Disk crash and disk partitioning - questions and suggestion

kaarposoft · Feb 28, 2010, 9:41 AM

Dear all,

I have installed pfSense (2010.02.17-2217) on a Soekris net5501.
This is an embedded device; I do not cleanly "shutdown" by software/ACPI, but just kill power to shut it off.
After 5 or 10 power-off/power-on cycles, the box fails to boot since the file system has become corrupted.
Although FreeBSD seems to be able to "restore" the file system, most files on the boot partition are missing.

Obviously /tmp and /var are file systems pfSense should write to during normal operation, and if they are corrupt, pfSense should be able to boot anyway.
And /cf is written to as well when using the GUI; if it is corrupt it should be possible to upload a backup config using the GUI.
However, it seems that pfSense writes to several files which are by default on the root file system, such as:

/etc/dnscache/
/usr/local/arpwatch
/usr/local/lib/php.ini
/usr/local/etc

This leads me to two questions and a suggestion.

Question 1:
Is it advisable to keep the default partitioning suggested by pfSense, or would it be better to partition the FreeBSD slice differently?

Question 2:
Is there any (FreeBSD) filesystem tunable parameters that should be tweaked to make the pfSense box more resilent to disk corruption?

Suggestion:
I would suggest to modify pfSense and packages so that they only write in /tmp and /var, plus /cf (and possibly /etc) for the GUI.
Then /tmp, /var, /cf, and /etc could be put on (separate) writeable partitions, and / (and possibly a separate /usr and /root) could be mounted read-only.

/Henrik

wallabybob · Feb 28, 2010, 11:59 AM

Suggestion: Use the nanobsd builds which are intended for use in environments where writing to the hard disk is to be minimised. In particular, the nanobsd builds take pains to have all the filesystems mounted readonly with writes enabled only when necessary.

kaarposoft · Feb 28, 2010, 9:51 PM

Hi wallabybob,

I have been wondering about NanoBSD…
However, I have no CF card and no CF card writer.
And since I have a SSD harddisk, I certainly don't want to purchase an extra CF.

That being said, no suggestion should go untried, so I have tried to dd the pfSense nanoBSD image to my SSD.

I shall revert with my experiences....

/Henrik

EddieA · Mar 1, 2010, 4:18 PM

@kaarposoft:

However, I have no CF card and no CF card writer.
And since I have a SSD harddisk

When the nano image is restored to a CF card, it looks just like a "normal" disk, to the OS, so restoring it to your SSD shouldn't cause any issues.

Cheers.

kaarposoft · Mar 2, 2010, 6:57 PM

As I said, no suggestion should go untried, so I dd'ed the pfSense nanoBSD image to my SSD.
And basically it works fine!

However, even if the / filesystem is mounted read-only (RO), it seems to be mounted read-write (RW) every now and then.
I notice a lot of calls to conf_mount_rw() in /usr/local/www

I guess this works nice with a CF card: In general RO, but when needed RW.
But the root filesystem is thus not truly RO.

So in "my" case it does not work as needed…

I might play around a bit and try to mount /etc from a different partion etc...