From owner-freebsd-hackers Fri May 10 11: 9:19 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from ns2.gnf.org (ns2.gnf.org [63.196.132.68]) by hub.freebsd.org (Postfix) with ESMTP id 285C637B401; Fri, 10 May 2002 11:09:14 -0700 (PDT) Received: from mail.gnf.org (smtp.gnf.org [172.25.11.11]) by ns2.gnf.org (8.11.6/8.11.6) with ESMTP id g4AHxXO95849; Fri, 10 May 2002 10:59:33 -0700 (PDT) (envelope-from gordont@gnf.org) Received: by mail.gnf.org (Postfix, from userid 888) id 647A311E511; Fri, 10 May 2002 11:09:10 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.gnf.org (Postfix) with ESMTP id 632F711A572; Fri, 10 May 2002 11:09:10 -0700 (PDT) Date: Fri, 10 May 2002 11:09:10 -0700 (PDT) From: Gordon Tetlow To: Terry Lambert Cc: Julian Elischer , Jonathan Mini , Michael Smith , Subject: Re: nextboot loader diff In-Reply-To: <3CDC01ED.A188796F@mindspring.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Picking a random message to respond to... On Fri, 10 May 2002, Terry Lambert wrote: > It's actually just as easy to make boot1 go read it itself, assuming > boot1 has the ability to read. It also decouples it somewhat, which > (IMO) is a good thing. This is actually the same effect they get from > using a seperate file, which gets rewritten, rather than hacking "YES" > vs. "TRY" vs. "NO" in a common .conf file (which makes me incredibly > nervous, just like Mike's complaint about it). This is not intended to be used in an "Oh Crap, I just lost a disk and need to recover situation". This is to be used in the following situation (at least, this is how I envisioned it): I have machine A co-located far far away with no console access. I want to put a new kernel on it, but am nervous about what happens if the machine doesn't come back up because I botched the new kernel. I use nextboot to make my new kernel only boot once, in case where the machine hangs and needs to be rebooted (maybe I can tell a noc monkey to reboot the sucker), it'll then fall back to my known good kernel. There are some huge assumptions on my part that I should have spelled out a bit more in my initial email: A) you are going to be using nextboot on a consistent filesystem (after all you rebooted the box, it should (in theory) be a consistent filesystem when the loader goes and rewrites the /boot/nextboot.conf) B) this wasn't to do anything more clever than pass a few args to loader for one shot. C) this was intended to be used by developers who know what they are doing and would like a little extra security and don't want to have to pay a noc monkey to try and fix their configuration over the phone. I've done that waaaay too many times than I care to remember. If this feature was in there, I could just tell them to reboot the box, and it would come back to the kernel that I know was good. Again, please look at it as a convenience, not something that will save your ass. It will happily let you shoot yourself in the foot, but hey so will rm(1). -gordon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message