[Voyage-linux] Shorewall Read Only /var/lib/shorewall/ problem

n schembr (spam-protected)
Tue Mar 18 05:46:03 HKT 2008 

Yes, aufs work great.  I have a default hardy 8.4 installation on a usb-flash/sdhc drive.  I've used it with two different laptops. Note: ubuntu 8.4 is in alpha and updated daily.

I'm sure if you add aufs to the voyage build this script will work.


#! /bin/sh
#  Copyright 2008 Nicholas A. Schembri State College PA USA
#
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see
#    <http://www.gnu.org/licenses/>.

# Thank you Voyage Linux for the idea, http://voyage.hk/ Great job on release 0.5

case $1 in
prereqs)
    exit 0
    ;;
esac

export aufs

for x in $(cat /proc/cmdline); do 
    case $x in 
    root=*)
        ROOTNAME=${x#root=}
        ;;
    aufs=*)
        aufs=${x#aufs=}
        case $aufs in
        tmpfs-debug)
            aufs=tmpfs
            aufsdebug=1
            ;;
        esac    
        ;;
    esac
done


if [ "$aufs" != "tmpfs" ]; then
    #not set in boot loader 
    #I'm not loved. good bye
    exit 0
fi




# This is a simple overview of the steps needed to use aufs on the root file system and see the /rw and /ro  branchs.
# initramfs init-botton script 
# move the root file system to aufs/unionfs readonly /ro
# root is mounted on ${rootmnt}
# create tmpfs on /rw
# create a aufs using /ro and /rw
# put some files on the tmpfs to fix mtab and fstab 
# move aufs to rootmnt to finish the init process.
# No changes to the root file system are made by this script.
#
#  Why!
#  This will allow you to use a usb flash drive and control what is written to the drive.
#  no need to rebuild the squashfs file just to add a program. 
#  boot to single user mode.  The system works the way you expect. boot aufs and no changes are written to the flash.
#  I want it for my eeePC.  

# Install 
# Install ubuntu 8.4 Hardy. Hardy has aufs installed by default
# apt-get update
# apt-get dist-upgrade
# apt-get aufs-tools
# echo aufs >> /etc/initramfs-tools/modules
# put this file in /etc/initramfs/script/init-bottom/rootaufs
# chmod 0755 rootaufs
# update-initramfs -u
# vi /boot/grub/menu.list
# add aufs=tmpfs to the default entry. 
# do not add this line to single user mode.
# boot to single user mode in order to install software. 
# note: if your home account is on the root file system, your files are in ram and not saved.
# 


echo 
echo         aufs setup on ${rootmnt}
echo 

modprobe -Qb aufs
if [ $? -ne 0 ]; then
    echo    root-aufs error:      Failed to load aufs.ko
    exit 0
fi

#make the mount points on the init root file system
mkdir /aufs
mkdir /rw
mkdir /ro

# mount the temp file system and move real root out of the way
mount -t tmpfs aufs-tmpfs /rw
mount --move ${rootmnt} /ro 
if [ $? -ne 0 ]; then
    echo    root-aufs error:     ${rootmnt}  failed to move to /ro
    exit 0
fi


mount -t aufs -o dirs=/rw:/ro=ro aufs /aufs
if [ $? -ne 0 ]; then
    echo    root-aufs error:      Failed to mount /aufs files system
    exit 0
fi


#test for mount points on aufs file system
[  -d /aufs/ro ] || mkdir /aufs/ro
[  -d /aufs/rw ] || mkdir /aufs/rw

# the real root file system is hidden on /ro of the init file system.  move it to /ro 
mount --move /ro /aufs/ro
if [ $? -ne 0 ]; then
    echo    root-aufs error:      Failed to move /ro /aufs/ro 
    exit 0
fi

# tmpfs file system is hidden on /rw
mount --move /rw /aufs/rw
if [ $? -ne 0 ]; then
    echo    root-aufs error:      Failed to move /rw /aufs/rw 
    exit 0
fi

# this is not on the real file system.  This is created on the tempfs each time the system boots.
# fix fstab
# remove the root file system and swap.  The init process will try to mount the root filesystem listed in fstab. 
# we need to have it mounted on /ro not on /
cat /aufs/ro/etc/fstab|sed s/$ROOTNAME/\#$ROOTNAME/ |sed s/$resume/\#$resume/ >/aufs/etc/fstab  



# add the read only file system to fstab
#ROOTTYPE=$(/lib/udev/vol_id -t ${ROOT})
ROOTTYPE=$(cat /proc/mounts|grep ${ROOT}|cut -d' ' -f3)
ROOTOPTIONS=$(cat /proc/mounts|grep ${ROOT}|cut -d' ' -f4)
echo ${ROOT} /ro $ROOTTYPE $ROOTOPTIONS 0 0 >>/aufs/etc/fstab


# S22mount on debian systems is not mounting  /ro correctly after boot
# add to rc.local to correct what you see from df
#replace last case of exit with #exit
cat /aufs/ro/etc/rc.local|sed 's/\(.*\)exit/\1\#exit/' >/aufs/etc/rc.local  
echo mount -f  /ro >>/aufs/etc/rc.local 

# add back the root file system. mtab seems to be created by one of the init proceses. 
echo "echo aufs / aufs rw,xino=/rw/.aufs.xino,br:/rw=rw:/ro=ro 0 0 >>/etc/mtab" >>/aufs/etc/rc.local
echo "echo aufs-tmpfs /rw tmpfs rw 0 0 >>/etc/mtab" >>/aufs/etc/rc.local 
echo exit 0 >>/aufs/etc/rc.local 


#build remountrw
echo \#!/bin/sh >/aufs/bin/remountrw
echo mount -o remount,rw ${ROOT} >>/aufs/bin/remountrw
chmod 0700 /aufs/bin/remountrw

#build remountro
echo \#!/bin/sh >/aufs/bin/remountro
echo mount -o remount,ro ${ROOT} >>/aufs/bin/remountro
chmod 0700 /aufs/bin/remountro

# This should drop to a shell. (rewrite)
if [ "$aufsdebug" -eq 1 ]; then
    echo    root-aufs debug:     mount --move /aufs /root
        exit 0
fi
mount --move /aufs /root

exit 0  




----- Original Message ----
From: Kim-man 'Punky' Tse <punkytse at punknix.com>
To: Wayne Lee <wayne.lee at link-connect.com>
Cc: voyage-linux at voyage.hk
Sent: Wednesday, March 12, 2008 9:12:53 AM
Subject: Re: [Voyage-linux] Shorewall Read Only /var/lib/shorewall/ problem

Hi all,

There was some discussion.  I was now thinking to use unionfs/aufs to 
hold all modified files to a copy-on-write (/cow) directory, then have a 
manally script that sync cow back to flash disk.  Is it possible and are 
there any recipe for this?

Regards,
Punky


Wayne Lee wrote:
>
> Chris
>
>  
>
> I also noticed when using shorewall it did slow down the throughput of 
> the data.
>
>  
>
> I can get double the amount without shorewall, the test was done on a 
> old version of shorewall and voyage and I have not retested recently.
>
>  
>
>  
>
>  
>
>  
>
>  
>
> *From:* voyage-linux-bounces+wayne.lee=link-connect.com at list.voyage.hk 
> [mailto:voyage-linux-bounces+wayne.lee=link-connect.com at list.voyage.hk] 
> *On Behalf Of *Chris Morley
> *Sent:* 12 March 2008 12:50
> *To:* voyage-linux at voyage.hk
> *Subject:* [Voyage-linux] Shorewall Read Only /var/lib/shorewall/ problem
>
>  
>
> Hi,
>  
> I am trying to get shorewall running and whilst it installs from 
> apt-get fine, i am having issues with the Read only file system. 
> Shorewall seems to write the compiled scripts into /var/lib/shorewall. 
> When i run remountrw there is no problem, however with remountro 
> hitting 'shorewall start' in the shell gives a whole raft of errors:
>
> Compiling...
> /usr/share/shorewall/functions: line 1704: 
> /var/lib/shorewall/.modulesdir: Read-only file system
> cp: cannot remove `/var/lib/shorewall/.modules': Read-only file system
>
> [..snip..]
>
> /var/lib/shorewall/.start: line 1046: /var/lib/shorewall/chains: 
> Read-only file system
> /var/lib/shorewall/.start: line 1048: /var/lib/shorewall/nat: 
> Read-only file system
> /var/lib/shorewall/.start: line 1050: /var/lib/shorewall/proxyarp: 
> Read-only file system
> /var/lib/shorewall/.start: line 1052: /var/lib/shorewall/zones: 
> Read-only file system
> /var/lib/shorewall/.start: line 1065: /var/lib/shorewall/restarted: 
> Read-only file system
> Processing /etc/shorewall/start ...
> /usr/share/shorewall/functions: line 2368: /var/lib/shorewall/state: 
> Read-only file system
> Processing /etc/shorewall/started ...
> cp: cannot remove `/var/lib/shorewall/.restore': Read-only file system
> done.
>  
> Is there any way that this /var/lib/shorewall/ directory can be made 
> rw? Or perhaps even plain old ramdisk is ok, but consist of a default 
> set of files upon boot? Would appreciate insights if the two options 
> above are possible.
>  
> The other option is for me to change the init.d/shorewall scripts to 
> remountrw and remountro around the start and stop parts, but i would 
> prefer the solution above and it would also help me learn about voyage 
> linux which rocks :)
>  
> Many thanks in advance,
>  
> Chris
>
> ------------------------------------------------------------------------
>
> Everything in one place. All new Windows Live! 
> <http://www.windowslive.co.uk/get-live>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Voyage-linux mailing list
> Voyage-linux at list.voyage.hk
> http://list.voyage.hk/mailman/listinfo/voyage-linux
>   


_______________________________________________
Voyage-linux mailing list
Voyage-linux at list.voyage.hk
http://list.voyage.hk/mailman/listinfo/voyage-linux

More information about the Voyage-linux mailing list