Re: Long life on SSD in a firewall environment

Tue, 21 Jun 2016 06:56:52 -0700 

On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov <p...@incedo.org> wrote:
> Does anyone know if there exist any list of recommendations about how to
make
> an SSD disk to live as long as possible when using it for firewall purpose
on
> OpenBSD?

I don't know of a list, aside from what you find in this thread and similar
threads on this list from the past.

My own first recommendation is not to worry about it.

My second recommendation is: if you must worry about it, change as little
as possible.  you don't want to make updates difficult due to excessive
customization.

I am running OpenBSD 5.9 on an Internet-facing router, on Soekris hardware
with
4GB mSATA SSD storage.  My only concern about SSD durability relates to
/var/log and the potential for Internet traffic to cause constant writes
there.
So I have made minimal changes to guard against that:

DO NOT MAKE THESE CHANGES ON YOUR OWN SYSTEM UNLESS
YOU UNDERSTAND WHAT THEY DO.

1. when installing OpenBSD, put /var/log on its own 128MB partition.

2. after your first boot, convert /var/log to use MFS:
    mkdir -p /mfs/log
    cd /etc
    mv fstab fstab~
    sed -e's|/var/log|/mfs/log|' <fstab~ >fstab
    cat >>fstab
    swap /var/log mfs rw,nodev,nosuid,-s=128M,-P=/mfs/log 0 0
    ^D

3. reboot so that the above /etc/fstab changes take effect.

4. configure rsync to periodically checkpoint /var/log to /mfs/log:
    pkg_add rsync
    crontab -e
    (add the following lines)
    #
    # checkpoint log files
    10    */4    *    *    *    /usr/local/bin/rsync -ayH
--delete-after /var/log/ /mfs/log

5. also save /var/log to /mfs/log on shutdown:
    cat >>/etc/rc.shutdown
    /usr/local/bin/rsync -ayH --delete-after /var/log/ /mfs/log
    ^D

I sync /var/log to /mfs/log only every 4 hours because I have reliable power.
If you have unreliable power (or unreliable hardware) or your firewall
crashes
or reboots for unknown reasons you may want to sync more often.  Actually
in that case you probably shouldn't use an MFS /var/log at all.

When I first did this it was more than 2 years ago.  Today SSD storage has
improved enough that this shouldn't be needed (see my first recommendation
above not to worry about it).

-ken

Reply via email to