|
||
&prompt.root; <userinput>geli init -s 4096 -K /root/da2.key /dev/da2</userinput>
|
||
Enter new passphrase:
|
||
Reenter new passphrase:</screen>
|
||
|
||
<para>It is not mandatory that both a passphrase and a key
|
||
file are used; either method of securing the Master Key can
|
||
be used in isolation.</para>
|
||
|
||
<para>If key file is given as <quote>-</quote>, standard
|
||
input will be used. This example shows how more than one
|
||
key file can be used.</para>
|
||
|
||
<screen>&prompt.root; <userinput>cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2</userinput></screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Attaching the Provider with the generated Key</title>
|
||
|
||
<screen>&prompt.root; <userinput>geli attach -k /root/da2.key /dev/da2</userinput>
|
||
Enter passphrase:</screen>
|
||
|
||
<para>The new plaintext device will be named
|
||
<filename>/dev/<replaceable>da2</replaceable>.eli</filename>.</para>
|
||
|
||
<screen>&prompt.root; <userinput>ls /dev/da2*</userinput>
|
||
/dev/da2 /dev/da2.eli</screen>
|
||
</step>
|
||
|
||
<step>
|
||
<title>Creating the new File System</title>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/da2.eli bs=1m</userinput>
|
||
&prompt.root; <userinput>newfs /dev/da2.eli</userinput>
|
||
&prompt.root; <userinput>mount /dev/da2.eli /private</userinput></screen>
|
||
|
||
<para>The encrypted file system should be visible to &man.df.1;
|
||
and be available for use now.</para>
|
||
|
||
<screen>&prompt.root; <userinput>df -H</userinput>
|
||
Filesystem Size Used Avail Capacity Mounted on
|
||
/dev/ad0s1a 248M 89M 139M 38% /
|
||
/devfs 1.0K 1.0K 0B 100% /dev
|
||
/dev/ad0s1f 7.7G 2.3G 4.9G 32% /usr
|
||
/dev/ad0s1d 989M 1.5M 909M 0% /tmp
|
||
/dev/ad0s1e 3.9G 1.3G 2.3G 35% /var
|
||
/dev/da2.eli 150G 4.1K 138G 0% /private</screen>
|
||
|
||
</step>
|
||
|
||
<step>
|
||
<title>Unmounting and Detaching the Provider</title>
|
||
|
||
<para>Once the work on the encrypted partition is done, and
|
||
the <filename role="directory">/private</filename> partition
|
||
is no longer needed, it is prudent to consider unmounting
|
||
and detaching the <command>geli</command> encrypted
|
||
partition from the kernel.</para>
|
||
|
||
<screen>&prompt.root; <userinput>umount /private</userinput>
|
||
&prompt.root; <userinput>geli detach da2.eli</userinput></screen>
|
||
</step>
|
||
</procedure>
|
||
|
||
<para>More information about the use of &man.geli.8; can be
|
||
found in the manual page.</para>
|
||
|
||
<sect3>
|
||
<title>Encrypting a Swap Partition</title>
|
||
|
||
<para>The following example demonstrates how to create a
|
||
<command>geli</command> encrypted swap partition.</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput>
|
||
&prompt.root; <userinput>geli onetime -d -a 3des ad0s1b</userinput>
|
||
&prompt.root; <userinput>swapon /dev/ad0s1b.eli</userinput></screen>
|
||
</sect3>
|
||
|
||
<sect3>
|
||
<title>Using the <filename>geli</filename> <filename>rc.d</filename> Script</title>
|
||
|
||
<para><command>geli</command> comes with a <filename>rc.d</filename> script which
|
||
can be used to simplify the usage of <command>geli</command>.
|
||
An example of configuring <command>geli</command> through
|
||
&man.rc.conf.5; follows:</para>
|
||
|
||
<screen>geli_devices="da2"
|
||
geli_da2_flags="-p -k /root/da2.key"</screen>
|
||
|
||
<para>This will configure <filename>/dev/da2</filename> as a
|
||
<command>geli</command> provider of which the Master Key file
|
||
is located in <filename>/root/da2.key</filename>, and
|
||
<command>geli</command> will not use a passphrase when
|
||
attaching the provider (note that this can only be used if -P
|
||
was given during the <command>geli</command> init phase). The
|
||
system will detach the <command>geli</command> provider from
|
||
the kernel before the system shuts down.</para>
|
||
|
||
<para>More information about configuring <filename>rc.d</filename> is provided in the
|
||
<link linkend="configtuning-rcd">rc.d</link> section of the
|
||
Handbook.</para>
|
||
</sect3>
|
||
</sect2>
|
||
</sect1>
|
||
|
||
|
||
<sect1 id="swap-encrypting">
|
||
<sect1info>
|
||
<authorgroup>
|
||
<author>
|
||
<firstname>Christian</firstname>
|
||
<surname>Brüffer</surname>
|
||
<contrib>Written by </contrib>
|
||
</author>
|
||
</authorgroup>
|
||
</sect1info>
|
||
|
||
<title>Encrypting Swap Space</title>
|
||
<indexterm>
|
||
<primary>swap</primary>
|
||
<secondary>encrypting</secondary>
|
||
</indexterm>
|
||
|
||
<para>Swap encryption in &os; is easy to configure and has been
|
||
available since &os; 5.3-RELEASE. Depending on which version
|
||
of &os; is being used, different options are available
|
||
and configuration can vary slightly. From &os; 6.0-RELEASE onwards,
|
||
the &man.gbde.8; or &man.geli.8; encryption systems can be used
|
||
for swap encryption. With earlier versions, only &man.gbde.8; is
|
||
available. Both systems use the <filename>encswap</filename>
|
||
<link linkend="configtuning-rcd">rc.d</link> script.</para>
|
||
|
||
<para>The previous section, <link linkend="disks-encrypting">Encrypting
|
||
Disk Partitions</link>, includes a short discussion on the different
|
||
encryption systems.</para>
|
||
|
||
<sect2>
|
||
<title>Why should Swap be Encrypted?</title>
|
||
|
||
<para>Like the encryption of disk partitions, encryption of swap space
|
||
is done to protect sensitive information. Imagine an application
|
||
that e.g. deals with passwords. As long as these passwords stay in
|
||
physical memory, all is well. However, if the operating system starts
|
||
swapping out memory pages to free space for other applications, the
|
||
passwords may be written to the disk platters unencrypted and easy to
|
||
retrieve for an adversary. Encrypting swap space can be a solution for
|
||
this scenario.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Preparation</title>
|
||
|
||
<note>
|
||
<para>For the remainder of this section, <devicename>ad0s1b</devicename>
|
||
will be the swap partition.</para>
|
||
</note>
|
||
|
||
<para>Up to this point the swap has been unencrypted. It is possible that
|
||
there are already passwords or other sensitive data on the disk platters
|
||
in cleartext. To rectify this, the data on the swap partition should be
|
||
overwritten with random garbage:</para>
|
||
|
||
<screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/ad0s1b bs=1m</userinput></screen>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Swap Encryption with &man.gbde.8;</title>
|
||
|
||
<para>If &os; 6.0-RELEASE or newer is being used, the
|
||
<literal>.bde</literal> suffix should be added to the device in the
|
||
respective <filename>/etc/fstab</filename> swap line:</para>
|
||
|
||
<screen>
|
||
# Device Mountpoint FStype Options Dump Pass#
|
||
/dev/ad0s1b.bde none swap sw 0 0
|
||
</screen>
|
||
|
||
<para>For systems prior to &os; 6.0-RELEASE, the following line
|
||
in <filename>/etc/rc.conf</filename> is also needed:</para>
|
||
|
||
<programlisting>gbde_swap_enable="YES"</programlisting>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Swap Encryption with &man.geli.8;</title>
|
||
|
||
<para>Alternatively, the procedure for using &man.geli.8; for swap
|
||
encryption is similar to that of using &man.gbde.8;. The
|
||
<literal>.eli</literal> suffix should be added to the device in the
|
||
respective <filename>/etc/fstab</filename> swap line:</para>
|
||
|
||
<screen>
|
||
# Device Mountpoint FStype Options Dump Pass#
|
||
/dev/ad0s1b.eli none swap sw 0 0
|
||
</screen>
|
||
|
||
<para>&man.geli.8; uses the <acronym>AES</acronym> algorithm with
|
||
a key length of 256 bit by default.</para>
|
||
|
||
<para>Optionally, these defaults can be altered using the
|
||
<literal>geli_swap_flags</literal> option in
|
||
<filename>/etc/rc.conf</filename>. The following line tells the
|
||
<filename>encswap</filename> rc.d script to create &man.geli.8; swap
|
||
partitions using the Blowfish algorithm with a key length of 128 bit,
|
||
a sectorsize of 4 kilobytes and the <quote>detach on last close</quote>
|
||
option set:</para>
|
||
|
||
<programlisting>geli_swap_flags="-a blowfish -l 128 -s 4096 -d"</programlisting>
|
||
|
||
<para>Please refer to the description of the <command>onetime</command> command
|
||
in the &man.geli.8; manual page for a list of possible options.</para>
|
||
</sect2>
|
||
|
||
<sect2>
|
||
<title>Verifying that it Works</title>
|
||
|
||
<para>Once the system has been rebooted, proper operation of the
|
||
encrypted swap can be verified using the
|
||
<command>swapinfo</command> command.</para>
|
||
|
||
<para>If &man.gbde.8; is being used:</para>
|
||
|
||
<screen>&prompt.user; <userinput>swapinfo</userinput>
|
||
Device 1K-blocks Used Avail Capacity
|
||
/dev/ad0s1b.bde 542720 0 542720 0%
|
||
</screen>
|
||
|
||
<para>If &man.geli.8; is being used:</para>
|
||
|
||
<screen>&prompt.user; <userinput>swapinfo</userinput>
|
||
Device 1K-blocks Used Avail Capacity
|
||
/dev/ad0s1b.eli 542720 0 542720 0%
|
||
</screen>
|
||
</sect2>
|
||
</sect1>
|
||
</chapter>
|