From nobody Mon Mar 04 09:28:38 2024 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TpD0J53GVz5CFdM for ; Mon, 4 Mar 2024 09:28:48 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Received: from holgerdanske.com (holgerdanske.com [184.105.128.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "holgerdanske.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TpD0H1x10z4f46 for ; Mon, 4 Mar 2024 09:28:47 +0000 (UTC) (envelope-from dpchrist@holgerdanske.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=holgerdanske.com header.s=nov-20210719-112354 header.b=kpeV4Z8Q; dmarc=pass (policy=none) header.from=holgerdanske.com; spf=pass (mx1.freebsd.org: domain of dpchrist@holgerdanske.com designates 184.105.128.27 as permitted sender) smtp.mailfrom=dpchrist@holgerdanske.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=holgerdanske.com; s=nov-20210719-112354; t=1709544519; bh=9YbR8nA8983cXr7x8Izp5fnKHtEW14QoBGRrf1i5baY=; h=Received:Message-ID:Date:MIME-Version:User-Agent:Content-Language: To:From:Subject:Content-Type:Content-Transfer-Encoding; b=kpeV4Z8QYE7tTVygTXegy8oO1Mv3MngXNSrsodd1cIQB/1gA2s+CA0tl6N5zbSOCc beqnfMcnb43tbaWTQHb6cxiYt6YA3YfWMcFNHvsWfTF9uMSeG2n8uwmU5vbHDNZp7c tT9B4XubGWuEXt7PxFoxmN/A5e5j+IIHIDP0c5dDZYcPGFEazDNsIior3c6ZJ0e4Hw 4XhZ87lcAiG5Z5vpHNUd7ZifOWj9gFlBsYIsP9fFGJDvxwfsfPPpL3pCelvdQA10a6 qjcr7V6t/lL2FL3pNEKJmCWzrnDpB2BCMMSQpn2XivY9Y9SL37P+vFVADe+eCoHB7L YmQAz6jecpLeJu0Hro+Gdry0eCmj3VuiO/4m1wBB3f7dwDMHQBE6oF5APPMpWe5dI2 yqRgRWO0FFqMPqHLVXQz+CoSZtX5CW0cEjpjbL52tvfYU0MfYjp0ehEx7SnksVEKl1 Uj1rs4/XoRpRm5W4MGuLAPXR+RWBIXLj4bWtD90wgSVhKtFoTvS95uOgaXDWSt+gXP vPM1khFIhXGeQ1/TUzVesi/7d+WM5/hhwDS8aZs/G4I/fJfaZQas5ecIpJvJ77y3cc X9a8aCJ+hpHOlODL5JuDNlhzUKG4H2/gnPgvEb9qGKXn2H2J/fSjA/Reo4UrY71tvU yjbC1tkXola98lmKtjn4uNWc= Received: from 99.100.19.101 (99-100-19-101.lightspeed.frokca.sbcglobal.net [99.100.19.101]) by holgerdanske.com with ESMTPSA (TLS_AES_128_GCM_SHA256:TLSv1.3:Kx=any:Au=any:Enc=AESGCM(128):Mac=AEAD) (SMTP-AUTH username dpchrist@holgerdanske.com, mechanism PLAIN) for ; Mon, 4 Mar 2024 01:28:39 -0800 Message-ID: Date: Mon, 4 Mar 2024 01:28:38 -0800 List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: freebsd-questions@freebsd.org From: David Christensen Subject: Install 13.2 RELEASE amd64 BIOS, GPT, mirror, encrypted swap, encrypted root Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.89 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.996]; DMARC_POLICY_ALLOW(-0.50)[holgerdanske.com,none]; R_SPF_ALLOW(-0.20)[+a]; R_DKIM_ALLOW(-0.20)[holgerdanske.com:s=nov-20210719-112354]; ONCE_RECEIVED(0.10)[]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[]; ASN(0.00)[asn:6939, ipnet:184.104.0.0/15, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_ONE(0.00)[1]; RCVD_TLS_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-questions@freebsd.org]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[holgerdanske.com:+] X-Rspamd-Queue-Id: 4TpD0H1x10z4f46 freebsd-questions: Using BIOS booting, choosing Auto (UFS) partitioning, Entire Disk, and GPT, I have installed: FreeBSD-13.2-RELEASE-amd64-bootonly.iso onto a Samsung MMBRE16G5MSP-OVA 2.5" SATA SSD 16 GB in a computer with an Intel S1200V3RPL motherboard [1], Xeon E3-1225 v3 processor [2], 2 @ Kingston KVR16LE11S8/4HB ECC memory modules [3], and 2 @ KVR16LE11S8/4HD ECC memory modules [4]: root@f5:~ # freebsd-version -kru 13.2-RELEASE 13.2-RELEASE 13.2-RELEASE root@f5:~ # uname -a FreeBSD f5.tracy.holgerdanske.com 13.2-RELEASE FreeBSD 13.2-RELEASE releng/13.2-n254617-525ecfdad597 GENERIC amd64 root@f5:~ # gpart show -p ada0 => 40 31277152 ada0 GPT (15G) 40 1024 ada0p1 freebsd-boot (512K) 1064 29359104 ada0p2 freebsd-ufs (14G) 29360168 1564672 ada0p3 freebsd-swap (764M) 30924840 352352 - free - (172M) root@f5:~ # mount root@f5:~ # cat /etc/fstab # Device Mountpoint FStype Options Dump Pass# /dev/ada0p2 / ufs rw 1 1 /dev/ada0p3 none swap sw 0 0 root@f5:~ # mount /dev/ada0p2 on / (ufs, local, soft-updates, journaled soft-updates) devfs on /dev (devfs) root@f5:~ # swapinfo Device 1K-blocks Used Avail Capacity /dev/ada0p3 782336 0 782336 0% root@f5:~ # top -d 1 | head last pid: 1251; load averages: 0.20, 0.21, 0.16 up 0+00:46:45 00:58:10 27 processes: 1 running, 26 sleeping CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.9% idle Mem: 17M Active, 3156K Inact, 241M Wired, 48M Buf, 15G Free Swap: 764M Total, 764M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 880 ntpd 1 20 0 21M 5064K select 0 0:00 0.00% ntpd 974 dpchrist 1 20 0 21M 9800K select 3 0:00 0.00% sshd 979 root 1 20 0 14M 3988K pause 1 0:00 0.00% csh I would now like to remove the Samsung SSD and install FreeBSD onto a mirror of 3 @ Intel SSD 520 Series 180 GB 2.5" SATA with passphrase-encrypted root and random encrypted swap. Looking at the FreeBSD Handbook [5], section 2.6.5. Shell Mode Partitioning and Lucas FreeBSD Mastery: Storage Essentials [6] pages 185-190, I see how to use bsdinstall(8), partition via the shell to implement the mirror, but I am unclear about encryption. Looking at the FreeBSD Hanbook [5], section 21.3. RAID1 - Mirroring, I see procedures for migrating from a single disk to a mirror: 21.3.2. Creating a Mirror with Two New Disks 21.3.3. Creating a Mirror with an Existing Drive The bsdinstall(8) manual page [7] has a section SCRIPTING, and Lucas [6] page 191 mentions this, but RTFM and STFW I am unable to determine: 1. How do I write a bsdinstall(8) script to accomplish my goal? 2. How do I invoke bsdinstall(8) to run that script? As I plan to repeat this exercise on several FreeBSD 12.4R computers, I would prefer a repeatable solution with minimal opportunities for finger fumbles. The bsdinstall(8) scripting approach looks best. Alternatively, I could boot the Samsung SSD instance and attempt to write a shell script to do a manual install per Lucas [6] pages 185-191 -- assuming I can figure out encryption and all the other tasks provided by bsdinstall(8). How do experienced sysadmins install FreeBSD onto mirrors with encrypted swap and root? TIA, David [1] https://www.intel.com/content/www/us/en/products/sku/71384/intel-server-board-s1200v3rpl/ordering.html?wapkw=s1200v3rpl [2] https://www.intel.com/content/www/us/en/products/sku/75461/intel-xeon-processor-e31225-v3-8m-cache-3-20-ghz/ordering.html?wapkw=intel%20xeon%20e3-1225%20v3 [3] https://www.kingston.com/en/memory/search/discontinuedmodels?partid=KVR16LE11S8%2F4HB [4] https://www.kingston.com/en/memory/search/discontinuedmodels?partid=KVR16LE11S8%2F4HD [5] https://docs.freebsd.org/en/books/handbook/ [6] https://mwl.io/nonfiction/os#fmse [7] https://man.freebsd.org/cgi/man.cgi?query=bsdinstall&apropos=0&sektion=0&manpath=FreeBSD+13.2-RELEASE&arch=default&format=html