On Fri, 2006 Jul 28 16:12:35 -0300, Henrique de Moraes Holschuh wrote: > > There is no tradeoff without the hack, and the hack is only needed in > hardware unsuitable for UPS management. Thus, it must be optional. It is > dangerous to data and the hardware, so it should not be the default.
Define "(un)suitable for UPS management." Does this definition include most people's desktop systems? > You have transient responses to power cuts. Watch in an osciloscope, > computer hardware is not a resistive load. No, but any decent power supply will present a load pretty close to it, making such a transient negligible. (I know this to be the case in production server-room environments.) If someone's got a rack setup where a UPS power cutoff will fry everything, they've got a much bigger problem than what we're discussing here. > The situation is bad when everything powers up at the same time too, yes. > That's why it isn't all powered up at once in server rooms, blade > enclosures, etc. Yes. No problem with wanting staggered shutdown, when you have a large number of machines connected, but large numbers of machines connected are not exactly a typical scenario. > > All of which can be done (and already is, I believe). The only thing that > > the system is doing while waiting for poweroff is "sleep 15m; reboot"---no > > disks need to be spinning for that. > > If you did not call halt, plus told the kernel to shutdown the devices, no, > it was *not* done. > > And the kernel is the *only* thing that really knows how to properly > powerdown the devices. Currently, we cannot ask it to do so from userspace > easily, and if we did, we could not access the disks anymore for example. We have "hdparm -Y". We can't access the disk after that, but we shouldn't need to. What more shutdown magic do you need on a hard disk that is not spinning? If you're talking about a flaky hardware RAID array where you can't stop the platters without it self-destructing, then fine. I recall that the scripts check for RAID, and behave differently in that case. > The issue is how the initscript behaves if the NUT shutdown command doesn't > kill everything to kingdon come in 5 seconds. In fact, a proper UPS is > going to be programmed to actually *delay* the powerdown load command for > enough time to allow the load to try to powerdown for real by itself. Assuming things are as I had in my patch, the idea is to have all machines connected to a given UPS configured with a similar wait-until-poweroff- else-reboot time (if they don't shutdown straightaway). This approach is admittedly not the best one---ideally you'd have some sort of statically-linked "death watch" daemon that would do the same thing, but also monitor the UPS, and broadcast an "online" signal if the power returns. You'd no longer have to configure any wait-until-poweroff time, and the aforementioned tradeoff goes away. But this is a wishlist item. Anyway, the disagreement comes down to this: Me: Keep the system minimally running, so that it powers off when the UPS cuts the power, so that it will turn on again when the power returns, given the default behavior and limitations of PC hardware. Do sensible steps to avoid data loss (stop the disks, etc.). Have this be the default, as PC users are the common case. You: Do a normal system shutdown. Rely on server-grade features (e.g. WOL packet from a networked UPS) to resume operation, or an "On/Off state: ON" BIOS setting (despite the problems associated with that). Have this be the default, as the risk of data loss from fragile storage media trumps that of system unavailability after an extended outage. Mr. Quette will have to decide this, but I don't think you've made a strong case for a power-cut being significantly detrimental to data or hardware. Yes, there are circumstances where this can happen, but these are exceptions to the rule. And in one well-known case (RAID arrays), the scripts can easily do something different. > > I think you'll take issue with the NUT documentation, then, as it > > specifically suggests this approach. > > I will. But maybe, perchance, the NUT docs don't suggest you do it unless > you own hardware that cannot do it properly? I didn't read it yet. I'm getting the impression that "hardware that cannot do it properly," as you mean it, includes most PCs and non-server machines. Your view carries the day if NUT's userbase is not mostly these. --Daniel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
