Quoting Benoit Guillon <[EMAIL PROTECTED]>: > Carol Hebert wrote: > .. >> >> Regarding out-of-band watchdog manipulation, of course it's not a good >> idea for a remote machine to be made responsible for resetting a >> watchdog timer on any another machine. >> > It depends on the capabilities of the overall machine (here, the > watchdog is the only way to have reset/power controls), and the > capabilities of the targetted board: there are switches on which I > cannot put watchdog daemons, or SBCs with flashed linux systems on > which I cannot install any smart daemon. > > It also depends on the situations. A remote watchdog is meaningful for > targets that must boot in a specified amount of time: you cannot bet > that the remote diskless target boots correctly and is not stuck in a > BIOS failure or in a linux boot failure.
I believe Corey Minyard provided excellent responses to both of these points in a separate email to this list today. I believe the bottom lines were pretty much: that the chassis power control commands are mandatory/required and should be made available by the vendor, and that a remote watchdog setting does not guarantee a reset. > > About the fact that a remote board should not overwrite a watchdog set > locally, the code could be improved so that a "get watchdog" is done > before any "set watchdog" to deduce if a watchdog is currently running > (don't know if it can be deduced in any case, though). IMHO, this command in ipmitool is too unsafe even in this form. It's like giving a user a command that's in essence a loaded gun pointed at his/her head (actually, guns pointed at lots of remote folks' heads), each scheduled to fire every <time setting> seconds and expecting the remote user to figure out how to continually keep everyone from getting shot. While ipmi has lots of dangerous commands to allow folks to do powerful they want to do with systems, watchdog is not meant to be used in the manner suggested by this patch. I don't believe users will be expecting it to be a new chassis power control command and lots of innocent bystanders will end up getting hurt by it. I believe the functionality you need would be much better obtained via other commands. Can we please take a step back and figure out what's really needed, and design something safe that can do what you need? >> > Feel free to drop the patch if you find it too dangerous or not > complete/robust enough. If it is too dangerous (but I don't see why it > is more dangerous than the ability to bridge a chassis power command) > maybe a configure option like --with-watchdog could be added, so that > the people/packagers wanting the feature would explicitely ask for it > at compilation time. > Yes, thanks. I vote to pull the patch and do/design something different. My $.10 (inflation :-}, Carol Hebert ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
