"safe" ext4 configuration for systems running unattended
I have a system running linux that must run unattended for long periods of time. The system uses industrial CF card for storage. Most of the time there are no writes to flash, although every now and then some configuration data/settings can be modified. The system must be resistant to power failures.
I would like to use ext4 for this. What is the best way to configure ext4 for this kind of setup? Bearing in mind that:
- Performance is not a problem at all (especially write performance)
- Upon power loss, the system should always boot in a clean state, even if that means that data written in the last few seconds is lost
- If it is possible to avoid fsck, then all the better.
(I am aware of this related question: Prevent data corruption on ext4/Linux drive on power loss)
I've worked in building a system for automation on boats, and there was a prerequisite: in every moment the power could go down and everything must boostrap again correctly.
My solution was to build a Gentoo-based initramfs system, with only a rw folder for application and configurations (this is the approach used by every router/firewall vendors). This solution add an additional layer of complexity when dealing with system upgrades, but assure you that the system will ALWAYS boot.
Regarding your specific question, you should keep EXT4 journal enabled for having faster fsck (of a few secods), use the data=journal mount option, lower the commit option or use sync option to keep buffers always empty.
Refs: http://www.kernel.org/doc/Documentation/filesystems/ext4.txt
I will preface this by saying that as far as I'm concerned, EXT (in all of its incarnations) is a pretty awful filesystem -- I have seen more "interesting" cases of filesystem corruption in the relatively small number of Linux/EXT{2,3,4} systems I've administered than I have in the relatively large number of Not-EXT filesystems I've had occasion to use.
If at all possible try to pick a more robust filesystem. You'll thank yourself when the inevitable happens.
That being said and all my personal biases out in the open and pushed aside, EXT4 does have three features I can think of that might help you out:
Journaling
EXT4 can be a Journaled filesystem, if you want it to be. Enable the journaling feature (and specifically set the data-journaling mode tojournal
viatune2fs
or as a mount option).
This incurs a performance hit as all data must be written out to the EXT journal before it gets "committed" to the filesystem (every write basically happens twice) but it ensures you can always recover as far as a journal replay will get you without any problems.SYNC
hronous Mounts
When safety is paramount mounting a filesystem with thesync
option is always a good idea. This forces all writes to disk immediately - again this is a performance hit, but a good idea if you expect power failures or random strangers yanking the CF card out.Limit writable filesystems as much as possible This one isn't EXT specific, but the all-too-common Linux philosophy of "just create one big root partition and dump everything into it" is, quite frankly, stupid. Create a proper filesystem structure (
/
,/var
,/usr
,/home
, etc...), and mount as many of the filesystems read-only as possible.
This used to be common advice for unix systems for the sake of security, but in your case it has an added benefit: You can't corrupt a filesystem if you can't write to it.