Page 1 of 1

Robust Read Only RPi

Posted: Wed Sep 16, 2015 9:28 pm
by mikeyoung
Hi guys

I'm using my RPi V2 for an industrial application, where the device will undoubtedly be powered off at the main power socket without proper shutdown.

I plan to mount the Raspian Operating System on the SDCard as Read Only. This is sufficient for my dedicated application. I do however have some configuration files that need to be updated and also a small sqllite database that I will need to write to occasionally. I plan to have these files on a USB flash drive.

I realise that an abrupt power loss while writing to the files on the USB drive will cause corruption. I also realise that the flash drive will perform wear leveling operations which shift data around in the background, and a sudden power failure during this operation could corrupt the drive. I have to assume that the drive will not be removed during power state.

I'm running my RPi from a custom 24v to 5v power supply that I built on a daughter board. Experiment has shown that a 20,000uF capactitor can hold up the supply for 2 seconds after power fail. I can detect the loss of 24v power and signal to the RPi, my application then has 2 seconds to save any data and put itself in an orderly state.

Other experimentation has shown Writing a 3MB text file to USB Flash drive takes between 133 to 250msec on the Raspberry Pi. Following this with a drive dismount takes an additional 270 msecs. So we can write an open 3MB file and dismount the flash drive in about 400 to 500 msec. My application will never write anything larger than this to the Flash drive.

The way I see it is, a 2 second power failure warning allows time to save any necessary data to flash drive, dismount the drive and put my application in a tight loop before the power fails.

Am I missing anything here? What could go wrong? Is there anything in the Raspian OS that is going to spoil my plan?

Re: Robust Read Only RPi

Posted: Wed Sep 16, 2015 9:40 pm
by kusti8
It is going to be tight. You also need to measure how long it takes to receive the signal. GPIO to receive the signal?

It may work, but testing will be the ultimate judge.

Re: Robust Read Only RPi

Posted: Wed Sep 16, 2015 9:58 pm
by mikeyoung
kusti8 wrote:It is going to be tight. You also need to measure how long it takes to receive the signal. GPIO to receive the signal?

It may work, but testing will be the ultimate judge.
Hi kusti8

Thanks for the comment.
I believe the Wiring Pi interrupt latency on the RPi is less than 100usec, probably more like 30usec, however even a 1msec latency would be more than quick enough.

Re: Robust Read Only RPi

Posted: Thu Sep 17, 2015 4:58 am
by Tom_A
Not sure how much the RPi does this, but it was my understanding that sometimes an operating system will not write small files out to media until enough has collected or if the media is "safely removed/ejected." You could user a battery instead of a capacitor to increase the amount of time you have for safe shutdown. That would be the safer solution.

Re: Robust Read Only RPi

Posted: Thu Sep 17, 2015 5:41 am
by Heater
I presume you have seen this document with hints and tips for running with a read only root file system: https://wiki.debian.org/ReadonlyRoot

Tom_A is correct. File system updates may be cached in RAM for a while.

One can run the "sync" command to flush file system buffers whilst running and unmout the file system at shut down.

I'm guessing use of sync when updating files will make the unmount faster when you have to shut down as there will be no buffers to flush.

Re: Robust Read Only RPi

Posted: Thu Sep 17, 2015 9:15 am
by rpdom
Heater wrote:I'm guessing use of sync when updating files will make the unmount faster when you have to shut down as there will be no buffers to flush.
It does.

You can also use the "sync" option in the mount command/fstab, but that can cause extended wear on flash-based storage.

Re: Robust Read Only RPi

Posted: Tue Sep 22, 2015 8:06 am
by mikeyoung
Thanks for the replies

Thanks Heater for the pointer to the document. I have not read it yet but will do.

I am aware of the cached writes to disc. I did some tests writing a 3MB file to the flash drive and then instantly dismounting the drive. This took about 400 to 500 msec for the write and the dismount. Its my understanding that when a dismount is called the cached data will be written to the drive before dismounting so I'm assuming that everything is handled nicely in the half second.

I guess after the dismount the flash drive is in idle mode, so it will not be performing background house keeping and wear leveling, and there is nothing else my application needs to do so that will just sit in a loop waiting to die.

I did look at the battery backed option but it adds other complexities such as charging, having to change batteries etc. The 2 seconds from a big cap just seems sufficient as long as the read only mounted operating system is happy to be turned off without warning over and over again.

I guess that's my main concern. Being new to Linux and RPi I'm not sure if the operating system is robust under these conditions.

Re: Robust Read Only RPi

Posted: Tue Sep 22, 2015 1:47 pm
by rln
> Its my understanding that when a dismount is called the cached data will
> be written to the drive before dismounting

Yes, that is correct.


> I guess after the dismount the flash drive is in idle mode, so it will not
> be performing background house keeping and wear leveling

No one knows! The USB stick contains proprietary software and a uP. No one
except the manufacturer knows what and when it will do something. And
they won't tell you, even if you ask nicely...

Re: Robust Read Only RPi

Posted: Wed Sep 23, 2015 11:44 pm
by tssrshot
I'm sure that money is an issue, as are most projects, but you might consider something like:

http://www.ns-electric.com/products/energyshield/

This example is for Arduino, I backed them on Kickstarter and bought 5, of which I have sadly only used 2. (if anyone is also looking for one, let me know, good deal and NIB; NOT AN AD)

The PI has an option i've seen in use here:

http://www.modmypi.com/raspberry-pi/bre ... s/ups-pico

You can easily program to monitor the I2C battery status and shutdown or run script on low battery. Have it run the code it needs to save, and then force shutdown. Either way it'll get down cleanly for the Card's sakes. When it comes back on, it'll charge while the PI boots and runs. Or if you choose, you can increase the battery size to 3000maH which ought to get you stable for almost 8 hours. Not sure how long your outages last.

Just my two cents, but i'm lazy, as most engineers are, but why would I work all day to figure out how to make resilient code or hardware, when I know I could just make the power situation better. :) As an off shoot, some of those USB power banks do auto-switching, so you can run the power to it, power the PI from USB to it, and when power fails, it kicks over...the reverse on power-on. No examples, but some buddies use it for silly Pi projects.