Tuesday, June 9, 2020 7:59 AM, Vertigo Altair <vertigo.alt...@gmail.com> wrote:
> Hi Misc, > I have a firewall device and I'm using OpenBSD on it. Last year I had to configure an OpenBSD 6.5 firewall for use in a remote location, and was concerned about power loss corrupting the filesystem and making the system unbootable without manual intervention. As I did not want to modify OpenBSD in unsupported ways, I decided to test what kind of damage power loss could do, by randomly removing and applying power to the firewall, many many times. What I found was that 99% of the time, the system would just repair the filesystem and boot without problems, but if by chance the power was removed at a short time window during kernel relinking, the kernel would become corrupt and leave the system completely unbootable and not easy to repair. It was suggested to me that I tried to mount root partition with the sync option, so I arranged the partition layout in a way that would make it feasible and added the option to fstab. Only other problem I found, was that a few times after removing power when writing a large file, the system would require me to run fsck -y manually, this is by design, but I decided it was more important to me that the system could boot unattended, with a minuscule risk of completely ruining the filesystem, so I wrote a small unsupported patch for the rc script (sorry if the formatting gets messed up by posting): The patch has only been tested on OpenBSD 6.5. --- Index: src/etc/rc =================================================================== RCS file: /cvs/src/etc/rc,v retrieving revision 1.536 diff -u -p -u -p -r1.536 rc --- src/etc/rc 1 Apr 2019 11:39:46 -0000 1.536 +++ src/etc/rc 20 Aug 2019 22:47:49 -0000 @@ -1,5 +1,8 @@ # $OpenBSD: rc,v 1.536 2019/04/01 11:39:46 tedu Exp $ +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an +# automatic file system check fails with exit code 8. + # System startup script run by init on autoboot or after single-user. # Output and error are redirected to console by init, and the console is the # controlling terminal. @@ -271,8 +274,14 @@ do_fsck() { echo "Reboot failed; help!" exit 1 ;; - 8) echo "Automatic file system check failed; help!" - exit 1 + 8) echo "Automatic file system check failed; trying fsck -y" + fsck -y + case $? in + 0) ;; + *) echo "Could not repair file system unattended; help!" + exit 1 + ;; + esac ;; 12) echo "Boot interrupted." exit 1 --- After mounting root filesystem with sync option and applying the patch, I was no longer able to make the system unbootable by power loss in my test setup. It may be possible, but the risk is now so small that it is not a concern for me and the risk of something else breaking is probably bigger. During operation in remote location, the system has always been able to completely boot after a power loss so far. So while it was not possible for me to not make any unsupported modifications at all, I think it is a very small change compared to have read only filesystems. Anyone who knows OpenBSD, will be able to manage the firewall without special instructions. Regards, Mogens Jensen