| pick your distro, get ZFS on root
kldload — your platform, your way, free
Source
Tutorials

Post-Install Checklist — verify your system

Run these checks after every fresh install. They take about 5 minutes and confirm that ZFS, networking, services, and all kldload tools are working correctly before you start putting the system to use.

Step 1 — OS and kernel

cat /etc/os-release | grep -E "^(NAME|VERSION_ID|ID)="
uname -r

Expected: The distro you selected during install. The kernel version should be the latest available for that distro — on CentOS/RHEL this is typically 5.14.0-xxx.el9.x86_64, on Debian/Ubuntu it's the version from the release you installed.

# Also check the kldload release
cat /etc/kldload-release 2>/dev/null || echo "not found (pre-1.0 install)"

Step 2 — ZFS pool health

zpool status

Expected output:

  pool: rpool
 state: ONLINE
  scan: scrub repaired 0B in 00:00:01 with 0 errors on ...
config:

        NAME        STATE     READ WRITE CKSUM
        rpool       ONLINE       0     0     0
          sda       ONLINE       0     0     0   # or your disk name

errors: No known data errors

If state is anything other than ONLINE, see Troubleshooting.

# List all datasets
zfs list

# Expected: rpool, rpool/ROOT, rpool/ROOT/default, rpool/home, rpool/var/log (at minimum)

Step 3 — Network

# Show all interfaces and addresses
ip addr show

# Test DNS and internet
ping -c 3 1.1.1.1
ping -c 3 google.com

Expected: At least one interface with an IP address (not just loopback). Both pings should succeed. If ping 1.1.1.1 works but ping google.com fails, DNS is misconfigured:

# Check DNS resolver
cat /etc/resolv.conf
resolvectl status 2>/dev/null || systemd-resolve --status 2>/dev/null

Step 4 — Services

# kldload system status dashboard (shows all key services)
kst

Expected: kst shows green for kldload-webui, sshd, zfs-zed, NetworkManager. sanoid.timer may show as inactive on a brand-new install — it activates after the first scheduled run.

# Verify individually if needed
systemctl status sshd
systemctl status zfs-zed
systemctl status NetworkManager
systemctl status kldload-webui

# Check for any failed units
systemctl --failed

Expected: No failed units. If sanoid.timer is missing, it's normal on the core profile — it's only included with desktop and server profiles.

Step 5 — WireGuard

wg --version

Expected: wireguard-tools v1.0.20210914 or later. WireGuard is included with desktop and server profiles.

# Confirm the kernel module is available
modinfo wireguard | grep -E "^(filename|version)"

# Expected: the module ships in-kernel on modern kernels (5.6+)
# No separate DKMS required

Step 6 — eBPF

bpftrace --version

Expected: bpftrace v0.19.x or later (included with desktop and server profiles).

# Quick functional test — list kernel tracepoints
sudo bpftrace -l 'tracepoint:syscalls:*' | head -5

# Expected: a list of tracepoint names like:
# tracepoint:syscalls:sys_enter_read
# tracepoint:syscalls:sys_exit_read
# ...

Step 7 — sudo PATH

kldload tools live in /usr/local/bin/. Verify they're accessible under sudo:

sudo kst

Expected: kst runs and shows the system dashboard. If you get sudo: kst: command not found, the secure_path in sudoers may not include /usr/local/bin:

# Check sudo's PATH
sudo env | grep PATH

# Fix if needed — add to /etc/sudoers.d/kldload:
echo 'Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"' \
  | sudo tee /etc/sudoers.d/kldload

Step 8 — kpkg

kpkg list | head -20

Expected: A list of installed packages. This confirms kpkg can talk to the package manager and the darksite repos (for CentOS/Debian/Rocky) or the CDN (for RHEL) are configured.

# Test a search
kpkg search htop

Step 9 — Create first snapshot

Before making any configuration changes, take a baseline snapshot:

ksnap

Expected: Output like:

Snapshotting rpool/ROOT/default ... done
Snapshotting rpool/home ... done
Snapshotting rpool/var/log ... done
Created: manual-20260325-143000
# Verify the snapshot exists
ksnap list

Step 10 — Boot environments

kbe list

Expected: At least one boot environment named default marked as active. Multiple BEs may exist if kupgrade was run during install.

# Example output:
# NAME              ACTIVE  MOUNTPOINT  CREATION
# default           yes     /           2026-03-25 14:30

Step 11 — Run kupgrade (optional)

If the system was installed from an ISO that's more than a few weeks old, run a safe upgrade to pull in any security fixes:

kupgrade

This automatically creates a boot environment snapshot before upgrading, so you can roll back if anything goes wrong. If you're on a RHEL system, this pulls from the CDN — ensure internet access is available.

Quick one-liner summary

Run all basic health checks in one shot:

kst && zpool status && ip addr show && systemctl --failed && ksnap list

If all of these produce expected output with no errors, your system is healthy and ready to use.

← Unattended Install RHEL Setup →