1.\" 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 2017 Kyle J. Kneitinger <kyle@kneit.in> 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" 16.\" @(#)be.1 17.\" 18.\" $FreeBSD$ 19.\" 20.Dd April 26, 2023 21.Dt BECTL 8 22.Os 23.Sh NAME 24.Nm bectl 25.Nd Utility to manage boot environments on ZFS 26.Sh SYNOPSIS 27.Nm 28.Op Fl r Ar beroot 29.Cm activate 30.Op Fl t | Fl T 31.Ar beName 32.Nm 33.Op Fl r Ar beroot 34.Cm check 35.Nm 36.Op Fl r Ar beroot 37.Cm create 38.Op Fl r 39.Op Fl e Brq Ar nonActiveBe | Ar beName Ns Cm @ Ns Ar snapshot 40.Ar newBeName 41.Nm 42.Op Fl r Ar beroot 43.Cm create 44.Op Fl r 45.Ar beName@snapshot 46.Nm 47.Op Fl r Ar beroot 48.Cm destroy 49.Op Fl \&Fo 50.Ar beName Ns Op Cm @ Ns Ar snapshot 51.Nm 52.Op Fl r Ar beroot 53.Cm export 54.Ar sourceBe 55.Nm 56.Op Fl r Ar beroot 57.Cm import 58.Ar targetBe 59.Nm 60.Op Fl r Ar beroot 61.Cm jail 62.Op Fl bU 63.Oo Bro Fl o Ar key Ns Cm = Ns Ar value | Fl u Ar key Brc Oc Ns ... 64.Ar beName 65.Op Ar utility Op Ar argument ... 66.Nm 67.Op Fl r Ar beroot 68.Cm list 69.Op Fl aDHs 70.Op Fl c Ar property 71.Op Fl C Ar property 72.Oo Bro Fl c Ar property | Fl C Ar property Brc Oc 73.Nm 74.Op Fl r Ar beroot 75.Cm mount 76.Ar beName 77.Op Ar mountpoint 78.Nm 79.Op Fl r Ar beroot 80.Cm rename 81.Ar origBeName 82.Ar newBeName 83.Nm 84.Op Fl r Ar beroot 85.Brq Cm ujail | unjail 86.Brq Ar jailId | jailName | beName 87.Nm 88.Op Fl r Ar beroot 89.Brq Cm umount | unmount 90.Op Fl f 91.Ar beName 92.Pp 93.Nm 94.Op Fl h\&? 95.Sh DESCRIPTION 96The 97.Nm 98command is used to setup and interact with ZFS boot environments, which are 99bootable clones of datasets. 100.Pp 101Boot environments 102allow the system to be upgraded, while preserving the old system environment in 103a separate ZFS dataset. 104.Pp 105.Nm 106itself accepts an 107.Fl r 108flag specified before the command to indicate the 109.Ar beroot 110that should be used as the boot environment root, or the dataset whose children 111are all boot environments. 112Normally this information is derived from the bootfs property of the pool that 113is mounted at 114.Pa / , 115but it is useful when the system has not been booted into a ZFS root or a 116different pool should be operated on. 117For instance, booting into the recovery media and manually importing a pool from 118one of the system's resident disks will require the 119.Fl r 120flag to work. 121.Pp 122The following commands are supported by 123.Nm : 124.Bl -tag -width activate 125.It Xo 126.Cm activate 127.Op Fl t | Fl T 128.Ar beName 129.Xc 130Activate the given 131.Ar beName 132as the default boot filesystem. 133If the 134.Fl t 135flag is given, this takes effect only for the next boot. 136Flag 137.Fl T 138removes temporary boot once configuration. 139Without temporary configuration, the next boot will use zfs dataset specified 140in boot pool 141.Ar bootfs 142property. 143.It Xo 144.Cm check 145.Xc 146Performs a silent sanity check on the current system. 147If boot environments are supported and used, 148.Nm 149will exit with a status code of 0. 150Any other status code is not currently defined and may, in the future, grow 151special meaning for different degrees of sanity check failures. 152.It Xo 153.Cm create 154.Op Fl r 155.Op Fl e Brq Ar nonActiveBe | Ar beName Ns Cm @ Ns Ar snapshot 156.Ar newBeName 157.Xc 158Create a new boot environment named 159.Ar newBeName . 160.Pp 161If the 162.Fl r 163flag is given, a recursive boot environment will be made. 164See 165.Sx Boot Environment Structures 166for a discussion on different layouts. 167.Pp 168If the 169.Fl e 170flag is specified, the new environment will be cloned from the given 171.Ar nonActiveBe 172or 173.Ar beName Ns Cm @ Ns Ar snapshot . 174Otherwise, the new environment will be created from the currently booted 175environment. 176.Pp 177If 178.Nm 179is creating from another boot environment, a snapshot of that boot environment 180will be created to clone from. 181.It Xo 182.Cm create 183.Op Fl r 184.Ar beName@snapshot 185.Xc 186Create a snapshot of the boot environment named 187.Ar beName . 188.Pp 189If the 190.Fl r 191flag is given, a recursive snapshot of the boot environment will be created. 192A snapshot is created for each descendant dataset of the boot environment. 193See 194.Sx Boot Environment Structures 195for a discussion on different layouts. 196.Pp 197No new boot environment is created with this command. 198.It Xo 199.Cm destroy 200.Op Fl \&Fo 201.Ar beName Ns Op Cm @ Ns Ar snapshot 202.Xc 203Destroy the given 204.Ar beName 205boot environment or 206.Ar beName Ns Cm @ Ns Ar snapshot 207snapshot without confirmation, unlike in 208.Xr beadm 1 . 209Specifying 210.Fl F 211will automatically unmount without confirmation. 212.Pp 213By default, 214.Nm 215will warn that it is not destroying the origin of 216.Ar beName . 217The 218.Fl o 219flag may be specified to destroy the origin as well. 220.It Cm export Ar sourceBe 221Export 222.Ar sourceBe 223to 224.Xr stdout 4 . 225.Xr stdout 4 226must be piped or redirected to a file. 227.It Cm import Ar targetBe 228Import 229.Ar targetBe 230from 231.Xr stdin 4 . 232.It Xo 233.Cm jail 234.Op Fl bU 235.Oo Bro Fl o Ar key Ns Cm = Ns Ar value | Fl u Ar key Brc Oc Ns ... 236.Ar beName 237.Op Ar utility Op Ar argument ... 238.Xc 239Create a jail of the given boot environment. 240Multiple 241.Fl o 242and 243.Fl u 244arguments may be specified. 245.Fl o 246will set a jail parameter, and 247.Fl u 248will unset a jail parameter. 249.Pp 250By default, jails are created in interactive mode and 251.Pa /bin/sh 252is 253executed within the jail. 254If 255.Ar utility 256is specified, it will be executed instead of 257.Pa /bin/sh . 258The jail will be destroyed and the boot environment unmounted when the command 259finishes executing, unless the 260.Fl U 261argument is specified. 262.Pp 263The 264.Fl b 265argument enables batch mode, thereby disabling interactive mode. 266The 267.Fl U 268argument will be ignored in batch mode. 269.Pp 270The 271.Va name , 272.Va host.hostname , 273and 274.Va path 275must be set, the default values are specified below. 276.Pp 277All 278.Ar key Ns Cm = Ns Ar value 279pairs are interpreted as jail parameters as described in 280.Xr jail 8 . 281The following default parameters are provided: 282.Bl -column "allow.mount.devfs" "" 283.It Va allow.mount Ta Cm true 284.It Va allow.mount.devfs Ta Cm true 285.It Va enforce_statfs Ta Cm 1 286.It Va name Ta Set to jail ID. 287.It Va host.hostname Ta Va bootenv 288.It Va path Ta Set to a path in Pa /tmp 289generated by 290.Xr libbe 3 . 291.El 292.Pp 293All default parameters may be overwritten. 294.It Xo 295.Cm list 296.Op Fl aDHs 297.Oo Bro Fl c Ar property | Fl C Ar property Brc Oc 298.Xc 299.Pp 300Display all boot environments. 301The 302.Em Active 303field indicates whether the boot environment is active now 304.Pq Em \&N ; 305active on reboot 306.Pq Em \&R ; 307is used on next boot once 308.Pq Em \&T ; 309or combination of 310.Pq Em \&NRT . 311.Bl -tag -width indent 312.It Fl a 313Display all datasets. 314.It Fl D 315Display the full space usage for each boot environment, assuming all 316other boot environments were destroyed. 317.It Fl H 318Used for scripting. 319Do not print headers and separate fields by a single tab instead of 320arbitrary white space. 321.It Fl s 322Display all snapshots as well. 323.It Fl c Ar property 324Sort boot environments by given property name. 325The following properties are supported: 326.Pp 327.Bl -tag -width 4n -offset indent -compact 328.It name (default output) 329.It creation 330.It origin 331.It used 332.It usedds 333.It usedsnap 334.It usedrefreserv 335.El 336.It Fl C Ar property 337Same as the 338.Fl c 339option, but displays in descending order. 340.El 341.Pp 342The 343.Fl D 344option is ignored when either the 345.Fl s 346or 347.Fl a 348option is used. 349.It Cm mount Ar beName Op Ar mountpoint 350Temporarily mount the boot environment. 351Mount at the specified 352.Ar mountpoint 353if provided. 354.It Cm rename Ar origBeName newBeName 355Rename the given 356.Ar origBeName 357to the given 358.Ar newBeName . 359The boot environment will not be unmounted in order for this rename to occur. 360.It Cm ujail Brq Ar jailId | jailName | beName 361.It Cm unjail Brq Ar jailId | jailName | beName 362Destroy the jail created from the given boot environment. 363.It Xo 364.Cm umount 365.Op Fl f 366.Ar beName 367.Xc 368.It Xo 369.Cm unmount 370.Op Fl f 371.Ar beName 372.Xc 373Unmount the given boot environment, if it is mounted. 374Specifying 375.Fl f 376will force the unmount if busy. 377.El 378.Pp 379.Nm 380prints usage information if 381.Fl h 382or 383.Fl \&? 384is specified. 385.Ss Boot Environment Structures 386The traditional 387.Fx 388boot environment layout, as created by the Auto ZFS option to 389.Xr bsdinstall 8 , 390is a 391.Dq shallow 392boot environment structure, where boot environment datasets do not have any 393directly subordinate datasets. 394Instead, they're organized off in 395.Pa zroot/ROOT , 396and they rely on datasets elsewhere in the pool having 397.Dv canmount 398set to 399.Dv off . 400For instance, a simplified pool may be laid out as such: 401.Bd -literal -offset indent 402% zfs list -o name,canmount,mountpoint 403NAME CANMOUNT MOUNTPOINT 404zroot 405zroot/ROOT noauto none 406zroot/ROOT/default noauto none 407zroot/usr off /usr 408zroot/usr/home on /usr/home 409zroot/var on /var 410.Ed 411.Pp 412In that example, 413.Pa zroot/usr 414has 415.Dv canmount 416set to 417.Dv off , 418thus files in 419.Pa /usr 420typically fall into the boot environment because this dataset is not mounted. 421.Pa zroot/usr/home 422is mounted, thus files in 423.Pa /usr/home 424are not in the boot environment. 425.Pp 426The other style of boot environments in use, frequently called 427.Dq deep boot environments , 428organizes some or all of the boot environment as subordinate to the boot 429environment dataset. 430For example: 431.Bd -literal -offset indent 432% zfs list -o name,canmount,mountpoint 433NAME CANMOUNT MOUNTPOINT 434zroot 435zroot/ROOT noauto none 436zroot/ROOT/default noauto none 437zroot/ROOT/default/usr noauto /usr 438zroot/ROOT/default/usr/local noauto /usr/local 439zroot/var on /var 440.Ed 441.Pp 442Note that the subordinate datasets now have 443.Dv canmount 444set to 445.Dv noauto . 446These are more obviously a part of the boot environment, as indicated by their 447positioning in the layout. 448These subordinate datasets will be mounted by the 449.Dv zfsbe 450.Xr rc 8 451script at boot time. 452In this example, 453.Pa /var 454is excluded from the boot environment. 455.Pp 456.Nm 457commands that have their own 458.Fl r 459operate on this second, 460.Dq deep 461style of boot environment, when the 462.Fl r 463flag is set. 464A future version of 465.Nm 466may default to handling both styles and deprecate the various 467.Fl r 468flags. 469\" .Sh EXAMPLES 470\" .Bl -bullet 471\" .It 472\" To fill in with jail upgrade example when behavior is firm. 473\" .El 474.Sh SEE ALSO 475.Xr libbe 3 , 476.Xr beinstall.sh 8 , 477.Xr jail 8 , 478.Xr zfs 8 , 479.Xr zpool 8 480.Sh HISTORY 481.Nm 482is based on 483.Xr beadm 1 484and was implemented as a project for the 2017 Summer of Code, along with 485.Xr libbe 3 . 486.Sh AUTHORS 487.Nm 488was written by 489.An Kyle Kneitinger (kneitinger) Aq Mt kyle@kneit.in . 490.Pp 491.Xr beadm 1 492was written and is maintained by 493.An Slawomir Wojciech Wojtczak (vermaden) Aq Mt vermaden@interia.pl . 494.Pp 495.An Bryan Drewery (bdrewery) Aq Mt bryan@shatow.net 496wrote the original 497.Xr beadm 1 498manual page that this one is derived from. 499