Updates and cleanup for Arch, RHEL, NixOS and Fedora

Signed-off-by: Maurice Zhou <ja@apvc.uk>
2022-07-22 17:14:14 +02:00
parent 5777295f0a
commit 2766cb7197
43 changed files with 937 additions and 4474 deletions
--- a/ZFS/1-preparation.rst
+++ b/ZFS/1-preparation.rst
@@ -0,0 +1,78 @@
+.. highlight:: sh
+
+Preparation
+======================
+
+.. contents:: Table of Contents
+   :local:
+
+#. Disable Secure Boot. ZFS modules can not be loaded if Secure Boot is enabled.
+#. Download a variant of `AlmaLinux Minimal Live ISO
+   <https://repo.almalinux.org/almalinux/9/live/x86_64/>`__ and boot from it.
+#. Connect to the Internet.
+#. Set root password or ``/root/.ssh/authorized_keys``.
+#. Start SSH server::
+
+    echo PermitRootLogin yes >> /etc/ssh/sshd_config
+    systemctl restart sshd
+
+#. Connect from another computer::
+
+    ssh root@192.168.1.19
+
+#. Target disk
+
+   List available disks with::
+
+    ls /dev/disk/by-id/*
+
+   If using virtio as disk bus, use ``/dev/disk/by-path/*``.
+
+   Declare disk array::
+
+    DISK='/dev/disk/by-id/ata-FOO /dev/disk/by-id/nvme-BAR'
+
+   For single disk installation, use::
+
+    DISK='/dev/disk/by-id/disk1'
+
+#. Set partition size:
+
+   Set swap size. It's `recommended <https://chrisdown.name/2018/01/02/in-defence-of-swap.html>`__
+   to setup a swap partition. If you intend to use hibernation,
+   the minimum should be no less than RAM size. Skip if swap is not needed::
+
+    INST_PARTSIZE_SWAP=8
+
+   Root pool size, use all remaining disk space if not set::
+
+    INST_PARTSIZE_RPOOL=
+
+#. Temporarily set SELinux to permissive in live environment::
+
+    setenforce 0
+
+   SELinux will be enabled on the installed system.
+
+#. Add ZFS repo::
+
+    dnf install -y https://zfsonlinux.org/epel/zfs-release-el-2-1.noarch.rpm
+
+#. Check available repos::
+
+     dnf repolist --all
+
+#. Install ZFS packages::
+
+    dnf config-manager --disable zfs
+    dnf config-manager --enable zfs-kmod
+    dnf install -y zfs
+    #  if gpg import fails, add --nogpgcheck
+
+#. Load kernel modules::
+
+    modprobe zfs
+
+#. Install partition tool::
+
+    dnf install -y gdisk dosfstools
--- a/ZFS/2-system-installation.rst
+++ b/ZFS/2-system-installation.rst
@@ -0,0 +1,146 @@
+.. highlight:: sh
+
+System Installation
+======================
+
+.. contents:: Table of Contents
+   :local:
+
+#. Partition the disks::
+
+     for i in ${DISK}; do
+
+     sgdisk --zap-all $i
+
+     sgdisk -n1:1M:+1G -t1:EF00 $i
+
+     sgdisk -n2:0:+4G -t2:BE00 $i
+
+     test -z $INST_PARTSIZE_SWAP || sgdisk -n4:0:+${INST_PARTSIZE_SWAP}G -t4:8200 $i
+
+     if test -z $INST_PARTSIZE_RPOOL; then
+         sgdisk -n3:0:0   -t3:BF00 $i
+     else
+         sgdisk -n3:0:+${INST_PARTSIZE_RPOOL}G -t3:BF00 $i
+     fi
+
+     sgdisk -a1 -n5:24K:+1000K -t5:EF02 $i
+     done
+
+#. Create boot pool::
+
+    zpool create \
+        -o compatibility=grub2 \
+        -o ashift=12 \
+        -o autotrim=on \
+        -O acltype=posixacl \
+        -O canmount=off \
+        -O compression=lz4 \
+        -O devices=off \
+        -O normalization=formD \
+        -O relatime=on \
+        -O xattr=sa \
+        -O mountpoint=/boot \
+        -R /mnt \
+        bpool \
+	mirror \
+        $(for i in ${DISK}; do
+           printf "$i-part2 ";
+          done)
+
+   If not using a multi-disk setup, remove ``mirror``.
+
+   You should not need to customize any of the options for the boot pool.
+
+   GRUB does not support all of the zpool features. See ``spa_feature_names``
+   in `grub-core/fs/zfs/zfs.c
+   <http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/fs/zfs/zfs.c#n276>`__.
+   This step creates a separate boot pool for ``/boot`` with the features
+   limited to only those that GRUB supports, allowing the root pool to use
+   any/all features.
+
+   Features enabled with ``-o compatibility=grub2`` can be seen
+   `here <https://github.com/openzfs/zfs/blob/master/cmd/zpool/compatibility.d/grub2>`__.
+
+#. Create root pool::
+
+       zpool create \
+           -o ashift=12 \
+           -o autotrim=on \
+           -R /mnt \
+           -O acltype=posixacl \
+           -O canmount=off \
+           -O compression=zstd \
+           -O dnodesize=auto \
+           -O normalization=formD \
+           -O relatime=on \
+           -O xattr=sa \
+           -O mountpoint=/ \
+           rpool \
+           mirror \
+          $(for i in ${DISK}; do
+             printf "$i-part3 ";
+            done)
+
+   If not using a multi-disk setup, remove ``mirror``.
+
+#. This section implements dataset layout as described in `overview <1-preparation.html>`__.
+
+   Create root system container:
+
+   - Unencrypted::
+
+      zfs create \
+       -o canmount=off \
+       -o mountpoint=none \
+       rpool/redhat
+
+   - Encrypted:
+
+     Pick a strong password. Once compromised, changing password will not keep your
+     data safe. See ``zfs-change-key(8)`` for more info::
+
+      zfs create \
+       -o canmount=off \
+       -o mountpoint=none \
+       -o encryption=on \
+       -o keylocation=prompt \
+       -o keyformat=passphrase \
+       rpool/redhat
+
+   Create system datasets::
+
+      zfs create -o canmount=on -o mountpoint=/     rpool/redhat/root
+      zfs create -o canmount=on -o mountpoint=/home rpool/redhat/home
+      zfs create -o canmount=off -o mountpoint=/var  rpool/redhat/var
+      zfs create -o canmount=on  rpool/redhat/var/lib
+      zfs create -o canmount=on  rpool/redhat/var/log
+
+   Create boot dataset::
+
+     zfs create -o canmount=on -o mountpoint=/boot bpool/redhat
+
+#. Format and mount ESP::
+
+    for i in ${DISK}; do
+     mkfs.vfat -n EFI ${i}-part1
+     mkdir -p /mnt/boot/efis/${i##*/}-part1
+     mount -t vfat ${i}-part1 /mnt/boot/efis/${i##*/}-part1
+    done
+
+    mkdir -p /mnt/boot/efi
+    mount -t vfat $(echo $DISK | cut -f1 -d\ )-part1 /mnt/boot/efi
+
+#. Install packages::
+
+    dnf --installroot=/mnt   --releasever=$(source /etc/os-release ; echo $VERSION_ID) -y install \
+    @core  grub2-efi-x64 grub2-pc-modules grub2-efi-x64-modules shim-x64 efibootmgr kernel
+
+    dnf --installroot=/mnt   --releasever=$(source /etc/os-release ; echo $VERSION_ID) -y install \
+    https://zfsonlinux.org/epel/zfs-release-el-2-1.noarch.rpm
+
+    dnf config-manager --installroot=/mnt --disable zfs
+    dnf config-manager --installroot=/mnt --enable zfs-kmod
+
+    dnf --installroot=/mnt   --releasever=$(source /etc/os-release ; echo $VERSION_ID) \
+    --nogpgcheck -y install zfs zfs-dracut
--- a/ZFS/3-system-configuration.rst
+++ b/ZFS/3-system-configuration.rst
@@ -0,0 +1,66 @@
+.. highlight:: sh
+
+System Configuration
+======================
+
+.. contents:: Table of Contents
+   :local:
+
+#. Generate fstab::
+
+    mkdir -p /mnt/etc/
+    for i in ${DISK}; do
+       echo UUID=$(blkid -s UUID -o value ${i}-part1) /boot/efis/${i##*/}-part1 vfat \
+       umask=0022,fmask=0022,dmask=0022 0 1 >> /mnt/etc/fstab
+    done
+    echo $(echo $DISK | cut -f1 -d\ )-part1 /boot/efi vfat \
+       noauto,umask=0022,fmask=0022,dmask=0022 0 1 >> /mnt/etc/fstab
+
+#. Configure dracut::
+
+    echo 'add_dracutmodules+=" zfs "' > /mnt/etc/dracut.conf.d/zfs.conf
+
+#. Force load mpt3sas module if used::
+
+     if grep mpt3sas /proc/modules; then
+       echo 'forced_drivers+=" mpt3sas "'  >> /mnt/etc/dracut.conf.d/zfs.conf
+     fi
+
+#. Set locale, keymap, timezone, hostname and root password::
+
+    rm -f /mnt/etc/localtime
+    systemd-firstboot --root=/mnt --prompt --root-password=PASSWORD --force
+
+#. Generate host id::
+
+    zgenhostid -f -o /mnt/etc/hostid
+
+#. Install locale package, example for English locale::
+
+    dnf --installroot=/mnt install -y glibc-minimal-langpack glibc-langpack-en
+
+#. Enable ZFS services::
+
+    systemctl enable zfs-import-scan.service zfs-mount zfs-import.target zfs-zed zfs.target --root=/mnt
+
+#. By default SSH server is enabled, allowing root login by password,
+   disable SSH server::
+
+    systemctl disable sshd --root=/mnt
+    systemctl enable firewalld --root=/mnt
+
+#. Chroot::
+
+    m='/dev /proc /sys'
+    for i in $m; do mount --rbind $i /mnt/$i; done
+
+    history -w /mnt/home/sys-install-pre-chroot.txt
+    chroot /mnt /usr/bin/env DISK=$DISK bash --login
+
+#. For SELinux, relabel filesystem on reboot::
+
+    fixfiles -F onboot
+
+#. Set root password::
+
+    passwd
--- a/ZFS/5-bootloader.rst
+++ b/ZFS/5-bootloader.rst
@@ -0,0 +1,129 @@
+.. highlight:: sh
+
+Bootloader
+======================
+
+.. contents:: Table of Contents
+   :local:
+
+Apply workarounds
+~~~~~~~~~~~~~~~~~~~~
+Currently GRUB has multiple compatibility problems with ZFS,
+especially with regards to newer ZFS features.
+Workarounds have to be applied.
+
+#. grub2-probe fails to get canonical path
+
+   When persistent device names ``/dev/disk/by-id/*`` are used
+   with ZFS, GRUB will fail to resolve the path of the boot pool
+   device. Error::
+
+     # /usr/bin/grub2-probe: error: failed to get canonical path of `/dev/virtio-pci-0000:06:00.0-part3'.
+
+   Solution::
+
+    echo 'export ZPOOL_VDEV_NAME_PATH=YES' >> /etc/profile.d/zpool_vdev_name_path.sh
+    source /etc/profile.d/zpool_vdev_name_path.sh
+
+#. Pool name missing
+
+   See `this bug report <https://savannah.gnu.org/bugs/?59614>`__.
+   Root pool name is missing from ``root=ZFS=rpool_$INST_UUID/ROOT/default``
+   kernel cmdline in generated ``grub.cfg`` file.
+
+   A workaround is to replace the pool name detection with ``zdb``
+   command::
+
+     sed -i "s|rpool=.*|rpool=\`zdb -l \${GRUB_DEVICE} \| grep -E '[[:blank:]]name' \| cut -d\\\' -f 2\`|"  /etc/grub.d/10_linux
+
+   Caution:  this fix must be applied after every GRUB update and before generating the menu.
+
+Install GRUB
+~~~~~~~~~~~~~~~~~~~~
+
+#. If using virtio disk, add driver to initrd::
+
+    echo 'filesystems+=" virtio_blk "' >> /etc/dracut.conf.d/fs.conf
+
+#. Create empty cache file and generate initrd::
+
+    rm -f /etc/zfs/zpool.cache
+    touch /etc/zfs/zpool.cache
+    chmod a-w /etc/zfs/zpool.cache
+    chattr +i /etc/zfs/zpool.cache
+
+    for directory in /lib/modules/*; do
+      kernel_version=$(basename $directory)
+      dracut --force --kver $kernel_version
+    done
+
+#. Load ZFS modules and disable BLS::
+
+    echo 'GRUB_ENABLE_BLSCFG=false' >> /etc/default/grub
+
+#. If using legacy booting, install GRUB to every disk::
+
+    for i in ${DISK}; do
+     grub2-install --target=i386-pc $i
+    done
+
+#. If using EFI::
+
+    for i in ${DISK}; do
+     efibootmgr -cgp 1 -l "\EFI\almalinux\shimx64.efi" \
+     -L "almalinux-${i##*/}" -d ${i}
+    done
+    cp -r /usr/lib/grub/x86_64-efi/ /boot/efi/EFI/almalinux/
+
+#. Generate GRUB Menu:
+
+   Generate menu::
+
+    grub2-mkconfig -o /boot/grub2/grub.cfg
+    cp /boot/grub2/grub.cfg /boot/efi/EFI/almalinux/
+
+#. For both legacy and EFI booting: mirror ESP content::
+
+    ESP_MIRROR=$(mktemp -d)
+    unalias -a
+    cp -r /boot/efi/EFI $ESP_MIRROR
+    for i in /boot/efis/*; do
+     cp -r $ESP_MIRROR/EFI $i
+    done
+    rm -rf $ESP_MIRROR
+
+#. Notes for GRUB on RHEL
+
+   As bls is disabled, you will need to regenerate GRUB menu after each kernel upgrade.
+   Or else the new kernel will not be recognized and system will boot the old kernel
+   on reboot.
+
+Finish Installation
+~~~~~~~~~~~~~~~~~~~~
+
+#. Exit chroot::
+
+    exit
+
+#. Export pools::
+
+    umount -Rl /mnt
+    zpool export -a
+
+#. Reboot::
+
+    reboot
+
+#. On first reboot, the boot process will fail, with failure messages such
+   as "You are in Emergency Mode...Press Ctrl-D to continue".
+
+   Wait for the computer to automatically reboot and the problem will be resolved.
+
+Post installaion
+~~~~~~~~~~~~~~~~
+#. Install package groups::
+
+    dnf group list --hidden -v       # query package groups
+    dnf group install @gnome-desktop
+
+#. Add new user, configure swap.