On 2020-06-09, Vertigo Altair <vertigo.alt...@gmail.com> wrote: > Hi Misc, > I have a firewall device and I'm using OpenBSD on it. There is an > electricity problem where the device runs. Therefore, I have to run the > "fsck -y" command regularly at startup due to the electricity problem. To > overcome this, I want to use readonly file system. > I know there are some projects like "resflash", but I want to do that > manually.
The usual way to handle / is to have it RW during boot and remount it (mount -ur /) in rc.local. Use a ramdisk (MFS) for /dev. Create a directory on / to populate it from, e.g. cd / mkdir dev_src cp dev/MAKEDEV dev_src cd dev_src sh MAKEDEV all Mount /dev using the -P mount option to populate it from your source directory, it doesn't need much space but needs quite a few inodes, a line like this works: swap /dev mfs rw,async,noatime,nosuid,-s2M,-i8,-P/dev_src 0 0 The dev_src directory needs regenerating after OS updates. /tmp and /var/run probably also best done as ramdisk. Other parts of /var, especially /var/db, are tricky, you can use a ramdisk populated from a source directory as with /dev, but you need a way to sync it back to the source directory otherwise you run into problems (dhcp leases, /var/db/pkg, maybe others depending on what you run). logs: syslog memory buffers are useful. Normally OpenBSD relinks the kernel in a random order - at the end of running /etc/rc, and when you use syspatch to add kernel patches. With RO /usr and / this can't be done. If power is unstable it is often good to avoid the relinking at boot (I've had a few where power has gone, come back for long enough to start relinking, then gone again during relink - considering how circuit breakers work this isn't a big surprise).. but you'll need to be aware of this when applying patches. I have a number of VPN client routers in situations where they may have unstable power or people powering them down without halting first. I tried quite hard to use OpenBSD with them (usually on pcengines boards - alix, apu etc) with various run-from-ramdisk (flashboot, flashrd, resflash) or manual readonly+MFS setups, but came to the conclusion that it's just too much hassle wrangling these and keeping on top of OpenBSD updates. I had to add a bunch more earlier this year so now I have ~60 hapac2 running routeros. Definitely not perfect but seems a better fit to this situation.
