current-users: Re: rc vs init.d shutdown stuff

Subject: Re: rc vs init.d shutdown stuff
To: John Nemeth <jnemeth@cue.bc.ca>
From: Luke Mewburn <lukem@supp.cpr.itg.telecom.com.au>
List: current-users
Date: 04/10/1996 11:15:04
John Nemeth writes:
> On Apr 4, 12:21pm, Havard.Eidnes@runit.sintef.no wrote:
> } I mean: if we are going to change to an init.d-style startup
> } process, we might as well add the common extra feature of having
> } shutdown scripts run for each "package" which was started.
> 
>      It's not a feature, it's a bug.
> 
>      I would much rather not see shutdown scripts.  If a process needs
> to do anything special, it should trap SIGTERM.  I much prefer the
> standard BSD shutdown method of sending SIGTERM followed shortly by
> SIGKILL, since I've seen too many problems caused by shutdown scripts.
> I.e.  init calls script, which calls some program, which then promptly
> hangs for any number of reasons (i.e. system was in an unexpected
> state, NFS server unavailable, coding bugs, etc.), thus hanging the
> system in a way that only a power cycle will fix and preventing proper
> system shutdown.

You're forgetting a *very* useful reason for shutdown scripts: production
databases. Shutting down 20 ORACLE databases cleanly at reboot time is
a Very Good Thing.  Expecting ORACLE to shutdown all databases in the
10-15 seconds between SIGTERM and SIGKILL/reboot time is not feasible.

Our machines are ULTRIX (BSD4.2+bits), and having to do:
	- shutdown batch queues
	- shutdown the application information servers (which need
	  to be kept in sync with the oracle databases)
	- shutdown oracle
	- shutdown -r now
is a pain in the arse. We're going to implement Simon Gerraty's rc.sh
scripts in the near future because these steps *do* take time, and
people sometimes do forget to do one of the above steps when shutting
down for occasional maintenance.

>                   In my opinion, it is absolutely unacceptable for a
> user process to stop a clean shutdown.

You can support timeouts for shutdown scripts. You can just do 'sync;
reboot' if you're in that much of a hurry. You can do lots of things.
But, many production environments need clean ways to reboot that
doesn't just envolve ensuring that the filesystems are synced
before rebooting...

PS: we have about 400GB (yes, 400,0000 MB) of GIS data across 11
clusters of servers/clients spread around Australia. Having to restore
even 5-10GB of data because of unclean shutdowns is extremely wasteful
of resources (my time, the user's time, the customer's time, money,
etc)

--
Luke Mewburn                            UNIX Technical Support
<luke.mewburn@itg.telstra.com.au>     CPR Project, ITG, Telstra.
Phone: +61 3 9634 2112