View previous topic :: View next topic |
Author |
Message |
trumee Guru
Joined: 02 Mar 2003 Posts: 551 Location: London,UK
|
Posted: Wed May 06, 2015 3:28 am Post subject: Suggestions for a Readonly system |
|
|
Hello,
I am setting up a headless Intel NUC to be used in a region with lot of power failures. Unfortunately UPS is not an option hence i am trying to safeguard the file system. This what i have done so far:
1. Disabled write cache on hdd using
Code: | hdparm -W0 /dev/sda |
2. Created a tmpfs filesystem by using following in /etc/fstab and readonly /home
Code: |
/dev/sda1 / ext4 rw,noatime 0 1
/dev/sda2 none swap sw 0 0
/dev/sda5 /home ext4 ro,noatime 0 1
tmpfs /tmp tmpfs nodev,nosuid,size=512M 0 0
|
3. Used this script to move /var/{tmp, log, lock, run} to tmpfs
4. Symlinked /proc/self/mounts to /etc/mtab
5. Stuck the following in /etc/local.d/local.start
Code: |
mount -o remount,ro /
|
6. Stuck the following in /etc/local.d/local.stop
Code: |
mount -o remount,rw /
|
With these steps the system boots with a read-write /. The vartmp script (3 above) kicks in and copies the /var files to tmpfs. The / filesystem goes to read-only mode with local.start.
My current issue with the above is that the systems boots with a 'read-write' root filesystem. Hence if there is power loss at bootup there is potential of failure. Ideally i would like to boot using a read-only rootfs. Also, how should the kernel be built to minimize the bootup time?
Thanks
Last edited by trumee on Tue May 12, 2015 1:24 am; edited 1 time in total |
|
Back to top |
|
|
ct85711 Veteran
Joined: 27 Sep 2005 Posts: 1791
|
Posted: Wed May 06, 2015 5:39 am Post subject: |
|
|
The only thought I have, if you are really worried about having a readonly system, why don't you just make a custom bootcd and boot only from that. This way you will know 100% the base system will always be readonly, and the running copy is only in the memory. You won't have much on performance, but you also won't ever have to worry about your system ever changing (can't change a cdr/dvdr disc once it is burnt). |
|
Back to top |
|
|
trumee Guru
Joined: 02 Mar 2003 Posts: 551 Location: London,UK
|
Posted: Sat May 09, 2015 11:03 pm Post subject: |
|
|
Unfortunately the NUC doesnt have a cdrom so i have to use the internal hdd only.
I would like to run mysql on this system as well (for zoneminder). I was thinking of creating a separate partition for mysql
Code: |
/dev/sda5 /home ext4 rw,noatime 0 0
|
The '0' in sixth column would cause the drive not to be fscked at boot time. What i dont want is the system to hang if the sda5 partition gets too much corrupted. Rather i would like to do an fsck manually via cron or something.
I wanted to check whether this approach of mixed ro and rw partition would still keep hdd safe. Last thing i want is total hdd failure and loss of remote access. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54236 Location: 56N 3W
|
Posted: Sun May 10, 2015 12:24 am Post subject: |
|
|
trumee,
trumee wrote: | 3. Used this script to move /var/{tmp, log, lock, run} to tmpfs |
/var/run should be a symlink to /run, which is in tmpfs anyway.
You can use /etc/fstab to mount /var/{tmp, log, lock} as tmpfs.
A lot of locks are held in /run/lock too. On my system, /var/lock is a symlink to /run/lock _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
trumee Guru
Joined: 02 Mar 2003 Posts: 551 Location: London,UK
|
Posted: Tue May 12, 2015 1:33 am Post subject: |
|
|
Thanks, I had a rethink on what you suggested. I have eliminated the vartmp script and did the following.
Code: |
#cat /etc/fstab
/dev/sda1 / ext4 ro,noatime 0 1
/dev/sda2 none swap sw 0 0
/dev/sda3 /home ext4 ro,noatime 0 1
tmpfs /tmp tmpfs nodev,nosuid,size=512M 0 0
tmpfs /var/log tmpfs nodev,nosuid,size=512M 0 0
tmpfs /var/tmp tmpfs nodev,nosuid,size=2048M 0 0
tmpfs /var/lib/misc tmpfs nodev,nosuid,size=1M 0 0
|
I had to mount /var/lib/misc as well since a "random-seed" is created in the directory.
Also,
Code: |
#cat /etc/local.d/local.start
tar -xf /var/log_11_05_2015.tar -C /var/log/
tar -xf /var/tmp_11_05_2015.tar -C /var/tmp/
|
The tar files were created from a new install. This way i can retain the original directories and permissions in the /var/log folder. This is an advantage over the vartmp script where you lose the files incase of power failure.
Is there any other folder which needs to be created as tmpfs? /var/lib/dhcpcd? |
|
Back to top |
|
|
trumee Guru
Joined: 02 Mar 2003 Posts: 551 Location: London,UK
|
Posted: Thu May 21, 2015 1:01 pm Post subject: |
|
|
Here is my modified vartmp script. It copies the /var files to tmpfs on start(), but doesnt copy them back on stop(). This way i can have a 'ro' filesystem always.
Code: |
#!/sbin/runscript
#
# This init script mounts various /var sub-directories into RAM-based filesystem
# (i.e. tmpfs). There are two main advantages in doing so:
# - speed: its speeds up logging processes
# - disk-sync: it reduces the need for constant disk syncs
#
# and make sure the ${VARTMP} directory is created and/or mounted before
# executing this script.
depend() {
need localmount
before bootmisc
}
start() {
ebegin "Migrating /var to tmpfs "
#
# Check existence of ${VARTMP}
#
if [ -z ${VARTMP} ]; then
VARTMP=/dev/shm/vartmp
fi
if [ ! -d ${VARTMP} ]; then
mkdir ${VARTMP}
fi
for d in ${VARTMP_DIRS}; do
copy_to_vartmp ${d}
done
eend $?
}
stop() {
ebegin "Unmount /var from tmpfs "
if [ -z ${VARTMP} ]; then
VARTMP=/dev/shm/vartmp
fi
for d in ${VARTMP_DIRS}; do
umount_from_vartmp ${d}
done
eend $?
}
# This function transfer /var/* to ${VARTMP}
copy_to_vartmp() {
ebegin "Copying /var/${1} to ${VARTMP}/${1} "
#
# Move /var/xxx contents to ${VARTMP}
#
if [ -e /var/${1} ]; then
cp -rpf /var/${1} ${VARTMP}
mount -o bind ${VARTMP}/${1} /var/${1}
else
if [ ! -d ${VARTMP}/${1} ]; then
rm -f ${VARTMP}/${1}
mkdir ${VARTMP}/${1}
chmod 775 ${VARTMP}/${1}
fi
fi
eend $?
}
|
|
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54236 Location: 56N 3W
|
Posted: Thu May 21, 2015 5:10 pm Post subject: |
|
|
trumee,
/var on its own partition works if you are careful with your kernel build.
That way you can mount /var read only in /etc/fstab along with /var/log (and other things) as tmpfs
I don't understand the need for your script at all. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
trumee Guru
Joined: 02 Mar 2003 Posts: 551 Location: London,UK
|
Posted: Thu May 21, 2015 11:01 pm Post subject: |
|
|
NeddySeagoon wrote: | trumee,
/var on its own partition works if you are careful with your kernel build.
That way you can mount /var read only in /etc/fstab along with /var/log (and other things) as tmpfs
I don't understand the need for your script at all. |
What do you mean by "careful with your kernel build"?
I dont have a /var on a separate partition. I copy /var/log into tmpfs because i want to keep the log files with correct permissions. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|