HOW TO: 2.4.0 ZFS Install, RAM Disk, Hot Spare, Snapshot, Resilver Root Drive

bingo600

Gents' I'm a total pfsense newbie (uses linux) , and I'm waiting for my new Qotom Q355G4 i5 box to arrive.
It will come w. 8G Ram & 64G mSata , but i'm going to install a Toshiba 240G SSD Sata disk.
Maybe i'll remove the 64G mSata , unless someone advices me to keep both disks in there.

I'd like to install the 2.4.? on it straight away, and use ZFS.

If just keep the 240G SSD in there, do you have any hints for a "single disk ZFS" install.

Would there be any advantage of keeping the 64G mSata in there , besides complicating the install for a newbie.
Is the "write 2 copies" adviceable for a SSD (wear) ?

Do i (ZFS) still need TRIM to be enabled ?

/Bingo

stilez

The guide's very good, and many people will want ZFS. I feel a lot safer with it on my NAS and data stores, and any business is likely to want it.

However it's worth noting that whether it's best for smaller and home systems is down to each person. For example, if you are happy to download or back up your config when it changes, and if a disk goes then just insert a new one and reinstall pfSense and the last config, and you're not worried about data corruption at rest (because there isn't much of it maybe, and you have backups), then ZFS adds little except a need for more hardware and an extra HDD/SSD, because a reinstall is about 15 - 40 minutes downtime while watching the TV.

After all, if data at rest that's actively used by the router for its own purposes (as opposed to files and directories it doesn't use itself) then most often it'll be caught anyway if it has a random bit flip or I/O error - the file won't make sense when read and it'll make this clear to the administrator.

If on the other hand you want to be sure that logs and RRD, tables of IPs, Squid caches, leases, or other extensive data stays 100% intact, and there isn't downtime, or your pfSense platform hosts other data and services too, then ZFS may well be very useful.

So I would add a note to any guide, of the pros and cons, because a router is a very different use case from other installations, if it isn't holding data whose integrity at rest isn't much of a concern.

pfBasic

Yeah ZFS is certainly not a must have. The majority of users would never notice a difference.

It doesn't add a requirement for more hardware though. You can install ZFS to a single disk, you just wouldn't get some of its features.
More RAM maybe - but if you don't already have enough RAM then simply do a UFS install.

The major benefit for your average home user would be added protection against data corruption due to power outages in locales that are prone to them. There are quite a few threads about this on UFS.
The real solution to this is a UPS, but if you can't/don't want to afford a UPS then simply installing to ZFS is a viable stopgap that will very likely (but not certainly) solve this problem.

The other home user benefit would be saving money on hardware. If you are building a budget system you can save a notable amount of $ by installing to a pair of thumb drives instead of a HDD or SSD. Doing this on ZFS allows you to mirror the drives and gives you a bit of redundancy.

But again, I agree that ZFS is by no means a must have for home users. It is a very nice option to have though.

Kreeblah

Is it possible to restore a config from a UFS-based system to a ZFS-based one?

I'd like to switch to ZFS once 2.4.0 is released, which I know will require a reinstall, but I've been having a hard time finding whether restoring my old config would cause issues or whether it would be better to do a manual config from scratch.  Does anybody have any information on doing that?

kpa

As far as I know it should work and is supported, I'd be very surprised if it didn't work because the only differences are in the storage method.

TS_b

@Kreeblah:

Is it possible to restore a config from a UFS-based system to a ZFS-based one?

I'd like to switch to ZFS once 2.4.0 is released, which I know will require a reinstall, but I've been having a hard time finding whether restoring my old config would cause issues or whether it would be better to do a manual config from scratch.  Does anybody have any information on doing that?

To answer your question in the words of the almighty OP  ;)-

@pfBasic:

EDIT: I don't recommend setting a second zpool as it can cause issues with booting. If you want to send snapshots on a separate device, try a UFS filesystem on it. People smarter than myself can probably get around this, if anyone has a solution please share and I'll add it here!
To use UFS:
After partitioning the drive follow the instructions here:
https://www.freebsd.org/doc/handbook/disks-adding.html

To send your snapshot to a UFS partition you can modify this for your mount point and copy and paste:
Code:```

zfs snapshot -r yourpoolname@date "+%d.%b.%y.%H00" && zfs send -Rv yourpoolname@date "+%d.%b.%y.%H00" | gzip > /mnt/sshot/sshotdate "+%d.%b.%y.%H00."gz && zfs destroy -r yourpoolname@date "+%d.%b.%y.%H00" && zfs list -r -t snapshot -o name,creation && du -hs /mnt/sshot/sshotdate "+%d.%b.%y.%H00."gz

I would imagine that if you could restore a snapshot from UFS to ZFS then you could restore from the config. Config file is just an .xml file full of your system configuration settings. The underlying FS shouldn't matter.

stilez

@pfBasic:

If you are smarter than me I'm betting you could automate this with a script, I would think something running frequently in cron along the lines of:

check if pool is degraded
if no, exit
if yes, check if resilver complete
if no, exit
if yes, detach baddisk

If anyone does write such a script, please share! ;)

Added to feature requests, see https://redmine.pfsense.org/issues/7812

madmaxed

First of all GREAT post.  Thanks pfBasic.

I've been using a 6 disk ZFS raidz2 array on my FreeNAS server for a couple of years.

I just wanted to point out, that ZFS can do more than a two disk mirror.  It is technically nearly unlimited.  But for pfSense I think have a ZFS three disk mirror is another option, and less setup, less disks, and still offers 2 drive failure protection.

Just wanted to throw that out there for home users looking for ZFS with only 3 disks and dual failure redundancy.

beedix

Appreciate this post.

I'm using 2.4RC and have a mirrored boot drive setup with ZFS.

I was wanting to partion a new SSD (ada1) with ZFS for general file system use, specifically mounting the disk in /var/squid/cache.  What are the steps for partitioning the disk with ZFS so that it can be mounted into the existing file system structure?

beedix

I probably should have researched a bit more before asking, but man I love ZFS.  Here is how I setup my new drive.

gpart create -s gpt ada1
gpart add -b 2048 -t freebsd-zfs -l gpt2 ada1
zpool create -f zdata /dev/gpt/gpt2
zfs set checksum=on zdata
zfs set compression=lz4 zdata
zfs set atime=off zdata
zfs set recordsize=64K zdata
zfs set primarycache=metadata zdata
zfs set secondarycache=none zdata
zfs set logbias=latency zdata
zfs create -o mountpoint=/var/squid/cache zdata/cache

chown -R squid:squid /var/squid/cache
chmod -R 0750 /var/squid/cache

There are specific ARC and ZIL caching features which I didn't setup which could be a benefit for squid, but as best I can tell, it wouldn't work out well in my situation.  Here is a link from squid regarding ZFS:
https://wiki.squid-cache.org/SquidFaq/InstallingSquid#Is_it_okay_to_use_ZFS_on_Squid.3F

kevindd992002

I'm using a PC Engines APU2C4 for my pfsense box. I just upgraded to 2.4 and read about ZFS. I'm using a 16GB single SSD and I'm wanting to use ZFS. Which of the steps in the OP should I follow? I read through them and they're targetted for multiple flash drives in the system. I'm not really sure which ones are applicable in a single disk setup only.

Also, can I backup the config file that I have now, reinstall pfsense with ZFS, and just restore that same config file without any adverse effects?

sdf_iain

@pfBasic:

In short, if you didn't already have a reason to use ECC, then ZFS on pfSense shouldn't change your mind. But if you want to be convinced otherwise just ask the same question on the FreeNAS forums and I'm sure you'll be flamed for acknowledging that such a thing as non-ECC exists.

The point of ECC RAM on a ZFS based fileserver is simple.  ZFS provides checksumming of all files at rest (i.e. on disk) and ECC provides the same protections for data in motion.  It isn't that a pool could be lost without ECC, it's actually much more sinister.  Data that seems fine, data with valid checksums that passes every scrub, could have "bit rot" and, in extreme cases, be unreadable.  Everything looks fine, but nothing is!

pfSense is in a different boat.  A firewall absolutely shouldn't be storing any critical or irreplaceable data so 100% corruption prevention isn't necessary.  99% (or whatever the chances of bit rot in the relatively tiny memory footprint of a firewall) corruption prevention is more than sufficient and ECC isn't at all necessary (it is nice to have).

TL;DR: Just go download config.xml, enable copies=2, and setup '/sbin/zpool scrub zroot' to run periodically via cron

kevindd992002

Anybody can hrmelp me with my question?

sdf_iain

@kevindd992002:

Anybody can hrmelp me with my question?

Yes, backup config.xml and reinstall from scratch.  The underlying file system will not affect anything except (possibly) a few system tunables that you probably wouldn’t have set.

You should be fine, but as with any change: allow for extra downtime in case things don’t go as planned/expected.

kevindd992002

@sdf_iain:

@kevindd992002:

Anybody can hrmelp me with my question?

Yes, backup config.xml and reinstall from scratch.  The underlying file system will not affect anything except (possibly) a few system tunables that you probably wouldn’t have set.

You should be fine, but as with any change: allow for extra downtime in case things don’t go as planned/expected.

Yes , I get that. But which guide should I follow for the setup of the ZFS filesystem? The guide here is more for a multi-disk setup.

sdf_iain

I let the installer do everything (it was mostly self explanatory).  Once everything was installed and it offered me the option to go to a command prompt and make final changes I did.  I ran this:

zfs set copies=2 zroot

That sets the default zpool to make two copies of files and allow a regular scrub to not only find corrupted files, but also fix them (using the second copy).

Other than that I installed cron and set it to do a regular (weekly) scrub of zroot.  It's so small that the scrub will run quickly.

kpa

@sdf_iain:

I let the installer do everything (it was mostly self explanatory).  Once everything was installed and it offered me the option to go to a command prompt and make final changes I did.  I ran this:

zfs set copies=2 zroot

That sets the default zpool to make two copies of files and allow a regular scrub to not only find corrupted files, but also fix them (using the second copy).

Other than that I installed cron and set it to do a regular (weekly) scrub of zroot.  It's so small that the scrub will run quickly.

Second copies are not made retroactively, only new files and changed files get stored with two copies after you set copies=2.

kevindd992002

@kpa:

@sdf_iain:

I let the installer do everything (it was mostly self explanatory).  Once everything was installed and it offered me the option to go to a command prompt and make final changes I did.  I ran this:

zfs set copies=2 zroot

That sets the default zpool to make two copies of files and allow a regular scrub to not only find corrupted files, but also fix them (using the second copy).

Other than that I installed cron and set it to do a regular (weekly) scrub of zroot.  It's so small that the scrub will run quickly.

Second copies are not made retroactively, only new files and changed files get stored with two copies after you set copies=2.

But that's basically the whole process of installing with ZFS on a single SSD, correct?

Grimson

@kpa:

Second copies are not made retroactively, only new files and changed files get stored with two copies after you set copies=2.

You can do a:

pkg upgrade -f

after setting copies to "2". This is clunky and will still not get all files, but a good chunk of them.

sdf_iain

@Grimson:

@kpa:

Second copies are not made retroactively, only new files and changed files get stored with two copies after you set copies=2.

You can do a:

pkg upgrade -f

after setting copies to "2". This is clunky and will still not get all files, but a good chunk of them.

kevindd992002, that is the process.

I might be mistaken, but updating the file should cause ZFS to rewrite it.  The fastest/easiest way to update all of the files would be

find / -exec touch {} \;

On a fresh install, that should not take long at all.  And before first boot it won't really change any timestamps by much either.  The right answer would be to change the ZFS defaults, but I didn't go that far into the installer.