Can I run a full pfSense install on a 16GB Sata-DOM?
-
Thanks in advance for all who assist me in these 4 questions.
I have researched everywhere, including this thread (https://forum.pfsense.org/index.php?topic=34381.0) but can't find a definitive answer. I do find a lot of contradictions.
(1) If I modify my setup, can I run a full, non-embedded install of the latest PFSense on my SuperMicro 16GB SATA-DOM (SuperMicro X9SCL board) without burning the SATA-DOM out in a few months? I want to run Squid, syslog-NG and other packages that do lots of writes. I also want to maintain all data across reboots.
(2) If so, should I push all the caching and logs to a 500GB SATA HD I have already installed in the server?
(3) With slow Squid cache writes and reads to and from the SATA HD, won't this negate the whole purpose of running PFSense on a flash type medium?
(4) Should I just purchase a large SSD, and do the full install on it, not worrying about NAND flash cells being worn?Apologies for any technical inaccuracies.
-
I'm on the same boat and I just want to repost my post here:
"So I bought a PC Engine APU2C4 system with a 16GB mSATA SSD drive in it. I'm about to install pfsense but not really sure if I need to go nanobsd or the full install. Since this SSD is one of the newer ones, I believe I shouldn't be too concerned about write failures but then again the only packages (for now) that I'm using are squid and lightsquid. Squid is quite know to write a lot as it is its purpose (caching). So with that, which version should you think I go with?"
-
After running on my SATA-DOM for just 10 hours (not in production), and WITHOUT Squid or any packages installed, following the + marks is what SMART reports on the SATA-DOM drive.
I have no idea if the
"233 Media_Wearout_Indicator 0x0013 100 100 000 Pre-fail Always - 5280"
value of 5280 is a tiny grain of sand on a beach of NAND cells.
++++++++++++++++++++++++++++++++++++++++++++++++
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
1 Raw_Read_Error_Rate 0x000a 100 100 000 Old_age Always - 0
9 Power_On_Hours 0x0012 100 100 000 Old_age Always - 10
12 Power_Cycle_Count 0x0012 100 100 000 Old_age Always - 10
168 Unknown_Attribute 0x0012 100 100 000 Old_age Always - 0
169 Unknown_Attribute 0x0000 100 100 000 Old_age Offline - 22
170 Unknown_Attribute 0x0013 100 100 010 Pre-fail Always - 14
173 Unknown_Attribute 0x0000 100 100 000 Old_age Offline - 65536
192 Power-Off_Retract_Count 0x0012 100 100 000 Old_age Always - 0
194 Temperature_Celsius 0x0023 070 070 000 Pre-fail Always - 30
196 Reallocated_Event_Count 0x0000 100 100 000 Old_age Offline - 0
218 Unknown_Attribute 0x0000 100 100 000 Old_age Offline - 0
231 Temperature_Celsius 0x0013 100 100 000 Pre-fail Always - 100
233 Media_Wearout_Indicator 0x0013 100 100 000 Pre-fail Always - 5280
241 Total_LBAs_Written 0x0012 100 100 000 Old_age Always - 7048
242 Total_LBAs_Read 0x0012 100 100 000 Old_age Always - 404
246 Unknown_Attribute 0x0000 100 100 000 Old_age Offline - 909SMART Error Log Version: 1
No Errors LoggedSMART Self-test log structure revision number 1
No self-tests have been logged. [To run self-tests, use: smartctl -t] -
I've installed it on a 1GB DOM module, read this thread: https://forum.pfsense.org/index.php?topic=109772.0
Installing it on 16GB is similar… -
Gotcha! Thanks for that. I'm re-installing the full pfsense release now (I installed it normally earlier) by making sure to specify "*" in the partition size and deleting the "swap subpartition".
I'm assuming I should go with the embedded kernel since my APU2C4 doesn't have any VGA output anyway, right? Why is there no "SMP" custom kernel option?
So after installation I just need to go to System > Advanced > Miscellaneous and check "Use RAM Disks (x) Use memory file system for /tmp and /var" and that's all there is to it?
-
Hey kevindd992002!! No hijacking my thread. ;)
Robi, that's very helpful, but still not addressed is what to do with the Squid cache and assorted syslogs. Do I point those to a SATA HD, or would I let the RAM handle it?
kevindd992002, maybe I'm not understanding your question, but why not go with the full install serial version?
-
I didn't hijack your thread since we're on the same topic anyway :)
No no no, what I meant by my question was the "embedded kernel" custom kernel configuration DURING the installation. I did use the full memstick serial installer by the way.
I also want to know about the issue with squid cache.
-
I know this will help me.
http://wiki.squid-cache.org/SquidFaq/SquidMemory#how-much-ram
I can have up to 32GB of RAM to install on this SuperMicro server, and currently have 10 installed, so I've got quite a bit of room to play with. On prelim tests with putting squid cache on the HD, web page reloads were very slow.
Afterwards, to test if Squid cache is running properly, http://askubuntu.com/questions/323241/how-to-know-if-squid-proxy-is-doing-the-cache-correctly
Now, about whether or not to enable TRIM….http://www.wonkity.com/~wblock/docs/html/ssd.html
-
What RAM disk size did you set for /tmp and /var?
-
yes, but don't intend on caching much with squid,etc
would go 128-256gb ssd as they are dirt cheap
-
Thanks Messerschmidt. I ended up shelving the Sata-DOM (I'll keep it on hold for my current FreeNAS Sata-DOM installation as a backup), and instead purchased an Intel 535 Series SSD (120 GB). I've pointed all syslog-NG logs to my 500GB HD.
The more I dig into pfSense, the more I'm absolutely loving it - this coming from my previous firewall - a Cisco ASA 5510. Anyone want to buy it?
-
The more I dig into pfSense, the more I'm absolutely loving it - this coming from my previous firewall - a Cisco ASA 5510. Anyone want to buy it?
Haha, no. We're still running a failover pair of ASA 5510s but strictly in a VPN concentrator role. All firewall duties are strictly on pfSense now. Glad to hear you're loving pfSense.