diff options
Diffstat (limited to 'documentation/content/el/books/handbook/disks/_index.adoc')
| -rw-r--r-- | documentation/content/el/books/handbook/disks/_index.adoc | 212 |
1 files changed, 106 insertions, 106 deletions
diff --git a/documentation/content/el/books/handbook/disks/_index.adoc b/documentation/content/el/books/handbook/disks/_index.adoc index cf1cc32c2f..e1f2685c99 100644 --- a/documentation/content/el/books/handbook/disks/_index.adoc +++ b/documentation/content/el/books/handbook/disks/_index.adoc @@ -131,7 +131,7 @@ If the disk to be added is not blank, old partition information can be removed w The partition scheme is created, and then a single partition is added: -[source,bash] +[source,shell] .... # gpart create -s GPT ada1 # gpart add -t freebsd-ufs ada1 @@ -141,14 +141,14 @@ Depending on use, several smaller partitions may be desired. See man:gpart[8] fo A file system is created on the new blank disk: -[source,bash] +[source,shell] .... # newfs -U /dev/ada1p1 .... An empty directory is created as a _mountpoint_, a location for mounting the new disk in the original disk's file system: -[source,bash] +[source,shell] .... # mkdir /newdisk .... @@ -162,7 +162,7 @@ Finally, an entry is added to [.filename]#/etc/fstab# so the new disk will be mo The new disk can be mounted manually, without restarting the system: -[source,bash] +[source,shell] .... # mount /newdisk .... @@ -206,7 +206,7 @@ Since the burner is seen as a SCSI drive, the driver man:atapicam[4] should not To test the USB configuration, plug in the USB device. In the system message buffer, man:dmesg[8], the drive should appear as something like: -[source,bash] +[source,shell] .... umass0: USB Solid state disk, rev 1.10/1.00, addr 2 GEOM: create disk da0 dp=0xc2d74850 @@ -220,7 +220,7 @@ The brand, device node ([.filename]#da0#), and other details will differ accordi Since the USB device is seen as a SCSI one, `camcontrol` can be used to list the USB storage devices attached to the system: -[source,bash] +[source,shell] .... # camcontrol devlist <Generic Traveling Disk 1.11> at scbus0 target 0 lun 0 (da0,pass0) @@ -272,7 +272,7 @@ Since this only takes effect after the next reboot use man:sysctl[8] to set this The final step is to create a directory where the file system is to be mounted. This directory needs to be owned by the user that is to mount the file system. One way to do that is for `root` to create a subdirectory owned by that user as [.filename]#/mnt/username#. In the following example, replace _username_ with the login name of the user and _usergroup_ with the user's primary group: -[source,bash] +[source,shell] .... # mkdir /mnt/username # chown username:usergroup /mnt/username @@ -280,14 +280,14 @@ The final step is to create a directory where the file system is to be mounted. Suppose a USB thumbdrive is plugged in, and a device [.filename]#/dev/da0s1# appears. If the device is preformatted with a FAT file system, it can be mounted using: -[source,bash] +[source,shell] .... % mount -t msdosfs -o -m=644,-M=755 /dev/da0s1 /mnt/username .... Before the device can be unplugged, it _must_ be unmounted first. After device removal, the system message buffer will show messages similar to the following: -[source,bash] +[source,shell] .... umass0: at uhub0 port 1 (addr 2) disconnected (da0:umass-sim0:0:0:0): lost device @@ -322,7 +322,7 @@ For CD burning software with a graphical user interface, consider X-CD-Roast or The package:sysutils/cdrtools[] port also installs man:mkisofs[8], which produces an ISO 9660 file system that is an image of a directory tree in the UNIX(R) file system name space. The simplest usage is: -[source,bash] +[source,shell] .... # mkisofs -o imagefile.iso /path/to/tree .... @@ -335,14 +335,14 @@ For CDs that are going to be used only on FreeBSD systems, `-U` can be used to d The last option of general use is `-b`. This is used to specify the location of the boot image for use in producing an "El Torito" bootable CD. This option takes an argument which is the path to a boot image from the top of the tree being written to the CD. By default, man:mkisofs[8] creates an ISO image in "floppy disk emulation" mode, and thus expects the boot image to be exactly 1200, 1440 or 2880 KB in size. Some boot loaders, like the one used by the FreeBSD distribution disks, do not use emulation mode. In this case, `-no-emul-boot` should be used. So, if [.filename]#/tmp/myboot# holds a bootable FreeBSD system with the boot image in [.filename]#/tmp/myboot/boot/cdboot#, this command would produce the image of an ISO 9660 file system as [.filename]#/tmp/bootable.iso#: -[source,bash] +[source,shell] .... # mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot .... If [.filename]#md# is configured in the kernel, the file system can be mounted as a memory disk with: -[source,bash] +[source,shell] .... # mdconfig -a -t vnode -f /tmp/bootable.iso -u 0 # mount -t cd9660 /dev/md0 /mnt @@ -357,7 +357,7 @@ There are many other options available for man:mkisofs[8] to fine-tune its behav For an ATAPI CD burner, `burncd` can be used to burn an ISO image onto a CD. `burncd` is part of the base system, installed as [.filename]#/usr/sbin/burncd#. Usage is very simple, as it has few options: -[source,bash] +[source,shell] .... # burncd -f cddevice data imagefile.iso fixate .... @@ -371,14 +371,14 @@ For systems without an ATAPI CD burner, `cdrecord` can be used to burn CDs. `cdr While `cdrecord` has many options, basic usage is simple. Burning an ISO 9660 image is done with: -[source,bash] +[source,shell] .... # cdrecord dev=device imagefile.iso .... The tricky part of using `cdrecord` is finding the `dev` to use. To find the proper setting, use `-scanbus` which might produce results like this: -[source,bash] +[source,shell] .... # cdrecord -scanbus Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 J"org Schilling @@ -415,7 +415,7 @@ To duplicate an audio CD, extract the audio data from the CD to a series of file . Use `cdda2wav` to extract the audio: + -[source,bash] +[source,shell] .... % cdda2wav -vall -D2,0 -B -Owav .... @@ -423,7 +423,7 @@ To duplicate an audio CD, extract the audio data from the CD to a series of file . Use `cdrecord` to write the [.filename]#.wav# files: + -[source,bash] +[source,shell] .... % cdrecord -v dev=2,0 -dao -useinfo *.wav .... @@ -443,14 +443,14 @@ With the help of the <<atapicam,ATAPI/CAM module>>, `cdda2wav` can also be used + Make sure the appropriate files exist in [.filename]#/dev#. If the entries are missing, force the system to retaste the media: + -[source,bash] +[source,shell] .... # dd if=/dev/acd0 of=/dev/null count=1 .... . Extract each track using man:dd[1], making sure to specify a block size when extracting the files: + -[source,bash] +[source,shell] .... # dd if=/dev/acd0t01 of=track1.cdr bs=2352 # dd if=/dev/acd0t02 of=track2.cdr bs=2352 @@ -459,7 +459,7 @@ Make sure the appropriate files exist in [.filename]#/dev#. If the entries are m . Burn the extracted files to disk using `burncd`. Specify that these are audio files, and that `burncd` should fixate the disk when finished: + -[source,bash] +[source,shell] .... # burncd -f /dev/acd0 audio track1.cdr track2.cdr ... fixate .... @@ -470,7 +470,7 @@ Make sure the appropriate files exist in [.filename]#/dev#. If the entries are m It is possible to copy a data CD to an image file that is functionally equivalent to the image file created with man:mkisofs[8], and then use it to duplicate any data CD. The example given here assumes that the CD-ROM device is [.filename]#acd0#. Substitute the correct CD-ROM device. -[source,bash] +[source,shell] .... # dd if=/dev/acd0 of=file.iso bs=2048 .... @@ -482,21 +482,21 @@ Now that there is an image, it can be burned to CD as described above. It is possible to mount and read the data on a standard data CD. By default, man:mount[8] assumes that a file system is of type `ufs`. Running this command: -[source,bash] +[source,shell] .... # mount /dev/cd0 /mnt .... will generate an error about `Incorrect super block`, and will fail to mount the CD. The CD does not use the `UFS` file system, so attempts to mount it as such will fail. Instead, tell man:mount[8] that the file system is of type `ISO9660` by specifying `-t cd9660` to man:mount[8]. For example, to mount the CD-ROM device, [.filename]#/dev/cd0#, under [.filename]#/mnt#, use: -[source,bash] +[source,shell] .... # mount -t cd9660 /dev/cd0 /mnt .... Replace [.filename]#/dev/cd0# with the device name for the CD device. Also, `-t cd9660` executes man:mount_cd9660[8], meaning the above command is equivalent to: -[source,bash] +[source,shell] .... # mount_cd9660 /dev/cd0 /mnt .... @@ -531,14 +531,14 @@ This tells the SCSI bus to pause 15 seconds during boot, to give the CD-ROM driv It is possible to burn a file directly to CD, without creating an ISO 9660 file system. Some people do this for backup purposes. This command runs more quickly than burning a standard CD: -[source,bash] +[source,shell] .... # burncd -f /dev/acd1 -s 12 data archive.tar.gz fixate .... In order to retrieve the data burned to such a CD, the data must be read from the raw device node: -[source,bash] +[source,shell] .... # tar xzvf /dev/acd1 .... @@ -583,7 +583,7 @@ Then rebuild, install the new kernel, and reboot the machine. During the boot process, the burner should show up, like so: -[source,bash] +[source,shell] .... acd0: CD-RW <MATSHITA CD-RW/DVD-ROM UJDA740> at ata1-master PIO4 cd0 at ata1 bus 0 target 0 lun 0 @@ -594,14 +594,14 @@ cd0: Attempt to query device size failed: NOT READY, Medium not present - tray c The drive can now be accessed via the [.filename]#/dev/cd0# device name. For example, to mount a CD-ROM on [.filename]#/mnt#, type the following: -[source,bash] +[source,shell] .... # mount -t cd9660 /dev/cd0 /mnt .... As `root`, run the following command to get the SCSI address of the burner: -[source,bash] +[source,shell] .... # camcontrol devlist <MATSHITA CDRW/DVD UJDA740 1.00> at scbus1 target 0 lun 0 (pass0,cd0) @@ -659,7 +659,7 @@ Since man:growisofs[1] is a front-end to <<mkisofs,mkisofs>>, it will invoke man To burn to a DVD+R or a DVD-R the data in [.filename]#/path/to/data#, use the following command: -[source,bash] +[source,shell] .... # growisofs -dvd-compat -Z /dev/cd0 -J -R /path/to/data .... @@ -670,7 +670,7 @@ For the initial session recording, `-Z` is used for both single and multiple ses To burn a pre-mastered image, such as _imagefile.iso_, use: -[source,bash] +[source,shell] .... # growisofs -dvd-compat -Z /dev/cd0=imagefile.iso .... @@ -683,14 +683,14 @@ In order to support working files larger than 4.38GB, an UDF/ISO-9660 hybrid fil To create this type of ISO file: -[source,bash] +[source,shell] .... % mkisofs -R -J -udf -iso-level 3 -o imagefile.iso /path/to/data .... To burn files directly to a disk: -[source,bash] +[source,shell] .... # growisofs -dvd-compat -udf -iso-level 3 -Z /dev/cd0 -J -R /path/to/data .... @@ -706,7 +706,7 @@ A DVD-Video is a specific file layout based on the ISO 9660 and micro-UDF (M-UDF If an image of the DVD-Video file system already exists, it can be burned in the same way as any other image. If `dvdauthor` was used to make the DVD and the result is in [.filename]#/path/to/video#, the following command should be used to burn the DVD-Video: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0 -dvd-video /path/to/video .... @@ -717,7 +717,7 @@ If an image of the DVD-Video file system already exists, it can be burned in the Unlike CD-RW, a virgin DVD+RW needs to be formatted before first use. It is _recommended_ to let man:growisofs[1] take care of this automatically whenever appropriate. However, it is possible to use `dvd+rw-format` to format the DVD+RW: -[source,bash] +[source,shell] .... # dvd+rw-format /dev/cd0 .... @@ -726,7 +726,7 @@ Only perform this operation once and keep in mind that only virgin DVD+RW medias To burn a totally new file system and not just append some data onto a DVD+RW, the media does not need to be blanked first. Instead, write over the previous recording like this: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0 -J -R /path/to/newdata .... @@ -735,7 +735,7 @@ The DVD+RW format supports appending data to a previous recording. This operatio For example, to append data to a DVD+RW, use the following: -[source,bash] +[source,shell] .... # growisofs -M /dev/cd0 -J -R /path/to/nextdata .... @@ -749,7 +749,7 @@ Use `-dvd-compat` for better media compatibility with DVD-ROM drives. When using To blank the media, use: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0=/dev/zero .... @@ -762,7 +762,7 @@ A virgin DVD-RW can be directly written without being formatted. However, a non- To blank a DVD-RW in sequential mode: -[source,bash] +[source,shell] .... # dvd+rw-format -blank=full /dev/cd0 .... @@ -771,7 +771,7 @@ To blank a DVD-RW in sequential mode: ==== A full blanking using `-blank=full` will take about one hour on a 1x media. A fast blanking can be performed using `-blank`, if the DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn the DVD-RW in DAO mode, use the command: -[source,bash] +[source,shell] .... # growisofs -use-the-force-luke=dao -Z /dev/cd0=imagefile.iso .... @@ -783,7 +783,7 @@ One should instead use restricted overwrite mode with any DVD-RW as this format To write data on a sequential DVD-RW, use the same instructions as for the other DVD formats: -[source,bash] +[source,shell] .... # growisofs -Z /dev/cd0 -J -R /path/to/data .... @@ -794,14 +794,14 @@ A DVD-RW in restricted overwrite format does not need to be blanked before a new To put a DVD-RW in restricted overwrite format, the following command must be used: -[source,bash] +[source,shell] .... # dvd+rw-format /dev/cd0 .... To change back to sequential format, use: -[source,bash] +[source,shell] .... # dvd+rw-format -blank=full /dev/cd0 .... @@ -812,7 +812,7 @@ Few DVD-ROM drives support multi-session DVDs and most of the time only read the Using the following command after an initial non-closed session on a DVD+R, DVD-R, or DVD-RW in sequential format, will add a new session to the disc: -[source,bash] +[source,shell] .... # growisofs -M /dev/cd0 -J -R /path/to/nextdata .... @@ -851,7 +851,7 @@ hw.ata.atapi_dma="1" A DVD-RAM can be seen as a removable hard drive. Like any other hard drive, the DVD-RAM must be formatted before it can be used. In this example, the whole disk space will be formatted with a standard UFS2 file system: -[source,bash] +[source,shell] .... # dd if=/dev/zero of=/dev/acd0 bs=2k count=1 # bsdlabel -Bw acd0 @@ -864,7 +864,7 @@ The DVD device, [.filename]#acd0#, must be changed according to the configuratio Once the DVD-RAM has been formatted, it can be mounted as a normal hard drive: -[source,bash] +[source,shell] .... # mount /dev/acd0 /mnt .... @@ -896,7 +896,7 @@ Make note of any error messages, as these can help determine if the disk is good To format the floppy, insert a new 3.5inch floppy disk into the first floppy drive and issue: -[source,bash] +[source,shell] .... # /usr/sbin/fdformat -f 1440 /dev/fd0 .... @@ -909,7 +909,7 @@ The new disk label will take over the whole disk and will contain all the proper To write the disk label, use man:bsdlabel[8]: -[source,bash] +[source,shell] .... # /sbin/bsdlabel -B -w /dev/fd0 fd1440 .... @@ -922,7 +922,7 @@ The floppy's file system can be either UFS or FAT. FAT is generally a better cho To put a new file system on the floppy, issue: -[source,bash] +[source,shell] .... # /sbin/newfs_msdos /dev/fd0 .... @@ -949,7 +949,7 @@ man:mt[1] is the FreeBSD utility for controlling other operations of the tape dr For example, the first three files on a tape can be preserved by skipping past them before writing a new file: -[source,bash] +[source,shell] .... # mt -f /dev/nsa0 fsf 3 .... @@ -958,14 +958,14 @@ For example, the first three files on a tape can be preserved by skipping past t An example of writing a single file to tape using man:tar[1]: -[source,bash] +[source,shell] .... # tar cvf /dev/sa0 file .... Recovering files from a man:tar[1] archive on tape into the current directory: -[source,bash] +[source,shell] .... # tar xvf /dev/sa0 .... @@ -974,14 +974,14 @@ Recovering files from a man:tar[1] archive on tape into the current directory: A simple backup of [.filename]#/usr# with man:dump[8]: -[source,bash] +[source,shell] .... # dump -0aL -b64 -f /dev/nsa0 /usr .... Interactively restoring files from a man:dump[8] file on tape into the current directory: -[source,bash] +[source,shell] .... # restore -i -f /dev/nsa0 .... @@ -1030,7 +1030,7 @@ If `dump` is used on the root directory, it will not back up [.filename]#/home#, It is also possible to backup data across the network to a tape drive attached to another computer with `rdump` and `rrestore`. Both programs rely upon man:rcmd[3] and man:ruserok[3] to access the remote tape drive. Therefore, the user performing the backup must be listed in [.filename]#.rhosts# on the remote computer. The arguments to `rdump` and `rrestore` must be suitable to use on the remote computer. For example, to `rdump` from a FreeBSD computer to an Exabyte tape drive connected to a host called `komodo`, use: -[source,bash] +[source,shell] .... # /sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&1 .... @@ -1043,7 +1043,7 @@ It is also possible to use `dump` and `restore` in a more secure fashion over `s [example] ==== -[source,bash] +[source,shell] .... # /sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \ targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz @@ -1057,7 +1057,7 @@ Or, use the built-in `RSH`: [example] ==== -[source,bash] +[source,shell] .... # env RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr .... @@ -1070,7 +1070,7 @@ man:tar[1] also dates back to Version 6 of AT&T UNIX(R), circa 1975. `tar` opera To `tar` to an Exabyte tape drive connected to a host called `komodo`: -[source,bash] +[source,shell] .... # tar cf - . | rsh komodo dd of=tape-device obs=20b .... @@ -1083,7 +1083,7 @@ man:cpio[1] is the original UNIX(R) file interchange tape program for magnetic m Since `cpio` does not support backups across the network, use a pipeline and `ssh` to send the data to a remote tape drive. -[source,bash] +[source,shell] .... # for f in directory_list; do @@ -1185,7 +1185,7 @@ To mount an existing file system image: [example] ==== -[source,bash] +[source,shell] .... # mdconfig -a -t vnode -f diskimage -u 0 # mount /dev/md0 /mnt @@ -1199,7 +1199,7 @@ To create a new file system image with man:mdconfig[8]: [example] ==== -[source,bash] +[source,shell] .... # dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in @@ -1227,7 +1227,7 @@ While man:mdconfig[8] is useful, it takes several command lines to create a file [example] ==== -[source,bash] +[source,shell] .... # dd if=/dev/zero of=newimage bs=1k count=5k 5120+0 records in @@ -1251,7 +1251,7 @@ For a memory-based file system, "swap backing" should normally be used. This doe [example] ==== -[source,bash] +[source,shell] .... # mdconfig -a -t swap -s 5m -u 1 # newfs -U md1 @@ -1272,7 +1272,7 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on [example] ==== -[source,bash] +[source,shell] .... # mdmfs -s 5m md2 /mnt # df /mnt @@ -1288,7 +1288,7 @@ When a memory-based or file-based file system is no longer in use, its resources For example, to detach and free all resources used by [.filename]#/dev/md4#: -[source,bash] +[source,shell] .... # mdconfig -d -u 4 .... @@ -1306,21 +1306,21 @@ The un-alterable `snapshot` file flag is set by man:mksnap_ffs[8] after initial Snapshots are created using man:mount[8]. To place a snapshot of [.filename]#/var# in the file [.filename]#/var/snapshot/snap#, use the following command: -[source,bash] +[source,shell] .... # mount -u -o snapshot /var/snapshot/snap /var .... Alternatively, use man:mksnap_ffs[8] to create the snapshot: -[source,bash] +[source,shell] .... # mksnap_ffs /var /var/snapshot/snap .... One can find snapshot files on a file system, such as [.filename]#/var#, using man:find[1]: -[source,bash] +[source,shell] .... # find /var -flags snapshot .... @@ -1333,7 +1333,7 @@ Once a snapshot has been created, it has several uses: * The snapshot can be mounted as a frozen image of the file system. To man:mount[8] the snapshot [.filename]#/var/snapshot/snap# run: + -[source,bash] +[source,shell] .... # mdconfig -a -t vnode -f /var/snapshot/snap -u 4 # mount -r /dev/md4 /mnt @@ -1341,7 +1341,7 @@ Once a snapshot has been created, it has several uses: The frozen [.filename]#/var# is now available through [.filename]#/mnt#. Everything will initially be in the same state it was during the snapshot creation time. The only exception is that any earlier snapshots will appear as zero length files. To unmount the snapshot, use: -[source,bash] +[source,shell] .... # umount /mnt # mdconfig -d -u 4 @@ -1405,7 +1405,7 @@ In the normal course of operations, there should be no need to manually run man: Once the system has been configured to enable quotas, verify they really are enabled by running: -[source,bash] +[source,shell] .... # quota -v .... @@ -1422,7 +1422,7 @@ Soft limits can be exceeded for a limited amount of time, known as the grace per The following is an example output from man:edquota[8]. When man:edquota[8] is invoked, the editor specified by `EDITOR` is opened in order to edit the quota limits. The default editor is set to vi. -[source,bash] +[source,shell] .... # edquota -u test .... @@ -1454,7 +1454,7 @@ The new quota limits take affect upon exiting the editor. Sometimes it is desirable to set quota limits on a range of UIDs. This can be done by passing `-p` to man:edquota[8]. First, assign the desired quota limit to a user, then run `edquota -p protouser startuid-enduid`. For example, if `test` has the desired quota limits, the following command will duplicate those quota limits for UIDs 10,000 through 19,999: -[source,bash] +[source,shell] .... # edquota -p test 10000-19999 .... @@ -1492,7 +1492,7 @@ rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad Now restart `inetd`: -[source,bash] +[source,shell] .... # service inetd restart .... @@ -1509,7 +1509,7 @@ Regardless of how an attacker may have come into possession of a hard drive or p [.procedure] . Configuring gbde requires superuser privileges. + -[source,bash] +[source,shell] .... % su - Password: @@ -1521,7 +1521,7 @@ Password: + If the kernel already contains this support, use `kldload` to load man:gbde[4]: + -[source,bash] +[source,shell] .... # kldload geom_bde .... @@ -1535,7 +1535,7 @@ The following example demonstrates adding a new hard drive to a system that will + Install the new drive to the system as explained in <<disks-adding>>. For the purposes of this example, a new hard drive partition has been added as [.filename]#/dev/ad4s1c# and [.filename]#/dev/ad0s1*# represents the existing standard FreeBSD partitions. + -[source,bash] +[source,shell] .... # ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 @@ -1545,7 +1545,7 @@ Install the new drive to the system as explained in <<disks-adding>>. For the pu . Create a Directory to Hold `gbde` Lock Files + -[source,bash] +[source,shell] .... # mkdir /etc/gbde .... @@ -1555,7 +1555,7 @@ The gbde lock file contains information that gbde requires to access encrypted p + A gbde partition must be initialized before it can be used. This initialization needs to be performed only once: + -[source,bash] +[source,shell] .... # gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock .... @@ -1587,14 +1587,14 @@ gbde lock files _must_ be backed up together with the contents of any encrypted . Attach the Encrypted Partition to the Kernel + -[source,bash] +[source,shell] .... # gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock .... + This command will prompt to input the passphrase that was selected during the initialization of the encrypted partition. The new encrypted device will appear in [.filename]#/dev# as [.filename]#/dev/device_name.bde#: + -[source,bash] +[source,shell] .... # ls /dev/ad* /dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1 @@ -1606,7 +1606,7 @@ This command will prompt to input the passphrase that was selected during the in + Once the encrypted device has been attached to the kernel, a file system can be created on the device using man:newfs[8]. This example creates a UFS2 file system with soft updates enabled. + -[source,bash] +[source,shell] .... # newfs -U /dev/ad4s1c.bde .... @@ -1620,14 +1620,14 @@ man:newfs[8] must be performed on an attached gbde partition which is identified + Create a mount point for the encrypted file system: + -[source,bash] +[source,shell] .... # mkdir /private .... + Mount the encrypted file system: + -[source,bash] +[source,shell] .... # mount /dev/ad4s1c.bde /private .... @@ -1636,7 +1636,7 @@ Mount the encrypted file system: + The encrypted file system should now be visible to man:df[1] and be available for use. + -[source,bash] +[source,shell] .... % df -H Filesystem Size Used Avail Capacity Mounted on @@ -1655,7 +1655,7 @@ After each boot, any encrypted file systems must be re-attached to the kernel, c [.procedure] . Attach the `gbde` Partition to the Kernel + -[source,bash] +[source,shell] .... # gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock .... @@ -1665,14 +1665,14 @@ This command will prompt for the passphrase that was selected during initializat + Since encrypted file systems cannot yet be listed in [.filename]#/etc/fstab# for automatic mounting, the file systems must be checked for errors by running man:fsck[8] manually before mounting: + -[source,bash] +[source,shell] .... # fsck -p -t ffs /dev/ad4s1c.bde .... . Mount the Encrypted File System + -[source,bash] +[source,shell] .... # mount /dev/ad4s1c.bde /private .... @@ -1702,7 +1702,7 @@ man:gbde[8] encrypts the sector payload using 128-bit AES in CBC mode. Each sect man:sysinstall[8] is incompatible with gbde-encrypted devices. All [.filename]#*.bde# devices must be detached from the kernel before starting man:sysinstall[8] or it will crash during its initial probing for devices. To detach the encrypted device used in the example, use the following command: -[source,bash] +[source,shell] .... # gbde detach /dev/ad4s1c .... @@ -1754,7 +1754,7 @@ It is recommended to use a bigger sector size, such as 4kB, for better performan + The master key will be protected with a passphrase and the data source for the key file will be [.filename]#/dev/random#. The sector size of the provider [.filename]#/dev/da2.eli# will be 4kB. + -[source,bash] +[source,shell] .... # dd if=/dev/random of=/root/da2.key bs=64 count=1 # geli init -s 4096 -K /root/da2.key /dev/da2 @@ -1766,14 +1766,14 @@ It is not mandatory to use both a passphrase and a key file as either method of + If the key file is given as "-", standard input will be used. This example shows how more than one key file can be used: + -[source,bash] +[source,shell] .... # cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2 .... . Attaching the Provider with the Generated Key + -[source,bash] +[source,shell] .... # geli attach -k /root/da2.key /dev/da2 Enter passphrase: @@ -1781,7 +1781,7 @@ Enter passphrase: + The new plaintext device will be named [.filename]#/dev/da2.eli#. + -[source,bash] +[source,shell] .... # ls /dev/da2* /dev/da2 /dev/da2.eli @@ -1789,7 +1789,7 @@ The new plaintext device will be named [.filename]#/dev/da2.eli#. . Creating the New File System + -[source,bash] +[source,shell] .... # dd if=/dev/random of=/dev/da2.eli bs=1m # newfs /dev/da2.eli @@ -1798,7 +1798,7 @@ The new plaintext device will be named [.filename]#/dev/da2.eli#. + The encrypted file system should now be visible to man:df[1] and be available for use: + -[source,bash] +[source,shell] .... # df -H Filesystem Size Used Avail Capacity Mounted on @@ -1814,7 +1814,7 @@ Filesystem Size Used Avail Capacity Mounted on + Once the work on the encrypted partition is done, and the [.filename]#/private# partition is no longer needed, it is prudent to consider unmounting and detaching the `geli` encrypted partition from the kernel: + -[source,bash] +[source,shell] .... # umount /private # geli detach da2.eli @@ -1850,7 +1850,7 @@ For the remainder of this section, [.filename]#ad0s1b# will be the swap partitio Swap partitions are not encrypted by default and should be cleared of any sensitive data before continuing. To overwrite the current swap parition with random garbage, execute the following command: -[source,bash] +[source,shell] .... # dd if=/dev/random of=/dev/ad0s1b bs=1m .... @@ -1890,7 +1890,7 @@ Once the system has rebooted, proper operation of the encrypted swap can be veri If man:gbde[8] is being used: -[source,bash] +[source,shell] .... % swapinfo Device 1K-blocks Used Avail Capacity @@ -1899,7 +1899,7 @@ Device 1K-blocks Used Avail Capacity If man:geli[8] is being used: -[source,bash] +[source,shell] .... % swapinfo Device 1K-blocks Used Avail Capacity @@ -2010,7 +2010,7 @@ It is also possible to use host names in the `remote` statements. In such a case Now that the configuration exists on both nodes, the HAST pool can be created. Run these commands on both nodes to place the initial metadata onto the local disk and to start man:hastd[8]: -[source,bash] +[source,shell] .... # hastctl create test # service hastd onestart @@ -2023,14 +2023,14 @@ It is _not_ possible to use GEOM providers with an existing file system or to co A HAST node's `primary` or `secondary` role is selected by an administrator, or software like Heartbeat, using man:hastctl[8]. On the primary node, `hasta`, issue this command: -[source,bash] +[source,shell] .... # hastctl role primary test .... Similarly, run this command on the secondary node, `hastb`: -[source,bash] +[source,shell] .... # hastctl role secondary test .... @@ -2043,7 +2043,7 @@ When the nodes are unable to communicate with each other, and both are configure Verify the result by running man:hastctl[8] on each node: -[source,bash] +[source,shell] .... # hastctl status test .... @@ -2052,7 +2052,7 @@ The important text is the `status` line, which should say `complete` on each of The next step is to create a filesystem on the [.filename]#/dev/hast/test# GEOM provider and mount it. This must be done on the `primary` node, as [.filename]#/dev/hast/test# appears only on the `primary` node. Creating the filesystem can take a few minutes, depending on the size of the hard drive: -[source,bash] +[source,shell] .... # newfs -U /dev/hast/test # mkdir /hast/test @@ -2097,7 +2097,7 @@ notify 30 { Restart man:devd[8] on both nodes to put the new configuration into effect: -[source,bash] +[source,shell] .... # service devd restart .... @@ -2232,7 +2232,7 @@ When troubleshooting HAST problems, the debugging level of man:hastd[8] should b The administrator must decide which node has more important changes (or merge them manually) and let HAST perform full synchronization of the node which has the broken data. To do this, issue these commands on the node which needs to be resynchronized: -[source,bash] +[source,shell] .... # hastctl role init <resource> # hastctl create <resource> |