Incomplete protection by freenas-boot ZFS pool?

[Jochem]

FreeNas can be installed on a ZFS boot volume. This is nice. It would be funny to go through a lot of trouble to commision a nice ZFS pool for your own dataset, and not have a protected OS, would it? Imagen "bit-rotted" ZFS driver code corruption your pool!

However, there seems to be a small hitch: FreeNAS (al least with my defaul install) creates several non ZFS filesystems as /etc, /var and more.

I would expect that these would also be on a protected ZFS pool. Or is an undetected error on these filesystems never a danger for the integrity of my ZFS pool?

 

[MrToddsFriends]

You are free to use mirrored boot devices, which can be created either during installation or at any time later.

http://doc.freenas.org/9.10/freenas_install.html?highlight=mirror#performing-the-installation
http://doc.freenas.org/9.10/freenas_system.html?highlight=mirror#mirroring-the-boot-device

 

[Ericloewe]

I'm not sure what you mean. Everything nonvolatile is stored on ZFS pools (swap excluded, for obvious reasons).

 

[styno]

However, there seems to be a small hitch: FreeNAS (al least with my defaul install) creates several non ZFS filesystems as /etc, /var and more.

What version are you running? Can you show us what you see on your system as I don't see this behavior on any of the installs I did... Rootpools are zfs and mirrored.

 

[Jochem]

Can you show us what you see on your system as I don't see this behavior on any of the installs I did... Rootpools are zfs and mirrored.

[root@freenas /etc/rc.d]# mount
freenas-boot/ROOT/9.10-STABLE-201606270534 on / (zfs, local, noatime, nfsv4acls)
devfs on /dev (devfs, local, multilabel)
tmpfs on /etc (tmpfs, local)
tmpfs on /mnt (tmpfs, local)
tmpfs on /var (tmpfs, local)
freenas-boot/grub on /boot/grub (zfs, local, noatime, nfsv4acls)
fdescfs on /dev/fd (fdescfs)
freenas-boot/.system on /var/db/system (zfs, local, noatime, nfsv4acls)
freenas-boot/.system/cores on /var/db/system/cores (zfs, local, noatime, nfsv4acls)
freenas-boot/.system/samba4 on /var/db/system/samba4 (zfs, local, noatime, nfsv4acls)
freenas-boot/.system/syslog-c4a93aaf1c9442ea828ddc7efa630359 on /var/db/system/syslog-c4a93aaf1c9442ea828ddc7efa630359 (zfs, local,
noatime, nfsv4acls)
freenas-boot/.system/rrd-c4a93aaf1c9442ea828ddc7efa630359 on /var/db/system/rrd-c4a93aaf1c9442ea828ddc7efa630359 (zfs, local, noatim
e, nfsv4acls)
freenas-boot/.system/configs-c4a93aaf1c9442ea828ddc7efa630359 on /var/db/system/configs-c4a93aaf1c9442ea828ddc7efa630359 (zfs, local
, noatime, nfsv4acls)
linprocfs on /compat/linux/proc (linprocfs, local)
[root@freenas /etc/rc.d]#
​

Rootpool is ZFS indeed. My remark only refers to the tmpfs filesystems. I would expect that these would also be on a protected ZFS pool. Or is an undetected error on these filesystems never a danger for the integrity of my ZFS pool?

 

[Jochem]

I'm not sure what you mean. Everything nonvolatile is stored on ZFS pools

OK, if i understand you correctly, all info in the tmpfs filesystems are volatile and -if its configuration info- generated out of some location originating from the root pool? So. let assume a running system reads a block from some devfs, say fom /etc. This block could contain an undetected error and lead to unknown territoty, is it not?

But, i only now realize: Is a tmpfs always on RAM? If so, it's protected anyhow by ECC (but cannot be mirrored).

swap excluded, for obvious reasons

Yeah. This was my next question. I guess the obvious reason is one needs memory to manage zpool, so tricky to use zvol for swap.

On the other hand, swapped code is now on unprotected disk, no ECC no nothing, and could be swapped in including undetected errors . It strikes me as flaw in the greater ZFS scheme. Saw a lot of discussion going on elsewhere where people use ZFS for swap anyway, and Oracle seems to OK it too?

 

[Ericloewe]

On the other hand, swapped code is now on unprotected disk, no ECC no nothing, and could be swapped in including undetected errors . It strikes me as flaw in the greater ZFS scheme. Saw a lot of discussion going on elsewhere where people use ZFS for swap anyway, and Oracle seems to OK it too?

Swap is for emergencies only and is not used during normal operation.

FreeNAS 10 will also introduce mirrored swap, to allow for surviving disk failures. As for silent corruption, that is almost certainly exceedingly unlikely given the amount of time data is expected to stay swapped (on the order of hours at most).