node_reboot.in 16.5 KB
Newer Older
1
#!/usr/bin/perl -wT
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4

#
# EMULAB-COPYRIGHT
5
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
6 7 8
# All rights reserved.
#

9 10 11 12
use English;
use Getopt::Std;

#
13 14
# Reboot a node (or nodes). Will power cycle the node as a last resort.
# Use -e option to reboot all nodes in an experiment.
15
#
16 17
# Exit value is 0 if all nodes reboot okay, or the number of nodes
# could not be rebooted.
18 19 20
#
sub usage()
{
21 22
    print "Usage: node_reboot [-d] [-f] [-n] [-w] [-k] node [node ...]\n" .
	  "       node_reboot [-d] [-f] [-n] [-w] [-k] -e pid,eid\n".
23
	"Use the -d option to turn on debugging\n" .
24
	"Use the -e option to reboot all the nodes in an experiment\n" .
25
	"Use the -n option to not wait for nodes to go down\n" .
26
	"Use the -w option to to wait for nodes is come back up\n" .
27
	"Use the -k option to power cycle nodes in PXEWAIT mode\n" .
28
	"Use the -f option to power cycle (and not wait for nodes to die)\n";
29 30
    exit(-1);
}
31 32
# The hidden -r option runs this in "realmode", ie don't send an event, but
# really do the work instead.
33
my  $optlist = "dfe:nwrk";
34 35 36 37 38

#
# Configure variables
#
my $TB		= "@prefix@";
39
my $CLIENT_BIN  = "@CLIENT_BINDIR@";
40
my $BOSSNODE    = "@BOSSNODE@";
41 42

#
43
# Testbed Support libraries
44
#
45 46 47
use lib "@prefix@/lib";
use libdb;
use libtestbed;
48
use event;
49
use POSIX qw(strftime);
50

Robert Ricci's avatar
Robert Ricci committed
51
my $ssh		= "$TB/bin/sshtb -n";
52
my $power	= "$TB/bin/power";
53
my $ipod	= "$TB/sbin/apod";
54
my $vnodesetup	= "$TB/sbin/vnode_setup";
55
my $bisend      = "$TB/sbin/bootinfosend";
56
my $logfile	= "$TB/log/power.log";
57 58 59 60
my $ping	= "/sbin/ping";
my %pids	= ();
my @row;
my @nodes       = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
61
my $debug       = 0;
62
my $force       = 0;
63
my $waitmode    = 0;
64 65
my $realmode    = 0;
my $nowait      = 0;
66
my $failed      = 0;
67
my $eidmode     = 0;
68
my $killmode    = 0;
69 70
my $pid;
my $eid;
71 72 73 74 75 76

# un-taint path
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Turn off line buffering on output
Mac Newbold's avatar
Mac Newbold committed
77
$| = 1;
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94

#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("Must be root! Maybe its a development version?");
}

#
# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"d"})) {
95 96 97 98
    $debug = 1;
}
if (defined($options{"f"})) {
    $force = 1;
99
}
100 101 102
if (defined($options{"k"})) {
    $killmode = 1;
}
103 104 105
if (defined($options{"w"})) {
    $waitmode = 1;
}
106 107 108 109 110 111
if (defined($options{"r"})) {
    $realmode = 1;
}
if (defined($options{"n"}) && !defined($options{"w"})) {
    $nowait = 1;
}
112 113 114 115
if (defined($options{"e"})) {
    if (@ARGV) {
	usage();
    }
116

117 118 119 120
    $eidmode = $options{"e"};
    if ($eidmode =~ /([-\w]*),([-\w]*)/) {
	$pid = $1;
	$eid = $2;
121 122
    }
    else {
123 124
	print STDOUT "Invalid argument to -e option: $eidmode\n";
	usage();
125
    }
126 127
}

128
# XXX Temporary, until we make event sending the default
129 130 131 132
$realmode=1;
#if ($realmode && $UID && !TBAdmin($UID)) {
#    die("*** You cannot use real mode!\n");
#}
133

134 135 136 137 138 139
#
# If eidmode, then get the node list out of the DB instead of the command
# line. A proper check is made later, so need to be fancy about the query.
#
if ($eidmode) {
    my @row;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
140 141 142 143 144 145 146 147

    #
    # Verify permission to muck with this experiment.
    #
    if ($UID && !TBAdmin($UID) &&
	! TBExptAccessCheck($UID, $pid, $eid, TB_EXPT_MODIFY)) {
	die("*** You not have permission to reboot nodes in $pid/$eid!\n");
    }
148

149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164
    my $query_result =
	DBQueryFatal("select node_id from reserved where ".
		     "pid='$pid' and eid='$eid'");

    if ($query_result->numrows == 0) {
	print STDOUT "There are no nodes reserved in pid/eid $pid/$eid\n";
	usage();
    }
    while (@row = $query_result->fetchrow_array()) {
	push(@nodes, $row[0]);
    }
}
else {
    if (@ARGV == 0) {
	usage();
    }
165

166 167 168 169 170 171
    # Untaint the nodes.
    foreach my $node ( @ARGV ) {
	if ($node =~ /^([-\@\w]+)$/) {
	    $node = $1;
	}
	else {
Mac Newbold's avatar
Mac Newbold committed
172 173 174 175
	    die("Bad node name: $node\n");
	}
	if (!TBValidNodeName($node)) {
	    die("Node does not exist: $node\n");
176
	}
177

178 179
	push(@nodes, $node);
    }
180

Leigh B. Stoller's avatar
Leigh B. Stoller committed
181 182 183 184 185 186 187
    #
    # Verify permission to reboot these nodes.
    #
    if ($UID && !TBAdmin($UID) &&
	! TBNodeAccessCheck($UID, TB_NODEACCESS_REBOOT, @nodes)) {
	die("You do not have permission to reboot one (or more) ".
	    "of the nodes!\n");
188 189 190
    }
}

191
#
192 193 194 195
# VIRTNODE HACK: Virtual nodes are special. We can reboot jailed vnodes.
# but not old style (non-jail). Also, if we are going to reboot the physical
# node that a vnode is on, do not bother with rebooting the vnode since
# it will certainly get rebooted anyway!
196
#
197 198 199
my %realnodes = ();
my %virtnodes = ();

200
foreach my $node ( @nodes ) {
201
    my ($jailed, $plab);
202

203 204
    if (TBIsNodeVirtual($node, \$jailed, \$plab)) {
	if (! $jailed && ! $plab) {
205 206 207 208
	    print "*** Skipping old style (non-jail) virtual node $node ...\n";
	    next;
	}
	my $pnode;
209

210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225
	if (! TBPhysNodeID($node, \$pnode)) {
	    die("*** $0:\n".
		"    No physical node for $node!\n");
	}
	$virtnodes{$node} = $pnode;
    }
    else {
	$realnodes{$node} = $node;
    }
}
for my $node ( keys(%virtnodes) ) {
    my $pnode = $virtnodes{$node};

    if (defined($realnodes{$pnode})) {
	print "*** Dropping $node since its host ($pnode) will reboot ...\n";
	delete($virtnodes{$node});
226 227
    }
}
228
if (! keys(%realnodes) && ! keys(%virtnodes)) {
229
    print "No nodes to reboot. Exiting ...\n";
230 231 232
    exit(0);
}

233 234 235 236 237
#
# By here we've done all the preliminaries... send the event, unless we're
# in realmode.
#

238
my @sortednodes = sort(keys(%realnodes));
239 240 241 242 243 244 245 246

if (!$realmode) {
    EventSendFatal(host      => $BOSSNODE ,
		   objtype   => TBDB_TBEVENT_COMMAND ,
		   eventtype => TBDB_COMMAND_REBOOT ,
		   objname   => join(",",@sortednodes) );
    if (!$nowait) {
	# In here we can do some output to tell the user what's going on.
247 248 249 250 251 252
	if ($waitmode) {
	    # Wait for [SHUTDOWN,ISUP]

	} else {
	    # Wait for [SHUTDOWN]

253 254
	}
    }
255
    exit(0);
256 257
}

258
#
259 260 261
# Another shark hack. Well, perhaps not. We really don't want 50 nodes
# all rebooting at the same time, PCs *or* sharks. Lets order them
# so that the shelves are grouped together at least, and issue the reboots
Mac Newbold's avatar
Mac Newbold committed
262
# in batches.
263
#
264 265 266 267
while (@sortednodes) {
    my @batch = ();
    my $i     = 0;
    my $lastshelf = 0;
268

269 270 271 272 273 274 275 276 277 278 279 280 281 282 283
    while ($i < 8 && @sortednodes > 0) {
	my $node = shift(@sortednodes);
	my $shelf;
	my $unit;

	#
	# The point of this sillyness is stop at each shelf transition.
	#
	if (IsShelved($node, \$shelf, \$unit)) {
	    if ($lastshelf && $lastshelf ne $shelf) {
		unshift(@sortednodes, $node);
		last;
	    }
	    $lastshelf = $shelf;
	}
284

285 286 287 288 289 290 291 292 293
	push(@batch, $node);
	$i++;
    }

    if ($force) {
        #
        # In force mode, call the power program for the whole batch, and
	# continue on. We don't wait for them to go down or reboot.
        #
294
	info("Force mode: power cycle ".join(" ",@batch));
295
	PowerCycle(@batch);
296 297 298 299 300 301 302 303 304 305 306 307 308 309 310
	if ($?) {
	    exit ($? >> 8);
	}
    }
    else {
        #
        # Fire off a reboot process so that we can overlap them all.
        # We need the pid so we can wait for them all before preceeding.
        #
	foreach my $node ( @batch ) {
	    $mypid = RebootNode($node);
	    $pids{$node} = $mypid;
	}
    }

Mac Newbold's avatar
Mac Newbold committed
311
    #
312 313 314 315 316 317 318 319
    # If there are more nodes to go, then lets pause a bit so that we
    # do not get a flood of machines coming up all at the same exact
    # moment.
    #
    if (@sortednodes) {
	print STDOUT "Pausing to give some nodes time to reboot ...\n";
	if ($lastshelf) {
	    sleep(15);
Mac Newbold's avatar
Mac Newbold committed
320
	} else {
321
	    sleep(10);
Mac Newbold's avatar
Mac Newbold committed
322
	}
323
    }
324 325
}

326
#
327
# Wait for all the reboot children to exit before continuing.
328
#
329
my @needPowercycle = ();
330 331 332 333 334
if (! $force) {
    foreach my $node ( sort(keys(%realnodes)) ) {
	my $mypid     = $pids{$node};

	waitpid($mypid, 0);
335 336 337 338 339
	my $status = $? >> 8;
	if ($status == 2) {
	    # Child signaled to us that this node needs a power cycle
	    push @needPowercycle, $node;
	} elsif ($?) {
340 341 342 343 344 345 346
	    $failed++;
	    print STDERR "Reboot of node $node failed!\n";
	}
	else {
	    print STDOUT "$node rebooting ...\n";
	}
    }
347 348
}

349 350 351 352 353 354 355
#
# Power cycle nodes that couldn't be brought down any other way
#
if (@needPowercycle) {
    PowerCycle(@needPowercycle);
}

356
#
357
# Now do vnodes. Do these serially for now (simple).
Mac Newbold's avatar
Mac Newbold committed
358
#
359 360
for my $node ( keys(%virtnodes) ) {
    my $pnode = $virtnodes{$node};
361

362
    if (RebootVNode($node, $pnode)) {
363
	$failed++;
364
	print STDERR "Reboot of node $node on $pnode failed!\n";
365 366
    }
    else {
367
	print STDOUT "$node on $pnode rebooting ...\n";
368 369 370
    }
}

371
if ($failed) {
372
    print STDERR "$failed real nodes could not be rebooted\n";
373 374 375 376
    exit($failed);
}

#
Mac Newbold's avatar
Mac Newbold committed
377 378
# Wait for nodes to reboot. We wait only once, no reboots.
#
379 380 381 382 383 384 385 386
if ($waitmode) {
    my $waitstart = time;

    print STDOUT "Waiting for nodes to come up ...\n";

    # Wait for events to filter through stated! If we do not wait, then we
    # could see nodes still in ISUP.
    sleep(2);
387

388 389 390 391 392 393 394 395 396
    foreach my $node ( sort(@nodes) ) {
	if (!TBNodeStateWait($node, TBDB_NODESTATE_ISUP, $waitstart, (60*6))) {
	    print STDOUT "$node is alive and well\n";
	    SetNodeBootStatus($node, NODEBOOTSTATUS_OKAY);
	    next;
	}
	SetNodeBootStatus($node, NODEBOOTSTATUS_FAILED);
	$failed++;
    }
397
}
398
print "Done. There were $failed failures to reboot.\n";
399 400 401 402 403
exit $failed;

#
# Reboot a node in a child process. Return the pid to the parent so
# that it can wait on all the children later.
Mac Newbold's avatar
Mac Newbold committed
404
#
405
sub RebootNode {
406
    my ($pc) = @_;
407
    my ($status, $syspid, $mypid, $didipod, $nodestate);
408 409 410

    print STDOUT "Rebooting $pc ...\n";

Mac Newbold's avatar
Mac Newbold committed
411 412 413
    # Report some activity into last_ext_act
    TBActivityReport($pc);

414 415 416 417
    $mypid = fork();
    if ($mypid) {
	return $mypid;
    }
418
    TBdbfork();
419

420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463
    #
    # Is the node in PXEWAIT? If so we want to wake it up so that it can
    # query bootinfo and do what it is supposed to do, without a real reboot.
    # We send the initial wakeup from here, but let stated deal with it
    # failing (timeout) and resending it. That means we could be called
    # with the node in PXEWAKEUP, so send it another wakeup. The point is that
    # stated is controlling the timeouts. Eventually stated gives up and uses
    # the -k option to force a power cycle.
    #
    if (! TBGetNodeEventState($pc, \$nodestate)) {
	info("$pc has no event state: power cycle");
	print STDERR "$pc has no event state Power cycling ...\n" if $debug;
	# Signal to the parent that the node needs to be power cycled
	exit(2);
    }
    if ($nodestate eq TBDB_NODESTATE_PXEWAIT() ||
	$nodestate eq TBDB_NODESTATE_PXEWAKEUP()) {
	#
	# In killmode, we do not want to bother with sending a wakeup event.
	# Just do the power cycle. This is used to unstick a machine that
	# is in waitmode, but not responding to the wakeups. 
	#
	if ($killmode) {
	    info("$pc: in $nodestate: but power cycling in killmode");
	    print STDERR "$pc: in $nodestate: but power cycling in killmode\n"
		if $debug;
	    exit(2);
	}
	
	#
	# The aux program sends the event to stated ...
	#
	my $optarg = ($debug ? "-dd" : "");
	    
	print STDERR "$pc: in $nodestate: sending wakeup command.\n" if $debug;
	system("$bisend $optarg -q $pc");
	if ($?) {
	    info("$pc: PXEWAKEUP failed ... power cycle");
	    print STDERR "$pc: PXEWAKEUP failed ... power cycle.\n" if $debug;
	    exit(2);
	}
	exit(0);
    }

464 465 466 467
    #
    # See if the machine is pingable. If its not pingable, then we just
    # power cycle the machine rather than wait for ssh to time out.
    #
Mac Newbold's avatar
Mac Newbold committed
468
    # ping returns 0 if any packets make it through.
469
    #
470
    if (! DoesPing($pc)) {
471
	info("$pc appears dead: power cycle");
472
	print STDERR "$pc appears to be dead. Power cycling ...\n" if $debug;
473 474
	# Signal to the parent that the node needs to be power cycled
	exit(2);
475 476 477 478
    }

    #
    # Machine is pingable at least. Try to reboot it gracefully,
Mac Newbold's avatar
Mac Newbold committed
479
    # or power cycle anyway if that does not work.
480
    #
481
    print STDERR "Trying ssh reboot of $pc ...\n" if $debug;
482

483 484 485 486 487
    #
    # Must change our real UID to root so that ssh will work. We save the old
    # UID so that we can restore it after we finish the ssh
    #
    my $oldUID = $UID;
488
#    print STDERR "Saved UID: $oldUID\n" if $debug;
489
    $UID = 0;
490

491 492 493 494
    #
    # Run an ssh command in a child process, protected by an alarm to
    # ensure that the ssh is not hung up forever if the machine is in
    # some funky state.
Mac Newbold's avatar
Mac Newbold committed
495
    #
496
    $syspid = fork();
497

498 499
    if ($syspid) {
	local $SIG{ALRM} = sub { kill("TERM", $syspid); };
500
	alarm 20;
501 502 503 504 505 506 507
	waitpid($syspid, 0);
	alarm 0;

	#
	# The ssh can return non-zero exit status, but still have worked.
	# FreeBSD for example.
	#
508
	print STDERR "reboot of $pc returned $?.\n" if $debug;
509

510
	#
511 512
	# If either ssh is not running or it timed out,
	# send it a ping of death.
Mac Newbold's avatar
Mac Newbold committed
513
	#
514 515 516 517 518 519
	if ($? == 256 || $? == 15) {
	    if ($? == 256) {
		print STDERR "$pc is not running sshd.\n" if $debug;
	    } else {
		print STDERR "$pc is wedged.\n" if $debug;
	    }
520
	    info("$pc: ssh reboot failed ... sending ipod");
521 522
	    print STDERR "Trying Ping-of-Death on $pc ...\n" if $debug;

523
	    system("$ipod $pc");
524
	    $didipod = 1;
525
	} else {
526
	    info("$pc: ssh reboot ($?)");
527
	    $didipod = 0;
528 529 530
	}
    }
    else {
531
	exec("$ssh -host $pc /sbin/reboot");
532 533 534
	exit(0);
    }

535
    #
Mac Newbold's avatar
Mac Newbold committed
536
    # Restore the old UID so that scripts run from this point on get the
537 538 539
    # user's real UID
    #
    $UID = $oldUID;
540
#    print STDERR "Restored UID: $UID\n" if $debug;
541

542 543 544 545 546 547
    #
    # Okay, before we power cycle lets really make sure. We wait a while
    # for it to stop responding to pings, and if it never goes silent,
    # punch the power button.
    #
    if (WaitTillDead($pc) == 0) {
548 549
	my $state = TBDB_NODESTATE_SHUTDOWN;
	TBSetNodeEventState($pc,$state);
550 551
	exit(0);
    }
552

553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571
    #
    # Haven't yet tried an ipod, try that and wait again.
    # This further slows down reboot but is probably worth it
    # since this should be a rare case (reboot says it worked but
    # node doesn't reboot) and is vital if the nodes have no
    # power cycle capability to fall back on.
    #
    if (! $didipod) {
	info("$pc: reboot failed ... sending ipod");
	$UID = 0;
	system("$ipod $pc");
	$UID = $oldUID;
	if (WaitTillDead($pc) == 0) {
	    my $state = TBDB_NODESTATE_SHUTDOWN;
	    TBSetNodeEventState($pc,$state);
	    exit(0);
	}
    }

572
    info("$pc: ipod failed ... power cycle");
573
    print STDERR "$pc is still running. Power cycling ...\n" if $debug;
574
    exit(2);
575 576
}

577
#
Mac Newbold's avatar
Mac Newbold committed
578 579
# Reboot a vnode in a child process, and wait for it.
#
580 581 582 583 584 585 586 587 588 589
sub RebootVNode($$) {
    my ($vnode, $pnode) = @_;
    my $syspid;

    print STDOUT "Rebooting $vnode on $pnode ...\n";

    #
    # Run an ssh command in a child process, protected by an alarm to
    # ensure that the ssh is not hung up forever if the machine is in
    # some funky state.
Mac Newbold's avatar
Mac Newbold committed
590
    #
591 592 593 594 595 596 597 598 599 600 601 602 603 604
    $syspid = fork();

    if ($syspid) {
	local $SIG{ALRM} = sub { kill("TERM", $syspid); };
	alarm 20;
	waitpid($syspid, 0);
	alarm 0;
	my $exitstatus = $?;

	#
	# The ssh can return non-zero exit status, but still have worked.
	# FreeBSD for example.
	#
	print STDERR "reboot of $vnode returned $exitstatus.\n" if $debug;
605

606 607
	#
	# Look for setup failure, reported back through ssh.
Mac Newbold's avatar
Mac Newbold committed
608
	#
609 610 611 612 613 614 615 616 617 618 619 620 621 622
	if ($exitstatus) {
	    if ($exitstatus == 256) {
		print STDERR "$pnode is not running sshd.\n" if $debug;
	    }
	    elsif ($exitstatus == 15) {
		print STDERR "$pnode is wedged.\n" if $debug;
	    }
	}
	return($exitstatus);
    }
    #
    # Must change our real UID to root so that ssh will work.
    #
    $UID = 0;
623

624
    exec("$ssh -host $vnode $CLIENT_BIN/vnodesetup -r -j $vnode");
625 626 627
    exit(0);
}

628 629 630 631
#
# Power cycle a PC using the testbed power program.
#
sub PowerCycle {
632 633 634
    my @pcs = @_;

    my $pcstring = join(" ",@pcs);
635

636
    system("$power cycle $pcstring");
637 638 639 640 641
    return $? >> 8;
}

#
# Wait until a machine stops returning ping packets.
Mac Newbold's avatar
Mac Newbold committed
642
#
643
sub WaitTillDead {
644
    my ($pc) = @_;
645 646

    print STDERR "Waiting for $pc to die off\n" if $debug;
647

648 649 650 651 652
    #
    # Sigh, a long ping results in the script waiting until all the
    # packets are sent from all the pings, before it will exit. So,
    # loop doing a bunch of shorter pings.
    #
653 654 655
    for ($i = 0; $i < 30; $i++) {
	if (! DoesPing($pc)) {
	    print STDERR "$pc is rebooting.\n" if $debug;
656 657 658 659 660 661 662
	    return 0;
	}
    }
    print STDERR "$pc is still alive.\n" if $debug;
    return 1;
}

663 664 665 666
#
# Returns 1 if host is responding to pings, 0 otherwise
#
sub DoesPing {
667 668 669
    my ($pc) = @_;
    my $status;
    my $saveuid;
670 671 672 673 674 675 676 677 678 679 680

    $saveuid = $UID;
    $UID = 0;
    system("$ping -q -i 0.25 -c 8 -t 2 $pc >/dev/null 2>&1");
    $UID = $saveuid;
    $status = $? >> 8;

    #
    # Returns 0 if any packets are returned. Returns 2 if pingable
    # but no packets are returned. Other non-zero error codes indicate
    # other problems.  Any non-zero return indicates "not pingable" to us.
Mac Newbold's avatar
Mac Newbold committed
681
    #
682 683 684 685 686 687
    print STDERR "$ping $pc returned $status\n" if $debug;
    if ($status) {
	return 0;
    }
    return 1;
}
688

689

690 691 692 693 694 695 696 697
sub info($) {
    my $message = shift;
    # Print out log entries like this:
    # Sep 20 09:36:00 $message
    open(LOG,">> $logfile");
    print LOG strftime("%b %e %H:%M:%S",localtime)." $message\n";
    close(LOG);
}
698