Upgrade to ZFS
-
The main advantages of ZFS are stability and features such as native compression, mirroring, snapshots, etc. Some things we don't take full advantage of quite yet in pfSense.
ZFS isn't really known for its performance, but filesystem speed on a firewall isn't critical compared to stability. It also has increased memory requirements compared to UFS, which is why it's not ideal for certain platforms (e.g. 32-bit ARM, systems with low RAM).
When the time comes, take a fresh local backup (just in case), then boot the install media and choose "recover config.xml", then install, pick ZFS, select the drive(s), and go on from there. It will boot back up with your existing configuration in place, reinstall your packages, and be back up and running as it was before.
-
Memory requirements. Lots of information around on that, most of the recommendations are 64bit system, at least 4GB RAM, more is way better.
From a design standpoint, ZFS was created to handle large disks.From a usability POV, I think the best part of ZFS is Boot Environments (BEs). They are a very good way to upgrade a system safely and rollback if needed. UFS has had work recently to mimic/mirror that (think separate partitions for the root/boot filesystem, then flags used to tell which one to actually use).
pfSense with ZFS? On a big enough system, it's probably a good thing. I'd be interested in seeing how some of the things like mirrors and snapshots would be used.
-
The only reason I moved to zfs vs ufs is better handling of power loss. While I have never had my netgate loose power out of the blue. It is on a ups, etc. And power here is pretty stable and rarely have extended outages..
But since pfsense allows for choice.. And my box is never close to using its ram why not.. It wasn't something I was going to switch to out of the blue since it requires clean install - but with the move to new 2.5/21 versions - figured it was a good time to make the move..
Where they go with it in leveraging its other functions - can only wait and see.. I would love the ability to rollback to previous version on failed upgrade, etc. That would be slick!!
-
@johnpoz said in Upgrade to ZFS:
Where they go with it in leveraging its other functions - can only wait and see.. I would love the ability to rollback to previous version on failed upgrade, etc. That would be slick!!
Yes yes it would. Having used ZFS for a while on the desktop, switching is trivial. The tricky parts are the logic of failback. If you make it at least to init you can start checking flags and such. But if the kernel crashes on the way up, manual intervention required.
-
@mer said in Upgrade to ZFS:
pfSense with ZFS? On a big enough system, it's probably a good thing. I'd be interested in seeing how some of the things like mirrors and snapshots would be used.
I read that through the whole internet. ZFS... memory... blah. When last speaking with folks from TruNAS and iXsystems they all replied to me that most things are just BS nowadays. Yes in theory ZFS needs more RAM and more CPU. But the features they are used in are of no particular interest in a pfSense installation setting. Namely things like deduplication for large storages and other advanced features.
We are running pfSense on ZFS on hardware boxes for years now and I still have to find that "largely increased memory and CPU footprint" everyone is so quick to post when it comes to ZFS.
It all comes down to reliability and ZFS safed our customer's hides more then once when there was "a sudden power loss"... again. Since pfSense introduced ZFS in the installer we are using it and don't lost a single box since then.Of course, I'd love to see snapshots and BEs popping up being used as that would bring back those early days when you could click the box besides the update button to "make a full backup prior to updateing the box" and you could then roll back easily. Having that with a combo of BEs and snapshots would be incredibly helpful!
But if it's just "should I run ZFS... " my answer would almost always* be a "YES".
- Not counting virtual/VM setups. You can/should use & rely on your hypervisor for that.
-
@jegr said in Upgrade to ZFS:
Namely things like deduplication for large storages and other advanced features.
Yeah came to the same conclusion - not running it on a 100TB array ;) My pfsense is like a 24GB disk.. And it has 8GB of ram - so what if using ZFS uses a bit more than ufs..
-
@johnpoz @JeGr Well, as you both point out, it's all about the use case, I was speaking in generalities, not as it would relate specifically to pfSense devices. Apologies if that was not clear.
Take the SG2100/SG3100, could you run ZFS on them? With a bit of work, probably. Would it be worth it? Up to you.
8GB RAM and 24GB disk? Of course.
The issue is perception. Remember when embedded devices had MB of RAM and KB of storage?
Heck how much does a low end phone have now?
4GB of RAM is a fairly low bar now so yes, of course, it makes sense. -
@mer said in Upgrade to ZFS:
@johnpoz @JeGr Well, as you both point out, it's all about the use case, I was speaking in generalities, not as it would relate specifically to pfSense devices. Apologies if that was not clear.
No problem :)
4GB of RAM is a fairly low bar now so yes, of course, it makes sense.
But that's what I was talking about. The "perception" - and in many heads that half-knowledge is still pretty current and active - is that you need veeeery much RAM to run ZFS because it is a big storage filesystem. That's simply not true nowadays according to those that deal with it on a day by day basis. Yeah sure, that was the case quite a bit ago, but today?
I run and have installed devices down to 1-2GB of RAM on a 32GB mSATA SSD - that is really small for a device today. And I didn't really see a jump in idle CPU power or RAM usage on those systems. As install size is around 1-2GB for a core installation with a few logs, that's nothing in ZFS terms. And compared with the ease of mind, that ZFS is far more robust than the default UFS installation without journaling etc against power loss - that was a really easy decision for us to roll out anything we can with ZFS. Really awaiting first contact with ARM-SGs and ZFS but also I don't expect them to be hit very hard by a switch to ZFS either.
Cheers :)
-
@jegr Yep perception.
My problem is I still think of 1GB RAM and 8GB storage as huge. And yes the workload and features used are what kills it. ARC and other caching are primarily "read" operations (yes I know writes go through cache at some levels too), so if the system is primarily write (like pfSense would be) they are not going to try to use memory.
For a system like pfSense, 2GB RAM should be enough to let you use the good features of things like Boot Environments. The physical storage device I think is a bit more important than how much RAM in a small system.Upgrading my home desktops, upgrades/updates are:
create a new BE
chroot into it
install updates/upgrades of base system and update all applications
set new BE active
rebootIf it fails, I haven't mucked up a running system, stopping in the boot loader lets you easily roll back. I can imagine a "run once" rc script that if you haven't been able to run (however that is defined) you simply activate the previous working BE and reboot and you're back up and running.
Anyway, it's Friday.
-
@mer said in Upgrade to ZFS:
Upgrading my home desktops, upgrades/updates are:
create a new BE
chroot into it
install updates/upgrades of base system and update all applications
set new BE active
rebootThat's exactly what I would love to see "kinda" automated by updates of pfSense. And if there's a problem or via console you can hop back to the old BE. Or it automatically gets reselected as default after failed boot attempts etc. :)
-
@jegr Absolutely would love that. I cringe everytime I'm forced to upgrade my wife's Windows machine. Cross my fingers, light a candle, pray to all the gods that it works before I say "Yes, restart now".
the ixSystems folks were doing that with TrueOS/Trident in an automatic fashion. I do it manually because I'm not far removed from "upgrading from source" (old dog, could learn new tricks, but needs better treats to want to learn :) )
-
@jimp said in Upgrade to ZFS:
If you are on CE, wait for 2.5.2 to reinstall with ZFS. It has a much better starting dataset layout.
If you are on Plus, 21.05 is good for amd64 devices (e.g. SG-5100, XG-7100, etc), but ARM devices don't yet support ZFS. We're working on bringing support for ZFS to the 64-bit ARM devices (SG-1100, SG-2100), though. If you have one of those, stay tuned.
Good Morning,
had to reinstall Pfsense due to an issue with Pfblocker, and made the excuse to get up this morning to do it.. Plus after reading another thread. move to ZFS file system on my SG3100. after reading this I know why I couldn't
since the 3100 is EOL will this never happen I am guessing? -
@johnpoz said in Upgrade to ZFS:
So should prob do a clean install then.. Since would assume the pfsense name will be what is used going forward. I do recall seeing something about recovery/restore related to the zfs name..
edit: Prob just wait til 21.09 comes out and do clean install then.. From reading the redmine about the recovery.
JP did you get a "final answer" from JimP ?
I have a system at the Office , that will soon go out to the customer.
It's a 2.4.x ZFS system upgraded to 2.5.2 with the old ZFS layout
I have another "remote system" that i recently ugraded to 2.5.2 , but with reinstall & ZFS format , using the new layout.
My question ... I think i know the answer but ...
Should i reinstall 2.5.2 on the system with the old ZFS layout, so it has the new layout ?
It's destined for Australia .. Damm long way if Sh.. hits the F..I think i already spotted a few PR's where there was a mixup (or missing tests) for zroot vs pfsense
If "my gut feeling" ==> Yes do the reinstall is true.
Poor sod's that will have to talk a remote IT-person through that.I'm glad i can reroute Bios output to serial (VT100) on the Qotom's , and can force USB stick boot via "Bios serial" on a TeamViewer screen. And that i sent out FTDi USB-Serial adapters & Null-Modem cables with the units.
/Bingo
-
@bingo600 I think the newest layout is going to be with 22.x version.. was suppose to be the 21.09
-
@johnpoz said in Upgrade to ZFS:
@bingo600 I think the newest layout is going to be with 22.x version.. was suppose to be the 21.09
2.5.2 ZFS formats to ZFS root pfsense , and "many partitions"
2.4.5 ZFS formatted to ZFS root zroot and less "partitions".I'm on CE as i use "Foreign HW" ...
Wouldn't you reinstall a system still inhouse , with the new 2.5.2 layout before shipping ?
It would take less than 20 min./Bingo
-
@bingo600 yeah I would, but what I am saying is I think its going to change again..
I think you could grab a 22.x snapshot and see what it is.
-
@johnpoz said in Upgrade to ZFS:
@bingo600 yeah I would, but what I am saying is I think its going to change again..
I think you could grab a 22.x snapshot and see what it is.
Are you (they) joking ??
-
@bingo600 haha - no I believe yeah there was some change again slated for 21.09, I was going to reinstall myself when that came out, but then 21.09 got pushed to 22.x
Maybe I was misunderstanding? Or maybe a clean in install of 21.05.2 is final - but if I recall correctly that is not the case..
I wasn't suggesting 22.x ship with it - I was saying you could install that and check the layout to see if yes it is different than 21.05.2
edit: I think this was discussed in that thread that was talking about how much write was going on with zfs..
edit2:
Or wait - maybe I am off with that, maybe I was going to wait to reinstall when 21.09 came out vs doing clean install with 21.05.2 ?? That might be it. -
@johnpoz
Would 22.x be 2.6.x on CE ?
Any pointers to DL ?/Bingo
-
@bingo600 see my edit, I might of been waiting to do clean install when 21.09 came out vs doing it with 21.05.2
Because 21.09 wasn't that far away anyway.. But if you just clean installed a 22.x version you could check to see if layout is same as 21.05.2
edit: either way yes I would do a clean install and get zfs layout to whatever it is with the current install vs just upgrading an older version.
edit2: and yeah I believe they match up in the latest CE vesions.
