| View previous topic :: View next topic |
| Author |
Message |
trumee
Guru
Joined: 02 Mar 2003
Posts: 551
Location: London,UK
|
 Posted: Wed May 06, 2015 3:28 am Post subject: Suggestions for a Readonly system |
 |
|
Hello,
I am setting up a headless Intel NUC to be used in a region with lot of power failures. Unfortunately UPS is not an option hence i am trying to safeguard the file system. This what i have done so far:
1. Disabled write cache on hdd using
| Code: | | hdparm -W0 /dev/sda |
2. Created a tmpfs filesystem by using following in /etc/fstab and readonly /home
| Code: |
/dev/sda1 / ext4 rw,noatime 0 1
/dev/sda2 none swap sw 0 0
/dev/sda5 /home ext4 ro,noatime 0 1
tmpfs /tmp tmpfs nodev,nosuid,size=512M 0 0
|
3. Used this script to move /var/{tmp, log, lock, run} to tmpfs
4. Symlinked /proc/self/mounts to /etc/mtab
5. Stuck the following in /etc/local.d/local.start
| Code: |
mount -o remount,ro /
|
6. Stuck the following in /etc/local.d/local.stop
| Code: |
mount -o remount,rw /
|
With these steps the system boots with a read-write /. The vartmp script (3 above) kicks in and copies the /var files to tmpfs. The / filesystem goes to read-only mode with local.start.
My current issue with the above is that the systems boots with a 'read-write' root filesystem. Hence if there is power loss at bootup there is potential of failure. Ideally i would like to boot using a read-only rootfs. Also, how should the kernel be built to minimize the bootup time?
Thanks
Last edited by trumee on Tue May 12, 2015 1:24 am; edited 1 time in total |
|
| Back to top |
|
 |
ct85711
Veteran
Joined: 27 Sep 2005
Posts: 1791
|
| Posted: Wed May 06, 2015 5:39 am Post subject: |
|
|
| The only thought I have, if you are really worried about having a readonly system, why don't you just make a custom bootcd and boot only from that. This way you will know 100% the base system will always be readonly, and the running copy is only in the memory. You won't have much on performance, but you also won't ever have to worry about your system ever changing (can't change a cdr/dvdr disc once it is burnt). |
|
| Back to top |
|
|
trumee
Guru
Joined: 02 Mar 2003
Posts: 551
Location: London,UK
|
| Posted: Sat May 09, 2015 11:03 pm Post subject: |
|
|
Unfortunately the NUC doesnt have a cdrom so i have to use the internal hdd only.
I would like to run mysql on this system as well (for zoneminder). I was thinking of creating a separate partition for mysql
| Code: |
/dev/sda5 /home ext4 rw,noatime 0 0
|
The '0' in sixth column would cause the drive not to be fscked at boot time. What i dont want is the system to hang if the sda5 partition gets too much corrupted. Rather i would like to do an fsck manually via cron or something.
I wanted to check whether this approach of mixed ro and rw partition would still keep hdd safe. Last thing i want is total hdd failure and loss of remote access. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54236
Location: 56N 3W
|
| Posted: Sun May 10, 2015 12:24 am Post subject: |
|
|
trumee,
| trumee wrote: | | 3. Used this script to move /var/{tmp, log, lock, run} to tmpfs |
/var/run should be a symlink to /run, which is in tmpfs anyway.
You can use /etc/fstab to mount /var/{tmp, log, lock} as tmpfs.
A lot of locks are held in /run/lock too. On my system, /var/lock is a symlink to /run/lock
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
trumee
Guru
Joined: 02 Mar 2003
Posts: 551
Location: London,UK
|
| Posted: Tue May 12, 2015 1:33 am Post subject: |
|
|
Thanks, I had a rethink on what you suggested. I have eliminated the vartmp script and did the following.
| Code: |
#cat /etc/fstab
/dev/sda1 / ext4 ro,noatime 0 1
/dev/sda2 none swap sw 0 0
/dev/sda3 /home ext4 ro,noatime 0 1
tmpfs /tmp tmpfs nodev,nosuid,size=512M 0 0
tmpfs /var/log tmpfs nodev,nosuid,size=512M 0 0
tmpfs /var/tmp tmpfs nodev,nosuid,size=2048M 0 0
tmpfs /var/lib/misc tmpfs nodev,nosuid,size=1M 0 0
|
I had to mount /var/lib/misc as well since a "random-seed" is created in the directory.
Also,
| Code: |
#cat /etc/local.d/local.start
tar -xf /var/log_11_05_2015.tar -C /var/log/
tar -xf /var/tmp_11_05_2015.tar -C /var/tmp/
|
The tar files were created from a new install. This way i can retain the original directories and permissions in the /var/log folder. This is an advantage over the vartmp script where you lose the files incase of power failure.
Is there any other folder which needs to be created as tmpfs? /var/lib/dhcpcd? |
|
| Back to top |
|
|
trumee
Guru
Joined: 02 Mar 2003
Posts: 551
Location: London,UK
|
| Posted: Thu May 21, 2015 1:01 pm Post subject: |
|
|
Here is my modified vartmp script. It copies the /var files to tmpfs on start(), but doesnt copy them back on stop(). This way i can have a 'ro' filesystem always.
| Code: |
#!/sbin/runscript
#
# This init script mounts various /var sub-directories into RAM-based filesystem
# (i.e. tmpfs). There are two main advantages in doing so:
# - speed: its speeds up logging processes
# - disk-sync: it reduces the need for constant disk syncs
#
# and make sure the ${VARTMP} directory is created and/or mounted before
# executing this script.
depend() {
need localmount
before bootmisc
}
start() {
ebegin "Migrating /var to tmpfs "
#
# Check existence of ${VARTMP}
#
if [ -z ${VARTMP} ]; then
VARTMP=/dev/shm/vartmp
fi
if [ ! -d ${VARTMP} ]; then
mkdir ${VARTMP}
fi
for d in ${VARTMP_DIRS}; do
copy_to_vartmp ${d}
done
eend $?
}
stop() {
ebegin "Unmount /var from tmpfs "
if [ -z ${VARTMP} ]; then
VARTMP=/dev/shm/vartmp
fi
for d in ${VARTMP_DIRS}; do
umount_from_vartmp ${d}
done
eend $?
}
# This function transfer /var/* to ${VARTMP}
copy_to_vartmp() {
ebegin "Copying /var/${1} to ${VARTMP}/${1} "
#
# Move /var/xxx contents to ${VARTMP}
#
if [ -e /var/${1} ]; then
cp -rpf /var/${1} ${VARTMP}
mount -o bind ${VARTMP}/${1} /var/${1}
else
if [ ! -d ${VARTMP}/${1} ]; then
rm -f ${VARTMP}/${1}
mkdir ${VARTMP}/${1}
chmod 775 ${VARTMP}/${1}
fi
fi
eend $?
}
|
|
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 54236
Location: 56N 3W
|
| Posted: Thu May 21, 2015 5:10 pm Post subject: |
|
|
trumee,
/var on its own partition works if you are careful with your kernel build.
That way you can mount /var read only in /etc/fstab along with /var/log (and other things) as tmpfs
I don't understand the need for your script at all.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
trumee
Guru
Joined: 02 Mar 2003
Posts: 551
Location: London,UK
|
| Posted: Thu May 21, 2015 11:01 pm Post subject: |
|
|
| NeddySeagoon wrote: | trumee,
/var on its own partition works if you are careful with your kernel build.
That way you can mount /var read only in /etc/fstab along with /var/log (and other things) as tmpfs
I don't understand the need for your script at all. |
What do you mean by "careful with your kernel build"?
I dont have a /var on a separate partition. I copy /var/log into tmpfs because i want to keep the log files with correct permissions. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Other Things Gentoo
