Carol Hebert wrote: > Quoting Benoit Guillon <[EMAIL PROTECTED]>: > >> Carol Hebert wrote: > > .. > >>> >>> Regarding out-of-band watchdog manipulation, of course it's not a good >>> idea for a remote machine to be made responsible for resetting a >>> watchdog timer on any another machine. >>> >> It depends on the capabilities of the overall machine (here, the >> watchdog is the only way to have reset/power controls), and the >> capabilities of the targetted board: there are switches on which I >> cannot put watchdog daemons, or SBCs with flashed linux systems on >> which I cannot install any smart daemon. >> >> It also depends on the situations. A remote watchdog is meaningful for >> targets that must boot in a specified amount of time: you cannot bet >> that the remote diskless target boots correctly and is not stuck in a >> BIOS failure or in a linux boot failure. > > > I believe Corey Minyard provided excellent responses to both of these > points in a separate email to this list today. I believe the bottom > lines were pretty much: that the chassis power control commands are > mandatory/required and should be made available by the vendor, and that > a remote watchdog setting does not guarantee a reset.
Yes, I understand that the watchdog is not provided for that. I've had a confirmation by the vendor: the boards do not support those chassis commands. What is not clear to me is what the term "chassis" should cover. In my case I've several compact pci blades in a rack. Should the chassis commands work on the rack itself, or at the board level? >> About the fact that a remote board should not overwrite a watchdog set >> locally, the code could be improved so that a "get watchdog" is done >> before any "set watchdog" to deduce if a watchdog is currently running >> (don't know if it can be deduced in any case, though). > > IMHO, this command in ipmitool is too unsafe even in this form. It's > like giving a user a command that's in essence a loaded gun pointed at > his/her head (actually, guns pointed at lots of remote folks' heads), > each scheduled to fire every <time setting> seconds and expecting the > remote user to figure out how to continually keep everyone from getting > shot. Hm, an apocalyptic vision... > While ipmi has lots of dangerous commands to allow folks to do powerful > they want to do with systems, watchdog is not meant to be used in the > manner suggested by this patch. I don't believe users will be expecting > it to be a new chassis power control command and lots of innocent > bystanders > will end up getting hurt by it. I believe the functionality you need > would be much better obtained via other commands. Can we please take a > step back and figure out what's really needed, and design something safe > that can do what you need? I want the BMC board in the rack can remotely reset/power off/power cycle another (SMC) board in the rack, through IPMI. How would you achieve this? >>> >> Feel free to drop the patch if you find it too dangerous or not >> complete/robust enough. If it is too dangerous (but I don't see why it >> is more dangerous than the ability to bridge a chassis power command) >> maybe a configure option like --with-watchdog could be added, so that >> the people/packagers wanting the feature would explicitely ask for it >> at compilation time. > > Yes, thanks. I vote to pull the patch and do/design something different. > > My $.10 (inflation :-}, On the contrary, your contribution is helpful. Regards, -- BenoƮt Guillon [EMAIL PROTECTED] TCT/3S tel. : 33 (0)4 98 16 33 90 THALES COMPUTERS ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
