jacobpascual/openzfs-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Arch Linux: Multiple fixes

Browse Source 
Signed-off-by: Maurice Zhou <ja@apvc.uk>
This commit is contained in:
Maurice Zhou
2021-02-22 12:24:44 +08:00
committed by Richard Laager
parent 904e7253a2
commit 13271f2467
5 changed files with 468 additions and 196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

276
docs/Getting Started/Arch Linux/Artix Linux Root on ZFS.rst
View File

@@ -38,7 +38,7 @@ related to this HOWTO, please `file a new issue and mention @ne9z
Contributing
~~~~~~~~~~~~
#. Fork and clone: https://github.com/openzfs/openzfs-docs
#. Fork and clone `this repo <https://github.com/openzfs/openzfs-docs>`__.
#. Install the tools::
@@ -88,14 +88,30 @@ Change the service commands to the equivalent commands.
#. Choose a mirror:
https://artixlinux.org/download.php
`Mirrorlist <https://artixlinux.org/download.php>`__
#. Download January 2021 build. `File a new issue and mention @ne9z
#. Download January 2021 build and signature. `File a new issue and mention @ne9z
<https://github.com/openzfs/openzfs-docs/issues/new?body=@ne9z,%20Update%20Live%20Image%20Artix%20Linux%20Root%20on
%20ZFS%20HOWTO:>`__ if it's
no longer available.
https://eu-mirror.artixlinux.org/iso/artix-base-openrc-20210101-x86_64.iso
- `ISO (US mirror) <https://iso.artixlinux.org/iso/artix-base-openrc-20210101-x86_64.iso>`__
- `Signature <https://iso.artixlinux.org/iso/artix-base-openrc-20210101-x86_64.iso.sig>`__
#. Check live image against signature::
gpg --auto-key-retrieve --verify artix-base-openrc-20210101-x86_64.iso.sig
If the file is authentic, output should be the following::
gpg: Signature made Sun 03 Jan 2021 09:30:42 PM UTC
gpg: using RSA key A574A1915CEDE31A3BFF5A68606520ACB886B428
gpg: Good signature from "Christos Nouskas <nous@artixlinux.org>" [unknown]
...
Primary key fingerprint: A574 A191 5CED E31A 3BFF 5A68 6065 20AC B886 B428
Ensure ``Good signature`` and last 8 digits are ``B886 B428``,
as listed on `Artix Linux Download <https://artixlinux.org/download.php>`__ page.
#. Write the image to a USB drive or an optical disc.
@@ -145,9 +161,8 @@ Prepare the Live Environment
#. Import keys of archzfs repository::
curl -O https://archzfs.com/archzfs.gpg
pacman-key -a archzfs.gpg
pacman-key --lsign-key DDF7DB817396A49B2A2723F7403BD972F75D9D76
curl -L https://archzfs.com/archzfs.gpg | pacman-key -a -
curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {}
#. Add archzfs repository::
@@ -155,14 +170,9 @@ Prepare the Live Environment
[archzfs]
Include = /etc/pacman.d/mirrorlist-archzfs
EOF
tee -a /etc/pacman.d/mirrorlist-archzfs <<- 'EOF'
Server = https://archzfs.com/$repo/$arch
Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch
Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch
Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch
EOF
curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs
#. Select mirror:
@@ -366,7 +376,7 @@ Create Root and Boot Pools
- Unencrypted::
zpool create \
zpool create \
-o ashift=12 \
-O acltype=posixacl \
-O canmount=off \
@@ -393,7 +403,7 @@ Create Root and Boot Pools
-O xattr=sa \
-O mountpoint=/ \
-R $INST_MNT \
-O encryption=aes-256-gcm \
-O encryption=on \
-O keylocation=prompt \
-O keyformat=passphrase \
rpool_$INST_UUID \
@@ -499,10 +509,6 @@ Create Datasets
#. Optional user data datasets:
If you use /opt on this system::
zfs create -o canmount=on rpool_$INST_UUID/DATA/default/opt
If this system will have games installed::
zfs create -o canmount=on rpool_$INST_UUID/DATA/default/var/games
@@ -567,10 +573,13 @@ Package Installation
Visit OpenZFS release page::
curl https://github.com/openzfs/zfs/releases/zfs-${DKMS_VER} \
curl -L https://github.com/openzfs/zfs/raw/zfs-${DKMS_VER}/META \
| grep Linux
# Linux: compatible with 3.10 - 5.10 kernels
echo $INST_LINVER
# Linux-Maximum: 5.10
# Linux-Minimum: 3.10
# compare with the output of the following command
echo ${INST_LINVER%%-*}
# 5.10.17 # supported
If the kernel is supported:
@@ -585,7 +594,7 @@ Package Installation
DKMS_DATE=$(pacman -Syi zfs-dkms \
| grep 'Build Date' \
| sed 's/.*: //' \
| LC_ALL=C xargs -i{} date -d {} +%Y/%m/%d)
| LC_ALL=C xargs -i{} date -d {} -u +%Y/%m/%d)
- Check kernel version::
@@ -668,21 +677,6 @@ System Configuration
ln -sf $INST_TZ $INST_MNT/etc/localtime
hwclock --systohc
#. archzfs repository::
tee -a $INST_MNT/etc/pacman.conf <<- 'EOF'
[archzfs]
Include = /etc/pacman.d/mirrorlist-archzfs
EOF
tee -a $INST_MNT/etc/pacman.d/mirrorlist-archzfs <<- 'EOF'
Server = https://archzfs.com/$repo/$arch
Server = https://mirror.sum7.eu/archlinux/archzfs/$repo/$arch
Server = https://mirror.biocrafting.net/archlinux/archzfs/$repo/$arch
Server = https://mirror.in.themindsmaze.com/archzfs/$repo/$arch
EOF
#. Locale::
echo "en_US.UTF-8 UTF-8" >> $INST_MNT/etc/locale.gen
@@ -714,10 +708,28 @@ System Configuration
rc-update add zfs-mount boot
Other ZFS services, such as ``zed``
can be ported from ``/usr/lib/systemd/system/zfs*``.
#. Apply locales::
locale-gen
#. Import keys of archzfs repository::
curl -L https://archzfs.com/archzfs.gpg | pacman-key -a -
curl -L https://git.io/JtQpl | xargs -i{} pacman-key --lsign-key {}
#. Add archzfs repository::
tee -a /etc/pacman.conf <<- 'EOF'
[archzfs]
Include = /etc/pacman.d/mirrorlist-archzfs
EOF
curl -L https://git.io/JtQp4 > /etc/pacman.d/mirrorlist-archzfs
#. Enable networking::
rc-update add connmand default
@@ -725,7 +737,7 @@ System Configuration
#. Generate zpool.cache
Pools are imported by initramfs with the information stored in ``/etc/zfs/zpool.cache``.
This cache file will be embedded in ``initramfs``.
This cache file will be embedded in initramfs.
::
@@ -747,29 +759,34 @@ Currently GRUB has multiple compatibility problems with ZFS,
especially with regards to newer ZFS features.
Workarounds have to be applied.
grub-probe fails to get canonical path of root partition
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
grub-probe fails to get canonical path
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When persistent device names ``/dev/disk/by-id/*`` are used
with ZFS, GRUB will fail to resolve the path of the boot pool
device. Error::
# /usr/bin/grub-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'.
Solution::
echo 'export ZPOOL_VDEV_NAME_PATH=YES' >> /etc/profile
source /etc/profile
**Notes:**
When persistent device names ``/dev/disk/by-id/*`` are used
with ZFS, GRUB will fail to resolve the path of the boot pool
device. Error::
# /usr/bin/grub-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'.
Pool name missing if the pool has unsupported features
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pool name missing
~~~~~~~~~~~~~~~~~
See `this bug report <https://savannah.gnu.org/bugs/?59614>`__.
Root pool name is missing from ``root=ZFS=rpool/ROOT/default``
in generated ``grub.cfg`` file.
A workaround is to replace the pool name detection with ``zdb``
command::
sed -i "s|rpool=.*|rpool=\`zdb -l \${GRUB_DEVICE} \| grep -E '[[:blank:]]name' \| cut -d\\\' -f 2\`|" /etc/grub.d/10_linux
If you forgot to apply this workaround and
followed this guide to use ``rpool_$INST_UUID`` and ``bpool_$INST_UUID``,
``$INST_UUID`` can be found out with `Load grub.cfg in GRUB command line`_.
GRUB Installation
~~~~~~~~~~~~~~~~~
@@ -792,7 +809,11 @@ GRUB Installation
grub-install $DISK
If this is a multi-disk setup,
install to other disks as well.
install to other disks as well::
for i in {target_disk2,target_disk3}; do
grub-install /dev/disk/by-id/$i
done
Generate GRUB Boot Menu
~~~~~~~~~~~~~~~~~~~~~~~
@@ -829,43 +850,126 @@ After Reboot
Mirror EFI System Partition
~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Format redundant EFI partitions::
#. Check disk name::
mkfs.vfat -n EFI2 /dev/disk/by-id/target_disk2-part1
mkfs.vfat -n EFI3 /dev/disk/by-id/target_disk3-part1
ls -1 /dev/disk/by-id/ | grep -v '\-part[0-9]'
#. Create mountpoints::
#. Mirror EFI ssystem partition::
mkdir -p /boot/efis/{2,3}
for i in {target_disk2,target_disk3}; do
mkfs.vfat /dev/disk/by-id/$i-part1
mkdir -p /boot/efis/$i
echo UUID=$(blkid -s UUID -o value /dev/disk/by-id/$i-part1) /boot/efis/$i vfat \
umask=0022,fmask=0022,dmask=0022 0 1 >> /etc/fstab
mount /boot/efis/$i
cp -r /boot/efi/EFI/ /boot/efis/$i
efibootmgr -cgp 1 -l "\EFI\artix\grubx64.efi" \
-L "artix-$i" -d /dev/disk/by-id/$i-part1
done
#. Mount redundant EFI partitions::
#. Enable cron and set up cron job to sync EFI system partition contents::
mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk2-part1 /boot/efis/2
mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk3-part1 /boot/efis/3
rc-update add cronie default
crontab -u root -e
# @hourly /usr/bin/bash -c 'for i in /boot/efis/*; do /usr/bin/cp -r /boot/efi/EFI/ $i/; done'
#. Add fstab entries::
Alternatively, monitor ``/boot/efi/EFI/artix`` with ``inotifywait``.
pacman -S --needed artools-base rsync
#. If EFI system partition failed, promote one backup
to ``/boot/efi`` by editing ``/etc/fstab``.
fstabgen / | grep efis >> /etc/fstab
Mirror BIOS boot sector
~~~~~~~~~~~~~~~~~~~~~~~
#. Sync EFI system partition contents::
This need to be manually applied when GRUB is updated.
for i in /boot/efis/*; do
/usr/bin/rsync -a /boot/efi/ $i/
done
#. Check disk name::
#. Add EFI boot entries::
ls -1 /dev/disk/by-id/ | grep -v '\-part[0-9]'
efibootmgr -cgd /dev/disk/by-id/target_disk2-part1 \
-p 1 -L "artix-2" -l "\EFI\arch\grubx64.efi"
efibootmgr -cgd /dev/disk/by-id/target_disk3-part1 \
-p 1 -L "artix-3" -l "\EFI\arch\grubx64.efi"
#. Install GRUB to every disk::
for i in {target_disk2,target_disk3}; do
grub-install /dev/disk/by-id/$i
done
Change encryption method
~~~~~~~~~~~~~~~~~~~~~~~~
By default the root pool is encrypted with a key file,
created at installation.
Password
^^^^^^^^
After installation, encryption by password can be enabled with::
zfs change-key -l -o keylocation=prompt -o keyformat=passphrase rpool_$INST_UUID
See ``man 8 zfs-change-key``.
If password is enabled, the system will require this password to boot.
Password can be entered locally with keyboard or remotely with SSH.
Supply password with SSH
^^^^^^^^^^^^^^^^^^^^^^^^
#. Install mkinitcpio tools::
pacman -S mkinitcpio-netconf mkinitcpio-dropbear
#. Store authorized keys in ``/etc/dropbear/root_key``::
vi /etc/dropbear/root_key
Note that dropbear only supports RSA keys.
#. Edit mkinitcpio::
tee /etc/mkinitcpio.conf <<- 'EOF'
HOOKS=(base udev autodetect modconf block keyboard netconf dropbear zfsencryptssh zfs filesystems)
EOF
#. Add ``ip=`` to kernel command line::
# example DHCP
echo 'GRUB_CMDLINE_LINUX="ip=::::::dhcp"' >> /etc/default/grub
Details for ``ip=`` can be found at
`here <https://www.kernel.org/doc/html/latest/admin-guide/nfs/nfsroot.html#kernel-command-line>`__.
#. If using OpenSSH as SSH server, convert host keys to PEM format::
for i in {rsa,dsa,ecdsa,ed25519}; do
ssh-keygen -p -m PEM -f /etc/ssh/ssh_host_${i}_key -qN ""
done
#. Regenerate initramfs::
mkinitcpio -P
#. Update GRUB menu::
grub-mkconfig -o /boot/grub/grub.cfg
Key file
^^^^^^^^
You can also set a new key file for root pool and
store the key file on an external drive::
zfs change-key -l -o keylocation=file:///path/to/keyfile -o keyformat=raw rpool_$INST_UUID
Boot Environment Manager
~~~~~~~~~~~~~~~~~~~~~~~~
Optional: install ``rozb3-pac`` pacman hook and ``bieaz`` from AUR to
create boot environments.
Optional: install
`rozb3-pac <https://gitlab.com/m_zhou/rozb3-pac/-/releases>`__
pacman hook and
`bieaz <https://gitlab.com/m_zhou/bieaz/-/releases>`__
from AUR to create boot environments.
Prebuilt packages are also available
in the links above.
Post installation
~~~~~~~~~~~~~~~~~
@@ -940,8 +1044,9 @@ Following are the steps to load the correct ``grub.cfg``,
Rescue in Live Environment
~~~~~~~~~~~~~~~~~~~~~~~~~~~
#. Repeat `Prepare the Live Environment
<#prepare-the-live-environment>`__.
#. `Download Artix Linux live image <#download-artix-linux-live-image>`__.
#. `Prepare the Live Environment <#prepare-the-live-environment>`__.
#. Check the ``INST_UUID`` with ``zpool import``.
@@ -949,17 +1054,28 @@ Rescue in Live Environment
INST_MNT=$(mktemp -d)
INST_UUID=abc123
RPOOL_PWD='rootpool'
#. If using other keyfile::
KEYFILE=/path/to/keyfile
#. Import and unlock root and boot pool::
zpool import -N -R $INST_MNT rpool_$INST_UUID
zpool import -N -R $INST_MNT bpool_$INST_UUID
echo $RPOOL_PWD | zfs load-key rpool_$INST_UUID
If using password::
zfs load-key rpool_$INST_UUID
If using keyfile::
zfs load-key -L file://$KEYFILE rpool_$INST_UUID
#. Find the current boot environment::
zfs list
BE=default
#. Mount boot and root filesystem::
@@ -967,7 +1083,7 @@ Rescue in Live Environment
#. chroot into the system::
artix-chroot $INST_MNT /bin/bash --login
arch-chroot $INST_MNT /bin/bash --login
mount /boot
mount /boot/efi
zfs mount -a