[OpenAFS-devel] Solaris afs.rc file damage

[Dean Anderson]

I noticed that the solaris afs.rc files have an unscheduled reboot in
the script.  This is a very nasty practice, and resulted in an
unscheduled reboot of a production solaris server because I didn't
review the rc script closely enough. My bad.  Somehow, I had become
fairly lax with respect to OpenAFS, assuming that people who checked in
code were more responsible.  I suppose we all make mistakes.  This was
with the 1.5.17 version, but I see that reboots were also in the 1.2.9
version. I haven't looked at earlier versions.  But I notice that its 
not just Solaris that has this problem.

So, I suppose it is necessary to pontificate a bit on the subject, and
explain why rebooting in an init/rc script is a bad idea.

While it may be necessary to reboot a computer to install some software,
one should never simply assume that the reboot will be done "now".  I
note that even Windows, which is probably the most egregious offender of
'reboot' for software install, even Windows asks whether you want to
reboot now or later.

Second, even if a reboot is necessary for installation of software, a
reboot must never be put in a script that runs during the boot
procedure. A slight error can cause an infinite reboot cycle that can be
hard to fix without alternate boot media, or possibly require physical
access to the console.

If it is known that the software cannot be run, and that a reboot is
necessary to install (it is rare that this is ever the case on unix with
loadable and unloadable modules, but assuming it is necessary), then the
install script should relay this message when finished.

If the init/rc startupscript cannot start the software, it should exit
and return an appropriate error code.  It should never attempt to reboot
the computer.


Thanks,

		--Dean

-- 
Av8 Internet   Prepared to pay a premium for better service?
www.av8.net         faster, more reliable, better service
617 344 9000