From owner-freebsd-current@FreeBSD.ORG Sat Nov 3 12:14:23 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1B08C173 for ; Sat, 3 Nov 2012 12:14:23 +0000 (UTC) (envelope-from yerenkow@gmail.com) Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mx1.freebsd.org (Postfix) with ESMTP id CCFC98FC12 for ; Sat, 3 Nov 2012 12:14:22 +0000 (UTC) Received: by mail-oa0-f54.google.com with SMTP id n9so5575788oag.13 for ; Sat, 03 Nov 2012 05:14:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=J+AHDxwP+eWn1pUsXeQusgSZdMoV8lxpsKtNRHEYyHI=; b=nB6OGOQordWCg4heAAXmIQpyJDRZdSlvQMbmZSqVarsGaDPIK23OJueYUdUdyfpVkD rL0AVTit0xfffCc2TxPFst+6KQ+3IXdU3w2Mu7ry3zGFaN7rHBAeSs1SLySfas1LfkAi UIDkN7vPW9WSlZJRRHGmuGqTTYn6dRA1s+HlpO2PO339xVQRiFG5kqcNxF4c1CeACJxK WsBX3uufpR3cM/3T0ItAxTFgHuHiZZzQrDnKHXW9e40Ec6CP18i5QFvrt+ho9TVh3Gyt fwd7i+duAzTFrxSpQrXgcdM2GmQBuPiE8G7kyAb+tstT0zjSPK5rNGICWdGROvSeZc8t 4vhQ== MIME-Version: 1.0 Received: by 10.60.170.114 with SMTP id al18mr3718134oec.56.1351944861549; Sat, 03 Nov 2012 05:14:21 -0700 (PDT) Received: by 10.60.58.165 with HTTP; Sat, 3 Nov 2012 05:14:21 -0700 (PDT) Date: Sat, 3 Nov 2012 14:14:21 +0200 Message-ID: Subject: FreeBSD as read-only firmware From: Alexander Yerenkow To: freebsd-current Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Nov 2012 12:14:23 -0000 Hello all! Some time ago I got somewhere idea, that base OS should be RO - readonly. And should be updated easily (ACID) and with possibility of fast rollback. So, basically ideas was to have some RO root, with unionfs with other dirs. But then all machines was real (not virtualised), and predict some best layout of partitioning was hard. ZFS was nice, but it is not supported by unionfs (not fully IIRC). When I'm started working with virtual machines this idea is came back, and with help from Andriy Gapon, I made some progress. So, here I got some proof-of-concept, with FreeBSD in RO mode, and I want to share. Comments and thoughts appreciated! So, how to achieve RO FreeBSD? Firstly, you need create media with OS itself, and have it in .vmdk format (you can import it into any VM machine, and boot from it). My scripts doing install in memory-based md disk, dump it to flat file, creating from flat file .vmdk (ATA) by VBoxManage, and convert descriptor file, so VMware Esxi can import disk as SCSI (much faster than ATA). Here disks I have in VM: r24243.vmdk 750Mb #OS -- I did not tried to shrink it as possible, it could be much less if you want to. disk1.vmdk 2Gb # 128M = etcfs, 1.8Gb = localfs disk2.vmdk XXXGb # data here disk3.vmdk 8Gb #swap here's how look mount: /dev/gpt/r242434 on / (ufs, local, read-only) # r24243.vmdk devfs on /dev (devfs, local, multilabel) /dev/gpt/etcfs on /etc-rw (ufs, local, noatime) # disk1.vmdk :/etc-rw on /etc (unionfs, local) /dev/gpt/localfs on /usr/local (ufs, local, noatime) # disk1.vmdk /dev/md0 on /tmp (ufs, local) :/usr/local/usr-bin-rw on /usr/bin (unionfs, local) :/usr/local/root-rw on /root (unionfs, local) devfs on /usr/local/var-root/named/dev (devfs, local, multilabel) /dev/gpt/data on /usr/local/data (ufs, local) # disk2.vmdk Also, /var is symlinked to /usr/local/var-root. So, this setup shows how to upgrade OS = just replace r24243.vmdk with some REL10.vmdk or else rev. Also, /usr/local update possible - just setup all in some other machine, and bring new disk1.vmdk with fresh programs (Assuming all data is moved or symlinked to partition with data). The only caveat I got - is Perl (and probably some other programs) required to place some symlinks to /usr/bin <- so I had to create usr-bin-rw. Maybe there will be some other problems, but now I have production server set up in such way, working and not complainig :) So, this all raised such questions in my head - is it OK to have configs, scripts, data dirs, and default configs all messed in /etc ? :) I understand that this is how it historically happen, but have all partition in RW mode just to be able edit few files... Not want produce flamewar here, but this dir I think should be revised in some future. You can view my scripts here: https://github.com/yerenkow/freebsd-vm-image/tree/master/freebsd-firmware Thanks! -- Regards, Alexander Yerenkow