Tuesday, June 30, 2015

BSDCan 2015 Trip Report: Zbigniew Bodek

Thanks to the FreeBSD Foundation and Semihalf I was able to attend FreeBSD DevSummit and BSDCan this year (2015).

After a relatively long flight I finally arrived to Ottawa airport. On the spot I started noticing familiar faces and BSD logos here and there (we had plenty of time to stare while waiting in a huge line to immigration). BTW. Don’t ever forget your FreeBSD T-shirt and/or cap when attending BSD conference. They make you glow in the dark for other BSD-geeks so if you don’t have any - buy one.

The Developer Summit started on Wednesday morning with an interesting presentation by Nathan Dautenhahn about the nested kernel - just right to set up the “technical conference” mood. My main goal that day was to attend to a working group related to clocks and power domains in FreeBSD and meet up with guys working on ARMv8 project. And so after months of remote cooperation I was able to talk face to face to Andrew Wafaa (from ARM Ltd.), Ed Maste (from The FreeBSD Foundation) and Andrew Turner (from ABT Systems). Most of us went to ‘Clock and Power Domains’ session where we met with (i.a.) Justin Hibbits and John Baldwin - engineers who really knew what they were talking about. During the discussion I got acquainted with the general demands of the contemporary industry for the energy efficient systems, the ideas that ARM Ltd. recently developed for ARM architecture to prevail in these areas and what could we do to make FreeBSD keep up with the upcoming standards. The brainstorm was quite fruitful and some initial plan and goals for future work were established.

During the dinner on the same day I had a chance to have some less official conversations related to Semihalf’s part of the ARM64 support and an opportunity to perform few test runs of the FreeBSD on Cavium’s Thunder-X that I was supposed to present the following day.

The ARMv8 working group was scheduled for the second day of the DevSummit. That day I met with Larry Wikelius from Cavium from whom I got some feedback of Semihalf’s work so far. He also brought two Thunder-X based boards (or should I say beasts) that served as main attraction and photo/selfie spots. The session was lead by Andrew Wafaa and was one of the most populated working groups this year. We discussed the whole spectrum of topics starting with the current ARMv8 port state through problems that we may encounter when scaling to multiple cores, we talked about packages building, QEMU and future work around the power management, virtualization and etc. Semihalf’s presentation of the FreeBSD on Thunder-X was scheduled for the second part of the working group. The Thunder-X server board was located in Semihalf’s lab in Krakow and I was able to connect to it remotely. Thanks to my colleagues in Poland the board was up and running and all the necessary loader and kernel binaries were in place. It is truly a rare view of so many cores, that they barely fit in top(1) window :).

The main conference was held on Friday and Saturday. The opening lecture was given by famous Steve Bourne, the author of sh (the number of attendees was way above the capacity of the auditorium). Of course there were also some presentations on embedded and hacking tracks that drew my attention. Undoubtedly FreeBSD on ARMv8 (presented by Andrew Turner) was high on my list. The interest in the topic was quite high and after Andrew’s lecture we had some more discussions at which I met (i.a.) Julien Grall from Citrix who works on Xen for ARM and is interested in FreeBSD Xen support for ARMv8.

The DevSummit and conference gave me the opportunity to share Semihalf’s work on ARMv8 with the BSD community, exchange experience and gather other people’s feedback.

Zbigniew Bodek
Software Engineer in Semihalf

BSDCan 2015 Trip Report: Vsevolod Stakhov

During the BSDCan 2015 conference, I have attended the FreeBSD developers summit. I was particularly interested in the track called "Designing Universal Configuration Files for FreeBSD". As I'm the author of the library that was discussed,  I did a talk about library internals and discussed some open questions with Jonathan Anderson, David Chisnall and Allan Jude. We have planned some proposal changes, the interaction with libnv and casper and the following integration of UCL into FreeBSD base system. We have also discussed the desired features and Jonathan suggested a reasonable approach to implement missing ones.

Moreover, during the conference I have finished the feature of flexible dependencies in `pkg'. We have discussed this feature among all pkg developers that were also on BSDCan (namely, bapt@, matthew@ and bdrewery@). I've proposed my view of the future packages dependencies that would resolve the vast majority of the current issues with dependencies and upgrades. I'm going to write a detailed report about this feature to the pkg@ mailing list (I was just too busy with other tasks after the conference).

Another question we've discussed was the problem of digital signatures for packages and distributions. We have concluded that moving from RSA to ed25519 algorithm would simplify pkg architecture by avoiding linking to openssl (which is quite complicated for all openssl versions supported).

Further, after Ted Uagnst presentation I have a conversation with him and John-Mark Gourney (jmg@) about digital signatures formats, compatibility with OpenBSD signify tool and packages signing questions including the ways of how to verify signatures of untrusted sources with potentially malleable signing algorithms.

Afterwards, I've talked with Colin Percival (cpersiva@) asking for his comments about streamlined signatures scheme proposed by D.J. Bernstein. He agreed that this scheme might work securely providing a more convenient users' tool for digital signatures verification and creation.

Among other topics, I have discussed cryptography and security with John-Mark Gourney. We have also talked about '/dev/random' and fortuna upcoming patch. We discussed numerous topics about FreeBSD packages and pkg tool in particular with Baptiste Daroussin, Bryan Drewery and Matthew Seaman.

I have also extracted a lot of valuable information from BSDCan topics, namely from 'CloudABI' given by Ed Schouten and 'Protecting FreeBSD with Secure Virtual Architecture' given by John Criswell.

I'd like to thank the FreeBSD Foundation for giving me the possibility to attend the BSDCan 2015!

Wednesday, June 24, 2015

BSDCan 2015 Trip Report: Ahmed Kamal

I come from Cairo, Egypt, and this was my very first BSD conference! Needless to say, it was a blast! It was said many times during the conference, and I believe it to be true, so here it is again. “I’m here because so many people smarter than me are here!”. My flight landed on the 11th, time since I left home was roughly 18 hours, it was a couple of long flights. I seriously should have been tired but the excitement was keeping me awake. I took a walk around the city for a couple of hours to freshen up. Li-Wen Hsu joined me for the walk. We had an interesting discussion about jenkins, documentation, ways to contribute to BSD. We also had an interesting discussion about CJK languages, and their special needs. Most of that was new to me, although arabic script is complex too, and can get quite wild!! Afterwards I went back to the campus, I joined a documentation session. It was a kickoff to how the freebsd handbook and similar documentation were written. I learnt some useful tricks which I know I will probably put to use soon contributing some documentation. At roughly 21:00 my eyes turned red, and body was calling on me to go to sleep. I decided to sleep early and be fresh on day-1 of the conference!

Day one began with excitement .. The plenary was just inspiring! I was made aware of multiple new projects where BSD is helping the world. The idea of building “OS Coursework” for university level studies was quite interesting to me. The opening keynote also included legendary Steven Bourne (of /bin/sh fame!) explaining how it all started. He even showed annotated unix source code printed on paper. His quotes included “Took 2 years to get shell quoting straight, and I'm not sure it's straight now” and about “shell shock” he mentioned he didn’t write that code :) The next session for me was “Embedded FreeBSD Development and Package Building via QEMU”. This is an interesting topic about cross compiling packages for embedded devices using the power of Qemu. Qemu began as a JIT translation engine, later the PC hardware was added and now it can be used to build packages for say ARM platforms. The speaker mentioned the flow should hopefully soon work on Apple hardware.

The next big talk to me, was “A reimplementation of NetBSD using a MicroKernel” by Andrew Tanenbaum. It was quite exciting to watch prof Andrew describe his work on micro-kernels and how he’s rebuilding netbsd-3 through the microkernel approach. The basic idea is to separate IO devices, so that for example a random driver (like an audio driver), is no longer running with unlimited powers on your machine. Such a driver can no longer write to disk as it should(n’t). Also the idea is to Isolate communication, restrict kernel calls on a per kernel component basis. This protection can be enforced by the MMU. Various user-mode servers provide the needed services to applications. This includes VFS, Process manager, Memory manager, .. etc. The Reincarnation server is the parent of all drivers and servers. When a driver or server dies, RS collects it. Checks the kernel config table and restarts it. For improving IPC reliability in the new kernel, fixed length messages are used everywhere to avoid potential buffer overflows. In contrast to modern OSs, “drivers” are basically untrusted code! heavily isolated. Cannot touch kernel data structures. Andy mentioned how Infinite loops are detected, and how the driver is appropriately restarted if hung. Andy later described a fault injection experiment where his team injected 800,000 faults on binary drivers, the sequence was 100 faults injected, wait 1s and the drivers crashed 18,000 times, but never crashed the OS. Kernel reliability “proven” to me! In order to port Minix3 to ARM platform, various things needed to be done like (added uBoot support, rewrote context switching, removed x86 segmentation code, imported netbsd arm headers, ported build.sh for cross toolchain, wrote drivers for sdcard!). Things to do include adding crucial missing system calls, port more pkgs (java, browsers...), get it running on raspi, port rump! Minix-3 is a microkernel reimplementation of netbsd, which was primarily motivated by providing that microkernels can be practical OSs that have lots of applications on top. It has proven that drivers belong in user-mode. Future features Andy’s team is working on include live kernel patching which he described how it should work. Upgrade os and change data structures in a live way, without restarting the running processes! This was one hell of a talk, it was very dense and packed with information

The next talk was “Measure Twice, Code Once. Network Performance Analysis for FreeBSD” by George Neville-Neil. George discussed performance of the network under FreeBSD. This is critical for supporting modern 10G ethernet networks. He introduced the conductor python framework he wrote to perform the testing. He joked about how others always say “Yeah, we have something similar that we’re not yet ready to release”. George showed performance graphs from various systems such as pfsense, freebsd, openbsd pf and Linux’s iptables. Various interesting and yet unanswered questions were revealed such as “Why is pfsense much faster” than FreeBSD on which it is based! What kind of patches went into pfsense to get that effect. Also it was found that iptables offers much better scalability for multi-core performance. Obviously iptables has been tuned for SMP performance, but this necessitates the question of why it is much more scalable. And how the BSDs can improve their packet filters. George mentioned that this is only the beginning. Those questions need a lot of work to be answered.

My next session was “Molecular Evolution, Genomic Analysis and FreeBSD” by Joseph Mingrone. The session was in the sysadmin track, something I can easily relate to. Joseph runs a freebsd based cluster for molecular evolution analysis at his university. Joseph began by giving an introduction to genomics, something way outside my comfort zone. It’s always fun to me whenever I discover new worlds like that :) He moved on to explain the IT infrastructure powering his clusters and how they moved from Solaris to FreeBSD 7.x and now at FreeBSD 10.1. He explained how he had a hard time just installing FreeBSD where sometimes the machines would just “eat” the CDs (yes they’re still in there many years later :) He currently uses Poudriere, enjoys ZFS on the storage server and NFS mounts that on the compute nodes.

The next session was “FreeBSD on ARMv8” by Andrew Turner. It was great see’ing the kind of effort that goes into supporting ARMv8. Everything we sort of take for granted like pagetables, MMU, enabling virtual addressing, calling into C code ...etc was being made to work step by step. Later-on pmap support was added, then it was possible to use a 4MB in kernel filesystem. Afterwards on it was possible to expand this storage area. Now it was time to play with the dynamic linker. After that, it was time to add ThunderX support (bus dma, ITS, …) Future work includes (ACPI, hw-pmc, dtrace, gem5). This was an advanced but certainly fun and educational session.


Day-2 now begins with a very interesting session “CloudABI: Cloud computing meets fine-grained capabilities” by Ed Schouten. The overall goal is to improve Unix security and portability. For example, a web server should only read files and write to network, but in reality it can do a lot more! (run a bitcoin miner, install cronjobs that call binaries in /tmp..etc) .. Problem #2, running a 3rd party application, whether running them directly or thru jails/docker is not really safe, a VM might be acceptable though! Problem 3 is that UNIX programs are hard to reuse and test as a whole. The idea is to extract sockets and file systems from being embedded inside the program to being passed as an argument. This allows better flexibility and testability! Then he discussed capsicum, how an app can call the kernel and tell it to “lock me up”! I no longer need to access new resources. Capsicum is awesome, works well .. however it doesn’t scale! There is no guidance when something doesn’t work. With CloudABI a cloud provider can simply promise to run customers’ applications, pass those applications specific file descriptors and leave the app to do what it wants without touching any other part of the app! Cloudlibc is a C library built on top of the low level API Goal is 90% POSIX compliant! You get compiler errors when using unsupported functions.

After that is a session I was waiting for, “New OpenZFS features supporting remote replication” by Matt Ahrens. I have a soft spot for ZFS :) Matt started by giving an introduction to zfs send and receive and why it rocks! Only parts of the ZFS trees modified “after” the time we are sending from, need to be read! The more interesting part Matt discussed is what are the unique features to OpenZFS. This includes send stream size estimation and monitor its progress! Big receive improvements like receiving file with holes in them. Another cool thing added is bookmarks. This allows free’ing data on the sending side by deleting the relevant snapshot, and really only keep a bookmark to it. Now the really cool part is the new stuff. Resumable send and receive, hell yes! Another cool new feature, is a new checksum has been added per every record. As opposed to the old state of sending one checksum at the end of the stream. If a bad checksum is hit, ZFS receive aborts, and naturally you can resume it later! One last new feature, is receive performance improvements. In a benchmark, Matt said it improved performance by 6x which is great!

The next was “Multipath TCP for FreeBSD” by Nigel Williams. This one got me really excited! Part of that is that I knew very little previously about mptcp before. This got me too excited that I kept googling for more mptcp info all day and after the conference. Nigel explained mptcp design, and how it was done the way it is to work with the how the Internet is, as it is today. That is to work with  current middleboxes and NAT functions. MPTCP handshake piggybacks on top of the 3 way regular handshake. The two sides negotiate mptcp then the server informs client of other addresses it is reachable over and new sub connections are started. To me this is sort of the holy grail of WAN networking. A single TCP connection spanning multiple links for performance and redundancy, wow! I guess we’ll all just need to wait some more till the kernel implementations are more mature.


Next was “Packaging FreeBSD base system” by Baptiste Daroussin. He discussed packaging the base through pkgng and the challenges faced. I’m not really much of a packaging person, so it was good to hear many details that need to be take into account. Next up was “An Introduction to the Implementation of ZFS” by Kirk McKusick. If someone could make you appreciate the complexity of ZFS and operating system concepts it’s McKusick! He contrasted various filesystem features as they existed in UFS, and how ZFS is different. There was sort of a fire incident in the middle of the talk, we had to go to the street and then be back to continue. However overall it was an enjoyable session. The closing talk by “Dan Langille” was so much fun. The stats, the growth in the community, and even the goodbye auction were all something I won’t forget. Thanks to everyone who helped make BSDCan 2015 as fun, informative and enjoyable as it was to me.

Ahmed Kamal

BSDCan 2015 Trip Report: Steven Douglas

With the Foundation's help, I was able to meet and network with new people. Where I live, there are only a handful of people that even know what BSD is, let alone can talk at a high level about it. That was one of my favorite things, being around like minded people. I made many new contacts, most notably Peter Toth. Peter is working on iocage, which is a modern jail management utility with some very impressive features. In speaking with Peter, I met Sean Chittenden from Groupon. Sean is looking to perhaps implement iocage in conjunction with a new orchestration software that he is testing. Other than the social aspect, I also got some much needed help with my GSOC project.

At the conference, there were opportunities to learn every hour of every day. An expert in a field is never more than arm's reach away. It is very helpful to have questions that can be answered by the people who wrote the code. All of the talks I went to were absolutely fantastic, and I can't wait to watch the ones I missed when they are posted. My favorite talks were Steven Bourne's talk about his past, Matt Ahren's talk about code flow between our community and OpenZFS, and Multipath TCP by Nigel Williams. The speaker's all did fantastic jobs, and I hope that I am able to speak in the future.

This was my first BSDCan, and first BSD conference. I enjoyed every minute of it, and it happened so quickly. I hope to be back to BSDCan next year, and hope to make it VBSDCon and EuroBSDCon. Thank you to the Foundation for the financial assistance to help get me there!

Steven Douglas

Thursday, May 28, 2015

Another Data Center Site Visit - NYI

No Systems Administrators Were Harmed While Writing This Blog Entry

Mmm...  Freshly-unboxed servers.  There really is nothing better to wake up to in the morning.

Well, okay, coffee.  But new servers - definitely second.

In late April, the FreeBSD Foundation generously purchased more machines to keep the FreeBSD.org infrastructure operating smoothly.  While the new servers are not yet in production (a task the Cluster Administrators will undertake while at BSDCan in June), we have planned far in advance what we intend to do with the new hardware.

In mid-May, I spent several days at our East-Coast US colocation facility, racking, cabling, installing, and configuring the new servers.

As They Say in Real-Estate: Colocation, Colocation, Colocation

The new hardware is located at New York Internet in Bridgewater, New Jersey, who generously provides colocation services to the FreeBSD Project.  They have an amazing staff, and whether we are on-site or working with them through their ticket system, are always friendly, knowledgeable, and of course, helpful.

New Hardware Specs

In total, 14 new SuperMicro-based machines were purchased from iXsystems, for this site. They are all 1U servers, each with four 1TB drives, redundant power supplies, and gigabit ethernet.

Ten of the machines are single-socket Intel(R) Xeon(R) E3-1230 v3 CPUs, running at 3.30GHz (4-core with hyper-threading, providing 8 logical CPU threads), with 32 GB RAM.

Four of the machines are dual-socket Intel(R) Xeon(R) E5-2630 v3 CPUs, running at 2.40GHz (8-core with hyper-threading, providing 16 logical CPU threads per socket, 32 threads total), with 64 GB RAM.

For the Inner Geek in All of Us

No blog post about new hardware would be complete without pictures, right?

This is the front view of the ten single-socket machines:


And this is the back view of the same machines:


(Yes, I really do label each end of the network and serial console cables.)

Then, this is the front view of the four dual-socket machines (sorry for the blurry picture, though):


And the back view of the dual-socket machines:


Last but not Least...

On behalf of the FreeBSD Foundation and the FreeBSD Cluster Administration Team, I would like to thank New York Internet for generously providing the colocation space for our east-coast site, the NYI network operations team for all of their assistance during my visit, and especially all of the community investors that have generously donated to the FreeBSD Foundation.  All of your support is greatly appreciated.

Thank you for helping make FreeBSD better!

Monday, April 27, 2015

From the Trenches, Tips & Tricks Edition: Hacking "/ on ZFS" and GELI Encrypted Drives, the Old-School Way

Glen Barber is back to kick off our latest From The Trenches series: The Tips and Tricks Edition. 

All my personal machines run FreeBSD.

In fact, all my personal machines run FreeBSD-CURRENT. I do this primarily to keep track of changes that get committed to the head branch, so I can personally test changes (for the things I use, at least) before they get merged to the stable branches.

As one of the Release Engineers, I find it essential that, whenever possible, I find issues so they can be corrected before they are part of a release.

My primary work machine is a laptop, currently a Lenovo Thinkpad T540p. I picked this laptop, and all the other laptops before it, because it met my minimum requirements for a primary workstation: it is capable of supporting a large amount of RAM (16GB for my Thinkpad, 8GB for all previous laptops), an Intel Core i7 CPU, and I could replace the DVD drive with a second hard drive.

In addition to these hardware requirements, I also have a few personal requirements of any workstation - the drives must be encrypted, and the underlying filesystem must be ZFS.

For me, it is not so much about the data I have *on* the laptop that I need to protect, but the kinds of things within the FreeBSD Project I am permitted access. Without encrypted drives, a lost or stolen laptop would absolutely be my worst possible nightmare, because I only have my login passphrase protecting my data (GPG key, SSH keys, and so on).

Recent FreeBSD releases allow "/ on ZFS" installation with the option to enable GELI-based encryption. This predates my original installation, however, since each laptop I have purchased for the past several years used the hard drives from the previous laptop. According to zpool history, the installation was at least two and a half years ago, but I know it is much longer than that, because of zfs recv being one of the first things zpool history reports.

So, I needed to do things the old-fashioned way, and manually create the GELI-backed providers and perform the "/ on ZFS" installation myself.

While bsdinstall(8) may now cover the majority of use cases for such installations, there may be cases where someone specifically needs to do something a certain way that the installer does not provide.

Because I only had one hard drive in the system when the system was initially installed (a long time ago), I will only refer to one hard drive when describing the steps I used to perform the installation, for now.

I installed the system using the 9.0-RELEASE or 9.1-RELEASE memory stick installer (memstick.img), I cannot remember which, but that detail is not as important, since I did not use the installer anyway.

When I booted from the memory stick, the two drives recognized on the system were the internal hard drive, /dev/ada0, and the external USB flash drive for the installation, /dev/da0. The first menu screen has three options available: "Install", "Shell", "Live CD".

I selected "Live CD", and logged in as root (no password is necessary for the "Live CD" functionality). The hard drive did not have an operating system. Because I purchased the hard drive, in addition to the laptop, with the intention of replacing the laptop's drive, I did not need to remove any partitions from an existing installation. If I did need to remove partitions, I would have done so with:

# gpart destroy -F ada0
Here is where some technical details become important:
  • While you can install "/ on ZFS" on a drive partitioned with MBR (Master Boot Record), using GPT is far easier. In fact, I have forgotten much about how MBR partitioning is actually done.
  • When doing full disk encryption, you must keep /boot contents separate, otherwise loader(8) and the kernel will not be available when the BIOS hands over control to the operating system. As such, /boot should be given its own partition on the disk left unencrypted, and the rest of the system on its own encrypted partition.
I created four partitions on the drive. The first partition is for the boot blocks (not to be confused with the /boot contents), the second partition is for /boot, the third is for the encrypted system, and the fourth is for swap.
# gpart create -s gpt ada0
# gpart add -t freebsd-boot -s 512k -i 1 -l gptboot ada0
# gpart add -t freebsd-zfs -s 10G -i 2 -l bootfs ada0
# gpart add -t freebsd-swap -s 10G -i 3 -l swapfs ada0
# gpart add -t freebsd-zfs -s 180G -i 4 -l rootfs ada0
I decided to put the swap partition between the /boot partition and the rest of the system, in case I needed to increase or decrease the size of the /boot partition, it would be far easier (and safer) to do.

Then, I loaded the necessary kernel modules for ZFS and GELI:
# kldload /boot/kernel/opensolaris.ko
# kldload /boot/kernel/zfs.ko
# kldload /boot/kernel/geom_eli.ko
Now that GELI functionality is available, I created the backend provider for the ZFS dataset:
# geli init -b -a HMAC/SHA256 -e AES-CBC -l 256 \
    -s 4096 /dev/ada0p4
Then I attached the GELI provider, and wrote data from /dev/random to the new device /dev/ada0p4.eli:
# geli attach ada0p4
# dd if=/dev/random of=/dev/ada0p4.eli bs=4096

This took a while on the system this hard drive was originally installed, so I probably got coffee at this point. :-)

When the dd(1) command finished, I continued the installation.

I created temporary directories to use to import the pools after they were created:
# mkdir /tmp/zroot
# mkdir /tmp/zboot
Keep in mind, I am installing from a memory stick image, which by default, is read-only. The /tmp directory is writable, however, because it is a md(4)-backed memory disk filesystem.
# zpool create -O checksum=fletcher4 -O atime=off \
    -m /tmp/zboot zboot /dev/ada0p2
# zpool create -O checksum=fletcher4 -O atime=off \
    -m /tmp/zroot zroot /dev/ada0p4.eli
Then I made a few ZFS datasets for various paths:
# for i in var var/log var/tmp var/db usr usr/home \
    usr/compat usr/ports \
    usr/local tmp; do \
    zfs create zroot/${i} \
    done
I also made a separate ZFS dataset for the "bootfs" contents, and set the mountpoint to the /boot directory in the temporary working directory:
# zfs create zboot/boot
# zfs set mountpoint=/tmp/zroot/boot zboot/boot
On the memory stick installation media, the distribution sets are located in /usr/freebsd-dist. I extracted their contents into the newly-created filesystem:
# cd /tmp/zroot
# for i in base kernel lib32; do \
    tar -xf /usr/freebsd-dist/${i}.txz -C . \
    done
Then I wrote the bootcode to the first partition of the drive:
# gpart bootcode -b /tmp/zroot/boot/pmbr \
    -p /tmp/zroot/boot/gptzfsboot -i 1 ada0
Because the "bootfs" (/boot) and "rootfs" (everything else) are both ZFS, I needed to use the gptzfsboot bootcode for the "freebsd-boot" partition.

Now the system is installed, but I needed to make a few modifications before I was ready to reboot. In particular, set a root password, edit /etc/fstab to enable swap, edit /etc/rc.conf to enable the zfs rc(8) startup script, and edit /boot/loader.conf to load the geom_eli.ko, opensolaris.ko, and zfs.ko kernel modules at boot.
# chroot /tmp/zroot
# passwd root
[enter password]
# echo '/dev/gpt/swapfs none swap sw 0 0' \
    >> /etc/fstab
# echo 'zfs_enable="YES"' >> /etc/rc.conf
# echo 'geom_eli_load="YES"' >> /boot/loader.conf
# echo 'zfs_load="YES"' >> /boot/loader.conf
# exit
Before rebooting, I needed to make a few adjustments to where /boot from the zboot/boot dataset would be mounted at boot.
# zfs umount zboot/boot
# zfs set mountpoint=/realboot zboot/boot
This now makes the /boot directory mount as /realboot, so I then needed to point /boot in the zroot dataset to the correct place. This was easily solved with a symbolic link:
# cd /tmp/zroot
# ln -s boot /realboot
Now when the system boots, the filesystem will look something like this:
/bin
/sbin
/boot -> /realboot
/realboot
[...]
Finally, I needed to unmount the zroot dataset, and fix its mountpoints. I only needed to change the zroot mountpoint itself, since all children datasets adjusted their paths automatically.
# zfs umount -a
# zfs set mountpoint=/ zroot
At this point, the installation was complete. I rebooted the laptop, entered the GELI passphrase for /dev/ada0p4.eli when prompted, and was greeted by the "login: " prompt we have all grown to love.

Friday, March 13, 2015

15th Anniversary and Spring Fundraising Kickoff

I'm so excited to announce our spring fundraising campaign. I know it's not officially spring yet, but it sure feels like it here at Foundation headquarters in Boulder, Colorado. We're kicking off our fundraising campaign in conjunction with some other exciting events. There's so much to celebrate. First, we are proud to be a Platinum sponsor of AsiaBSDCon. This is the tenth AsiaBSDCon, with over 140 attendees planned, and 31 talks, providing a venue for all things BSD in Asia. People from around the world attend this conference to learn about the BSD operating systems, share their knowledge and experience, and work together to develop, hack, fix, improve, and document the various BSD operating systems.

The most exciting news we have is that we are celebrating our 15th anniversary supporting the FreeBSD Project and community worldwide! We have grown from our president and founder, Justin Gibbs, creating a non-profit to support FreeBSD, to an eight member board with 7 staff members. In case you missed it earlier, check out Justin's interview about the history of the Foundation on BSDNow

As the first employee, 9 years ago, I've witnessed incredible growth in our ability to support the Project and community. The year we were founded we raised a whopping $7,000. My first year with the Foundation, in 2006, we raised a little over $100,000. And, last year we raised $2,436,194, spending $877,412 on the project.

When we first started out, we focused on funding project development, conference sponsorships, and travel grants. Fifteen years later, we have increased support in those areas and have now grown to providing legal support for the Project; purchasing and helping manage hardware for FreeBSD infrastructure; providing release engineering support for consistent and timely releases; creating marketing literature and presentations that not only inform people of what FreeBSD is, but also provides detailed information on what's in new releases; attending more conferences to promote FreeBSD; and publishing a professional online FreeBSD magazine, The FreeBSD Journal.

To celebrate our anniversary, we are kicking off a fundraising campaign to help broaden the reach of our mission, by adding 500 new community investors in the next four weeks. What's a new community investor? An individual or organization that makes their first 2015 donation during this spring campaign. 

Why donate to the Foundation? Your donations will help us continue and increase our support in the following areas:
  • Funding improvement and development projects, including: Native ISCSI kernel Stack, Updated video console (Newcons), UEFI system boot support, Capsicum component framework, IPv6 support in FreeBSD, Auditdistd improvements for FreeBSD cluster, and adding modern AES modes to OpenCrypto (to support IP/SEC).
  • Helping to provide consistent and on-time releases.
  • Educating the public and promoting FreeBSD with tools like our high-quality FreeBSD 10X Brochure and company visits to help
  • facilitate collaboration efforts with the Project.
  • Sponsoring BSD conferences and summits in Europe, Japan, Canada, and the US.
  • Protecting FreeBSD IP and providing legal support to the Project.
  • Purchasing hardware to build and improve FreeBSD project infrastructure.
For the last 15 years, you as a community have allowed us to make an major impact on the FreeBSD Project and Community. Please help us continue and increase our support by making a donation today.


Deb Goodkin, Executive Director