Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Oct 2017 12:03:24 -0600
From:      Warner Losh <imp@bsdimp.com>
To:        "freebsd-arch@freebsd.org" <arch@freebsd.org>
Subject:   New reboot flag: -c for 'power cycle'
Message-ID:  <CANCZdfo=uV2EZ8Udf%2BoBj93ZOWeAwK=R9Ddo_8pWbS2AD=f89A@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
I've worked up a prototype for a new type of reboot. Currently we can halt
the system, reboot (reset) the system, and power off the system. However,
there's no reliable[*] way, however, to power cycle a system from the
command line.

For a variety of reasons, we have the need to power cycle a system on
reboot. That is, to remove power and reapply it a short time later. This
obviously requires special hardware to accomplish, but the number of BMC
equipped servers is interesting. The reasons boil down to 'we did something
to some bit of hardware that requires us to power cycle to restore it to
operational state or for new settings to take effect.'

I've uploaded https://reviews.freebsd.org/D12777 with all the changes.
Briefly, it introduces a new howto flag RB_POWERCYCLE. This flag instructs
capable hardware to cause the system to power cycle at the end of
shutdown_full. A new signal has been added to init (SIGWINCH) which
initiates this. Since init has no controlling terminal, SIGWINCH is useless
to it anyway... It add -c to the shutdown,reboot,halt, etc family of
commands. It tweaks the processing of reboot in a couple of places to treat
RB_POWERCYCLE the same way as we treat RB_POWEROFF as appropriate. Finally,
it registers a shutdown_final handler in IPMI and will power off systems
when howto has the RB_POWERCYCLE bit set and the BMC supports the chassis
device. Failure to implement RB_POWERCYCLE is handled the same way that we
handle RB_POWEROFF: in the event of failure, we either reboot or halt the
machine as instructed.

Code comments should go to the review. Design comments should come here.

Warner

[*] To be fair, one can arrange it so that one halts the system after
arming the watchdog and configuring it to power cycle when it fires, but
that relies on systems finishing their halt sequence before the watchdog
fires, and experience suggests that even with that there's a small (~1%)
failure rate for this method that requires manual intervention.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfo=uV2EZ8Udf%2BoBj93ZOWeAwK=R9Ddo_8pWbS2AD=f89A>