[ILUG] UPS signalling

Kenn Humborg kenn at linux.ie
Thu Sep 7 22:42:37 IST 2000 

On Thu, Sep 07, 2000 at 01:54:03PM +0100, Conor Daly wrote:
> On Thu, Sep 07, 2000 at 11:38:48AM +0100 or so it is rumoured hereabouts, 
> Declan Grady thought:
> > I also have a redhat box on the same ups, but no communication with the
> > ups.. How could I get it to do an orderly poweroff as well ? .. Is there
> > some way I can get the SCO box to tell it to poweroff ?
> > 
> 
> One obvious way is to have the SCO box email root at redhat.box with a
> suitable subject.  Have redhat root's .procmail fire off a shutdown script 
> on receipt of one of these messages.  
> 
> You'd need to do some accounting for the time it takes for an email to get
> delivered and acted upon though.  Maybe have some kind of "Hold on, I
> didn't mean that!" escape available also.  

A bit more securable:

Add an entry to inetd.conf that does something like:

   rem-pwrfail    stream  tcp  wait  root  /usr/local/sbin/remote-power remote-power FAIL 
   rem-pwrok      stream  tcp  wait  root  /usr/local/sbin/remote-power remote-power OK

Add entries to to /etc/services to defined port numbers for these
'services':

   rem-pwrfail  6453/tcp  # SCO box telling us we're on UPS power
   rem-pwrOK    6454/tcp  # SCO box telling us power is OK again

(The port numbers are just random numbers that my fingers generated.)

Then /usr/local/sbin/remote-power looks like:

   #!/bin/sh

   rm -f /etc/powerstatus
   echo $1 > etc/powerstatus
   kill -PWR 1  # send SIGPWR to init

Then, on the SCO box, the scripts that handle power fail and power OK use,
say, 

   telnet redhat-box 6453

to tell it that the power is down and 

   telnet redhat-box 6454

to tell it that the power is OK again.

The big advantage of this over something like a mail message is that 
you know for a fact that the remote machine has got the message and 
you can use IP firewalling or tcpwrappers to only allow connections
to these ports from the SCO box.  If you have untrusted users on the
SCO box, then either

1. Set the IP firewalling rules to only allow connections from ports
   less than 1024
2. Use netcat on the SCO box to make the connection, rather than telnet
   (I _think_ netcat allows you to specify the source port number)

or 

1. Make /usr/local/sbin/remote-power mode 700 and hard-code a random
   'password' into it that the SCO box must send for the signal to
   be sent to init.
2. Do echo "my-password" | telnet redhat-box 6453 on the SCO box

Note that the man page for init discourages the use of /etc/powerstatus
and the SIGPWR signal.  It refers to the source for details.  This is
left as an exercise for the reader :-)

Later,
Kenn

More information about the ILUG mailing list