diff --git a/zh_TW.Big5/books/handbook/config/chapter.sgml b/zh_TW.Big5/books/handbook/config/chapter.sgml
index 7d934c07fb..1a4597903c 100644
--- a/zh_TW.Big5/books/handbook/config/chapter.sgml
+++ b/zh_TW.Big5/books/handbook/config/chapter.sgml
@@ -1,3128 +1,3051 @@
ChernLeeWritten by MikeSmithBased on a tutorial written by MattDillonAlso based on tuning(7) written by 設定與效能調校(Tuning)概述system configurationsystem optimization在 &os; 使用過程中,相當重要的環節之一就是系統設定部分。
正確的系統設定,可以讓你減輕日後升級的頭痛壓力。
本章著重於介紹 &os; 的相關重要設定上,包括一些可以調整 &os; 效能的參數設定。
讀完這章,您將了解:如何有效運用檔案系統以及 swap 分割區。rc.conf 的設定與 /usr/local/etc/rc.d 的啟動架構。如何設定、測試網路卡。如何設定 virtual hosts。如何設定 /etc 內的各種設定檔。如何以 sysctl 來調整 &os; 的系統效能。如何調整硬碟效能,以及更改 kernel 限制。在開始閱讀這章之前,您需要︰瞭解 &unix; 及 &os; 相關基本概念()。要有設定、編譯 kernel 的基礎概念()。一開始的規劃規劃分割區(Partition)partition layout/etc/var/usrBase Partitions
- 用 &man.disklabel.8; 或 &man.sysinstall.8; 來規劃檔案系統時,請記住:
+ 用 &man.bsdlabel.8; 或 &man.sysinstall.8; 來規劃檔案系統時,請記住:
硬碟在傳輸資料方面,(由於結構為碟片因素)外圈會比內圈來得快些。
因此,建議把較小、常會存取的分割區儘量放外圈,而較大的分割區像是
/usr 則應放在較內圈。
建議建立分割區的順序,以像是:root, swap,
/var, /usr 這樣順序來建立會較妥。/var 的大小要視機器的用途而定。
/var 是用來放
信箱、log 紀錄檔以及印表機佇列(spools)。 信箱以及記錄檔的成長幅度可能無法預估,
因為這些成長幅度乃是取決於多少用戶、要放多久等管理原則而定。
通常這些使用者並沒有用到 1 GB 以上,但請切記:至少要保留一定空間給 /var/tmp
以便存放 packages。
而 /usr 分割區主要是用來放系統運作時所需的檔案、工具程式等,例如:
&man.ports.7; collection(建議安裝)跟 source tree(optional)。
在安裝 FreeBSD 時,這兩者都是可選擇裝與不裝的。
不過,這個分割區建議至少要有 2 GB 空間以上才夠用。規劃分割區大小時,記得多保留些成長空間。
否則若某個分割區滿了,但另一個分割區卻還剩很多空間,就會相當困窘。有些人可能會發現 &man.sysinstall.8; 的
Auto-defaults(自動預設值) 所做的分割區大小,
有時候會把 /var 以及 / 分割區設太小了。
我們建議是:請依使用情況以及需求,來手動調整相關分割區大小。Swap 分割區swap sizingswap partition根據經驗法則,通常 swap 分割區應該設為系統記憶體(RAM)大小的兩倍即可。
舉例來說:若機器有 128 MB RAM 的話,那麼
swap 則應該設為 256 MB。 Systems with
less memory may perform better with more swap.
Less than 256 megabytes of swap is not recommended and
memory expansion should be considered.
The kernel's VM paging algorithms are tuned to
perform best when the swap partition is at least two times the
size of main memory. Configuring too little swap can lead to
inefficiencies in the VM page scanning code and might create
issues later if more memory is added.On larger systems with multiple SCSI disks (or
multiple IDE disks operating on different controllers), it is
recommend that a swap is configured on each drive (up
to four drives). The swap partitions should be
approximately the same size. The kernel can handle arbitrary
sizes but internal data structures scale to 4 times the
largest swap partition. Keeping the swap partitions near the
same size will allow the kernel to optimally stripe swap space
across disks.
Large swap sizes are fine, even if swap is not
used much. It might be easier to recover
from a runaway program before being forced to reboot.為何要規劃 Partition?Several users think a single large partition will be fine,
but there are several reasons why this is a bad idea.
First, each partition has different operational
characteristics and separating them allows the file system to
tune accordingly. For example, the root
and /usr partitions are read-mostly, without
much writing. While a lot of reading and writing could
occur in /var and
/var/tmp.By properly partitioning a system, fragmentation
introduced in the smaller write heavy partitions
will not bleed over into the mostly-read partitions.
Keeping the write-loaded partitions closer to
the disk's edge,
will
increase I/O performance in the partitions where it occurs
the most. Now while I/O
performance in the larger partitions may be needed,
shifting them more toward the edge of the disk will not
lead to a significant performance improvement over moving
/var to the edge.
Finally, there are safety concerns. A smaller, neater root
partition which is mostly read-only has a greater
chance of surviving a bad crash.最主要的設定檔rc filesrc.confThe principal location for system configuration information
is within /etc/rc.conf. This file
contains a wide range of configuration information, principally
used at system startup to configure the system. Its name
directly implies this; it is configuration information for the
rc* files.An administrator should make entries in the
rc.conf file to
override the default settings from
/etc/defaults/rc.conf. The defaults file
should not be copied verbatim to /etc - it
contains default values, not examples. All system-specific
changes should be made in the rc.conf
file itself.A number of strategies may be applied in clustered
applications to separate site-wide configuration from
system-specific configuration in order to keep administration
overhead down. The recommended approach is to place site-wide
configuration into another file,
such as /etc/rc.conf.site, and then include
this file into /etc/rc.conf, which will
contain only system-specific information.As rc.conf is read by &man.sh.1; it is
trivial to achieve this. For example:rc.conf: . /etc/rc.conf.site
hostname="node15.example.com"
network_interfaces="fxp0 lo0"
ifconfig_fxp0="inet 10.1.1.1"rc.conf.site: defaultrouter="10.1.1.254"
saver="daemon"
blanktime="100"The rc.conf.site file can then be
distributed to every system using rsync or a
similar program, while the rc.conf file
remains unique.Upgrading the system using &man.sysinstall.8;
or make world will not overwrite the
rc.conf
file, so system configuration information will not be lost.各式應用程式的設定檔Typically, installed applications have their own
configuration files, with their own syntax, etc. It is
important that these files be kept separate from the base
system, so that they may be easily located and managed by the
package management tools./usr/local/etcTypically, these files are installed in
/usr/local/etc. In the case where an
application has a large number of configuration files, a
subdirectory will be created to hold them.Normally, when a port or package is installed, sample
configuration files are also installed. These are usually
identified with a .default suffix. If there
are no existing
configuration files for the application, they will be created by
copying the .default files.For example, consider the contents of the directory
/usr/local/etc/apache:-rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf
-rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf.default
-rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf
-rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf.default
-rw-r--r-- 1 root wheel 12205 May 20 1998 magic
-rw-r--r-- 1 root wheel 12205 May 20 1998 magic.default
-rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types
-rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types.default
-rw-r--r-- 1 root wheel 7980 May 20 1998 srm.conf
-rw-r--r-- 1 root wheel 7933 May 20 1998 srm.conf.defaultThe file sizes show that only the srm.conf
file has been changed. A later update of the Apache port would not
overwrite this changed file.TomRhodesContributed by 各種 Services 的啟動方式servicesMany users choose to install third party software on &os;
from the Ports Collection. In many of these situations it
may be necessary to configure the software in a manner which
will allow it to be started upon system initialization. Services,
such as mail/postfix or
www/apache13 are just two
of the many software packages which may be started during system
initialization. This section explains the procedures available
for starting third party software.In &os;, most included services, such as &man.cron.8;, are
started through the system start up scripts. These scripts may
differ depending on &os; or vendor version; however, the most
important aspect to consider is that their start up configuration
can be handled through simple startup scripts.Before the advent of rc.d, applications would drop a
simple start up script into the
/usr/local/etc/rc.d
directory which would be read by the system initialization
scripts. These scripts would then be executed during the latter
stages of system start up.While many individuals have spent hours trying to merge the
old configuration style into the new system, the fact remains
that some third party utilities still require a script simply
dropped into the aforementioned directory. The subtle differences
in the scripts depend whether or not rc.d is being used. Prior
to &os; 5.1 the old configuration style is used and in
almost all cases a new style script would do just fine.While every script must meet some minimal requirements, most
of the time these requirements are &os; version
agnostic. Each script must have a .sh
extension appended to the end and every script must be
executable by the system. The latter may be achieved by using
the chmod command and setting the unique permissions
of 755. There should also be, at minimal,
an option to start the application and an
option to stop the application.The simplest start up script would probably look a little
bit like this one:#!/bin/sh
echo -n ' utility'
case "$1" in
start)
/usr/local/bin/utility
;;
stop)
kill -9 `cat /var/run/utility.pid`
;;
*)
- echo "Usage: `basename $0` {start|stop}" >&2
+ echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac
exit 0This script provides for a stop and
start option for
the application hereto referred simply as
utility.Could be started manually with:&prompt.root; /usr/local/etc/rc.d/utility.sh startWhile not all third party software requires the line in
rc.conf, almost every day a new port will
be modified to accept this configuration. Check the final output
of the installation for more information on a specific
application. Some third party software will provide start up
scripts which permit the application to be used with
rc.d; although, this will be discussed in the next section.Extended Application ConfigurationNow that &os; includes rc.d, configuration
of application startup has become easier, and more
featureful. Using the key words discussed in the
rc.d section,
applications may now be set to start after certain other
services for example DNS; may permit extra
flags to be passed through rc.conf in
place of hard coded flags in the start up script, etc. A
basic script may look similar to the following:#!/bin/sh
#
# PROVIDE: utility
# REQUIRE: DAEMON
# KEYWORD: shutdown
#
# DO NOT CHANGE THESE DEFAULT VALUES HERE
# SET THEM IN THE /etc/rc.conf FILE
#
utility_enable=${utility_enable-"NO"}
utility_flags=${utility_flags-""}
utility_pidfile=${utility_pidfile-"/var/run/utility.pid"}
. /etc/rc.subr
name="utility"
rcvar=`set_rcvar`
command="/usr/local/sbin/utility"
load_rc_config $name
pidfile="${utility_pidfile}"
start_cmd="echo \"Starting ${name}.\"; /usr/bin/nice -5 ${command} ${utility_flags} ${command_args}"
run_rc_command "$1"This script will ensure that the provided
utility will be started after the
daemon service. It also provides a method
for setting and tracking the PID, or process
ID file.This application could then have the following line placed
in /etc/rc.conf:utility_enable="YES"This new method also allows for easier manipulation of the
command line arguments, inclusion of the default functions
provided in /etc/rc.subr, compatibility
with the &man.rcorder.8; utility and provides for easier
configuration via the rc.conf file.以 Services 來啟動各式 ServicesOther services, such as POP3 server
daemons, IMAP, etc. could be started using
the &man.inetd.8;. This involves installing the service
utility from the Ports Collection with a configuration line
appended to the /etc/inetd.conf file,
or uncommenting one of the current configuration lines. Working
with inetd and its configuration is
described in depth in the
inetd section.In some cases, it may be more plausible to use the
&man.cron.8; daemon to start system services. This approach
has a number of advantages because cron runs
these processes as the crontab's file
owner. This allows regular users to start and maintain some
applications.The cron utility provides a unique
feature, @reboot, which may be used in place
of the time specification. This will cause the job to be run
when &man.cron.8; is started, normally during system
initialization.TomRhodesContributed by 設定 croncronconfiguration&os; 最好用的工具之一就是 &man.cron.8;。
cron 會在背景下運作,並不斷檢查
/etc/crontab 檔以及 /var/cron/tabs 目錄,來搜尋是否有新 crontab 檔案。
這些 crontab 檔會存放一些排程工作的設定,來給 cron 執行。cron 程式,可同時採用兩種不同類型的設定檔:系統本身的 crontab
及使用者本身的 crontab。而兩種格式唯一差別在於第六欄的不同;In the
system crontab, the sixth field is the name of a user for the command
to run as. This gives the system crontab the ability to run commands
as any user. In a user crontab, the sixth field is the command to run,
and all commands run as the user who created the crontab; this is an
important security feature.User crontabs allow individual users to schedule tasks without the
need for root privileges. Commands in a user's crontab run with the
permissions of the user who owns the crontab.The root user can have a user crontab just like
any other user. This one is different from
/etc/crontab (the system crontab). Because of the
system crontab, there is usually no need to create a user crontab
for root.Let us take a look at the /etc/crontab file
(the system crontab):# /etc/crontab - root's crontab for &os;
#
# $&os;: src/etc/crontab,v 1.32 2002/11/22 16:13:39 tom Exp $
#
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#
#
#minute hour mday month wday who command
#
#
*/5 * * * * root /usr/libexec/atrun Like most &os; configuration files, the #
character represents a comment. A comment can be placed in
the file as a reminder of what and why a desired action is performed.
Comments cannot be on the same line as a command or else they will
be interpreted as part of the command; they must be on a new line.
Blank lines are ignored.First, the environment must be defined. The equals
(=) character is used to define any environment
settings, as with this example where it is used for the SHELL,
PATH, and HOME options. If the shell line is
omitted, cron will use the default, which is
sh. If the PATH variable is
omitted, no default will be used and file locations will need to
be absolute. If HOME is omitted, cron
will use the invoking users home directory.This line defines a total of seven fields. Listed here are the
values minute, hour,
mday, month, wday,
who, and command. These
are almost all self explanatory. minute is the time in minutes the
command will be run. hour is similar to the minute option, just in
hours. mday stands for day of the month. month is similar to hour
and minute, as it designates the month. The wday option stands for
day of the week. All these fields must be numeric values, and follow
the twenty-four hour clock. The who field is special,
and only exists in the /etc/crontab file.
This field specifies which user the command should be run as.
When a user installs his or her crontab file, they
will not have this option. Finally, the command option is listed.
This is the last field, so naturally it should designate the command
to be executed.This last line will define the values discussed above. Notice here
we have a */5 listing, followed by several more
* characters. These * characters
mean first-last, and can be interpreted as
every time. So, judging by this line,
it is apparent that the atrun command is to be invoked by
root every five minutes regardless of what
day or month it is. For more information on the atrun command,
see the &man.atrun.8; manual page.Commands can have any number of flags passed to them; however,
commands which extend to multiple lines need to be broken with the backslash
\ continuation character.This is the basic set up for every
crontab file, although there is one thing
different about this one. Field number six, where we specified
the username, only exists in the system
/etc/crontab file. This field should be
omitted for individual user crontab
files.工作排程(Crontab)的排定與管理You must not use the procedure described here to
edit/install the system crontab. Simply use your favorite
editor: the cron utility will notice that the file
has changed and immediately begin using the updated version.
See
this FAQ entry for more information.To install a freshly written user
crontab, first use your favorite editor to create
a file in the proper format, and then use the
crontab utility. The most common usage
is:&prompt.user; crontab crontab-fileIn this example, crontab-file is the filename
of a crontab that was previously created.There is also an option to list installed
crontab files: just pass the
option to crontab and look
over the output.For users who wish to begin their own crontab file from scratch,
without the use of a template, the crontab -e
option is available. This will invoke the selected editor
with an empty file. When the file is saved, it will be
automatically installed by the crontab command.
If you later want to remove your user crontab
completely, use crontab with the
option.
TomRhodesContributed by 在 &os; 5.X (含之後) 使用 rc從 2002 年起,&os; 整合了 NetBSD 的 rc.d 機制來作為系統服務啟動機制。
可以到 /etc/rc.d 目錄下去看,很多檔案都是基本服務,可以用 ,
及 作為使用時的選項。
舉個例子,可以用下列指令來重新啟動 &man.sshd.8;:&prompt.root; /etc/rc.d/sshd restart其他服務也是類似作法。當然,
服務通常只要在 &man.rc.conf.5; 內有指定的話,都會在開機時就自動啟動。舉例來說,若要開機時啟動 NAT(Network Address
Translation) daemon 的話,只要在 /etc/rc.conf 內加上下列這行即可:natd_enable="YES"若原本寫的是 那麼只要把 改為
就好了。rc scripts 會在下次重開機時,自動載入相關(有相依)的服務,以下我們會講到這部分。Since the rc.d system is primarily
intended to start/stop services at system startup/shutdown time,
the standard ,
and options will only
perform their action if the appropriate
/etc/rc.conf variables are set. For
instance the above sshd restart command will
only work if sshd_enable is set to
in /etc/rc.conf. To
, or
a service regardless of the settings in
/etc/rc.conf, the commands should be
prefixed with force. For instance to restart
sshd regardless of the current
/etc/rc.conf setting, execute the following
command:&prompt.root; /etc/rc.d/sshd forcerestartIt is easy to check if a service is enabled in
/etc/rc.conf by running the appropriate
rc.d script with the option
. Thus, an administrator can check that
sshd is in fact enabled in
/etc/rc.conf by running:&prompt.root; /etc/rc.d/sshd rcvar
# sshd
$sshd_enable=YESThe second line (# sshd) is the output
from the sshd command, not a root
console.若要檢查服務是否有在運作,可以用 選項來查詢。比如:若要確認
sshd 是否真的有啟動的話,那麼打:&prompt.root; /etc/rc.d/sshd status
sshd is running as pid 433.In some cases it is also possible to a service.
This will attempt to send a signal to an individual service, forcing the
service to reload its configuration files. In most cases this
means sending the service a SIGHUP
signal. Support for this feature is not included for every service.The rc.d system is not only used for network services, it also
contributes to most of the system initialization. For
instance, consider the bgfsck file. When
this script is executed, it will print out the following
message:Starting background file system checks in 60 seconds.Therefore this file is used for background file system
checks, which are done only during system initialization.Many system services depend on other services to function
properly. For example, NIS and other RPC-based services may
fail to start until after the rpcbind
(portmapper) service has started. To resolve this issue,
information about dependencies and other meta-data is included
in the comments at the top of each startup script. The
&man.rcorder.8; program is then used to parse these comments
during system initialization to determine the order in which
system services should be invoked to satisfy the dependencies.
The following words may be included at the top of each startup
file:PROVIDE: Specifies the services this file provides.REQUIRE: Lists services which are required for this
service. This file will run after
the specified services.BEFORE: Lists services which depend on this service.
This file will run before
the specified services.By using this method, an administrator can easily control system
services without the hassle of runlevels like
some other &unix; operating systems.Additional information about the
rc.d system can be found in the &man.rc.8;
and &man.rc.subr.8; manual pages.MarcFonvieilleContributed by 設定網路卡network cardsconfigurationNowadays we can not think about a computer without thinking
about a network connection. Adding and configuring a network
card is a common task for any &os; administrator.選擇正確、可用的驅動程式(Driver)network cardsdriverBefore you begin, you should know the model of the card
you have, the chip it uses, and whether it is a PCI or ISA card.
&os; supports a wide variety of both PCI and ISA cards.
Check the Hardware Compatibility List for your release to see
if your card is supported.Once you are sure your card is supported, you need
to determine the proper driver for the card.
/usr/src/sys/conf/NOTES and
/usr/src/sys/arch/conf/NOTES will give you
the list of network interface drivers with some information
about the supported chipsets/cards. If you have doubts about
which driver is the correct one, read the manual page of the
driver. The manual page will give you more information about
the supported hardware and even the possible problems that
could occur.
-
- NOTES does not exist on
- &os; 4.X. Instead, check the LINT
- file for information about various network interfaces. See
- for a more detailed
- summary of NOTES versus
- LINT.
-
-
If you own a common card, most of the time you will not
have to look very hard for a driver. Drivers for common
network cards are present in the GENERIC
kernel, so your card should show up during boot, like so:dc0: <82c169 PNIC 10/100BaseTX> port 0xa000-0xa0ff mem 0xd3800000-0xd38
000ff irq 15 at device 11.0 on pci0
dc0: Ethernet address: 00:a0:cc:da:da:da
miibus0: <MII bus> on dc0
ukphy0: <Generic IEEE 802.3u media interface> on miibus0
ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
dc1: <82c169 PNIC 10/100BaseTX> port 0x9800-0x98ff mem 0xd3000000-0xd30
000ff irq 11 at device 12.0 on pci0
dc1: Ethernet address: 00:a0:cc:da:da:db
miibus1: <MII bus> on dc1
ukphy1: <Generic IEEE 802.3u media interface> on miibus1
ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, autoIn this example, we see that two cards using the &man.dc.4;
driver are present on the system.If the driver for your NIC is not present in
GENERIC, you will need to load the proper
driver to use your NIC. This may be accomplished in one of
two ways:The easiest way is to simply load a kernel module for
your network card with &man.kldload.8;. Not all NIC
drivers are available as modules; notable examples of
devices for which modules do not exist are ISA cards.Alternatively, you may statically compile the support
for your card into your kernel. Check
/usr/src/sys/conf/NOTES,
/usr/src/sys/arch/conf/NOTES
and the manual page of the driver to know what to add in
your kernel configuration file. For more information
about recompiling your kernel, please see . If your card was detected at
boot by your kernel (GENERIC) you do
not have to build a new kernel.設定網路卡network cardsconfigurationOnce the right driver is loaded for the network card, the
card needs to be configured. As with many other things, the
network card may have been configured at installation time by
sysinstall.To display the configuration for the network interfaces on
your system, enter the following command:&prompt.user; ifconfig
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.3 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:a0:cc:da:da:da
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:a0:cc:da:da:db
media: Ethernet 10baseT/UTP
status: no carrier
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500Old versions of &os; may require the
option following &man.ifconfig.8;, for more details about the
correct syntax of &man.ifconfig.8;, please refer to the manual
page. Note also that entries concerning IPv6
(inet6 etc.) were omitted in this
example.In this example, the following devices were
displayed:dc0: The first Ethernet
interfacedc1: The second Ethernet
interfacelp0: The parallel port
interfacelo0: The loopback devicetun0: The tunnel device used by
ppp&os; uses the driver name followed by the order in
which one the card is detected at the kernel boot to name the
network card. For example sis2 would
be the third network card on the system using the &man.sis.4;
driver.In this example, the dc0 device is
up and running. The key indicators are:UP means that the card is configured
and ready.The card has an Internet (inet)
address (in this case
192.168.1.3).It has a valid subnet mask (netmask;
0xffffff00 is the same as
255.255.255.0).It has a valid broadcast address (in this case,
192.168.1.255).The MAC address of the card (ether)
is 00:a0:cc:da:da:daThe physical media selection is on autoselection mode
(media: Ethernet autoselect (100baseTX
<full-duplex>)). We see that
dc1 was configured to run with
10baseT/UTP media. For more
information on available media types for a driver, please
refer to its manual page.The status of the link (status)
is active, i.e. the carrier is detected.
For dc1, we see
status: no carrier. This is normal when
an Ethernet cable is not plugged into the card.If the &man.ifconfig.8; output had shown something similar
to:dc0: flags=8843<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 00:a0:cc:da:da:dait would indicate the card has not been configured.To configure your card, you need root
privileges. The network card configuration can be done from the
command line with &man.ifconfig.8; but you would have to do it
after each reboot of the system. The file
/etc/rc.conf is where to add the network
card's configuration.Open /etc/rc.conf in your favorite
editor. You need to add a line for each network card present on
the system, for example in our case, we added these lines:ifconfig_dc0="inet 192.168.1.3 netmask 255.255.255.0"
ifconfig_dc1="inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP"You have to replace dc0,
dc1, and so on, with
the correct device for your cards, and the addresses with the
proper ones. You should read the card driver and
&man.ifconfig.8; manual pages for more details about the allowed
options and also &man.rc.conf.5; manual page for more
information on the syntax of
/etc/rc.conf.If you configured the network during installation, some
lines about the network card(s) may be already present. Double
check /etc/rc.conf before adding any
lines.You will also have to edit the file
/etc/hosts to add the names and the IP
addresses of various machines of the LAN, if they are not already
there. For more information please refer to &man.hosts.5;
and to /usr/share/examples/etc/hosts.測試與疑難排除Once you have made the necessary changes in
/etc/rc.conf, you should reboot your
system. This will allow the change(s) to the interface(s) to
be applied, and verify that the system restarts without any
configuration errors.Once the system has been rebooted, you should test the
network interfaces.測試乙太網路卡(Ethernet Card)network cardstestingTo verify that an Ethernet card is configured correctly,
you have to try two things. First, ping the interface itself,
and then ping another machine on the LAN.First test the local interface:&prompt.user; ping -c5 192.168.1.3
PING 192.168.1.3 (192.168.1.3): 56 data bytes
64 bytes from 192.168.1.3: icmp_seq=0 ttl=64 time=0.082 ms
64 bytes from 192.168.1.3: icmp_seq=1 ttl=64 time=0.074 ms
64 bytes from 192.168.1.3: icmp_seq=2 ttl=64 time=0.076 ms
64 bytes from 192.168.1.3: icmp_seq=3 ttl=64 time=0.108 ms
64 bytes from 192.168.1.3: icmp_seq=4 ttl=64 time=0.076 ms
--- 192.168.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.074/0.083/0.108/0.013 msNow we have to ping another machine on the LAN:&prompt.user; ping -c5 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.726 ms
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.766 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=0.700 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.747 ms
64 bytes from 192.168.1.2: icmp_seq=4 ttl=64 time=0.704 ms
--- 192.168.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.700/0.729/0.766/0.025 msYou could also use the machine name instead of
192.168.1.2 if you have set up the
/etc/hosts file.疑難排除network cardstroubleshootingTroubleshooting hardware and software configurations is always
a pain, and a pain which can be alleviated by checking the simple
things first. Is your network cable plugged in? Have you properly
configured the network services? Did you configure the firewall
correctly? Is the card you are using supported by &os;? Always
check the hardware notes before sending off a bug report. Update
your version of &os; to the latest STABLE version. Check the
mailing list archives, or perhaps search the Internet.If the card works, yet performance is poor, it would be
worthwhile to read over the &man.tuning.7; manual page. You
can also check the network configuration as incorrect network
settings can cause slow connections.Some users experience one or two device
timeout messages, which is normal for some cards. If they
continue, or are bothersome, you may wish to be sure the
device is not conflicting with another device. Double check
the cable connections. Perhaps you may just need to get
another card.At times, users see a few watchdog timeout
errors. The first thing to do here is to check your network
cable. Many cards require a PCI slot which supports Bus
Mastering. On some old motherboards, only one PCI slot allows
it (usually slot 0). Check the network card and the
motherboard documentation to determine if that may be the
problem.No route to host messages occur if the
system is unable to route a packet to the destination host.
This can happen if no default route is specified, or if a
cable is unplugged. Check the output of netstat
-rn and make sure there is a valid route to the host
you are trying to reach. If there is not, read on to .ping: sendto: Permission denied error
messages are often caused by a misconfigured firewall. If
ipfw is enabled in the kernel but no rules
have been defined, then the default policy is to deny all
traffic, even ping requests! Read on to for more information.Sometimes performance of the card is poor, or below average.
In these cases it is best to set the media selection mode
from autoselect to the correct media selection.
While this usually works for most hardware, it may not resolve
this issue for everyone. Again, check all the network settings,
and read over the &man.tuning.7; manual page.虛擬主機(Virtual Hosts)virtual hostsIP aliasesA very common use of &os; is virtual site hosting, where
one server appears to the network as many servers. This is
achieved by assigning multiple network addresses to a single
interface.A given network interface has one real address,
and may have any number of alias addresses.
These aliases are
normally added by placing alias entries in
/etc/rc.conf.An alias entry for the interface fxp0
looks like:ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"Note that alias entries must start with alias0 and proceed
upwards in order, (for example, _alias1, _alias2, and so on).
The configuration process will stop at the first missing number.
The calculation of alias netmasks is important, but
fortunately quite simple. For a given interface, there must be
one address which correctly represents the network's netmask.
Any other addresses which fall within this network must have a
netmask of all 1s (expressed as either
255.255.255.255 or 0xffffffff).
For example, consider the case where the
fxp0 interface is
connected to two networks, the 10.1.1.0
network with a netmask of 255.255.255.0
and the 202.0.75.16 network with
a netmask of 255.255.255.240.
We want the system to appear at 10.1.1.1
through 10.1.1.5 and at
202.0.75.17 through
202.0.75.20. As noted above, only the
first address in a given network range (in this case,
10.0.1.1 and
202.0.75.17) should have a real
netmask; all the rest (10.1.1.2
through 10.1.1.5 and
202.0.75.18 through
202.0.75.20) must be configured with a
netmask of 255.255.255.255.The following /etc/rc.conf entries
configure the adapter correctly for this arrangement:ifconfig_fxp0="inet 10.1.1.1 netmask 255.255.255.0"
ifconfig_fxp0_alias0="inet 10.1.1.2 netmask 255.255.255.255"
ifconfig_fxp0_alias1="inet 10.1.1.3 netmask 255.255.255.255"
ifconfig_fxp0_alias2="inet 10.1.1.4 netmask 255.255.255.255"
ifconfig_fxp0_alias3="inet 10.1.1.5 netmask 255.255.255.255"
ifconfig_fxp0_alias4="inet 202.0.75.17 netmask 255.255.255.240"
ifconfig_fxp0_alias5="inet 202.0.75.18 netmask 255.255.255.255"
ifconfig_fxp0_alias6="inet 202.0.75.19 netmask 255.255.255.255"
ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"還有哪些主要設定檔呢?/etc LayoutThere are a number of directories in which configuration
information is kept. These include:/etcGeneric system configuration information; data here is
system-specific./etc/defaultsDefault versions of system configuration files./etc/mailExtra &man.sendmail.8; configuration, other
MTA configuration files.
/etc/pppConfiguration for both user- and kernel-ppp programs.
/etc/namedbDefault location for &man.named.8; data. Normally
named.conf and zone files are stored
here./usr/local/etcConfiguration files for installed applications.
May contain per-application subdirectories./usr/local/etc/rc.dStart/stop scripts for installed applications./var/dbAutomatically generated system-specific database files,
such as the package database, the locate database, and so
onHostnameshostnameDNS/etc/resolv.confresolv.conf/etc/resolv.conf dictates how &os;'s
resolver accesses the Internet Domain Name System (DNS).The most common entries to resolv.conf are:
nameserverThe IP address of a name server the resolver
should query. The servers are queried in the order
listed with a maximum of three.searchSearch list for hostname lookup. This is normally
determined by the domain of the local hostname.domainThe local domain name.A typical resolv.conf:search example.com
nameserver 147.11.1.11
nameserver 147.11.100.30Only one of the search and
domain options should be used.If you are using DHCP, &man.dhclient.8; usually rewrites
resolv.conf with information received from the
DHCP server./etc/hostshosts/etc/hosts is a simple text
database reminiscent of the old Internet. It works in
conjunction with DNS and NIS providing name to IP address
mappings. Local computers connected via a LAN can be placed
in here for simplistic naming purposes instead of setting up
a &man.named.8; server. Additionally,
/etc/hosts can be used to provide a
local record of Internet names, reducing the need to query
externally for commonly accessed names.# $&os;$
#
# Host Database
# This file should contain the addresses and aliases
# for local hosts that share this file.
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1 localhost localhost.my.domain myname.my.domain
127.0.0.1 localhost localhost.my.domain myname.my.domain
#
# Imaginary network.
#10.0.0.2 myname.my.domain myname
#10.0.0.3 myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers. PLEASE PLEASE PLEASE do not try
# to invent your own network numbers but instead get one from your
# network provider (if any) or from the Internet Registry (ftp to
# rs.internic.net, directory `/templates').
#/etc/hosts takes on the simple format
of:[Internet address] [official hostname] [alias1] [alias2] ...For example:10.0.0.1 myRealHostname.example.com myRealHostname foobar1 foobar2Consult &man.hosts.5; for more information.Log File Configurationlog filessyslog.confsyslog.confsyslog.conf is the configuration file
for the &man.syslogd.8; program. It indicates which types
of syslog messages are logged to particular
log files.# $&os;$
#
# Spaces ARE valid field separators in this file. However,
# other *nix-like systems still insist on using tabs as field
# separators. If you are sharing this file between systems, you
# may want to use only tabs as field separators here.
# Consult the syslog.conf(5) manual page.
*.err;kern.debug;auth.notice;mail.crit /dev/console
*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
mail.info /var/log/maillog
lpr.info /var/log/lpd-errs
cron.* /var/log/cron
*.err root
*.notice;news.err root
*.alert root
*.emerg *
# uncomment this to log all writes to /dev/console to /var/log/console.log
#console.info /var/log/console.log
# uncomment this to enable logging of all log messages to /var/log/all.log
#*.* /var/log/all.log
# uncomment this to enable logging to a remote log host named loghost
#*.* @loghost
# uncomment these if you're running inn
# news.crit /var/log/news/news.crit
# news.err /var/log/news/news.err
# news.notice /var/log/news/news.notice
!startslip
*.* /var/log/slip.log
!ppp
*.* /var/log/ppp.logConsult the &man.syslog.conf.5; manual page for more
information.newsyslog.confnewsyslog.confnewsyslog.conf is the configuration
file for &man.newsyslog.8;, a program that is normally scheduled
to run by &man.cron.8;. &man.newsyslog.8; determines when log
files require archiving or rearranging.
logfile is moved to
logfile.0, logfile.0
is moved to logfile.1, and so on.
Alternatively, the log files may be archived in &man.gzip.1; format
causing them to be named: logfile.0.gz,
logfile.1.gz, and so on.newsyslog.conf indicates which log
files are to be managed, how many are to be kept, and when
they are to be touched. Log files can be rearranged and/or
archived when they have either reached a certain size, or at a
certain periodic time/date.# configuration file for newsyslog
# $&os;$
#
# filename [owner:group] mode count size when [ZB] [/pid_file] [sig_num]
/var/log/cron 600 3 100 * Z
/var/log/amd.log 644 7 100 * Z
/var/log/kerberos.log 644 7 100 * Z
/var/log/lpd-errs 644 7 100 * Z
/var/log/maillog 644 7 * @T00 Z
/var/log/sendmail.st 644 10 * 168 B
/var/log/messages 644 5 100 * Z
/var/log/all.log 600 7 * @T00 Z
/var/log/slip.log 600 3 100 * Z
/var/log/ppp.log 600 3 100 * Z
/var/log/security 600 10 100 * Z
/var/log/wtmp 644 3 * @01T05 B
/var/log/daily.log 640 7 * @T00 Z
/var/log/weekly.log 640 5 1 $W6D0 Z
/var/log/monthly.log 640 12 * $M1D0 Z
/var/log/console.log 640 5 100 * ZConsult the &man.newsyslog.8; manual page for more
information.sysctl.confsysctl.confsysctlsysctl.conf looks much like
rc.conf. Values are set in a
variable=value
form. The specified values are set after the system goes into
multi-user mode. Not all variables are settable in this mode.A sample sysctl.conf turning off logging
of fatal signal exits and letting Linux programs know they are really
running under &os;:kern.logsigexit=0 # Do not log fatal signal exits (e.g. sig 11)
compat.linux.osname=&os;
compat.linux.osrelease=4.3-STABLETuning with sysctlsysctltuningwith sysctl&man.sysctl.8; is an interface that allows you to make changes
to a running &os; system. This includes many advanced
options of the TCP/IP stack and virtual memory system that can
dramatically improve performance for an experienced system
administrator. Over five hundred system variables can be read
and set using &man.sysctl.8;.At its core, &man.sysctl.8; serves two functions: to read and
to modify system settings.To view all readable variables:&prompt.user; sysctl -aTo read a particular variable, for example,
kern.maxproc:&prompt.user; sysctl kern.maxproc
kern.maxproc: 1044To set a particular variable, use the intuitive
variable=value
syntax:&prompt.root; sysctl kern.maxfiles=5000
-kern.maxfiles: 2088 -> 5000
+kern.maxfiles: 2088 -> 5000
Settings of sysctl variables are usually either strings,
numbers, or booleans (a boolean being 1 for yes
or a 0 for no).If you want to set automatically some variables each time
the machine boots, add them to the
/etc/sysctl.conf file. For more information
see the &man.sysctl.conf.5; manual page and the
.TomRhodesContributed by &man.sysctl.8; Read-onlyIn some cases it may be desirable to modify read-only &man.sysctl.8;
values. While this is sometimes unavoidable, it can only be done
on (re)boot.For instance on some laptop models the &man.cardbus.4; device will
not probe memory ranges, and fail with errors which look similar to:cbb0: Could not map register memory
device_probe_and_attach: cbb0 attach returned 12Cases like the one above usually require the modification of some
default &man.sysctl.8; settings which are set read only. To overcome
these situations a user can put &man.sysctl.8; OIDs
in their local /boot/loader.conf. Default
settings are located in the /boot/defaults/loader.conf
file.Fixing the problem mentioned above would require a user to set
in the aforementioned
file. Now &man.cardbus.4; will work properly.Tuning DisksSysctl Variablesvfs.vmiodirenablevfs.vmiodirenableThe vfs.vmiodirenable sysctl variable
may be set to either 0 (off) or 1 (on); it is 1 by default.
This variable controls how directories are cached by the
system. Most directories are small, using just a single
fragment (typically 1 K) in the file system and less
(typically 512 bytes) in the buffer cache.
With this variable turned off (to 0), the buffer
cache will only cache a fixed number of directories even if
you have a huge amount of memory. When turned on (to 1), this sysctl
allows the buffer cache to use the VM Page Cache to cache the
directories, making all the memory available for caching
directories. However,
the minimum in-core memory used to cache a directory is the
physical page size (typically 4 K) rather than 512
bytes. We recommend keeping this option on if you are running
any services which manipulate large numbers of files. Such
services can include web caches, large mail systems, and news
systems. Keeping this option on will generally not reduce
performance even with the wasted memory but you should
experiment to find out.vfs.write_behindvfs.write_behindThe vfs.write_behind sysctl variable
defaults to 1 (on). This tells the file system
to issue media writes as full clusters are collected, which
typically occurs when writing large sequential files. The idea
is to avoid saturating the buffer cache with dirty buffers when
it would not benefit I/O performance. However, this may stall
processes and under certain circumstances you may wish to turn it
off.vfs.hirunningspacevfs.hirunningspaceThe vfs.hirunningspace sysctl variable
determines how much outstanding write I/O may be queued to disk
controllers system-wide at any given instance. The default is
usually sufficient but on machines with lots of disks you may
want to bump it up to four or five megabytes.
Note that setting too high a value (exceeding the buffer cache's
write threshold) can lead to extremely bad clustering
performance. Do not set this value arbitrarily high! Higher
write values may add latency to reads occurring at the same time.
There are various other buffer-cache and VM page cache
- related sysctls. We do not recommend modifying these values. As
- of &os; 4.3, the VM system does an extremely good job of
+ related sysctls. We do not recommend modifying these values,
+ the VM system does an extremely good job of
automatically tuning itself.vm.swap_idle_enabledvm.swap_idle_enabledThe vm.swap_idle_enabled sysctl variable
is useful in large multi-user systems where you have lots of
users entering and leaving the system and lots of idle processes.
Such systems tend to generate a great deal of continuous pressure
on free memory reserves. Turning this feature on and tweaking
the swapout hysteresis (in idle seconds) via
vm.swap_idle_threshold1 and
vm.swap_idle_threshold2 allows you to depress
the priority of memory pages associated with idle processes more
quickly then the normal pageout algorithm. This gives a helping
hand to the pageout daemon. Do not turn this option on unless
you need it, because the tradeoff you are making is essentially
pre-page memory sooner rather than later; thus eating more swap
and disk bandwidth. In a small system this option will have a
determinable effect but in a large system that is already doing
moderate paging this option allows the VM system to stage whole
processes into and out of memory easily.hw.ata.wchw.ata.wc&os; 4.3 flirted with turning off IDE write caching.
This reduced write bandwidth to IDE disks but was considered
necessary due to serious data consistency issues introduced
by hard drive vendors. The problem is that IDE
drives lie about when a write completes. With IDE write
caching turned on, IDE hard drives not only write data
to disk out of order, but will sometimes delay writing some
blocks indefinitely when under heavy disk loads. A crash or
power failure may cause serious file system corruption.
&os;'s default was changed to be safe. Unfortunately, the
result was such a huge performance loss that we changed
write caching back to on by default after the release. You
should check the default on your system by observing the
hw.ata.wc sysctl variable. If IDE write
caching is turned off, you can turn it back on by setting
the kernel variable back to 1. This must be done from the
boot loader at boot time. Attempting to do it after the
kernel boots will have no effect.For more information, please see &man.ata.4;.SCSI_DELAY
(kern.cam.scsi_delay)kern.cam.scsi_delaykernel optionsSCSI_DELAYThe SCSI_DELAY kernel config may be used to
reduce system boot times. The defaults are fairly high and can be
responsible for 15 seconds of delay in the
boot process. Reducing it to 5 seconds usually
works (especially with modern drives). Newer versions of &os;
(5.0 and higher) should use the kern.cam.scsi_delay
boot time tunable. The tunable, and kernel config option accept
values in terms of milliseconds and
notseconds.Soft UpdatesSoft UpdatestunefsThe &man.tunefs.8; program can be used to fine-tune a
file system. This program has many different options, but for
now we are only concerned with toggling Soft Updates on and
off, which is done by:&prompt.root; tunefs -n enable /filesystem
&prompt.root; tunefs -n disable /filesystemA filesystem cannot be modified with &man.tunefs.8; while
it is mounted. A good time to enable Soft Updates is before any
partitions have been mounted, in single-user mode.
- As of &os; 4.5, it is possible to enable Soft Updates
- at filesystem creation time, through use of the -U
- option to &man.newfs.8;.
-
Soft Updates drastically improves meta-data performance, mainly
file creation and deletion, through the use of a memory cache. We
recommend to use Soft Updates on all of your file systems. There
are two downsides to Soft Updates that you should be aware of: First,
Soft Updates guarantees filesystem consistency in the case of a crash
but could very easily be several seconds (even a minute!) behind
updating the physical disk. If your system crashes you may lose more
work than otherwise. Secondly, Soft Updates delays the freeing of
filesystem blocks. If you have a filesystem (such as the root
filesystem) which is almost full, performing a major update, such as
make installworld, can cause the filesystem to run
out of space and the update to fail.More Details about Soft UpdatesSoft UpdatesdetailsThere are two traditional approaches to writing a file
systems meta-data back to disk. (Meta-data updates are
updates to non-content data like inodes or
directories.)Historically, the default behavior was to write out
meta-data updates synchronously. If a directory had been
changed, the system waited until the change was actually
written to disk. The file data buffers (file contents) were
passed through the buffer cache and backed up
to disk later on asynchronously. The advantage of this
implementation is that it operates safely. If there is
a failure during an update, the meta-data are always in a
consistent state. A file is either created completely
or not at all. If the data blocks of a file did not find
their way out of the buffer cache onto the disk by the time
of the crash, &man.fsck.8; is able to recognize this and
repair the filesystem by setting the file length to
0. Additionally, the implementation is clear and simple.
The disadvantage is that meta-data changes are slow. An
rm -r, for instance, touches all the files
in a directory sequentially, but each directory
change (deletion of a file) will be written synchronously
to the disk. This includes updates to the directory itself,
to the inode table, and possibly to indirect blocks
allocated by the file. Similar considerations apply for
unrolling large hierarchies (tar -x).The second case is asynchronous meta-data updates. This
is the default for Linux/ext2fs and
mount -o async for *BSD ufs. All
meta-data updates are simply being passed through the buffer
cache too, that is, they will be intermixed with the updates
of the file content data. The advantage of this
implementation is there is no need to wait until each
meta-data update has been written to disk, so all operations
which cause huge amounts of meta-data updates work much
faster than in the synchronous case. Also, the
implementation is still clear and simple, so there is a low
risk for bugs creeping into the code. The disadvantage is
that there is no guarantee at all for a consistent state of
the filesystem. If there is a failure during an operation
that updated large amounts of meta-data (like a power
failure, or someone pressing the reset button),
the filesystem
will be left in an unpredictable state. There is no opportunity
to examine the state of the filesystem when the system
comes up again; the data blocks of a file could already have
been written to the disk while the updates of the inode
table or the associated directory were not. It is actually
impossible to implement a fsck which is
able to clean up the resulting chaos (because the necessary
information is not available on the disk). If the
filesystem has been damaged beyond repair, the only choice
is to use &man.newfs.8; on it and restore it from backup.
The usual solution for this problem was to implement
dirty region logging, which is also
referred to as journaling, although that
term is not used consistently and is occasionally applied
to other forms of transaction logging as well. Meta-data
updates are still written synchronously, but only into a
small region of the disk. Later on they will be moved
to their proper location. Because the logging
area is a small, contiguous region on the disk, there
are no long distances for the disk heads to move, even
during heavy operations, so these operations are quicker
than synchronous updates.
Additionally the complexity of the implementation is fairly
limited, so the risk of bugs being present is low. A disadvantage
is that all meta-data are written twice (once into the
logging region and once to the proper location) so for
normal work, a performance pessimization
might result. On the other hand, in case of a crash, all
pending meta-data operations can be quickly either rolled-back
or completed from the logging area after the system comes
up again, resulting in a fast filesystem startup.Kirk McKusick, the developer of Berkeley FFS,
solved this problem with Soft Updates: all pending
meta-data updates are kept in memory and written out to disk
in a sorted sequence (ordered meta-data
updates). This has the effect that, in case of
heavy meta-data operations, later updates to an item
catch the earlier ones if the earlier ones are still in
memory and have not already been written to disk. So all
operations on, say, a directory are generally performed in
memory before the update is written to disk (the data
blocks are sorted according to their position so
that they will not be on the disk ahead of their meta-data).
If the system crashes, this causes an implicit log
rewind: all operations which did not find their way
to the disk appear as if they had never happened. A
consistent filesystem state is maintained that appears to
be the one of 30 to 60 seconds earlier. The
algorithm used guarantees that all resources in use
are marked as such in their appropriate bitmaps: blocks and inodes.
After a crash, the only resource allocation error
that occurs is that resources are
marked as used which are actually free.
&man.fsck.8; recognizes this situation,
and frees the resources that are no longer used. It is safe to
ignore the dirty state of the filesystem after a crash by
forcibly mounting it with mount -f. In
order to free resources that may be unused, &man.fsck.8;
needs to be run at a later time. This is the idea behind
the background fsck: at system startup
time, only a snapshot of the
filesystem is recorded. The fsck can be
run later on. All file systems can then be mounted
dirty, so the system startup proceeds in
multiuser mode. Then, background fscks
will be scheduled for all file systems where this is required, to free
resources that may be unused. (File systems that do not use
Soft Updates still need the usual foreground
fsck though.)The advantage is that meta-data operations are nearly as
fast as asynchronous updates (i.e. faster than with
logging, which has to write the
meta-data twice). The disadvantages are the complexity of
the code (implying a higher risk for bugs in an area that
is highly sensitive regarding loss of user data), and a
higher memory consumption. Additionally there are some
idiosyncrasies one has to get used to.
After a crash, the state of the filesystem appears to be
somewhat older. In situations where
the standard synchronous approach would have caused some
zero-length files to remain after the
fsck, these files do not exist at all
with a Soft Updates filesystem because neither the meta-data
nor the file contents have ever been written to disk.
Disk space is not released until the updates have been
written to disk, which may take place some time after
running rm. This may cause problems
when installing large amounts of data on a filesystem
that does not have enough free space to hold all the files
twice.Tuning Kernel Limitstuningkernel limitsFile/Process Limitskern.maxfileskern.maxfileskern.maxfiles can be raised or
lowered based upon your system requirements. This variable
indicates the maximum number of file descriptors on your
system. When the file descriptor table is full,
file: table is full will show up repeatedly
in the system message buffer, which can be viewed with the
dmesg command.Each open file, socket, or fifo uses one file
descriptor. A large-scale production server may easily
require many thousands of file descriptors, depending on the
kind and number of services running concurrently.kern.maxfile's default value is
dictated by the option in your
kernel configuration file. kern.maxfiles grows
proportionally to the value of . When
compiling a custom kernel, it is a good idea to set this kernel
configuration option according to the uses of your system. From
this number, the kernel is given most of its pre-defined limits.
Even though a production machine may not actually have 256 users
connected at once, the resources needed may be similar to a
high-scale web server.
- Starting with &os; 4.5, the system will auto-tune
+ The system will auto-tune
maxusers for you if you explicitly set it to
0The auto-tuning algorithm sets
maxusers equal to the amount of memory in the
system, with a minimum of 32, and a maximum of 384.
- . In &os; 5.X and above, maxusers
- will default to 0 if not specified. If you
- are using an version of &os; earlier than 4.5, or you want to
- manage it yourself you will want to set
+ . When setting this option, you will want to set
maxusers to at least 4, especially if you are
using the X Window System or compiling software. The reason is that
the most important table set by maxusers is the
maximum number of processes, which is set to 20 + 16 *
maxusers, so if you set maxusers to 1,
then you can only have 36 simultaneous processes, including the 18
or so that the system starts up at boot time and the 15 or so you
will probably create when you start the X Window System. Even a
simple task like reading a manual page will start up nine
processes to filter, decompress, and view it. Setting
maxusers to 64 will allow you to have up to 1044
simultaneous processes, which should be enough for nearly all uses.
If, however, you see the dreaded proc table
full error when trying to start another program, or are
running a server with a large number of simultaneous users (like
ftp.FreeBSD.org), you can always
increase the number and rebuild.maxusers does not
limit the number of users which can log into your machine. It
simply sets various table sizes to reasonable values considering
the maximum number of users you will likely have on your system
and how many processes each of them will be running. One keyword
which does limit the number of simultaneous
remote logins and X terminal windows is pseudo-device pty
16. With &os; 5.X, you do not have to
worry about this number since the &man.pty.4; driver is
auto-cloning; you simply use the line
device pty in your configuration file.kern.ipc.somaxconnkern.ipc.somaxconnThe kern.ipc.somaxconn sysctl variable
limits the size of the listen queue for accepting new TCP
connections. The default value of 128 is
typically too low for robust handling of new connections in a
heavily loaded web server environment. For such environments, it
is recommended to increase this value to 1024 or
higher. The service daemon may itself limit the listen queue size
(e.g. &man.sendmail.8;, or Apache) but
will often have a directive in its configuration file to adjust
the queue size. Large listen queues also do a better job of
avoiding Denial of Service (DoS) attacks.Network LimitsThe NMBCLUSTERS kernel configuration
option dictates the amount of network Mbufs available to the
system. A heavily-trafficked server with a low number of Mbufs
will hinder &os;'s ability. Each cluster represents
approximately 2 K of memory, so a value of 1024 represents 2
megabytes of kernel memory reserved for network buffers. A
simple calculation can be done to figure out how many are
needed. If you have a web server which maxes out at 1000
simultaneous connections, and each connection eats a 16 K receive
and 16 K send buffer, you need approximately 32 MB worth of
network buffers to cover the web server. A good rule of thumb is
to multiply by 2, so 2x32 MB / 2 KB =
64 MB / 2 kB = 32768. We recommend
values between 4096 and 32768 for machines with greater amounts
of memory. Under no circumstances should you specify an
arbitrarily high value for this parameter as it could lead to a
boot time crash. The option to
&man.netstat.1; may be used to observe network cluster
use.kern.ipc.nmbclusters loader tunable should
be used to tune this at boot time. Only older versions of &os;
will require you to use the NMBCLUSTERS kernel
&man.config.8; option.For busy servers that make extensive use of the
&man.sendfile.2; system call, it may be necessary to increase
the number of &man.sendfile.2; buffers via the
NSFBUFS kernel configuration option or by
setting its value in /boot/loader.conf
(see &man.loader.8; for details). A common indicator that
this parameter needs to be adjusted is when processes are seen
in the sfbufa state. The sysctl
variable kern.ipc.nsfbufs is a read-only
glimpse at the kernel configured variable. This parameter
nominally scales with kern.maxusers,
however it may be necessary to tune accordingly.Even though a socket has been marked as non-blocking,
calling &man.sendfile.2; on the non-blocking socket may
result in the &man.sendfile.2; call blocking until enough
struct sf_buf's are made
available.net.inet.ip.portrange.*net.inet.ip.portrange.*The net.inet.ip.portrange.* sysctl
variables control the port number ranges automatically bound to TCP
and UDP sockets. There are three ranges: a low range, a default
range, and a high range. Most network programs use the default
range which is controlled by the
net.inet.ip.portrange.first and
net.inet.ip.portrange.last, which default to
1024 and 5000, respectively. Bound port ranges are used for
outgoing connections, and it is possible to run the system out of
ports under certain circumstances. This most commonly occurs
when you are running a heavily loaded web proxy. The port range
is not an issue when running servers which handle mainly incoming
connections, such as a normal web server, or has a limited number
of outgoing connections, such as a mail relay. For situations
where you may run yourself out of ports, it is recommended to
increase net.inet.ip.portrange.last modestly.
A value of 10000, 20000 or
30000 may be reasonable. You should also
consider firewall effects when changing the port range. Some
firewalls may block large ranges of ports (usually low-numbered
ports) and expect systems to use higher ranges of ports for
outgoing connections — for this reason it is not recommended that
net.inet.ip.portrange.first be lowered.TCP Bandwidth Delay ProductTCP Bandwidth Delay Product Limitingnet.inet.tcp.inflight.enableThe TCP Bandwidth Delay Product Limiting is similar to
TCP/Vegas in NetBSD. It can be
enabled by setting net.inet.tcp.inflight.enable
sysctl variable to 1. The system will attempt
to calculate the bandwidth delay product for each connection and
limit the amount of data queued to the network to just the amount
required to maintain optimum throughput.This feature is useful if you are serving data over modems,
Gigabit Ethernet, or even high speed WAN links (or any other link
with a high bandwidth delay product), especially if you are also
using window scaling or have configured a large send window. If
you enable this option, you should also be sure to set
net.inet.tcp.inflight.debug to
0 (disable debugging), and for production use
setting net.inet.tcp.inflight.min to at least
6144 may be beneficial. However, note that
setting high minimums may effectively disable bandwidth limiting
depending on the link. The limiting feature reduces the amount of
data built up in intermediate route and switch packet queues as
well as reduces the amount of data built up in the local host's
interface queue. With fewer packets queued up, interactive
connections, especially over slow modems, will also be able to
operate with lower Round Trip Times. However,
note that this feature only effects data transmission (uploading
/ server side). It has no effect on data reception (downloading).
Adjusting net.inet.tcp.inflight.stab is
not recommended. This parameter defaults to
20, representing 2 maximal packets added to the bandwidth delay
product window calculation. The additional window is required to
stabilize the algorithm and improve responsiveness to changing
conditions, but it can also result in higher ping times over slow
links (though still much lower than you would get without the
inflight algorithm). In such cases, you may wish to try reducing
this parameter to 15, 10, or 5; and may also have to reduce
net.inet.tcp.inflight.min (for example, to
3500) to get the desired effect. Reducing these parameters
should be done as a last resort only.
-
- In 4.X and earlier releases of &os; the
- inflight sysctl variables are directly under
- net.inet.tcp. Their names were
- (in alphabetic order):
- net.inet.tcp.inflight_debug,
- net.inet.tcp.inflight_enable,
- net.inet.tcp.inflight_max,
- net.inet.tcp.inflight_min,
- net.inet.tcp.inflight_stab.
- Virtual Memorykern.maxvnodesA vnode is the internal representation of a file or
directory. So increasing the number of vnodes available to
the operating system cuts down on disk I/O. Normally this
is handled by the operating system and does not need to be
changed. In some cases where disk I/O is a bottleneck and
the system is running out of vnodes, this setting will need
to be increased. The amount of inactive and free RAM will
need to be taken into account.To see the current number of vnodes in use:&prompt.root; sysctl vfs.numvnodes
vfs.numvnodes: 91349To see the maximum vnodes:&prompt.root; sysctl kern.maxvnodes
kern.maxvnodes: 100000If the current vnode usage is near the maximum, increasing
kern.maxvnodes by a value of 1,000 is
probably a good idea. Keep an eye on the number of
vfs.numvnodes. If it climbs up to the
maximum again, kern.maxvnodes will need to
be increased further. A shift in your memory usage as
reported by &man.top.1; should be visible. More memory should
be active.Adding Swap SpaceNo matter how well you plan, sometimes a system does not run
as you expect. If you find you need more swap space, it is
simple enough to add. You have three ways to increase swap
space: adding a new hard drive, enabling swap over NFS, and
creating a swap file on an existing partition.
+ For information on how to encrypt swap space, what options
+ for this task exist and why it should be done, please refer to
+ of the Handbook.
+
Swap on a New Hard DriveThe best way to add swap, of course, is to use this as an
excuse to add another hard drive. You can always use another
hard drive, after all. If you can do this, go reread the
discussion of swap space
in
of the Handbook for some suggestions on how to best
arrange your swap.Swapping over NFSSwapping over NFS is only recommended if you do not have a
- local hard disk to swap to. Swapping over NFS is slow and
- inefficient in versions of &os; prior to 4.X. It is
- reasonably fast and efficient in 4.0-RELEASE and newer. Even
- with newer versions of &os;, NFS swapping will be limited
+ local hard disk to swap to; NFS swapping will be limited
by the available network bandwidth and puts an additional
burden on the NFS server.SwapfilesYou can create a file of a specified size to use as a swap
file. In our example here we will use a 64MB file called
/usr/swap0. You can use any name you
want, of course.
- Creating a Swapfile on &os; 4.X
-
-
-
- Be certain that your kernel configuration includes
- the vnode driver. It is not in recent versions of
- GENERIC.
-
- pseudo-device vn 1 #Vnode driver (turns a file into a device)
-
-
-
- Create a vn-device:
- &prompt.root; cd /dev
-&prompt.root; sh MAKEDEV vn0
-
-
-
- Create a swapfile (/usr/swap0):
-
- &prompt.root; dd if=/dev/zero of=/usr/swap0 bs=1024k count=64
-
-
-
- Set proper permissions on (/usr/swap0):
-
- &prompt.root; chmod 0600 /usr/swap0
-
-
-
- Enable the swap file in /etc/rc.conf:
-
- swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.
-
-
-
-
- Reboot the machine or to enable the swap file immediately,
- type:
-
- &prompt.root; vnconfig -e /dev/vn0b /usr/swap0 swap
-
-
-
-
-
- Creating a Swapfile on &os; 5.X
+ Creating a Swapfile on &os;Be certain that your kernel configuration includes
the memory disk driver (&man.md.4;). It is default in
GENERIC kernel.device md # Memory "disks"Create a swapfile (/usr/swap0):&prompt.root; dd if=/dev/zero of=/usr/swap0 bs=1024k count=64Set proper permissions on (/usr/swap0):&prompt.root; chmod 0600 /usr/swap0Enable the swap file in /etc/rc.conf:swapfile="/usr/swap0" # Set to name of swapfile if aux swapfile desired.Reboot the machine or to enable the swap file immediately,
type:
- &prompt.root; mdconfig -a -t vnode -f /usr/swap0 -u 0 && swapon /dev/md0
+ &prompt.root; mdconfig -a -t vnode -f /usr/swap0 -u 0 && swapon /dev/md0HitenPandyaWritten by TomRhodesPower and Resource ManagementIt is very important to utilize hardware resources in an
efficient manner. Before ACPI was introduced,
it was very difficult and inflexible for operating systems to manage
the power usage and thermal properties of a system. The hardware was
controlled by some sort of BIOS embedded
interface, such as Plug and Play BIOS (PNPBIOS), or
Advanced Power Management (APM) and so on.
Power and Resource Management is one of the key components of a modern
operating system. For example, you may want an operating system to
monitor system limits (and possibly alert you) in case your system
temperature increased unexpectedly.In this section of the &os; Handbook, we will provide
comprehensive information about ACPI. References
- will be provided for further reading at the end. Please be aware
- that ACPI is available on &os; 5.X and
- above systems as a default kernel module. For &os; 4.9,
- ACPI can be enabled by adding the line
- device acpica to a kernel configuration and
- rebuilding.
+ will be provided for further reading at the end.
What Is ACPI?ACPIAPMAdvanced Configuration and Power Interface
(ACPI) is a standard written by
an alliance of vendors to provide a standard interface for
hardware resources and power management (hence the name).
It is a key element in Operating System-directed
configuration and Power Management, i.e.: it provides
more control and flexibility to the operating system
(OS).
Modern systems stretched the limits of the
- current Plug and Play interfaces (such as APM, which is used in
- &os; 4.X), prior to the introduction of
+ current Plug and Play interfaces prior to the introduction of
ACPI. ACPI is the direct
successor to APM
(Advanced Power Management).Shortcomings of Advanced Power Management (APM)The Advanced Power Management (APM)
facility controls the power usage of a system based on its
activity. The APM BIOS is supplied by the (system) vendor and
it is specific to the hardware platform. An APM driver in the
OS mediates access to the APM Software Interface,
which allows management of power levels.There are four major problems in APM. Firstly, power
management is done by the (vendor-specific) BIOS, and the OS
does not have any knowledge of it. One example of this, is when
the user sets idle-time values for a hard drive in the APM BIOS,
that when exceeded, it (BIOS) would spin down the hard drive,
without the consent of the OS. Secondly, the APM logic is
embedded in the BIOS, and it operates outside the scope of the
OS. This means users can only fix problems in their APM BIOS by
flashing a new one into the ROM; which is a very dangerous
procedure with the potential to leave the system in an
unrecoverable state if it fails. Thirdly, APM is a vendor-specific
technology, which means that there is a lot of parity
(duplication of efforts) and bugs found in one vendor's BIOS,
may not be solved in others. Last but not the least, the APM
BIOS did not have enough room to implement a sophisticated power
policy, or one that can adapt very well to the purpose of the
machine.Plug and Play BIOS (PNPBIOS) was
unreliable in many situations. PNPBIOS is 16-bit technology,
so the OS has to use 16-bit emulation in order to
interface with PNPBIOS methods.The &os; APM driver is documented in
the &man.apm.4; manual page.Configuring ACPIThe acpi.ko driver is loaded by default
at start up by the &man.loader.8; and should not
be compiled into the kernel. The reasoning behind this is that modules
are easier to work with, say if switching to another acpi.ko
without doing a kernel rebuild. This has the advantage of making testing easier.
Another reason is that starting ACPI after a system has been
brought up is not too useful, and in some cases can be fatal. In doubt, just
disable ACPI all together. This driver should not and can not
be unloaded because the system bus uses it for various hardware interactions.
ACPI can be disabled with the &man.acpiconf.8; utility.
In fact most of the interaction with ACPI can be done via
&man.acpiconf.8;. Basically this means, if anything about ACPI
is in the &man.dmesg.8; output, then most likely it is already running.ACPI and APM cannot coexist and
should be used separately. The last one to load will terminate if the driver
notices the other running.In the simplest form, ACPI can be used to put the
system into a sleep mode with &man.acpiconf.8;, the
flag, and a 1-5 option. Most users will only need
1. Option 5 will do a soft-off
which is the same action as:&prompt.root; halt -pThe other options are available. Check out the &man.acpiconf.8;
manual page for more information.NateLawsonWritten by PeterSchultzWith contributions from TomRhodesUsing and Debugging &os; ACPIACPIproblemsACPI is a fundamentally new way of
discovering devices, managing power usage, and providing
standardized access to various hardware previously managed
by the BIOS. Progress is being made toward
ACPI working on all systems, but bugs in some
motherboards' ACPI Machine
Language (AML) bytecode,
incompleteness in &os;'s kernel subsystems, and bugs in the &intel;
ACPI-CA interpreter continue to appear.This document is intended to help you assist the &os;
ACPI maintainers in identifying the root cause
of problems you observe and debugging and developing a solution.
Thanks for reading this and we hope we can solve your system's
problems.Submitting Debugging InformationBefore submitting a problem, be sure you are running the latest
BIOS version and, if available, embedded
controller firmware version.For those of you that want to submit a problem right away,
please send the following information to
freebsd-acpi@FreeBSD.org:Description of the buggy behavior, including system type
and model and anything that causes the bug to appear. Also,
please note as accurately as possible when the bug began
occurring if it is new for you.The &man.dmesg.8; output after boot
-v, including any error messages
generated by you exercising the bug.The &man.dmesg.8; output from boot
-v with ACPI
disabled, if disabling it helps fix the problem.Output from sysctl hw.acpi. This is also
a good way of figuring out what features your system
offers.URL where your
ACPI Source Language
(ASL)
can be found. Do not send the
ASL directly to the list as it can be
very large. Generate a copy of your ASL
by running this command:&prompt.root; acpidump -t -d > name-system.asl(Substitute your login name for
name and manufacturer/model for
system. Example:
njl-FooCo6000.asl)Most of the developers watch the &a.current;
but please submit problems to &a.acpi.name; to be sure it is
seen. Please be patient, all of us have full-time jobs
elsewhere. If your bug is not immediately apparent, we will
probably ask you to submit a PR via
&man.send-pr.1;. When entering a PR, please
include the same information as requested above. This will help
us track the problem and resolve it. Do not send a
PR without emailing &a.acpi.name; first as we use
PRs as reminders of existing problems, not a
reporting mechanism. It is likely that your problem has been
reported by someone before.BackgroundACPIACPI is present in all modern computers
that conform to the ia32 (x86), ia64 (Itanium), and amd64 (AMD)
architectures. The full standard has many features including
CPU performance management, power planes
control, thermal zones, various battery systems, embedded
controllers, and bus enumeration. Most systems implement less
than the full standard. For instance, a desktop system usually
only implements the bus enumeration parts while a laptop might
have cooling and battery management support as well. Laptops
also have suspend and resume, with their own associated
complexity.An ACPI-compliant system has various
components. The BIOS and chipset vendors
provide various fixed tables (e.g., FADT)
in memory that specify things like the APIC
map (used for SMP), config registers, and
simple configuration values. Additionally, a table of bytecode
(the Differentiated System Description Table
DSDT) is provided that specifies a
tree-like name space of devices and methods.The ACPI driver must parse the fixed
tables, implement an interpreter for the bytecode, and modify
device drivers and the kernel to accept information from the
ACPI subsystem. For &os;, &intel; has
provided an interpreter (ACPI-CA) that is
shared with Linux and NetBSD. The path to the
ACPI-CA source code is
src/sys/contrib/dev/acpica.
The glue code that allows ACPI-CA to work on
&os; is in
src/sys/dev/acpica/Osd. Finally, drivers
that implement various ACPI devices are found
in
src/sys/dev/acpica.Common ProblemsACPIproblemsFor ACPI to work correctly, all the parts
have to work correctly. Here are some common problems, in order
of frequency of appearance, and some possible workarounds or
fixes.Mouse IssuesIn some cases, resuming from a suspend operation will
cause the mouse to fail. A known work around is to add
hint.psm.0.flags="0x3000" to the
/boot/loader.conf file. If this
does not work then please consider sending a bug report
as described above.Suspend/ResumeACPI has three suspend to
RAM (STR) states,
S1-S3, and one suspend
to disk state (STD), called
S4. S5 is
soft off and is the normal state your system
is in when plugged in but not powered up.
S4 can actually be implemented two separate
ways. S4BIOS is a
BIOS-assisted suspend to disk.
S4OS is implemented
entirely by the operating system.Start by checking sysctl hw.acpi
for the suspend-related items. Here
are the results for a Thinkpad:hw.acpi.supported_sleep_state: S3 S4 S5
hw.acpi.s4bios: 0This means that we can use acpiconf -s
to test S3,
S4OS, and
S5. If was one
(1), we would have
S4BIOS
support instead of S4
OS.When testing suspend/resume, start with
S1, if supported. This state is most
likely to work since it does not require much driver support.
No one has implemented S2 but if you have
it, it is similar to S1. The next thing
to try is S3. This is the deepest
STR state and requires a lot of driver
support to properly reinitialize your hardware. If you have
problems resuming, feel free to email the &a.acpi.name; list but
do not expect the problem to be resolved since there are a lot
of drivers/hardware that need more testing and work.To help isolate the problem, remove as many drivers from
your kernel as possible. If it works, you can narrow down
which driver is the problem by loading drivers until it fails
again. Typically binary drivers like
nvidia.ko, X11
display drivers, and USB will have the most
problems while Ethernet interfaces usually work fine. If you
can properly load/unload the drivers, you can automate this by
putting the appropriate commands in
/etc/rc.suspend and
/etc/rc.resume. There is a
commented-out example for unloading and loading a driver. Try
setting to zero (0) if
your display is messed up after resume. Try setting longer or
shorter values for to see
if that helps.Another thing to try is load a recent Linux distribution
with ACPI support and test their
suspend/resume support on the same hardware. If it works
on Linux, it is likely a &os; driver problem and narrowing down
which driver causes the problems will help us fix the problem.
Note that the ACPI maintainers do not
usually maintain other drivers (e.g sound,
ATA, etc.) so any work done on tracking
down a driver problem should probably eventually be posted
to the &a.current.name; list and mailed to the driver
maintainer. If you are feeling adventurous, go ahead and
start putting some debugging &man.printf.3;s in a problematic
driver to track down where in its resume function it
hangs.Finally, try disabling ACPI and
enabling APM instead. If suspend/resume
works with APM, you may be better off
sticking with APM, especially on older
hardware (pre-2000). It took vendors a while to get
ACPI support correct and older hardware is
more likely to have BIOS problems with
ACPI.System Hangs (temporary or permanent)Most system hangs are a result of lost interrupts or an
interrupt storm. Chipsets have a lot of problems based on how
the BIOS configures interrupts before boot,
correctness of the APIC
(MADT) table, and routing of the
System Control Interrupt
(SCI).interrupt stormsInterrupt storms can be distinguished from lost interrupts
by checking the output of vmstat -i
and looking at the line that has
acpi0. If the counter is increasing at more
than a couple per second, you have an interrupt storm. If the
system appears hung, try breaking to DDB
(CTRLALTESC on
console) and type show interrupts.APICdisablingYour best hope when dealing with interrupt problems is to
try disabling APIC support with
hint.apic.0.disabled="1" in
loader.conf.PanicsPanics are relatively rare for ACPI and
are the top priority to be fixed. The first step is to
isolate the steps to reproduce the panic (if possible)
and get a backtrace. Follow the advice for enabling
options DDB and setting up a serial console
(see )
or setting up a &man.dump.8; partition. You can get a
backtrace in DDB with
tr. If you have to handwrite the
backtrace, be sure to at least get the lowest five (5) and top
five (5) lines in the trace.Then, try to isolate the problem by booting with
ACPI disabled. If that works, you can
isolate the ACPI subsystem by using various
values of . See the
&man.acpi.4; manual page for some examples.System Powers Up After Suspend or ShutdownFirst, try setting
hw.acpi.disable_on_poweroff="0"
in &man.loader.conf.5;. This keeps ACPI
from disabling various events during the shutdown process.
Some systems need this value set to 1 (the
default) for the same reason. This usually fixes
the problem of a system powering up spontaneously after a
suspend or poweroff.Other ProblemsIf you have other problems with ACPI
(working with a docking station, devices not detected, etc.),
please email a description to the mailing list as well;
however, some of these issues may be related to unfinished
parts of the ACPI subsystem so they might
take a while to be implemented. Please be patient and
prepared to test patches we may send you.ASL, acpidump, and
IASLACPIASLThe most common problem is the BIOS
vendors providing incorrect (or outright buggy!) bytecode. This
is usually manifested by kernel console messages like
this:ACPI-1287: *** Error: Method execution failed [\\_SB_.PCI0.LPC0.FIGD._STA] \\
(Node 0xc3f6d160), AE_NOT_FOUNDOften, you can resolve these problems by updating your
BIOS to the latest revision. Most console
messages are harmless but if you have other problems like
battery status not working, they are a good place to start
looking for problems in the AML. The
bytecode, known as AML, is compiled from a
source language called ASL. The
AML is found in the table known as the
DSDT. To get a copy of your
ASL, use &man.acpidump.8;. You should use
both the (show contents of the fixed tables)
and (disassemble AML to
ASL) options. See the
Submitting Debugging
Information section for an example syntax.The simplest first check you can do is to recompile your
ASL to check for errors. Warnings can
usually be ignored but errors are bugs that will usually prevent
ACPI from working correctly. To recompile
your ASL, issue the following command:&prompt.root; iasl your.aslFixing Your ASLACPIASLIn the long run, our goal is for almost everyone to have
ACPI work without any user intervention. At
this point, however, we are still developing workarounds for
common mistakes made by the BIOS vendors.
The µsoft; interpreter (acpi.sys and
acpiec.sys) does not strictly check for
adherence to the standard, and thus many BIOS
vendors who only test ACPI under &windows;
never fix their ASL. We hope to continue to
identify and document exactly what non-standard behavior is
allowed by µsoft;'s interpreter and replicate it so &os; can
work without forcing users to fix the ASL.
As a workaround and to help us identify behavior, you can fix
the ASL manually. If this works for you,
please send a &man.diff.1; of the old and new
ASL so we can possibly work around the buggy
behavior in ACPI-CA and thus make your fix
unnecessary.ACPIerror messagesHere is a list of common error messages, their cause, and
how to fix them:_OS dependenciesSome AML assumes the world consists of
various &windows; versions. You can tell &os; to claim it is
any OS to see if this fixes problems you
may have. An easy way to override this is to set
hw.acpi.osname="Windows 2001"
in /boot/loader.conf or other similar
strings you find in the ASL.Missing Return statementsSome methods do not explicitly return a value as the
standard requires. While ACPI-CA
does not handle this, &os; has a workaround that allows it to
return the value implicitly. You can also add explicit
Return statements where required if you know what value should
be returned. To force iasl to compile the
ASL, use the
flag.Overriding the Default AMLAfter you customize your.asl, you
will want to compile it, run:&prompt.root; iasl your.aslYou can add the flag to force creation
of the AML, even if there are errors during
compilation. Remember that some errors (e.g., missing Return
statements) are automatically worked around by the
interpreter.DSDT.aml is the default output
filename for iasl. You can load this
instead of your BIOS's buggy copy (which
is still present in flash memory) by editing
/boot/loader.conf as
follows:acpi_dsdt_load="YES"
acpi_dsdt_name="/boot/DSDT.aml"Be sure to copy your DSDT.aml to the
/boot directory.Getting Debugging Output From
ACPIACPIproblemsACPIdebuggingThe ACPI driver has a very flexible
debugging facility. It allows you to specify a set of subsystems
as well as the level of verbosity. The subsystems you wish to
debug are specified as layers and are broken down
into ACPI-CA components (ACPI_ALL_COMPONENTS)
and ACPI hardware support (ACPI_ALL_DRIVERS).
The verbosity of debugging output is specified as the
level and ranges from ACPI_LV_ERROR (just report
errors) to ACPI_LV_VERBOSE (everything). The
level is a bitmask so multiple options can be set
at once, separated by spaces. In practice, you will want to use
a serial console to log the output if it is so long
it flushes the console message buffer. A full list of the
individual layers and levels is found in the &man.acpi.4; manual
page.Debugging output is not enabled by default. To enable it,
add options ACPI_DEBUG to your kernel configuration file
if ACPI is compiled into the kernel. You can
add ACPI_DEBUG=1 to your
/etc/make.conf to enable it globally. If
it is a module, you can recompile just your
acpi.ko module as follows:&prompt.root; cd /sys/modules/acpi/acpi
&& make clean &&
make ACPI_DEBUG=1Install acpi.ko in
/boot/kernel and add your
desired level and layer to loader.conf.
This example enables debug messages for all
ACPI-CA components and all
ACPI hardware drivers
(CPU, LID, etc.) It will
only output error messages, the least verbose level.debug.acpi.layer="ACPI_ALL_COMPONENTS ACPI_ALL_DRIVERS"
debug.acpi.level="ACPI_LV_ERROR"If the information you want is triggered by a specific event
(say, a suspend and then resume), you can leave out changes to
loader.conf and instead use
sysctl to specify the layer and level after
booting and preparing your system for the specific event. The
sysctls are named the same as the tunables
in loader.conf.ReferencesMore information about ACPI may be found
in the following locations:The &a.acpi;The ACPI Mailing List Archives
The old ACPI Mailing List Archives
The ACPI 2.0 Specification
&os; Manual pages: &man.acpi.4;,
&man.acpi.thermal.4;, &man.acpidump.8;, &man.iasl.8;,
&man.acpidb.8;
DSDT debugging resource.
(Uses Compaq as an example but generally useful.)
diff --git a/zh_TW.Big5/books/handbook/disks/chapter.sgml b/zh_TW.Big5/books/handbook/disks/chapter.sgml
index c6ec473169..0fff7c1603 100644
--- a/zh_TW.Big5/books/handbook/disks/chapter.sgml
+++ b/zh_TW.Big5/books/handbook/disks/chapter.sgml
@@ -1,4114 +1,4019 @@
儲存設備篇概述本章涵蓋如何在 FreeBSD 下使用碟片裝置
譯註:雖然有些設備沒有『碟片』,例如 USB 隨身碟,
不過在此仍把 Disk 譯為『碟片裝置』。此外,為方便起見,
後文所有的 Disk 都譯為『硬碟』。
包含 memory-backed disk (用記憶體作為硬碟使用)、跨網路使用的硬碟、
標準 SCSI/IDE 硬碟、USB 介面的設備等。閱讀本章後,您裝學會:FreeBSD 如何描述資料在硬碟上的劃分情形
(partition 和 slices)。如何在系統上加入硬碟如何設定 &os; 來使用 USB 裝置。如何設定虛擬檔案系統 (virtual file systems),
例如 memory disks (用記憶體作為硬碟使用)。如何用 quota 來限制硬碟空間的使用。如何對硬碟加密以應付攻擊。如何在 FreeBSD 下建立、燒錄 CD 和 DVD。各種不同的備份設備。如何使用 FreeBSD 提供的備份工具。如何備份到軟碟。什麼是 snapshots ,且如何有效率地使用之。在閱讀之前,您應該:知道如何配置、安裝新的 FreeBSD 核心。
().裝置名稱下面是 FreeBSD 支援的儲存媒體列表,及它們對應的裝置名稱。
DavidO'BrienOriginally contributed by 新增硬碟diskadding假設我們想新增 SCSI 硬碟到一臺原先只有一顆硬碟的機器上,
首先將電腦關機,依製造商的指示將硬碟裝上去,
詳細的操作方式請參考製造商的說明文件。安裝好硬碟後,用 root 登入系統,
看一下 /var/run/dmesg.boot 以確認系統是否抓到新硬碟。
繼續剛才的範例,新增的硬碟會是 da1,
假設我們想將它掛載到 /1 這個位置
- (如果您新增的是 IDE 硬碟的話,4.0 之前的系統是
- wd1,4.X 及之後的系統則是
+ (如果您新增的是 IDE 硬碟的話,請用
ad1)。partitionsslicesfdiskFreeBSD 為了在 IBM-PC 相容電腦上執行,
必須配合 PC BIOS partition,因此和傳統的 BSD partition 有很大的不同。
在 PC 裡硬碟最多可以有四筆 BIOS partition 資訊(亦即最多可分割成四個
partition)。如果這個硬碟打算全部讓 FreeBSD 使用,可選擇
dedicated 模式,
不然的話 FreeBSD 必須置身於其中一個 PC BIOS partition 中。
在 FreeBSD 裡,PC BIOS partition 稱為 slice,
這是為了不要和傳統的 BSD partition 搞混了
譯註:基於相同的理由,
現在 BSD partition 常稱為 BSD label,或簡稱 label。
不論是完全由 FreeBSD 使用的硬碟,還是安裝了其它作業系統的硬碟,
您都可以使用 slice。這樣的好處是,其它非 FreeBSD 作業系統的
fdisk 工具可以順利操作。如果使用 slice,這個新增的硬碟會是
/dev/da1s1e。可以這樣來解讀它:SCSI 硬碟、
unit number 1(第二個 SCSI 硬碟)、slice 1(第一個 PC BIOS partition)、
及 e BSD partition。在 dedicated 模式的話,
新硬碟則是 /dev/da1e。
- 因為 &man.bsdlabel.8;(在 &os; 4.X 稱為 &man.disklabel.8;)
+ 因為 &man.bsdlabel.8;
用 32-bit 整數來儲存 sector(磁區) 數,
因此限制一個硬碟最大只能有 2^32-1 個 sector,亦即 2TB 的空間。
而 &man.fdisk.8; 的格式容許起始 sector 編號不超過 2^32-1,
長度也不超過 2^32-1,因此 partition 最大空間是 2TB,而硬碟最大是 4TB。
&man.sunlabel.8; 則限制 partition 最大是 2TB,硬碟最多可有 8 個 partition,
因此最大是 16TB。如果要使用更大的硬碟,請使用 &man.gpt.8;。使用 &man.sysinstall.8;sysinstall新增硬碟su操作 Sysinstall透過 sysinstall
- (/stand/sysinstall in &os; versions older
- than 5.2) 的選單介面,您可以輕易為硬碟分割 BIOS partition(slice)
+ 的選單介面,您可以輕易為硬碟分割 BIOS partition(slice)
和 BSD patition。您必須以 root 身份使用 sysinstall,
要嘛用 root 登入,要嘛用 su 切換到 root。
執行 sysinstall 後,選 Configure
,在 FreeBSD Configuration Menu 裡移到
Fdisk 選項,
fdisk Partition 編輯器在 fdisk 裡,按下
A 表示整個硬碟都給 FreeBSD 使用。
接著會提示您『是否要相容其它的作業系統』,回答 YES。
按 W 會將這些改變立即寫入硬碟,
再按 q 可以離開 FDISK 編輯器。
接下來會問您要將 Master Boot Record 安裝於何處,
由於現在是新增硬碟,表示作業系統已經裝在別的硬碟上了,所以可以
None 就行了。Disk Label Editor(硬碟 Label 編輯器)BSD partitions接著請關閉 sysinstall,
再重開一次。照著上一節的指示,不過這次改選 Label
進入 Disk Label Editor,在此您可以編輯傳統的
BSD partition。一個硬碟(或著一個 slice) 最多可切分成 8 個 BSD partition,
依序用 a-h 來表示。
有些字母有特別的意義,a partition 表示這是
root partition(根分割區,/),
因此只有安裝系統的硬碟(例如用來開機的硬碟) 有
a partition。b partition
表示這是 swap partitions(交換分割區),每個硬碟上都可以有交換分割區。
c partition
用來表示整個硬碟(如果使用 dedicated mode 的話)
或整個 slice。其它的字母則用來表示普通的 BSD partition。sysinstall 的
Label editor(硬碟 Label 編輯器) 偏好用 e
來表示非 root、也非 swap 的分割區
譯註:老實說我看不懂這句指的是什麼?原文是
sysinstall Label editor
favors the e partition for non-root,
non-swap partitions. 在 Label editor 裡,
按 C 可以新增一個檔案系統(BSD label),
它會問您這是一個 FS(file system,檔案系統) 或是 swap(交換分割區),
選擇 FS 接著輸入要掛載的位置
(例如 /mnt)。如果系統安裝完後才新增硬碟,
sysinstall 不會幫您把這筆掛載資料加入
/etc/fstab,所以掛載的位置不太重要。當您準備好將新的 label 寫入硬碟、建立檔案系統,
按 W 即可。如果出現在什麼錯誤,
sysinstall 可能無法幫您掛載這個新分割區。
結束 Label Editor、結束 sysinstall 就行了。
完成最後要做的是編輯 /etc/fstab,
加入您新增的分割區資訊。使用命令列工具使用 Slices(BIOS partitions)這種模式能讓您的硬碟分割區與其它作業系統的
fdisk 工具和平共處,因此我們建議您使用 slice 模式。
如果您一定要使用 dedicated 模式,
您得有個好理由!
譯註:如果您自始至終都不打算將這個硬碟用於 FreeBSD
之外的作業系統,那可以算是個好理由。不過就算如此,
用 slice 模式也沒什麼壞處就是了:-)。&prompt.root; dd if=/dev/zero of=/dev/da1 bs=1k count=1
&prompt.root; fdisk -BI da1 # 初始您的硬碟。
-&prompt.root; disklabel -B -w -r da1s1 auto # 建立 disklabel。
-&prompt.root; disklabel -e da1s1 # 編輯 disklabel 以新增 label。
+&prompt.root; bsdlabel -B -w -r da1s1 auto # 建立 bsdlabel。
+&prompt.root; bsdlabel -e da1s1 # 編輯 bsdlabel 以新增 label。
&prompt.root; mkdir -p /1
&prompt.root; newfs /dev/da1s1e # 如果您新增了多個 label,對每個 label 重覆這個步驟。
&prompt.root; mount /dev/da1s1e /1 # 掛載這些新 label。
&prompt.root; vi /etc/fstab # 在 /etc/fstab 加入適當的資訊。如果您新增的是 IDE 硬碟,將 da
改成 da 即可
- 譯註:da 是 direct access,ad 則是 ata disk。。
- 而如果是 4.X 之前的系統,用 wd。
+ 譯註:da 是 direct access。。DedicatedOS/2如果您不打算將新硬碟用於其它的作業系統,
您可以使用 dedicated 模式。注意:
Microsoft 的作業系統認不得這個模式,不過也不會去破壞它;
然而 IBM 的 &os2; 就沒那麼好心了,它會去調整所有它不認得的分割區
譯註:我對這句的意思沒什麼信心,原文是 IBM's &os2; however,
will appropriate any partition it finds which it does
not understand.。&prompt.root; dd if=/dev/zero of=/dev/da1 bs=1k count=1
-&prompt.root; disklabel -Brw da1 auto
-&prompt.root; disklabel -e da1 # 建立 `e' partition。
+&prompt.root; bsdlabel -Brw da1 auto
+&prompt.root; bsdlabel -e da1 # 建立 `e' partition。
&prompt.root; newfs -d0 /dev/da1e
&prompt.root; mkdir -p /1
&prompt.root; vi /etc/fstab # 新增一筆 /dev/da1e 的資訊。
&prompt.root; mount /1另一種方法:&prompt.root; dd if=/dev/zero of=/dev/da1 count=2
-&prompt.root; disklabel /dev/da1 | disklabel -BrR da1 /dev/stdin
+&prompt.root; bsdlabel /dev/da1 | bsdlabel -BrR da1 /dev/stdin
&prompt.root; newfs /dev/da1e
&prompt.root; mkdir -p /1
&prompt.root; vi /etc/fstab # 新增一筆 /dev/da1e 的資訊。
&prompt.root; mount /1
- 從 &os; 5.1-RELEASE 開始,&man.bsdlabel.8; 取代原本的
- &man.disklabel.8; 程式,某些指令參數已經廢棄不用。
- 上面範例裡,如果用的是 &man.bsdlabel.8;,
- 參數應該拿掉。更多的資訊請參考 &man.bsdlabel.8; manual page。
- RAID軟體 RAIDChristopherShumwayOriginal work by JimBrownRevised by RAIDsoftwareRAIDCCD連接式磁碟裝置驅動程式(CCD, Concatenated Disk Driver) 設定對大容量儲存設備而言,最關鍵的要素乃是速度、可靠性及價格。
然而這三者往往難以兼顧:快速可靠的設備通常很貴;
而降低成本通常也犧牲了速度或可靠性。接下來要介紹的系統,價格是最重要的考量,接下來是速度,最後才是可靠性。
順序如此是因為資料傳輸的速度最終取決於網路,而儘管可靠性十分重要,
卻有簡單的取代方案:將資料完整備份於 CD-R 中。選擇大容量儲存設備方案時,首先要定義您的需求。如果您重視速度或可靠性
甚於價格,接下來的介紹恐非您所需。安裝硬體除了系統磁碟外,下面介紹的 CCD 磁碟陣列將使用到三顆 30GB、
5400 RPM 的 Western Digital IDE 磁碟,以提供約 90GB 的儲存空間。
最理想的情況是每個磁碟由獨立使用的排線連接獨立使用的 IDE 控制器,
不過為了降低成本,利用 jumper 設定磁碟,使每個 IDE 控制器可連接
一個主磁碟加一個副磁碟,如此可不必加裝額外的 IDE 控制器。開機後,BIOS 應該設定成自重偵測磁碟。更重要的是 FreeBSD 應該
要偵測到它們:ad0: 19574MB <WDC WD205BA> [39770/16/63] at ata0-master UDMA33
ad1: 29333MB <WDC WD307AA> [59598/16/63] at ata0-slave UDMA33
ad2: 29333MB <WDC WD307AA> [59598/16/63] at ata1-master UDMA33
ad3: 29333MB <WDC WD307AA> [59598/16/63] at ata1-slave UDMA33如果 FreeBSD 沒有偵測到所有磁碟,請確認 jumper 都設定正確。
許多 IDE 磁碟可以設定成 Cable Select(根據排線位置決定),
這並非 master(主磁碟) 或 slave(副磁碟)。請參閱磁
碟的說明文件以正確設定 jumper。接下來,考慮如何將它們變成檔案系統的一部份。您可以參考
&man.vinum.8;() 及 &man.ccd.4。
在此我們選擇 &man.ccd.4; 。Setting Up the CCDThe &man.ccd.4; driver allows you to take
several identical disks and concatenate them into one
logical file system. In order to use
&man.ccd.4;, you need a kernel with
&man.ccd.4; support built in.
Add this line to your kernel configuration file, rebuild, and
reinstall the kernel:
- pseudo-device ccd 4
-
- On 5.X systems, you have to use instead the following
- line:
-
device ccd
- In FreeBSD 5.X, it is not necessary to specify
- a number of &man.ccd.4; devices, as the &man.ccd.4; device driver is now
- self-cloning — new device instances will automatically be
- created on demand.
-
The &man.ccd.4; support can also be
- loaded as a kernel loadable module in FreeBSD 3.0 or
- later.
+ loaded as a kernel loadable module.
To set up &man.ccd.4;, you must first use
- &man.disklabel.8; to label the disks:
+ &man.bsdlabel.8; to label the disks:
- disklabel -r -w ad1 auto
-disklabel -r -w ad2 auto
-disklabel -r -w ad3 auto
+ bsdlabel -r -w ad1 auto
+bsdlabel -r -w ad2 auto
+bsdlabel -r -w ad3 auto
- This creates a disklabel for ad1c, ad2c and ad3c that
+ This creates a bsdlabel for ad1c, ad2c and ad3c that
spans the entire disk.
- Since &os; 5.1-RELEASE, the &man.bsdlabel.8;
- utility replaces the old &man.disklabel.8; program. With
- &man.bsdlabel.8; a number of obsolete options and parameters
- have been retired; in the examples above the option
- should be removed. For more
- information, please refer to the &man.bsdlabel.8;
- manual page.
-
The next step is to change the disk label type. You
- can use &man.disklabel.8; to edit the
+ can use &man.bsdlabel.8; to edit the
disks:
- disklabel -e ad1
-disklabel -e ad2
-disklabel -e ad3
+ bsdlabel -e ad1
+bsdlabel -e ad2
+bsdlabel -e ad3This opens up the current disk label on each disk with
the editor specified by the EDITOR
environment variable, typically &man.vi.1;.An unmodified disk label will look something like
this:8 partitions:
# size offset fstype [fsize bsize bps/cpg]
c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)Add a new e partition for &man.ccd.4; to use. This
can usually be copied from the c partition,
but the must
be 4.2BSD. The disk label should
now look something like this:8 partitions:
# size offset fstype [fsize bsize bps/cpg]
c: 60074784 0 unused 0 0 0 # (Cyl. 0 - 59597)
e: 60074784 0 4.2BSD 0 0 0 # (Cyl. 0 - 59597)Building the File System
- The device node for
- ccd0c may not exist yet, so to
- create it, perform the following commands:
-
- cd /dev
-sh MAKEDEV ccd0
-
- In FreeBSD 5.0, &man.devfs.5; will automatically
- manage device nodes in /dev, so use of
- MAKEDEV is not necessary.
-
Now that you have all the disks labeled, you must
build the &man.ccd.4;. To do that,
use &man.ccdconfig.8;, with options similar to the following:ccdconfig ccd0 32 0 /dev/ad1e /dev/ad2e /dev/ad3eThe use and meaning of each option is shown below:The first argument is the device to configure, in this case,
/dev/ccd0c. The /dev/
portion is optional.The interleave for the file system. The interleave
defines the size of a stripe in disk blocks, each normally 512 bytes.
So, an interleave of 32 would be 16,384 bytes.Flags for &man.ccdconfig.8;. If you want to enable drive
mirroring, you can specify a flag here. This
configuration does not provide mirroring for
&man.ccd.4;, so it is set at 0 (zero).The final arguments to &man.ccdconfig.8;
are the devices to place into the array. Use the complete pathname
for each device.After running &man.ccdconfig.8; the &man.ccd.4;
is configured. A file system can be installed. Refer to &man.newfs.8;
for options, or simply run: newfs /dev/ccd0cMaking it All AutomaticGenerally, you will want to mount the
&man.ccd.4; upon each reboot. To do this, you must
configure it first. Write out your current configuration to
/etc/ccd.conf using the following command:ccdconfig -g > /etc/ccd.confDuring reboot, the script /etc/rc
runs ccdconfig -C if /etc/ccd.conf
exists. This automatically configures the
&man.ccd.4; so it can be mounted.If you are booting into single user mode, before you can
&man.mount.8; the &man.ccd.4;, you
need to issue the following command to configure the
array:ccdconfig -CTo automatically mount the &man.ccd.4;,
place an entry for the &man.ccd.4; in
/etc/fstab so it will be mounted at
boot time:/dev/ccd0c /media ufs rw 2 2The Vinum Volume ManagerRAIDsoftwareRAIDVinumThe Vinum Volume Manager is a block device driver which
implements virtual disk drives. It isolates disk hardware
from the block device interface and maps data in ways which
result in an increase in flexibility, performance and
reliability compared to the traditional slice view of disk
storage. &man.vinum.8; implements the RAID-0, RAID-1 and
RAID-5 models, both individually and in combination.See for more
information about &man.vinum.8;.Hardware RAIDRAIDhardwareFreeBSD also supports a variety of hardware RAID
controllers. These devices control a RAID subsystem
without the need for FreeBSD specific software to manage the
array.Using an on-card BIOS, the card controls most of the disk operations
itself. The following is a brief setup description using a Promise IDE RAID
controller. When this card is installed and the system is started up, it
displays a prompt requesting information. Follow the instructions
to enter the card's setup screen. From here, you have the ability to
combine all the attached drives. After doing so, the disk(s) will look like
a single drive to FreeBSD. Other RAID levels can be set up
accordingly.
Rebuilding ATA RAID1 ArraysFreeBSD allows you to hot-replace a failed disk in an array. This requires
that you catch it before you reboot.You will probably see something like the following in /var/log/messages or in the &man.dmesg.8;
output:ad6 on monster1 suffered a hard error.
ad6: READ command timeout tag=0 serv=0 - resetting
ad6: trying fallback to PIO mode
ata3: resetting devices .. done
ad6: hard error reading fsbn 1116119 of 0-7 (ad6 bn 1116119; cn 1107 tn 4 sn 11)\\
status=59 error=40
ar0: WARNING - mirror lostUsing &man.atacontrol.8;, check for further information:&prompt.root; atacontrol list
ATA channel 0:
Master: no device present
Slave: acd0 <HL-DT-ST CD-ROM GCR-8520B/1.00> ATA/ATAPI rev 0
ATA channel 1:
Master: no device present
Slave: no device present
ATA channel 2:
Master: ad4 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5
Slave: no device present
ATA channel 3:
Master: ad6 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5
Slave: no device present
&prompt.root; atacontrol status ar0
ar0: ATA RAID1 subdisks: ad4 ad6 status: DEGRADEDYou will first need to detach the ata channel with the failed
disk so you can safely remove it:&prompt.root; atacontrol detach ata3Replace the disk.Reattach the ata channel:&prompt.root; atacontrol attach ata3
Master: ad6 <MAXTOR 6L080J4/A93.0500> ATA/ATAPI rev 5
Slave: no device presentAdd the new disk to the array as a spare:&prompt.root; atacontrol addspare ar0 ad6Rebuild the array:&prompt.root; atacontrol rebuild ar0It is possible to check on the progress by issuing the
following command:&prompt.root; dmesg | tail -10
[output removed]
ad6: removed from configuration
ad6: deleted from ar0 disk1
ad6: inserted into ar0 disk1 as spare
&prompt.root; atacontrol status ar0
ar0: ATA RAID1 subdisks: ad4 ad6 status: REBUILDING 0% completedWait until this operation completes.MarcFonvieilleContributed by USB Storage DevicesUSBdisksA lot of external storage solutions, nowadays, use the
Universal Serial Bus (USB): hard drives, USB thumbdrives, CD-R
burners, etc. &os; provides support for these devices.ConfigurationThe USB mass storage devices driver, &man.umass.4;,
provides the support for USB storage devices. If you use the
GENERIC kernel, you do not have to change
anything in your configuration. If you use a custom kernel,
be sure that the following lines are present in your kernel
configuration file:device scbus
device da
device pass
device uhci
device ohci
device usb
device umassThe &man.umass.4; driver uses the SCSI subsystem to access
to the USB storage devices, your USB device will be seen as a
SCSI device by the system. Depending on the USB chipset on
your motherboard, you only need either device
uhci or device ohci, however
having both in the kernel configuration file is harmless. Do
not forget to compile and install the new kernel if you added
any lines.If your USB device is a CD-R or DVD burner, the SCSI CD-ROM
driver, &man.cd.4;, must be added to the kernel via the
line:device cdSince the burner is seen as a SCSI drive, the driver
&man.atapicam.4; should not be used in the kernel
configuration.Support for USB 2.0 controllers is provided on
- &os; 5.X, and on the 4.X branch since &os; 4.10-RELEASE.
- You have to add:
+ &os;; however, you must add:
device ehcito your configuration file for USB 2.0 support. Note
&man.uhci.4; and &man.ohci.4; drivers are still needed if you
want USB 1.X support.
-
-
- On &os; 4.X, the USB daemon (&man.usbd.8;) must be
- running to be able to see some USB devices. To enable it,
- add usbd_enable="YES" to your
- /etc/rc.conf file and reboot the
- machine.
- Testing the ConfigurationThe configuration is ready to be tested: plug in your USB
device, and in the system message buffer (&man.dmesg.8;), the
drive should appear as something like:umass0: USB Solid state disk, rev 1.10/1.00, addr 2
GEOM: create disk da0 dp=0xc2d74850
da0 at umass-sim0 bus 0 target 0 lun 0
da0: <Generic Traveling Disk 1.11> Removable Direct Access SCSI-2 device
da0: 1.000MB/s transfers
da0: 126MB (258048 512 byte sectors: 64H 32S/T 126C)Of course, the brand, the device node
(da0) and other details can differ
according to your configuration.Since the USB device is seen as a SCSI one, the
camcontrol command can be used to list the
USB storage devices attached to the system:&prompt.root; camcontrol devlist
<Generic Traveling Disk 1.11> at scbus0 target 0 lun 0 (da0,pass0)If the drive comes with a file system, you should be able
to mount it. The will help you
to format and create partitions on the USB drive if
needed.If you unplug the device (the disk must be unmounted
before), you should see, in the system message buffer,
something like the following:umass0: at uhub0 port 1 (addr 2) disconnected
(da0:umass-sim0:0:0:0): lost device
(da0:umass-sim0:0:0:0): removing device entry
GEOM: destroy disk da0 dp=0xc2d74850
umass0: detachedFurther ReadingBeside the Adding
Disks and Mounting and
Unmounting File Systems sections, reading various
manual pages may be also useful: &man.umass.4;,
&man.camcontrol.8;, and &man.usbdevs.8;.MikeMeyerContributed by Creating and Using Optical Media (CDs)CDROMscreatingIntroductionCDs have a number of features that differentiate them from
conventional disks. Initially, they were not writable by the
user. They are designed so that they can be read continuously without
delays to move the head between tracks. They are also much easier
to transport between systems than similarly sized media were at the
time.CDs do have tracks, but this refers to a section of data to
be read continuously and not a physical property of the disk. To
produce a CD on FreeBSD, you prepare the data files that are going
to make up the tracks on the CD, then write the tracks to the
CD.ISO 9660file systemsISO 9660The ISO 9660 file system was designed to deal with these
differences. It unfortunately codifies file system limits that were
common then. Fortunately, it provides an extension mechanism that
allows properly written CDs to exceed those limits while still
working with systems that do not support those extensions.sysutils/cdrtoolsThe sysutils/cdrtools
port includes &man.mkisofs.8;, a program that you can use to
produce a data file containing an ISO 9660 file
system. It has options that support various extensions, and is
described below.CD burnerATAPIWhich tool to use to burn the CD depends on whether your CD burner
is ATAPI or something else. ATAPI CD burners use the burncd program that is part of
the base system. SCSI and USB CD burners should use
cdrecord from
the sysutils/cdrtools port.burncd has a limited number of
supported drives. To find out if a drive is supported, see the
CD-R/RW supported
drives list.CD burnerATAPI/CAM driverIf you run &os; 5.X, &os; 4.8-RELEASE version or
higher, it will be possible to use cdrecord and other tools
for SCSI drives on an ATAPI hardware with the ATAPI/CAM module.If you want a CD burning software with a graphical user
interface, you should have a look to
X-CD-Roast or
K3b. These tools are available as
packages or from the sysutils/xcdroast and sysutils/k3b ports.
X-CD-Roast and
K3b require the ATAPI/CAM module with ATAPI
hardware.mkisofsThe &man.mkisofs.8; program, which is part of the
sysutils/cdrtools port,
produces an ISO 9660 file system
that is an image of a directory tree in the &unix; file system name
space. The simplest usage is:&prompt.root; mkisofs -o imagefile.iso/path/to/treefile systemsISO 9660This command will create an imagefile.iso
containing an ISO 9660 file system that is a copy of the tree at
/path/to/tree. In the process, it will
map the file names to names that fit the limitations of the
standard ISO 9660 file system, and will exclude files that have
names uncharacteristic of ISO file systems.file systemsHFSfile systemsJolietA number of options are available to overcome those
restrictions. In particular, enables the
Rock Ridge extensions common to &unix; systems,
enables Joliet extensions used by Microsoft systems, and
can be used to create HFS file systems used
by &macos;.For CDs that are going to be used only on FreeBSD systems,
can be used to disable all filename
restrictions. When used with , it produces a
file system image that is identical to the FreeBSD tree you started
from, though it may violate the ISO 9660 standard in a number of
ways.CDROMscreating bootableThe last option of general use is . This is
used to specify the location of the boot image for use in producing an
El Torito bootable CD. This option takes an
argument which is the path to a boot image from the top of the
tree being written to the CD. By default, &man.mkisofs.8; creates an
ISO image in the so-called floppy disk emulation mode,
and thus expects the boot image to be exactly 1200, 1440 or
2880 KB in size. Some boot loaders, like the one used by the
FreeBSD distribution disks, do not use emulation mode; in this case,
the option should be used. So, if
/tmp/myboot holds a bootable FreeBSD system
with the boot image in
/tmp/myboot/boot/cdboot, you could produce the
image of an ISO 9660 file system in
/tmp/bootable.iso like so:&prompt.root; mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot
- Having done that, if you have vn
- (FreeBSD 4.X), or md
- (FreeBSD 5.X)
+ Having done that, if you have md
configured in your kernel, you can mount the file system with:
- &prompt.root; vnconfig -e vn0c /tmp/bootable.iso
-&prompt.root; mount -t cd9660 /dev/vn0c /mnt
-
- for FreeBSD 4.X, and for FreeBSD 5.X:
-
&prompt.root; mdconfig -a -t vnode -f /tmp/bootable.iso -u 0
&prompt.root; mount -t cd9660 /dev/md0 /mntAt which point you can verify that /mnt
and /tmp/myboot are identical.There are many other options you can use with
&man.mkisofs.8; to fine-tune its behavior. In particular:
modifications to an ISO 9660 layout and the creation of Joliet
and HFS discs. See the &man.mkisofs.8; manual page for details.burncdCDROMsburningIf you have an ATAPI CD burner, you can use the
burncd command to burn an ISO image onto a
CD. burncd is part of the base system, installed
as /usr/sbin/burncd. Usage is very simple, as
it has few options:&prompt.root; burncd -f cddevice data imagefile.iso fixateWill burn a copy of imagefile.iso on
cddevice. The default device is
- /dev/acd0 (or /dev/acd0c under &os; 4.X). See &man.burncd.8; for options to
+ /dev/acd0. See &man.burncd.8; for options to
set the write speed, eject the CD after burning, and write audio
data.cdrecordIf you do not have an ATAPI CD burner, you will have to use
cdrecord to burn your
CDs. cdrecord is not part of the base system;
you must install it from either the port at sysutils/cdrtools
or the appropriate
package. Changes to the base system can cause binary versions of
this program to fail, possibly resulting in a
coaster. You should therefore either upgrade the
port when you upgrade your system, or if you are tracking -STABLE, upgrade the port when a
new version becomes available.While cdrecord has many options, basic usage
is even simpler than burncd. Burning an ISO 9660
image is done with:&prompt.root; cdrecord dev=deviceimagefile.isoThe tricky part of using cdrecord is finding
the to use. To find the proper setting, use
the flag of cdrecord,
which might produce results like this:CDROMsburning&prompt.root; cdrecord -scanbus
-Cdrecord 1.9 (i386-unknown-freebsd4.2) Copyright (C) 1995-2000 Jörg Schilling
+Cdrecord-Clone 2.01 (i386-unknown-freebsd7.0) Copyright (C) 1995-2004 Jörg Schilling
Using libscg version 'schily-0.1'
scsibus0:
0,0,0 0) 'SEAGATE ' 'ST39236LW ' '0004' Disk
0,1,0 1) 'SEAGATE ' 'ST39173W ' '5958' Disk
0,2,0 2) *
0,3,0 3) 'iomega ' 'jaz 1GB ' 'J.86' Removable Disk
0,4,0 4) 'NEC ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
scsibus1:
1,0,0 100) *
1,1,0 101) *
1,2,0 102) *
1,3,0 103) *
1,4,0 104) *
1,5,0 105) 'YAMAHA ' 'CRW4260 ' '1.0q' Removable CD-ROM
1,6,0 106) 'ARTEC ' 'AM12S ' '1.06' Scanner
1,7,0 107) *This lists the appropriate value for the
devices on the list. Locate your CD burner, and use the three
numbers separated by commas as the value for
. In this case, the CRW device is 1,5,0, so the
appropriate input would be
. There are easier
ways to specify this value; see &man.cdrecord.1; for
details. That is also the place to look for information on writing
audio tracks, controlling the speed, and other things.Duplicating Audio CDsYou can duplicate an audio CD by extracting the audio data from
the CD to a series of files, and then writing these files to a blank
CD. The process is slightly different for ATAPI and SCSI
drives.SCSI DrivesUse cdda2wav to extract the audio.&prompt.user; cdda2wav -v255 -D2,0 -B -OwavUse cdrecord to write the
.wav files.&prompt.user; cdrecord -v dev=2,0 -dao -useinfo *.wavMake sure that 2,0 is set
appropriately, as described in .ATAPI DrivesThe ATAPI CD driver makes each track available as
/dev/acddtnn,
where d is the drive number, and
nn is the track number written with two
decimal digits, prefixed with zero as needed.
So the first track on the first disk is
/dev/acd0t01, the second is
/dev/acd0t02, the third is
/dev/acd0t03, and so on.Make sure the appropriate files exist in
/dev. If the entries are missing,
force the system to retaste the media:&prompt.root; dd if=/dev/acd0 of=/dev/null count=1
- In &os; 4.X, the entries are not prefixed with
- zero. If the necessary entries in /dev
- are missing, use MAKEDEV to create
- them:
-
- &prompt.root; cd /dev
-&prompt.root; sh MAKEDEV acd0t99
-
-
Extract each track using &man.dd.1;. You must also use a
specific block size when extracting the files.&prompt.root; dd if=/dev/acd0t01 of=track1.cdr bs=2352
&prompt.root; dd if=/dev/acd0t02 of=track2.cdr bs=2352
...
Burn the extracted files to disk using
burncd. You must specify that these are audio
files, and that burncd should fixate the disk
when finished.&prompt.root; burncd -f /dev/acd0 audio track1.cdr track2.cdr ... fixateDuplicating Data CDsYou can copy a data CD to a image file that is
functionally equivalent to the image file created with
&man.mkisofs.8;, and you can use it to duplicate
any data CD. The example given here assumes that your CDROM
device is acd0. Substitute your
- correct CDROM device. Under &os; 4.X, a c must be appended
- to the end of the device name to indicate the entire partition
- or, in the case of CDROMs, the entire disc.
+ correct CDROM device.
&prompt.root; dd if=/dev/acd0 of=file.iso bs=2048Now that you have an image, you can burn it to CD as
described above.Using Data CDsNow that you have created a standard data CDROM, you
probably want to mount it and read the data on it. By
default, &man.mount.8; assumes that a file system is of type
ufs. If you try something like:&prompt.root; mount /dev/cd0 /mntyou will get a complaint about Incorrect super
block, and no mount. The CDROM is not a
UFS file system, so attempts to mount it
as such will fail. You just need to tell &man.mount.8; that
the file system is of type ISO9660, and
everything will work. You do this by specifying the
option &man.mount.8;. For
example, if you want to mount the CDROM device,
/dev/cd0, under
/mnt, you would execute:&prompt.root; mount -t cd9660 /dev/cd0 /mntNote that your device name
(/dev/cd0 in this example) could be
different, depending on the interface your CDROM uses. Also,
the option just executes
&man.mount.cd9660.8;. The above example could be shortened
to:&prompt.root; mount_cd9660 /dev/cd0 /mntYou can generally use data CDROMs from any vendor in this
way. Disks with certain ISO 9660 extensions might behave
oddly, however. For example, Joliet disks store all filenames
in two-byte Unicode characters. The FreeBSD kernel does not
speak Unicode (yet!), so non-English characters show up as
- question marks. (If you are running FreeBSD 4.3 or later, the
+ question marks. (The FreeBSD
CD9660 driver includes hooks to load an appropriate Unicode
conversion table on the fly. Modules for some of the common
encodings are available via the
sysutils/cd9660_unicode port.)Occasionally, you might get Device not
configured when trying to mount a CDROM. This
usually means that the CDROM drive thinks that there is no
disk in the tray, or that the drive is not visible on the bus.
It can take a couple of seconds for a CDROM drive to realize
that it has been fed, so be patient.Sometimes, a SCSI CDROM may be missed because it did not
have enough time to answer the bus reset. If you have a SCSI
CDROM please add the following option to your kernel
configuration and rebuild your kernel.options SCSI_DELAY=15000This tells your SCSI bus to pause 15 seconds during boot,
to give your CDROM drive every possible chance to answer the
bus reset.Burning Raw Data CDsYou can choose to burn a file directly to CD, without
creating an ISO 9660 file system. Some people do this for
backup purposes. This runs more quickly than burning a
standard CD:&prompt.root; burncd -f /dev/acd1 -s 12 data archive.tar.gz fixateIn order to retrieve the data burned to such a CD, you
must read data from the raw device node:&prompt.root; tar xzvf /dev/acd1You cannot mount this disk as you would a normal CDROM.
Such a CDROM cannot be read under any operating system
except FreeBSD. If you want to be able to mount the CD, or
share data with another operating system, you must use
&man.mkisofs.8; as described above.MarcFonvieilleContributed by CD burnerATAPI/CAM driverUsing the ATAPI/CAM DriverThis driver allows ATAPI devices (CD-ROM, CD-RW, DVD
drives etc...) to be accessed through the SCSI subsystem, and
so allows the use of applications like sysutils/cdrdao or
&man.cdrecord.1;.To use this driver, you will need to add the following
line to your kernel configuration file:device atapicamYou also need the following lines in your kernel
configuration file:device ata
device scbus
device cd
device passwhich should already be present.Then rebuild, install your new kernel, and reboot your
machine. During the boot process, your burner should show up,
like so:acd0: CD-RW <MATSHITA CD-RW/DVD-ROM UJDA740> at ata1-master PIO4
cd0 at ata1 bus 0 target 0 lun 0
cd0: <MATSHITA CDRW/DVD UJDA740 1.00> Removable CD-ROM SCSI-0 device
cd0: 16.000MB/s transfers
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closedThe drive could now be accessed via the
/dev/cd0 device name, for example to
mount a CD-ROM on /mnt, just type the
following:&prompt.root; mount -t cd9660 /dev/cd0 /mntAs root, you can run the following
command to get the SCSI address of the burner:&prompt.root; camcontrol devlist
<MATSHITA CDRW/DVD UJDA740 1.00> at scbus1 target 0 lun 0 (pass0,cd0)So 1,0,0 will be the SCSI address to
use with &man.cdrecord.1; and other SCSI application.For more information about ATAPI/CAM and SCSI system,
refer to the &man.atapicam.4; and &man.cam.4; manual
pages.MarcFonvieilleContributed by AndyPolyakovWith inputs from Creating and Using Optical Media (DVDs)DVDburningIntroductionCompared to the CD, the DVD is the next generation of
optical media storage technology. The DVD can hold more data
than any CD and is nowadays the standard for video
publishing.Five physical recordable formats can be defined for what
we will call a recordable DVD:DVD-R: This was the first DVD recordable format
available. The DVD-R standard is defined by the DVD Forum.
This format is write once.DVD-RW: This is the rewriteable version of
the DVD-R standard. A DVD-RW can be rewritten about 1000
times.DVD-RAM: This is also a rewriteable format
supported by the DVD Forum. A DVD-RAM can be seen as a
removable hard drive. However, this media is not
compatible with most DVD-ROM drives and DVD-Video players;
only a few DVD writers support the DVD-RAM format.DVD+RW: This is a rewriteable format defined by
the DVD+RW
Alliance. A DVD+RW can be rewritten about 1000
times.DVD+R: This format is the write once variation
of the DVD+RW format.A single layer recordable DVD can hold up to
4,700,000,000 bytes which is actually 4.38 GB or
4485 MB (1 kilobyte is 1024 bytes).A distinction must be made between the physical media and
the application. For example, a DVD-Video is a specific
file layout that can be written on any recordable DVD
physical media: DVD-R, DVD+R, DVD-RW etc. Before choosing
the type of media, you must be sure that both the burner and the
DVD-Video player (a standalone player or a DVD-ROM drive on
a computer) are compatible with the media under consideration.ConfigurationThe program &man.growisofs.1; will be used to perform DVD
recording. This command is part of the
dvd+rw-tools utilities (sysutils/dvd+rw-tools). The
dvd+rw-tools support all DVD media
types.These tools use the SCSI subsystem to access to the
devices, therefore the ATAPI/CAM
support must be added to your kernel. If your burner
uses the USB interface this addition is useless, and you should
read the for more details on USB
devices configuration.You also have to enable DMA access for ATAPI devices, this
can be done in adding the following line to the
/boot/loader.conf file:hw.ata.atapi_dma="1"Before attempting to use the
dvd+rw-tools you should consult the
dvd+rw-tools'
hardware compatibility notes for any information
related to your DVD burner.If you want a graphical user interface, you should have
a look to K3b (sysutils/k3b) which provides a
user friendly interface to &man.growisofs.1; and many others
burning tools.Burning Data DVDsThe &man.growisofs.1; command is a frontend to mkisofs, it will invoke
&man.mkisofs.8; to create the file system layout and will
perform the write on the DVD. This means you do not need to
create an image of the data before the burning process.To burn onto a DVD+R or a DVD-R the data from the /path/to/data directory, use the
following command:&prompt.root; growisofs -dvd-compat -Z /dev/cd0 -J -R /path/to/dataThe options are passed to
&man.mkisofs.8; for the file system creation (in this case: an
ISO 9660 file system with Joliet and Rock Ridge extensions),
consult the &man.mkisofs.8; manual page for more
details.The option is used for the initial
session recording in any case: multiple sessions or not. The
DVD device, /dev/cd0, must be
changed according to your configuration. The
parameter will close the disk,
the recording will be unappendable. In return this should provide better
media compatibility with DVD-ROM drives.It is also possible to burn a pre-mastered image, for
example to burn the image
imagefile.iso, we will run:&prompt.root; growisofs -dvd-compat -Z /dev/cd0=imagefile.isoThe write speed should be detected and automatically set
according to the media and the drive being used. If you want
to force the write speed, use the
parameter. For more information, read the &man.growisofs.1;
manual page.DVDDVD-VideoBurning a DVD-VideoA DVD-Video is a specific file layout based on ISO 9660
and the micro-UDF (M-UDF) specifications. The DVD-Video also
presents a specific data structure hierarchy, it is the reason
why you need a particular program such as multimedia/dvdauthor to author the
DVD.If you already have an image of the DVD-Video file system,
just burn it in the same way as for any image, see the
previous section for an example. If you have made the DVD
authoring and the result is in, for example, the directory
/path/to/video, the
following command should be used to burn the DVD-Video:&prompt.root; growisofs -Z /dev/cd0 -dvd-video /path/to/videoThe option will be passed down to
&man.mkisofs.8; and will instruct it to create a DVD-Video file system
layout. Beside this, the option
implies &man.growisofs.1;
option.DVDDVD+RWUsing a DVD+RWUnlike CD-RW, a virgin DVD+RW needs to be formatted before
first use. The &man.growisofs.1; program will take care of it
automatically whenever appropriate, which is the
recommended way. However you can use the
dvd+rw-format command to format the
DVD+RW:&prompt.root; dvd+rw-format /dev/cd0You need to perform this operation just once, keep in mind
that only virgin DVD+RW medias need to be formatted. Then you
can burn the DVD+RW in the way seen in previous
sections.If you want to burn new data (burn a totally new file
system not append some data) onto a DVD+RW, you do not need to
blank it, you just have to write over the previous recording
(in performing a new initial session), like this:&prompt.root; growisofs -Z /dev/cd0 -J -R /path/to/newdataDVD+RW format offers the possibility to easily append data
to a previous recording. The operation consists in merging a
new session to the existing one, it is not multisession
writing, &man.growisofs.1; will grow the
ISO 9660 file system present on the media.For example, if we want to append data to our previous
DVD+RW, we have to use the following:&prompt.root; growisofs -M /dev/cd0 -J -R /path/to/nextdataThe same &man.mkisofs.8; options we used to burn the
initial session should be used during next writes.You may want to use the
option if you want better media compatibility with DVD-ROM
drives. In the DVD+RW case, this will not prevent you from
adding data.If for any reason you really want to blank the media, do
the following:&prompt.root; growisofs -Z /dev/cd0=/dev/zeroDVDDVD-RWUsing a DVD-RWA DVD-RW accepts two disc formats: the incremental
sequential one and the restricted overwrite. By default
DVD-RW discs are in sequential format.A virgin DVD-RW can be directly written without the need
of a formatting operation, however a non-virgin DVD-RW in
sequential format needs to be blanked before to be able to
write a new initial session.To blank a DVD-RW in sequential mode, run:&prompt.root; dvd+rw-format -blank=full /dev/cd0A full blanking () will take
about one hour on a 1x media. A fast blanking can be
performed using the option if the
DVD-RW will be recorded in Disk-At-Once (DAO) mode. To burn
the DVD-RW in DAO mode, use the command:&prompt.root; growisofs -use-the-force-luke=dao -Z /dev/cd0=imagefile.isoThe option
should not be required since &man.growisofs.1; attempts to
detect minimally (fast blanked) media and engage DAO
write.In fact one should use restricted overwrite mode with
any DVD-RW, this format is more flexible than the default
incremental sequential one.To write data on a sequential DVD-RW, use the same
instructions as for the other DVD formats:&prompt.root; growisofs -Z /dev/cd0 -J -R /path/to/dataIf you want to append some data to your previous
recording, you will have to use the &man.growisofs.1;
option. However, if you perform data
addition on a DVD-RW in incremental sequential mode, a new
session will be created on the disc and the result will be a
multi-session disc.A DVD-RW in restricted overwrite format does not need to
be blanked before a new initial session, you just have to
overwrite the disc with the option, this
is similar to the DVD+RW case. It is also possible to grow an
existing ISO 9660 file system written on the disc in a same
way as for a DVD+RW with the option. The
result will be a one-session DVD.To put a DVD-RW in the restricted overwrite format, the
following command must be used:&prompt.root; dvd+rw-format /dev/cd0To change back to the sequential format use:&prompt.root; dvd+rw-format -blank=full /dev/cd0MultisessionVery few DVD-ROM drives support
multisession DVDs, they will most of time, hopefully, only read
the first session. DVD+R, DVD-R and DVD-RW in sequential
format can accept multiple sessions, the notion of multiple
sessions does not exist for the DVD+RW and the DVD-RW
restricted overwrite formats.Using the following command after an initial (non-closed)
session on a DVD+R, DVD-R, or DVD-RW in sequential format,
will add a new session to the disc:&prompt.root; growisofs -M /dev/cd0 -J -R /path/to/nextdataUsing this command line with a DVD+RW or a DVD-RW in restricted
overwrite mode, will append data in merging the new session to
the existing one. The result will be a single-session disc.
This is the way used to add data after an initial write on these
medias.Some space on the media is used between each session for
end and start of sessions. Therefore, one should add
sessions with large amount of data to optimize media space.
The number of sessions is limited to 154 for a DVD+R,
about 2000 for a DVD-R, and 127 for a DVD+R Double
Layer.For More InformationTo obtain more information about a DVD, the
dvd+rw-mediainfo
/dev/cd0 command can be
ran with the disc in the drive.More information about the
dvd+rw-tools can be found in
the &man.growisofs.1; manual page, on the dvd+rw-tools
web site and in the cdwrite mailing
list archives.The dvd+rw-mediainfo output of the
resulting recording or the media with issues is mandatory
for any problem report. Without this output, it will be
quite impossible to help you.JulioMerinoOriginal work by MartinKarlssonRewritten by Creating and Using Floppy DisksStoring data on floppy disks is sometimes useful, for
example when one does not have any other removable storage media
or when one needs to transfer small amounts of data to another
computer.This section will explain how to use floppy disks in
FreeBSD. It will primarily cover formatting and usage of
3.5inch DOS floppies, but the concepts are similar for other
floppy disk formats.Formatting FloppiesThe DeviceFloppy disks are accessed through entries in
/dev, just like other devices. To
- access the raw floppy disk in 4.X and earlier releases, one
- uses
- /dev/fdN,
- where N stands for the drive
- number, usually 0, or
- /dev/fdNX,
- where X stands for a
- letter.
-
- In 5.0 or newer releases, simply use
+ access the raw floppy disk, simply use
/dev/fdN.
-
- The Disk Size in 4.X and Earlier Releases
-
- There are also /dev/fdN.size
- devices, where size is a floppy disk
- size in kilobytes. These entries are used at low-level format
- time to determine the disk size. 1440kB is the size that will be
- used in the following examples.
-
- Sometimes the entries under /dev will
- have to be (re)created. To do that, issue:
-
- &prompt.root; cd /dev && ./MAKEDEV "fd*"
-
-
-
- The Disk Size in 5.0 and Newer Releases
-
- In 5.0, &man.devfs.5; will automatically
- manage device nodes in /dev, so use of
- MAKEDEV is not necessary.
-
- The desired disk size is passed to &man.fdformat.1; through
- the flag. Supported sizes are listed in
- &man.fdcontrol.8;, but be advised that 1440kB is what works best.
- FormattingA floppy disk needs to be low-level formated before it
can be used. This is usually done by the vendor, but
formatting is a good way to check media integrity. Although
it is possible to force larger (or smaller) disk sizes,
1440kB is what most floppy disks are designed for.To low-level format the floppy disk you need to use
&man.fdformat.1;. This utility expects the device name as an
argument.Make note of any error messages, as these can help
determine if the disk is good or bad.
- Formatting in 4.X and Earlier Releases
-
- Use the
- /dev/fdN.size
- devices to format the floppy. Insert a new 3.5inch floppy
- disk in your drive and issue:
-
- &prompt.root; /usr/sbin/fdformat /dev/fd0.1440
-
-
-
-
- Formatting in 5.0 and Newer Releases
+ Formatting Floppy DisksUse the
/dev/fdN
devices to format the floppy. Insert a new 3.5inch floppy
disk in your drive and issue:&prompt.root; /usr/sbin/fdformat -f 1440 /dev/fd0
-
-
The Disk LabelAfter low-level formatting the disk, you will need to
place a disk label on it. This disk label will be destroyed
later, but it is needed by the system to determine the size of
the disk and its geometry later.The new disk label will take over the whole disk, and will
contain all the proper information about the geometry of the
floppy. The geometry values for the disk label are listed in
/etc/disktab.
- You can run now &man.disklabel.8; like so:
+ You can run now &man.bsdlabel.8; like so:
- &prompt.root; /sbin/disklabel -B -r -w /dev/fd0 fd1440
+ &prompt.root; /sbin/bsdlabel -B -r -w /dev/fd0 fd1440Since &os; 5.1-RELEASE, the &man.bsdlabel.8;
- utility replaces the old &man.disklabel.8; program. With
+ utility replaces the old &man.bsdlabel.8; program. With
&man.bsdlabel.8; a number of obsolete options and parameters
have been retired; in the example above the option
should be removed. For more
information, please refer to the &man.bsdlabel.8;
manual page.The File SystemNow the floppy is ready to be high-level formated. This
will place a new file system on it, which will let FreeBSD read
and write to the disk. After creating the new file system, the
disk label is destroyed, so if you want to reformat the disk, you
will have to recreate the disk label.The floppy's file system can be either UFS or FAT.
FAT is generally a better choice for floppies.To put a new file system on the floppy, issue:&prompt.root; /sbin/newfs_msdos /dev/fd0The disk is now ready for use.Using the Floppy
- To use the floppy, mount it with &man.mount.msdos.8; (in
- 4.X and earlier releases) or &man.mount.msdosfs.8; (in 5.0 or
- newer releases). One can also use
+ To use the floppy, mount it with &man.mount.msdos.8;. One can also use
emulators/mtools from the ports
collection.Creating and Using Data Tapestape mediaThe major tape media are the 4mm, 8mm, QIC, mini-cartridge and
DLT.4mm (DDS: Digital Data Storage)tape mediaDDS (4mm) tapestape mediaQIC tapes4mm tapes are replacing QIC as the workstation backup media of
choice. This trend accelerated greatly when Conner purchased Archive,
a leading manufacturer of QIC drives, and then stopped production of
QIC drives. 4mm drives are small and quiet but do not have the
reputation for reliability that is enjoyed by 8mm drives. The
cartridges are less expensive and smaller (3 x 2 x 0.5 inches, 76 x 51
x 12 mm) than 8mm cartridges. 4mm, like 8mm, has comparatively short
head life for the same reason, both use helical scan.Data throughput on these drives starts ~150 kB/s, peaking at ~500 kB/s.
Data capacity starts at 1.3 GB and ends at 2.0 GB. Hardware
compression, available with most of these drives, approximately
doubles the capacity. Multi-drive tape library units can have 6
drives in a single cabinet with automatic tape changing. Library
capacities reach 240 GB.The DDS-3 standard now supports tape capacities up to 12 GB (or
24 GB compressed).4mm drives, like 8mm drives, use helical-scan. All the benefits
and drawbacks of helical-scan apply to both 4mm and 8mm drives.Tapes should be retired from use after 2,000 passes or 100 full
backups.8mm (Exabyte)tape mediaExabyte (8mm) tapes8mm tapes are the most common SCSI tape drives; they are the best
choice of exchanging tapes. Nearly every site has an Exabyte 2 GB 8mm
tape drive. 8mm drives are reliable, convenient and quiet. Cartridges
are inexpensive and small (4.8 x 3.3 x 0.6 inches; 122 x 84 x 15 mm).
One downside of 8mm tape is relatively short head and tape life due to
the high rate of relative motion of the tape across the heads.Data throughput ranges from ~250 kB/s to ~500 kB/s. Data sizes start
at 300 MB and go up to 7 GB. Hardware compression, available with
most of these drives, approximately doubles the capacity. These
drives are available as single units or multi-drive tape libraries
with 6 drives and 120 tapes in a single cabinet. Tapes are changed
automatically by the unit. Library capacities reach 840+ GB.The Exabyte Mammoth model supports 12 GB on one tape
(24 GB with compression) and costs approximately twice as much as
conventional tape drives.Data is recorded onto the tape using helical-scan, the heads are
positioned at an angle to the media (approximately 6 degrees). The
tape wraps around 270 degrees of the spool that holds the heads. The
spool spins while the tape slides over the spool. The result is a
high density of data and closely packed tracks that angle across the
tape from one edge to the other.QICtape mediaQIC-150QIC-150 tapes and drives are, perhaps, the most common tape drive
and media around. QIC tape drives are the least expensive serious
backup drives. The downside is the cost of media. QIC tapes are
expensive compared to 8mm or 4mm tapes, up to 5 times the price per GB
data storage. But, if your needs can be satisfied with a half-dozen
tapes, QIC may be the correct choice. QIC is the
most common tape drive. Every site has a QIC
drive of some density or another. Therein lies the rub, QIC has a
large number of densities on physically similar (sometimes identical)
tapes. QIC drives are not quiet. These drives audibly seek before
they begin to record data and are clearly audible whenever reading,
writing or seeking. QIC tapes measure (6 x 4 x 0.7 inches; 152 x
102 x 17 mm).Data throughput ranges from ~150 kB/s to ~500 kB/s. Data capacity
ranges from 40 MB to 15 GB. Hardware compression is available on many
of the newer QIC drives. QIC drives are less frequently installed;
they are being supplanted by DAT drives.Data is recorded onto the tape in tracks. The tracks run along
the long axis of the tape media from one end to the other. The number
of tracks, and therefore the width of a track, varies with the tape's
capacity. Most if not all newer drives provide backward-compatibility
at least for reading (but often also for writing). QIC has a good
reputation regarding the safety of the data (the mechanics are simpler
and more robust than for helical scan drives).Tapes should be retired from use after 5,000 backups.DLTtape mediaDLTDLT has the fastest data transfer rate of all the drive types
listed here. The 1/2" (12.5mm) tape is contained in a single spool
cartridge (4 x 4 x 1 inches; 100 x 100 x 25 mm). The cartridge has a
swinging gate along one entire side of the cartridge. The drive
mechanism opens this gate to extract the tape leader. The tape leader
has an oval hole in it which the drive uses to hook the tape. The
take-up spool is located inside the tape drive. All the other tape
cartridges listed here (9 track tapes are the only exception) have
both the supply and take-up spools located inside the tape cartridge
itself.Data throughput is approximately 1.5 MB/s, three times the throughput of
4mm, 8mm, or QIC tape drives. Data capacities range from 10 GB to 20 GB
for a single drive. Drives are available in both multi-tape changers
and multi-tape, multi-drive tape libraries containing from 5 to 900
tapes over 1 to 20 drives, providing from 50 GB to 9 TB of
storage.With compression, DLT Type IV format supports up to 70 GB
capacity.Data is recorded onto the tape in tracks parallel to the direction
of travel (just like QIC tapes). Two tracks are written at once.
Read/write head lifetimes are relatively long; once the tape stops
moving, there is no relative motion between the heads and the
tape.AITtape mediaAITAIT is a new format from Sony, and can hold up to 50 GB (with
compression) per tape. The tapes contain memory chips which retain an
index of the tape's contents. This index can be rapidly read by the
tape drive to determine the position of files on the tape, instead of
the several minutes that would be required for other tapes. Software
such as SAMS:Alexandria can operate forty or more AIT tape libraries,
communicating directly with the tape's memory chip to display the
contents on screen, determine what files were backed up to which
tape, locate the correct tape, load it, and restore the data from the
tape.Libraries like this cost in the region of $20,000, pricing them a
little out of the hobbyist market.Using a New Tape for the First TimeThe first time that you try to read or write a new, completely
blank tape, the operation will fail. The console messages should be
similar to:sa0(ncr1:4:0): NOT READY asc:4,1
sa0(ncr1:4:0): Logical unit is in process of becoming readyThe tape does not contain an Identifier Block (block number 0).
All QIC tape drives since the adoption of QIC-525 standard write an
Identifier Block to the tape. There are two solutions:mt fsf 1 causes the tape drive to write an
Identifier Block to the tape.Use the front panel button to eject the tape.Re-insert the tape and dump data to
the tape.dump will report DUMP: End of tape
detected and the console will show: HARDWARE
FAILURE info:280 asc:80,96.rewind the tape using: mt rewind.Subsequent tape operations are successful.Backups to FloppiesCan I Use Floppies for Backing Up My Data?backup floppiesfloppy disksFloppy disks are not really a suitable media for
making backups as:The media is unreliable, especially over long periods of
time.Backing up and restoring is very slow.They have a very limited capacity (the days of backing up
an entire hard disk onto a dozen or so floppies has long since
passed).However, if you have no other method of backing up your data then
floppy disks are better than no backup at all.If you do have to use floppy disks then ensure that you use good
quality ones. Floppies that have been lying around the office for a
couple of years are a bad choice. Ideally use new ones from a
reputable manufacturer.So How Do I Backup My Data to Floppies?The best way to backup to floppy disk is to use
&man.tar.1; with the (multi
volume) option, which allows backups to span multiple
floppies.To backup all the files in the current directory and sub-directory
use this (as root):&prompt.root; tar Mcvf /dev/fd0 *When the first floppy is full &man.tar.1; will prompt you to
insert the next volume (because &man.tar.1; is media independent it
refers to volumes; in this context it means floppy disk).Prepare volume #2 for /dev/fd0 and hit return:This is repeated (with the volume number incrementing) until all
the specified files have been archived.Can I Compress My Backups?targzipcompressionUnfortunately, &man.tar.1; will not allow the
option to be used for multi-volume archives.
You could, of course, &man.gzip.1; all the files,
&man.tar.1; them to the floppies, then
&man.gunzip.1; the files again!How Do I Restore My Backups?To restore the entire archive use:&prompt.root; tar Mxvf /dev/fd0There are two ways that you can use to restore only
specific files. First, you can start with the first floppy
and use:&prompt.root; tar Mxvf /dev/fd0 filenameThe utility &man.tar.1; will prompt you to insert subsequent floppies until it
finds the required file.Alternatively, if you know which floppy the file is on then you
can simply insert that floppy and use the same command as above. Note
that if the first file on the floppy is a continuation from the
previous one then &man.tar.1; will warn you that it cannot
restore it, even if you have not asked it to!LowellGilbertOriginal work by Backup StrategiesThe first requirement in devising a backup plan is to make sure that
all of the following problems are covered:Disk failureAccidental file deletionRandom file corruptionComplete machine destruction (e.g. fire), including destruction
of any on-site backups.It is perfectly possible that some systems will be best served by
having each of these problems covered by a completely different
technique. Except for strictly personal systems with very low-value
data, it is unlikely that one technique would cover all of them.Some of the techniques in the toolbox are:Archives of the whole system, backed up onto permanent media
offsite. This actually provides protection against all of the
possible problems listed above, but is slow and inconvenient to
restore from. You can keep copies of the backups onsite and/or
online, but there will still be inconveniences in restoring files,
especially for non-privileged users.Filesystem snapshots. This is really only helpful in the
accidental file deletion scenario, but it can be
very helpful in that case, and is quick and
easy to deal with.Copies of whole filesystems and/or disks (e.g. periodic rsync of
the whole machine). This is generally most useful in networks with
unique requirements. For general protection against disk failure,
it is usually inferior to RAID. For restoring
accidentally deleted files, it can be comparable to
UFS snapshots, but that depends on your
preferences.RAID. Minimizes or avoids downtime when a
disk fails. At the expense of having to deal with disk failures
more often (because you have more disks), albeit at a much lower
urgency.Checking fingerprints of files. The &man.mtree.8; utility is
very useful for this. Although it is not a backup technique, it
helps guarantee that you will notice when you need to resort to your
backups. This is particularly important for offline backups, and
should be checked periodically.It is quite easy to come up with even more techniques, many of them
variations on the ones listed above. Specialized requirements will
usually lead to specialized techniques (for example, backing up a live
database usually requires a method particular to the database software
as an intermediate step). The important thing is to know what dangers
you want to protect against, and how you will handle each.Backup BasicsThe three major backup programs are
&man.dump.8;,
&man.tar.1;,
and
&man.cpio.1;.Dump and Restorebackup softwaredump / restoredumprestoreThe traditional &unix; backup programs are
dump and restore. They
operate on the drive as a collection of disk blocks, below the
abstractions of files, links and directories that are created by
the file systems. dump backs up an entire
file system on a device. It is unable to backup only part of a
file system or a directory tree that spans more than one
file system. dump does not write files and
directories to tape, but rather writes the raw data blocks that
comprise files and directories.If you use dump on your root directory, you
would not back up /home,
/usr or many other directories since
these are typically mount points for other file systems or
symbolic links into those file systems.dump has quirks that remain from its early days in
Version 6 of AT&T UNIX (circa 1975). The default
parameters are suitable for 9-track tapes (6250 bpi), not the
high-density media available today (up to 62,182 ftpi). These
defaults must be overridden on the command line to utilize the
capacity of current tape drives..rhostsIt is also possible to backup data across the network to a
tape drive attached to another computer with rdump and
rrestore. Both programs rely upon &man.rcmd.3; and
&man.ruserok.3; to access the remote tape drive. Therefore,
the user performing the backup must be listed in the
.rhosts file on the remote computer. The
arguments to rdump and rrestore must be suitable
to use on the remote computer. When
rdumping from a FreeBSD computer to an
Exabyte tape drive connected to a Sun called
komodo, use:&prompt.root; /sbin/rdump 0dsbfu 54000 13000 126 komodo:/dev/nsa8 /dev/da0a 2>&1Beware: there are security implications to
allowing .rhosts authentication. Evaluate your
situation carefully.It is also possible to use dump and
restore in a more secure fashion over
ssh.Using dump over ssh&prompt.root; /sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gzOr using dump's built-in method,
setting the environment variable RSH:Using dump over ssh with RSH set&prompt.root; RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usrtarbackup softwaretar&man.tar.1; also dates back to Version 6 of AT&T UNIX
(circa 1975). tar operates in cooperation
with the file system; it writes files and
directories to tape. tar does not support the
full range of options that are available from &man.cpio.1;, but
it does not require the unusual command
pipeline that cpio uses.tarOn FreeBSD 5.3 and later, both GNU tar
and the default bsdtar are available. The
GNU version can be invoked with gtar. It
supports remote devices using the same syntax as
rdump. To tar to an
Exabyte tape drive connected to a Sun called
komodo, use:&prompt.root; /usr/bin/gtar cf komodo:/dev/nsa8 . 2>&1The same could be accomplished with
bsdtar by using a pipeline and
rsh to send the data to a remote tape
drive.&prompt.root; tar cf - . | rsh hostname dd of=tape-device obs=20bIf you are worried about the security of backing up over a
network you should use the ssh command
instead of rsh.cpiobackup softwarecpio&man.cpio.1; is the original &unix; file interchange tape
program for magnetic media. cpio has options
(among many others) to perform byte-swapping, write a number of
different archive formats, and pipe the data to other programs.
This last feature makes cpio an excellent
choice for installation media. cpio does not
know how to walk the directory tree and a list of files must be
provided through stdin.cpiocpio does not support backups across
the network. You can use a pipeline and rsh
to send the data to a remote tape drive.&prompt.root; for f in directory_list; dofind $f >> backup.listdone
&prompt.root; cpio -v -o --format=newc < backup.list | ssh user@host "cat > backup_device"Where directory_list is the list of
directories you want to back up,
user@host is the
user/hostname combination that will be performing the backups, and
backup_device is where the backups should
be written to (e.g., /dev/nsa0).paxbackup softwarepaxpaxPOSIXIEEE&man.pax.1; is IEEE/&posix;'s answer to
tar and cpio. Over the
years the various versions of tar and
cpio have gotten slightly incompatible. So
rather than fight it out to fully standardize them, &posix;
created a new archive utility. pax attempts
to read and write many of the various cpio
and tar formats, plus new formats of its own.
Its command set more resembles cpio than
tar.Amandabackup softwareAmandaAmandaAmanda (Advanced Maryland
Network Disk Archiver) is a client/server backup system,
rather than a single program. An Amanda server will backup to
a single tape drive any number of computers that have Amanda
clients and a network connection to the Amanda server. A
common problem at sites with a number of large disks is
that the length of time required to backup to data directly to tape
exceeds the amount of time available for the task. Amanda
solves this problem. Amanda can use a holding disk to
backup several file systems at the same time. Amanda creates
archive sets: a group of tapes used over a period of time to
create full backups of all the file systems listed in Amanda's
configuration file. The archive set also contains nightly
incremental (or differential) backups of all the file systems.
Restoring a damaged file system requires the most recent full
backup and the incremental backups.The configuration file provides fine control of backups and the
network traffic that Amanda generates. Amanda will use any of the
above backup programs to write the data to tape. Amanda is available
as either a port or a package, it is not installed by default.Do NothingDo nothing is not a computer program, but it is the
most widely used backup strategy. There are no initial costs. There
is no backup schedule to follow. Just say no. If something happens
to your data, grin and bear it!If your time and your data is worth little to nothing, then
Do nothing is the most suitable backup program for your
computer. But beware, &unix; is a useful tool, you may find that within
six months you have a collection of files that are valuable to
you.Do nothing is the correct backup method for
/usr/obj and other directory trees that can be
exactly recreated by your computer. An example is the files that
comprise the HTML or &postscript; version of this Handbook.
These document formats have been created from SGML input
files. Creating backups of the HTML or &postscript; files is
not necessary. The SGML files are backed up regularly.Which Backup Program Is Best?LISA&man.dump.8; Period. Elizabeth D. Zwicky
torture tested all the backup programs discussed here. The clear
choice for preserving all your data and all the peculiarities of &unix;
file systems is dump. Elizabeth created file systems containing
a large variety of unusual conditions (and some not so unusual ones)
and tested each program by doing a backup and restore of those
file systems. The peculiarities included: files with holes, files with
holes and a block of nulls, files with funny characters in their
names, unreadable and unwritable files, devices, files that change
size during the backup, files that are created/deleted during the
backup and more. She presented the results at LISA V in Oct. 1991.
See torture-testing
Backup and Archive Programs.Emergency Restore ProcedureBefore the DisasterThere are only four steps that you need to perform in
preparation for any disaster that may occur.
- disklabel
+ bsdlabel
- First, print the disklabel from each of your disks
- (e.g. disklabel da0 | lpr), your file system table
+ First, print the bsdlabel from each of your disks
+ (e.g. bsdlabel da0 | lpr), your file system table
(/etc/fstab) and all boot messages,
two copies of
each.fix-it floppiesSecond, determine that the boot and fix-it floppies
(boot.flp and fixit.flp)
have all your devices. The easiest way to check is to reboot your
machine with the boot floppy in the floppy drive and check the boot
messages. If all your devices are listed and functional, skip on to
step three.Otherwise, you have to create two custom bootable
floppies which have a kernel that can mount all of your disks
and access your tape drive. These floppies must contain:
- fdisk, disklabel,
+ fdisk, bsdlabel,
newfs, mount, and
whichever backup program you use. These programs must be
statically linked. If you use dump, the
floppy must contain restore.Third, create backup tapes regularly. Any changes that you make
after your last backup may be irretrievably lost. Write-protect the
backup tapes.Fourth, test the floppies (either boot.flp
and fixit.flp or the two custom bootable
floppies you made in step two.) and backup tapes. Make notes of the
procedure. Store these notes with the bootable floppy, the
printouts and the backup tapes. You will be so distraught when
restoring that the notes may prevent you from destroying your backup
tapes (How? In place of tar xvf /dev/sa0, you
might accidentally type tar cvf /dev/sa0 and
over-write your backup tape).For an added measure of security, make bootable floppies and two
backup tapes each time. Store one of each at a remote location. A
remote location is NOT the basement of the same office building. A
number of firms in the World Trade Center learned this lesson the
hard way. A remote location should be physically separated from
your computers and disk drives by a significant distance.A Script for Creating a Bootable FloppyAfter the DisasterThe key question is: did your hardware survive? You have been
doing regular backups so there is no need to worry about the
software.If the hardware has been damaged, the parts should be replaced
before attempting to use the computer.If your hardware is okay, check your floppies. If you are using
a custom boot floppy, boot single-user (type -s
at the boot: prompt). Skip the following
paragraph.If you are using the boot.flp and
fixit.flp floppies, keep reading. Insert the
boot.flp floppy in the first floppy drive and
boot the computer. The original install menu will be displayed on
the screen. Select the Fixit--Repair mode with CDROM or
floppy. option. Insert the
fixit.flp when prompted.
restore and the other programs that you need are
located in /mnt2/rescue
(/mnt2/stand for
&os; versions older than 5.2).Recover each file system separately.mountroot partition
- disklabel
+ bsdlabelnewfsTry to mount (e.g. mount /dev/da0a
/mnt) the root partition of your first disk. If the
- disklabel was damaged, use disklabel to re-partition and
+ bsdlabel was damaged, use bsdlabel to re-partition and
label the disk to match the label that you printed and saved. Use
newfs to re-create the file systems. Re-mount the root
partition of the floppy read-write (mount -u -o rw
/mnt). Use your backup program and backup tapes to
recover the data for this file system (e.g. restore vrf
/dev/sa0). Unmount the file system (e.g. umount
/mnt). Repeat for each file system that was
damaged.Once your system is running, backup your data onto new tapes.
Whatever caused the crash or data loss may strike again. Another
hour spent now may save you from further distress later.* I Did Not Prepare for the Disaster, What Now?
]]>
MarcFonvieilleReorganized and enhanced by Network, Memory, and File-Backed File Systemsvirtual disksdisksvirtualAside from the disks you physically insert into your computer:
floppies, CDs, hard drives, and so forth; other forms of disks
are understood by FreeBSD - the virtual
disks.NFSCodadisksmemoryThese include network file systems such as the Network File System and Coda, memory-based
file systems and
file-backed file systems.According to the FreeBSD version you run, you will have to use
different tools for creation and use of file-backed and
memory-based file systems.
- The FreeBSD 4.X users will have to use &man.MAKEDEV.8;
- to create the required devices. FreeBSD 5.0 and later use
- &man.devfs.5; to allocate device nodes transparently for the
+ Use &man.devfs.5; to allocate device nodes transparently for the
user.
-
- File-Backed File System under FreeBSD 4.X
-
- disks
- file-backed (4.X)
-
-
- The utility &man.vnconfig.8; configures and enables vnode pseudo-disk
- devices. A vnode is a representation
- of a file, and is the focus of file activity. This means that
- &man.vnconfig.8; uses files to create and operate a
- file system. One possible use is the mounting of floppy or CD
- images kept in files.
-
- To use &man.vnconfig.8;, you need &man.vn.4; support in your
- kernel configuration file:
-
- pseudo-device vn
-
- To mount an existing file system image:
-
-
- Using vnconfig to Mount an Existing File System
- Image under FreeBSD 4.X
-
- &prompt.root; vnconfig vn0diskimage
-&prompt.root; mount /dev/vn0c /mnt
-
-
- To create a new file system image with &man.vnconfig.8;:
-
-
- Creating a New File-Backed Disk with vnconfig
-
- &prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k
-5120+0 records in
-5120+0 records out
-&prompt.root; vnconfig -s labels -c vn0newimage
-&prompt.root; disklabel -r -w vn0 auto
-&prompt.root; newfs vn0c
-Warning: 2048 sector(s) in last cylinder unallocated
-/dev/vn0c: 10240 sectors in 3 cylinders of 1 tracks, 4096 sectors
- 5.0MB in 1 cyl groups (16 c/g, 32.00MB/g, 1280 i/g)
-super-block backups (for fsck -b #) at:
- 32
-&prompt.root; mount /dev/vn0c /mnt
-&prompt.root; df /mnt
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/vn0c 4927 1 4532 0% /mnt
-
-
-
- File-Backed File System under FreeBSD 5.X
+ File-Backed File Systemdisks
- file-backed (5.X)
+ file-backedThe utility &man.mdconfig.8; is used to configure and enable
- memory disks, &man.md.4;, under FreeBSD 5.X. To use
+ memory disks, &man.md.4;, under FreeBSD. To use
&man.mdconfig.8;, you have to load &man.md.4; module or to add
the support in your kernel configuration file:device mdThe &man.mdconfig.8; command supports three kinds of
memory backed virtual disks: memory disks allocated with
&man.malloc.9;, memory disks using a file or swap space as
backing. One possible use is the mounting of floppy
or CD images kept in files.To mount an existing file system image:Using mdconfig to Mount an Existing File System
- Image under FreeBSD 5.X
+ Image
&prompt.root; mdconfig -a -t vnode -f diskimage -u 0
&prompt.root; mount /dev/md0/mntTo create a new file system image with &man.mdconfig.8;:Creating a New File-Backed Disk with mdconfig&prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k
5120+0 records in
5120+0 records out
&prompt.root; mdconfig -a -t vnode -f newimage -u 0
-&prompt.root; disklabel -r -w md0 auto
-&prompt.root; newfs md0c
-/dev/md0c: 5.0MB (10240 sectors) block size 16384, fragment size 2048
- using 4 cylinder groups of 1.27MB, 81 blks, 256 inodes.
+&prompt.root; bsdlabel -w md0 auto
+&prompt.root; newfs md0a
+/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
+ using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
super-block backups (for fsck -b #) at:
- 32, 2624, 5216, 7808
-&prompt.root; mount /dev/md0c /mnt
+ 160, 2720, 5280, 7840
+&prompt.root; mount /dev/md0a /mnt
&prompt.root; df /mnt
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md0c 4846 2 4458 0% /mnt
+Filesystem 1K-blocks Used Avail Capacity Mounted on
+/dev/md0a 4710 4 4330 0% /mnt
If you do not specify the unit number with the
option, &man.mdconfig.8; will use the
&man.md.4; automatic allocation to select an unused device.
The name of the allocated unit will be output on stdout like
md4. For more details about
&man.mdconfig.8;, please refer to the manual page.
- Since &os; 5.1-RELEASE, the &man.bsdlabel.8;
- utility replaces the old &man.disklabel.8; program. With
- &man.bsdlabel.8; a number of obsolete options and parameters
- have been retired; in the example above the option
- should be removed. For more
- information, please refer to the &man.bsdlabel.8;
- manual page.
-
The utility &man.mdconfig.8; is very useful, however it
asks many command lines to create a file-backed file system.
- FreeBSD 5.0 also comes with a tool called &man.mdmfs.8;,
+ FreeBSD also comes with a tool called &man.mdmfs.8;,
this program configures a &man.md.4; disk using
&man.mdconfig.8;, puts a UFS file system on it using
&man.newfs.8;, and mounts it using &man.mount.8;. For example,
if you want to create and mount the same file system image as
above, simply type the following:Configure and Mount a File-Backed Disk with mdmfs&prompt.root; dd if=/dev/zero of=newimage bs=1k count=5k
5120+0 records in
5120+0 records out
&prompt.root; mdmfs -F newimage -s 5m md0/mnt
&prompt.root; df /mnt
Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md0 4846 2 4458 0% /mnt
+/dev/md0 4718 4 4338 0% /mnt
If you use the option without unit
number, &man.mdmfs.8; will use &man.md.4; auto-unit feature to
automatically select an unused device. For more details
about &man.mdmfs.8;, please refer to the manual page.
-
- Memory-Based File System under FreeBSD 4.X
-
- disks
- memory file system (4.X)
-
-
- The &man.md.4; driver is a simple, efficient means to create memory
- file systems under FreeBSD 4.X. &man.malloc.9; is used
- to allocate the memory.
-
- Simply take a file system you have prepared with, for
- example, &man.vnconfig.8;, and:
-
-
- md Memory Disk under FreeBSD 4.X
-
- &prompt.root; dd if=newimage of=/dev/md0
-5120+0 records in
-5120+0 records out
-&prompt.root; mount /dev/md0c/mnt
-&prompt.root; df /mnt
-Filesystem 1K-blocks Used Avail Capacity Mounted on
-/dev/md0c 4927 1 4532 0% /mnt
-
-
- For more details, please refer to &man.md.4; manual
- page.
-
-
- Memory-Based File System under FreeBSD 5.X
+ Memory-Based File Systemdisks
- memory file system (5.X)
+ memory file system
- The same tools are used for memory-based and file-backed
- file systems: &man.mdconfig.8; or &man.mdmfs.8;. The storage
- for memory-based file system is allocated with
- &man.malloc.9;.
+ For a
+ memory-based file system the swap backing
+ should normally be used. Using swap backing does not mean
+ that the memory disk will be swapped out to disk by default,
+ but merely that the memory disk will be allocated from a
+ memory pool which can be swapped out to disk if needed. It is
+ also possible to create memory-based disk which are
+ &man.malloc.9; backed, but using malloc backed memory disks,
+ especially large ones, can result in a system panic if the
+ kernel runs out of memory.Creating a New Memory-Based Disk with
mdconfig&prompt.root; mdconfig -a -t malloc -s 5m -u 1
&prompt.root; newfs -U md1
/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 1.27MB, 81 blks, 256 inodes.
with soft updates
super-block backups (for fsck -b #) at:
32, 2624, 5216, 7808
&prompt.root; mount /dev/md1/mnt
&prompt.root; df /mnt
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md1 4846 2 4458 0% /mntCreating a New Memory-Based Disk with
mdmfs&prompt.root; mdmfs -M -s 5m md2/mnt
&prompt.root; df /mnt
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/md2 4846 2 4458 0% /mntInstead of using a &man.malloc.9; backed file system, it is
possible to use swap, for that just replace
with in the
command line of &man.mdconfig.8;. The &man.mdmfs.8; utility
by default (without ) creates a swap-based
disk. For more details, please refer to &man.mdconfig.8;
and &man.mdmfs.8; manual pages.Detaching a Memory Disk from the Systemdisksdetaching a memory diskWhen a memory-based or file-based file system
is not used, you should release all resources to the system.
The first thing to do is to unmount the file system, then use
&man.mdconfig.8; to detach the disk from the system and release
the resources.For example to detach and free all resources used by
/dev/md4:&prompt.root; mdconfig -d -u 4It is possible to list information about configured
&man.md.4; devices in using the command mdconfig
-l.
- For FreeBSD 4.X, &man.vnconfig.8; is used to detach
- the device. For example to detach and free all resources
- used by /dev/vn4:
-
- &prompt.root; vnconfig -u vn4
-
-
TomRhodesContributed by File System Snapshotsfile systemssnapshots
- FreeBSD 5.0 offers a new feature in conjunction with
+ FreeBSD offers a feature in conjunction with
Soft Updates: File system snapshots.Snapshots allow a user to create images of specified file
systems, and treat them as a file.
Snapshot files must be created in the file system that the
action is performed on, and a user may create no more than 20
snapshots per file system. Active snapshots are recorded
in the superblock so they are persistent across unmount and
remount operations along with system reboots. When a snapshot
is no longer required, it can be removed with the standard &man.rm.1;
command. Snapshots may be removed in any order,
however all the used space may not be acquired because another snapshot will
possibly claim some of the released blocks.The un-alterable file flag is set
by &man.mksnap.ffs.8; after initial creation of a snapshot file.
The &man.unlink.1; command makes an exception for snapshot files
since it allows them to be removed.Snapshots are created with the &man.mount.8; command. To place
a snapshot of /var in the file
/var/snapshot/snap use the following
command:&prompt.root; mount -u -o snapshot /var/snapshot/snap /varAlternatively, you can use &man.mksnap.ffs.8; to create
a snapshot:&prompt.root; mksnap_ffs /var /var/snapshot/snapOne can find snapshot files on a file system (e.g. /var)
by using the &man.find.1; command:&prompt.root; find /var -flags snapshotOnce a snapshot has been created, it has several
uses:Some administrators will use a snapshot file for backup purposes,
because the snapshot can be transfered to CDs or tape.File integrity, &man.fsck.8; may be ran on the snapshot.
Assuming that the file system was clean when it was mounted, you
should always get a clean (and unchanging) result.
This is essentially what the
background &man.fsck.8; process does.Run the &man.dump.8; utility on the snapshot.
A dump will be returned that is consistent with the
file system and the timestamp of the snapshot. &man.dump.8;
can also take a snapshot, create a dump image and then
remove the snapshot in one command using the
flag.&man.mount.8; the snapshot as a frozen image of the file system.
To &man.mount.8; the snapshot
/var/snapshot/snap run:&prompt.root; mdconfig -a -t vnode -f /var/snapshot/snap -u 4
&prompt.root; mount -r /dev/md4 /mntYou can now walk the hierarchy of your frozen /var
file system mounted at /mnt. Everything will
initially be in the same state it was during the snapshot creation time.
The only exception is that any earlier snapshots will appear
as zero length files. When the use of a snapshot has delimited,
it can be unmounted with:&prompt.root; umount /mnt
&prompt.root; mdconfig -d -u 4For more information about and
file system snapshots, including technical papers, you can visit
Marshall Kirk McKusick's website at
.File System Quotasaccountingdisk spacedisk quotasQuotas are an optional feature of the operating system that
allow you to limit the amount of disk space and/or the number of
files a user or members of a group may allocate on a per-file
system basis. This is used most often on timesharing systems where
it is desirable to limit the amount of resources any one user or
group of users may allocate. This will prevent one user or group
of users from consuming all of the available disk space.Configuring Your System to Enable Disk QuotasBefore attempting to use disk quotas, it is necessary to make
sure that quotas are configured in your kernel. This is done by
adding the following line to your kernel configuration
file:options QUOTAThe stock GENERIC kernel does not have
this enabled by default, so you will have to configure, build and
install a custom kernel in order to use disk quotas. Please refer
to for more information on kernel
configuration.Next you will need to enable disk quotas in
/etc/rc.conf. This is done by adding the
line:enable_quotas="YES"disk quotascheckingFor finer control over your quota startup, there is an
additional configuration variable available. Normally on bootup,
the quota integrity of each file system is checked by the
&man.quotacheck.8; program. The
&man.quotacheck.8; facility insures that the data in
the quota database properly reflects the data on the file system.
This is a very time consuming process that will significantly
affect the time your system takes to boot. If you would like to
skip this step, a variable in /etc/rc.conf
is made available for the purpose:check_quotas="NO"Finally you will need to edit /etc/fstab
to enable disk quotas on a per-file system basis. This is where
you can either enable user or group quotas or both for all of your
file systems.To enable per-user quotas on a file system, add the
option to the options field in the
/etc/fstab entry for the file system you want
to enable quotas on. For example:/dev/da1s2g /home ufs rw,userquota 1 2Similarly, to enable group quotas, use the
option instead of
. To enable both user and
group quotas, change the entry as follows:/dev/da1s2g /home ufs rw,userquota,groupquota 1 2By default, the quota files are stored in the root directory of
the file system with the names quota.user and
quota.group for user and group quotas
respectively. See &man.fstab.5; for more
information. Even though the &man.fstab.5; manual page says that
you can specify
an alternate location for the quota files, this is not recommended
because the various quota utilities do not seem to handle this
properly.At this point you should reboot your system with your new
kernel. /etc/rc will automatically run the
appropriate commands to create the initial quota files for all of
the quotas you enabled in /etc/fstab, so
there is no need to manually create any zero length quota
files.In the normal course of operations you should not be required
to run the &man.quotacheck.8;,
&man.quotaon.8;, or &man.quotaoff.8;
commands manually. However, you may want to read their manual pages
just to be familiar with their operation.Setting Quota Limitsdisk quotaslimitsOnce you have configured your system to enable quotas, verify
that they really are enabled. An easy way to do this is to
run:&prompt.root; quota -vYou should see a one line summary of disk usage and current
quota limits for each file system that quotas are enabled
on.You are now ready to start assigning quota limits with the
&man.edquota.8; command.You have several options on how to enforce limits on the
amount of disk space a user or group may allocate, and how many
files they may create. You may limit allocations based on disk
space (block quotas) or number of files (inode quotas) or a
combination of both. Each of these limits are further broken down
into two categories: hard and soft limits.hard limitA hard limit may not be exceeded. Once a user reaches his
hard limit he may not make any further allocations on the file
system in question. For example, if the user has a hard limit of
500 kbytes on a file system and is currently using 490 kbytes, the
user can only allocate an additional 10 kbytes. Attempting to
allocate an additional 11 kbytes will fail.soft limitSoft limits, on the other hand, can be exceeded for a limited
amount of time. This period of time is known as the grace period,
which is one week by default. If a user stays over his or her
soft limit longer than the grace period, the soft limit will
turn into a hard limit and no further allocations will be allowed.
When the user drops back below the soft limit, the grace period
will be reset.The following is an example of what you might see when you run
the &man.edquota.8; command. When the
&man.edquota.8; command is invoked, you are placed into
the editor specified by the EDITOR environment
variable, or in the vi editor if the
EDITOR variable is not set, to allow you to edit
the quota limits.&prompt.root; edquota -u testQuotas for user test:
/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
inodes in use: 7, limits (soft = 50, hard = 60)
/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
inodes in use: 0, limits (soft = 50, hard = 60)You will normally see two lines for each file system that has
quotas enabled. One line for the block limits, and one line for
inode limits. Simply change the value you want updated to modify
the quota limit. For example, to raise this user's block limit
from a soft limit of 50 and a hard limit of 75 to a soft limit of
500 and a hard limit of 600, change:/usr: kbytes in use: 65, limits (soft = 50, hard = 75)to:/usr: kbytes in use: 65, limits (soft = 500, hard = 600)The new quota limits will be in place when you exit the
editor.Sometimes it is desirable to set quota limits on a range of
UIDs. This can be done by use of the option
on the &man.edquota.8; command. First, assign the
desired quota limit to a user, and then run
edquota -p protouser startuid-enduid. For
example, if user test has the desired quota
limits, the following command can be used to duplicate those quota
limits for UIDs 10,000 through 19,999:&prompt.root; edquota -p test 10000-19999For more information see &man.edquota.8; manual page.Checking Quota Limits and Disk Usagedisk quotascheckingYou can use either the &man.quota.1; or the
&man.repquota.8; commands to check quota limits and
disk usage. The &man.quota.1; command can be used to
check individual user or group quotas and disk usage. A user
may only examine his own quota, and the quota of a group he
is a member of. Only the super-user may view all user and group
quotas. The
&man.repquota.8; command can be used to get a summary
of all quotas and disk usage for file systems with quotas
enabled.The following is some sample output from the
quota -v command for a user that has quota
limits on two file systems.Disk quotas for user test (uid 1002):
Filesystem usage quota limit grace files quota limit grace
/usr 65* 50 75 5days 7 50 60
/usr/var 0 50 75 0 50 60grace periodOn the /usr file system in the above
example, this user is currently 15 kbytes over the soft limit of
50 kbytes and has 5 days of the grace period left. Note the
asterisk * which indicates that the user is
currently over his quota limit.Normally file systems that the user is not using any disk
space on will not show up in the output from the
&man.quota.1; command, even if he has a quota limit
assigned for that file system. The option
will display those file systems, such as the
/usr/var file system in the above
example.Quotas over NFSNFSQuotas are enforced by the quota subsystem on the NFS server.
The &man.rpc.rquotad.8; daemon makes quota information available
to the &man.quota.1; command on NFS clients, allowing users on
those machines to see their quota statistics.Enable rpc.rquotad in
/etc/inetd.conf like so:rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotadNow restart inetd:&prompt.root; kill -HUP `cat /var/run/inetd.pid`LuckyGreenContributed by shamrock@cypherpunks.toEncrypting Disk PartitionsdisksencryptingFreeBSD offers excellent online protections against
unauthorized data access. File permissions and Mandatory
Access Control (MAC) (see ) help prevent
unauthorized third-parties from accessing data while the operating
system is active and the computer is powered up. However,
the permissions enforced by the operating system are irrelevant if an
attacker has physical access to a computer and can simply move
the computer's hard drive to another system to copy and analyze
the sensitive data.Regardless of how an attacker may have come into possession of
a hard drive or powered-down computer, both GEOM
Based Disk Encryption (gbde) and
geli cryptographic subsystems in &os; are able
to protect the data on the computer's file systems against even
highly-motivated attackers with significant resources. Unlike
cumbersome encryption methods that encrypt only individual files,
gbde and geli transparently
encrypt entire file systems. No cleartext ever touches the hard
drive's platter.Disk Encryption with gbdeBecome rootConfiguring gbde requires
super-user privileges.&prompt.user; su -
Password:
-
- Verify the Operating System Version
-
- &man.gbde.4; requires FreeBSD 5.0 or higher.
-
- &prompt.root; uname -r
-5.0-RELEASE
-
-
Add &man.gbde.4; Support to the Kernel Configuration FileAdd the following line to the kernel configuration
file:options GEOM_BDERebuild the kernel as described in .Reboot into the new kernel.Preparing the Encrypted Hard DriveThe following example assumes that you are adding a new hard
drive to your system that will hold a single encrypted partition.
This partition will be mounted as /private.
gbde can also be used to encrypt
/home and /var/mail, but
this requires more complex instructions which exceed the scope of
this introduction.Add the New Hard DriveInstall the new drive to the system as explained in . For the purposes of this example,
a new hard drive partition has been added as
/dev/ad4s1c. The
/dev/ad0s1*
devices represent existing standard FreeBSD partitions on
the example system.&prompt.root; ls /dev/ad*
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
/dev/ad0s1a /dev/ad0s1d /dev/ad4Create a Directory to Hold gbde Lock Files&prompt.root; mkdir /etc/gbdeThe gbde lock file contains
information that gbde requires to
access encrypted partitions. Without access to the lock file,
gbde will not be able to decrypt
the data contained in the encrypted partition without
significant manual intervention which is not supported by the
software. Each encrypted partition uses a separate lock
file.Initialize the gbde PartitionA gbde partition must be
initialized before it can be used. This initialization needs to
be performed only once:&prompt.root; gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c&man.gbde.8; will open your editor, permitting you to set
various configuration options in a template. For use with UFS1
or UFS2, set the sector_size to 2048:$FreeBSD: src/sbin/gbde/template.txt,v 1.1 2002/10/20 11:16:13 phk Exp $
#
# Sector size is the smallest unit of data which can be read or written.
# Making it too small decreases performance and decreases available space.
# Making it too large may prevent filesystems from working. 512 is the
# minimum and always safe. For UFS, use the fragment size
#
sector_size = 2048
[...]
&man.gbde.8; will ask you twice to type the passphrase that
should be used to secure the data. The passphrase must be the
same both times. gbde's ability to
protect your data depends entirely on the quality of the
passphrase that you choose.
For tips on how to select a secure passphrase that is easy
to remember, see the Diceware
Passphrase website.The gbde init command creates a lock
file for your gbde partition that in
this example is stored as
/etc/gbde/ad4s1c.gbde lock files
must be backed up together with the
contents of any encrypted partitions. While deleting a lock
file alone cannot prevent a determined attacker from
decrypting a gbde partition,
without the lock file, the legitimate owner will be unable
to access the data on the encrypted partition without a
significant amount of work that is totally unsupported by
&man.gbde.8; and its designer.Attach the Encrypted Partition to the Kernel&prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c You will be asked to provide the passphrase that you
selected during the initialization of the encrypted partition.
The new encrypted device will show up in
/dev as
/dev/device_name.bde:&prompt.root; ls /dev/ad*
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
/dev/ad0s1 /dev/ad0s1c /dev/ad0s1f /dev/ad4s1c
/dev/ad0s1a /dev/ad0s1d /dev/ad4 /dev/ad4s1c.bdeCreate a File System on the Encrypted DeviceOnce the encrypted device has been attached to the kernel,
you can create a file system on the device. To create a file
system on the encrypted device, use &man.newfs.8;. Since it is
much faster to initialize a new UFS2 file system than it is to
initialize the old UFS1 file system, using &man.newfs.8; with
the option is recommended.
- The option is the default
- with &os; 5.1-RELEASE and later.
-
&prompt.root; newfs -U -O2 /dev/ad4s1c.bdeThe &man.newfs.8; command must be performed on an
attached gbde partition which
is identified by a
*.bde
extension to the device name.Mount the Encrypted PartitionCreate a mount point for the encrypted file system.&prompt.root; mkdir /privateMount the encrypted file system.&prompt.root; mount /dev/ad4s1c.bde /privateVerify That the Encrypted File System is AvailableThe encrypted file system should now be visible to
&man.df.1; and be available for use.&prompt.user; df -H
Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 1037M 72M 883M 8% /
/devfs 1.0K 1.0K 0B 100% /dev
/dev/ad0s1f 8.1G 55K 7.5G 0% /home
/dev/ad0s1e 1037M 1.1M 953M 0% /tmp
/dev/ad0s1d 6.1G 1.9G 3.7G 35% /usr
/dev/ad4s1c.bde 150G 4.1K 138G 0% /privateMounting Existing Encrypted File SystemsAfter each boot, any encrypted file systems must be
re-attached to the kernel, checked for errors, and mounted, before
the file systems can be used. The required commands must be
executed as user root.Attach the gbde Partition to the Kernel&prompt.root; gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1cYou will be asked to provide the passphrase that you
selected during initialization of the encrypted
gbde partition.Check the File System for ErrorsSince encrypted file systems cannot yet be listed in
/etc/fstab for automatic mounting, the
file systems must be checked for errors by running &man.fsck.8;
manually before mounting.&prompt.root; fsck -p -t ffs /dev/ad4s1c.bdeMount the Encrypted File System&prompt.root; mount /dev/ad4s1c.bde /privateThe encrypted file system is now available for use.Automatically Mounting Encrypted PartitionsIt is possible to create a script to automatically attach,
check, and mount an encrypted partition, but for security reasons
the script should not contain the &man.gbde.8; password. Instead,
it is recommended that such scripts be run manually while
providing the password via the console or &man.ssh.1;.As of &os; 5.2-RELEASE, there is a new rc.d script
provided. Arguments for this script can be passed via
&man.rc.conf.5;, for example:gbde_autoattach_all="YES"
gbde_devices="ad4s1c"This will require that the gbde
passphrase be entered at boot time. After typing the correct
passphrase, the gbde encrypted
partition will be mounted automatically. This can be very
useful when using gbde on
notebooks.Cryptographic Protections Employed by gbde&man.gbde.8; encrypts the sector payload using 128-bit AES in
CBC mode. Each sector on the disk is encrypted with a different
AES key. For more information on gbde's
cryptographic design, including how the sector keys are derived
from the user-supplied passphrase, see &man.gbde.4;.Compatibility Issues&man.sysinstall.8; is incompatible with
gbde-encrypted devices. All
*.bde devices must be detached from the
kernel before starting &man.sysinstall.8; or it will crash during
its initial probing for devices. To detach the encrypted device
used in our example, use the following command:&prompt.root; gbde detach /dev/ad4s1cAlso note that, as &man.vinum.4; does not use the
&man.geom.4; subsystem, you cannot use
gbde with
vinum volumes.DanielGerzoContributed by Disk Encryption with geliA new cryptographic GEOM class is available as of &os; 6.0 -
geli. It is currently being developed by
&a.pjd;. Geli is different to
gbde; it offers different features and uses
a different scheme for doing cryptographic work.The most important features of &man.geli.8; are:Utilizes the &man.crypto.9; framework — when
cryptographic hardware is available, geli
will use it automatically.Supports multiple cryptographic algorithms (currently
AES, Blowfish, and 3DES).Allows the root partition to be encrypted. The
passphrase used to access the encrypted root partition will
be requested during the system boot.Allows the use of two independent keys (e.g. a
key and a company key).geli is fast - performs simple
sector-to-sector encryption.Allows backup and restore of Master Keys. When a user
has to destroy his keys, it will be possible to get access
to the data again by restoring keys from the backup.Allows to attach a disk with a random, one-time key
— useful for swap partitions and temporary file
systems.More geli features can be found in the
&man.geli.8; manual page.The next steps will describe how to enable support for
geli in the &os; kernel and will explain how
to create a new geli encryption provider. At
the end it will be demonstrated how to create an encrypted swap
partition using features provided by geli.In order to use geli, you must be running
&os; 6.0-RELEASE or later. Super-user privileges will be
required since modifications to the kernel are necessary.Adding geli Support to the Kernel
Configuration FileAdd the following lines to the kernel configuration
file:options GEOM_ELI
device cryptoRebuild the kernel as described in .Alternatively, the geli module can
be loaded at boot time. Add the following line to the
/boot/loader.conf:geom_eli_load="YES"&man.geli.8; should now be supported by the kernel.Generating the Master KeyThe following example will describe how to generate a
key file, which will be used as part of the Master Key for
the encrypted provider mounted under
/private. The key
file will provide some random data used to encrypt the
Master Key. The Master Key will be protected by a
passphrase as well. Provider's sector size will be 4kB big.
Furthermore, the discussion will describe how to attach the
geli provider, create a file system on
it, how to mount it, how to work with it, and finally how to
detach it.It is recommended to use a bigger sector size (like 4kB) for
better performance.The Master Key will be protected with a passphrase and
the data source for key file will be
/dev/random. The sector size of
/dev/da2.eli, which we call provider,
will be 4kB.&prompt.root; dd if=/dev/random of=/root/da2.key bs=64 count=1
&prompt.root; geli init -s 4096 -K /root/da2.key /dev/da2
Enter new passphrase:
Reenter new passphrase:It is not mandatory that both a passphrase and a key
file are used; either method of securing the Master Key can
be used in isolation.If key file is given as -, standard
input will be used. This example shows how more than one
key file can be used.&prompt.root; cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2Attaching the Provider with the generated Key&prompt.root; geli attach -k /root/da2.key /dev/da2
Enter passphrase:The new plaintext device will be named
/dev/da2.eli.&prompt.root; ls /dev/da2*
/dev/da2 /dev/da2.eliCreating the new File System&prompt.root; dd if=/dev/random of=/dev/da2.eli bs=1m
&prompt.root; newfs /dev/da2.eli
&prompt.root; mount /dev/da2.eli /privateThe encrypted file system should be visible to &man.df.1;
and be available for use now.&prompt.root; df -H
Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 248M 89M 139M 38% /
/devfs 1.0K 1.0K 0B 100% /dev
/dev/ad0s1f 7.7G 2.3G 4.9G 32% /usr
/dev/ad0s1d 989M 1.5M 909M 0% /tmp
/dev/ad0s1e 3.9G 1.3G 2.3G 35% /var
/dev/da2.eli 150G 4.1K 138G 0% /privateUnmounting and Detaching the ProviderOnce the work on the encrypted partition is done, and
the /private partition
is no longer needed, it is prudent to consider unmounting
and detaching the geli encrypted
partition from the kernel.&prompt.root; umount /private
&prompt.root; geli detach da2.eliMore information about the use of &man.geli.8; can be
found in the manual page.Encrypting a Swap PartitionThe following example demonstrates how to create a
geli encrypted swap partition.&prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m
&prompt.root; geli onetime -d -a 3des ad0s1b
&prompt.root; swapon /dev/ad0s1b.eliUsing the gelirc.d Scriptgeli comes with a rc.d script which
can be used to simplify the usage of geli.
An example of configuring geli through
&man.rc.conf.5; follows:geli_devices="da2"
geli_da2_flags="-p -k /root/da2.key"This will configure /dev/da2 as a
geli provider of which the Master Key file
is located in /root/da2.key, and
geli will not use a passphrase when
attaching the provider (note that this can only be used if -P
was given during the geli init phase). The
system will detach the geli provider from
the kernel before the system shuts down.More information about configuring rc.d is provided in the
rc.d section of the
Handbook.
+
+
+
+
+
+
+ Christian
+ Brüffer
+ Written by
+
+
+
+
+ Encrypting Swap Space
+
+ swap
+ encrypting
+
+
+ Swap encryption in &os; is easy to configure and has been
+ available since &os; 5.3-RELEASE. Depending on which version
+ of &os; is being used, different options are available
+ and configuration can vary slightly. From &os; 6.0-RELEASE onwards,
+ the &man.gbde.8; or &man.geli.8; encryption systems can be used
+ for swap encryption. With earlier versions, only &man.gbde.8; is
+ available. Both systems use the encswap
+ rc.d script.
+
+ The previous section, Encrypting
+ Disk Partitions, includes a short discussion on the different
+ encryption systems.
+
+
+ Why should Swap be Encrypted?
+
+ Like the encryption of disk partitions, encryption of swap space
+ is done to protect sensitive information. Imagine an application
+ that e.g. deals with passwords. As long as these passwords stay in
+ physical memory, all is well. However, if the operating system starts
+ swapping out memory pages to free space for other applications, the
+ passwords may be written to the disk platters unencrypted and easy to
+ retrieve for an adversary. Encrypting swap space can be a solution for
+ this scenario.
+
+
+
+ Preparation
+
+
+ For the remainder of this section, ad0s1b
+ will be the swap partition.
+
+
+ Up to this point the swap has been unencrypted. It is possible that
+ there are already passwords or other sensitive data on the disk platters
+ in cleartext. To rectify this, the data on the swap partition should be
+ overwritten with random garbage:
+
+ &prompt.root; dd if=/dev/random of=/dev/ad0s1b bs=1m
+
+
+
+ Swap Encryption with &man.gbde.8;
+
+ If &os; 6.0-RELEASE or newer is being used, the
+ .bde suffix should be added to the device in the
+ respective /etc/fstab swap line:
+
+
+# Device Mountpoint FStype Options Dump Pass#
+/dev/ad0s1b.bde none swap sw 0 0
+
+
+ For systems prior to &os; 6.0-RELEASE, the following line
+ in /etc/rc.conf is also needed:
+
+ gbde_swap_enable="YES"
+
+
+
+ Swap Encryption with &man.geli.8;
+
+ Alternatively, the procedure for using &man.geli.8; for swap
+ encryption is similar to that of using &man.gbde.8;. The
+ .eli suffix should be added to the device in the
+ respective /etc/fstab swap line:
+
+
+# Device Mountpoint FStype Options Dump Pass#
+/dev/ad0s1b.eli none swap sw 0 0
+
+
+ &man.geli.8; uses the AES algorithm with
+ a key length of 256 bit by default.
+
+ Optionally, these defaults can be altered using the
+ geli_swap_flags option in
+ /etc/rc.conf. The following line tells the
+ encswap rc.d script to create &man.geli.8; swap
+ partitions using the Blowfish algorithm with a key length of 128 bit,
+ a sectorsize of 4 kilobytes and the detach on last close
+ option set:
+
+ geli_swap_flags="-a blowfish -l 128 -s 4096 -d"
+
+ Please refer to the description of the onetime command
+ in the &man.geli.8; manual page for a list of possible options.
+
+
+
+ Verifying that it Works
+
+ Once the system has been rebooted, proper operation of the
+ encrypted swap can be verified using the
+ swapinfo command.
+
+ If &man.gbde.8; is being used:
+
+ &prompt.user; swapinfo
+Device 1K-blocks Used Avail Capacity
+/dev/ad0s1b.bde 542720 0 542720 0%
+
+
+ If &man.geli.8; is being used:
+
+ &prompt.user; swapinfo
+Device 1K-blocks Used Avail Capacity
+/dev/ad0s1b.eli 542720 0 542720 0%
+
+
+