Best way to prevent the root system filling up when a mount fails?

We have an internal web server (virtualized, hosting ReviewBoard, but not super relevant) and we have a relatively consistent failure mode with failed NFS mounts causing / to fill up. Distro is Ubuntu (don't ask) if a solution depends on a different distribution, it will be slower to implement.

Backups are being performed to /mnt/backup/, which is supposed to an NFS mount to another system. Unfortunately, when the mount fails, or drops off, backups get performed on the root filesystem, which as you can imagine doesn't take long before / is full, and then services start to fail.

A number possible solutions have been discussed.

  1. Monitor /mnt/backups and ensure it's not root. Perhaps a cron job.

  2. Use /mnt/protected/backups, and mount /protected first to a small filesystem, perhaps a loop mount to a local file so it is much less likely to fail.

  3. Chmod a-rwx /mnt/backups (the root filesystem mount point). I'm not sure if mounting over protected director will work, I think it does.

  4. On the mounted tree create a directory called "Backups", then soft link "ln - s /mnt/backup/Backups /Backups". Using /Backups for backups will fail unless the /mnt/backup is mounted, since the local tree doesn't contain the sub-directory.

  5. Performing a check that the directory is correctly mounted in the backup script.

I'm interested in any feedback on these approaches, pros cons or any additional techniques people use as a standard way of protecting the root file system from this type of nastiness.


Solution 1:

Number 5 - Put a test in your backup script to ensure that the directory is mounted before continuing. The script should fail if the mount is not available or present. Or you can just make sure things are mounted prior to running the backup.

Try the mountpoint command, which checks if a specified directory is a mountpoint:

mountpoint -q /mnt/backups || mount /mnt/backups

Solution 2:

The most error-proof solution is to make the mount point unwritable. This would be your solution #3. However there is one additional step you should perform. chattr +i /mnt/backups. This is because even with no permissions, root would still be able to write to the directory. With chattr +i (sets immutable flag) not even root can write to it. Once the mount is mounted, the permissions dont matter as the permissions will be of the remote directory, not the local one.

Solution 3:

What ewwhite said. Also, some extra monitoring for basis system health wouldn't be a bad idea.

Something like Monit can check to see how much space is left. If you want to go full bore on system monitoring, you can look at Nagios, but Monit is light weight and will do the basics.

Since you're using Ubuntu, Monit is already in repo, so you can do "sudo apt-get install monit", then start looking at the configuration files to tell it to send alerts to the right place, monitor the right services, etc. Here's a quick tutorial.

Solution 4:

Here is a one liner that you can run as a cron job, it assumes the mount in question is in fstab:

if mountpoint -q /mnt ; then : ; else mount /mnt ; fi