1 |
> So, can anyone recommend me a filesystem that fulfills my following needs: |
2 |
> |
3 |
> Scenario: vFirewall (virtual Firewall) that is going to be deployed at |
4 |
> my IaaS Cloud Provider. |
5 |
> |
6 |
> Disk I/O Characteristic: Occasional writes during 'normal' usage, |
7 |
> once-a-week eix-sync + emerge -avuD |
8 |
> |
9 |
> Priority: Stable (i.e., less chance of corruption), least CPU usage. |
10 |
> |
11 |
> My Google-Fu seems to indicate either XFS or JFS; what do you think? |
12 |
|
13 |
IMHO a firewall (physical or virtual) is something that fits strictly |
14 |
into the "appliance" category. It must do only one thing and do it well, |
15 |
with as little complexity and maintenance overhead as possible. Why in |
16 |
the world would anyone want to run gentoo (which among the rest needs |
17 |
portage and a whole compiler stack) -- or for that matter any other |
18 |
full-fledged linux distribution -- on something like that in production |
19 |
is beyond me... |
20 |
|
21 |
That said, XFS and JFS are targeted at completely different use cases |
22 |
and are way too complex for your scenario. Without appropriately-sized |
23 |
hardware I'm not even sure XFS fits in the "stable" category. Stick to |
24 |
ext3, keeping an eye on the inode count for /usr/portage as the default |
25 |
value on a small partition probably won't be enough. |
26 |
|
27 |
Fs-related CPU usage in a firewall (which has nearly zero disk activity |
28 |
when up and running) is mostly a non-issue unless you need some form of |
29 |
heavy logging or you're doing something wrong. |
30 |
|
31 |
Weekly updates, on the other hand are exposing you to the risk of random |
32 |
breakages and -- if you compile from source -- are going to cost you a |
33 |
serious amount of CPU. My advice would be to limit updates to those |
34 |
fixing known vulnerabilities, and even then compiling somewhere else and |
35 |
doing binary installs would be preferable. |
36 |
|
37 |
andrea |