Author Topic: Help Beta Test a script to mount the SD card on a Pi read-only  (Read 5119 times)

Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Help Beta Test a script to mount the SD card on a Pi read-only
« on: November 16, 2016, 01:15:26 AM »
I have been talking with David about the desire to mount the filesystems on the SD card on the Pi Read-Only to help further reduce the risk of corruption.  I have created a script which will take an existing v1.8 or v1.9 system and switch the filesystems over to read-only and use an overlay filesystem to mount the /etc configuration directory so that FPP can still configure some of the files it needs.  I've run the system through some testing and David tried it tonight with success, so we wanted to open it up for some wider testing.

NOTE: You should only use this if you are using the default FPP config to use a USB flash drive for storage of FPP configuration and files.  If you are using the SD for storage, mounting the SD card read-only would prevent saving any future settings or uploading new media or files.  It also would probably prevent Apache from starting meaning the UI would break.

Scroll to the bottom of this first post to see a list of known issues.

The script will re-mount the root filesystem read-write to allow pulling in FPP updates and then immediately remount read-only when the update is complete.  This should allow us to recover from any discovered issues in case I missed something, but if you are willing to test the script, I want to give warning that you may need to reinstall the SD card if something comes up that we can't fix through an update on github, although I don't think that will happen.

Here are the instructions for installing and running the script:

======================================================

The first thing you need to do is make sure you are up to date on either v1.8 or v1.9, that means either one of the following should be listed at the top of the UI (OR a newer version indicated by a higher number immediately following the v1.8/v1.9 portion of the version string):

v1.8-53-ge58879d
v1.9-23-gec182c7

You need at least these versions to pull in an updated copy of the script that downloads updates from github.  The updated script knows how to remount the root filesystem read-write to pull in updates and then remount read-only after updating.  You need this BEFORE you run the script noted in the instructions below, otherwise you will not be able to retrieve any more FPP updates after running the script.

Once you are on one of those versions, then you can go to the FPP Script Repository Browser in the UI.  Scroll to the very bottom and you should see a script called ConvertPiRootToReadOnly.sh with a note in the description about mounting the Pi's SD card read-only and a warning that this script is for beta testers only.

Install that script and then go to the FPP File Manager and select the Scripts tab.  Find the ConvertPiRootToReadOnly.sh script and highlight it and click the 'Run' button.  That should open a new window in the browser where you can see the script running.  The script will print out what it is doing and at the end it will tell you that you need to reboot the Pi.

Once you reboot, you can go to the Troubleshooting Commands page and scroll down to the "Mounts" section.  You should see "ro,relatime,data=ordered" for the root filesystem "/".  Some systems may show "noatime" instead of "relatime".    For the /boot filesystem, you should see mount options starting with "ro,relatime" or "ro,noatime" as well.  Prior to running the script, you would have seen "rw" instead of "ro" on these two lines.  Also, in the 'df' output, you should see a /etc.rw directory mounted as a tmpfs filesystem and /etc mounted as an overlay filesystem.  This is what lets FPP modify files in /etc for configuring the network, Avahi for FPP MultiSync discovery, setting the hostname, etc..

The USB flash drive is still mounted read-write since we use it for FPP configuration and storage of media and sequences.  If you want to minimize writes to the USB flash drive, you should set your Log Level to Warn and uncheck all or most of the Log Mask checkboxes on the FPP Settings page.

Known Issues:
- Unable to create the NTP drift file under /var/lib/ntp
- Unable to switch pinout for the Pi LED Panels Channel Output.  FPP can't recreate link to new library in /opt/fpp/lib
- Unable to properly enable RPIWS281x channel output after switching to read-only.  FPP can't disable the onboard audio so the RPIWS281x output won't work.
- Unable to properly configure RTC after switching to read-only.   FPP can't edit the /boot/config.txt file.
« Last Edit: November 23, 2016, 10:10:37 AM by CaptainMurdoch »
-
Chris

Offline JonB256

  • Supporting Member
  • ******
  • Join Date: Mar 2013
  • Location: Granbury, Texas
  • Posts: 3,552
  • Kudos: 74
    • Granbury Christmas Lights
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #1 on: November 16, 2016, 05:37:18 AM »
I'm seeing "noatime" instead of "relatime"

/dev/root on / type ext4 (ro,noatime,data=ordered)
instead of
ro,relatime,data=ordered


but an exact match on the /boot entry

This is a Pi B+ running latest v1.9

no change after a second or third reboot
« Last Edit: November 16, 2016, 05:49:39 AM by JonB256 »

Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #2 on: November 16, 2016, 08:35:23 AM »
noatime is OK as well.  Is that a v1.5 image upgraded through to v1.9?

I will update the initial post to mention noatime as well.

Thanks for testing.

Offline JonB256

  • Supporting Member
  • ******
  • Join Date: Mar 2013
  • Location: Granbury, Texas
  • Posts: 3,552
  • Kudos: 74
    • Granbury Christmas Lights
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #3 on: November 16, 2016, 09:28:38 AM »
On a RasPi 2, I installed this script.

When I tried to update my E1.31 channel outputs, the screen went blank and now won't let me enter any Universes.

Offline JonB256

  • Supporting Member
  • ******
  • Join Date: Mar 2013
  • Location: Granbury, Texas
  • Posts: 3,552
  • Kudos: 74
    • Granbury Christmas Lights
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #4 on: November 16, 2016, 09:35:58 AM »
noatime is OK as well.  Is that a v1.5 image upgraded through to v1.9?

I will update the initial post to mention noatime as well.

Thanks for testing.

I don't remember the upgrade path for the B+ 
It probably was a v1.5 image.

The RasPi 2 (with no E1.31 channel outputs any more) was running the Master branch v1.x (had to delete the *.so files to get to v1.9)


Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #5 on: November 16, 2016, 10:00:48 AM »
On a RasPi 2, I installed this script.

When I tried to update my E1.31 channel outputs, the screen went blank and now won't let me enter any Universes.

Settings would be saved to the USB flash drive which should be unaffected by this unless you are using the SD to store settings?

Can you check the Mounts section of the Troubleshooting page to see if /home/fpp/media is mounted "ro" or "rw"?  It might be a coincidence.

Also check the "df" output on the Troubleshooting page to see if the /etc/ directory is listed as an 'overlay'

Offline JonB256

  • Supporting Member
  • ******
  • Join Date: Mar 2013
  • Location: Granbury, Texas
  • Posts: 3,552
  • Kudos: 74
    • Granbury Christmas Lights
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #6 on: November 16, 2016, 10:52:37 AM »
It was using a USB drive for storage (sda1). Can't check the other options since I've already reflashed back to normal v1.9
This is a RasPi I was putting inside my megatree F16v2 case to run it wirelessly. I needed that E1.31 output. :)
Now that I got all the routing configure correctly, I will "probably" leave it alone.  Nah, who am I kidding.

Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #7 on: November 16, 2016, 11:37:59 AM »
This is a RasPi I was putting inside my megatree F16v2 case to run it wirelessly. I needed that E1.31 output. :)

Hold off on trying it again, I just went to the E1.31 page and confirmed that when I try to change the number of universes, it fails and I get back an empty list.  PHP must be trying to write to somewhere else on the SD card other than the /var/tmp and /tmp directories which are already running on a ramdisk.

Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #8 on: November 16, 2016, 11:49:50 AM »
This is a RasPi I was putting inside my megatree F16v2 case to run it wirelessly. I needed that E1.31 output. :)

OK, the E1.31 issue is fixed.  PHP was trying to write it's session data files to a read-only directory.  That also means that PHP has been one of the things writing to the SD card which we hadn't found yet, so the change I just pushed should help whether users are running the read-only script or not.

I updated the new minimum required versions in the first post, but here they are again:

v1.8-53-ge58879d
v1.9-23-gec182c7

Offline JonB256

  • Supporting Member
  • ******
  • Join Date: Mar 2013
  • Location: Granbury, Texas
  • Posts: 3,552
  • Kudos: 74
    • Granbury Christmas Lights
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #9 on: November 16, 2016, 01:55:48 PM »
What needs to be done to try again (on a Pi that is already changed)? Run the Script again?


update - never could "undo" the read only changes on the B+, so I've scorched earth the uSD card and started over. Not a production RasPi.
« Last Edit: November 16, 2016, 04:12:05 PM by JonB256 »

Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #10 on: November 16, 2016, 03:48:54 PM »
What needs to be done to try again (on a Pi that is already changed)? Run the Script again?

On the Pi that has already had the script run, just pull in the latest FPP updates and then reboot the Pi.  That will install the updated PHP config file and sessions will be written to a writable location.

The script should not be run again, it will fail.  I don't think it would break anything, but it wouldn't be pretty output from the script since none of the setup commands would work because the filesystem is already read-only.

Offline nmiller0113

  • Sr. Member
  • ****
  • Join Date: Aug 2015
  • Location: Santa Rosa, CA
  • Posts: 457
  • Kudos: 7
    • The Miller Lights
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #11 on: November 16, 2016, 03:57:58 PM »
Settings would be saved to the USB flash drive which should be unaffected by this unless you are using the SD to store settings?


Chris, I'm running solely off an SD card and not using USB Flash for my FPP's.  Will this script affect that or should I be ok?  Thanks!

Offline rlemery

  • Sr. Member
  • ****
  • Join Date: Feb 2015
  • Location: Morganton,NC
  • Posts: 368
  • Kudos: 5
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #12 on: November 16, 2016, 04:08:55 PM »
I was wondering the same thing. I have several pi zeros and everything is on the SD card.

Sent from my SM-G920V using Tapatalk

728 lor channels
5492 pixels

Offline CaptainMurdoch

  • Administrator
  • *****
  • Join Date: Sep 2013
  • Location: Washington
  • Posts: 7,854
  • Kudos: 139
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #13 on: November 16, 2016, 04:14:09 PM »
Settings would be saved to the USB flash drive which should be unaffected by this unless you are using the SD to store settings?

Chris, I'm running solely off an SD card and not using USB Flash for my FPP's.  Will this script affect that or should I be ok?  Thanks!

You can't use this script if you use the SD card for storage.  The SD must remain read-write to allow using it for storing settings, media, and sequence files.

We wanted to explore the option of defaulting the SD card to read-only.  If this is a usable solution and we make the v2.0 image read-only by default then we can make a setting to allow mounting the SD read-write to allow it to be used for storage.

I added a warning about this to the first post so users know they can't use this script if they are using the SD for storage.

Offline smccoy

  • Jr. Member
  • **
  • Join Date: May 2016
  • Location: Houston, TX
  • Posts: 66
  • Kudos: 0
Re: Help Beta Test a script to mount the SD card on a Pi read-only
« Reply #14 on: November 16, 2016, 04:23:44 PM »
Just ran the script on two of my Pis and everything looks good so far.

 

Back to top