OpenBSD readonly root
Theory
In a lot of situations, you'll find yourself not wanting to check filesystems, thereby
facilitating hard power-downs with ~no data loss. I've come across this case a few times,
mostly in the end-user or volatile-power routing environments. Most often, I've done this
on Soekris net4801 devices.
We'll show an example of how to do it on a net4801, which is the same procedure for a net5501,
and we'll be using OpenBSD 4.6 for the example.
To perform such a magic trick, you need to do a bit more planning. It's not as easy to run some
services in a configuration like this, since they need areas to write to. Even worse is when they
need to write data that you actually want to keep. In this case, I like to avoid the RO root
scenario, because it adds some awkward complexity that involves a regular mount-writable/sync/remount-ro
cycle. In general though, most services you can get away with just providing them ramdisk scratch
space.
Practice
Installation
Perform a PXE-boot standard OpenBSD 4.6 i386 install, the following differences apply:
- Press ^P at the 5-second BIOS countdown, then "boot f0" to boot from the first ethernet port.
- Interrupt the loader after it gives you a prompt (type anything, it stops the counter).
- Type the following, in this order:
stty com0 19200 set tty com0 boot /bsd.rd
You should now be booting a kernel and be tossed into the OpenBSD installer.. look elsewhere
for instructions on how to properly setup PXE booting for OpenBSD, or maybe I'll document it
someday.
- When installing, you should partition your CF card with 1 giant / partition, and *no swap*
- It'll ask you later on if you want to change the console to com0, tell it yes and choose 19200 to match the soekris BIOS settings.
- Once installed, reboot into your installation and do basic post-install configuration, including setting up network interfaces, adding packages, configuring sudo, etc.. the idea is to have a fully installed system that just needs configuration.
Login and 'sudo ksh' if you haven't already: you'll need to perform a number of steps,
which I'll detail below.. another time ;)