Logging and overlayfs on an existing Ubuntu install












0















I have an Ubuntu system which will mostly be used as a headless appliance, and needs to recover from abrupt power loss gracefully and start operating normally.



I understand overlayfs is the way to go, but I still need to log and store data, including system logs such as crashes and journaling.



If I understand correctly, I can't simply set up a directory under root and make that read/write - I need a separate partition with a separate file system for the logging and data collection so if it does become corrupted I can still boot into root, detect the situation, and fsck the data partition.




  1. Is my understanding correct? Are there other options I should consider?

  2. Ubuntu is already installed and working (pre-built systems), how can I accomplish this without a full reinstallation?

  3. Is looking up journal and crash logging sufficient, or are there other system logging processes that are also generally preserved in these types of situations?

  4. Is there a guide for this? The guides I've seen cover overlayfs generally, or implementing it without logging specifically, but I haven't seen a guide or script that does overlayfs with logging with good detail, leaving me to search out each part separately.


These systems use desktop ubuntu, and the graphical interface will be used occasionally, however I'd like to be able to automate configuration and installation eventually, so while graphical tools are ok, command line configuration is preferred.






18.04 disk log fsck overlayfs







share|improve this question



























    0















    I have an Ubuntu system which will mostly be used as a headless appliance, and needs to recover from abrupt power loss gracefully and start operating normally.



    I understand overlayfs is the way to go, but I still need to log and store data, including system logs such as crashes and journaling.



    If I understand correctly, I can't simply set up a directory under root and make that read/write - I need a separate partition with a separate file system for the logging and data collection so if it does become corrupted I can still boot into root, detect the situation, and fsck the data partition.




    1. Is my understanding correct? Are there other options I should consider?

    2. Ubuntu is already installed and working (pre-built systems), how can I accomplish this without a full reinstallation?

    3. Is looking up journal and crash logging sufficient, or are there other system logging processes that are also generally preserved in these types of situations?

    4. Is there a guide for this? The guides I've seen cover overlayfs generally, or implementing it without logging specifically, but I haven't seen a guide or script that does overlayfs with logging with good detail, leaving me to search out each part separately.


    These systems use desktop ubuntu, and the graphical interface will be used occasionally, however I'd like to be able to automate configuration and installation eventually, so while graphical tools are ok, command line configuration is preferred.






    18.04 disk log fsck overlayfs







    share|improve this question

























      0












      0








      0


      1






      I have an Ubuntu system which will mostly be used as a headless appliance, and needs to recover from abrupt power loss gracefully and start operating normally.



      I understand overlayfs is the way to go, but I still need to log and store data, including system logs such as crashes and journaling.



      If I understand correctly, I can't simply set up a directory under root and make that read/write - I need a separate partition with a separate file system for the logging and data collection so if it does become corrupted I can still boot into root, detect the situation, and fsck the data partition.




      1. Is my understanding correct? Are there other options I should consider?

      2. Ubuntu is already installed and working (pre-built systems), how can I accomplish this without a full reinstallation?

      3. Is looking up journal and crash logging sufficient, or are there other system logging processes that are also generally preserved in these types of situations?

      4. Is there a guide for this? The guides I've seen cover overlayfs generally, or implementing it without logging specifically, but I haven't seen a guide or script that does overlayfs with logging with good detail, leaving me to search out each part separately.


      These systems use desktop ubuntu, and the graphical interface will be used occasionally, however I'd like to be able to automate configuration and installation eventually, so while graphical tools are ok, command line configuration is preferred.






      18.04 disk log fsck overlayfs







      share|improve this question














      I have an Ubuntu system which will mostly be used as a headless appliance, and needs to recover from abrupt power loss gracefully and start operating normally.



      I understand overlayfs is the way to go, but I still need to log and store data, including system logs such as crashes and journaling.



      If I understand correctly, I can't simply set up a directory under root and make that read/write - I need a separate partition with a separate file system for the logging and data collection so if it does become corrupted I can still boot into root, detect the situation, and fsck the data partition.




      1. Is my understanding correct? Are there other options I should consider?

      2. Ubuntu is already installed and working (pre-built systems), how can I accomplish this without a full reinstallation?

      3. Is looking up journal and crash logging sufficient, or are there other system logging processes that are also generally preserved in these types of situations?

      4. Is there a guide for this? The guides I've seen cover overlayfs generally, or implementing it without logging specifically, but I haven't seen a guide or script that does overlayfs with logging with good detail, leaving me to search out each part separately.


      These systems use desktop ubuntu, and the graphical interface will be used occasionally, however I'd like to be able to automate configuration and installation eventually, so while graphical tools are ok, command line configuration is preferred.






      18.04 disk log fsck overlayfs




      18.04 disk log fsck overlayfs






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Feb 1 at 15:36









      Adam DavisAdam Davis

      1236




      1236






















          1 Answer
          1






          active

          oldest

          votes


















          1















          1. Using an Ubuntu LiveUSB, run gparted to shrink the existing ext4 partition and create a new partition, here called "data-rw" in both name and label.


          2. Reboot.



          That partition will automatically be mounted on boot, probably at /media/user/data_rw. Now that we have a second drive, let's move the log files to it. Nearly all the logging is done to /var/log, so let's make a new directory on the second drive and bind it there.





          1. Make log directory on new partition, sync existing files with users and permissions, and bind in fstab so it's automatic on boot:



            sudo mkdir /media/user/data_rw/log
            sudo rsync -a --include '*/' --exclude '*' /var/log/ /media/user/data_rw/log/
            sudo nano /etc/fstab




          Add these lines to the end (alter the device name as needed):



          /dev/sda3 /media/user/data_rw ext4 rw,nosuid,nodev,relatime,data=ordered 0 2  
          
/media/user/data_rw/log /var/log none rw,bind 0 0



          1. We'd like to force a disk check for the writeable partition, with automated error correction. In theory, this should work, but it's not clear that it is in my case so consider looking into this further. Edit /etc/default/grub and find the line with GRUB_CMDLINE_LINUX_DEFAULT, then add fsck.mode=force fsck.repair=yes to that line. Do sudo update-grub to write the changes to the bootloader


          2. Install overlayfs, sudo apt-get install overlayroot and edit /etc/overlayroot.conf changing the overlayroot option to overlayroot="tmpfs:swap=1,recurse=0" This will cause overlayroot to cover only the root drive, and nothing else, leaving our data_rw drive alone.



          Now reboot, and you should find that adding a file to ~/ will disappear on next boot but adding a file to /media/user/data_rw or /var/log will persist across boots.



          Using journalctl you should find that logs persist across boots as well, and if your system crashes you should find crash logs in /var/log even after a reboot.



          If you need to change the protected filesystem, reboot and when grub comes up press e to edit the grub startup script. On the linux line add overlayroot=disabled to the end. This will work until reboot. You can add a new grub bootloader option if this is frequently needed.



          Since writes are never made to the read-only root partition, it should never show errors and should boot back up just fine after abrupt power removal. The data_rw partition, however, may have unfinalized writes to it. The fsck should repair that, but in the worst case scenario, the drive won't mount on boot, the bind won't occur, and the logs will be written to the overlay, and not be preserved. However, the system will still keep running and if this is a critical need you can detect this condition using scripts or software, and take action.



          You can either write directly to /media/user/data_rw or you can use the systemd logging service to capture your logs.



          Much of this answer is possible due to the following resources:



          https://spin.atomicobject.com/2015/03/10/protecting-ubuntu-root-filesystem/



          https://askubuntu.com/a/763645/12100



          How to make mount --bind permanent?



          Automatically force fsck -fy when encountering "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY."






          share|improve this answer

























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "89"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1114761%2flogging-and-overlayfs-on-an-existing-ubuntu-install%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1















            1. Using an Ubuntu LiveUSB, run gparted to shrink the existing ext4 partition and create a new partition, here called "data-rw" in both name and label.


            2. Reboot.



            That partition will automatically be mounted on boot, probably at /media/user/data_rw. Now that we have a second drive, let's move the log files to it. Nearly all the logging is done to /var/log, so let's make a new directory on the second drive and bind it there.





            1. Make log directory on new partition, sync existing files with users and permissions, and bind in fstab so it's automatic on boot:



              sudo mkdir /media/user/data_rw/log
              sudo rsync -a --include '*/' --exclude '*' /var/log/ /media/user/data_rw/log/
              sudo nano /etc/fstab




            Add these lines to the end (alter the device name as needed):



            /dev/sda3 /media/user/data_rw ext4 rw,nosuid,nodev,relatime,data=ordered 0 2  
            
/media/user/data_rw/log /var/log none rw,bind 0 0



            1. We'd like to force a disk check for the writeable partition, with automated error correction. In theory, this should work, but it's not clear that it is in my case so consider looking into this further. Edit /etc/default/grub and find the line with GRUB_CMDLINE_LINUX_DEFAULT, then add fsck.mode=force fsck.repair=yes to that line. Do sudo update-grub to write the changes to the bootloader


            2. Install overlayfs, sudo apt-get install overlayroot and edit /etc/overlayroot.conf changing the overlayroot option to overlayroot="tmpfs:swap=1,recurse=0" This will cause overlayroot to cover only the root drive, and nothing else, leaving our data_rw drive alone.



            Now reboot, and you should find that adding a file to ~/ will disappear on next boot but adding a file to /media/user/data_rw or /var/log will persist across boots.



            Using journalctl you should find that logs persist across boots as well, and if your system crashes you should find crash logs in /var/log even after a reboot.



            If you need to change the protected filesystem, reboot and when grub comes up press e to edit the grub startup script. On the linux line add overlayroot=disabled to the end. This will work until reboot. You can add a new grub bootloader option if this is frequently needed.



            Since writes are never made to the read-only root partition, it should never show errors and should boot back up just fine after abrupt power removal. The data_rw partition, however, may have unfinalized writes to it. The fsck should repair that, but in the worst case scenario, the drive won't mount on boot, the bind won't occur, and the logs will be written to the overlay, and not be preserved. However, the system will still keep running and if this is a critical need you can detect this condition using scripts or software, and take action.



            You can either write directly to /media/user/data_rw or you can use the systemd logging service to capture your logs.



            Much of this answer is possible due to the following resources:



            https://spin.atomicobject.com/2015/03/10/protecting-ubuntu-root-filesystem/



            https://askubuntu.com/a/763645/12100



            How to make mount --bind permanent?



            Automatically force fsck -fy when encountering "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY."






            share|improve this answer






























              1















              1. Using an Ubuntu LiveUSB, run gparted to shrink the existing ext4 partition and create a new partition, here called "data-rw" in both name and label.


              2. Reboot.



              That partition will automatically be mounted on boot, probably at /media/user/data_rw. Now that we have a second drive, let's move the log files to it. Nearly all the logging is done to /var/log, so let's make a new directory on the second drive and bind it there.





              1. Make log directory on new partition, sync existing files with users and permissions, and bind in fstab so it's automatic on boot:



                sudo mkdir /media/user/data_rw/log
                sudo rsync -a --include '*/' --exclude '*' /var/log/ /media/user/data_rw/log/
                sudo nano /etc/fstab




              Add these lines to the end (alter the device name as needed):



              /dev/sda3 /media/user/data_rw ext4 rw,nosuid,nodev,relatime,data=ordered 0 2  
              
/media/user/data_rw/log /var/log none rw,bind 0 0



              1. We'd like to force a disk check for the writeable partition, with automated error correction. In theory, this should work, but it's not clear that it is in my case so consider looking into this further. Edit /etc/default/grub and find the line with GRUB_CMDLINE_LINUX_DEFAULT, then add fsck.mode=force fsck.repair=yes to that line. Do sudo update-grub to write the changes to the bootloader


              2. Install overlayfs, sudo apt-get install overlayroot and edit /etc/overlayroot.conf changing the overlayroot option to overlayroot="tmpfs:swap=1,recurse=0" This will cause overlayroot to cover only the root drive, and nothing else, leaving our data_rw drive alone.



              Now reboot, and you should find that adding a file to ~/ will disappear on next boot but adding a file to /media/user/data_rw or /var/log will persist across boots.



              Using journalctl you should find that logs persist across boots as well, and if your system crashes you should find crash logs in /var/log even after a reboot.



              If you need to change the protected filesystem, reboot and when grub comes up press e to edit the grub startup script. On the linux line add overlayroot=disabled to the end. This will work until reboot. You can add a new grub bootloader option if this is frequently needed.



              Since writes are never made to the read-only root partition, it should never show errors and should boot back up just fine after abrupt power removal. The data_rw partition, however, may have unfinalized writes to it. The fsck should repair that, but in the worst case scenario, the drive won't mount on boot, the bind won't occur, and the logs will be written to the overlay, and not be preserved. However, the system will still keep running and if this is a critical need you can detect this condition using scripts or software, and take action.



              You can either write directly to /media/user/data_rw or you can use the systemd logging service to capture your logs.



              Much of this answer is possible due to the following resources:



              https://spin.atomicobject.com/2015/03/10/protecting-ubuntu-root-filesystem/



              https://askubuntu.com/a/763645/12100



              How to make mount --bind permanent?



              Automatically force fsck -fy when encountering "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY."






              share|improve this answer




























                1












                1








                1








                1. Using an Ubuntu LiveUSB, run gparted to shrink the existing ext4 partition and create a new partition, here called "data-rw" in both name and label.


                2. Reboot.



                That partition will automatically be mounted on boot, probably at /media/user/data_rw. Now that we have a second drive, let's move the log files to it. Nearly all the logging is done to /var/log, so let's make a new directory on the second drive and bind it there.





                1. Make log directory on new partition, sync existing files with users and permissions, and bind in fstab so it's automatic on boot:



                  sudo mkdir /media/user/data_rw/log
                  sudo rsync -a --include '*/' --exclude '*' /var/log/ /media/user/data_rw/log/
                  sudo nano /etc/fstab




                Add these lines to the end (alter the device name as needed):



                /dev/sda3 /media/user/data_rw ext4 rw,nosuid,nodev,relatime,data=ordered 0 2  
                
/media/user/data_rw/log /var/log none rw,bind 0 0



                1. We'd like to force a disk check for the writeable partition, with automated error correction. In theory, this should work, but it's not clear that it is in my case so consider looking into this further. Edit /etc/default/grub and find the line with GRUB_CMDLINE_LINUX_DEFAULT, then add fsck.mode=force fsck.repair=yes to that line. Do sudo update-grub to write the changes to the bootloader


                2. Install overlayfs, sudo apt-get install overlayroot and edit /etc/overlayroot.conf changing the overlayroot option to overlayroot="tmpfs:swap=1,recurse=0" This will cause overlayroot to cover only the root drive, and nothing else, leaving our data_rw drive alone.



                Now reboot, and you should find that adding a file to ~/ will disappear on next boot but adding a file to /media/user/data_rw or /var/log will persist across boots.



                Using journalctl you should find that logs persist across boots as well, and if your system crashes you should find crash logs in /var/log even after a reboot.



                If you need to change the protected filesystem, reboot and when grub comes up press e to edit the grub startup script. On the linux line add overlayroot=disabled to the end. This will work until reboot. You can add a new grub bootloader option if this is frequently needed.



                Since writes are never made to the read-only root partition, it should never show errors and should boot back up just fine after abrupt power removal. The data_rw partition, however, may have unfinalized writes to it. The fsck should repair that, but in the worst case scenario, the drive won't mount on boot, the bind won't occur, and the logs will be written to the overlay, and not be preserved. However, the system will still keep running and if this is a critical need you can detect this condition using scripts or software, and take action.



                You can either write directly to /media/user/data_rw or you can use the systemd logging service to capture your logs.



                Much of this answer is possible due to the following resources:



                https://spin.atomicobject.com/2015/03/10/protecting-ubuntu-root-filesystem/



                https://askubuntu.com/a/763645/12100



                How to make mount --bind permanent?



                Automatically force fsck -fy when encountering "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY."






                share|improve this answer
















                1. Using an Ubuntu LiveUSB, run gparted to shrink the existing ext4 partition and create a new partition, here called "data-rw" in both name and label.


                2. Reboot.



                That partition will automatically be mounted on boot, probably at /media/user/data_rw. Now that we have a second drive, let's move the log files to it. Nearly all the logging is done to /var/log, so let's make a new directory on the second drive and bind it there.





                1. Make log directory on new partition, sync existing files with users and permissions, and bind in fstab so it's automatic on boot:



                  sudo mkdir /media/user/data_rw/log
                  sudo rsync -a --include '*/' --exclude '*' /var/log/ /media/user/data_rw/log/
                  sudo nano /etc/fstab




                Add these lines to the end (alter the device name as needed):



                /dev/sda3 /media/user/data_rw ext4 rw,nosuid,nodev,relatime,data=ordered 0 2  
                
/media/user/data_rw/log /var/log none rw,bind 0 0



                1. We'd like to force a disk check for the writeable partition, with automated error correction. In theory, this should work, but it's not clear that it is in my case so consider looking into this further. Edit /etc/default/grub and find the line with GRUB_CMDLINE_LINUX_DEFAULT, then add fsck.mode=force fsck.repair=yes to that line. Do sudo update-grub to write the changes to the bootloader


                2. Install overlayfs, sudo apt-get install overlayroot and edit /etc/overlayroot.conf changing the overlayroot option to overlayroot="tmpfs:swap=1,recurse=0" This will cause overlayroot to cover only the root drive, and nothing else, leaving our data_rw drive alone.



                Now reboot, and you should find that adding a file to ~/ will disappear on next boot but adding a file to /media/user/data_rw or /var/log will persist across boots.



                Using journalctl you should find that logs persist across boots as well, and if your system crashes you should find crash logs in /var/log even after a reboot.



                If you need to change the protected filesystem, reboot and when grub comes up press e to edit the grub startup script. On the linux line add overlayroot=disabled to the end. This will work until reboot. You can add a new grub bootloader option if this is frequently needed.



                Since writes are never made to the read-only root partition, it should never show errors and should boot back up just fine after abrupt power removal. The data_rw partition, however, may have unfinalized writes to it. The fsck should repair that, but in the worst case scenario, the drive won't mount on boot, the bind won't occur, and the logs will be written to the overlay, and not be preserved. However, the system will still keep running and if this is a critical need you can detect this condition using scripts or software, and take action.



                You can either write directly to /media/user/data_rw or you can use the systemd logging service to capture your logs.



                Much of this answer is possible due to the following resources:



                https://spin.atomicobject.com/2015/03/10/protecting-ubuntu-root-filesystem/



                https://askubuntu.com/a/763645/12100



                How to make mount --bind permanent?



                Automatically force fsck -fy when encountering "UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY."







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Feb 7 at 15:03

























                answered Feb 7 at 14:46









                Adam DavisAdam Davis

                1236




                1236






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Ask Ubuntu!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1114761%2flogging-and-overlayfs-on-an-existing-ubuntu-install%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    Human spaceflight

                    Image
                    Human spaceflight From Wikipedia, the free encyclopedia Jump to navigation Jump to search "Space traveler" redirects here. For other uses, see Space traveler (disambiguation). @media all and (max-width:720px){.mw-parser-output .tmulti>.thumbinner{width:100%!important;max-width:none!important}.mw-parser-output .tmulti .tsingle{float:none!important;max-width:none!important;width:100%!important;text-align:center}} Apollo 11 crewmember Buzz Aldrin on the Moon, 1969 International Space Station crewmember Tracy Caldwell Dyson views the Earth, 2010 Space Shuttle Discovery heads into space with a crew aboard, STS-121 in 2006 Inside a space suit on the Canadarm, 1993 Human spaceflight (also referred to as crewed spaceflight or manned spaceflight ) is space travel with a crew or passengers aboard the spacecraft. Spacecraft carrying people may be operated directly, by human crew, or it may be e
                    Read more

                    Can not write log (Is /dev/pts mounted?) - openpty in Ubuntu-on-Windows?

                    Image
                    0 1 What exactly does the error message beginning with E: mean? I assume it has to do with the file structure on Ubuntu-on-Windows, but what exactly? The following package was automatically installed and is no longer required: os-prober Use 'apt-get autoremove' to remove it. The following extra packages will be installed: libxslt1.1 The following NEW packages will be installed: libxslt1.1 xmlstarlet 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 435 kB of archives. After this operation, 1023 kB of additional disk space will be used. Get:1 http://archive.ubuntu.com/ubuntu/ trusty/main libxslt1.1 amd64 1.1.28-2build1 [145 kB] Get:2 http://archive.ubuntu.com/ubuntu/ trusty/universe xmlstarlet amd64 1.5.0-1 [290 kB]
                    Read more

                    File:DeusFollowingSea.jpg

                    Image
                    File:DeusFollowingSea.jpg From Wikipedia, the free encyclopedia Jump to navigation Jump to search File File history File usage No higher resolution available. DeusFollowingSea.jpg ‎ (238 × 211 pixels, file size: 12 KB, MIME type: image/jpeg ) Summary [ edit ] Media data and Non-free use rationale Description Cover art of the Deus CD Following Sea Author or copyright owner Deus Source (WP:NFCC#4) rocksucker.co.uk Date of publication 2012 Use in article (WP:NFCC#7) Following Sea Purpose of use in article (WP:NFCC#8) to serve as the primary means of visual identification at the top of the article dedicated to the work in question. Not replaceable with free media because (WP:NFCC#1) n.a. Minimal use (WP:NFCC#3) Low res image used in infobox of the article on the album Respect for commercial opportunities (WP:NFCC#2) n.a. Fair use Fair use of co
                    Read more