Wake On Lan After Power Failure (or Out of G3)

Wake-on-LAN (WOL; translated from English - “wake-up on [signal from] local network”) is a technology that allows you to remotely turn on a computer by sending a special byte sequence over a local network. wiki

And everything would be fine if it were not for one thing. After a power failure, your computer will not turn on.
Agree, it will be a "pleasant" surprise, especially if you are a couple of thousand kilometers away.
One solution is written here , but it is hardware and software, and you can do without additional hardware.

About WOL on Habré you can already find two villages . Therefore, the inclusion of wol on the card will not be considered in this article.

Introduction

First, let's see why the computer does not turn on. To understand this, it is worth turning to ACPI.
ACPI - English Advanced Configuration and Power Interface - advanced configuration and power management interface). ACPI describes the state - both global and specific devices in particular. ( wiki )


')
We are interested in two global states:

• G2 (S5) (soft-off) - soft (software) shutdown; the system is completely stopped, but energized, ready to turn on at any time. System context lost.
• G3 (mechanical off) - mechanical shutdown of the system; ATX power supply is off.

Unfortunately, when the power is connected, the system itself does not go from G3 to G2.
Therefore, to ensure the ability to boot after a power failure, you need to learn how to transfer a computer from G3 to G2.

Most [new] bios have the option “After Power Failure”. It can accept one of three values:

• “Stay Off” - when power is lost on the network and it is restored, you must press the power button to turn on the PC.
• “Turn On” - power recovery causes automatic system start.
• "Last State" - Restore the system to the state in which it was at the time of power failure. If it was turned off - it remains off, otherwise it turns on.

Choosing “Turn On” will only ask how to turn off the computer when it turned on after a power failure, and not from a network request or a regular start button on the case. We will do these checks in the initrd.

Initrd (acronym for Initial RAM Disk, disk in RAM for initialization) is a temporary file system used by the Linux kernel during initial boot. ( wiki_ru ) ( wiki_en )

The location of the files for the initrd in Ubuntu / Debian can be viewed in the man at initramfs-tools ( online from the Ubuntu site ).
For Centos, it's a little different - there is a dracut.

To ensure verification of how the computer was turned on, after sending the package wol, we will ping it. But since the WOL package is “magic”, let the pings be “magic” too. Let our pings be 48 bytes in size, not 84.

Total idea in the form of a flowchart:

Implementation

Modules

In / etc / initramfs-tools / modules we will add the necessary modules for the work of iptables and the network.

Module for your network card

r8169 (    ) 

Iptables modules

 xt_length iptable_filter ip_tables x_tables 

Script

In / etc / initramfs-tools / scripts / local-top / add the file checkboot with the contents:

 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac [ `cat /proc/cmdline | grep nocheckboot | wc -l` -eq 1 ] && exit 0 iptables -A INPUT -p icmp --icmp-type echo-request -m length --length 48 -j ACCEPT modprobe r8169 ifconfig eth0 192.168.0.2 up sleep 3 C=`iptables -L INPUT -v | grep 'icmp echo-request length 48' | cut -f5 -d' '` [ $C -gt 0 ] && exit 0 poweroff -f exit 0 

And make it executable:

 chmod +x /etc/initramfs-tools/scripts/local-top/checkboot 

The script implements the flowchart above.

Hook

In / etc / initramfs-tools / hooks / add the file checkboot with the contents:

 #!/bin/sh PREREQ="" prereqs() { echo "$PREREQ" } case $1 in prereqs) prereqs exit 0 ;; esac cp /sbin/ifconfig "${DESTDIR}/sbin" cp /sbin/iptables "${DESTDIR}/sbin" cp /lib/libip4tc.so.0 "${DESTDIR}/lib" cp /lib/libip6tc.so.0 "${DESTDIR}/lib" cp /lib/libxtables.so.7 "${DESTDIR}/lib" cp /lib/i386-linux-gnu/i686/cmov/libm.so.6 "${DESTDIR}/lib" mkdir "${DESTDIR}/lib/xtables" cp "/lib/xtables/libipt_icmp.so" "${DESTDIR}/lib/xtables" cp "/lib/xtables/libxt_length.so" "${DESTDIR}/lib/xtables" cp "/lib/xtables/libxt_standard.so" "${DESTDIR}/lib/xtables" exit 0 

And make it executable:

 chmod +x /etc/initramfs-tools/hooks/checkboot 

This file indicates that you need to add to the initrd for the correct operation of our script.
After copying the iptables and ifconfig utilities, it is also necessary to copy the libraries for iptables.
Linked libraries can be obtained by running ldd / sbin / iptables .
But in the process of work, dynamically loadable modules will also be used. Their list can be seen by running the command:

 # strace iptables -A INPUT -p icmp --icmp-type echo-request -m length --length 48 -j ACCEPT 2>&1 | grep ^open | grep '.so' | grep -v ENOENT | grep -o '"[^"]*"' 

That will allow to get the rest of the loadable libraries:

 "/lib/xtables/libipt_icmp.so" "/lib/xtables/libxt_length.so" "/lib/xtables/libxt_standard.so" 

Update initrd

Before updating the initrd, it is a good idea to copy the stable version to / boot with a different name, so that in case of any errors in the script / hook, booting the system is not difficult.
Update initrd with the command:

 # update-initramfs -u 

Grub

Add new lines to grub with nocheckboot.
We do this either by directly editing /boot/grub/grub.cfg with creating a new item with adding nocheckboot in the parameters line to the kernel, or changing /etc/grub.d/10_linux, which is better, since after the update-grub2 our changes will not disappear as happens if we edit grub.cfg.

To do this, add to /etc/grub.d/10_linux:

  linux_entry "${OS} nockeckboot" "${version}" simple \ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_EXTRA} ${GRUB_CMDLINE_LINUX_DEFAULT} nocheckboot" 

After:

  linux_entry "${OS}" "${version}" simple \ "${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_EXTRA} ${GRUB_CMDLINE_LINUX_DEFAULT}" 

And then we do:

 # update-grub2 

Launch

It remains only to write a startup script.
And here he is:

 !#/bin/sh wol -i 192.168.0.255 {MAC} ping -s 20 -c 50 -W 1 192.168.0.2 

Here "-c 50" is 50 packets, 1 packet per second, which means 50 seconds is the time during which all steps must pass before "Checking the iptables rule counter". And "-s 20" makes the packet size equal to 48 bytes. 48 - 20 = 28 bytes - IP and ETHERNET headers.

Instead of conclusion

That's all, now you will not lose access to the machines due to a power failure.
Of course, here you can still talk about UPS, but the task was to find a solution without using UPS.
Such a scheme is useful if you need access to your computers (data access, performing calculations), which come mostly off time and are waiting for you.