On 6/4/19 3:30 PM, Mogens Jensen wrote:
I'm going to build a router for use in a remote location, and I have chosen OpenBSD 6.5 for the task. Unfortunately, it's not possible to protect the router with an UPS, so it will have to be resilient enough to survive sudden power outages and still boot without manual intervention. In the past I have built a few Linux based routers and they were configured to run from RAM. I have made some research to see if this is also possible on OpenBSD and found that, while there are solutions to have / read-only, none of this is officially supported. Can anyone with experience running OpenBSD routers without UPS, tell if filesystem corruption is going to be a problem after power outages, or if there are any officially supported ways to make the system resilient enough to not break after a power outage? I'm using an mSATA disk with MLC flash in the router. Thanks in advance. Mogens Jensen
As Mr. Holland points out, a UPS doesn't really help overall reliability. In practice, /, /bin, and /usr are effectively read-only except for kernel and shared library randomization at boot time. /var gets written infrequently for logs, etc. /tmp, of course, is frequently written but its contents are irrelevant after a reboot. An important way to reduce disk activity is to mount all filesystems "noatime". This suppresses effectively all writes to /, /bin, and /usr after boot. Changes to /var get pushed to disk fairly quickly. The likelihood of significant corruption is very small. In practice, I knock my router off-line once or twice a month by messing with power cables nearby. The only way I find out is by looking at the logs. I've never had to manually fsck any of my routers except after electrical storms - and only then after moving the disk to a non-smoking chassis. Physical access to a console by a trusted person or remote console access is required. Not for any failings of OpenBSD in particular but for the guaranteed perversity of electronic devices and unforseeable acts of nature and man messing up the local environment. You will [should] access the system twice a year to install the latest release. [ insert standard disclaimers here ] Geoff Steckel