Switch it off - Unix

This is a discussion on Switch it off - Unix ; I have a server which doesn't need to stay up 24/7 and I'm not physically in that place. Now there will be a few users who can switch it off (correctly of course), how could I manage it? The server ...

+ Reply to Thread
Results 1 to 20 of 20

Thread: Switch it off

  1. Switch it off

    I have a server which doesn't need to stay up 24/7 and I'm not
    physically in that place.
    Now there will be a few users who can switch it off (correctly of
    course), how could I manage it?

    The server will run ubuntu server LTS with a vmware windows which runs
    a stupid old (but necessary) program, and the clients are windows xp.

    I think I have at least 3 possiblities:
    - a script with putty (other) wich autenticates and turns off the
    machine.
    - a small virtual machine (linux) with a very stupid UI (one button)
    which connect via vnc to the Xorg server and turns it off
    - a web based program which turns the server off.

    Maybe I will add more services to these power users (status of clients
    for example), so which solution could be the best and most scalable?

    Thanks for any suggestions


  2. Re: Switch it off

    andrea wrote:

    > I have a server which doesn't need to stay up 24/7 and I'm not
    > physically in that place.
    > Now there will be a few users who can switch it off (correctly of
    > course), how could I manage it?
    > ...
    > Maybe I will add more services to these power users (status of clients
    > for example), so which solution could be the best and most scalable?


    My suggestion:

    command-line: it works even if they (or you) have to access this
    function remotely, or on a crippled (no X) system.

    Create a group "pwrusrs" (or use a better name if you have one in mind),
    with the userids of the users you want to give access to this command to
    in it (include your own userid as well).

    chgrp pwrusrs /sbin/shutdown
    chmod 4550 /sbin/shutdown

    Setup the users' accounts so they either have /sbin in their command
    search path, or give them a command alias for shutdown (in fact, if you
    use an alias, they don't even need to remember to type any arguments to
    the shutdown command).

    I hope that helps ...

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  3. Re: Switch it off

    On 16 Ott, 18:40, Sylvain Robitaille wrote:
    > andrea wrote:
    > > I have a server which doesn't need to stay up 24/7 and I'm not
    > > physically in that place.
    > > Now there will be a few users who can switch it off (correctly of
    > > course), how could I manage it?
    > > ...
    > > Maybe I will add more services to these power users (status of clients
    > > for example), so which solution could be the best and most scalable?

    >
    > My suggestion:
    >
    > command-line: it works even if they (or you) have to access this
    > function remotely, or on a crippled (no X) system.
    >
    > Create a group "pwrusrs" (or use a better name if you have one in mind),
    > with the userids of the users you want to give access to this command to
    > in it (include your own userid as well).
    >
    > chgrp pwrusrs /sbin/shutdown
    > chmod 4550 /sbin/shutdown
    >
    > Setup the users' accounts so they either have /sbin in their command
    > search path, or give them a command alias for shutdown (in fact, if you
    > use an alias, they don't even need to remember to type any arguments to
    > the shutdown command).
    >
    > I hope that helps ...
    >
    > --
    > ----------------------------------------------------------------------
    > Sylvain Robitaille s...@alcor.concordia.ca
    >
    > Systems and Network analyst Concordia University
    > Instructional & Information Technology Montreal, Quebec, Canada
    > ----------------------------------------------------------------------


    Ok thanks,
    I need Xorg server anyway cause is needed by vmware server.
    But I think it could be much cleaner usign sudo and sudoers file
    instead of changing permissions and owners of shutdown (what if I
    upgrade it?).

    I will also have an openvpn network to log myself from the external
    network, or there are others better vpn solutions for e virtual
    private network??

    (using linux macosx and windows)


  4. Re: Switch it off

    In article <1192540639.874254.187390@e34g2000pro.googlegroups. com>,
    andrea wrote:
    >I have a server which doesn't need to stay up 24/7 and I'm not
    >physically in that place.
    >Now there will be a few users who can switch it off (correctly of
    >course), how could I manage it?
    >
    >The server will run ubuntu server LTS with a vmware windows which runs
    >a stupid old (but necessary) program, and the clients are windows xp.
    >
    >I think I have at least 3 possiblities:
    >- a script with putty (other) wich autenticates and turns off the
    >machine.
    >- a small virtual machine (linux) with a very stupid UI (one button)
    >which connect via vnc to the Xorg server and turns it off
    >- a web based program which turns the server off.
    >
    >Maybe I will add more services to these power users (status of clients
    >for example), so which solution could be the best and most scalable?
    >
    >Thanks for any suggestions


    I used to do this for a site with clue-less users.

    I made a user called 'shutdown'.

    When logged in, a script would run that would call the shutdown
    scripts to close the systeem gracefully. Then when the 'safe to
    power off' message came up they would use the switch on the machine

    If a user can't handle that they shouldn't be near the machine.
    But you could post an instruction on just what to do by
    the shutdown login.

    Bill


    --
    Bill Vermillion - bv @ wjv . com

  5. Re: Switch it off

    Another problem... I need to shut down first the windows virtual
    machine and THEN the linux physical machine.

    Any good way to shut down remotely a win machine??
    Cause I don't think sending SIGTERM to vmware will shut down nicely
    the virtual machine.

    And I'm even planning to use ldap everywhere I can (haven't set up
    anything yet), maybe I can use ldap even in this situation.

    Last thing I also want a way to physically turn it off, I think that
    just setting
    crtlaltdel in /etc/inittab (in ubuntu server) to shutdown -h now.
    But can I change that keys combination?


  6. Re: Switch it off

    andrea wrote:

    > I need Xorg server anyway cause is needed by vmware server.


    And if Xorg dies?

    > But I think it could be much cleaner usign sudo and sudoers file
    > instead of changing permissions and owners of shutdown ...


    That's certainly another possibility. I find that I prefer to not to
    use sudo (with its added complexity), but that's certainly a personal
    choice.

    > (what if I upgrade it?).


    Then you copy and paste commands from the documentation you'll have
    created in the other thread you started, of course! ;-) All your
    system modifications will then be migrated to the upgraded system.

    > I will also have an openvpn network to log myself from the external
    > network, or there are others better vpn solutions for e virtual
    > private network??


    Ssh? It's what I use, rather than any form of "vpn", but it effectively
    provides me with the same benefits.

    Simpler is better ...

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  7. Re: Switch it off

    On 18 Ott, 06:00, Sylvain Robitaille wrote:
    > andrea wrote:
    > > I need Xorg server anyway cause is needed by vmware server.

    >
    > And if Xorg dies?
    >
    > > But I think it could be much cleaner usign sudo and sudoers file
    > > instead of changing permissions and owners of shutdown ...

    >
    > That's certainly another possibility. I find that I prefer to not to
    > use sudo (with its added complexity), but that's certainly a personal
    > choice.
    >
    > > (what if I upgrade it?).

    >
    > Then you copy and paste commands from the documentation you'll have
    > created in the other thread you started, of course! ;-) All your
    > system modifications will then be migrated to the upgraded system.
    >
    > > I will also have an openvpn network to log myself from the external
    > > network, or there are others better vpn solutions for e virtual
    > > private network??

    >
    > Ssh? It's what I use, rather than any form of "vpn", but it effectively
    > provides me with the same benefits.
    >
    > Simpler is better ...
    >
    > --


    Yes and no, with a vpn you can secure all your services you need but
    vpn, which is very secure.
    So once you connect to the vpn you're actually safe and you can do
    anything, in my opinion is much simpler and scalable then using ssh
    tunnels.


  8. Re: Switch it off

    andrea wrote:

    >> Ssh? It's what I use, rather than any form of "vpn", ...

    >
    > Yes and no, with a vpn you can secure all your services you need but
    > vpn, which is very secure.


    What services does using Ssh (instead of a Vpn) prevent you from
    securing?

    > So once you connect to the vpn you're actually safe and you can do
    > anything, in my opinion is much simpler and scalable then using ssh
    > tunnels.


    Well, the way I see it, once you connect to a system with Ssh, you're
    "safe and you can do anything". I've been managing dozens of systems
    this way for about 10 years, and I honestly haven't felt that things
    could be any simpler or more scalable. When you connect via a VPN, you
    still need to connect to the target system to get your work done, right?

    The VPN provides encryption between your workstation and the network on
    which your target system resides, and encapsulates your traffic such
    that it appears to the target system as coming from a system on its
    local network.

    Ssh, on the other hand, provides end-to-end encryption between your
    workstation and the remote target system, and permits you to access
    services on the remote system via its own "localhost" address (not
    necessary for the services to be listening for any access from the
    physical network).

    The VPN has its place, of course, but I don't think that it's the best
    answer for what you're asking about.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  9. Re: Switch it off

    On 18 Ott, 14:42, Sylvain Robitaille wrote:
    > andrea wrote:
    > >> Ssh? It's what I use, rather than any form of "vpn", ...

    >
    > > Yes and no, with a vpn you can secure all your services you need but
    > > vpn, which is very secure.

    >
    > What services does using Ssh (instead of a Vpn) prevent you from
    > securing?
    >
    > > So once you connect to the vpn you're actually safe and you can do
    > > anything, in my opinion is much simpler and scalable then using ssh
    > > tunnels.

    >
    > Well, the way I see it, once you connect to a system with Ssh, you're
    > "safe and you can do anything". I've been managing dozens of systems
    > this way for about 10 years, and I honestly haven't felt that things
    > could be any simpler or more scalable. When you connect via a VPN, you
    > still need to connect to the target system to get your work done, right?
    >
    > The VPN provides encryption between your workstation and the network on
    > which your target system resides, and encapsulates your traffic such
    > that it appears to the target system as coming from a system on its
    > local network.
    >
    > Ssh, on the other hand, provides end-to-end encryption between your
    > workstation and the remote target system, and permits you to access
    > services on the remote system via its own "localhost" address (not
    > necessary for the services to be listening for any access from the
    > physical network).
    >
    > The VPN has its place, of course, but I don't think that it's the best
    > answer for what you're asking about.
    >
    > --
    > ----------------------------------------------------------------------
    > Sylvain Robitaille s...@alcor.concordia.ca
    >
    > Systems and Network analyst Concordia University
    > Instructional & Information Technology Montreal, Quebec, Canada
    > ----------------------------------------------------------------------


    Yes but what if you want to use webmin or other tools like that
    (nagios for example) ?
    With ssh you should open those ports anyway, and be really careful.
    With a vpn I just set the services to answer only to lan ip, and
    that's it (with some other checks of course), I think it's better, at
    least I'll try...


  10. Re: Switch it off

    andrea wrote:

    > Yes but what if you want to use webmin or other tools like that
    > (nagios for example) ?


    I'll pretend you didn't imply any desire to use "webmin"! ;-)

    ssh remotehost
    ...
    remotehost> firefox http://localhost/nagios/ &

    Assuming you have Ssh configured for X11 forwarding, the above works well
    (perhaps slowly, depending on your network connectivity), displaying
    the browser on your local workstation.

    > With ssh you should open those ports anyway, and be really careful.
    > With a vpn I just set the services to answer only to lan ip, and
    > that's it (with some other checks of course), I think it's better, at
    > least I'll try...


    With Ssh, you can have the service available only to "localhost". How
    confident are you that you know everything that's going on on the remote
    network?

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  11. Re: Switch it off

    On 18 Ott, 19:02, Sylvain Robitaille wrote:
    > andrea wrote:
    > > Yes but what if you want to use webmin or other tools like that
    > > (nagios for example) ?

    >
    > I'll pretend you didn't imply any desire to use "webmin"! ;-)
    >
    > ssh remotehost
    > ...
    > remotehost> firefoxhttp://localhost/nagios/&
    >
    > Assuming you have Ssh configured for X11 forwarding, the above works well
    > (perhaps slowly, depending on your network connectivity), displaying
    > the browser on your local workstation.
    >
    > > With ssh you should open those ports anyway, and be really careful.
    > > With a vpn I just set the services to answer only to lan ip, and
    > > that's it (with some other checks of course), I think it's better, at
    > > least I'll try...

    >
    > With Ssh, you can have the service available only to "localhost". How
    > confident are you that you know everything that's going on on the remote
    > network?
    >
    > --
    > ----------------------------------------------------------------------
    > Sylvain Robitaille s...@alcor.concordia.ca
    >
    > Systems and Network analyst Concordia University
    > Instructional & Information Technology Montreal, Quebec, Canada
    > ----------------------------------------------------------------------


    Well I didn't say everything maybe,
    I use ssh with pleasure (no password login just keys), BUT at least
    until the server is ready I need other services (webmin swat etc).
    I can't (and don't want to) tunnelize everything is ssh...
    And another thing, later on some other people will have access from
    the outside, if I set up a robust and scalable openvpn server things
    will be much easier!

    Btw, I can't get the mysql server in a ssh tunnel, the server I'm
    using now is a parallels virtual machine (named ubuntu), and I give
    this command
    ssh -L 3307:ubuntu:3306 ubuntu mysql -u root -p
    Now how I should connect?
    Trying in many ways found in the net but doesn't work...


  12. Re: Switch it off

    andrea wrote:

    > Btw, I can't get the mysql server in a ssh tunnel, the server I'm
    > using now is a parallels virtual machine (named ubuntu), and I give
    > this command
    > ssh -L 3307:ubuntu:3306 ubuntu mysql -u root -p
    > Now how I should connect?
    > Trying in many ways found in the net but doesn't work...


    I'm not sure. I have MySQL on only one system, so I generally use it by
    ssh'ing into that system and issuing the mysql command at that system's
    command prompt. To do what you're trying to do instead, I would try
    something like this:

    ssh -L 3306:ubuntu:3306 -f ubuntu

    That sets up the port-forwarding to the usual MySQL port on the local
    system (feel free to use the alternate port if you prefer, of course),
    then:

    mysql -h localhost -u root -p

    Would connect you to the MySQL database running on "ubuntu", via the
    localhost port 3306. If this works, the traffic is indeed being
    tunnelled through ssh. Note that I'm unable to test due to not having
    MySQL installed on more than one system. If it doesn't work, I'd be
    interested in knowing what error(s) you receive.

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  13. Re: Switch it off

    On 22 Ott, 17:34, Sylvain Robitaille wrote:
    > andrea wrote:
    > > Btw, I can't get the mysql server in a ssh tunnel, the server I'm
    > > using now is a parallels virtual machine (named ubuntu), and I give
    > > this command
    > > ssh -L 3307:ubuntu:3306 ubuntu mysql -u root -p
    > > Now how I should connect?
    > > Trying in many ways found in the net but doesn't work...

    >
    > I'm not sure. I have MySQL on only one system, so I generally use it by
    > ssh'ing into that system and issuing the mysql command at that system's
    > command prompt. To do what you're trying to do instead, I would try
    > something like this:
    >
    > ssh -L 3306:ubuntu:3306 -f ubuntu
    >
    > That sets up the port-forwarding to the usual MySQL port on the local
    > system (feel free to use the alternate port if you prefer, of course),
    > then:
    >
    > mysql -h localhost -u root -p
    >
    > Would connect you to the MySQL database running on "ubuntu", via the
    > localhost port 3306. If this works, the traffic is indeed being
    > tunnelled through ssh. Note that I'm unable to test due to not having
    > MySQL installed on more than one system. If it doesn't work, I'd be
    > interested in knowing what error(s) you receive.
    >
    > --
    > ----------------------------------------------------------------------
    > Sylvain Robitaille s...@alcor.concordia.ca
    >
    > Systems and Network analyst Concordia University
    > Instructional & Information Technology Montreal, Quebec, Canada
    > ----------------------------------------------------------------------


    No sorry it doesn't work...
    ssh -L 3306:ubuntu:3306 -f ubuntu
    Cannot fork into background without a command to execute.


  14. Re: Switch it off

    andrea wrote:

    > No sorry it doesn't work...
    > ssh -L 3306:ubuntu:3306 -f ubuntu
    > Cannot fork into background without a command to execute.


    Hrmmmm.... The Ssh I use is smarter than that, but in that case, give
    it a command to execute:

    ssh -L 3306:ubuntu:3306 -f ubuntu sleep 600

    --
    ----------------------------------------------------------------------
    Sylvain Robitaille syl@alcor.concordia.ca

    Systems and Network analyst Concordia University
    Instructional & Information Technology Montreal, Quebec, Canada
    ----------------------------------------------------------------------

  15. Re: Switch it off

    On 24 Ott, 01:49, Sylvain Robitaille wrote:
    > andrea wrote:
    > > No sorry it doesn't work...
    > > ssh -L 3306:ubuntu:3306 -f ubuntu
    > > Cannot fork into background without a command to execute.

    >
    > Hrmmmm.... The Ssh I use is smarter than that, but in that case, give
    > it a command to execute:
    >
    > ssh -L 3306:ubuntu:3306 -f ubuntu sleep 600
    >
    > --
    > ----------------------------------------------------------------------
    > Sylvain Robitaille s...@alcor.concordia.ca
    >
    > Systems and Network analyst Concordia University
    > Instructional & Information Technology Montreal, Quebec, Canada
    > ----------------------------------------------------------------------


    Ok it doesn't matter I found other solutions
    Back to the problem, I'm configuring apcupsd, how could I shut down
    gracefully and automatically a windows virtual machine running on the
    ubuntu server?

    Maybe .bat or something similar?


  16. Re: Switch it off

    On 30 Ott, 16:06, andrea wrote:
    > On 24 Ott, 01:49, Sylvain Robitaille wrote:
    >
    >
    >
    > > andrea wrote:
    > > > No sorry it doesn't work...
    > > > ssh -L 3306:ubuntu:3306 -f ubuntu
    > > > Cannot fork into background without a command to execute.

    >
    > > Hrmmmm.... The Ssh I use is smarter than that, but in that case, give
    > > it a command to execute:

    >
    > > ssh -L 3306:ubuntu:3306 -f ubuntu sleep 600

    >
    > > --
    > > ----------------------------------------------------------------------
    > > Sylvain Robitaille s...@alcor.concordia.ca

    >
    > > Systems and Network analyst Concordia University
    > > Instructional & Information Technology Montreal, Quebec, Canada
    > > ----------------------------------------------------------------------

    >
    > Ok it doesn't matter I found other solutions
    > Back to the problem, I'm configuring apcupsd, how could I shut down
    > gracefully and automatically a windows virtual machine running on the
    > ubuntu server?
    >
    > Maybe .bat or something similar?


    Vmware is pretty clever, it shuts down the virtual machines when the
    host shutds down, perfect!


  17. Re: Switch it off

    Begin
    On Tue, 16 Oct 2007 17:54:27 GMT, Bill Vermillion wrote:
    [snipety!]
    >
    > I used to do this for a site with clue-less users.
    >
    > I made a user called 'shutdown'.
    >
    > When logged in, a script would run that would call the shutdown
    > scripts to close the systeem gracefully. Then when the 'safe to
    > power off' message came up they would use the switch on the machine


    With ACPI on wintendo (and other mechanisms on other boxes that have
    some desktopery functionality, like ultra80 boxen), you could hook
    up a script that gets triggered when the powerbutton is pressed.

    In fact, my FreeBSD box triggers on this by default. Hit the button and
    a bit later the box even powers off, having completed shutdown. It would
    be spiffier to have some indicator light up that the box is shutting
    down, but eh, can't have everything. wintendo is *cheap*.

    I use it now and then when I go on trips and don't need things running
    at home when I'm not there.


    > If a user can't handle that they shouldn't be near the machine.
    > But you could post an instruction on just what to do by
    > the shutdown login.


    Reality sneers at logic. With lusers.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  18. Re: Switch it off

    In article ,
    jpd wrote:
    >Begin
    >On Tue, 16 Oct 2007 17:54:27 GMT, Bill Vermillion wrote:
    >[snipety!]


    >> I used to do this for a site with clue-less users.


    >> I made a user called 'shutdown'.


    >> When logged in, a script would run that would call the shutdown
    >> scripts to close the systeem gracefully. Then when the 'safe to
    >> power off' message came up they would use the switch on the machine


    >With ACPI on wintendo (and other mechanisms on other boxes that have
    >some desktopery functionality, like ultra80 boxen), you could hook
    >up a script that gets triggered when the powerbutton is pressed.


    My scripts pre-dated that hardware by a long way. They were
    either 68000 based Xenix machines, or '286 systems. Windows wasn't
    quite the powerhouse it became and this was in the Windows 3.0 era
    and earlier

    >In fact, my FreeBSD box triggers on this by default. Hit the
    >button and a bit later the box even powers off, having completed
    >shutdown. It would be spiffier to have some indicator light up
    >that the box is shutting down, but eh, can't have everything.
    >wintendo is *cheap*.


    That is surely convenient. Even MS will let you do that on more
    modern hardware.

    >I use it now and then when I go on trips and don't need things running
    >at home when I'm not there.


    >> If a user can't handle that they shouldn't be near the machine.
    >> But you could post an instruction on just what to do by
    >> the shutdown login.


    >Reality sneers at logic. With lusers.


    You can say that again.

    >Reality sneers at logic. With lusers.


    I meant that rhetroically :-)

    Bill
    --
    Bill Vermillion - bv @ wjv . com

  19. Re: Switch it off

    andrea wrote:
    > I have a server which doesn't need to stay up 24/7 and I'm not
    > physically in that place.
    > Now there will be a few users who can switch it off (correctly of
    > course), how could I manage it?
    >
    > The server will run ubuntu server LTS with a vmware windows which runs
    > a stupid old (but necessary) program, and the clients are windows xp.
    >
    > I think I have at least 3 possiblities:
    > - a script with putty (other) wich autenticates and turns off the
    > machine.
    > - a small virtual machine (linux) with a very stupid UI (one button)
    > which connect via vnc to the Xorg server and turns it off
    > - a web based program which turns the server off.
    >
    > Maybe I will add more services to these power users (status of clients
    > for example), so which solution could be the best and most scalable?
    >
    > Thanks for any suggestions
    >


    A contraian view:

    The hardest thing a computer does is cold start up after a hard shutdown.

    The 2nd Hardest thing is doing a hard shutdown.

    Leave the machine on 24/7. It will last longer and be more reliable.

    If you must (your OS or software has memory leaks or internal tables
    that get too big), use cron to schedule a script that does the
    appropriate soft shutdown of the virtual hosting and underlying OS, and
    then reboots periodically.

    --
    ----------------------------------------------------
    Pat Welch, UBB Computer Services, a WCS Affiliate
    SCO Authorized Partner
    Unix/Linux/Windows/Hardware Sales/Support
    (209) 745-1401 Cell: (209) 251-9120
    E-mail: patubb@inreach.com
    ----------------------------------------------------

  20. Re: Switch it off

    Pat Welch ha scritto:
    >
    > A contraian view:
    >
    > The hardest thing a computer does is cold start up after a hard shutdown.
    >
    > The 2nd Hardest thing is doing a hard shutdown.
    >
    > Leave the machine on 24/7. It will last longer and be more reliable.
    >
    > If you must (your OS or software has memory leaks or internal tables
    > that get too big), use cron to schedule a script that does the
    > appropriate soft shutdown of the virtual hosting and underlying OS, and
    > then reboots periodically.
    >

    Yes well the server will stay up 24/7, the shutdown procedure is for
    some very rare events...

+ Reply to Thread