Commit Graph

54 Commits

Author SHA1 Message Date
0mp
54abda0420 Cross-reference libbe(3) and bectl(8).
Those two manual pages are already referencing each other in the HISTORY
sections, which people might skip. Mention those manual pages explicitly in
the SEE ALSO sections.  Also, remove a reference to be(1) from libbe(3).

Reviewed by:	bcr
Approved by:	krion (mentor, implicit), mat (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D18136
2018-11-21 12:46:28 +00:00
0mp
40227ddf87 libbe(3): Put each error value in separate line.
As requested by a TODO in the source code.

Reviewed by:	bcr
Approved by:	krion (mentor, implicit), mat (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D18063
2018-11-21 11:22:44 +00:00
kevans
08e3a6ed9f libbe(3): Handle non-ZFS rootfs better
If rootfs isn't ZFS, current version will emit an error claiming so and fail
to initialize libbe. As a consumer, bectl -r (undocumented) can be specified
to operate on a BE independently of whether on a UFS or ZFS root.

Unbreak this for the UFS case by only erroring out the init if we can't
determine a ZFS dataset for rootfs and no BE root was specified. Consumers
of libbe should take care to ensure that rootfs is non-empty if they're
trying to use it, because this could certainly be the case.

Some check is needed before zfs_path_to_zhandle because it will
unconditionally emit to stderr if the path isn't a ZFS filesystem, which is
unhelpful for our purposes.

This should also unbreak the bectl(8) tests on a UFS root, as is the case in
Jenkins' -test runs.

MFC after:	3 days
2018-11-19 16:47:21 +00:00
kevans
4cfb9f6353 libbe(3): Properly account for altroot when creating new BEs
Previously we would blindly copy the 'mountpoint' property, which includes
the altroot. The altroot needs to be snipped off prior to setting it on the
new BE, though, or you'll end up with a new BE and a mountpoint of /mnt with
altroot=/mnt

MFC after:	3 days
2018-11-19 02:16:20 +00:00
kevans
259052139d bectl(3)/libbe(3): Allow BE root to be specified
Add an undocumented -r option preceding the bectl subcommand to specify a BE
root to operate out of. This will remain undocumented for now, as some
caveats apply:

- BEs cannot be activated in the pool that doesn't contain the rootfs
- bectl create cannot work out of the box without the -e option right now,
  since it defaults to the rootfs and cross-pool cloning doesn't work like
  that (IIRC)

Plumb the BE root through to libbe(3) so that some things -can- be done to
it, e.g.

bectl -r tank/ROOT create -e default upgrade
bectl -r tank/ROOT mount upgrade /mnt

this aides in some upgrade setups where rootfs is not necessarily ZFS, and
also makes it easier/possible to regression-test bectl when combined with a
file-backed zpool.

MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D18029
2018-11-19 02:12:08 +00:00
kevans
b024ef6cda libbe(3): Rewrite be_unmount to stop mucking with getmntinfo(2)
Go through the ZFS layer instead; given a BE, we can derive the dataset,
zfs_open it, then zfs_unmount. ZFS takes care of the dirty details and
likely gets it more correct than we did for more interesting setups.

MFC after:	3 days
2018-11-17 19:19:37 +00:00
kevans
cf39e78d1b libbe(3): rewrite init to support chroot usage
libbe(3) currently uses zfs_be_root and locates which of its children is
currently mounted at "/". This is reasonable, but not correct in the case of
a chroot, for two reasons:

- chroot root may be of a different zpool than zfs_be_root
- chroot root will not show up as mounted at "/"

Fix both of these by rewriting libbe_init to work from the rootfs down.
zfs_path_to_zhandle on / will resolve to the dataset mounted at the new
root, rather than the real root. From there, we can derive the BE root/pool
and grab the bootfs off of the new pool. This does no harm in the average
case, and opens up bectl to operating on different pools for scenarios where
one may be, for instance, updating a pool that generally gets re-rooted into
from a separate UFS root or zfs bootpool.

While here, I've also:
- Eliminated the check for /boot and / to be on the same partition. This
  leaves one open to a setup where /boot (and consequently, kernel/modules)
  are not included in the boot environment. This may very well be an
  intentional setup done by someone that knows what they're doing, we should
  not kill BE usage because of it.

- Eliminated the validation bits of BEs and snapshots that enforced
  'mountpoint' to be "/" -- this broke when trying to operate on an imported
  pool with an altroot, but we need not be this picky.

Reported by:	philip
Reviewed by:	philip, allanjude (previous version)
Tested by:	philip
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D18012
2018-11-17 19:15:29 +00:00
kevans
c430baf656 libbe(3): Set canmount properly when activating a new BE
The previously activated BE should have canmount=noauto set on it upon
activation of the new BE, but we previously did not touch canmount on either
old or new BE.

PR:		233113
MFC after:	3 days
2018-11-10 20:42:29 +00:00
kevans
26572fffbb libbe(3): Don't promote non-cloned BEs
Most easily reproducible by attempting to activate the currently activated
BE, one would get a "not a cloned filesystem" error instead of success or a
sane message.

PR:		232488
MFC after:	3 days
2018-11-01 14:00:56 +00:00
kevans
09a3bbfcc5 libbe(3): Fix BE activation promoting activated BE
This allows older BEs to be destroyed as they become replaced by a BE
created from them: e.g.

bectl create -e brokenworld fixedworld
bectl activate fixedworld
bectl destroy brokenworld

Submitted by:	Shawn Webb
Approved by:	re (gjb)
Obtained from:	HardenedBSD (5948c0581e)
2018-10-01 14:57:33 +00:00
kevans
a1b9ddb01d libbe(3): Fix error handling with respect to be_exists
Some paths through be_exists will set the error state, others will not
There are multiple reasons that a call can fail, so clean it up a bit: all
paths now return an appropriate error code so the caller can attempt to
distinguish between a BE legitimately not existing and just having the wrong
mountpoint. The caller is expected to bubble the error through to the
internal error handler as needed.

This fixes some unfriendliness with bectl(8)'s activate subcommand, where
it might fail due to a bad mountpoint but the only message output is a
generic "failed to activate" message.

Approved by:	re (gjb)
2018-09-01 02:22:26 +00:00
kevans
51650c5969 libbe(3)/bectl(8): Make consistent with beadm
vermaden (maintainer of beadm) points out the following inconsistencies:
- "missing command" is not printed prior to usage if the error is simply a
   missing command; this should be obvious from the context
- "bectl rename" isn't using the "don't unmount" flag (zfs rename -u), so
   the active BE can't be renamed. It doesn't make sense in our context to
   *not* use -u, so use it.

Documentation updates reflect the above and note an inconsistency with the
'destroy' command that is consistent with other parts of the base system.

A fix for libbe(3) not properly being installed to /lib is included.
SHLIBDIR should have been added when it was moved in r337995.

Approved by:	re (kib)
2018-08-24 20:44:58 +00:00
kevans
68ec745a9c libbe(3): Move build goop back out of cddl/
Some background: in the GSoC project, libbe/Makefile lived in lib/libbe. I
created projects/bectl branch, maintained the above for all of five
minutes before I misread Makefile.inc1 and decided that it couldn't possibly
build outside of cddl/, so I kicked the Makefile out into the cddl/ build
and all was good. The misreading was of the bit where .WAIT is added to
SUBDIR after lib, libexec but prior to building bin and cddl *only during
the install targets*, which is the critical part.

Fast forward- buildworld was still broken in my branch unbeknownst to me
because I didn't nuke my OBJDIR. Combing through Makefile.inc1 eventually
revealed the necessary magic to make sure that libbe's dependencies are
specified well enough, and it becomes clear what needs done to make a
non-cddl/ build work. This is an interesting prospect, because the build
split is kind of annoying to work with.

IGNORE_PRAGMA is added to avoid dropping WARNS by one more. This was
previously pulled in via cddl/Makefile.inc.
2018-08-18 03:20:59 +00:00
kevans
3c7e957126 libbe(3): Impose dataset length restrictions on boot env name validation
Previously, we only validated names for character restrictions. This is
helpful, but we should've also checked length restrictions- dataset names
must be restricted to MAXNAMELEN.

While here, move validation before doing a bunch of concatenations and fix
error handling in be_rename. It was previously setting the error state based
on return value from a libzfs function, which is wrong: libzfs errors don't
necessarily match cleanly to libbe errors. This would cause the assertion in
be_error to hit when the error was printed.
2018-08-16 18:58:34 +00:00
kevans
5f1af1a0a1 libbe(3): Prefer safer versions of strcat/strcpy
Or, in the activate case, just use snprintf since that's effectively what
we're doing anyways.
2018-08-16 18:37:47 +00:00
kevans
d566a4a452 libbe(3)/bectl(8): Hit rewind on a bunch of off-by-ones
While here, use sizeof() in some places that it makes sense to reduce room
for error and prefer strlcpy to strncpy
2018-08-16 17:56:03 +00:00
kevans
17e1e9b97a libbe(3): Fix leaky faucets
Amongst them:
- Resource leaks
- Logically dead code
- Unused values
- Null termination issues

Reported by:	asomers (pointer to Coverity), Coverity
CID:		1394777, 1394791, 1394830, 1394844, 1394872, 1394894,
CID:		1394900, 1394907, 1394950, 1394965
2018-08-14 18:11:06 +00:00
kevans
4fbf2eb660 libbe(3): Light typo fix/word addition 2018-08-13 03:43:49 +00:00
kevans
e2e76dee4d libbe(3): Fix be_import to delete temp snapshot
Deleting the temp snapshot isn't immediately possible because it's the
origin of the newly imported boot environment. However, this is trivially
solved by opening the new boot environment and promoting it. The roles are
now reversed and the temp snapshot/dataset may be completely destroyed.

Remove the BUGS from libbe(3) and bectl(8).
2018-08-13 03:42:14 +00:00
kevans
4b0660c4b9 libbe(3): Document the import bug... 2018-08-11 04:09:42 +00:00
kevans
ece0932ee0 libbe(3): Brain dump... 2018-08-11 03:33:10 +00:00
kevans
1c4cf707b2 libbe(3)/bectl(8): Make igor and mandoc -Tlint a little happier 2018-08-11 01:40:24 +00:00
kevans
7a884341a8 libbe(3): Bring man page back into reality 2018-08-11 01:05:44 +00:00
kevans
92afc1f6f9 libbe(3)/bectl(8): Kill off the 'add' functionality for now
The mostly-undocumented 'add' functionality, from initial read-through, is
intended for construction of deep ("bdrewery style") boot environments.
However, it's mostly broken at this point. `#if SOON` it out on both sides
so that we're not exposing a broken API/feature.

Work will resume on it in due time.
2018-08-11 01:02:27 +00:00
kevans
c4b7f80c48 libbe(3): More error handling bits
be_add_child functionality gets split out into separate places as a bonus.
A lot of places here we'll gloss over libzfs errors, because they shouldn't
be happening given the conditions that we're operating under. "Unknown
error" is what I'm intending to use for the moment to indicate an
exceptional circumstance- exceptional enough that we can't tell the consumer
did because we're not so certain that they did anything.
2018-08-10 21:23:56 +00:00
kevans
e9a152be1b libbe(3): Plug some holes, do some more proper error returns
For those returning just -1 before, have them set ERR_UNKNOWN for now.
2018-08-10 04:23:13 +00:00
kevans
546b2fa193 libbe(3): more small cleanup, const'ify and light style(9) 2018-08-10 04:01:40 +00:00
kevans
d8b7199366 libbe(3): Some more light error handling... 2018-08-08 03:46:12 +00:00
kevans
74c4d75281 libbe(3): Clarify some errors
While here, fix a bug with 'rename' that checked the wrong name for being
the active BE.
2018-08-08 03:25:10 +00:00
kevans
a4c3db9d4c Catch up on BE_ERR messages 2018-08-08 03:11:13 +00:00
kevans
7c587a9287 libbe(3)/bectl(8): Standardize $FreeBSD$ IDs 2018-08-07 14:02:41 +00:00
kevans
e449ef0641 libbe(3)/bectl(8): Standardize copyright headers
- File names don't necessarily need to be repeated
- Add SPDX tags
- Add a missing copyright for Kyle Kneitinger in bectl.8, originally written
  by him in GSoC 2017; his standard copyright notice has been copied from
  other files within the same directory to remain consistent with how he
  clearly wished to portray it
2018-08-07 13:46:06 +00:00
kevans
8556dc0b6d libbe(3): Destroy all children of a BE dataset, too
This fixes destruction of a deep BE returning an EBUSY because child
datasets still exist.
2018-08-07 03:39:29 +00:00
kevans
02087c75b8 libbe(3): Document that we'll clobber previous errors set by set_error 2018-08-07 03:26:32 +00:00
kevans
a760a1ea40 libbe(3): Return some more proper error codes 2018-08-07 03:25:28 +00:00
kevans
6f493e311f libbe(3): Check that dataset is to be mounted at / for be_exists
This makes the be_exists behavior match the comments that assert that we've
already checked that the dataset derived from the BE name is set to mount at
/.

Other changes of note:
- bectl_list sees another change; changing mountpoint based on mount status
  turns out to be a bad idea, so instead make the mounted property of the
  returned nvlist the path that it's mounted at

- Always return the "mountpoint" property in "mountpoint" if it's ste
2018-08-07 03:07:54 +00:00
kevans
5a0558d602 libbe(3): Rename prop_list_builder and snapshot_prop_list_builder 2018-08-07 02:40:00 +00:00
kevans
ca0af05c11 This snippet is no longer from zfsbootcfg 2018-08-07 02:32:29 +00:00
kevans
1dd8b253d3 libbe(3): Rewrite activate temp bits to rely less on loader
Loader is still relied upon at the beginning of libbe to specify the be
root, but we can derive from that the primary zpool and any vdevs that we
need to set nextboot bits on.

This lets me successfully `bectl activate -t test`, but UEFI loader doesn't
quite yet understand so it's effectively defunct.
2018-08-07 01:56:37 +00:00
kevans
5ef81a6b77 bectl(8): Implement bectl list -s
be_get_dataset_snapshots has been added to libbe(3), effectively returning
the same information as be_get_bootenv_props but for snapshots of the given
dataset. The assumption is that one will have the BE dataset name before
wanting to grab snapshots.
2018-08-05 19:38:56 +00:00
kevans
411563c444 bectl: Implement -D ("space if origin datasets were deleted")
This also accomplishes the following:

- Proxy through zfs_nicenum as be_nicenum, because it looks better than
  humanize_number and would presumably be useful to other libbe consumers.

- Rename be_get_snapshot_props to be_get_dataset_props, make it more useful
2018-08-05 04:40:13 +00:00
kevans
60ffd203c2 bectl(8): Take origin snapshot into account when calculating used space
This more closely matches the behavior for beadm. The associated libbe(3)
API is still getting worked out a little bit.
2018-08-03 02:04:57 +00:00
kevans
59de9965fd libbe(3): Fix checking of zfs_prop_get's return value
Rather than a boolean_t, it returns an int != 0 for error or 0 for OK.
2018-08-03 01:43:51 +00:00
kevans
7d3d9bc325 libbe(3): Add be_mounted_at to check a mount point
At a bare minimum, this function will return 0 if a BE is mounted at the
given path or non-zero otherwise.  If the optional 'details' nvlist is
supplied, it is filled with an nvpair containing just the information about
the BE mounted at the path.  This nvpair is structured just as it is for
be_get_bootenv_props, except limited to just the single mount point.
2018-07-26 03:13:07 +00:00
kevans
b854d08b71 libbe(3)/bectl(8): Provide and use proper alloc/free for property lists 2018-07-25 16:00:48 +00:00
kevans
823f2e5ae8 libbe(3): Use zfs_is_mounted to check mounted and mountpoint 2018-07-25 15:45:42 +00:00
kevans
fa415c9fee libbe(3)/be(8): Drop WARNS overrides, fix all fallout
Based on the idea that we shouldn't have all-new library and utility going
into base that need WARNS=1...

- Decent amount of constification
- Lots of parentheses
- Minor other nits
2018-07-25 15:14:35 +00:00
kevans
fb0987a5aa libbe(3): Add nextboot flag to returned BE information 2018-07-25 14:45:00 +00:00
kevans
9927174fb2 bectl(8): Start dumping out BE information with bectl list
For the moment, this is a primitive nvlist dump of what we get back from
be_get_bootenv_props as a proof-of-concept and to make sure that we're
getting back the kind of information we want to see from list.
2018-07-25 14:30:47 +00:00
kevans
b4fc751e0e libbe(3): make style consistent with what I'll use going forward 2018-07-25 03:50:01 +00:00