node_reboot.in 13.8 KB
Newer Older
1
#!/usr/bin/perl -wT
Leigh B. Stoller's avatar
Leigh B. Stoller committed
2 3 4

#
# EMULAB-COPYRIGHT
5
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
6 7 8
# All rights reserved.
#

9 10 11 12
use English;
use Getopt::Std;

#
13 14
# Reboot a node (or nodes). Will power cycle the node as a last resort.
# Use -e option to reboot all nodes in an experiment.
15
#
16 17
# Exit value is 0 if all nodes reboot okay, or the number of nodes
# could not be rebooted.
18 19 20
#
sub usage()
{
21 22
    print STDOUT "Usage: node_reboot [-d] [-f] [-w] node [node ...]\n" .
	         "       node_reboot [-d] [-f] [-w] -e pid,eid\n".
23
	"Use the -d option to turn on debugging\n" .
24
	"Use the -e option to reboot all the nodes in an experiment\n" .
25 26
	"Use the -w option to to wait for nodes is come back up\n" .
	"Use the -f option to power cycle (and not wait for nodes to die)\n";
27 28
    exit(-1);
}
29
my  $optlist = "dfe:w";
30 31 32 33 34

#
# Configure variables
#
my $TB		= "@prefix@";
35
my $CLIENT_BIN  = "@CLIENT_BINDIR@";
36 37

#
38
# Testbed Support libraries
39
#
40 41 42
use lib "@prefix@/lib";
use libdb;
use libtestbed;
43
use POSIX qw(strftime);
44

Robert Ricci's avatar
Robert Ricci committed
45
my $ssh		= "$TB/bin/sshtb -n";
46
my $power	= "$TB/bin/power";
47
my $ipod	= "$TB/sbin/apod";
48
my $vnodesetup	= "$TB/sbin/vnode_setup";
49
my $logfile	= "$TB/log/power.log";
50 51 52 53
my $ping	= "/sbin/ping";
my %pids	= ();
my @row;
my @nodes       = ();
Leigh B. Stoller's avatar
Leigh B. Stoller committed
54
my $debug       = 0;
55
my $force       = 0;
56
my $waitmode    = 0;
57
my $failed      = 0;
58 59 60
my $eidmode     = 0;
my $pid;
my $eid;
61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84

# un-taint path
$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};

# Turn off line buffering on output
$| = 1; 

#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
    die("Must be root! Maybe its a development version?");
}

#
# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
    usage();
}
if (defined($options{"d"})) {
85 86 87 88
    $debug = 1;
}
if (defined($options{"f"})) {
    $force = 1;
89
}
90 91 92
if (defined($options{"w"})) {
    $waitmode = 1;
}
93 94 95 96 97 98 99 100 101
if (defined($options{"e"})) {
    if (@ARGV) {
	usage();
    }
    
    $eidmode = $options{"e"};
    if ($eidmode =~ /([-\w]*),([-\w]*)/) {
	$pid = $1;
	$eid = $2;
102 103
    }
    else {
104 105
	print STDOUT "Invalid argument to -e option: $eidmode\n";
	usage();
106
    }
107 108 109 110 111 112 113 114
}

#
# If eidmode, then get the node list out of the DB instead of the command
# line. A proper check is made later, so need to be fancy about the query.
#
if ($eidmode) {
    my @row;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
115 116 117 118 119 120 121 122

    #
    # Verify permission to muck with this experiment.
    #
    if ($UID && !TBAdmin($UID) &&
	! TBExptAccessCheck($UID, $pid, $eid, TB_EXPT_MODIFY)) {
	die("*** You not have permission to reboot nodes in $pid/$eid!\n");
    }
123
    
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151
    my $query_result =
	DBQueryFatal("select node_id from reserved where ".
		     "pid='$pid' and eid='$eid'");

    if ($query_result->numrows == 0) {
	print STDOUT "There are no nodes reserved in pid/eid $pid/$eid\n";
	usage();
    }
    while (@row = $query_result->fetchrow_array()) {
	push(@nodes, $row[0]);
    }
}
else {
    if (@ARGV == 0) {
	usage();
    }
    
    # Untaint the nodes.
    foreach my $node ( @ARGV ) {
	if ($node =~ /^([-\@\w]+)$/) {
	    $node = $1;
	}
	else {
	    die("Bad node name: $node.");
	}
    
	push(@nodes, $node);
    }
152

Leigh B. Stoller's avatar
Leigh B. Stoller committed
153 154 155 156 157 158 159
    #
    # Verify permission to reboot these nodes.
    #
    if ($UID && !TBAdmin($UID) &&
	! TBNodeAccessCheck($UID, TB_NODEACCESS_REBOOT, @nodes)) {
	die("You do not have permission to reboot one (or more) ".
	    "of the nodes!\n");
160 161 162
    }
}

163
#
164 165 166 167
# VIRTNODE HACK: Virtual nodes are special. We can reboot jailed vnodes.
# but not old style (non-jail). Also, if we are going to reboot the physical
# node that a vnode is on, do not bother with rebooting the vnode since
# it will certainly get rebooted anyway!
168
#
169 170 171
my %realnodes = ();
my %virtnodes = ();

172
foreach my $node ( @nodes ) {
173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
    my $jailed;
    
    if (TBIsNodeVirtual($node, \$jailed)) {
	if (! $jailed) {
	    print "*** Skipping old style (non-jail) virtual node $node ...\n";
	    next;
	}
	my $pnode;
	
	if (! TBPhysNodeID($node, \$pnode)) {
	    die("*** $0:\n".
		"    No physical node for $node!\n");
	}
	$virtnodes{$node} = $pnode;
    }
    else {
	$realnodes{$node} = $node;
    }
}
for my $node ( keys(%virtnodes) ) {
    my $pnode = $virtnodes{$node};

    if (defined($realnodes{$pnode})) {
	print "*** Dropping $node since its host ($pnode) will reboot ...\n";
	delete($virtnodes{$node});
198 199
    }
}
200
if (! keys(%realnodes) && ! keys(%virtnodes)) {
201
    print "No nodes to reboot. Exiting ...\n";
202 203 204
    exit(0);
}

205
#
206 207 208 209
# Another shark hack. Well, perhaps not. We really don't want 50 nodes
# all rebooting at the same time, PCs *or* sharks. Lets order them
# so that the shelves are grouped together at least, and issue the reboots
# in batches. 
210
#
211
my @sortednodes = sort(keys(%realnodes));
212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242

while (@sortednodes) {
    my @batch = ();
    my $i     = 0;
    my $lastshelf = 0;
    
    while ($i < 8 && @sortednodes > 0) {
	my $node = shift(@sortednodes);
	my $shelf;
	my $unit;

	#
	# The point of this sillyness is stop at each shelf transition.
	#
	if (IsShelved($node, \$shelf, \$unit)) {
	    if ($lastshelf && $lastshelf ne $shelf) {
		unshift(@sortednodes, $node);
		last;
	    }
	    $lastshelf = $shelf;
	}
	    
	push(@batch, $node);
	$i++;
    }

    if ($force) {
        #
        # In force mode, call the power program for the whole batch, and
	# continue on. We don't wait for them to go down or reboot.
        #
243
	info("Force mode: power cycle ".join(" ",@batch));
244
	PowerCycle(@batch);
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268
	if ($?) {
	    exit ($? >> 8);
	}
    }
    else {
        #
        # Fire off a reboot process so that we can overlap them all.
        # We need the pid so we can wait for them all before preceeding.
        #
	foreach my $node ( @batch ) {
	    $mypid = RebootNode($node);
	    $pids{$node} = $mypid;
	}
    }

    # 
    # If there are more nodes to go, then lets pause a bit so that we
    # do not get a flood of machines coming up all at the same exact
    # moment.
    #
    if (@sortednodes) {
	print STDOUT "Pausing to give some nodes time to reboot ...\n";
	if ($lastshelf) {
	    sleep(15);
Mac Newbold's avatar
Mac Newbold committed
269
	} else {
270
	    sleep(10);
Mac Newbold's avatar
Mac Newbold committed
271
	}
272
    }
273 274
}

275
#
276
# Wait for all the reboot children to exit before continuing.
277
#
278
my @needPowercycle = ();
279 280 281 282 283
if (! $force) {
    foreach my $node ( sort(keys(%realnodes)) ) {
	my $mypid     = $pids{$node};

	waitpid($mypid, 0);
284 285 286 287 288
	my $status = $? >> 8;
	if ($status == 2) {
	    # Child signaled to us that this node needs a power cycle
	    push @needPowercycle, $node;
	} elsif ($?) {
289 290 291 292 293 294 295
	    $failed++;
	    print STDERR "Reboot of node $node failed!\n";
	}
	else {
	    print STDOUT "$node rebooting ...\n";
	}
    }
296 297
}

298 299 300 301 302 303 304
#
# Power cycle nodes that couldn't be brought down any other way
#
if (@needPowercycle) {
    PowerCycle(@needPowercycle);
}

305
#
306 307 308 309
# Now do vnodes. Do these serially for now (simple).
# 
for my $node ( keys(%virtnodes) ) {
    my $pnode = $virtnodes{$node};
310

311
    if (RebootVNode($node, $pnode)) {
312
	$failed++;
313
	print STDERR "Reboot of node $node on $pnode failed!\n";
314 315
    }
    else {
316
	print STDOUT "$node on $pnode rebooting ...\n";
317 318 319
    }
}

320
if ($failed) {
321
    print STDERR "$failed real nodes could not be rebooted\n";
322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345
    exit($failed);
}

#
# Wait for nodes to reboot. We wait only once, no reboots. 
# 
if ($waitmode) {
    my $waitstart = time;

    print STDOUT "Waiting for nodes to come up ...\n";

    # Wait for events to filter through stated! If we do not wait, then we
    # could see nodes still in ISUP.
    sleep(2);
    
    foreach my $node ( sort(@nodes) ) {
	if (!TBNodeStateWait($node, TBDB_NODESTATE_ISUP, $waitstart, (60*6))) {
	    print STDOUT "$node is alive and well\n";
	    SetNodeBootStatus($node, NODEBOOTSTATUS_OKAY);
	    next;
	}
	SetNodeBootStatus($node, NODEBOOTSTATUS_FAILED);
	$failed++;
    }
346
}
347
print "Done. There were $failed failures to reboot.\n";
348 349 350 351 352 353 354
exit $failed;

#
# Reboot a node in a child process. Return the pid to the parent so
# that it can wait on all the children later.
# 
sub RebootNode {
355
    my ($pc) = @_;
356
    my ($status, $syspid, $mypid, $didipod);
357 358 359

    print STDOUT "Rebooting $pc ...\n";

Mac Newbold's avatar
Mac Newbold committed
360 361 362
    # Report some activity into last_ext_act
    TBActivityReport($pc);

363 364 365 366
    $mypid = fork();
    if ($mypid) {
	return $mypid;
    }
367
    TBdbfork();
368 369 370 371 372 373 374

    #
    # See if the machine is pingable. If its not pingable, then we just
    # power cycle the machine rather than wait for ssh to time out.
    #
    # ping returns 0 if any packets make it through. 
    #
375
    if (! DoesPing($pc)) {
376
	info("$pc appears dead: power cycle");
377
	print STDERR "$pc appears to be dead. Power cycling ...\n" if $debug;
378 379
	# Signal to the parent that the node needs to be power cycled
	exit(2);
380 381 382 383 384 385
    }

    #
    # Machine is pingable at least. Try to reboot it gracefully,
    # or power cycle anyway if that does not work. 
    #
386
    print STDERR "Trying ssh reboot of $pc ...\n" if $debug;
387

388 389 390 391 392
    #
    # Must change our real UID to root so that ssh will work. We save the old
    # UID so that we can restore it after we finish the ssh
    #
    my $oldUID = $UID;
393
#    print STDERR "Saved UID: $oldUID\n" if $debug;
394 395
    $UID = 0;
    
396 397 398 399 400 401
    #
    # Run an ssh command in a child process, protected by an alarm to
    # ensure that the ssh is not hung up forever if the machine is in
    # some funky state.
    # 
    $syspid = fork();
402

403 404
    if ($syspid) {
	local $SIG{ALRM} = sub { kill("TERM", $syspid); };
405
	alarm 20;
406 407 408 409 410 411 412
	waitpid($syspid, 0);
	alarm 0;

	#
	# The ssh can return non-zero exit status, but still have worked.
	# FreeBSD for example.
	#
413
	print STDERR "reboot of $pc returned $?.\n" if $debug;
414 415
    
	#
416 417
	# If either ssh is not running or it timed out,
	# send it a ping of death.
418
	# 
419 420 421 422 423 424
	if ($? == 256 || $? == 15) {
	    if ($? == 256) {
		print STDERR "$pc is not running sshd.\n" if $debug;
	    } else {
		print STDERR "$pc is wedged.\n" if $debug;
	    }
425
	    info("$pc: ssh reboot failed ... sending ipod");
426 427
	    print STDERR "Trying Ping-of-Death on $pc ...\n" if $debug;

428
	    system("$ipod $pc");
429
	    $didipod = 1;
430
	} else {
431
	    info("$pc: ssh reboot ($?)");
432
	    $didipod = 0;
433 434 435
	}
    }
    else {
436
	exec("$ssh -host $pc /sbin/reboot");
437 438 439
	exit(0);
    }

440 441 442 443 444
    #
    # Restore the old UID so that scripts run from this point on get the 
    # user's real UID
    #
    $UID = $oldUID;
445
#    print STDERR "Restored UID: $UID\n" if $debug;
446

447 448 449 450 451 452
    #
    # Okay, before we power cycle lets really make sure. We wait a while
    # for it to stop responding to pings, and if it never goes silent,
    # punch the power button.
    #
    if (WaitTillDead($pc) == 0) {
453 454
	my $state = TBDB_NODESTATE_SHUTDOWN;
	TBSetNodeEventState($pc,$state);
455 456 457
	exit(0);
    }
	
458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476
    #
    # Haven't yet tried an ipod, try that and wait again.
    # This further slows down reboot but is probably worth it
    # since this should be a rare case (reboot says it worked but
    # node doesn't reboot) and is vital if the nodes have no
    # power cycle capability to fall back on.
    #
    if (! $didipod) {
	info("$pc: reboot failed ... sending ipod");
	$UID = 0;
	system("$ipod $pc");
	$UID = $oldUID;
	if (WaitTillDead($pc) == 0) {
	    my $state = TBDB_NODESTATE_SHUTDOWN;
	    TBSetNodeEventState($pc,$state);
	    exit(0);
	}
    }

477
    info("$pc: ipod failed ... power cycle");
478
    print STDERR "$pc is still running. Power cycling ...\n" if $debug;
479
    exit(2);
480 481
}

482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532
#
# Reboot a vnode in a child process, and wait for it. 
# 
sub RebootVNode($$) {
    my ($vnode, $pnode) = @_;
    my $syspid;

    print STDOUT "Rebooting $vnode on $pnode ...\n";

    #
    # Run an ssh command in a child process, protected by an alarm to
    # ensure that the ssh is not hung up forever if the machine is in
    # some funky state.
    # 
    $syspid = fork();

    if ($syspid) {
	local $SIG{ALRM} = sub { kill("TERM", $syspid); };
	alarm 20;
	waitpid($syspid, 0);
	alarm 0;
	my $exitstatus = $?;

	#
	# The ssh can return non-zero exit status, but still have worked.
	# FreeBSD for example.
	#
	print STDERR "reboot of $vnode returned $exitstatus.\n" if $debug;
    
	#
	# Look for setup failure, reported back through ssh.
	# 
	if ($exitstatus) {
	    if ($exitstatus == 256) {
		print STDERR "$pnode is not running sshd.\n" if $debug;
	    }
	    elsif ($exitstatus == 15) {
		print STDERR "$pnode is wedged.\n" if $debug;
	    }
	}
	return($exitstatus);
    }
    #
    # Must change our real UID to root so that ssh will work.
    #
    $UID = 0;
    
    exec("$ssh -host $pnode $CLIENT_BIN/vnodesetup -r -j $vnode");
    exit(0);
}

533 534 535 536
#
# Power cycle a PC using the testbed power program.
#
sub PowerCycle {
537 538 539
    my @pcs = @_;

    my $pcstring = join(" ",@pcs);
540

541
    system("$power cycle $pcstring");
542 543 544 545 546 547 548
    return $? >> 8;
}

#
# Wait until a machine stops returning ping packets.
# 
sub WaitTillDead {
549
    my ($pc) = @_;
550 551 552 553 554 555 556 557

    print STDERR "Waiting for $pc to die off\n" if $debug;
    
    #
    # Sigh, a long ping results in the script waiting until all the
    # packets are sent from all the pings, before it will exit. So,
    # loop doing a bunch of shorter pings.
    #
558 559 560
    for ($i = 0; $i < 30; $i++) {
	if (! DoesPing($pc)) {
	    print STDERR "$pc is rebooting.\n" if $debug;
561 562 563 564 565 566 567
	    return 0;
	}
    }
    print STDERR "$pc is still alive.\n" if $debug;
    return 1;
}

568 569 570 571
#
# Returns 1 if host is responding to pings, 0 otherwise
#
sub DoesPing {
572 573 574
    my ($pc) = @_;
    my $status;
    my $saveuid;
575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592

    $saveuid = $UID;
    $UID = 0;
    system("$ping -q -i 0.25 -c 8 -t 2 $pc >/dev/null 2>&1");
    $UID = $saveuid;
    $status = $? >> 8;

    #
    # Returns 0 if any packets are returned. Returns 2 if pingable
    # but no packets are returned. Other non-zero error codes indicate
    # other problems.  Any non-zero return indicates "not pingable" to us.
    # 
    print STDERR "$ping $pc returned $status\n" if $debug;
    if ($status) {
	return 0;
    }
    return 1;
}
593

594

595 596 597 598 599 600 601 602
sub info($) {
    my $message = shift;
    # Print out log entries like this:
    # Sep 20 09:36:00 $message
    open(LOG,">> $logfile");
    print LOG strftime("%b %e %H:%M:%S",localtime)." $message\n";
    close(LOG);
}
603