On Mon, Jun 22, 2020 at 4:24 PM Mogens Jensen
<mogens-jen...@protonmail.com> wrote:
>
> Tuesday, June 9, 2020 7:59 AM, Vertigo Altair <vertigo.alt...@gmail.com>
> wrote:
>
> > Hi Misc,
> > I have a firewall device and I'm using OpenBSD on it.
>
> Last year I had to configure an OpenBSD 6.5 firewall for use in a
> remote location, and was concerned about power loss corrupting the
> filesystem and making the system unbootable without manual
> intervention. As I did not want to modify OpenBSD in unsupported ways,
> I decided to test what kind of damage power loss could do, by
> randomly removing and applying power to the firewall, many many times.
>
> What I found was that 99% of the time, the system would just repair the
> filesystem and boot without problems, but if by chance the power was
> removed at a short time window during kernel relinking, the kernel
> would become corrupt and leave the system completely unbootable and
> not easy to repair. It was suggested to me that I tried to mount root
> partition with the sync option, so I arranged the partition layout in a
> way that would make it feasible and added the option to fstab.
>
> Only other problem I found, was that a few times after removing power
> when writing a large file, the system would require me to run fsck -y
> manually, this is by design, but I decided it was more important to me
> that the system could boot unattended, with a minuscule risk of
> completely ruining the filesystem, so I wrote a small unsupported patch
> for the rc script (sorry if the formatting gets messed up by posting):
>
> The patch has only been tested on OpenBSD 6.5.
>
> ---
> Index: src/etc/rc
> ===================================================================
> RCS file: /cvs/src/etc/rc,v
> retrieving revision 1.536
> diff -u -p -u -p -r1.536 rc
> --- src/etc/rc 1 Apr 2019 11:39:46 -0000 1.536
> +++ src/etc/rc 20 Aug 2019 22:47:49 -0000
> @@ -1,5 +1,8 @@
> # $OpenBSD: rc,v 1.536 2019/04/01 11:39:46 tedu Exp $
>
> +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an
> +# automatic file system check fails with exit code 8.
> +
> # System startup script run by init on autoboot or after single-user.
> # Output and error are redirected to console by init, and the console is the
> # controlling terminal.
> @@ -271,8 +274,14 @@ do_fsck() {
> echo "Reboot failed; help!"
> exit 1
> ;;
> - 8) echo "Automatic file system check failed; help!"
> - exit 1
> + 8) echo "Automatic file system check failed; trying fsck -y"
> + fsck -y
> + case $? in
> + 0) ;;
> + *) echo "Could not repair file system unattended; help!"
> + exit 1
> + ;;
> + esac
> ;;
> 12) echo "Boot interrupted."
> exit 1
> ---
>
> After mounting root filesystem with sync option and applying the patch,
> I was no longer able to make the system unbootable by power loss in my
> test setup. It may be possible, but the risk is now so small that it is
> not a concern for me and the risk of something else breaking is
> probably bigger. During operation in remote location, the system has
> always been able to completely boot after a power loss so far.
>
> So while it was not possible for me to not make any unsupported
> modifications at all, I think it is a very small change compared to
> have read only filesystems. Anyone who knows OpenBSD, will be able to
> manage the firewall without special instructions.
>
>
> Regards,
> Mogens Jensen
>
Auto filesystem repair is bad juju.
--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse
