[Nut-upsuser] Perform synchronous task before shutdown routine

Arnaldo Viegas de Lima arnaldo at viegasdelima.com
Sun Jun 13 16:29:10 BST 2021 

Hi and thanks for the reply!

The “real” scenario is a bit more complex. There is more than one file server and they must be shutdown only after the VM’s are down. And there are 2 VMWare servers...

UPS can be connected using USB cable or SNMP. All involved machines and network switches are connected the same UPS. A simplified scenario is:

1-Server “A” runs VMWare and has a USB connection to the UPS (3KVA APC)
2-Server “B” also runs VMWare
3-Servers “C”. And “D” are file servers (Linux based) providing iSCSI disks to the VMWare servers
4-All machines are connected to one switch that is also connected to the UPS
5-All VMs running on servers “A” and “B” have their disks coming from servers “C” and “D”, except from the NUT VM
6-VM running NUT runs from the local filesystem on server “A” (or “B”). This allow for the fileservers to be shutdown independently. 

The requirement is that before servers “C” and “D” can shutdown, all VM’s running on servers “A” and “B” must be properly shutdown.
I have a script that shutdown (or power down) all VMs on both VMWare servers, except for the NUT VM. Also shutdown is performed in a particular sequence to allow for dependencies, multiple machines at the same time (accounting for disk and CPU bottlenecks) and for VM’s without VMWare/Open VMTools. The script uses VMWare remote API (much like their Web based management). This part is great and works very nice. 

I also have a script, that fired from the NUT VM that commands a delayed shutdown of the host VMWare system (that should have no VM’s running except the NUT one) and shuts itself down (ahead of the host VMWare). It will also command the UPS off.
 This is the shutdown command for the master upsmon. 

Those 2 pieces work fine, if tested independently.

My problem is that after shutdown all VMs and before shutting down the NUT VM and associated VMWAre host, I must shutdown the fileservers “C” and “D”. I can do that running upsmon in slave mode. But I must ensure that it will not happen before all VMs are properly down. So there are 3 synchronous steps, after OB+LB:

1-Shutdown all VMs (except NUT’s)
2-Shutdown fileservers
3-Command VMWare and UPS delayed off and shutdown NUT VM.

Since 3 is a script, I can have it wait for 2 to complete (time or use a network based test). My main problem is to delay “2” until the end of “1”. 

Thanks again

Arnaldo.

> On Jun 13, 2021, at 10:38 AM, Jim Klimov <jimklimov at gmail.com> wrote:
> 
> Hello,
> 
> Just to clarify: you have one VM acting as a NUT server and talking to the UPS somehow (networked? pass-through usb/serial media?), another machine (physical? VM?) acting as the file server for all VMs - is that including the VM with NUT? And there's also a VMWare server itself? Are VMs also NUT clients?
> 
> If the file server is physical, is it connected to VMWare directly or using another powered device like a switch (and is that UPS-protected then?) Similarly for possible networked connection to the UPS.
> 
> Is there a particular reason to not have your file server the NUT server as well (more so if it is a separate physical machine)?
> 
> When NUT ecosystem shuts down due to a critical power situation (roughly: too few power sources remain alive/online, and others are on battery and low battery), there is a relatively short timeframe that upsmon or similar (upssched, etc.) clients of secondary ("slave") systems are shutting down first, and when they are all gone or a configured time limit elapses, the client on primary ("master") system begins its shutdown. If the setup involves an UPS smart enough, it is also told to power off and wait for "wall power" to appear and then go up (maybe when charged to a sufficiently safe level first).
> 
> So in the setup you propose,
> 1) power goes critical
> 2) your VMs (except the NUT server VM) begin to shut down - either as NUT clients, or via vim-cmd, esxcli or similar scripting... and probably requiring open-vm-tools or similar to process the shutdown request gracefully - not sure there is a "virtual ACPI power button" in VMWare.
> 3) all VMs are down, and a time-sensitive end-game occurs:
> * NUT server VM tells itself to shut down (and tells the UPS to power off, hopefully with a sufficiently large timeout if it has a way to set that),
> * File server is told to go down (and yank the disk from NUT server VM?)
> * VMWare server is told to go down (and yank CPU/RAM/... from NUT server VM)
> 
> At least with SSH allowed on VMWare server and some vim-cmd scripting, or possibly with vmware power shell (never used that myself), you should be able to find which VMs rely on the data store or "volume" served by the file server, and which of those VMs are running. If you script that into the shutdown routine of the file server, and if the shutdown timeframe is not dictated by its OS (e.g. disable or make very long the timeouts in systemd), you can block the file server shutdown from proceeding until no VMs are running served from its disks. Assuming that the networked connection survives long enough, it can detect that your NUT VM went down and so proceed with its own shutdown which began when power went critical for every secondary client.
> 
> Maybe similar scripting is feasible in the NUT client that runs on VMWare server itself to drive its shutdown after all VMs went down. Otherwise, the file server going down, if it has a session to check VM states anyway, could tell the VMWare server to initiate its shutdown.
> 
> But it all looks like a lot of ropes hanging around and waiting for stuff to go wrong - and during an outage, I/O stress to flush the disks, delays of orderly service stacks shutdowns (DB users first, databases next, ...) and so on, things are very likely to do go wrong :)
> 
> It feels that the physical machine, likely your fileserver, is better positioned to be the NUT server and so shut down last, after all its clients have gone down or the timeout expired or the battery die<snip>.... At least, in such setup it only relies on connectivity between upsd and upsmon's, and the amount of clients still alive (last heartbeat recently, connection not terminated via protocol), and possible loss of connectivity during a known power outage is something NUT already has logic for.
> 
> Jim
> 
> 
> 
> 
> On Sat, Jun 12, 2021 at 11:15 PM Arnaldo Viegas de Lima <arnaldo at viegasdelima.com <mailto:arnaldo at viegasdelima.com>> wrote:
> HI, 
> 
> I’m setting NUT to run on a VMWare server (running in a VM) to shutdown the server as well as the companion file server (running Linux), that will be running upsmon in slave mode. All VMs disks come from the file server, so all VMs must properly terminate ahead of the file server.
> 
> The order of the tasks needed for the proper shutdown is:
> 
> 1-Shutdown all running VMs (except the one controlling the UPS) and confirm they are down
> 2-When all VMs are terminated, signal slaves (FSD)
> 3-When the file server is down, properly terminate VMWare.
> 
> Any ideas on how to sync these events?
> 
> Thanks in advance,
> 
> Arnaldo.
> _______________________________________________
> Nut-upsuser mailing list
> Nut-upsuser at alioth-lists.debian.net <mailto:Nut-upsuser at alioth-lists.debian.net>
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20210613/2a89967f/attachment-0001.htm>

More information about the Nut-upsuser mailing list