| 1 |
> So, can anyone recommend me a filesystem that fulfills my following needs: |
| 2 |
> |
| 3 |
> Scenario: vFirewall (virtual Firewall) that is going to be deployed at |
| 4 |
> my IaaS Cloud Provider. |
| 5 |
> |
| 6 |
> Disk I/O Characteristic: Occasional writes during 'normal' usage, |
| 7 |
> once-a-week eix-sync + emerge -avuD |
| 8 |
> |
| 9 |
> Priority: Stable (i.e., less chance of corruption), least CPU usage. |
| 10 |
> |
| 11 |
> My Google-Fu seems to indicate either XFS or JFS; what do you think? |
| 12 |
|
| 13 |
IMHO a firewall (physical or virtual) is something that fits strictly |
| 14 |
into the "appliance" category. It must do only one thing and do it well, |
| 15 |
with as little complexity and maintenance overhead as possible. Why in |
| 16 |
the world would anyone want to run gentoo (which among the rest needs |
| 17 |
portage and a whole compiler stack) -- or for that matter any other |
| 18 |
full-fledged linux distribution -- on something like that in production |
| 19 |
is beyond me... |
| 20 |
|
| 21 |
That said, XFS and JFS are targeted at completely different use cases |
| 22 |
and are way too complex for your scenario. Without appropriately-sized |
| 23 |
hardware I'm not even sure XFS fits in the "stable" category. Stick to |
| 24 |
ext3, keeping an eye on the inode count for /usr/portage as the default |
| 25 |
value on a small partition probably won't be enough. |
| 26 |
|
| 27 |
Fs-related CPU usage in a firewall (which has nearly zero disk activity |
| 28 |
when up and running) is mostly a non-issue unless you need some form of |
| 29 |
heavy logging or you're doing something wrong. |
| 30 |
|
| 31 |
Weekly updates, on the other hand are exposing you to the risk of random |
| 32 |
breakages and -- if you compile from source -- are going to cost you a |
| 33 |
serious amount of CPU. My advice would be to limit updates to those |
| 34 |
fixing known vulnerabilities, and even then compiling somewhere else and |
| 35 |
doing binary installs would be preferable. |
| 36 |
|
| 37 |
andrea |
Archives