Read Only (live) root possible?
-
Hi I'm using pfsense on a embedded device and I feel I have some trouble with the storage due to power issues. For that reason I wanted to ask if there is a way to run pfsense as read only (live) system with a custom config path on a removable storage device such as sd or usb stick in order to have a stable system in terms of filesystem issues and a easy to backup setup. Another thing is that I could lock the writing phisicaly on the storage device. Thank you
-
Hi,
Such a system was known as the 'nano' version of pfSense, what behaved somewhat as a close to rommable version of pfSense, probably with some RAM disk as a file system.
These do not exist any more.
Btw : RAM based file systems can get corrupt.USB key read write file system = a very bad idea ....
pfSense behaves as other PC and MAC's today : don't mess with the power, or amuse the consequences = bad file system.
Instead of making your setup less straight forward, what about :
Using a file system that is more resilient - choose the other one while installing pfSense, not the default one.
Use an UPS ...
Or stop pulling the plug ^^ -
For external storage a sdcard with read write switch would be another option... the fix for corruption would be a restart then i guess.. there is no power button on the device.... sadly
However, i dont know how to fix the problem otherwise... pfsense is a beauty but needs right hardware to work properly i think.. no reason to mess around.. -
@o51 said in Read Only (live) root possible?:
there is no power button on the device.... sadly
edit : And I'm very happy about that !
Just imagine what could happen if it existed.
If it was needed, it would exist on their own appliances. Guess what, it doesn't.A 'cut' the power button ? Like the power cable ?
Or do you mean a "suspend to disk - sleep mode button" ?
On our PC's, the button has a dual function, the hard power down (keeping pressed more then 4 seconds) is actually never used.
The suspend to sleep mode has to be build in the OS, and the hardware has to support it.
And unlike a PC, a wake up from sleep will break all TCP connections, all firewall states have to be deleted, etc etc as the existing TCP/IP is build on a always on idea. Or a admin controlled shut down.Also, a router is like a printer, NAS, switch etc : you nearly never power them down.
Btw : check for yourself : your PC device with a typical Windows 10 / MAC OS : start it up 10 times. Pull the power plug 10 times.
I bet you never make it to 10 : it won't boot any more. Chances are you need to re install Windows to have it up fast. Or you'll be good for some nice extreme low level sector inspect and repairs on bit level. -
yeah thats the point, im using a sbc, it has no power switch, the only way to power it down without software access is to remove the power by unpluging the cable... Maybee i could add a power switch... But yeah, its crashing sometimes when i try some settings, thats the reason why i have to unplug the power, and after that it gets even worse..
-
@o51 @Gertjan Comparing pfsense, which is a networking solution, to Windows or MacOS is not correct. I built for the last 30 years networking devices using Linux as the base OS and they always restarted regardless of how bad the previous shutdown was (unless a real hardware failure occurred). And that is what the expectation should be; a network device (and for that matter any embedded device) are expected to survive any soft failure (including cutting the power cord abruptly) including during upgrade.
I have 10 or more VMs here. And also various physical servers. After a bad power outage they all went back online, as they should, except for the 4 pfsense VM that I use as routers. The 4 of them died in the same fashion; filesystem corruption. Luckily, I was able to retrieve the latest config.xml and redo the 4 installations from scratch. Not fun, I lost 1/2 day. And not expected for something like pfsense.
The only way to make device, like routers, resilient is to have the main filesystem read-only (like squashfs or equivalent), get everything that is disposable (log, etc.) into a ram disk or alternate read-write filesystem (which would be reconstructed at boot time if necessary) and everything that you must not lose in yet another filesystem and have multiple copies. Overlays file system make all this painless. The beauty with pfsense is that everything is in 1 file. Super easy. (I presume there is a fail save mechanism when writing the XML file).
IIUC, nano was not exactly that but it is a pity that it was cancelled rather than evolved toward a real networking resilient software stack.
