创建影子系统
- 背景:
raspberry 意外断电后会导致 SD 卡文件内容丢失,造成无法启动。影子系统可以解决每次重启后恢复至初始状态,类似网吧的重启还原功能。也类似于Windows PE的内存挂载,将相关的内容挂载在内存使用 - 基于raspberry 版本:
2020-02-13-raspbian-buster - 参考信息来源:https://www.raspberrypi.org/forums/viewtopic.php?t=173063#p1151405
- 建议使用 root 用户登录,避免一些不必要的授权(如:不需要使用sudo来执行相关命令)
修改root用户
# 修改为 root 用户,输入2次密码即可,之后重新登录
sudo passwd root
# 如果要使用 ssh 远程登录 root 还得修改 ssh 配置文件,追加一条:PermitRootLogin yes。默认是禁用的
vi /etc/ssh/sshd_config
1.更新系统及安装自己需要的软件
apt update
apt upgrade -y
2.禁用交换空间
dphys-swapfile swapoff
dphys-swapfile uninstall
update-rc.d dphys-swapfile remove
3.创建并拷贝overlayRoot.sh脚本
临时找个目录生成空的
overlayRoot.sh文件
# 生成 overlayRoot.sh 文件
touch overlayRoot.sh
# 编辑 overlayRoot.sh 文件
vi overlayRoot.sh
以上生成文件成功之后,拷贝以下内容至
overlayRoot.sh文件中
#!/bin/sh
# Read-only Root-FS for Raspian using overlayfs
# Version 1.0
#
# Created 2017 by Pascal Suter @ DALCO AG, Switzerland
# to work on Raspian as custom init script
# (raspbian does not use an initramfs on boot)
#
# Modified 2017-Apr-21 by Tony McBeardsley
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see
# <http://www.gnu.org/licenses/>.
#
#
# Tested with Raspbian mini, 2017-01-11
#
# This script will mount the root filesystem read-only and overlay it with a temporary tempfs
# which is read-write mounted. This is done using the overlayFS which is part of the linux kernel
# since version 3.18.
# when this script is in use, all changes made to anywhere in the root filesystem mount will be lost
# upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
# helps to prolong its life and prevent filesystem coruption in environments where the system is usually
# not shut down properly
#
# Install:
# copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt
# file in the raspbian image's boot partition.
# I strongly recommend to disable swapping before using this. it will work with swap but that just does
# not make sens as the swap file will be stored in the tempfs which again resides in the ram.
# run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
# sudo dphys-swapfile swapoff
# sudo dphys-swapfile uninstall
# sudo update-rc.d dphys-swapfile remove
#
# To install software, run upgrades and do other changes to the raspberry setup, simply remove the init=
# entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more.
fail(){
echo -e "$1"
/bin/bash
}
# Load overlay module
modprobe overlay
if [ $? -ne 0 ]; then
fail "ERROR: missing overlay kernel module"
fi
# Mount /proc
mount -t proc proc /proc
if [ $? -ne 0 ]; then
fail "ERROR: could not mount proc"
fi
# Create a writable fs on /mnt to then create our mountpoints
mount -t tmpfs inittemp /mnt
if [ $? -ne 0 ]; then
fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
fi
# Mount a tmpfs under /mnt/rw
mkdir /mnt/rw
mount -t tmpfs root-rw /mnt/rw
if [ $? -ne 0 ]; then
fail "ERROR: could not create tempfs for upper filesystem"
fi
# Identify root fs device, PARTUUID, mount options and fs type
#rootDev=`blkid -o list | awk '$3 == "/" {print $1}'`
# Changed here(point to / ) in case the cmd above doesn't work # By ChenYang 20171122
rootDev=/dev/mmcblk0p2
rootPARTUUID=`awk '$2 == "/" {print $1}' /etc/fstab`
rootMountOpt=`awk '$2 == "/" {print $4}' /etc/fstab`
rootFsType=`awk '$2 == "/" {print $3}' /etc/fstab`
# Mount original root filesystem readonly under /mnt/lower
mkdir /mnt/lower
mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
if [ $? -ne 0 ]; then
fail "ERROR: could not ro-mount original root partition"
fi
# Mount the overlay filesystem
mkdir /mnt/rw/upper
mkdir /mnt/rw/work
mkdir /mnt/newroot
mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
if [ $? -ne 0 ]; then
fail "ERROR: could not mount overlayFS"
fi
# Create mountpoints inside the new root filesystem-overlay
mkdir /mnt/newroot/ro
mkdir /mnt/newroot/rw
# Remove root mount from fstab (this is already a non-permanent modification)
grep -v "$rootPARTUUID" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
# Change to the new overlay root
cd /mnt/newroot
pivot_root . mnt
exec chroot . sh -c "$(cat <<END
# Move ro and rw mounts to the new root
mount --move /mnt/mnt/lower/ /ro
if [ $? -ne 0 ]; then
echo "ERROR: could not move ro-root into newroot"
/bin/bash
fi
mount --move /mnt/mnt/rw /rw
if [ $? -ne 0 ]; then
echo "ERROR: could not move tempfs rw mount into newroot"
/bin/bash
fi
# Unmount unneeded mounts so we can unmout the old readonly root
umount /mnt/mnt
umount /mnt/proc
umount /mnt/dev
umount /mnt
# Continue with regular init
exec /sbin/init
END
)"
拷贝生成的脚本至 /sbin 目录,并授权
# 拷贝脚本至 /sbin
cp overlayRoot.sh /sbin/overlayRoot.sh
# 授权脚本
chmod a+x /sbin/overlayRoot.sh
4.修改 cmdline.txt 文件
注意,修改该文件后,不要重启。重启后,即为影子系统了。任何新生文件或安装应用重启后均消失
# 打开 cmdline.txt
vi /boot/cmdline.txt
文件末尾追加以下内容:
init=/sbin/overlayRoot.sh
追加前
➜ ~ cat /boot/cmdline.txt
console=serial0,115200 console=tty1 root=PARTUUID=ea7d04d6-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles
➜ ~
追加后
➜ ~ cat /boot/cmdline.txt
console=serial0,115200 console=tty1 root=PARTUUID=ea7d04d6-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles init=/sbin/overlayRoot.sh
➜ ~
5.修改boot分区为只读
为了保证整个 SD 卡都为只读,必须要单独修改 boot 分区为只读。否则默认 boot 分区仍然不是只读,依然可以写文件,重启后不会丢失,如此一来有风险造成意外断电 boot 分区文件丢失,导致无法启动。
# 打开 fstab,修改 boot 为只读
vi /etc/fstab
修改前
➜ ~ cat /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=ea7d04d6-01 /boot vfat defaults 0 2
PARTUUID=ea7d04d6-02 / ext4 defaults,noatime 0 1
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
➜ ~
修改后
➜ ~ cat /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=ea7d04d6-01 /boot vfat defaults,ro 0 2
PARTUUID=ea7d04d6-02 / ext4 defaults,noatime 0 1
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
➜ ~
以上操作后,可以通过
mount命令来查看各分区的读写状态,以便观察相关分区都为只读。
撤消影子系统(更新系统或重新安装软件时需要)
1.remount boot 分区为可写
mount -o remount,rw /boot
2.删除 cmdline.txt init 属性
vi /boot/cmdline.txt
删除前
➜ ~ cat /boot/cmdline.txt
console=serial0,115200 console=tty1 root=PARTUUID=ea7d04d6-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles init=/sbin/overlayRoot.sh
➜ ~
删除后
➜ ~ cat /boot/cmdline.txt
console=serial0,115200 console=tty1 root=PARTUUID=ea7d04d6-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait quiet splash plymouth.ignore-serial-consoles
➜ ~
以上修改后,重启即可生效
3.如果想修改 boot 分区内容,请修改 /etc/fstab 文件
# 打开 fstab
vi /etc/fstab
修改前
➜ ~ cat /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=ea7d04d6-01 /boot vfat defaults,ro 0 2
PARTUUID=ea7d04d6-02 / ext4 defaults,noatime 0 1
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
➜ ~
修改后
➜ ~ cat /etc/fstab
proc /proc proc defaults 0 0
PARTUUID=ea7d04d6-01 /boot vfat defaults 0 2
PARTUUID=ea7d04d6-02 / ext4 defaults,noatime 0 1
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
➜ ~
