Cf partition stuck in read-only

phil.davis

On a system remote from me, it starts up but "/cf" is stuck in read-only. Whenever I try to change any config from the GUI I get messages about it being unable to write to config.xml.
From Diagnostics:Execute Command I can "mount -rw /" and that works fine. But "mount -rw /cf" gives:

$ mount -rw /cf
mount: /dev/ufs/cf : Device busy

Mounts now looks like:

$ mount
/dev/ufs/pfsense0 on / (ufs, local, noatime, synchronous)
devfs on /dev (devfs, local)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
/dev/ufs/cf on /cf (ufs, local, noatime, read-only, synchronous)
devfs on /var/dhcpd/dev (devfs, local)

fsck gives:

$ fsck /cf
** /dev/ufs/cf (NO WRITE)
** Last Mounted on /cf
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
13 files, 389 used, 100666 free (26 frags, 12580 blocks, 0.0% fragmentation)

I don't have a serial cable remotely. SSH is not yet enabled, and it won't turn on from the GUI because of the error writing any changes to config.xml.
The system is an Alix 2D3 running:
2.1-DEVELOPMENT (i386)
built on Mon Apr 2 18:51:21 EDT 2012
FreeBSD 8.3-RC2

I can write to "/" OK - I made a file "/root/zzz.txt" from the GUI without a problem.
To save myself a long trip to the site in question, I am hoping that someone can give me some idea of how I might get "/cf" to mount rw.
Upgrades may work, since it should be able to install new scripts etc onto "/".
Maybe I should try to upgrade to the latest build?
and maybe an attempted upgrade will fail half-way and leave a real mess?
Any opinions before I do something rash?
Thanks

phil.davis

I did a "umount -f /cf" - that got it out of read-only mode! Interestingly, after that it asked me to login again (I guess the webConfigurator had no access to a config file any more to validate the account). After trying my password a few times without success, I tried "admin/pfsense" - it let me in and started the setup wizard. I guess that is a "feature" - if config.xml is not available then, from a security point of view, should the system fall-back to the default username and password? In this case it was quite handy - let me get in and then do a "mount /cf" and then my config.xml was available again. But I did get in and could take a copy of the config, make any changes to the system etc using just the default password. I guess anyone else on the LAN could also have done that. Anyway, now I have been able to enable SSH, fixup the OpenVPN settings and get things happening.

For some reason, this system is starting some Squid processes, but Squid is not mentioned in the list of installed packages. So somehow Squid has been deinstalled as far as the webGUI is concerned, but is not gone completely. Who knows what else might have happened.

Remote access to this system is still flakey - I think it's going to be easier to make a new CF card, put it in and set it up.

stephenw10

@phil.davis:

I guess anyone else on the LAN could also have done that.

Yes, but only after they had force unmounted the config slice which you presumably had to SSH in to do.

Steve

phil.davis

I did the force unmount from the GUI page that lets me do commands. I couldn't get in with SSH because SSH had not been enabled yet, and I couldn't enable it from the GUI because the config was stuck in readonly! But yes, I had to use the real password to first login to the GUI to force unmount "/cf", then after that I was back to the default password for a short time until I worked out what to do next.

phil.davis

The system was sent to me today. After bootup, when trying to change some config settings from the GUI, the following appeared on the console:

unknown: TIMEOUT - WRITE retrying (1 retry left) LBA=1762727
ata0: timeout waiting to issue command
ata0: error issuing WRITE command

Looks like some nasty hardware problem with the CF card. I have flashed a new CF card, booted, restored the config. It has run without error for a while. Now I'll see what happens when it arrives back at its normal home tomorrow.
So this one was nothing to do with 2.1 or software.