Install & configure ZFS on Rocky Linux 9.6

https://www.itstorage.net/index.php/ldce/lwstgservm/671-configur-zfs-rockylinux

Details Written by: Mahdi Bahmani Category: 06 Linux Storage Server Published: 07 October 2025 Hits: 510 ZFS is a powerful filesystem + volume manager (OpenZFS) that works well on Enterprise Linux derivatives but Rocky Linux 9.6 currently has a known incompatibility with the released OpenZFS kernel module. Read the compatibility note below before proceeding.

Read this first If you already run ZFS on Rocky 9.5 (or another EL9 minor): do not upgrade to Rocky Linux 9.6 yet — Rocky’s release notes report that the currently released OpenZFS module does not load on 9.6. If you rely on ZFS for production data, hold upgrades until OpenZFS publishes compatible kmod/DKMS packages.

If you want to try ZFS on a fresh Rocky 9.6 install: you can attempt to install OpenZFS, but expect possible failures (module won’t load) and be prepared to boot an older kernel, build ZFS from source (advanced), or use alternate workarounds. Do not use ZFS on production systems on 9.6 yet.

What this guide covers Prerequisites & safety notes

Add the OpenZFS repo and install ZFS (kmod vs DKMS)

Secure Boot and kernel-module signing notes

Creating a pool and datasets (examples)

Enabling ZFS at boot and basic maintenance

Troubleshooting and rollbacks

Prerequisites & safety Backup. Installing ZFS and creating zpools will destroy any disks you use. Back up anything important first.

Root or a user with sudo privileges.

Internet access (to download the OpenZFS repository packages).

Know your target device names: use lsblk or blkid to confirm which drives you intend to use.

If your machine has Secure Boot enabled, either be prepared to sign kernel modules (recommended) or disable Secure Boot — unsigned modules will not load under Secure Boot.

Compatibility note (important) Rocky Linux 9.6 has a reported incompatibility with the current OpenZFS kernel module. The Rocky 9.6 release notes recommend holding off upgrading or doing a fresh install with ZFS until an updated module is released. If you must use ZFS now, the safest options are to run an older Rocky minor (e.g. 9.5), use a distribution with prebuilt compatible ZFS packages, or be prepared to troubleshoot/rebuild modules yourself.

  1. quick checks

    check kernel and distro

    uname -r cat /etc/os-release

check disks (careful!)

lsblk –noheadings -o NAME,SIZE,TYPE,MOUNTPOINT If you’re already on Rocky 9.6 note the kernel version shown by uname -r kernel changes are the typical cause of ZFS module incompatibilities.

  1. update your system sudo dnf -y upgrade sudo reboot # if kernel was upgraded Always reboot after a kernel update so uname -r and kernel-devel can match.

  2. add prerequisites Install EPEL (provides DKMS and other helpers) and kernel development files:

sudo dnf install -y epel-release sudo dnf install -y kernel-devel kernel-headers gcc make perl dkms Important: DKMS requires the kernel-devel package that exactly matches the running kernel. If you get DKMS build failures, check uname -r and rpm -q kernel-devel.

  1. add the OpenZFS repository OpenZFS offers a zfs-release RPM that configures the OpenZFS yum/dnf repo. Use the recommended command that expands to your distro’s release macro:

sudo dnf install -y https://zfsonlinux.org/epel/zfs-release-2-8$(rpm –eval “%{dist}”).noarch.rpm This installs /etc/yum.repos.d/zfs.repo and the OpenZFS signing key.

  1. choose DKMS vs kmod packages (what to install) OpenZFS provides two packaging styles for EL9:

kmod (kABI-tracking kmod) — prebuilt kernel modules maintained by OpenZFS. Advantages: No local build required, less breakage risk, stable for production. Use this if: You run the standard Rocky Linux kernel and a matching kmod package exists. This is the recommended method.

DKMS (Dynamic Kernel Module Support) — builds the ZFS module locally against your kernel headers. Advantages: Works even if no kmod is published for your kernel, or if you use a custom kernel. Downside: Requires kernel-devel headers, can fail to build after updates, more moving parts. Use this if: No matching kmod package is available (for example, Rocky 9.6 at the time of writing).

Install kmod packages (preferred method) If a matching kmod is available, always choose this first:

switch repo to kmod packages

sudo dnf config-manager –disable zfs sudo dnf config-manager –enable zfs-kmod sudo dnf install -y zfs zfs-dracut Install DKMS packages (fallback if no kmod) If no compatible kmod exists for your kernel, use DKMS instead:

default repo often installs DKMS style packages

sudo dnf install -y zfs zfs-dracut The install process will compile ZFS modules against your current kernel. Watch the output carefully — if you see errors, they usually mean:

kernel-devel package does not match your running kernel (uname -r vs rpm -q kernel-devel)

Secure Boot is blocking unsigned modules (see Step 5 for signing)

👉 In short: try kmod first (stable, easier). If unavailable or broken on your kernel version → fallback to DKMS.

  1. Secure Boot & module signing (short) If Secure Boot is enabled, unsigned kernel modules will refuse to load. You have three choices:

Sign the built modules and enroll the signing key in the firmware MOK list (recommended for security). This involves generating an X.509 keypair, enrolling the public key (mokutil –import), and signing the .ko files (use the kernel sign-file helper). See your distro’s Secure Boot/module signing docs for exact steps.

Disable Secure Boot in firmware/UEFI.

Use vendor-signed kmod packages if/when OpenZFS publishes signed kmod packages matching your kernel.

5.1 (optional) Sign ZFS modules for Secure Boot If Secure Boot is enabled, you must sign the ZFS kernel modules. Here is a minimal working example for Rocky 9:

1. Install mokutil and openssl if not present

sudo dnf install -y mokutil openssl

2. Generate a new keypair (private + public cert)

sudo mkdir -p /root/module-signing cd /root/module-signing openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der
-nodes -days 36500 -subj “/CN=ZFS Secure Boot Module Key/”

3. Enroll the public key into MOK (Machine Owner Key) list

sudo mokutil –import MOK.der

-> You’ll be prompted for a password. You’ll need it at reboot.

4. Reboot and follow the “MOK manager” menu to enroll the key

sudo reboot

5. Sign the ZFS modules using the kernel’s sign-file helper

locate sign-file (path may vary)

KVER=$(uname -r) SIGHELPER=/usr/src/kernels/$KVER/scripts/sign-file

sign all zfs-related modules

for mod in $(find /lib/modules/$KVER/extra -name ‘.ko’); do sudo $SIGHELPER sha256 /root/module-signing/MOK.priv /root/module-signing/MOK.der “$mod” done

6. Refresh module dependency cache

sudo depmod -a Now, Secure Boot should allow the signed ZFS modules to load:

sudo modprobe zfs

  1. load and verify ZFS

    load modules (should be automatic)

    sudo modprobe zfs

confirm

lsmod | grep zfs zpool –version zfs –version If modprobe zfs fails, inspect dmesg and journalctl -k for errors. Typical causes: kernel mismatch, unsigned module (Secure Boot), or missing build artifacts.

  1. create a zpool (examples) WARNING: These commands destroy data on the target devices. Double-check device names.

Single-disk pool (testing only) sudo zpool create -f mypool /dev/sdb Mirror (recommended for redundancy) sudo zpool create -f -o ashift=12 mypool mirror /dev/sdb /dev/sdc Explanation: ashift=12 aligns to 4K sectors which is recommended for most modern drives/SSDs.

Verify:

sudo zpool status sudo zpool list sudo zfs list

  1. datasets, mountpoints and useful properties Create a dataset and set common properties:

create dataset mounted at /data

sudo zfs create -o mountpoint=/data mypool/data

enable compression and turn off atime for performance

sudo zfs set compression=lz4 mypool sudo zfs set atime=off mypool

create dataset for docker or virtual machines with tuned recordsize

sudo zfs create -o recordsize=1M mypool/vmstore ZFS mounts datasets automatically (if mountpoint is set). Use zfs mount -a to mount all datasets.

  1. enable ZFS at boot Enable services so pools & datasets come up on boot:

sudo systemctl enable –now zfs-import-cache.service zfs-mount.service zfs-zed.service zfs.target If you prefer the modules to always load early, create a modules-load file:

echo zfs | sudo tee /etc/modules-load.d/zfs.conf Notes: some systems use zfs-import-scan.service instead of zfs-import-cache.service. If pools aren’t imported on boot, zpool set cachefile=/etc/zfs/zpool.cache mypool and verify /etc/zfs/zpool.cache exists, or enable the scan-based import.

  1. snapshots, scrubs & basic maintenance

    snapshot

    sudo zfs snapshot mypool/data@initial

list snapshots

sudo zfs list -t snapshot

rollback (careful)

sudo zfs rollback mypool/data@initial

Delete Old Snapshots zfs destroy mypool/data@initial

start a scrub

sudo zpool scrub mypool

check status

sudo zpool status -v mypool Schedule scrubs periodically (e.g. weekly) and monitor zpool status.

Troubleshooting (common issues) Module won’t load — check dmesg, journalctl -k, lsmod. If Secure Boot is enabled, either sign modules or disable Secure Boot. If kernel mismatch, install matching kernel-devel and rebuild DKMS modules or use a matching kmod.

DKMS build failures — make sure kernel-devel matches uname -r. Reboot into the kernel that matches your kernel-devel package, or install the matching kernel-devel.

Pools not imported on boot — ensure zfs-import-cache.service is enabled and zpool set cachefile=/etc/zfs/zpool.cache was run. You can also use zfs-list.cache + zfs-zed.service to generate mount units.

After distro upgrade — kmod packages may break if the kernel ABI changed; you may need to reinstall kmod or rebuild DKMS.

How to remove ZFS (cleanly)

export/destroy pools first (careful)

sudo zpool export mypool

then remove packages

sudo dnf remove -y zfs zfs-dracut sudo dnf config-manager –disable zfs-kmod zfs

Updated: