NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: simplest media to run NetBSD

On Sat, Apr 13, 2013 at 10:09:19AM -0400, Darrel wrote:
> I have a specific goal and am seeking opinions.  The goal is to
> make small, readily-reproducible read-only routing devices.  The
> device will serve either as a gateway or bridge with main functions
> such as filtering traffic, vpn, potential to graph traffic and the
> like.

> cd-rom is familiar yet some folks are using usb sticks and perhaps
> even other media that I have not considered yet.

I'm doing something similar here (albeit with a different goal)
with read-only thin client images.  Don't use CD-ROM but have used
variously USB flash drives, CompactFlash and disk on modules
(essentially tiny SSDs).  One thing I'll say straight away is that
you do want something read-write at least for development and
probably even for production even if the ultimate aim is for
read-only operation - the ability to remount the root read-write,
make some changes and reboot is essential.

I begun with essentially a regular install onto a USB drive - it
wasn't even read-only to begin with - and got the normal site- and
system- dependent stuff out of the way - network, NIS and Kerberos,
packages etc - as you would for any other system.

From memory the additional steps to go read-only are:

Sort out an MFS /var and symlink /tmp to /var/tmp.  /var does need
to be populated at start up which I do from a tarball in an rc.d
script.  The contents are from the existing /var but I trimmed out
the packages stuff - /var/db/pkg and /var/db/pkg.refcount - since
it gets quite large quite quickly and isn't needed except when
performing package maintainence.  The root filesystem image retains
a real /var so I can boot single-user to do that kind of stuff in
a persistent manner, the MFS /var is simply mounted over the top
of it to give a read-write /var when the root is read-only.  Since
my application was thin clients those naturally get rebooted and
reset regularly (they are powered off at the end of the day) which
solves the problem of log files filling up the MFS /var, but for
your kind of application which is likely to be long-running you'll
probably need some kind of log file trimming thing going on.

Clear out /dev apart from the MAKEDEV script so the kernel creates
an MFS /dev on boot

Stop any unneeded and problematic stuff from starting.  The notes
I have here say to delete /etc/rc.d/postfix and /etc/rc.d/swap2

Finally adjust /etc/fstab to mount the root readonly at boot.
Watch out for any console messages or log entries from things
complaining they can't do any writes - there probably are things
I've forgotten about.

I do have a directory supposedly with all modified files from a
standard installation here which I've tarred up and put at
That may well serve as a useful starting point although it isn't
as complete as it is supposed to be.  You'll need to go through
those with a certain amount of discretion since it's a mixture of
what is needed for read-only operation and site-specific configuration.

Andrew Smallshaw

Home | Main Index | Thread Index | Old Index