How to powerfail-proof an appliance?
-
I manage a handful of appliances (mostly SG-1000, but there's an 1100 and a 2100 in there), which are all set up to OpenVPN back to home base (currently a non-Netgate box running pfsense CE). Some are fixed-location, but two are for construction job trailers (so, fixed for a few months at a time), and one is dedicated for a "Mobile Office Kit" for users to take home for a day or two and maintain an office phone line. It is not an option, in general, for the people who interact with these routers to do anything too technically savvy (so, for example, giving them credentials to the router or a console cable are both out).
The problem is how to get the users to properly shut down the appliances before they just unplug the whole lot and deliver it to my office in a box. I could probably tell them something like "push this button on the box, wait til the light goes out", but the problem is there are no buttons!
So far, I've actually had luck with this model - absolutely no detectable corruption on any of the appliances. My concern is that this isn't guaranteed-safe, and certainly I have seen problems from power failure on the main box here before I got the UPS set up properly.
Ideally, I'd like to set them up so that unplugging them live is "OK" - i.e. I'm alright losing logs, caches, DHCP leases, whatever - just as long as when they plug it back in, the config, services, etc. all load correctly.
Searching for this concept gives a lot of questions, but largely just the following three answers:
- Setup a UPS. They've certainly saved my ass before, but they do not protect from humans unplugging things.
- Setup on ZFS instead of UFS. Makes sense to me, but it's unclear whether this is even a good idea on the eMMC on these devices - and those SG-1000's are not exactly racecars as-is, I hate to think about the extra ram usage. Also, how do I even do this with Plus/Factory Edition?
- Setup Ram Disks. Correct me if I'm wrong, but this seems to only affect /tmp and /var, and does not RO the rest of the filesystem, thus leaving the device unsafe.
So, is there another option? In particular, is it possible to make the whole filesystem RO except to commit config changes manually, with RAM disks to fill in the gaps (kinda like OpenWRT does)?
-
@mkernalcon said in How to powerfail-proof an appliance?:
So, is there another option? In particular, is it possible to make the whole filesystem RO except to commit config changes manually, with RAM disks to fill in the gaps (kinda like OpenWRT does)?
Still, the config has to be saved to the 'real' disk - not in RAM.
What about creating a user with GUI access, that can only visit the shutdown 'halt' GUI page ?
-
@gertjan I hardly do config changes, is the thing. If I had to (and for regular updates), I'm alright manually remounting the storage to RW so that the changes will save. This is similar to a little display integration I put together with a Raspberry Pi, where if I have to tweak the code or anything, I need to remount the root fs, but I'm able to forcefully shut this thing down every night with a mechanical outlet timer and know it will come back up tomorrow.
That GUI user is something I'd like to avoid (that's way too many steps when someone is in "tear the cables out and leave" mode), but I will keep it in the back of my mind as an option.
-
@mkernalcon said in How to powerfail-proof an appliance?:
"tear the cables out and leave"
Most electrical devices on planet earth can be handled like that. No problem here.
Devices that have a live "file system" on a spinning disk, or even SSD, are not part of that group.I do presume that these users use a PC with Windows 10, and they do click :
Windows Start menu, => Shutdown => Confirm.
Or they also ripe out the power and hit the road ? ;)pfSense has no screaan, dosn't look like a dsktop PC or portable, but is the same as your PC, with a big real time OS etc.
-
@gertjan said in How to powerfail-proof an appliance?:
I do presume that these users use a PC with Windows 10, and they do click :
Windows Start menu, => Shutdown => Confirm.
Or they also ripe out the power and hit the road ? ;)Heh, funny that you mention that. Most of them have laptops, and it's unplug usb-c->close lid->go. The guys in the office with desktops it's just stand up->go (largely don't even lock their screens). Only about two of my users are in the habit of shutting down a computer... ever :P .
pfSense has no screaan, dosn't look like a dsktop PC or portable, but is the same as your PC, with a big real time OS etc.
I certainly understand this, but convincing users (especially ones with hardhats) isn't exactly trivial! Especially when, if they do have experience with a router, it's the little home-gamer linksys/netgear crap that specifically is fine with pulling the plug.
I'm really surprised this isn't a more requested feature, especially for the sub-$200 appliances. These are great little kits to send home with unskilled people, except for this.
-
@mkernalcon Got me thinking about security and the need for user training (users, the least secure part of any network), could they call you, say "leaving the site" and you say "wait 45 seconds" and remotely shut the device down?
Is that too much to ask of them?
-
@mkernalcon said in How to powerfail-proof an appliance?:
I'm really surprised this isn't a more requested feature, especially for the sub-$200 appliances. These are great little kits to send home with unskilled people, except for this.
Track back the past of pfSense.
People wanted more, the market was there.
See what m0n0wall - is was close to romable : like a "linksys" router with RAM and a "disk" (file system) as a ramdrive. But it ran on a PC like device, had a real trusted OS without the 32 Mbytes space limit.
These days, huge packages (extensions) exist. But it comes with a price : its not that device anymore that you can treat as a light bulb (pull the plug). pfSense doesn't look like a full fledged PC, but is like one. Its even more : you double it. (HA) and you fed it with UPS's. It should be handled like a 'server' (with the 3M scotched on it : do not shut me down').
I understand that a SG1100 doesn't match this description, but that's Netgate's fault : they managed to scram a "big" thing in the size of a packet of cigarettes.
Nice, but wrong.pfSense should be taken care of as a device that looks like this.
Even the guy with the metal head would understand that.
