On 03/31/16 03:55, Yann Hamon wrote: > Hi, > > I've been working for some time on a project to manage my router@home, > I'm sharing it here in the hope that it will be useful to someone else. > > Here it is: https://github.com/yannh/openbsd_immutable_router > > It contains a set of configuration scripts for Packer and Ansible that > make it easy to generate a disk image, that you can then copy to a USB > stick to boot from. > > To minimize writes to the USB stick,
once again, I (and many others) will ask, "Why?" > the root partition is mounted > read-only, and all folders that require writes are mounted as MFS. My home FW systems have been running on the same USB sticks for quite some time, one for a few years, the other probably at least a couple years. On the cheapest junk USB sticks I could find. FWs don't write much. And when they do, you might just want to see what they have to say. IF you are worried about reliability, put a second USB flash device in place, use "ROOTBACKUP" (man daily) and dd over the other partitions once a week (note: this is a place where DUIDs are not always your friend). (I tried softraid on the USB devices, it definitely worked, but the writes were SOOOO SLOOOOW I really didn't like it.) ... > This workflow allows me to regenerate an image, or do a system upgrade, > in about 20 minutes - packer build -var-file=config.json openbsd.json, > dd if=output-qemu/openbsd of=/dev/sdb, reboot. I procrastinate less when > doing my upgrades now :) Again, I'm not seeing a benefit here. 20 minutes? Ok, I'll admit I don't install x*tgz or comp*tgz on my USB flash based firewalls (for speed reasons only), but my upgrade times just doing things normally are less than that...and with only a couple minutes of downtime where packets don't get through. Nick.
