PC Engines apu2 experiences

kevindd992002

Without doing manual snapshots, is there an advantage of using ZFS over the old UFS? I am on ZFS on a single SSD and I forgot what its advantage is when I posted here a few years ago.

Vollans

@kevindd992002 Better resilience if you have a crash. UFS has a horrid habit of collapsing in an unrecoverable heap, ZFS is far more likely to recover gracefully.

Qinn

@kevindd992002 said in PC Engines apu2 experiences:

Without doing manual snapshots, is there an advantage of using ZFS over the old UFS? I am on ZFS on a single SSD and I forgot what its advantage is when I posted here a few years ago.

....of course RAID with ZFS gives more redundancy, best is more disks using RAID. As the problem with a single disk and "copies" is the same as creating an mdadm raid-1 using two partitions of the same disk: you have data redundancy, but not disk redundancy, as disk failure will cause the loss of both data sets.

Comparing UFS with ZFS, well ZFS, like btrfs, is copy-on-write, so power surges are never a problem and ZFS requires a system with ECC memory (APU2 has this), otherwise you're still not 100% safeguarded against bit errors.

logan5247

@vollans Sorry to keep asking questions.

) If I snapshot zroot do I need to snapshot zroot/ROOT and zroot/ROOT/default? Does zroot not include everything else?

Let's say I did a snapshot, made a change, and successfully rolled back:

zfs rollback zroot/var@20210308
zfs rollback zroot/ROOT/default@20210308
zfs rollback zroot/ROOT@20210308
zfs rollback zroot@20210308
shutdown -r now

And now my zfs list looks like this (after the rollback):

NAME                          USED  AVAIL  REFER  MOUNTPOINT
zroot                         674M  12.4G    96K  /zroot
zroot@20210308                   0      -    96K  -
zroot/ROOT                    665M  12.4G    96K  none
zroot/ROOT@20210308              0      -    96K  -
zroot/ROOT/default            665M  12.4G   665M  /
zroot/ROOT/default@20210308   388K      -   665M  -
zroot/tmp                     144K  12.4G   144K  /tmp
zroot/var                    7.02M  12.4G  6.62M  /var
zroot/var@20210308            400K      -  6.62M  -

How do I know what set of filesystems I'm running on? Is there something like an "active" marker in zfs list?

VAMike

@logan5247 this really should get its own zfs thread, it has nothing to do with the apu2

Vollans

@vamike I agree, but quickly in summary, you're always running the one without the @ sign - that's the current live version. You can see that the size of the "backup" of zroot is nothing. The size of zroot/ROOT/default's backup is bigger. zroot doesn't include the other, effectively, "partitions".

Qinn

@dem said in PC Engines apu2 experiences:

@vollans I did a quick test in a virtual machine to figure out what the commands would be. This appears to work:

On a running 2.4.5-p1 system:
zpool checkpoint zroot
Booted from the 2.5.0 installer and in the Rescue Shell:
zpool import -f -N --rewind-to-checkpoint zroot
zpool export zroot
poweroff

I would like to know how you booted from the 2.5.0 installer using a virtual pfsense machine and got to the Rescue Shell?

dem

@qinn In VirtualBox I put the file pfSense-CE-2.5.0-RELEASE-amd64.iso in the virtual optical drive and booted to this screen, where I selected Rescue Shell:

Qinn

@dem Thanks for the quick reply, I understand that.
What I would like to know is how you get to the Virtual pfSense from here as the virtual pfsense machine is not running and access the checkpoint you made?

Btw I am using VM workstation!

dem

@qinn Sorry I wasn't clear: I put the installer image into the virtual optical drive of the same virtual pfSense instance that I checkpointed, so the installer has access to the same virtual disk and can locate the checkpointed zroot pool.

Edited to add: My goal was to simulate booting an apu2 from the memstick image in order to rewind a checkpoint, but I don't have a spare apu2 to test with. If I actually ran pfSense in a virtual machine I would use virtual machine snapshots before any upgrade.

VAMike

@qinn I never would have guessed this was somehow specific to the apu2

dem

@vamike It's not, but @vollans rolled back an upgrade of his apu2 using ZFS and that sparked interest in using ZFS to recover from a failed upgrade.

VAMike

@dem so he should start another thread so that people actually interested in apu2 experiences can find those without digging through unrelated zfs support questions

Vollans

@vamike I agreed it wasn't relevant here 2 days ago, and stopped responding.

sikita

Why pfsense 2.5 shows "AES-NI CPU Crypto: No" when in 2.4.x there was YES on APU2? Also on 2.5 there is in other line: Hardware crypto AES-CBC,AES-CCM,AES-GCM,AES-ICM,AES-XTS

bigsy

@sikita said in PC Engines apu2 experiences:

Why pfsense 2.5 shows "AES-NI CPU Crypto: No" when in 2.4.x there was YES on APU2?

Anything to do with this problem? If so, it appears to be fixed in 2.5.1.

sikita

@bigsy Ok, thank you. Seems to be GUI bug and does not involve using HW crypto.

Qinn

@sikita I am on pfSense 2.5.0 and here it says:

Firefox_Screenshot_2021-03-12T16-51-01.718Z.png

Do you have AES-NI enabled?

Qinn

Can anyone share there System / Advanced / Networking on a APU2

Mine are

Firefox_Screenshot_2021-03-19T11-29-42.923Z.png

as these are the defaults, grabbed them from a VM installation, which is not quit the same setup.

The old and not anymore recommend settings from https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughput-pfsense/ are quit different!

...and there is a new settings present in 2.5.0. " hn ALTQ support"

Could anyone elaborate on all these or there settings?

stephenw10

There are no hn NICs on any APU so it makes no difference. You can disable it.

Steve