Reboot my way or reboot your way

Angel Hess

Angel Hess

For over 20 years I have used the command:
reboot
And never had any problems in my time.
I frequently see the manuals say to use the command:
shutdown -r now
Why is this used instead of "reboot" and what is the difference?
Is using "reboot" Bad?
Am I living on the edge using "reboot"?
 
Biggest difference is, shutdown -r now notifies logged in users, runs /etc/rc.shutdown and thus gracefully stops services before actually rebooting. A reboot only sends a kill to all processes, then reboots. A graceful stop of a service is preferred, especially when you're dealing with (big) databases.

Code: 
     The halt and reboot utilities flush the file system cache to disk, send
     all running processes a SIGTERM (and subsequently a SIGKILL) and,
     respectively, halt or restart the system.  The action is logged,
     including entering a shutdown record into the user accounting database.
 
Note that the same does NOT apply to the command poweroff: It is implemented by executing "shutdown -p now", so it goes through rc scripts, and performs the gentle shutdown that SirDice mentioned. I find the difference between poweroff and reboot fascinating.
 
cracauer@ said:
Slight correction, reboot sends 2 signals: SIGTERM and then 5 seconds later SIGKILL. So processes do have 5 seconds for housekeeping.
Click to expand...
To put that into perspective, this means it's "best effort" at being graceful without going through rc(8). A well-behaved service should always handle SIGTERM and initiate its shutdown sequence, and 5 seconds seems plenty of time to complete it. But:
  • It might not be enough, if many services are running, if network shares are involved, etc ...
  • Some rc scripts might do additional housekeeping stuff in their stop-function, that won't be executed
  • There are even rc scripts that don't control a service/daemon but just do "generic" housekeeping (like e.g. writing back the system clock to the RTC) – won't be executed either.
ralphbsz said:
Note that the same does NOT apply to the command poweroff: It is implemented by executing "shutdown -p now", so it goes through rc scripts, and performs the gentle shutdown that SirDice mentioned. I find the difference between poweroff and reboot fascinating.
Click to expand...
The equivalent tool to reboot is halt. To also request an (ACPI?) power-off, there's the -p flag.

I don't really understand why a separate poweroff command is needed at all... But reboot and halt commands are obviously meant for situations where you want to bypass rc(8), IOW when something is already borked and you just need some "do it, do it NOW!" to get down the running system.
 
zirias@ said:
I don't really understand why a separate poweroff command is needed at all...
Click to expand...
That's exactly what I find fascinating. Given the design of services, there has to be a way to start and stop services cleanly (whether that's a real or only perceived need is a good question). Therefore, there has to be a shutdown command. Clearly, the user of the shutdown command needs to be able to specify what their desired end-state is: Power off, halt (but keep power on, for a warm start), and immediate reboot (which is down with -p, -h and -r options). Great.

Contrariwise, there seems to be a need for a rapid shutdown that bypasses the nice clean way of stopping the services. This is where commands like reboot and halt come in. It turns out that once again there are options such as -p. For consistency, it would make more sense if poweroff was a command like reboot and halt; but it isn't. When do you really need to use these commands? As you said, only when things are already borken.

This is actually an area that systemd does correctly. Internally, it has only one shutdown mechanism (all the existing commands are just light-weight aliases for various systemctl invocations). There, you usually do shutdown, but if you don't want to wait for a clean stop of services and only use the two signals that cracauer@ described above, then you use the -f flag. And if you don't even want to do the signals, then you use -f twice. This seems very logical to me.

My personal opinion is actually that the whole discussion is wrong-headed. All services and system facilities need to be designed to survive a full crash (CPU stops on a dime), partial crash (some threads stop when a core dies, but other cores in an SMP keep running), and full power failure (where not even peripherals like disks are given time to finish the last IO). In the best of all possible worlds, the system should tolerate this, with only minimal impact on recovery (for example, a few seconds during the next boot to recover partially done transactions from logs). In this world-view, the correct way to power off a system is to hit the power switch without warning anyone about it, and similarly the reset button for reboot. (Side remark: If you have human users, you should clearly warn them about a planned outage, so they can arrange their schedules around it, like go have a coffee.) If systems were designed this way (and some are, ZFS gets pretty close), the only commands you'd need are rudimentary versions of halt/reboot/poweroff, which allow performing the function of the NMI button, reset button and power switch from a keyboard. But traditional Unix systems are not designed this way, which makes them more vulnerable to unintended outages.
 
Yes, a lot of effort goes into making graceful shutdowns possible, when it's probably a better investment to be resilient against pulling the plug.
 
I really don't think that's an either/or.

A sane system should both tolerate any sudden (potentially catastrophic) failure and be able to recover from it as well as offer a well-working clean shutdown.

Many things can (and, should) be done on clean shutdown that just make sense. Network services can close connections to their peers (so THEY don't have to run into timeouts). They can write final log entries (like e.g. stats the admin might want to see later). RC scripts can do general system housekeeping (like as mentioned above, save current mixer settings, or store the clock back to the RTC). And probably many many more things. None of these things should break anything when omitted, still they should be done.
 
jbo said:
Uhm... was that a manual step that required active user action?
Click to expand...
It was, before drives started 'auto-parking' when the power got cut (it's basically a spring that pulls the head away from the platters). The 20 MB harddisk attached to my A500 had to be manually parked.
 
jbo said:
Uhm... was that a manual step that required active user action?
Click to expand...
Indeed it was a command one used to park disk heads before hitting power switch. I wonder whether win95 used it too, although automatically (int 13/AH=19h).
 
SirDice said:
It was, before drives started 'auto-parking' when the power got cut (it's basically a spring that pulls the head away from the platters). The 20 MB harddisk attached to my A500 had to be manually parked.
Click to expand...
All but one of my disks at that time were IDE (which typically had "autopark"). I was quite young and careless at the time so my parking on that disk was probably as bad as some Sunday shoppers!

Wasn't parking of disks only required if the machine was going to be physically moved?... ehem.
 
kpedersen said:
Wasn't parking of disks only required if the machine was going to be physically moved?... ehem.
Click to expand...
Sure. And not too much vibration. It would just sit there, floating above/below the platter. Which is fine, as long as everything's stationary. Can't remember if I parked that Amiga drive last time I used it. If I remember correctly it was a Seagate drive and used the old XT connection (that's pre-IDE). I still have it but I'm dreading to find out.
 
You must log in or register to reply here.
Back
Top