From owner-freebsd-hackers Wed Feb 27 15: 3:43 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from clarkevans.com (209-9-30-66.sdsl.cais.net [209.9.30.66]) by hub.freebsd.org (Postfix) with ESMTP id 5DC6B37B41E for ; Wed, 27 Feb 2002 15:03:15 -0800 (PST) Received: from cce by clarkevans.com with local (Exim 3.12 #1 (Debian)) id 16gDQ3-0004ew-00 for ; Wed, 27 Feb 2002 18:23:31 -0500 Date: Wed, 27 Feb 2002 18:23:31 -0500 From: "Clark C . Evans" To: freebsd-hackers@FreeBSD.ORG Subject: read-only CD-ROM boot partition for vinum webfarm? Message-ID: <20020227182331.C17592@doublegemini.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello. I was wondering if it is possible to make a read-only boot partition (core kernel, static configuration, and /usr) for a web-farm application. I've posted this question to the freebsd-small list as well and will try to solicit comments there as it seems that is the most appropriate list. Thus far these are some of the challenges outlined on the freebsd-users@uk list... It sounds like the predictable outstanding issues are (thanks to Paul and Jeff)... - /etc/motd gets updated at boot time, but you can turn that off in rc.conf - if you are using /etc/fbtab then /dev/console won't update, there may be other /dev issues (tty files) - if you are using DHCP then dhclient will want to update /etc/resolv.conf Kind Regards, Clark --- To: freebsd-small@FreeBSD.ORG Subject: read-only CD-ROM boot partition for webfarm? Hello. I'm building a webfarm and other than the apache configuration and webpages, the core operating system and /usr partition is/should-be relatively static (scp used to update stuff in a /data partition). I'm using vinum to mirror /data. How hard would it be to make a bootable CD-ROM image with everything on it except the data, log-files, etc? This would have three advantages for me: - Vinum doesn't protect the boot partition since it is a kernel level module. - Having a true read-only file system really would make it hard for crackers. - Updating boxes on the webfarm could be as simple as swapping a new CD-ROM! Thoughts? Clark ----- End forwarded message ----- -- Clark C. Evans Axista, Inc. http://www.axista.com 800.926.5525 XCOLLA Collaborative Project Management Software To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message