Gavin,
Why the DELAY and WARN options. What I would envision is the use of a
command file which performs any pre-shutdown processing, such as warning
users, shutting down spooling, etc. The SHUTDOWN command would then be the
last command executed by the command file. It would be nice to have an
option to reboot or not reboot. (Maybe even an option for a memory dump.)
If we ever get the UPS initiated shutdown, we could then (hopefully)
specify a command file to execute when remaining battery life is low. This
could be the same command file or a different one, but it would be more
adaptable.
David N. Lukenbill
Computer Sciences Corporation
> Response 1: Make it available to only MANAGER.SYS, not also to
> OPERATOR.SYS.
Nonsense.
It is perfectly obvious how a :SHUTDOWN command ought to be added to MPE so
as to fit in with the "style" of the rest of the system. Here's the :HELP
catalog entry:
---
\ENTRY=SHUTDOWN,PARMS,OPERATION,EXAMPLE
LIMIT
Shuts down a component of the MPE/iX operating system or the operating
system itself.
SYNTAX
SHUTDOWN {SYSTEM | <entityname>}
[;HALT]
[;RESTART]
[;EXIT]
[;DELAY=<timespec>]
[;WARN=<warningtext>]
[;WAIT
\ITEM=PARMS
PARAMETERS
SYSTEM Specifies that the entire system should be shut down.
entityname Specifies the component of MPE/iX to be shut down.
HALT Asks that the entity or SYSTEM should be shut down
(default).
RESTART Asks that the entity or SYSTEM should be restarted
(rebooted in
the case of SYSTEM) after the shut down is complete.
EXIT Valid only when SYSTEM is specified. Asks that the
operating system
exit to the ISL prompt after shutdown is complete,
rather than
initiating a reboot / hard reset.
DELAY Asks for a delay before the actual shut down is
initiated.
timespec Specifies the delay that should ensue before the shut
down
process begins.
WARN Asks that a :WARNING be sent to all logged on users
before
the shut down starts. Valid only when DELAY is
specified.
The warning message will be sent immediately.
warningtext Provides the text of the warning message to send.
WAIT Asks that the command wait until there are no more
users
of the entity being shut down before the shut down
process
begins. By default, all active users will be aborted
as
a
result of the shut down process.
\ITEM=OPERATION
OPERATION
The MPE/iX operating system or one of its components is shut
down.
The first parameter must be included in the SHUTDOWN
command. If you execute the SHUTDOWN command without
parameters, the following message is displayed on the
console
EXPECTED THE NAME OF THE ENTITY TO BE SHUT DOWN. (CIERR nnnnn)
This has the side effect of preventing an operator from
accidentally shutting down the system as a result of simply
typing the word "SHUTDOWN". The explicit command:
:SHUTDOWN SYSTEM
is required to actually initiate system shutdown.
This command may be issued from a session, job, program, or
in BREAK. Pressing [Break] has no effect on this command. It
may be issued only from the console unless it is distributed to
users with the ALLOW command.
\ITEM=EXAMPLE
EXAMPLE(S)
To shut down the MPE/iX operating system and initiate a subsequent
reboot operation enter:
SHUTDOWN SYSTEM;RESTART
ADDITIONAL INFORMATION
Commands: =SHUTDOWN
Manuals : Performing System Management Tasks (32650-90004)
---
Commentary:
The minimum command required to shut down the operating system is now:
:SHUTDOWN SYSTEM
as noted in the help text. I have no sympathy for anyone who types this on
the active system console and doesn't get what they expect.
The command is a "master operator" command, which is actually the more
restrictive than making it require SM, and allows it to be used by the
person actually operating the machine, i.e. the person sitting at the
console.
The "allow" mechanism, the :CONSOLE command, and various 3rd party or
freeware privileged tools can be used to manage and control who can and
cannot execute the command.
By requiring a parameter like "SYSTEM" we both solve the issue of
"accidental" shutdowns, and we leave a hook for this command to be extended
in the future to apply to things other than the entire system. for
example,
it might be nice to be able to shutdown the network with a single command,
especially if the ;RESTART option would then bring all the appropriate
parts
of the "network" back up. The command could eventually replace the =LOGOFF
command and others as well.
At that point a :START command would probably be needed as well of course.
Not all of the "optional" parameters (WAIT, DELAY, WARN, etc.) must be
there
in the first version of course, and the ones listed simply indicate some
potential extra functionality that might be nice to have. Other options
are
certainly possible.
The ;EXIT option would be a great boon to those of us who have to
frequently
reboot systems as part of testing, or in time-critical situations (such as
sites trying to reach "five nines" of uptime). Normally when MPE shuts
down
it then initiates a hard reset of the system hardware, which results in a
full self test sequence that can last many minutes on large systems, and
then the initial boot sequence does things like the memory dump of the
first
N MB to disk, which wastes more time.
For a machine being shut down normally, there should be no reason to waste
4-20 minutes running diagnostics on a machine that's working just fine,
thank you very much.
It turns out that rather than resetting the system, it's possible to simply
have the OS "exit" back to the ISL prompt, which takes only a few seconds.
From there one can issue a START command to bring the machine back up,
saving many minutes from the "reboot" process.
Certainly HP might have to do some work to certify that this is safe to do,
but the certification and testing effort ought to be reasonable relative to
the amount of customer time that could be saved.
G.
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|