设置
我有一台运行 OpenBSD 的机器,它有两个 SSD:sd0
和sd1
。
我已经为每个 SSD 设置了两个分区a
和d
.
从那里我使用以下方法构建了两个镜子bioctl
:
第一个镜子是由sd0a
和构建的sd1a
;这显示为sd2
sd0d
第二个镜子由和构建sd1d
;这显示为sd3
系统的根目录/
已安装到sd2a
.
然后我在;bioctl
之上构建了一个加密的 Softraidsd3
这显示为sd4
.
系统的其余部分安装在sd4
:/usr
、/home
、/tmp
等上/var
。
问题
当系统启动时,它显然会抱怨找不到/var
/usr
/tmp
等。我可以进入 shell 并使用以下命令手动附加加密容器:bioctl -c C -l /dev/sd3a softraid0
。然后我退出 shell,系统正常启动。但是当我尝试使用脚本自动执行此操作时rc.local
,rc.securelevel
它不起作用......
rc.local
这是我尝试过的脚本rc.securelevel
bioctl sd4 > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Mounting..."
bioctl -c C -l /dev/sd3a softraid0
fi
感谢您花时间查看此内容!
编辑 正如这里所要求的是启动消息 - 我已经标记了它崩溃时到达的位置,并抱怨它找不到 /var /tmp /usr 等。
Mar 12 06:52:10 sql /bsd: avail mem = 33187635200 (31650MB)
Mar 12 06:52:10 sql /bsd: mpath0 at root
Mar 12 06:52:10 sql /bsd: scsibus0 at mpath0: 256 targets
Mar 12 06:52:10 sql /bsd: mainbus0 at root
Mar 12 06:52:10 sql /bsd: bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xea820 (69 entries)
Mar 12 06:52:10 sql /bsd: bios0: vendor American Megatrends Inc. version "1.70" date 12/18/2017
Mar 12 06:52:10 sql /bsd: bios0: Micro-Star International Co., Ltd. MS-7B09
Mar 12 06:52:10 sql /bsd: acpi0 at bios0: rev 2
Mar 12 06:52:10 sql /bsd: acpi0: sleep states S0 S3 S4 S5
Mar 12 06:52:10 sql /bsd: acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG SSDT CRAT CDIT HPET SSDT UEFI SSDT SSDT
Mar 12 06:52:10 sql /bsd: acpi0: wakeup devices D0A1(S4) D0A2(S4) D0A3(S4) D0A4(S4) D0A5(S4) D0A6(S4) D0A7(S4) D0B0(S4) D0B1(S4) D0B2(S4) D0B3(S4) D0B4(S4) D0B5(S4) D0B6(S4) D0B7(S4) D0C0(S4) [...]
Mar 12 06:52:10 sql /bsd: acpitimer0 at acpi0: 3579545 Hz, 32 bits
Mar 12 06:52:10 sql /bsd: acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
Mar 12 06:52:10 sql /bsd: cpu0 at mainbus0: apid 0 (boot processor)
Mar 12 06:52:10 sql /bsd: cpu0: AMD Ryzen Threadripper 1900X 8-Core Processor, 3800.79 MHz
Mar 12 06:52:10 sql /bsd: cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
Mar 12 06:52:10 sql /bsd: cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 32-way L3 cache
Mar 12 06:52:10 sql /bsd: cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
Mar 12 06:52:10 sql /bsd: cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
Mar 12 06:52:10 sql /bsd: cpu0: TSC frequency 3800785080 Hz
Mar 12 06:52:10 sql /bsd: cpu0: smt 0, core 0, package 0
Mar 12 06:52:10 sql /bsd: mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
Mar 12 06:52:10 sql /bsd: cpu0: apic clock running at 100MHz
Mar 12 06:52:10 sql /bsd: cpu0: mwait min=64, max=64, IBE
Mar 12 06:52:10 sql /bsd: cpu1 at mainbus0: apid 2 (application processor)
Mar 12 06:52:10 sql /bsd: cpu1: AMD Ryzen Threadripper 1900X 8-Core Processor, 3800.01 MHz
Mar 12 06:52:10 sql /bsd: cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
Mar 12 06:52:10 sql /bsd: cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 32-way L3 cache
Mar 12 06:52:10 sql /bsd: cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
Mar 12 06:52:10 sql /bsd: cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
Mar 12 06:52:10 sql /bsd: cpu1: smt 0, core 2, package 0
Mar 12 06:52:10 sql /bsd: cpu15 at mainbus0: apid 23 (application processor)
Mar 12 06:52:10 sql /bsd: cpu15: AMD Ryzen Threadripper 1900X 8-Core Processor, 3800.01 MHz
Mar 12 06:52:10 sql /bsd: cpu15: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
Mar 12 06:52:10 sql /bsd: cpu15: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 32-way L3 cache
Mar 12 06:52:10 sql /bsd: cpu15: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
Mar 12 06:52:10 sql /bsd: cpu15: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
Mar 12 06:52:10 sql /bsd: cpu15: smt 0, core 23, package 0
Mar 12 06:52:10 sql /bsd: "PNP0C14" at acpi0 not configured
Mar 12 06:52:10 sql /bsd: acpibtn0 at acpi0: PWRB
Mar 12 06:52:10 sql /bsd: "AMDI0030" at acpi0 not configured
Mar 12 06:52:10 sql /bsd: "AMDI0010" at acpi0 not configured
Mar 12 06:52:10 sql /bsd: "PNP0C14" at acpi0 not configured
Mar 12 06:52:10 sql /bsd: "AMDIF030" at acpi0 not configured
Mar 12 06:52:10 sql /bsd: "PNP0C14" at acpi0 not configured
Mar 12 06:52:10 sql /bsd: cpu0: 3800 MHz: speeds: 3800 3000 2200 MHz
Mar 12 06:52:10 sql /bsd: pci0 at mainbus0 bus 0
Mar 12 06:52:10 sql /bsd: pci1 at ppb0 bus 1
Mar 12 06:52:10 sql /bsd: xhci0 at pci1 dev 0 function 0 vendor "AMD", unknown product 0x43ba rev 0x02: msi
Mar 12 06:52:10 sql /bsd: usb0 at xhci0: USB revision 3.0
Mar 12 06:52:10 sql /bsd: uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
Mar 12 06:52:10 sql /bsd: ahci0 at pci1 dev 0 function 1 vendor "AMD", unknown product 0x43b6 rev 0x02: msi, AHCI 1.3.1
Mar 12 06:52:10 sql /bsd: scsibus1 at ahci0: 32 targets
Mar 12 06:52:10 sql /bsd: xhci1 at pci3 dev 0 function 0 vendor "ASMedia", unknown product 0x2142 rev 0x00: msi
Mar 12 06:52:10 sql /bsd: usb1 at xhci1: USB revision 3.0
Mar 12 06:52:10 sql /bsd: uhub1 at usb1 configuration 1 interface 0 "ASMedia xHCI root hub" rev 3.00/1.00 addr 1
Mar 12 06:52:10 sql /bsd: ppb3 at pci2 dev 2 function 0 vendor "AMD", unknown product 0x43b4 rev 0x02: msi
Mar 12 06:52:10 sql /bsd: em0 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address 30:9c:23:64:e8:f3
Mar 12 06:52:10 sql /bsd: ppb8 at pci2 dev 7 function 0 vendor "AMD", unknown product 0x43b4 rev 0x02: msi
Mar 12 06:52:10 sql /bsd: pci9 at ppb8 bus 9
Mar 12 06:52:10 sql /bsd: ppb9 at pci0 dev 1 function 2 vendor "AMD", unknown product 0x1453 rev 0x00: msi
Mar 12 06:52:10 sql /bsd: pci10 at ppb9 bus 10
Mar 12 06:52:10 sql /bsd: nvme0 at pci10 dev 0 function 0 "Samsung SM961/PM961 NVMe" rev 0x00: msi, NVMe 1.2
Mar 12 06:52:10 sql /bsd: nvme0: Samsung SSD 960 EVO 250GB, firmware 3B7QCXE7, serial S3ESNX0JB78420A
Mar 12 06:52:10 sql /bsd: scsibus2 at nvme0: 1 targets
Mar 12 06:52:10 sql /bsd: sd0 at scsibus2 targ 0 lun 0: <NVMe, Samsung SSD 960, 3B7Q> SCSI4 0/direct fixed
Mar 12 06:52:10 sql /bsd: sd0: 238475MB, 512 bytes/sector, 488397168 sectors
Mar 12 06:52:10 sql /bsd: pci11 at ppb10 bus 11
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x145a (class instrumentation unknown subclass 0x00, rev 0x00) at pci11 dev 0 function 0 not configured
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x1456 (class crypto subclass miscellaneous, rev 0x00) at pci11 dev 0 function 2 not configured
Mar 12 06:52:10 sql /bsd: xhci2 at pci11 dev 0 function 3 vendor "AMD", unknown product 0x145c rev 0x00: msi
Mar 12 06:52:10 sql /bsd: usb2 at xhci2: USB revision 3.0
Mar 12 06:52:10 sql /bsd: uhub2 at usb2 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
Mar 12 06:52:10 sql /bsd: pchb6 at pci0 dev 8 function 0 vendor "AMD", unknown product 0x1452 rev 0x00
Mar 12 06:52:10 sql /bsd: ppb11 at pci0 dev 8 function 1 vendor "AMD", unknown product 0x1454 rev 0x00
Mar 12 06:52:10 sql /bsd: pci12 at ppb11 bus 12
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x1455 (class instrumentation unknown subclass 0x00, rev 0x00) at pci12 dev 0 function 0 not configured
Mar 12 06:52:10 sql /bsd: ahci1 at pci12 dev 0 function 2 vendor "AMD", unknown product 0x7901 rev 0x51: msi, AHCI 1.3.1
Mar 12 06:52:10 sql /bsd: scsibus3 at ahci1: 32 targets
Mar 12 06:52:10 sql /bsd: azalia0 at pci12 dev 0 function 3 vendor "AMD", unknown product 0x1457 rev 0x00: msi
Mar 12 06:52:10 sql /bsd: azalia0: codecs: Realtek/0x1220
Mar 12 06:52:10 sql /bsd: audio0 at azalia0
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x790b (class serial bus subclass SMBus, rev 0x59) at pci0 dev 20 function 0 not configured
Mar 12 06:52:10 sql /bsd: isa0 at pcib0
Mar 12 06:52:10 sql /bsd: isadma0 at isa0
Mar 12 06:52:10 sql /bsd: com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
Mar 12 06:52:10 sql /bsd: pckbc0 at isa0 port 0x60/5 irq 1 irq 12
Mar 12 06:52:10 sql /bsd: pckbd0 at pckbc0 (kbd slot)
Mar 12 06:52:10 sql /bsd: wskbd0 at pckbd0: console keyboard
Mar 12 06:52:10 sql /bsd: vga0 at isa0 port 0x3b0/48 iomem 0xa0000/131072
Mar 12 06:52:10 sql /bsd: wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation), using wskbd0
Mar 12 06:52:10 sql /bsd: wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Mar 12 06:52:10 sql /bsd: pcppi0 at isa0 port 0x61
Mar 12 06:52:10 sql /bsd: spkr0 at pcppi0
Mar 12 06:52:10 sql /bsd: pci13 at mainbus0 bus 64
Mar 12 06:52:10 sql /bsd: pci14 at ppb12 bus 65
Mar 12 06:52:10 sql /bsd: nvme1 at pci14 dev 0 function 0 "Samsung SM951/PM951 NVMe" rev 0x01: msi, NVMe 1.1
Mar 12 06:52:10 sql /bsd: nvme1: Samsung SSD 950 PRO 512GB, firmware 1B0QBXX7, serial S2GMNX0H921434T
Mar 12 06:52:10 sql /bsd: scsibus4 at nvme1: 1 targets
Mar 12 06:52:10 sql /bsd: sd1 at scsibus4 targ 0 lun 0: <NVMe, Samsung SSD 950, 1B0Q> SCSI4 0/direct fixed
Mar 12 06:52:10 sql /bsd: sd1: 488386MB, 512 bytes/sector, 1000215216 sectors
Mar 12 06:52:10 sql /bsd: pchb25 at pci13 dev 2 function 0 vendor "AMD", unknown product 0x1452 rev 0x00
Mar 12 06:52:10 sql /bsd: pchb26 at pci13 dev 3 function 0 vendor "AMD", unknown product 0x1452 rev 0x00
Mar 12 06:52:10 sql /bsd: ppb13 at pci13 dev 3 function 1 vendor "AMD", unknown product 0x1453 rev 0x00: msi
Mar 12 06:52:10 sql /bsd: pci15 at ppb13 bus 66
Mar 12 06:52:10 sql /bsd: vendor "ATI", unknown product 0x67df (class display subclass VGA, rev 0xe7) at pci15 dev 0 function 0 not configured
Mar 12 06:52:10 sql /bsd: azalia1 at pci15 dev 0 function 1 vendor "ATI", unknown product 0xaaf0 rev 0x00: msi
Mar 12 06:52:10 sql /bsd: azalia1: no supported codecs
Mar 12 06:52:10 sql /bsd: pchb27 at pci13 dev 4 function 0 vendor "AMD", unknown product 0x1452 rev 0x00
Mar 12 06:52:10 sql /bsd: pchb28 at pci13 dev 7 function 0 vendor "AMD", unknown product 0x1452 rev 0x00
Mar 12 06:52:10 sql /bsd: ppb14 at pci13 dev 7 function 1 vendor "AMD", unknown product 0x1454 rev 0x00
Mar 12 06:52:10 sql /bsd: pci16 at ppb14 bus 67
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x145a (class instrumentation unknown subclass 0x00, rev 0x00) at pci16 dev 0 function 0 not configured
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x1456 (class crypto subclass miscellaneous, rev 0x00) at pci16 dev 0 function 2 not configured
Mar 12 06:52:10 sql /bsd: xhci3 at pci16 dev 0 function 3 vendor "AMD", unknown product 0x145c rev 0x00: msi
Mar 12 06:52:10 sql /bsd: usb3 at xhci3: USB revision 3.0
Mar 12 06:52:10 sql /bsd: uhub3 at usb3 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
Mar 12 06:52:10 sql /bsd: pchb29 at pci13 dev 8 function 0 vendor "AMD", unknown product 0x1452 rev 0x00
Mar 12 06:52:10 sql /bsd: ppb15 at pci13 dev 8 function 1 vendor "AMD", unknown product 0x1454 rev 0x00
Mar 12 06:52:10 sql /bsd: pci17 at ppb15 bus 68
Mar 12 06:52:10 sql /bsd: vendor "AMD", unknown product 0x1455 (class instrumentation unknown subclass 0x00, rev 0x00) at pci17 dev 0 function 0 not configured
Mar 12 06:52:10 sql /bsd: ahci2 at pci17 dev 0 function 2 vendor "AMD", unknown product 0x7901 rev 0x51: msi, AHCI 1.3.1
Mar 12 06:52:10 sql /bsd: scsibus5 at ahci2: 32 targets
Mar 12 06:52:10 sql /bsd: uhidev0 at uhub0 port 21 configuration 1 interface 0 "Microsoft Microsoft\M-. Digital Media oard 3000" rev 2.00/2.00 addr 2
Mar 12 06:52:10 sql /bsd: uhidev0: iclass 3/1
Mar 12 06:52:10 sql /bsd: ukbd0 at uhidev0: 8 variable keys, 6 key codes
Mar 12 06:52:10 sql /bsd: wskbd1 at ukbd0 mux 1
Mar 12 06:52:10 sql /bsd: wskbd1: connecting to wsdisplay0
Mar 12 06:52:10 sql /bsd: uhidev1 at uhub0 port 21 configuration 1 interface 1 "Microsoft Microsoft\M-. Digital Media oard 3000" rev 2.00/2.00 addr 2
Mar 12 06:52:10 sql /bsd: uhidev1: iclass 3/0, 3 report ids
Mar 12 06:52:10 sql /bsd: uhid0 at uhidev1 reportid 1: input=7, output=0, feature=0
Mar 12 06:52:10 sql /bsd: uhid1 at uhidev1 reportid 3: input=1, output=0, feature=0
Mar 12 06:52:10 sql /bsd: vscsi0 at root
Mar 12 06:52:10 sql /bsd: scsibus6 at vscsi0: 256 targets
Mar 12 06:52:10 sql /bsd: softraid0 at root
Mar 12 06:52:10 sql /bsd: scsibus7 at softraid0: 256 targets
Mar 12 06:52:10 sql /bsd: sd2 at scsibus7 targ 1 lun 0: <OPENBSD, SR RAID 1, 006> SCSI2 0/direct fixed
Mar 12 06:52:10 sql /bsd: sd2: 20479MB, 512 bytes/sector, 41942512 sectors
Mar 12 06:52:10 sql /bsd: sd3 at scsibus7 targ 2 lun 0: <OPENBSD, SR RAID 1, 006> SCSI2 0/direct fixed
Mar 12 06:52:10 sql /bsd: sd3: 217992MB, 512 bytes/sector, 446448433 sectors
Mar 12 06:52:10 sql /bsd: root on sd2a (1ff7dd9b647c5f6f.a) swap on sd2b dump on sd2b
*** This is where I have to drop to a shell and manually attach the encrypted softraid0 ***
Mar 12 06:52:10 sql /bsd: sd4 at scsibus7 targ 3 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
Mar 12 06:52:10 sql /bsd: sd4: 217992MB, 512 bytes/sector, 446447905 sectors
Mar 12 06:52:10 sql sendsyslog: dropped 1 message, error 57
Mar 12 06:52:10 sql ntpd[66920]: /var/db/ntpd.drift is empty
Mar 12 06:52:10 sql savecore: /dev/sd2b: Device not configured
Mar 12 06:52:15 sql reorder_kernel: kernel relinking done
此外,在我手动挂载加密的 Softraid 并启动完成一切工作后,以下是挂载的输出:
/dev/sd2a on / type ffs (local)
/dev/sd4k on /home type ffs (local, nodev, nosuid)
/dev/sd4d on /tmp type ffs (local, nodev, nosuid)
/dev/sd4f on /usr type ffs (local, nodev)
/dev/sd4g on /usr/X11R6 type ffs (local, nodev)
/dev/sd4h on /usr/local type ffs (local, nodev, wxallowed)
/dev/sd4j on /usr/obj type ffs (local, nodev, nosuid)
/dev/sd4i on /usr/src type ffs (local, nodev, nosuid)
/dev/sd4e on /var type ffs (local, nodev, nosuid)
答案1
因此,经过一番挖掘和阅读后,我发现: rc.local 甚至 rc.securelevel 在 rc 脚本中调用得太晚,无法用于挂载文件系统的其余部分。通过 rc 脚本进行快速 grep 可以清楚地表明,需要在 rc 中运行“检查文件系统”代码之前附加加密的 softraid。为了确保代码只在启动时运行,我在 rc 中的“检查文件系统”脚本上方添加了以下内容:
# ADDED - This mounts the encrypted filesystem
bioctl sd4 > /dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Time to decrypt and mount the rest of your filesystem..."
bioctl -c C -l /dev/sd3a softraid0
fi
需要明确的是,我不喜欢这个解决方案,因为我必须对替换/修改 rc 的更新保持警惕,但我没有看到解决这个问题的方法。如果 OpenBSD 的人有更好的解决方案,请告诉我!
我知道这是非常基本的,但我认为这可能会节省一些人的时间,所以我留下了这个问题。此外,测试位于丢失磁盘(并已重建)的镜像顶部的加密内容的恢复/一致性似乎会失败。它似乎无法查看/处理加密设备 - 可惜 OpenBSD 还不能处理这个问题。您必须查看镜像的硬件解决方案,然后在 OpenBSD 中使用 FDE,或者使用不同的操作系统。
感谢大家。
答案2
作为常见问题解答中明确指出:目前不支持“堆叠”softraid 模式(例如镜像驱动器和加密)。