2

Is it true that removing the power cord without doing halt on a normal read-write root filesystem could cause filesystem corruption?

For my embedded project, it's impossible to shutdown with a clean halt, simply because there is no keyboard, no SSH, nothing.

For now, I solved the problem by setting the root filesystem read-only by default, but this can be annoying to have to do mount -o remount,rw / each time you boot and want to modify something.

Question: Is it possible to have both read-write filesystem and no problem when halting the Pi by removing the power cord?

Ghanima
  • 15,578
  • 15
  • 58
  • 113
Basj
  • 674
  • 2
  • 15
  • 39

4 Answers4

3

1) I take it that this embedded project has got an user interface. So despite having no keyboard (in the conventional sense) and no ssh I don't see why it would be impossible to issue halt. After all the system just needs a push button connected to GPIO labeled "push 2 sec to shutdown". Simple script reads the respective GPIO pin and shuts down accordingly.

2) The issue whether RW or RO mounting of the SD card really reduces filesystem corruption has been discussed before, e.g. How can a read-only SD card get corrupted repeatedly? I understand that even for RO mounted filesystems the behavior during brown-out (voltage levels slowly decreasing below safe operational voltage) can corrupt the filesystem.

3) A solution to safely power down the Pi after interrupting power is a UPS (uninterruptible power supply), see How do I build a UPS-like - battery backup - system? and Circuit to safely power-down Pi for some examples. The idea is that the UPS bridges the time between "unplugging the cord" and the Pi running out of juice to issue halt and properly shutting it down.

Community
  • 1
Ghanima
  • 15,578
  • 15
  • 58
  • 113
  • 1
    My embedded project aims at being like a normal everyday-life-synthesizer. What happens if I remove the power cord of my Yamaha DX7? It will boot correctly the next time. The same if I remove the power cord of an Akai MPC? It will work without any problem at the next boot. I cannot tell to non-tech-people using my synthesizer *"Oh, you unplugged the power cord? Then it's not properly halted, so you have to SSH..."*... This project is aimed at musicians and/or people with 0 linux knowledge. That's why i really need a robust solution. – Basj Jun 02 '15 at 09:28
  • Even your Yamaha does not shut down immediately when you unplug the cord - electronic devices typically have an RC circuit on the power supply which keeps some power supplied for a few seconds after you unplug the cord. You would have to read up on RC (Resistor/Capacitor) circuits to see how big of a cap and resistor you would need to provide power to the Pi for a few seconds, but that could be enough to do `halt`. – Phil B. Jun 02 '15 at 11:16
  • 1
    Optimistically assuming you'd need 250mA for 10 seconds for a clean shutdown, you could get away with a 2.5F super capacitor (e.g. Gold Cap(TM)) on the 5V power supply to keep the 3.3V line up. - Given you have a way to quickly detect the power failure and issue the `halt`. - The more C the better. – JimmyB Jun 02 '15 at 11:25
  • @HannoBinder, there was a post around here for a product for the PI doing exactly this! – Ghanima Jun 02 '15 at 11:58
  • Your Yamaha likely does use read-only storage (but it probably also has an "off" switch, and I presume that's the proper way to turn it off, not yanking the cord). Keep in mind there are hundreds of dollars worth of electronics in a device like that whereas a pi is just a pi. With regard to using an RC circuit, the key to preventing filesystem corruption without a proper shutdown is to call `sync`, which shouldn't take more than a few seconds. There's also the various init services, which you should investigate to check what problems might occur because they haven't been stopped properly. – goldilocks Jun 02 '15 at 14:13
  • @HannoBinder what does such a cap look like? such kind of thing, with a bigger capacity? http://www.ebay.fr/itm/1-0F-2-5v-Supercap-1-Farad-1F-Can-be-used-as-memory-backup-in-the-XBOX-/291039833418?pt=LH_DefaultDomain_3&hash=item43c3536d4a I haven't found one on ebay, in the case you would know a link – Basj Jun 02 '15 at 23:49
  • Yes, that's the kind of capacitor I was talking about. Note that they usually can only handle 2.5V each. You'd take, for instance, 2*1.0F@2.5V in series to get 0.5F@5V; of this construction you'd need 5 in parallel to get to 2.5F@5V. It's probably not a good solution after all though, so you may want to look around a bit more to find e.g. what @Ghanima referred to. – JimmyB Jun 03 '15 at 09:55
2

No modern computer system with R/W mass storage can safely by powered down by unplugging. Most computers with a soft power button actually run software to ensure a safe shutdown. The Pi has no such circuitry, although you can add your own.

It is NOT possible to run a completely RO Linux system. Systems which use RO media (such as CD) make a R/W system in RAM, which is discarded on power off; obviously this user changes can not be saved. You can make a Pi system to do the same.

The Raspberry Pi will ignore RO flags, because it simply can't work this way, although it is possible to configure a system partition which RO.

Milliways
  • 54,718
  • 26
  • 92
  • 182
  • It's a bit confusing to say you can't run a (GNU/)linux (or POSIX) system RO but you can with RO storage and RW partitions in RAM. Isn't that a system with RO storage? Of course RAM is RW, and parts of the root filesystem that require this can be put there (e.g. with tmpfs), but changes to them will not persist across boots. That's a logical limitation of a system which has RO storage, regardless of the hardware or OS. You *can* do it with the pi or a POSIX OS, I guess the complication is how relatively complex it becomes. – goldilocks Jun 05 '15 at 01:19
  • @goldilocks I said "It is NOT possible to run a **completely** RO Linux system". – Milliways Jun 05 '15 at 04:59
0

Even if you do not want a user interface for turning it off as @Ghanima was saying but just want to unplug the cord you could make a bash script that executes sudo halt -h when a power failure is detected(assuming you followed @Phil B. idea of using an RC circuit). Here is an example of a hardware detection system. One of your gpio pins would be connected to the "power fail signal" wire as input. If it went high the bash script would halt the Pi(I have not personally and be careful not to fry GPIO).

NULL
  • 2,130
  • 7
  • 24
  • 49
0

My project Nard SDK is the remedy for removed power cord problems. It's designed from ground up for embedded systems and use the SD-card only at boot time. Once up and running the filesystem is never used again, you may even hotplug the SD-card...
http://www.arbetsmyra.dyndns.org/nard/

Ronny Nilsson
  • 888
  • 5
  • 13
  • Waw, nice project! What typical boot time do you get? I worked hard to get my app start ~ 8 seconds after you plug the power cord (see [here](http://www.samplerbox.org/article/fastbootrpi)), I would like to keep this if I switch to your Nard SDK. Do you use systemd or sysvinit? – Basj Jun 05 '15 at 06:52
  • System reliability has a higher priority than boot time in Nard and thus it's not as good as your setup. The default example boots in ~ 25 seconds which is good enough considering the intended targets are always-on. However, Nard is designed so you can easily fine-tune the boot process should you need to. One single shellscript runs linearly from top to bottom at boot forking of all daemons. By replacing the default script with a custom you get almighty powers and can potentially prioritize boot speed instead. As of today only model 1 work unfortunately but support for model 2 B is planed. – Ronny Nilsson Jun 05 '15 at 09:11
  • So you don't use `systemd` nor `sysvinit` but a custom-written init system? – Basj Jun 05 '15 at 09:21
  • Correct. It's a custom minimalistic init system. Everything in Nard tries to be simple and small in size (or it would consume to much of the RAM). – Ronny Nilsson Jun 05 '15 at 09:26
  • With a little bit of work, what boot time (between when you plug power cord and the time your app starts) can we expect? What do you think is achievable? – Basj Jun 05 '15 at 21:44
  • A rough guess is bisect time; so perhaps 10-15 seconds. To get below 10 would probably require quite a lot of work. – Ronny Nilsson Jun 06 '15 at 12:29