rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic

rc.d: add a service jails config to all base system services

This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371

show more ...

Remove $FreeBSD$: one-line sh pattern

Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/

zfskeys: Support autoloading of keys stored on ZFS

The zfskeys service script starts before the zfs service script, so that
dataset decryption keys are available when `zfs mount -a` is run. One of
t

zfskeys: Support autoloading of keys stored on ZFS

The zfskeys service script starts before the zfs service script, so that
dataset decryption keys are available when `zfs mount -a` is run. One of
the potential edge cases of this design is that if a key is stored on
ZFS it won't be loaded until `zfs mount -a` is issued.

In order to address that let's try to load the additional keys and mount
related ZFS datasets after the zfs script finishes its standard mounting
procedure.

PR: 262468
Reported by: Graham Perrin <grahamperrin@gmail.com>
Reviewed by: allanjude
Approved by: allanjude (src)
Fixes: 33ff39796ffe Add zfskeys rc.d script for auto-loading encryption keys
MFC after: 3 days
Sponsored by: Modirum
Sponsored by: Klara Inc.
Differential Revision: https://reviews.freebsd.org/D34601

show more ...

Revert r367291 (KEYWORD: shutdown for rc.d/zfs)

The problem is that zfs is asked to stop too early in the shutdown
sequence. Other services, such as syslog may still be running and have some
files o

Revert r367291 (KEYWORD: shutdown for rc.d/zfs)

The problem is that zfs is asked to stop too early in the shutdown
sequence. Other services, such as syslog may still be running and have some
files open (e.g., under /var/log). This of course causes the messages like:

cannot unmount '/var/run': umount failed
cannot unmount '/var/log': umount failed
cannot unmount '/var': umount failed
cannot unmount '/usr/home': umount failed
cannot unmount '/usr': umount failed
cannot unmount '/': umount failed

For now, let's remove the shutdown KEYWORD from the zfs service, as people are
reporting problems in their setups:
https://lists.freebsd.org/pipermail/freebsd-current/2020-November/077559.html

In the future, we may think of stopping zfs on shutdown after all the other
services and just before init(8) exits. Another interesting option might be to
a new rcorder(8) KEYWORD like "shutdownjail", but this idea would need to be
discussed a bit.

Reported by: Johan Hendriks <joh.hendriks gmail.com>
Reported by: Yasuhiro KIMURA <yasu utahime.org>
Reported by: Tomoaki AOKI <junchoon dec.sakura.ne.jp>
Approved by: kevans (src)
MFC: 3 days
Differential Revision: https://reviews.freebsd.org/D27263

show more ...

rc.d/zfs: Add shutdown to KEYWORDS

The problem is that Without walling /etc/rc.d/zfs on shutdown, resources
associated with ZFS mounts are not freed and the jails will remain in dying
state. In addi

rc.d/zfs: Add shutdown to KEYWORDS

The problem is that Without walling /etc/rc.d/zfs on shutdown, resources
associated with ZFS mounts are not freed and the jails will remain in dying
state. In addition, the dataset is now in a dangling state, as the jail it
is attached to is dying.

A known workaround for jails was to add the following lines
to /etc/jail.conf, to make sure that "service zfs stop" is run
when the jail is stopped:

exec.stop = "/bin/sh /etc/rc.shutdown";
exec.stop += "/usr/sbin/service zfs stop || /usr/bin/true";

While the workaround seems to be okay-ish for the jail situation, it is
still unclean. However, for physical hosts this may wreak havoc with the
pool if shared spares are used, as "zfs unshare" is never invoked on
shutdown.

PR: 147444
Submitted by: Markus Stoff <markus__stoffdv_at>
Reported by: Mykah <mburkhardt__exavault_com>
Reviewed by: cy
Approved by: cy (src)
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27039

show more ...

As of r364746 (OpenZFS import) existing ZPOOLs are not imported
prior to zvol and mountcritlocal resulting in ZVOLs (swap and
virtual machine UFS filesystems) being unavailable, leading to
boot failu

As of r364746 (OpenZFS import) existing ZPOOLs are not imported
prior to zvol and mountcritlocal resulting in ZVOLs (swap and
virtual machine UFS filesystems) being unavailable, leading to
boot failures.

We move the zpool import from zfs to a new zpool script, with the
-N option to avoid mounting datasets while making the ZPOOL's
datasets available for "legacy" mount (mountpoint=legacy) and ZVOLs
available for subsequent use for swap (in the zvol rc sript) or
for UFS or other filesystems in fstab(5), mounted by mountcritlocal.

Reviewed by: freqlabs (previous version)
Differential Revision: https://reviews.freebsd.org/D26185

show more ...

Merge OpenZFS support in to HEAD.

The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.

I would a

Merge OpenZFS support in to HEAD.

The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.

I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.

Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.

Improvements include:
project quotas, encrypted datasets,
allocation classes, vectorized raidz,
vectorized checksums, various command line
improvements, zstd compression.

Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.

Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D25872

show more ...

Merge ^/head r339015 through r339669.

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec

Move the rc framework out of sbin/init into libexec/rc.

The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.

Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)

show more ...