1) Have root shell open on the other machines (i.e. outpost, mire). In general this should not be necessary, but in the January 2010 outage, after a period of Deleuze inavailability, Mire stopped accepting new logins so we had no way to restart services except a reboot.
3) Have HCoop passwords list handy, it goes hand in hand with the above wiki pages
2. Deleuze reboot
If it's a clean reboot, first shutdown all services possible, primarily those that depend on AFS, but others are also important as basically everything depends on user lookups and libnss-afs. So shutdown as much as you can, and it'll make reboot controlled and smooth.
To reboot, hook up to the IPKVM, open channel connected to Deleuze console, and from there, either reboot with sudo reboot as usual, or if it's hung, invoke the SysRq reboot as follows:
- Open "Keys" menu in the KVM
- There, select "LAlt" toggle-- it'll combine all keys you press with implicit Left-Alt. (And you can leave the Keys menu open while doing the rest of the steps, it won't interfere with the keystrokes you're sending.)
Press SysRq + s to invoke emergency sync
Press SysRq + b to reboot
Rebooting deleuze is problematic because of the way how AFS starts. On boot, you see a message of OpenAFS starting up, and then it proceeds with other services that follow after it. However, if the server was rebooted in response to a crash or had an unclean shutdown, AFS will salvage the vice partitions (that is, it'll run a filesystem check).
In case it was a clean shutdown, no problems.
BUT, in case it was a crash or something and it does start the salvager, the startup script won't wait for the salvager to finish -- it will just continue, allowing other services to start. The problem is, when salvage is running on a partition, all volumes from the partition are inaccessible. In our case, it means all volumes are inaccessible as they're on a single partition, and all services that want to use AFS then start improperly, as AFS is not yet available. We've recently updated the OpenAFS startup script to wait while the salvager is running. It is alpha state, I think it should be working, but just gives some amount of harmless error lines when it's done. So some issues of the services starting without AFS should now be solved because it *does* block until salvager is done. Still, you can go over the items below to double-check:
So from the KVM console or SSH login, you can run "bos status deleuze" to see whether the fileserver is salvaging. If yes, really the only thing you can do is shut down the services which started after it, and surely didn't start properly because AFS is (still) inaccessible. Those include:
nscd mysql postgres apache2 domtool-server cron spamassassin courier-authdaemon openbsd-inetd
You close them down with:
/etc/init.d/SERVICE_NAME stop (init.d approach) sv stop SERVICE_NAME (runit approach) killall SERVICE_NAME (to be sure it's down)
It is important to verify that the service is really down; especially in case of courier-authdaemon which won't want to restart cleanly using sv restart courier-authdaemon if a previous improperly initialized instance is running.
The salvager will take about 20 minutes. When it is done, "bos status deleuze" will no longer report salvager running, and on the console you'll probably get a couple of "waiting for busy volume..." messages which are alright.
Then, you init.d start or sv start all those services that were stopped, watching for any errors.
In general, there should be none, except for things like MySQL saying things like "InnoDB: Crash recovery may have failed for some .ibd files!". This is alright; looking at it, one sees these are messages for people who no longer have an account at HCoop and their databases have been removed.
So after things appear to be working again, DOUBLE-CHECK that Postgres in particular is started properly (if it is, it'll appear in ps aux| grep postgr and you'll see its processes along with probably some users connections that already contacted the database). As said, double-check this as Postgres is known, in our setup at least, to need one, two or more restarts before it really starts properly.
ps aux | egrep 'postmaste()r' > /dev/null || echo 'Postgres not running!'
After Postgres, restart domtool-server (it uses Postgres).
Do a test configuration of a domain with domtool (doesn't matter how simple it is) to ensure that all domtool servers are working.
4.1. Other systems
Since Deleuze is the main server, its period of unavailability will affect other machines. In specific, the web server needs to be restarted, or even rebooted if SSH stops taking logins (this happened Jan 20, 2010 outage).
Also, restart domtool-slave processes on all machines that have it.
Also, on last Deleuze unavailability, DNS on outpost stopped receiving updates, it needed a service restart (domtool and/or bind9).
So the bottom line is, after rebooting deleuze, re-check everything