The time has come! 2013-09-27-initramfs-required news item warned about separate /usr being unsupported without an initramfs. I had no success getting genkernel to mount separate /usr on zfs for a long time. Turned out genkernel can mount /usr and other filesystems found in /etc/initramfs.mounts only if they also listed in /etc/fstab, which is usually not the case for zfs. None of the udev or other breakages prevented my boxen from booting without /usr mounted by initramfs for years. But sys-fs/zfs-0.8 release links against libssl sneakily effectively rendering userspace unusable without /usr mounted. I finally tricked genkernel to mount my /usr by adding it to /etc/fstab. Unfortunately this trick revealed another unrelated bug in openrc which tried to mount /usr over instead of remounting it readwrite. Failed mount attempt prevented multiple services from starting. I decided to implement zfs support in genkernel. Reproducible: Always
Created attachment 586812 [details, diff] genkernel-9999-zfs-without-fstab.patch This patch adds proper zfs support to genkernel allowing to mount filesystems /etc/fstab. It does not modify already existing functionality, fstab works the same way. A friendly irc user helped with code deduplication by creating get_col_by_mount() using slightly modified code from the original get_mount_device().
Created attachment 586814 [details, diff] this one works for stable version Tested on multiple hosts.
The patch sets the default mount options for zfs to "rw,zfsutil". But genkernel mounts /usr readonly which is probably fine. Is not openrc supposed to remount /usr readwrite? Because it is not happening here, /usr stays mounted readonly until I remount it by hand.
Signed-off-by: Alexey Smirnoff fling@member.fsf.org
Adding ZFS maintainer for input. I cannot reproduce the OpenRC rewrite problem you mentioned. I just implemented https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=271c330b15d16c318cfed654d029be4b026eb770 and when I check /var/log, it's mounted rw once the system takes control. Is this a ZFS-only problem?
(In reply to Thomas Deutschmann from comment #5) > Adding ZFS maintainer for input. > > I cannot reproduce the OpenRC rewrite problem you mentioned. I just > implemented > https://gitweb.gentoo.org/proj/genkernel.git/commit/ > ?id=271c330b15d16c318cfed654d029be4b026eb770 and when I check /var/log, it's > mounted rw once the system takes control. Is this a ZFS-only problem? Openrc only remounts filesystems found in /etc/fstab which is usually not the case for zfs. I'm working on adding this functionality to zfs-mount instead as it requires additional userspace to be used.
(In reply to fling from comment #6) > (In reply to Thomas Deutschmann from comment #5) > > Adding ZFS maintainer for input. > > > > I cannot reproduce the OpenRC rewrite problem you mentioned. I just > > implemented > > https://gitweb.gentoo.org/proj/genkernel.git/commit/ > > ?id=271c330b15d16c318cfed654d029be4b026eb770 and when I check /var/log, it's > > mounted rw once the system takes control. Is this a ZFS-only problem? > > Openrc only remounts filesystems found in /etc/fstab which is usually not > the case for zfs. I'm working on adding this functionality to zfs-mount > instead as it requires additional userspace to be used. that's incorrect. zfs-mount service can handle fstab, first action it calls is: zfs mount -a if your pool setup correctly (separate /usr is incorrect) this will mount everything using mountpoint property. legacy mounts should be in fstab, and zfs-mount service will handle whose as well. if rootfs is on zfs it's called before localmount and before all writes to FS should start. having separate /usr is bad idea on linux nowadays. I understand it makes sense, but unfortunately many software pieces no longer consider this a valid usecase. and like you mentioned your problem is that libssl is in /usr but zfs-0.8.x needs it for crypto support. I don't think we need this patch, it's overly complicated and conceptually wrong. so nack from me. upstream has an example how to handle that in contrib/initramfs: ZFS_INITRD_ADDITIONAL_DATASETS, it's used on debian. we even install it to filesystem as /usr/share/initramfs-tools, check it. all what it does is "checks colon separated list, and calls mount function on each element with appropriate options" users will need explicitly to opt-in and list extra datasets they want to mount at initrd stage. please don't reinvent fstab generator. another point: dracut does not handle separate usr or any extra datasets at all. and to summarize it all: just use zfs[static-libs]. it will be able to handle missing libs from /usr. currently zfs does not depend on any ssl (and it's a bug), 0.8.2 will be released shortly and it will include working static-libs useflag. I just suggest using it and openrc+zfs-mount service should mount /usr for you, legacy or zfs-property one. I'll print a warning during zfs installation that if users have separate /usr they should use [static-libs]
I was wrong about static-libs, currently it does not do what's expected. I'll look at this.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7d9504e58ffc04ce3d25892a39b2c414d31a0e3a commit 7d9504e58ffc04ce3d25892a39b2c414d31a0e3a Author: Georgy Yakovlev <gyakovlev@gentoo.org> AuthorDate: 2019-08-17 20:28:59 +0000 Commit: Georgy Yakovlev <gyakovlev@gentoo.org> CommitDate: 2019-08-17 20:43:14 +0000 sys-fs/zfs: update live ebuild, fix static-libs static-libs useflag was a no-op since migration to EAPI=7, fix it Bug: https://bugs.gentoo.org/692196 Package-Manager: Portage-2.3.71, Repoman-2.3.17 Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org> sys-fs/zfs/zfs-9999.ebuild | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
after chatting yesterday with fling@ on IRC I looked at the patch and genkernel code again and I have to admit that I did not correctly understood patch. I sincerely apologize, it was unintentional, I was a bit tired and was looking at old genkernel repo. This is unusual for me, but here we go. patch looks good and actually improves things. I'm still not a fan of separate /usr mounts though and not a fan of zfsutil mounts (except for rootfs), but not a lot can be done. I defer to genkernel maintainers the rest. I believe code moved a bit in current versions and and patch may need a bump. situation with libs still stays though. I don't know if genkernel copies those libs automatically, but zfs may need libtirpc.so, libssl,so, libcrypto.so from /usr. and I haven't tested initrd with static-libs.
(In reply to Georgy Yakovlev from comment #10) > I don't know if genkernel copies those libs automatically, but zfs may need > libtirpc.so, libssl,so, libcrypto.so from /usr. > and I haven't tested initrd with static-libs. My initramfs is created by genkernel-4.1.2-r3 and includes that libs: -rwxr-xr-x 1 root root 159616 Dec 11 21:03 lib/libtirpc.so.3 -rwxr-xr-x 1 root root 2836344 Dec 11 21:03 usr/lib/libcrypto.so.1.1 -rwxr-xr-x 1 root root 593080 Dec 11 21:03 usr/lib/libssl.so.1.1 Using zfs on root, but I don't use a separate /usr, nor encrypted datasets. Not a fan of separate /usr either.