Re: Protecting the system
- From: Gordon Henderson <gordon+usenet@xxxxxxxxxx>
- Date: Tue, 1 Jan 2008 12:02:51 +0000 (UTC)
In article <20071231211713.78fd7b51@xxxxxxxxx>,
Folderol <folderol@xxxxxxxxx> wrote:
On Mon, 31 Dec 2007 19:58:05 +0000
Darren Salt <news@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks for such a quick reply.
I demand that Folderol may or may not have written...
[snip]
The main problem is that I can absolutely guarantee that the system will
be quite frequently just switched off at the supply while running.
Two notices, one "press briefly to shut down" pointing at the power button,
one "use the computer's power button to shut down properly" at the plug? And
have a cluebat handy :-)
I think that you want to make it easy to shut down from the power button
(requires acpid) and very awkward (at least, normally so) to switch off at
the plug or, if it has a switch, the PSU. And make sure that the BIOS's
power-off setting is _not_ "instant off"...
Unfortunately this is not an option. In the first place, for HSE
compliance there must be an easily accessible means of quickly
removing *all* power to the machinery. This is usually necessary when
the machine crashes (much more 'interesting' than a software crash).
I've worked in such an environment - many years ago - I was doing
"robotics" and factory automation and stuff. The big CNC machines were
good in that the newer ones all had non-volatile memory (bubble IIRC)
and the older ones were so dumb, they just read of punched tape...
And more recently I've developed a small number of "appliances" which
boot off linux off flash and run from RAM, and the issue of how to
"remember" various updates was foremost on my mind too..
One box - an Asterisk PBX system has 2 main "lumps" of data to store -
one is the voicemail - I consider this to be stored on a "reasonable
effort" basis. I chose ext2 rather than 3 and arranged a forced fsck
(should it need it) at boot time - the reason at the time was to
minimise writes to the flash device which ext3 would be constantly doing
(I've since found out how to minimise this with ext3 though, so it may
not be the problem I first thought it was)
The other thing I need to store is the system configuration files -
these are a small number of small text files, so I chose to 'tar' them
into an empty partition on the flash device. This is restored very early
in the boot sequence, so holds things like the IP address and so on.
There is still the issue of power failure during the actual 'tar' write
when it stores the updated data and there are techniques to overcome even
this (2nd partition, marking it 'clean', swapping to the 'clean'/active
one, etc.)
But where do you draw the line?
There is only one configuration text file that is saved (quite frequently)
and it wouldn't be a disaster if this became corrupted and was dropped back
to default settings. However, how can I protect against corruption of other
parts of the system, and less important, avoid a long slow disc check next
time the machine is rebooted.
Use journalled file systems. I'd go straight for ext3 (except, perhaps, for
very small partitions which it takes only a few seconds to check even with
ext2).
Hmmm. I was thinking of using ext3 anyway. It looks pretty mature and
well supported.
If you've got a real hard-drive in the system then you'll probably be
OK. When I was developing my appliances, I looked at other devices - the
Nokia 770 uses JFS (IBM's journalling filesystem), and I considered that
rather than ext2/3. I've also experience of XFS in other settings (multi
TB filestores), but wasn't happy enough with it for an "embedded"
system, so stuck with ext2/3 for the "live" side of things.
I'd like to know how things like the "Slug" and so (domestic ADSL
routers, etc.) on store their configurations, but have never had the
time to look closely. I suspect for most consumer devices, there is just
an area of non volatile RAM of some kind where they store byte values
and hope it doesn't get corrupted... (cf. PC BIOSes)
There's not much that you can do about deferred writes short of making the
flush to disk happen sooner (/proc/sys/vm/dirty_writeback_centisecs,
/proc/sys/vm/dirty_expire_centisecs), but if the power switch takes
sufficiently long to get to, this won't really matter.
[snip]
Would a 'sync' after each write take care of this?
fsync(2) on the file-handle before closing the file - but beware that
some disk devices return "written" when they really haven't. There were
some tests a while back about this. See the man page and do some
googling...
Once started, the program takes over the whole machine but uses X GUI.
If I disable logging, and shutdown almost all services, could I be
reasonably confident the OS won't be writing anything to disc once the
system is up and running?
Must-haves are: display, mouse, keyboard, usb, RS232.
How about running it entirely in RAM?
You need to build an initrd.gz of exactly what you need, then arrange a
mechanism to overwrite a few config files at boot-time...
Good luck!
Gordon
(And a Happy New year!)
.
- Follow-Ups:
- Re: Protecting the system
- From: Nix
- Re: Protecting the system
- Prev by Date: Re: Protecting the system
- Next by Date: Re: Protecting the system
- Previous by thread: Re: Protecting the system
- Next by thread: Re: Protecting the system
- Index(es):
Relevant Pages
|
