[Nut-upsuser] ordered shutdown

Arjen de Korte nut+users at de-korte.org
Fri Feb 6 14:42:24 UTC 2009 

Citeren Lars Täuber <taeuber op bbaw.de>:

[...]

>> The values of X and Y depend on how long the clients need for
>> finishing their business with the SQL servers (X) and how long the SQL
>> servers needs for doing their thing on the NFS servers (Y).
>
> This seems dangerous to me. Just think of the following situation:
>
> The ups has a normally 60 minutes of time left before shutdown after  
> power loss.
> In this case I would use 40 mins for X and 5 mins for Y.

The above values would be an extremely bad idea and this is also not  
how NUT works. See the FAQ.

> Lets assume a power outage of 38 min has happend before it power  
> gets back. The servers still run and the shutdown sequences get  
> canceled. The batteries now can bridge only 22 mins on a second  
> outage. This would lead to an unexpected shutoff for those servers.
> The battery charge status has to get into account additionally to  
> manage such situations.

What you describe is not how NUT works. Until the UPS signals that the  
battery is low, it is business as usual (see the FAQ for the reasons  
behind this). Once the UPS signals battery low, all timers are started  
at the same time and there is no way to stop the following sequence of  
events. The systems *will* go down. If the power returns during the  
shutdown sequence, the shutdown sequence will be completed and NUT  
will power-cycle the UPS to make sure the connected systems are  
restarted.

This means the value of X should only allow for enough time for your  
clients to disconnect (say about 5 minutes) and Y should only allow  
for enough time for your SQL servers to write their data to the NFS  
(maybe another 5 minutes). Typically, you should then allow for about  
10 minutes runtime remaining before signaling low battery and starting  
the shutdown. The reason is that once the clients start shutting down,  
your runtime remaining will rapidly increase due to the lower load. If  
you feel uncomfortable with that, give it 15 minutes.

There is one important thing here and that is that you need to be able  
to configure when the UPS signals low battery (and preferably also be  
able to prevent it from restarting below a certain threshold). This  
should allow for enough runtime remaining for an orderly shutdown of  
all systems. If you can also guarantee that the UPS will not power up  
again if the battery has not been recharged to that level, there is  
absolutely no risk and you will even ride through successive power  
failures without being harmed.

Most (if not all) bigger UPSes will allow you to set what NUT calls  
'battery.charge.low' and 'battery.charge.restart'. Some will even  
allow you to set 'battery.runtime.low' directly, which may make your  
life even easier since you no longer have to worry if the load on your  
UPS increases over time (it will automatically start the shutdown  
sequence sooner).

Best regards, Arjen
-- 
Please keep list traffic on the list

More information about the Nut-upsuser mailing list