Nicolas Williams writes: > On Mon, Jun 02, 2008 at 11:47:09AM -0400, James Carlson wrote: > > > It does sound like this should be a hook in /sbin/uadmin or in the > > > kernel... > > > > I disagree on the /sbin/uadmin part. The key architectural feature of > > the uadmin(2) system call (and the related /sbin/uadmin utility) is > > that it interacts with the kernel directly: you tell it to reboot, and > > it surely does that. It doesn't fuss with anything else. If you > > didn't want that behavior, then you should use the more clearly > > documented halt(1M) and related administrative interfaces. > > You can ask that the system poweroff. That's the only time that one > should want to have the UPS cut power, no? So that's my rationale for > doing this in uadmin.
/sbin/uadmin itself is just a simple command line utility that calls uadmin(2). I'll assume you mean the latter, as /sbin/uadmin itself isn't special; anybody with the right privilege can call uadmin(2) without invoking /sbin/uadmin, and many things that shut down the system don't bother calling /sbin/uadmin. The tricky part of uadmin(2) is that it's (obviously) in the kernel and that it's often run on a system that's mostly dismantled and about to be turned off. You have to make policy decisions there (about whether to turn off the UPS), and it's not always clear how best to do that. Note that UPS-off is always a special case. What happens is that the main AC power fails, and the system runs for a while on batteries. Then it gets signalled to shut down, and the UPS waits for the system to say "ok to go now." This is no ordinary shutdown; it's not at all like the user issuing /usr/sbin/poweroff command, at least in any UPS software I've ever used. Instead, it's initiated either by the UPS or by some "simulate UPS shutdown" command. Because it's special, the way in which this case is entered is special: we know that the UPS software will send a formal and polite "shut down now" command. It won't just start with uadmin. That shut down is the point where we can set the trigger to say "when you get to the power-off point, make sure the UPS goes with you." That, in turn, could be done either by having a special SMF service that runs dead last, and that tells the UPS "cut power in 5 seconds," or by having a kernel hook for uadmin(2) that allows a special UPS-supplied driver to detect when power-off is imminent, and send the UPS signal -- but only if the UPS-initiated shut down path had been previously started. Of course, those kernel bits are going to get vastly more complicated if they depend on USB or networking to do the communications work. I suspect the service method is going to be much easier to code and maintain, though the 5 second timer seems gross. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
