Date: Sun, 23 Dec 2001 22:14:42 -0500 From: Jim Durham <durham@w2xo.pgh.pa.us> To: Lord Raiden <raiden23@netzero.net>, freebsd-questions@FreeBSD.ORG Subject: Re: BSD emergency shutdown of all servers Message-ID: <200112240315.fBO3FLA08834@w2xo.pgh.pa.us> In-Reply-To: <4.2.0.58.20011223163417.0097c610@pop.netzero.net> References: <4.2.0.58.20011223163417.0097c610@pop.netzero.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sunday 23 December 2001 04:44 pm, Lord Raiden wrote: > How would you go about doing an emergency shutdown of all of your > BSD servers say if something were happening that all of your > servers HAD to be shut down in 2 minutes or less regardless. > SSH'ing to all the boxes at the same time would be kinda impossible > in that limited time. I'm more looking at the old "Panic Button" > idea. > > The idea came to me today and I thought it would be very useful. > I don't see a need for it right in the foreseeable future, but then > again, I didn't see the need for a UPS either until one of my boxes > got whacked by a power surge. So as a little preventative > forethought, I want something that can remotely shut down all of > our BSD servers within a 2 minute window so that we can go power > off at exactly 2 minutes and put the whole NOC dark within 120 > seconds of the "Panic Alert" so to speak. Plus being able to > execute all of this from a basic script would be great too. Kinda > a single option to execute thing. The less things I have to do in > that 2 minute panic window, the better. > > One use I can see for this is if severe weather was approaching > and we suddenly got an evacuation warning (say a tornado was coming > or something) then that 2 minute panic shutdown would be priceless. > Now if the NOC got annihilated by a tornado that would be kinda a > pointless exercise, but under other circumstances I can see where > that would be a good thing. > > I'm also wanting this to be able to be done through an account > other than ROOT. One that I can assign the option to only be able > to execute 3 basic panic commands. One of them being the "shutdown > -h now" command. The other two might be things like if we were > being hacked I could fire that off to the server(s) in question and > shut down all access to them till we could get rid of the hacker, > or track him down and report him. > > Again, I know this is a lengthy question, but I wanted to be as > clear as I could. Thanks in advance. I hope this gives you > something to think about too. I'm also working on a solution for > the NT/2k portion of our network. :) OK...this is where the versatility of FreeBSD will pay off for you. Create a user "shutdown" on all machines. Pick one machine as a "master". Generate ssh keys for "shutdown" on all machines. Put the identity.pub of the shutdown user on the master machine in the authorized-keys file on each of the "slave" machines. Install "sudo" on all machines. Allow user "shutdown" to have sudo privs to run "shutdown -p" . Now, just write a little shell script on the master..,which runs as user shutdown. .. #!/bin/sh ssh slave1 "sudo shutdown -p" ssh slave2 "sudo shutdown -p" ... and so forth. I haven't tried this, but it should work very quickly, as no passwords will be asked if you install the keys and they all should come down within secs of each other (or millisecs, probably). You could get more elaborate and have a daemon running on each machine that listens on a port and runs "shutdown -p" on receipt of some special packet, but it's probably overkill Well, there are two ideas... I'm sure you'll get better ones.. -Jim Durham -Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200112240315.fBO3FLA08834>