Martin Marcher wrote:
>...
> What I'm looking for are starting points to read about what to do when
> RO mounting the root fs (and all other parts) especially on CF-media.
I did this recently, in December and January, and can point out what I
found. More experienced or expert users will be able to say what the
better options are.
Since the smallest CF I could get was 1GB, I split it into two, to have
one for the root tree and another partition for reserve copies in case
experiments don't work. The whole system, including extras, is about
202 MB. I chose to do any compilation on another machine and therefore
left out comp, the man pages (for me) are as essential as the kernel so
I've kept them. I can't remember why I kept misc.
[X] bsd
[X] bsd.rd
[ ] bsd.mp
[X] base42.tgz
[X] etc42.tgz
[X] misc42.tgz
[ ] comp42.tgz
[X] man42.tgz
[ ] game42.tgz
[ ] xbase42.tgz
[ ] xetc42.tgz
[ ] xshare42.tgz
[ ] xfont42.tgz
[ ] xserv42.tgz
I chose to have /tmp, /var, and /dev in memory and put the rest of the
normal system into one partition. /home is a symlink to /var/home/,
/root is a symlink to /var/root, /data is a separate partition for spare
material and short term backup. No swap partition was used.
Templates for /dev and /var are kept in /dev.base and /var.base,
respectively. There are probably better naming conventions.
mfs loads into RAM and then mounts the RAM versions.
Here is what I have in /etc/fstab (wrapped text) to do that:
/dev/wd0a / ffs ro 1 1
/dev/wd0d /data ffs rw,nodev,nosuid 1 2
# populate /var with data from CF, then mount in RAM
swap /var mfs -P/var.base,-s160000,noexec,async,nosuid, \
nodev,noatime,rw 0 0
# mount /tmp in memory
swap /tmp mfs noexec,async,nosuid,nodev,noatime,rw, \
-b4096,-i1024,-s15000,-m0 0 0
# mount /dev in memory
swap /dev mfs rw,-P=/dev.base,-s=3000,-i=1024 0 0
When you make changes, mount -o rw /, then make the changes then sync.
I have also used config(8) to tune the GENERIC kernel somewhat. Just
what I chose, I cannot recall, but when it is time to look at that
again, I will try removing unneeded devices.
Here is what I chose to have in /etc/boot.conf, the re-configured kernel
is called /nbsd:
stty com0 19200
set tty com0
#set image /bsd
set image /nbsd
To use cu, kermit or tip for serial console, you must be a member of the
group dialer.
I'm going to assume you have already set up a way to do the
installation. I chose to use PXE boot. Now that I seem to be swimming
in USB devices and media, I will probably try using those next time
instead. Having PXE boot available is an advantage later if you want to
set run live CDs or thin clients.
For the logging, I've chosen not to worry about it yet. When the
machine powers down, the logs are lost. Maybe you could set up
something in /etc/rc.shutdown to rsync to a non-volatile partition.
An external log server is another option. I've had log servers in the
past, but will postpone that till I can experiment more with IPv6.
There was a good IPv4 summary of logging on BSDTalk in January:
http://bsdtalk.blogspot.com/2008/01/bsdtalk138-central-syslog.html
http://cisx1.uma.maine.edu/~wbackman/bsdtalk/bsdtalk138.ogg
There is apparently a risk that the log partition on the log server can
get filled by anyone who wants to do so.
YMMV,
-Lars
