Toomas Soome e307eb94ae loader: zfs should support bootonce an nextboot
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.

By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.

By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.

bootonce dataset name is recorded in boot pool labels, bootenv area.

in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.

bootonce and nextboot features are usable in both UEFI and BIOS boot.

To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).

At this time, only lua loader is updated.

Sponsored by:	Netflix, Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D25512
2020-09-21 09:01:10 +00:00

379 lines
7.7 KiB
Groff

.\"
.\" SPDX-License-Identifier: BSD-2-Clause-FreeBSD
.\"
.\" Copyright (c) 2017 Kyle J. Kneitinger <kyle@kneit.in>
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\"
.\" @(#)be.1
.\"
.\" $FreeBSD$
.\"
.Dd August 25, 2020
.Dt BECTL 8
.Os
.Sh NAME
.Nm bectl
.Nd Utility to manage boot environments on ZFS
.Sh SYNOPSIS
.Nm
.Cm activate
.Op Fl t | Fl T
.Ar beName
.Nm
.Cm check
.Nm
.Cm create
.Op Fl r
.Op Fl e Brq Ar nonActiveBe | Ar beName Ns Cm @ Ns Ar snapshot
.Ar newBeName
.Nm
.Cm create
.Op Fl r
.Ar beName@snapshot
.Nm
.Cm destroy
.Op Fl \&Fo
.Ar beName Ns Op Cm @ Ns Ar snapshot
.Nm
.Cm export
.Ar sourceBe
.Nm
.Cm import
.Ar targetBe
.Nm
.Cm jail
.Op Fl bU
.Oo Bro Fl o Ar key Ns Cm = Ns Ar value | Fl u Ar key Brc Oc Ns ...
.Ar beName
.Op Ar utility Op Ar argument ...
.Nm
.Cm list
.Op Fl aDHs
.Op Fl c Ar property
.Op Fl C Ar property
.Oo Bro Fl c Ar property | Fl C Ar property Brc Oc
.Nm
.Cm mount
.Ar beName
.Op Ar mountpoint
.Nm
.Cm rename
.Ar origBeName
.Ar newBeName
.Nm
.Brq Cm ujail | unjail
.Brq Ar jailId | jailName
.Ar beName
.Nm
.Brq Cm umount | unmount
.Op Fl f
.Ar beName
.Pp
.Nm
.Op Fl h\&?
.Sh DESCRIPTION
The
.Nm
command is used to setup and interact with ZFS boot environments, which are
bootable clones of datasets.
.Pp
Boot environments
allow the system to be upgraded, while preserving the old system environment in
a separate ZFS dataset.
.Pp
The following commands are supported by
.Nm :
.Bl -tag -width activate
.It Xo
.Cm activate
.Op Fl t | Fl T
.Ar beName
.Xc
Activate the given
.Ar beName
as the default boot filesystem.
If the
.Fl t
flag is given, this takes effect only for the next boot.
Flag
.Fl T
removes temporary boot once configuration.
Without temporary configuration, the next boot will use zfs dataset specified
in boot pool
.Ar bootfs
property.
.It Xo
.Cm check
.Xc
Performs a silent sanity check on the current system.
If boot environments are supported and used,
.Nm
will exit with a status code of 0.
Any other status code is not currently defined and may, in the future, grow
special meaning for different degrees of sanity check failures.
.It Xo
.Cm create
.Op Fl r
.Op Fl e Brq Ar nonActiveBe | Ar beName Ns Cm @ Ns Ar snapshot
.Ar newBeName
.Xc
Create a new boot environment named
.Ar newBeName .
.Pp
If the
.Fl r
flag is given, a recursive boot environment will be made.
.Pp
If the
.Fl e
flag is specified, the new environment will be cloned from the given
.Ar nonActiveBe
or
.Ar beName Ns Cm @ Ns Ar snapshot .
Otherwise, the new environment will be created from the currently booted environment.
.Pp
If
.Nm
is creating from another boot environment, a snapshot of that boot environment will be created to clone from.
.It Xo
.Cm create
.Op Fl r
.Ar beName@snapshot
.Xc
Create a snapshot of the boot environment named
.Ar beName .
.Pp
If the
.Fl r
flag is given, a recursive snapshot of the boot environment will be created.
A snapshot is created for each descendant dataset of the boot environment.
.Pp
No new boot environment is created with this command.
.It Xo
.Cm destroy
.Op Fl \&Fo
.Ar beName Ns Op Cm @ Ns Ar snapshot
.Xc
Destroy the given
.Ar beName
boot environment or
.Ar beName Ns Cm @ Ns Ar snapshot
snapshot without confirmation, unlike in
.Xr beadm 1 .
Specifying
.Fl F
will automatically unmount without confirmation.
.Pp
By default,
.Nm
will warn that it is not destroying the origin of
.Ar beName .
The
.Fl o
flag may be specified to destroy the origin as well.
.It Cm export Ar sourceBe
Export
.Ar sourceBe
to
.Xr stdout 4 .
.Xr stdout 4
must be piped or redirected to a file.
.It Cm import Ar targetBe
Import
.Ar targetBe
from
.Xr stdin 4 .
.It Xo
.Cm jail
.Op Fl bU
.Oo Bro Fl o Ar key Ns Cm = Ns Ar value | Fl u Ar key Brc Oc Ns ...
.Ar beName
.Op Ar utility Op Ar argument ...
.Xc
Create a jail of the given boot environment.
Multiple
.Fl o
and
.Fl u
arguments may be specified.
.Fl o
will set a jail parameter, and
.Fl u
will unset a jail parameter.
.Pp
By default, jails are created in interactive mode and
.Pa /bin/sh
is
executed within the jail.
If
.Ar utility
is specified, it will be executed instead of
.Pa /bin/sh .
The jail will be destroyed and the boot environment unmounted when the command
finishes executing, unless the
.Fl U
argument is specified.
.Pp
The
.Fl b
argument enables batch mode, thereby disabling interactive mode.
The
.Fl U
argument will be ignored in batch mode.
.Pp
The
.Va name ,
.Va host.hostname ,
and
.Va path
must be set, the default values are specified below.
.Pp
All
.Ar key Ns Cm = Ns Ar value
pairs are interpreted as jail parameters as described in
.Xr jail 8 .
The following default parameters are provided:
.Bl -column "allow.mount.devfs" ""
.It Va allow.mount Ta Cm true
.It Va allow.mount.devfs Ta Cm true
.It Va enforce_statfs Ta Cm 1
.It Va name Ta Set to jail ID.
.It Va host.hostname Ta Va bootenv
.It Va path Ta Set to a path in Pa /tmp
generated by
.Xr libbe 3 .
.El
.Pp
All default parameters may be overwritten.
.It Xo
.Cm list
.Op Fl DHas
.Oo Bro Fl c Ar property | Fl C Ar property Brc Oc
.Xc
.Pp
Display all boot environments.
The
.Em Active
field indicates whether the boot environment is active now
.Pq Em \&N ;
active on reboot
.Pq Em \&R ;
is used on next boot once
.Pq Em \&T ;
or combination of
.Pq Em \&NRT .
.Pp
.Bl -tag -width indent
.It Fl a
Display all datasets.
.It Fl D
Display the full space usage for each boot environment, assuming all
other boot environments were destroyed.
.It Fl H
Used for scripting.
Do not print headers and separate fields by a single tab instead of
arbitrary white space.
.It Fl s
Display all snapshots as well.
.It Fl c Ar property
Sort boot environments by given property name.
The following properties are supported:
.Pp
.Bl -tag -width 4n -offset indent -compact
.It name (default output)
.It creation
.It origin
.It used
.It usedds
.It usedsnap
.It usedrefreserv
.El
.It Fl C Ar property
Same as the
.Fl c
option, but displays in descending order.
.El
.Pp
The
.Fl D
option is ignored when either the
.Fl s
or
.Fl a
option is used.
.It Cm mount Ar beName Op Ar mountpoint
Temporarily mount the boot environment.
Mount at the specified
.Ar mountpoint
if provided.
.It Cm rename Ar origBeName newBeName
Rename the given
.Ar origBeName
to the given
.Ar newBeName .
The boot environment will not be unmounted in order for this rename to occur.
.It Cm ujail Bro Ar jailId | jailName Brc Ar beName
.It Cm unjail Bro Ar jailId | jailName Brc Ar beName
Destroy the jail created from the given boot environment.
.It Xo
.Cm umount
.Op Fl f
.Ar beName
.Xc
.It Xo
.Cm unmount
.Op Fl f
.Ar beName
.Xc
Unmount the given boot environment, if it is mounted.
Specifying
.Fl f
will force the unmount if busy.
.El
.Pp
.Nm
prints usage information if
.Fl h
or
.Fl \&?
is specified.
\" .Sh EXAMPLES
\" .Bl -bullet
\" .It
\" To fill in with jail upgrade example when behavior is firm.
\" .El
.Sh SEE ALSO
.Xr libbe 3 ,
.Xr beinstall.sh 8 ,
.Xr jail 8 ,
.Xr zfs 8 ,
.Xr zpool 8
.Sh HISTORY
.Nm
is based on
.Xr beadm 1
and was implemented as a project for the 2017 Summer of Code, along with
.Xr libbe 3 .
.Sh AUTHORS
.Nm
was written by
.An Kyle Kneitinger (kneitinger) Aq Mt kyle@kneit.in .
.Pp
.Xr beadm 1
was written and is maintained by
.An Slawomir Wojciech Wojtczak (vermaden) Aq Mt vermaden@interia.pl .
.Pp
.An Bryan Drewery (bdrewery) Aq Mt bryan@shatow.net
wrote the original
.Xr beadm 1
manual page that this one is derived from.