On Mon, Jun 22, 2020 at 4:24 PM Mogens Jensen <mogens-jen...@protonmail.com> wrote: > > Tuesday, June 9, 2020 7:59 AM, Vertigo Altair <vertigo.alt...@gmail.com> > wrote: > > > Hi Misc, > > I have a firewall device and I'm using OpenBSD on it. > > Last year I had to configure an OpenBSD 6.5 firewall for use in a > remote location, and was concerned about power loss corrupting the > filesystem and making the system unbootable without manual > intervention. As I did not want to modify OpenBSD in unsupported ways, > I decided to test what kind of damage power loss could do, by > randomly removing and applying power to the firewall, many many times. > > What I found was that 99% of the time, the system would just repair the > filesystem and boot without problems, but if by chance the power was > removed at a short time window during kernel relinking, the kernel > would become corrupt and leave the system completely unbootable and > not easy to repair. It was suggested to me that I tried to mount root > partition with the sync option, so I arranged the partition layout in a > way that would make it feasible and added the option to fstab. > > Only other problem I found, was that a few times after removing power > when writing a large file, the system would require me to run fsck -y > manually, this is by design, but I decided it was more important to me > that the system could boot unattended, with a minuscule risk of > completely ruining the filesystem, so I wrote a small unsupported patch > for the rc script (sorry if the formatting gets messed up by posting): > > The patch has only been tested on OpenBSD 6.5. > > --- > Index: src/etc/rc > =================================================================== > RCS file: /cvs/src/etc/rc,v > retrieving revision 1.536 > diff -u -p -u -p -r1.536 rc > --- src/etc/rc 1 Apr 2019 11:39:46 -0000 1.536 > +++ src/etc/rc 20 Aug 2019 22:47:49 -0000 > @@ -1,5 +1,8 @@ > # $OpenBSD: rc,v 1.536 2019/04/01 11:39:46 tedu Exp $ > > +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an > +# automatic file system check fails with exit code 8. > + > # System startup script run by init on autoboot or after single-user. > # Output and error are redirected to console by init, and the console is the > # controlling terminal. > @@ -271,8 +274,14 @@ do_fsck() { > echo "Reboot failed; help!" > exit 1 > ;; > - 8) echo "Automatic file system check failed; help!" > - exit 1 > + 8) echo "Automatic file system check failed; trying fsck -y" > + fsck -y > + case $? in > + 0) ;; > + *) echo "Could not repair file system unattended; help!" > + exit 1 > + ;; > + esac > ;; > 12) echo "Boot interrupted." > exit 1 > --- > > After mounting root filesystem with sync option and applying the patch, > I was no longer able to make the system unbootable by power loss in my > test setup. It may be possible, but the risk is now so small that it is > not a concern for me and the risk of something else breaking is > probably bigger. During operation in remote location, the system has > always been able to completely boot after a power loss so far. > > So while it was not possible for me to not make any unsupported > modifications at all, I think it is a very small change compared to > have read only filesystems. Anyone who knows OpenBSD, will be able to > manage the firewall without special instructions. > > > Regards, > Mogens Jensen >
Auto filesystem repair is bad juju. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse