Network-Based Read-Only Root Filesystem with High Availability

This article describes a Linux server system with a read-only root partition that provides enhanced security, making it impossible even for the root user to modify the system. This read-only root filesystem (or customized operating system) is actually a client-server system where the OS image is mounted from a central control node over the network.

Core Single Point: The central control node is a single point of failure that stores one or more customized operating system images and provides various services. If this node fails, the entire cluster would collapse. To avoid this single point of failure, the system uses DRBD (Distributed Replicated Block Device) for real-time data synchronization and Heartbeat from the Linux-HA project for automatic failover. The system achieves second-level automatic migration with virtual IP support.

Key Features:

Centralized management - only one operating system needs to be maintained

Real-time updates - any modifications take effect immediately

High security - even root user cannot compromise the system

Exception handling - allows specific files to exist on client servers

Use Cases:

MMORPG servers - providing only computation and database services

High security environments - root user cannot perform malicious actions

Other scenarios requiring enhanced system integrity

Setup Steps:

Deploy DRBD and Heartbeat

Recompile Linux kernel

Customize the operating system

Configure TFTP service

Configure DHCP service

Configure NFS service

PXE network boot

Key Technical Points:

I. Kernel Compilation: Module parameters only work after kernel boots, so NFS must be compiled directly into the kernel (not as a module) to support Root file system on NFS. The system uses Ramdisk to place /var/tmp in memory for proper operation of system services.

II. System Boot Process:

Client boots via network card (PXE) and automatically discovers DHCP service

Downloads customized kernel via DHCP and TFTP

Obtains IP address and starts the operating system

Moves /var and /tmp to memory (tmpfs)

Logs into the operating system

Verifies NFS root mounting

Even attempting "rm -rf /" fails due to read-only nature