system: narrow /var MFS down to /var/log and cap to 50% of physical memory #5727

Here we remove all persistently stored data from /root/var as configured
by the *_var_mfs rc variable.  The cap should be able to be adjusted in
the GUI but will follow in a separate commit.

Eventually this also helps us with #5475.

src/etc/rc.subr.d/var

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Copyright (C) 2019 Deciso B.V.
-# Copyright (c) 2014-2021 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2022 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2004-2010 Scott Ullrich <sullrich@gmail.com>
 # Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>
 #
@@ -28,40 +28,9 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 
-ROOTDIR="/root"
-
-setup_mfs_link()
-{
-	ROOT=${ROOTDIR}
-	MFS=${1}
-
-	# Create dummy directory for MFS-bound
-	# directories that require a persistent
-	# storage underneath to run.
-
-	if [ ! -d "${ROOT}${MFS}" ]; then
-		mkdir -p "${ROOT}${MFS}" "${MFS}"
-		for DIR in $(find "${MFS}" -depth 1); do
-			mv "${DIR}" "${ROOT}${MFS}/"
-		done
-	fi
-}
-
-install_mfs_link()
-{
-	ROOT=${ROOTDIR}
-	MFS=${1}
-
-	# Redirect persistent, but MFS-bound
-	# directory after tmpfs mount.
-
-	mkdir -p "$(dirname ${MFS})"
-	ln -s "${ROOT}${MFS}" "${MFS}"
-}
-
 remove_mfs_link()
 {
-	ROOT=${ROOTDIR}
+	ROOT="/root"
 	MFS=${1}
 
 	# Persistent copies of MFS-bound directories
@@ -114,7 +83,7 @@ for RC_FILE in ${RC_FILES}; do
 	done
 done
 
-USE_MFS_VAR=$(/usr/bin/grep -c 'use_mfs_var[^_]' /conf/config.xml)
+USE_MFS_VAR=$(grep -c 'use_mfs_var[^_]' /conf/config.xml)
 
 # see if / is writable (aka. non-LiveCD boot)
 if _tmpdir=$(mktemp -d -q /.diskless.XXXXXX); then
@@ -122,29 +91,16 @@ if _tmpdir=$(mktemp -d -q /.diskless.XXXXXX); then
 	rmdir ${_tmpdir}
 else
 	# config restore for install media does not support
-	# this as neither /var nor /root are persistent
+	# this as neither /var/log nor /root are persistent
 	USE_MFS_VAR=0
 fi
 
-if [ ${USE_MFS_VAR} -ne 0 ]; then
-	echo -n "Setting up memory disks..."
-
-	for DIR in ${MFS_DIRS}; do
-		setup_mfs_link ${DIR}
-	done
-
-	mount -t tmpfs tmpfs /var
-
-	for DIR in ${MFS_DIRS}; do
-		install_mfs_link ${DIR}
-	done
-
-	echo "done."
-else
-	for DIR in ${MFS_DIRS}; do
-		remove_mfs_link ${DIR}
-	done
-fi
+# XXX remove all renmants of /root/var handling after 22.7
+for DIR in ${MFS_DIRS}; do
+	# unconditionally remove old /var links now that the
+	# feature is constrained to /var/log directory
+	remove_mfs_link ${DIR}
+done
 
 # ensure default directories in /var
 if ! mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null; then
@@ -155,6 +111,20 @@ fi
 # old config files are stored in this place
 mkdir -p /var/etc
 
+if [ ${USE_MFS_VAR} -ne 0 ]; then
+	MAX_MFS_VAR=$(grep 'max_mfs_var' /conf/config.xml | sed 's/[^>]*>\([^<]*\)<.*/\1/')
+	MAX_MEM_SYS=$(sysctl -n hw.physmem)
+
+	if [ -z "${MAX_MFS_VAR}" ]; then
+		# cap to 50% by default to avoid swapping
+		MAX_MFS_VAR=50
+	fi
+
+	echo -n "Setting up /var/log memory disk..."
+	mount -t tmpfs -o size=$((MAX_MEM_SYS / 100 * MAX_MFS_VAR)) tmpfs /var/log
+	echo "done."
+fi
+
 # Clear all files in this directory to prevent stale state of
 # services.  At one point this also helped to prevent shutdown(8)
 # from dropping "nologin" into the directory, preventing login on

src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml

@@ -140,7 +140,7 @@
                 <id>proxy.general.cache.local.enabled</id>
                 <label>Enable local cache</label>
                 <type>checkbox</type>
-                <help>Enable or disable the local cache. Only UFS directory cache type is supported. Do not enable on embedded systems with SD or CF cards without the /var MFS option as this will wear down your drive.</help>
+                <help>Enable or disable the local cache. Only UFS directory cache type is supported. Do not enable on embedded systems with SD or CF cards as this will wear down your drive.</help>
             </field>
             <field>
                 <id>proxy.general.cache.local.size</id>

src/www/system_advanced_misc.php

@@ -485,13 +485,13 @@ include("head.inc");
                 </td>
               </tr>
               <tr>
-                <td><a id="help_for_use_mfs_var" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('/var RAM disk'); ?></td>
+                <td><a id="help_for_use_mfs_var" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('/var/log RAM disk'); ?></td>
                 <td>
-                  <input name="use_mfs_var" type="checkbox" id="use_mfs_var" value="yes" <?=!empty($pconfig['use_mfs_var']) ? 'checked="checked"' : '';?>/>
-                  <?=gettext("Use memory file system for /var"); ?>
+                  <input name="use_mfs_var" type="checkbox" id="use_mfs_var" value="yes" <?= !empty($pconfig['use_mfs_var']) ? 'checked="checked"' : '' ?>/>
+                  <?= gettext('Use memory file system for /var/log') ?>
                   <div class="hidden" data-for="help_for_use_mfs_var">
-                    <?=gettext("Set this if you wish to use /var as a RAM disk (memory file system disks) " .
-                      "rather than using the hard disk. Setting this will cause the data /var to be lost on reboot, including log data."); ?>
+                    <?= gettext('Set this if you wish to use /var/log as a RAM disk (memory file system disks) ' .
+                      'rather than using the hard disk. Setting this will cause the log data to be lost on reboot.') ?>
                   </div>
                 </td>
               </tr>