|
Home > Archive > Unix administration > November 2007 > Switch it off
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| andrea 2007-10-16, 1:28 pm |
| I have a server which doesn't need to stay up 24/7 and I'm not
physically in that place.
Now there will be a few users who can switch it off (correctly of
course), how could I manage it?
The server will run ubuntu server LTS with a vmware windows which runs
a stupid old (but necessary) program, and the clients are windows xp.
I think I have at least 3 possiblities:
- a script with putty (other) wich autenticates and turns off the
machine.
- a small virtual machine (linux) with a very stupid UI (one button)
which connect via vnc to the Xorg server and turns it off
- a web based program which turns the server off.
Maybe I will add more services to these power users (status of clients
for example), so which solution could be the best and most scalable?
Thanks for any suggestions
| |
| Sylvain Robitaille 2007-10-16, 1:28 pm |
| andrea wrote:
> I have a server which doesn't need to stay up 24/7 and I'm not
> physically in that place.
> Now there will be a few users who can switch it off (correctly of
> course), how could I manage it?
> ...
> Maybe I will add more services to these power users (status of clients
> for example), so which solution could be the best and most scalable?
My suggestion:
command-line: it works even if they (or you) have to access this
function remotely, or on a crippled (no X) system.
Create a group "pwrusrs" (or use a better name if you have one in mind),
with the userids of the users you want to give access to this command to
in it (include your own userid as well).
chgrp pwrusrs /sbin/shutdown
chmod 4550 /sbin/shutdown
Setup the users' accounts so they either have /sbin in their command
search path, or give them a command alias for shutdown (in fact, if you
use an alias, they don't even need to remember to type any arguments to
the shutdown command).
I hope that helps ...
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
| |
| andrea 2007-10-16, 1:28 pm |
| On 16 Ott, 18:40, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
> andrea wrote:
>
> My suggestion:
>
> command-line: it works even if they (or you) have to access this
> function remotely, or on a crippled (no X) system.
>
> Create a group "pwrusrs" (or use a better name if you have one in mind),
> with the userids of the users you want to give access to this command to
> in it (include your own userid as well).
>
> chgrp pwrusrs /sbin/shutdown
> chmod 4550 /sbin/shutdown
>
> Setup the users' accounts so they either have /sbin in their command
> search path, or give them a command alias for shutdown (in fact, if you
> use an alias, they don't even need to remember to type any arguments to
> the shutdown command).
>
> I hope that helps ...
>
> --
> ----------------------------------------------------------------------
> Sylvain Robitaille s...@alcor.concordia.ca
>
> Systems and Network analyst Concordia University
> Instructional & Information Technology Montreal, Quebec, Canada
> ----------------------------------------------------------------------
Ok thanks,
I need Xorg server anyway cause is needed by vmware server.
But I think it could be much cleaner usign sudo and sudoers file
instead of changing permissions and owners of shutdown (what if I
upgrade it?).
I will also have an openvpn network to log myself from the external
network, or there are others better vpn solutions for e virtual
private network??
(using linux macosx and windows)
| |
| andrea 2007-10-16, 1:28 pm |
| Another problem... I need to shut down first the windows virtual
machine and THEN the linux physical machine.
Any good way to shut down remotely a win machine??
Cause I don't think sending SIGTERM to vmware will shut down nicely
the virtual machine.
And I'm even planning to use ldap everywhere I can (haven't set up
anything yet), maybe I can use ldap even in this situation.
Last thing I also want a way to physically turn it off, I think that
just setting
crtlaltdel in /etc/inittab (in ubuntu server) to shutdown -h now.
But can I change that keys combination?
| |
| Bill Vermillion 2007-10-16, 1:28 pm |
| In article <1192540639.874254.187390@e34g2000pro.googlegroups.com>,
andrea <kerny404@gmail.com> wrote:
>I have a server which doesn't need to stay up 24/7 and I'm not
>physically in that place.
>Now there will be a few users who can switch it off (correctly of
>course), how could I manage it?
>
>The server will run ubuntu server LTS with a vmware windows which runs
>a stupid old (but necessary) program, and the clients are windows xp.
>
>I think I have at least 3 possiblities:
>- a script with putty (other) wich autenticates and turns off the
>machine.
>- a small virtual machine (linux) with a very stupid UI (one button)
>which connect via vnc to the Xorg server and turns it off
>- a web based program which turns the server off.
>
>Maybe I will add more services to these power users (status of clients
>for example), so which solution could be the best and most scalable?
>
>Thanks for any suggestions
I used to do this for a site with clue-less users.
I made a user called 'shutdown'.
When logged in, a script would run that would call the shutdown
scripts to close the systeem gracefully. Then when the 'safe to
power off' message came up they would use the switch on the machine
If a user can't handle that they shouldn't be near the machine.
But you could post an instruction on just what to do by
the shutdown login.
Bill
--
Bill Vermillion - bv @ wjv . com
| |
| Sylvain Robitaille 2007-10-18, 1:30 am |
| andrea wrote:
> I need Xorg server anyway cause is needed by vmware server.
And if Xorg dies?
> But I think it could be much cleaner usign sudo and sudoers file
> instead of changing permissions and owners of shutdown ...
That's certainly another possibility. I find that I prefer to not to
use sudo (with its added complexity), but that's certainly a personal
choice.
> (what if I upgrade it?).
Then you copy and paste commands from the documentation you'll have
created in the other thread you started, of course! ;-) All your
system modifications will then be migrated to the upgraded system.
> I will also have an openvpn network to log myself from the external
> network, or there are others better vpn solutions for e virtual
> private network??
Ssh? It's what I use, rather than any form of "vpn", but it effectively
provides me with the same benefits.
Simpler is better ...
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
| |
| andrea 2007-10-18, 7:37 am |
| On 18 Ott, 06:00, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
> andrea wrote:
>
> And if Xorg dies?
>
>
> That's certainly another possibility. I find that I prefer to not to
> use sudo (with its added complexity), but that's certainly a personal
> choice.
>
>
> Then you copy and paste commands from the documentation you'll have
> created in the other thread you started, of course! ;-) All your
> system modifications will then be migrated to the upgraded system.
>
>
> Ssh? It's what I use, rather than any form of "vpn", but it effectively
> provides me with the same benefits.
>
> Simpler is better ...
>
> --
Yes and no, with a vpn you can secure all your services you need but
vpn, which is very secure.
So once you connect to the vpn you're actually safe and you can do
anything, in my opinion is much simpler and scalable then using ssh
tunnels.
| |
| Sylvain Robitaille 2007-10-18, 1:25 pm |
| andrea wrote:
>
> Yes and no, with a vpn you can secure all your services you need but
> vpn, which is very secure.
What services does using Ssh (instead of a Vpn) prevent you from
securing?
> So once you connect to the vpn you're actually safe and you can do
> anything, in my opinion is much simpler and scalable then using ssh
> tunnels.
Well, the way I see it, once you connect to a system with Ssh, you're
"safe and you can do anything". I've been managing dozens of systems
this way for about 10 years, and I honestly haven't felt that things
could be any simpler or more scalable. When you connect via a VPN, you
still need to connect to the target system to get your work done, right?
The VPN provides encryption between your workstation and the network on
which your target system resides, and encapsulates your traffic such
that it appears to the target system as coming from a system on its
local network.
Ssh, on the other hand, provides end-to-end encryption between your
workstation and the remote target system, and permits you to access
services on the remote system via its own "localhost" address (not
necessary for the services to be listening for any access from the
physical network).
The VPN has its place, of course, but I don't think that it's the best
answer for what you're asking about.
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
| |
| andrea 2007-10-18, 1:25 pm |
| On 18 Ott, 14:42, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
> andrea wrote:
>
>
> What services does using Ssh (instead of a Vpn) prevent you from
> securing?
>
>
> Well, the way I see it, once you connect to a system with Ssh, you're
> "safe and you can do anything". I've been managing dozens of systems
> this way for about 10 years, and I honestly haven't felt that things
> could be any simpler or more scalable. When you connect via a VPN, you
> still need to connect to the target system to get your work done, right?
>
> The VPN provides encryption between your workstation and the network on
> which your target system resides, and encapsulates your traffic such
> that it appears to the target system as coming from a system on its
> local network.
>
> Ssh, on the other hand, provides end-to-end encryption between your
> workstation and the remote target system, and permits you to access
> services on the remote system via its own "localhost" address (not
> necessary for the services to be listening for any access from the
> physical network).
>
> The VPN has its place, of course, but I don't think that it's the best
> answer for what you're asking about.
>
> --
> ----------------------------------------------------------------------
> Sylvain Robitaille s...@alcor.concordia.ca
>
> Systems and Network analyst Concordia University
> Instructional & Information Technology Montreal, Quebec, Canada
> ----------------------------------------------------------------------
Yes but what if you want to use webmin or other tools like that
(nagios for example) ?
With ssh you should open those ports anyway, and be really careful.
With a vpn I just set the services to answer only to lan ip, and
that's it (with some other checks of course), I think it's better, at
least I'll try...
| |
| Sylvain Robitaille 2007-10-18, 1:25 pm |
| andrea wrote:
> Yes but what if you want to use webmin or other tools like that
> (nagios for example) ?
I'll pretend you didn't imply any desire to use "webmin"! ;-)
ssh remotehost
...
remotehost> firefox http://localhost/nagios/ &
Assuming you have Ssh configured for X11 forwarding, the above works well
(perhaps slowly, depending on your network connectivity), displaying
the browser on your local workstation.
> With ssh you should open those ports anyway, and be really careful.
> With a vpn I just set the services to answer only to lan ip, and
> that's it (with some other checks of course), I think it's better, at
> least I'll try...
With Ssh, you can have the service available only to "localhost". How
confident are you that you know everything that's going on on the remote
network?
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
| |
| andrea 2007-10-20, 7:31 am |
| On 18 Ott, 19:02, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
> andrea wrote:
>
> I'll pretend you didn't imply any desire to use "webmin"! ;-)
>
> ssh remotehost
> ...
> remotehost> firefoxhttp://localhost/nagios/&
>
> Assuming you have Ssh configured for X11 forwarding, the above works well
> (perhaps slowly, depending on your network connectivity), displaying
> the browser on your local workstation.
>
>
> With Ssh, you can have the service available only to "localhost". How
> confident are you that you know everything that's going on on the remote
> network?
>
> --
> ----------------------------------------------------------------------
> Sylvain Robitaille s...@alcor.concordia.ca
>
> Systems and Network analyst Concordia University
> Instructional & Information Technology Montreal, Quebec, Canada
> ----------------------------------------------------------------------
Well I didn't say everything maybe,
I use ssh with pleasure (no password login just keys), BUT at least
until the server is ready I need other services (webmin swat etc).
I can't (and don't want to) tunnelize everything is ssh...
And another thing, later on some other people will have access from
the outside, if I set up a robust and scalable openvpn server things
will be much easier!
Btw, I can't get the mysql server in a ssh tunnel, the server I'm
using now is a parallels virtual machine (named ubuntu), and I give
this command
ssh -L 3307:ubuntu:3306 ubuntu mysql -u root -p
Now how I should connect?
Trying in many ways found in the net but doesn't work...
| |
| Sylvain Robitaille 2007-10-22, 1:27 pm |
| andrea wrote:
> Btw, I can't get the mysql server in a ssh tunnel, the server I'm
> using now is a parallels virtual machine (named ubuntu), and I give
> this command
> ssh -L 3307:ubuntu:3306 ubuntu mysql -u root -p
> Now how I should connect?
> Trying in many ways found in the net but doesn't work...
I'm not sure. I have mysql on only one system, so I generally use it by
ssh'ing into that system and issuing the mysql command at that system's
command prompt. To do what you're trying to do instead, I would try
something like this:
ssh -L 3306:ubuntu:3306 -f ubuntu
That sets up the port-forwarding to the usual mysql port on the local
system (feel free to use the alternate port if you prefer, of course),
then:
mysql -h localhost -u root -p
Would connect you to the mysql database running on "ubuntu", via the
localhost port 3306. If this works, the traffic is indeed being
tunnelled through ssh. Note that I'm unable to test due to not having
MySQL installed on more than one system. If it doesn't work, I'd be
interested in knowing what error(s) you receive.
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
| |
| andrea 2007-10-22, 7:22 pm |
| On 22 Ott, 17:34, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
> andrea wrote:
>
> I'm not sure. I have mysql on only one system, so I generally use it by
> ssh'ing into that system and issuing the mysql command at that system's
> command prompt. To do what you're trying to do instead, I would try
> something like this:
>
> ssh -L 3306:ubuntu:3306 -f ubuntu
>
> That sets up the port-forwarding to the usual mysql port on the local
> system (feel free to use the alternate port if you prefer, of course),
> then:
>
> mysql -h localhost -u root -p
>
> Would connect you to the mysql database running on "ubuntu", via the
> localhost port 3306. If this works, the traffic is indeed being
> tunnelled through ssh. Note that I'm unable to test due to not having
> mysql installed on more than one system. If it doesn't work, I'd be
> interested in knowing what error(s) you receive.
>
> --
> ----------------------------------------------------------------------
> Sylvain Robitaille s...@alcor.concordia.ca
>
> Systems and Network analyst Concordia University
> Instructional & Information Technology Montreal, Quebec, Canada
> ----------------------------------------------------------------------
No sorry it doesn't work...
ssh -L 3306:ubuntu:3306 -f ubuntu
Cannot fork into background without a command to execute.
| |
| Sylvain Robitaille 2007-10-24, 1:31 am |
| andrea wrote:
> No sorry it doesn't work...
> ssh -L 3306:ubuntu:3306 -f ubuntu
> Cannot fork into background without a command to execute.
Hrmmmm.... The Ssh I use is smarter than that, but in that case, give
it a command to execute:
ssh -L 3306:ubuntu:3306 -f ubuntu sleep 600
--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
| |
| andrea 2007-10-30, 1:25 pm |
| On 24 Ott, 01:49, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
> andrea wrote:
>
> Hrmmmm.... The Ssh I use is smarter than that, but in that case, give
> it a command to execute:
>
> ssh -L 3306:ubuntu:3306 -f ubuntu sleep 600
>
> --
> ----------------------------------------------------------------------
> Sylvain Robitaille s...@alcor.concordia.ca
>
> Systems and Network analyst Concordia University
> Instructional & Information Technology Montreal, Quebec, Canada
> ----------------------------------------------------------------------
Ok it doesn't matter I found other solutions 
Back to the problem, I'm configuring apcupsd, how could I shut down
gracefully and automatically a windows virtual machine running on the
ubuntu server?
Maybe .bat or something similar?
| |
| andrea 2007-10-31, 1:28 pm |
| On 30 Ott, 16:06, andrea <kerny...@gmail.com> wrote:
> On 24 Ott, 01:49, Sylvain Robitaille <s...@alcor.concordia.ca> wrote:
>
>
>
>
>
>
>
>
> Ok it doesn't matter I found other solutions
> Back to the problem, I'm configuring apcupsd, how could I shut down
> gracefully and automatically a windows virtual machine running on the
> ubuntu server?
>
> Maybe .bat or something similar?
Vmware is pretty clever, it shuts down the virtual machines when the
host shutds down, perfect!
| |
|
| Begin <Jq0n2r.1pzK@wjv.com>
On Tue, 16 Oct 2007 17:54:27 GMT, Bill Vermillion <bv@wjv.com> wrote:
[snipety!]
>
> I used to do this for a site with clue-less users.
>
> I made a user called 'shutdown'.
>
> When logged in, a script would run that would call the shutdown
> scripts to close the systeem gracefully. Then when the 'safe to
> power off' message came up they would use the switch on the machine
With ACPI on wintendo (and other mechanisms on other boxes that have
some desktopery functionality, like ultra80 boxen), you could hook
up a script that gets triggered when the powerbutton is pressed.
In fact, my FreeBSD box triggers on this by default. Hit the button and
a bit later the box even powers off, having completed shutdown. It would
be spiffier to have some indicator light up that the box is shutting
down, but eh, can't have everything. wintendo is *cheap*.
I use it now and then when I go on trips and don't need things running
at home when I'm not there.
> If a user can't handle that they shouldn't be near the machine.
> But you could post an instruction on just what to do by
> the shutdown login.
Reality sneers at logic. With lusers.
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.
| |
| Bill Vermillion 2007-11-08, 1:27 pm |
| In article <slrnfj6ftc.1o4q.read_the_sig@mantell0.local>,
jpd <read_the_sig@do.not.spam.it.invalid> wrote:
>Begin <Jq0n2r.1pzK@wjv.com>
>On Tue, 16 Oct 2007 17:54:27 GMT, Bill Vermillion <bv@wjv.com> wrote:
>[snipety!]
[vbcol=seagreen]
[vbcol=seagreen]
[vbcol=seagreen]
>With ACPI on wintendo (and other mechanisms on other boxes that have
>some desktopery functionality, like ultra80 boxen), you could hook
>up a script that gets triggered when the powerbutton is pressed.
My scripts pre-dated that hardware by a long way. They were
either 68000 based Xenix machines, or '286 systems. Windows wasn't
quite the powerhouse it became and this was in the Windows 3.0 era
and earlier
>In fact, my FreeBSD box triggers on this by default. Hit the
>button and a bit later the box even powers off, having completed
>shutdown. It would be spiffier to have some indicator light up
>that the box is shutting down, but eh, can't have everything.
>wintendo is *cheap*.
That is surely convenient. Even MS will let you do that on more
modern hardware.
>I use it now and then when I go on trips and don't need things running
>at home when I'm not there.
[vbcol=seagreen]
>Reality sneers at logic. With lusers.
You can say that again.
>Reality sneers at logic. With lusers.
I meant that rhetroically :-)
Bill
--
Bill Vermillion - bv @ wjv . com
| |
|
| Begin <Jr7AtK.vxE@wjv.com>
On Thu, 8 Nov 2007 18:46:32 GMT, Bill Vermillion <bv@wjv.com> wrote:
> In article <slrnfj6ftc.1o4q.read_the_sig@mantell0.local>,
> jpd <read_the_sig@do.not.spam.it.invalid> wrote:
>
> My scripts pre-dated that hardware by a long way. They were
> either 68000 based Xenix machines, or '286 systems.
I didn't... mean to imply that, but I see a strategic ``nowadays''
slipped somewhere in the editing. My apologies. You know I know better.
> Windows wasn't quite the powerhouse it became and this was in the
> Windows 3.0 era and earlier
Hrmpf. More by dint of not everybody yet having more than one computer
than anything else. Sense has notoriously been absent in that market.
Something to do with avalanches of bogons emitted by the marketing
department of a certain large company. I think that's the only thing
that keeps the software going too.
>
> You can say that again.
>
>
> I meant that rhetroically :-)
Good thing *I* didn't, then. :-)
--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.
| |
| Pat Welch 2007-11-14, 7:33 am |
| andrea wrote:
> I have a server which doesn't need to stay up 24/7 and I'm not
> physically in that place.
> Now there will be a few users who can switch it off (correctly of
> course), how could I manage it?
>
> The server will run ubuntu server LTS with a vmware windows which runs
> a stupid old (but necessary) program, and the clients are windows xp.
>
> I think I have at least 3 possiblities:
> - a script with putty (other) wich autenticates and turns off the
> machine.
> - a small virtual machine (linux) with a very stupid UI (one button)
> which connect via vnc to the Xorg server and turns it off
> - a web based program which turns the server off.
>
> Maybe I will add more services to these power users (status of clients
> for example), so which solution could be the best and most scalable?
>
> Thanks for any suggestions
>
A contraian view:
The hardest thing a computer does is cold start up after a hard shutdown.
The 2nd Hardest thing is doing a hard shutdown.
Leave the machine on 24/7. It will last longer and be more reliable.
If you must (your OS or software has memory leaks or internal tables
that get too big), use cron to schedule a script that does the
appropriate soft shutdown of the virtual hosting and underlying OS, and
then reboots periodically.
--
----------------------------------------------------
Pat Welch, UBB Computer Services, a WCS Affiliate
SCO Authorized Partner
Unix/Linux/Windows/Hardware Sales/Support
(209) 745-1401 Cell: (209) 251-9120
E-mail: patubb@inreach.com
----------------------------------------------------
| |
| andrea 2007-11-26, 7:22 pm |
| Pat Welch ha scritto:
>
> A contraian view:
>
> The hardest thing a computer does is cold start up after a hard shutdown.
>
> The 2nd Hardest thing is doing a hard shutdown.
>
> Leave the machine on 24/7. It will last longer and be more reliable.
>
> If you must (your OS or software has memory leaks or internal tables
> that get too big), use cron to schedule a script that does the
> appropriate soft shutdown of the virtual hosting and underlying OS, and
> then reboots periodically.
>
Yes well the server will stay up 24/7, the shutdown procedure is for
some very rare events...
|
|
|
|
|