Re: safe file systems

david parsons (o.r.c@p.e.l.l.p.o.r.t.l.a.n.d.o.r.u.s)
25 Sep 1997 11:26:38 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mike Jagdis: "Re: Style question: comparison between signed and unsigned?"
Previous message: David Woodhouse: "Re: SO_BINDTODEVICE in 2.1.57 (extra file patched, sorry)"
Maybe in reply to: Larry McVoy: "safe file systems"
Next in thread: Leonard N. Zubkoff: "Re: safe file systems"

In article <linux.kernel.34298A7F.4A3D3BA9@sire.vt.com>,
Robert Wuest <rwuest@sire.vt.com> wrote:
>Larry McVoy wrote:
>>
>> Do you think it would be possible to build a safe, slow file system?
>> By safe, I mean that I could hit reset in the middle of 50 parallel
>> un-tars and reboot the system and the file system comes up clean (no fsck,
>> but data loss)?
>
>I also have a need for this. Well, maybe not this extreme. I would like
>to put Linux on the plant floor in a manufacturing environment. The
>current solutions use DOS based systems, which are in fact, quite tolerant
>to being turned off at random (not completely, but they're pretty good
>about it).
>
>I have in fact brought Linux up on one machine to prove the concept and
>demonstrate how nice it is to do system maintenance and software upgrades
>without bringing the machine down. Our problem is two fold, power isn't
>terribly reliable and the operators are NOT going to learn to shut down
>the computer before hitting the master power switch on friday afternoon.

There are ways you can get around that. The antiviral firewall I
designed (based on Linux) splits the system into a readonly
filesystem containing the system and important files, and a variable
filesystem that only contains transient files, and which can be wiped
clean if something goes wrong.

Readonly file systems don't, as a general rule, care that much if you
turn off the power while they're in full cry; when I was testing
WebShield, I would regularly do updates by walking up to a machine in
the middle of a full test (load average 70, 100% cpu usage), plugging
in the new CD and boot floppy, then hitting the big red switch.
Occasionally the variable filesystem would get hit below the belt and
would have to be reinitialized, but that's what it was designed for.
(And, in production, if a customer had a EISA Compaq that had fallen
into Swap Heaven, the suggested remedy was to push the big red switch
and clean up after it came back online.)

____
david parsons \bi/ There are ways around almost anything, if you ignore
\/ conventional wisdom.

Next message: Mike Jagdis: "Re: Style question: comparison between signed and unsigned?"
Previous message: David Woodhouse: "Re: SO_BINDTODEVICE in 2.1.57 (extra file patched, sorry)"
Maybe in reply to: Larry McVoy: "safe file systems"
Next in thread: Leonard N. Zubkoff: "Re: safe file systems"