[Grml] Re: Brittle init.d scripts - tmpfs ramfs

Michael Prokop mika at grml.org
Sun Jan 28 23:18:51 CET 2007 

* Mark <27e3kk302 at sneakemail.com> [20070128 22:13]:

> > If I understand you right you are blaiming initscripts with daemons
> > that log to something like /var/log/$FOO/bar.log and complain if
> > /var/log/$FOO does not exist? Well, that's something you cannot
> > work around that easy...

> Oh, I wish they would complain!  They just fail mysteriously!  But yes,
> that is the idea.  Our shortcut was a master /etc/init.d/tmpfs-prep
> script making fresh directories for broken init.d scripts.

> The real answer is for script authors to write defensive code.  Init.d
> scripts already conform to a certain style convention so it should not
> be hard.  These days of multi-gigabyte memory means running from RAM
> will get more and more common.  For us, there is no reason to slow down
> apps with unwanted disk access just because some init.d scripts are
> sloppy.

"Defensive code" might mean "do not start a service if you can not
log to the specified logfile" as well. So: "depends"

> > "Mounting an empty directory through tmpfs" to something like
> > /var/log has to fail if you don't take further actions. Ah, looks
> > like you are searching for overlays via unionfs. :)

> Not clear what that means.  Here's what we want:  small system
> directories causing frequent disk access and opening security risks
> mounted in RAM.

Try unionfs. Here's a short demo (a 5 minutes hack, I hope I did not
overlook something):

What we want? Everything logged to /var/log should be written into a
tmpfs mounted on /tmp/tmpfs.

Step 1: Let's log string "unionfs-test" to syslog for further
investigation and make sure we don't have any file handles left:

# logger unionfs-test
# Stop syslog-ng
Stopping system logging: syslog-ng.
# tail -3 /var/log/syslog
Jan 28 22:51:10 funkenzutzler logger: unionfs-test
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: SIGTERM received, terminating;
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'

Step 2: Now set up tmpfs and unionfs:

# mkdir /tmp/tmpfs
# mount -t tmpfs -o size=20% none /tmp/tmpfs
# modprobe unionfs
# mount -t unionfs -o dirs=/tmp/tmpfs:/var/log=ro none /var/log

Step 3: Now let's start syslog-ng and log string "unionfs running":

# Start syslog-ng
Starting system logging: syslog-ng.
# logger unionfs running
# tail -1 /var/log/syslog
Jan 28 22:52:20 funkenzutzler logger: unionfs running

Ok, logging was successfull, but is content of original /var/log
still present?

# ls -la /var/log | tail -5
-rw-rw-r--  1 root              utmp       902016 2007-01-28 13:40 wtmp
drwxr-s---  2 root              adm          4096 2006-09-03 13:28 xen/
-rw-r--r--  1 root              root            0 2006-05-09 08:10 xfs.log
-rw-rw-r--  1 root              root       616086 2007-01-28 20:46 Xorg.0.log
-rw-r--r--  1 root              root       575769 2007-01-15 17:30 Xorg.0.log.old

Yes, sir - that's why we call it overlay. :)
But what's inside /tmp/tmpfs now?

# ls -la /tmp/tmpfs
total 15792
drwxrwxrwt  2 root root      100 2007-01-28 23:06 ./
drwxrwxrwt 26 root root    12288 2007-01-28 23:06 ../
-rw-r-----  1 root adm   3927493 2007-01-28 23:06 messages
-rw-r-----  1 root adm  12082844 2007-01-28 23:06 syslog
-rw-r-----  1 root adm    113031 2007-01-28 23:06 user.log

Ah, only the stuff changed in /var/log went to our tmpfs, nice.
Now let's umount tmpfs and unionfs:

# umount -l /var/log ; umount -l /tmp/tmpfs
# tail -1 /var/log/syslog
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'

Huh - where is our 'unionfs running' in syslog? :)
Let's double-check:

# Restart syslog-ng
Stopping system logging: syslog-ng.
Starting system logging: syslog-ng.
# logger unions not present
# tail -5 /var/log/syslog
Jan 28 22:51:10 funkenzutzler logger: unionfs-test
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: SIGTERM received, terminating;
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'
Jan 28 22:52:59 funkenzutzler syslog-ng[16218]: syslog-ng starting up; version='2.0rc3'
Jan 28 22:53:27 funkenzutzler logger: unions not present

Right - all changes during use of the unionfs overlay were written
to tmpfs instead of /var/log on harddisk. Cute, nor? :)

regards,
-mika-
-- 
You like grml?  Help us!      http://grml.org/donations/
Already on the grml-user-map? http://www.frappr.com/grmlusers
The Grml Planet               http://planet.grml.org/
Grml Solutions                http://solutions.grml.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mur.at/pipermail/grml/attachments/20070128/aeec7e05/attachment-0002.pgp

More information about the Grml mailing list