FEATURE REQUEST --- Simplify Array Power Down and Reboot of server

There is something that I bugged me for a long time.  It is a matter of usability and a source of frustration to the new adapters (including persons who are testing out unRAID).

 

On the 'Array Operation', it is not obvious how to powerdown the server or reboot it.  One must stop the array FIRST. Then, the 'Reboot' and 'Power down' options appear.  These 'hidden options' have been  a source of several posts over the past couple of years from new users and a source of frustration/turnoff to potential adapters of unRAID.

 

My proposal is a simple one.  Make the Reboot and Power Down options a permanent choice on the Array Operation's page.  Modify the scripts for those two functions to 'call' the Stop Array function is the array is not already stopped.  Of course, I would still want those confirmation check boxes there.  (I, personally, like things that protect me from doing something stupid!)

 

 

 

  From bonienl

 

Can you make this a feature request ?

 

I like the idea but don't think it is doable for v6.0, however as a feature request it can be taken in a next version.

I strongly second this.  I haven't bothered searching, but I'm positive I requested this quite a while ago.  I think many users would like this, especially those new to the system.

 

I would also like another button, but probably few others would be interested.  I would like an "Emergency Shutdown" button, that stops the array and powers down the system, but without calling Sync, without spinning a single drive up.  I want it, when clicked (with optional confirmation), to broadcast closes, stops, and kills everywhere, then wait 3 seconds, and power off.  (Yes, I know there will be an unclean shutdown with parity check starting, but I don't care.  I'll simply boot when it's safe, then cancel the parity check, with no risk or damage.)

 

Why?  Because I live in central Florida, generally known as the lightning capital of America.  We get 90 to 100 days a year where lightning can be seen or heard.  If I get a sudden bolt quite close, I don't want to have to wait for spin up and long shutdown, when I need to turn off computers and UPS's  upstairs and downstairs.  Currently, I have to wait for the Stop to complete (spinning up all the drives), can take almost 10 seconds, before I can click the Power down button and run down stairs to other machines.  I *need* one button shutdown.

 

Why don't I want drives to spin up?  Besides the problem of the long delay, there's an even more important reason.  The safest time for my data is when the drive is not spinning and the heads are parked to the sides.  The last thing I want to do when the next lightning strike is possibly seconds away, is spin the drive up and move the heads over the data, then write some silly and unnecessary housekeeping data to the drive, creating a very vulnerable moment.  That's a risky moment, there's no risk in a canceled parity check, if they are regularly scheduled any way.

 

The only possible risk is that in the past, unbelievably, drive write caching had not been flushed, even though the drive had spun down after an hour of no activity.  I can't believe that would still be true of current Linux kernel releases.

I think just pushing and holding the 'Power Off' button will basically do this but, of course, you have to have physical access to the box...

 

If I remember correctly, a quick push will trigger the normal powerdown script.

I would also like another button, but probably few others would be interested.  I would like an "Emergency Shutdown" button, that stops the array and powers down the system, but without calling Sync, without spinning a single drive up.  I want it, when clicked (with optional confirmation), to broadcast closes, stops, and kills everywhere, then wait 3 seconds, and power off.  (Yes, I know there will be an unclean shutdown with parity check starting, but I don't care.  I'll simply boot when it's safe, then cancel the parity check, with no risk or damage.)

 

I don't know that it's possible to initiate a shutdown without calling sync. The very last thing done by the kernel is a sync.

If you did use the power button for an emergency shutdown, you really couldn't cancel the parity check with no risk or damage.

Chances are you might be OK, but there's no golden rule saying you will.

 

Why?  Because I live in central Florida, generally known as the lightning capital of America.  We get 90 to 100 days a year where lightning can be seen or heard.  If I get a sudden bolt quite close, I don't want to have to wait for spin up and long shutdown, when I need to turn off computers and UPS's  upstairs and downstairs.  Currently, I have to wait for the Stop to complete (spinning up all the drives), can take almost 10 seconds, before I can click the Power down button and run down stairs to other machines.  I *need* one button shutdown.

 

Do you have a UPS, that would be the way to go with all of this.

 

Why don't I want drives to spin up?  Besides the problem of the long delay, there's an even more important reason.  The safest time for my data is when the drive is not spinning and the heads are parked to the sides.  The last thing I want to do when the next lightning strike is possibly seconds away, is spin the drive up and move the heads over the data, then write some silly and unnecessary housekeeping data to the drive, creating a very vulnerable moment.  That's a risky moment, there's no risk in a canceled parity check, if they are regularly scheduled any way.

 

The only possible risk is that in the past, unbelievably, drive write caching had not been flushed, even though the drive had spun down after an hour of no activity.  I can't believe that would still be true of current Linux kernel releases.

 

mix a power glitch with retained data in the cache and you have a recipe to create a pending sector. I've seen it happen.

 

What might serve better is a different enhancement (via a different thread) to 'unmount' the drive as it is spun down, on access via user share, mount the drive.

 

I use something called autofs with automount.

It's cool in that once the folder is accessed, the filesystem is mounted. On inactivty the filesystem is unmounted.

I use this for archive filesystems to help avoid an FSCK on bootup with abnormal shutdown and also allow the drive to spin down.

 

It may break things like cache_dirs and/or the user share.

Things may need to be cached in the usershare, such as was there a disk there before unmounting, and if so, remount it.

 

However, this is really something for another thread.

I would hope I'm right in saying that if all disks are sleeping that there is no additional data to write?

 

Seems pretty damn stupid to me to let a disk spin down if data is still in memory waiting for it to be written!

 

Therefore logic would dictate that if all disks are sleeping a emergency shutdown should just kill the system ASAP but cleanly, without spining the disks up. The requirement of a parity sync should also be not required.

I would hope I'm right in saying that if all disks are sleeping that there is no additional data to write?

 

Seems pretty damn stupid to me to let a disk spin down if data is still in memory waiting for it to be written!

 

The actual data would have been flushed.

However there is meta data in the superblock that is updated at each write and/or mount/unmount.

 

That's why the drive spins up before being unmounted even after a long period of inactivity.

Considering that unraid is designed for servers that run 24/7 and that powering off an array is not a regular thing to do, i'd suggest buffing up the documentation and adding instructions to the shutdown button instead.

 

I think it's good that array-start and stop are conscious and deliberate action for the administrator.

I would hope I'm right in saying that if all disks are sleeping that there is no additional data to write?

 

Seems pretty damn stupid to me to let a disk spin down if data is still in memory waiting for it to be written!

 

The actual data would have been flushed.

However there is meta data in the superblock that is updated at each write and/or mount/unmount.

 

That's why the drive spins up before being unmounted even after a long period of inactivity.

 

Why does the superblock need to update on unmount? Seems bazaar in my mind that you can sleep a disk when updates are still required.

A simplified ShutDown button would be nice ... it's not obvious to all that the first step is to click on "SpinUp" and THEN you can shut down the array.

 

What I'd like even more is a little Windows utility that you could put a shortcut to on your desktop so a simple double-click on that shortcut would shutdown the server ... with no need to bother with the Web GUI.    It could perhaps actually invoke a little utility on the UnRAID server by using a dedicated port (much like UnMenu) ... so the shortcut might just be something like http://tower:8123/

 

I don't agree with the "Emergency Shutdown" button that skips the steps necessary for a clean shutdown.  As long as you have a good UPS, you're well protected from lightning => worst case is generally that the UPS itself would be fried ... in which case the PC would simply lose power instantly and you'd have an unclean shutdown (no worse than the "Emergency" button would have done.    I've recommended a UPS for every system for a LONG time (couple decades) ... in fact I built my own units in the 80's (before they were readily available at reasonable prices for the home).    A friend who listened to my advice and had a pair of UPS units for his and his wife's PC had a direct strike on their home about 8 years ago => it took out their A/C unit; put a hole in the roof where the lightning hit;  wiped out several appliances; and destroyed both of the UPS units.    Both computers were fine 

... i.e. a UPS does a SUPERB job of surge protection.

There has been a history of misbehaved apps or some other factor preventing a disk from being unmounted, so the array cannot be stopped. What should happen in this case for the "single button in the webGUI" approach, or for the "desktop shortcut with no webGUI" approach.

Can someone explain to me the merit of this request...?

I can discern two camps...

 

1. Need quick shutdown due to thunderstorm. -> The answer is not to shutdown quickly and carelessly, but to properly install a surge protector and/or a UPS.

 

2. New users don't understand that to shutdown the array needs to stop first -> This is a system to maintain data redundancy, users need to familiarize themselves on how to operate it properly to avoid data loss.

There has been a history of misbehaved apps or some other factor preventing a disk from being unmounted, so the array cannot be stopped. What should happen in this case for the "single button in the webGUI" approach, or for the "desktop shortcut with no webGUI" approach.

 

The "powerdown" add-on forces these kind of apps to be terminated -- this is what I'd like to see with either of these approaches so they will reliably shut down the array.    Essentially the same thing as when a UPS power failure causes the shutdown (in my experience this ALWAYS works).

 

 

There has been a history of misbehaved apps or some other factor preventing a disk from being unmounted, so the array cannot be stopped.

 

 

What should happen in this case for the "single button in the webGUI" approach, or for the "desktop shortcut with no webGUI" approach.

 

 

 

There was a reason I put the last ditch kill in the powerdown scripts.

It's saved my ass a few times.

 

 

What should probably happen is after some configurable number of seconds, emhttp or the power down script would start doing the kills anyway.

Ahh -- a nice icon for the Windows utility that will shutdown the server 

 

... okay, got the icon => now I just need the utility  8)

I would hope I'm right in saying that if all disks are sleeping that there is no additional data to write?

 

Seems pretty damn stupid to me to let a disk spin down if data is still in memory waiting for it to be written!

 

The actual data would have been flushed.

However there is meta data in the superblock that is updated at each write and/or mount/unmount.

 

That's why the drive spins up before being unmounted even after a long period of inactivity.

 

Why does the superblock need to update on unmount? Seems bazaar in my mind that you can sleep a disk when updates are still required.

 

This is really dependent on the internals to a filesystem.

It's not always memory waiting to be written, sometimes it's filesystem structures that are updated on unmount.

sync forces filesystem structures to be updated.

 

I've briefly reviewed the ReiserFS and XFS superblock structure and cannot find any time or mount count values.

However, I did not give it too much time.  Just a quick cursory review.  This is probably why they are so resilient.

 

I know this was a known situation with EXT2. I cannot remember about EXT3.

 

While we do not use EXT2/3 in unRAID for data drives, the future is untold as to what will be required for any other filesystems that unRAID supports.

 

For example, I don't know what the ramifications are of a power loss on an idle mounted BTRFS volume.

Especially one that has multiple devices attached.

Ahh -- a nice icon for the Windows utility that will shutdown the server 

 

... okay, got the icon => now I just need the utility  8)

 

maybe someone can doctor it up with an unRAID lime logo!

 

The inetd utility would be easy, I did it years ago.

There is also the potential to use cURL on Windows to call the webGui directly.

 

If there is a simple windows scripting language call that can write a messages to a socket, that can be used with an inetd function.

command line ssh...

There's quite a number of ways to skin this cat.

 

If we updated the powerdown package with an inetd interface, then the only part that's needed is the windows outbound call.

There has been a history of misbehaved apps or some other factor preventing a disk from being unmounted, so the array cannot be stopped.

 

 

What should happen in this case for the "single button in the webGUI" approach, or for the "desktop shortcut with no webGUI" approach.

There was a reason I put the last ditch kill in the powerdown scripts.

It's saved my ass a few times.

 

What should probably happen is after some configurable number of seconds, emhttp or the power down script would start doing the kills anyway.

I have been using dlandon's plugin version of your script for a long time. Seems like this behavior should really be built-in instead of being an addon. I haven't tested without the plugin in recent versions, so maybe it's been fixed, but I've not heard anyone say the plugin is deprecated.

Can someone explain to me the merit of this request...?

I can discern two camps...

 

1. Need quick shutdown due to thunderstorm. -> The answer is not to shutdown quickly and carelessly, but to properly install a surge protector and/or a UPS.

 

2. New users don't understand that to shutdown the array needs to stop first -> This is a system to maintain data redundancy, users need to familiarize themselves on how to operate it properly to avoid data loss.

 

Camp number 1 is correct as far as I can tell, and I agree with you, installing a proper surge protector / UPS with surge protection capabilities (basically all UPSs) solves this.

 

Camp Number 2 I believe is just a call to streamline the process and have a Shutdown button always show up, that invokes a array stop followed by a shutdown.

No reason that I can think of that you have to make this a two click (4 clicks with Confirm checkboxes) process for users.

 

That said this would be an entirely cosmetic difference...

 

What about a shutdown button with a checkbox Yes I really want to do this.

Perhaps another box for: Kill lingering processes after some configurable number seconds.

 

This should deal with the stopping of array (stopping plugins, unmount) and final shutdown.

 

This could provide a one call interface to the whole shutdown process.

Since there are now a number of statements that a UPS is all you need to handle lightning, I'd better speak up!  As much as I respect your opinions and knowledge, I have to respectfully but strongly disagree, a UPS is NOT enough to protect you, nothing is, although they do really help, with strikes that are farther away.  How do you completely protect yourself and your equipment from lightning?  YOU CANNOT!  Not completely.  You can only greatly decrease the odds that you or your equipment are the most attractive path.  It's the old zombie joke, "How do you outrun a zombie?  You don't, you just outrun someone else who's slower!"  Same principle with lightning protection, you do your best to both make sure there are more attractive paths for a strike, and that any path through you and your equipment is as unlikely as possible.

 

I appreciated Gary's lightning story, because we have so many of them here in Florida.  And I'm happy for Gary's friend.  But the problem with the story is that you can find other stories, very similar, where the computers were fried and the UPS's still worked!  Lightning damage is very unpredictable, as unpredictable as the lightning path.  My memory is slowly going, so I'm unsure of the count, but I believe I have been damaged between 3 and 5 times, losing computer equipment and appliances at different times.  I currently rent a ZapCap from my power company, designed to protect the whole house from close high energy spikes, but when I was hit last year, the energy spike came in somehow through something that was network attached, frying both switches (5 port and 8 port), frying 3 or 4 network cards and onboard NIC chipsets, slightly damaging part of a motherboard, slightly damaging the router, frying a cordless phone system and a power cube to an HDHomeRun network tuner.  There are more paths to your equipment than just the power cable.

 

Ham radios are popular around here, but their operators spend quite a bit extra on lightning protection, because a system is only as good as its antenna and its height.  But when the thunder gets close, they unplug and get away from there.

 

Unplugging is what I try to do, but even that is not complete protection.  Simplistically, if the lightning can jump from cloud to ground, it has no problem jumping a few more inches or feet to unplugged equipment.  But unplugging it does make it a far less attractive path, so you try to unplug anyway.

 

I'm in no way saying there's anything wrong with a UPS, as they do absorb, clamp, or divert a lot of spike energy.  I must have 6 to 8 small UPS's around here, but at the last power outage, only one kept some (not every) thing up.  Probably past lightning damage, I don't know, a bit discouraging.  I remain interested in an Emergency Shutdown button, but recognize I'm a very small minority.  The Ctl-Alt-Del key combo works fairly well for me, except it takes a long time spinning everything up.

There has been a history of misbehaved apps or some other factor preventing a disk from being unmounted, so the array cannot be stopped. What should happen in this case for the "single button in the webGUI" approach, or for the "desktop shortcut with no webGUI" approach.

 

The "powerdown" add-on forces these kind of apps to be terminated -- this is what I'd like to see with either of these approaches so they will reliably shut down the array.    Essentially the same thing as when a UPS power failure causes the shutdown (in my experience this ALWAYS works).

 

Speaking as an intermediate to noobish skill user (enough knowledge to get myself into real trouble lol), I would vote for updating this in v6 release.

 

The methods employed by the Powerdown plug-in should be incorporated into default unRaid. Speaking from experience where normal shutdowns were hanging (some process not releasing as it should) which required a manual power off to get it done and which resulted in a dirty shut down and the requisite parity check on restart.

 

Its clean (no dirty shutdown). Its fast (no waiting for god-knows-what to let go). Its effective (reboot/shut down completed with minimum fuss).

Since there are now a number of statements that a UPS is all you need to handle lightning, I'd better speak up!...<SNIP>...

The Ctl-Alt-Del key combo works fairly well for me, except it takes a long time spinning everything up.

 

Maybe you need to consider something else with the unRAID server, such as a decent enough ups where you can pull the plug and disconnect the network, letting the isolated machine shutdown gracefully.

 

Then there is always the hold the power button for a few seconds letting it crash that way.

 

If there is so much concern about paths of access, then the only real protection is total isolation by disconnection anyway.

As to the Windows desktop icon, we set that up a long time ago, and it worked OK.  I'd forgotten about it, finally found the very old thread -

  Shutdown unRAID from shortcut

 

A user adelias found a telnet scripting tool, and set up a script.  I reorganized it, and made it work with the "new" powerdown script by WeeboTech (an ancestor of the current one).  Then another user kricker found a vb scripting tool, and created a script that worked too.  I haven't tried but I think the tools could be adapted to current requirements.  You just need a tool that opens a telnet or other console session, logs in, and starts the powerdown command.  And I suspect the full PuTTY package may have a scripting variant.

Since there are now a number of statements that a UPS is all you need to handle lightning, I'd better speak up!  As much as I respect your opinions and knowledge, I have to respectfully but strongly disagree, a UPS is NOT enough to protect you, nothing is, although they do really help, with strikes that are farther away.

This is definitely true. ANY ungrounded wire in the path of the collapsing magnetic field around a lightning strike will have a charge put on it. Simple physics, it's what makes motors and transformers work. Telephone and cable wire is especially vulnerable to close strikes, and will put a high voltage pulse into anything that's in the way.

 

20+ years ago I experienced a strike close to the shop I was working in. There was a serial cable linking 2 computers in different offices, probably 30 feet of wire. Both computers were completely unplugged and not in use at the time, but the surge visibly burned the serial cards in both machines.

 

You don't have to experience a direct strike to have damage done, and the EMF field from a strike hundreds of yards away can fry unplugged electronics if the circumstances are right.

Since there are now a number of statements that a UPS is all you need to handle lightning, I'd better speak up!  As much as I respect your opinions and knowledge, I have to respectfully but strongly disagree, a UPS is NOT enough to protect you, nothing is, although they do really help, with strikes that are farther away.

This is definitely true. ANY ungrounded wire in the path of the collapsing magnetic field around a lightning strike will have a charge put on it. Simple physics, it's what makes motors and transformers work. Telephone and cable wire is especially vulnerable to close strikes, and will put a high voltage pulse into anything that's in the way.

 

20+ years ago I experienced a strike close to the shop I was working in. There was a serial cable linking 2 computers in different offices, probably 30 feet of wire. Both computers were completely unplugged and not in use at the time, but the surge visibly burned the serial cards in both machines.

 

You don't have to experience a direct strike to have damage done, and the EMF field from a strike hundreds of yards away can fry unplugged electronics if the circumstances are right.

 

Certainly true => but a couple caveats:

 

=> First, the only wires going to an UnRAID server are the power and networking cable.  Any good UPS has protection for the network cable ... and this should definitely be used -- otherwise that can easily be the path the destroys the server in a high-energy burst situation like a lightning strike.

 

=>  One reason I don't favor an "Emergency Shutdown" button (i.e. skipping the orderly shutdown process) is that it simply doesn't matter ... the system can be damaged just as much in the "Off" state as when it's running if a pulse of high enough energy that it completely skips your protection circuitry makes it to the server.

 

My point is simply that a GOOD UPS unit provides the best possible surge protection you can have ... and while NOTHING is completely foolproof, I've seen several examples of direct lightning strikes that did both physical (holes in the roof) and major electrical damage to homes that did NOT harm the UPS-connected PC's [in one case these were Belkin UPS units;  the other 2 I've seen were both APC units => in every case they were fairly high-end UPS units ... not the low-end units without AVR].    Also, in every case where this happened, the UPS vendor provided free replacement units (this is common) ... and had there been any damage to the connected equipment, they would have paid for it.  [Note that if you have ANY unprotected connection to the system -- e.g. a network cable you haven't routed through the UPS -- the guarantee that pays for damages is invalidated]