|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
How to guarantee booting without manual intervention on an OpenBSD router
Hi everyone,
I have an OpenBSD 5.8 running on an alix apu1.d that operates as a router. Since this system is going to eventually be reset at some moment accidentally without properly unmounting its file systems, which means that, when booting, there is a possibility where automatic file system check won't be enough and fsck will have to run manually, I was wondering what the best way would be to manage such a situation. At the moment, I thought of editing fstab to disable fsck for all file systems. The truth is that the only file systems that may be written when on operation is /var/log and /tmp (or /var/tmp as well), so boot wise I could just disable file system checks on these two file systems, but we'll discuss that if this solution is acceptable. So, is this method "safe" (since I don't care if I lose any newly written information in this machine) or will I end up with a non usable system? And if so, what would be the best solution that could allow for a system to "always" boot without leaving a chance of having to run fsck manually? Thanks for your time and answers in advance! |
|
|||
On booting, a memory/RAM file system for the writeable directories (mount_mfs(8)) will be newly (re)created/formatted.
mount_mfs is kind of an alias for newfs. They share so much functionality that they are the same binary and are described in the same man page. Code:
$ ls -li /sbin/{newfs,mount_mfs} 26020 -r-xr-xr-x 2 root bin 214224 Dec 21 2012 /sbin/mount_mfs 26020 -r-xr-xr-x 2 root bin 214224 Dec 21 2012 /sbin/newfs From mount_mfs(8) Code:
NAME newfs, mount_mfs - construct a new file system
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 8th January 2016 at 10:42 AM. |
|
|||
Thanks for the reply!
To see if I understood correctly, you're proposing me to replace /var and /tmp (and whichever writable file systems I "don't care about losing their data") in my fstab with a memory file system whose "source" will be the appropriate device node? If so, I like the idea, otherwise please re-explain. Ah, and the -P option can be added in fstab's options? EDIT: I am trying to create one but I don't think I'm getting the syntax right. I am not sure what to put as a special node (I tried md without luck). So I ran this: Code:
# mount_mfs -P /var -s 256m md /root/var mount_mfs: md: No such file or directory Last edited by mamalos; 10th January 2016 at 11:40 AM. |
|
|||
What I am proposing is that you:
I have to go out now, I could only test the rsync part .... Good luck
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 11th January 2016 at 10:40 AM. Reason: Corrected according to IdOp's remark, and added '=" after -P option |
|
|||
@ldOp, yes Your Honor, I plead guilty
Code:
$ sudo rsync -aviH -n /var/ /Template/ | head -10 sending incremental file list .d..t...... ./ cd+++++++++ account/ cd+++++++++ audit/ cd+++++++++ authpf/ cd+++++++++ backups/ >f+++++++++ backups/device.backup >f+++++++++ backups/device.current >f+++++++++ backups/disklabel.sd0.backup >f+++++++++ backups/disklabel.sd0.current $ sudo rsync -aviH -n /var/ /Template | head -10 sending incremental file list .d..t...... ./ cd+++++++++ account/ cd+++++++++ audit/ cd+++++++++ authpf/ cd+++++++++ backups/ >f+++++++++ backups/device.backup >f+++++++++ backups/device.current >f+++++++++ backups/disklabel.sd0.backup >f+++++++++ backups/disklabel.sd0.current Code:
$ sudo rsync -aviH -n /var /Template/ | head -10 sending incremental file list cd+++++++++ var/ cd+++++++++ var/account/ cd+++++++++ var/audit/ cd+++++++++ var/authpf/ cd+++++++++ var/backups/ >f+++++++++ var/backups/device.backup >f+++++++++ var/backups/device.current >f+++++++++ var/backups/disklabel.sd0.backup >f+++++++++ var/backups/disklabel.sd0.current My defense: "Significant other" was already complaining why I still was at the computer, when we were supposed to be leaving for Eindhoven .... This also shows the importance of "peer review" , I suppose
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
The following has been tested on an old OpenBSD machine:
Code:
Code:
# ls -l /Template/var total 92 drwxr-xr-x 2 root wheel 512 Dec 21 2012 account drwxrws--- 2 root wheel 512 Dec 21 2012 audit drwxrwx--- 2 root authpf 512 Dec 21 2012 authpf drwx------ 2 root wheel 6144 Jan 10 01:30 backups drwxr-xr-x 3 root wheel 512 Dec 4 2012 cache drwxrwx--- 2 root wheel 512 Dec 26 2012 crash dr-xr-xr-x 4 root wheel 512 Jan 10 22:00 cron drwxr-xr-x 10 root wheel 512 Jan 9 03:30 db drwxr-xr-x 3 root wheel 512 Dec 21 2012 empty drwxrwxr-x 5 root games 512 Dec 26 2012 games drwxr-xr-x 3 root wheel 2048 Jan 10 22:00 log drwxr-xr-x 2 root wheel 512 Jan 10 01:30 mail drwx------ 8 _mysql _mysql 2048 Aug 10 13:58 mysql drwxr-xr-x 8 root wheel 512 Dec 26 2012 named drwxr-xr-x 6 root wheel 512 Dec 21 2012 nsd drwxr-x--- 2 root operator 512 Dec 21 2012 quotas drwxr-xr-x 3 root wheel 512 Jan 10 21:53 run drwxr-xr-x 2 root wheel 512 Dec 21 2012 rwho drwxr-xr-x 11 root wheel 512 Dec 31 2012 spool drwxrwxrwt 3 root wheel 512 Jan 9 03:30 tmp drwxr-xr-x 2 root wheel 512 Dec 21 2012 yp # mount /dev/wd0a on / type ffs (local, noatime, softdep) # cat /etc/fstab 3a6d4322b09ba067.b none swap sw 3a6d4322b09ba067.a / ffs rw,noatime,softdep 1 1 swap /monkey mfs rw,noatime,nosuid,noexec,-P=/Template/var,-s=120000 # mount /dev/wd0a on / type ffs (local, noatime, softdep) # swapctl -l Device 512-blocks Used Avail Capacity Priority /dev/wd0b 4180991 0 4180991 0% 0 # df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 27.6G 15.0G 11.2G 57% / # mount -a pax: /monkey/./cron/tabs/.sock skipped. Sockets cannot be copied or extracted pax: /monkey/./empty/dev/log skipped. Sockets cannot be copied or extracted # mount /dev/wd0a on / type ffs (local, noatime, softdep) mfs:5237 on /monkey type mfs (asynchronous, local, noatime, noexec, nosuid, size=120000 512-blocks) # df -h Filesystem Size Used Avail Capacity Mounted on /dev/wd0a 27.6G 15.0G 11.2G 57% / mfs:5237 56.7M 38.1M 15.7M 71% /monkey # ls -l /monkey total 56 drwxr-xr-x 2 root wheel 512 Dec 21 2012 account drwxrws--- 2 root wheel 512 Dec 21 2012 audit drwxrwx--- 2 root authpf 512 Dec 21 2012 authpf drwx------ 2 root wheel 6144 Jan 10 01:30 backups drwxr-xr-x 3 root wheel 512 Dec 4 2012 cache drwxrwx--- 2 root wheel 512 Dec 26 2012 crash dr-xr-xr-x 4 root wheel 512 Jan 10 22:00 cron drwxr-xr-x 10 root wheel 512 Jan 9 03:30 db drwxr-xr-x 3 root wheel 512 Dec 21 2012 empty drwxrwxr-x 5 root games 512 Dec 26 2012 games drwxr-xr-x 3 root wheel 2048 Jan 10 22:00 log drwxr-xr-x 2 root wheel 512 Jan 10 01:30 mail drwx------ 8 _mysql _mysql 2048 Aug 10 13:58 mysql drwxr-xr-x 8 root wheel 512 Dec 26 2012 named drwxr-xr-x 6 root wheel 512 Dec 21 2012 nsd drwxr-x--- 2 root operator 512 Dec 21 2012 quotas drwxr-xr-x 3 root wheel 512 Jan 10 21:53 run drwxr-xr-x 2 root wheel 512 Dec 21 2012 rwho drwxr-xr-x 11 root wheel 512 Dec 31 2012 spool drwxrwxrwt 3 root wheel 512 Jan 9 03:30 tmp drwxr-xr-x 2 root wheel 512 Dec 21 2012 yp Code:
# ls -lh /Template/var/mail total 6368 -rw------- 1 adriaan adriaan 229K Dec 28 2014 adriaan -rw------- 1 root wheel 2.8M Jan 10 01:30 root
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Re: mfs size
You can use du(1) to find out the size in sectors for the -s option: Code:
# du -s /var 115276 /var # du -sh /var 56.3M /var # du -sh /Template/var 39.4M /Template/var # du -s /Template/var 80752 /Template/var
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
I just tested the procedure and it works on an Alix board with an OpenBSD current version of :
Code:
OpenBSD 5.8-current (GENERIC) #1430: Sat Dec 12 09:13:24 MST 2015 deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC An excerpt of the interesting part where the test directory /monkey is being edited into the /var. Code:
171 ------ So reboot works .... 172 Now adjusting to really using /var instead of /monkey 173 ------------------------------------------------------- 174 175 ------------ reboot to single user mode 176 Note that I am connected with a serial console. 177 Single user mode will stop networking, so if you are logged in with SSH you have a problem. .... 178 179 --- see init(8) for more info about sending a 'TERM' signal to process nr 1 ... 180 181 root@alix[~]kill -TERM 1 182 Enter pathname of shell or RETURN for sh: 183 184 \u@\h[\w] 185 \u@\h[\w]mount 186 /dev/wd0a on / type ffs (local, noatime, softdep) 187 /dev/wd0e on /home type ffs (local, noatime, nodev, nosuid, softdep) 188 /dev/wd0d on /usr type ffs (local, noatime, nodev, softdep) 189 190 -- So we lost our 'mfs' file system ... 191 192 --- delete the contents of the /var directory, so we only have an empty 193 --- /var directory as mount point for the mfs reincarnation of /var 194 195 \u@\h[\w]rm -r /var/* 196 \u@\h[\w]ls -l /var 197 198 \u@\h[\w]cat /etc/fstab 199 72e6d0f437619269.b none swap sw 200 72e6d0f437619269.a / ffs rw,noatime,softdep 1 1 201 72e6d0f437619269.e /home ffs rw,noatime,softdep,nodev,nosuid 1 2 202 72e6d0f437619269.d /usr ffs rw,noatime,softdep,nodev 1 2 203 swap /monkey mfs rw,noatime,nosuid,noexec,-P=/Template.mfs/var,-s=80000 204 205 --- copy the /etc/fstab file 206 207 \u@\h[\w]cp /etc/fstab /etc/fstab.orig 208 209 --- test with sed(1) to change 'monkey' into 'var' 210 211 \u@\h[\w]sed -e 's/monkey/var/' /etc/fstab.orig 212 213 72e6d0f437619269.b none swap sw 214 72e6d0f437619269.a / ffs rw,noatime,softdep 1 1 215 72e6d0f437619269.e /home ffs rw,noatime,softdep,nodev,nosuid 1 2 216 72e6d0f437619269.d /usr ffs rw,noatime,softdep,nodev 1 2 217 swap /var mfs rw,noatime,nosuid,noexec,-P=/Template.mfs/var,-s=80000 218 219 --- Now the real thing ... 220 221 \u@\h[\w]sed -e 's/monkey/var/' /etc/fstab.orig >/etc/fstab 222 \u@\h[\w]cat /etc/fstab 223 72e6d0f437619269.b none swap sw 224 72e6d0f437619269.a / ffs rw,noatime,softdep 1 1 225 72e6d0f437619269.e /home ffs rw,noatime,softdep,nodev,nosuid 1 2 226 72e6d0f437619269.d /usr ffs rw,noatime,softdep,nodev 1 2 227 swap /var mfs rw,noatime,nosuid,noexec,-P=/Template.mfs/var,-s=80000 228 229 --- Looks good so we can reboot 230 \u@\h[\w]reboot 231 dd: /var/db/host.random: No such file or directory 232 chmod: /var/db/host.random: No such file or directory 233 dd: /var/db/host.random: No such file or directory 234 single user: not running shutdown scripts 235 syncing disks... done 236 rebooting... 252 root@alix[~]mount 253 /dev/wd0a on / type ffs (local, noatime, softdep) 254 /dev/wd0e on /home type ffs (local, noatime, nodev, nosuid, softdep) 255 /dev/wd0d on /usr type ffs (local, noatime, nodev, softdep) 256 mfs:1731 on /var type mfs (asynchronous, local, noatime, noexec, nosuid, size=80000 512-blocks) 257 258 root@alix[~]ls -l /var 259 total 40 260 drwxr-xr-x 2 root wheel 512 Dec 12 17:05 account 261 drwxrws--- 2 root wheel 512 Dec 12 17:05 audit 262 [snip] 263 drwxr-xr-x 4 root wheel 512 Dec 12 17:05 unbound 264 drwxr-xr-x 2 root wheel 512 Dec 12 17:06 yp 265 266 root@alix[~]df -h 267 Filesystem Size Used Avail Capacity Mounted on 268 /dev/wd0a 873M 44.2M 785M 5% / 269 /dev/wd0e 376M 9.8M 348M 3% /home 270 /dev/wd0d 2.2G 185M 1.9G 9% /usr 271 mfs:1731 37.7M 3.5M 32.3M 10% /var 272 273 --- end of transcript (slightly edited of course ;) ) I don't think it worth to move /tmp to use a memory file system. It usually is empty. Another reason is the following section of mount_mfs(1): Code:
ENVIRONMENT TMPDIR Directory in which to create temporary mount points for use by mount_mfs -P instead of /tmp. Re: /dev Some people also use a MFS for /dev. See https://www.mail-archive.com/openbsd.../msg01014.html I will try that another day ... BTW In case of questions you can use $ less -N alix-mfs.txt to see or refer to the line numbers of the transcript.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Thanks J65nko, you've been ridiculously helpful!
I haven't tested it yet, but I'll do it on Friday, so I'll come with news once it works. If I encounter any problems after such an analytical explanation, I'll have to upgrade my IQ. Then I will ask for help. Thanks again!! |
|
|||
J65nko, I've tested it and it works fine. Thanks again!
|
Tags |
/etc/fstab, memory disk, mfs, ram disk |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD Native EFI booting coming to OpenBSD | ocicat | News | 10 | 17th September 2015 01:25 PM |
Dual booting encrypted OpenBSD with Windows | e1-531g | OpenBSD General | 2 | 16th August 2015 02:06 PM |
Info for openbsd manual in italian language | ilparente | OpenBSD General | 3 | 23rd November 2013 07:25 PM |
dual booting OpenBSD and NetBSD | daemonfowl | NetBSD Installation and Upgrading | 1 | 21st February 2012 01:06 PM |
Beep or visual signal after booting OpenBSD/sparc64 | hansivers | OpenBSD General | 10 | 20th September 2009 04:08 PM |