I'm installing OpenWRT in a virtual machine running on x86/amd64 architecture. Switching from Vyatta, I'm used to installing it as an image, but I can't seem to find a similar method for OpenWRT. My question is, does this make sense and/or is this possible?
I would like to have a read-only OpenWRT 'optical' image which boots and then loads the overlay or NVRAM data (config and packages) from a hard drive in the computer.
The goal being that the image can only be changed from the host by changing the boot medium to a newer version and reboot. Just like you could boot from CDROM and store stuff on a thumb drive.
This would mean the current combined-squashfs image be turned into a single ro squashfs image which can load an external overlay from another device. Does that make sense?
A standard x86 build is distributed as a raw disk image. It contains:
- Partition table
- GRUB2 in the boot sector
- FAT32 boot partition containing GRUB parameters and kernel binary
- ext4 root partition containing root file system.
The root filesystem is intended to be mounted read/write. Configuration changes are made by writing to various files, and since it is a read/write filesystem, those changed files permanently replace the old ones. OpenWrt does not have a "nvram" database.
That's the ext4 image which can only be upgraded by making a configuration backup, reflashing (, expanding partition) and restoring configuration. This is also more vulnerable to Mikrotik like attacks where files can be corrupted so they survive reboots.
I'm talking about the combined squashfs option, this has a read only base image and a fixed size, integrated ext4 overlay.
I would like to have a non-combined squashfs image. This would be more like a 'live boot cd image', being a read only system which can mount a local storage system as the ext4 overlay mentioned above. Maybe it can also be used to backup/restore the configuration as a file upon saving and rebooting (VyOS uses single config files and persistent storage folder for keys/certs etc.).
I just really like the read-only squashfs base system running live and don't really think the full ext4 image is easily upgradable in the future.
Wouldn't it be easier just to mount root in readonly mode?
And you should think it over, because UCI doesn't require commit changes to apply them.
On that wiki page I get a bit stuck on the "Compiling your own image with larger partition size" chapter. If I'm going to do that, I can just as well spin my own kernel image and such through a ci/cd setup.
I guess I'm more looking for a setup script which can mount local media and restore a backup into a ramfs overlay. Mounting only one local partition in r/w mode to write out a full backup after a save.
I was also looking at software like https://github.com/ytti/oxidized but I'm not sure if it shouldn't just be a bit simpler.
Isn't there already something which also makes sure the right packages get installed after an update?
Actually, this makes things simpler, you can limit access to VM-image on the level of hypervisor.