Date: Mon, 24 Dec 2001 05:42:08 -0500 From: devin-freebsdquestions@rintrah.org To: Jim Durham <durham@w2xo.pgh.pa.us> Cc: freebsd-questions@freebsd.org Subject: Re: BSD emergency shutdown of all servers Message-ID: <20011224054207.A31669@tharmas.rintrah.org> In-Reply-To: <200112240315.fBO3FLA08834@w2xo.pgh.pa.us>; from durham@w2xo.pgh.pa.us on Sun, Dec 23, 2001 at 10:14:42PM -0500 References: <4.2.0.58.20011223163417.0097c610@pop.netzero.net> <200112240315.fBO3FLA08834@w2xo.pgh.pa.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 23, 2001 at 10:14:42PM -0500, Jim Durham wrote: > On Sunday 23 December 2001 04:44 pm, Lord Raiden wrote: > > How would you go about doing an emergency shutdown of all of your > > BSD servers say if something were happening that all of your > > servers HAD to be shut down in 2 minutes or less regardless. > > SSH'ing to all the boxes at the same time would be kinda impossible > > in that limited time. I'm more looking at the old "Panic Button" > > idea. > > > > The idea came to me today and I thought it would be very useful. > > I don't see a need for it right in the foreseeable future, but then > > again, I didn't see the need for a UPS either until one of my boxes > > got whacked by a power surge. So as a little preventative > > forethought, I want something that can remotely shut down all of > > our BSD servers within a 2 minute window so that we can go power > > off at exactly 2 minutes and put the whole NOC dark within 120 > > seconds of the "Panic Alert" so to speak. Plus being able to > > execute all of this from a basic script would be great too. Kinda > > a single option to execute thing. The less things I have to do in > > that 2 minute panic window, the better. > > > > One use I can see for this is if severe weather was approaching > > and we suddenly got an evacuation warning (say a tornado was coming > > or something) then that 2 minute panic shutdown would be priceless. > > Now if the NOC got annihilated by a tornado that would be kinda a > > pointless exercise, but under other circumstances I can see where > > that would be a good thing. > > > > I'm also wanting this to be able to be done through an account > > other than ROOT. One that I can assign the option to only be able > > to execute 3 basic panic commands. One of them being the "shutdown > > -h now" command. The other two might be things like if we were > > being hacked I could fire that off to the server(s) in question and > > shut down all access to them till we could get rid of the hacker, > > or track him down and report him. > > > > Again, I know this is a lengthy question, but I wanted to be as > > clear as I could. Thanks in advance. I hope this gives you > > something to think about too. I'm also working on a solution for > > the NT/2k portion of our network. :) > > OK...this is where the versatility of FreeBSD will pay off for you. > > Create a user "shutdown" on all machines. Pick one machine as a > "master". Generate ssh keys for "shutdown" on all machines. Put the > identity.pub of the shutdown user on the master machine in the > authorized-keys file on each of the "slave" machines. Install "sudo" > on all machines. Allow user "shutdown" to have sudo privs to run > "shutdown -p" . > > Now, just write a little shell script on the master..,which runs as > user shutdown. .. > > #!/bin/sh > ssh slave1 "sudo shutdown -p" > ssh slave2 "sudo shutdown -p" > ... and so forth. > > I haven't tried this, but it should work very quickly, as no > passwords will be asked if you install the keys and they all should > come down within secs of each other (or millisecs, probably). > > You could get more elaborate and have a daemon running on each > machine that listens on a port and runs "shutdown -p" on receipt of > some special packet, but it's probably overkill > > Well, there are two ideas... I'm sure you'll get better ones.. > > -Jim Durham > > > > -Jim Durham > Or put all the slave machines into a list #!/bin/sh for x in `cat list.txt` do ssh $x "sudo shutdown -p" done --devin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011224054207.A31669>