|
Grex > Coop8 > #31: Pledge Drive for Grex Battery Backup |  |
|
| Author |
Message |
| 25 new of 61 responses total. |
gregc
|
|
response 25 of 61:
| 
Mar 13 10:09 UTC 1996 |
Most modern UPS's that are any more sophisticated than the really bottom
of the line "bare-bones" units, ussually come with at least these 2 outputs:
1.) One signal that indicates that AC line power has been lost,
2.) And another signal that indicates that only XX minutes of battery
power are remaining. XX varies from manufacturer to manufacturer, but
is also ussually programable. This is ussually a 2 minute warning.
Older units ussually only had 1 output(if even that) that just signaled when
AC line power is lost. The problem with that is that you don't really want
to start a shutdown every time the AC line glitches. As STeve said above,
most power line failures are transients that only last about 15 seconds.
Even the smallest cheapest units have enough batterys for 5 minutes of
runtime, so the idea is just to "ride through" the short power
interruptions.
The way I would handle this is:
1.) When the AC-line-power-is-lost signal was detected, send a message to
all users saying something to the effect: "POWER FAILURE. System may
start auto-shutdown in XX minutes, Please be prepared." The file
/etc/nologin would be created at this time to prevent any more users
from logging in.
2.) The system would otherwise continue to run normally. If AC power came
back on, another message would be sent to all users: "SYSTEM POWER
RESTORED. All is well.", and /etc/nologin would be removed.
3.) If power stayed off and 5 minutes[or a number that we determine through
trail and error] had gone by, we send another message to everyone:
"ATTENTION: POWER HAS NOT BEEN RESTORED. System will very likely shutdown
in the next XX minutes. Save anything important you are doing NOW. This
will be your last warning."
4.) When the second 2-minute-battery-warning signal from the UPS is
dectected, we begin an immediate shutdown to single user mode. The
system then waits for the UPS batterys to run out and for the UPS to
shutoff power to the system.
4a.) (Optional) We could *maybe* give the users a final 30 second warning
at this point, but that might be pushing the window of safe battery
life in which to do a shutdown.
5.) We will have to modify single user mode slightly to run a program that
continues to monitor the signals from the UPS. It is possible that AC
line power would come back on after the system went into single user
mode. That would prevent the OFF then ON pwer cycle that would cause
the system to reboot normally. The program would monitor the UPS and if
it detected that AC line power had been restored, it would put the system
back into multi-user mode.
5a.) (optional) Alot of UPS's also have an input that allows you to signal
them to shutoff. We could then install a small prgram at the single user
level that does one last check to make sure that AC line power is still
off and then it sends the Ok-I'm-all-shutdown-and-ready-go-ahead-and-
shut-me-off-now signal to the UPS.
All of the above events would also be logged to a file.
|
albaugh
|
|
response 26 of 61:
|
Mar 13 16:45 UTC 1996 |
After the UPS runs totally out of battery power and thus shuts down the Sun
etc., when the line power is restored, does the Sun (grex) reboot to a
"ready for users" state automatically, or is operator involvement required?
|
gregc
|
|
response 27 of 61:
|
Mar 13 16:59 UTC 1996 |
A cold-boot from power on is automatic. Operator intervention is only
required in the (normally very rare)case of when the file system is badly
screwed up. The purpose of the orderly shutdown is to *prevent* the
file system from becoming badly screwed up.
|
scg
|
|
response 28 of 61:
|
Mar 14 07:42 UTC 1996 |
Thinking back to the power outages over the summer at my office, which is a
couple of blocks from the Dungeon, there were a lot of the one second variety.
That's where even a very limited UPS will help a lot. The only one I recall
lasting longer than a second lasted several hours (so I've been told -- I was
at GrexStock at the time. My office also flooded, so maybe it was just as
well we didn't have power).
|
tsty
|
|
response 29 of 61:
|
Mar 19 07:09 UTC 1996 |
I recommend, and hereby nominate, that response #25 be implemented
by unanimous vote of the Board. It is well thoght out, totally coherent,
and demonstrates why experience can be a dear teacher, whether as an
historical event, or as a well considered thought-experiment, ala Einstein.
I would dump the 30 secnds option ... enough is enough. Ppl can count.
|
gregc
|
|
response 30 of 61:
|
Mar 19 09:41 UTC 1996 |
I appreciate the support, but #25 does not need to be voted on by the
board. It is a technical hardware/software implementation issue and
therefore falls under the discretionary powers of staff to implement
as they see fit.
Do we want need a UPS?
That is a question that needs to be discussed and voted on by members
and/or board.
If purchased, how is the unit installed and made to work?
That is staff's job to decide and implement.
|
scg
|
|
response 31 of 61:
|
Mar 19 10:06 UTC 1996 |
I agree.
|
davel
|
|
response 32 of 61:
|
Mar 19 10:57 UTC 1996 |
I agree, except that the policy questions include "can we afford" as well.
I'd say we're at the point where some specific prices to kick around may
be worth having.
|
scott
|
|
response 33 of 61:
|
Mar 19 11:57 UTC 1996 |
Well, we've got a "plan the budget" meeting coming up this friday, so that's
a good time to discuss it.
|
popcorn
|
|
response 34 of 61:
|
Mar 19 17:58 UTC 1996 |
This response has been erased.
|
nephi
|
|
response 35 of 61:
|
Mar 27 04:46 UTC 1996 |
If anyone cares, I can pester my boss at accessUS about our UPS. I've been
told that it's kept the network (including dozens of modems, routers,
portmasters, several copmuters, *etc*) up and running for 45 minutes, when
the power was restored. I've personally seen the system ride through two
power outages without a glitch. (The power source at our office can be flakey
at times . . . not unlike Grex's. 8^)
|
janc
|
|
response 36 of 61:
|
Mar 27 06:16 UTC 1996 |
I don't think Grex is interested in keeping the system up through a 45 minute
power outage. That kind of battery capacity costs lots of extra money. What
we mostly want is to ride out short power glitches, maybe lasting less than
a minute, and maybe have time for the system to shut down cleanly in longer
outages. Long power outages are just too rare to spend a lot of money
insuring against.
|
tsty
|
|
response 37 of 61:
|
Mar 27 08:10 UTC 1996 |
is anyone looking into costs vs runtime for UPSs? Myself, and just on the
runtime issue, i'd go for about a 15 minute window, depending on the
cost of course.
|
davel
|
|
response 38 of 61:
|
Mar 27 11:13 UTC 1996 |
Not only are outages of more than a couple of minutes rare, but when they
happen there's a good chance that they're *much* longer. So all you buy
is apt to be a bit longer time before your forced shutdown. Agreed that
15 minutes sounds like plenty, depending on cost break points.
|
steve
|
|
response 39 of 61:
|
Mar 27 14:40 UTC 1996 |
It would be *great* to have a UPS that could keep us alive for
45 minutes. Unforunately, I don't think we could afford it. Well,
we could, but we'd have to sell everything we own to get it. ;-)
Agreed that 15 minutes would be more realistic, and would prevent
us from harm in at least 70% of the instances we go through power
instability.
|
n8nxf
|
|
response 40 of 61:
|
Mar 27 15:08 UTC 1996 |
I'm sure you could boost a low time UPS to 45 min or better for little
cost. Get some used batteries from Ma Bell, or the U of M golf course
when they change out the batteries in their electric golf carts. Just
check them out before you take them with a load test, etc. They can
often be had for free and you'd wan to build a wooden box to set them
in. Just a wild thought ;)
|
scg
|
|
response 41 of 61:
|
Mar 28 02:32 UTC 1996 |
I'm not sure that we need even 15 minutes. In other places I've lived that
would have been useful, but I really don't think so for Ann Arbor. Power
failures in Ann Arbor, at least in my experience, last either a maximum of
two or three seconds, or several hours or longer. I think that in general,
if we lose power for more than 10 seconds, even a 45 minute UPS probably won't
help us much.
|
nephi
|
|
response 42 of 61:
|
Mar 28 10:16 UTC 1996 |
(There's also that weird problem where Grex's circuit breaker keeps getting
switched off, maybe for several minutes at a time, which seems to be endemic
to Grex's particular location . . . )
I don't know what accessUS paid for the UPS that we use. I'll try to find
out, though. It would make for interesting conversation at the very least.
|
steve
|
|
response 43 of 61:
|
Mar 28 22:08 UTC 1996 |
The amount of time that the UPS can feed everything is a function
of how many amp-hours of battery there are feeding the UPS. There
will be some amount of time that the UPS can deliver its power at
maximum capacity; that is likely to be some fraction of an hour,
like a quarter, or eighth.
|
nephi
|
|
response 44 of 61:
|
Mar 30 23:12 UTC 1996 |
Okay. I've just gotten done inspecting the UPS(s) that accessUS has. There
appear to be two APC BackUPS 280s, which blows my mind considering how much
equipment they support when the lights go out. According to APC's homepage,
each of those are supposed to only last 15 minutes under half-load, and 5
minutes under full load. Evidently they are rated conservatively? Anyway,
the 280s cost $139 each according to the APC homepage.
Data point.
|
gregc
|
|
response 45 of 61:
|
Mar 30 23:54 UTC 1996 |
The APC "BackUPS" series are square-wave UPS's. We would want either the
APC "SmartUPS" or "SmartUPS v/s" series. The 280 is also a pretty small
unit. It's only reated for 280VA peak, or about 180watts.
|
nephi
|
|
response 46 of 61:
|
Mar 31 07:36 UTC 1996 |
Like I said: surprising what those two little things do . . .
|
tsty
|
|
response 47 of 61:
|
Mar 31 08:23 UTC 1996 |
My thoughts are that a cost/value analysis (not formal) could be done
on UPSs with support times between 5-15 minutes. I am firmly of the
opinin that 5 minutes is an absolute minimum and that times in excess
of 15 minutes are a gravy train. Except for the minimum, I am easily
persuaded, however.
|
jweiss
|
|
response 48 of 61:
|
Apr 6 13:16 UTC 1996 |
RE: #25 Is there a reason you want to go to single user rather tahn halting
the machine? Will this support rebooting if line power comes back befor the
UPS batteries die? this is something that should be considered.
Re: #27 Make sure the UPS will start distributing power after line
power comes back even if it's batteries have run dry. I have a UPS at
home (on permenant loan from work, since it was replaced there) that
requires someone to flip the switch before it starts distributing
power, if it has run dry before line power came back. This is kpower, if it
has run dry before line power came back. This is kindof annoying. On the
other hand we weren't terribly impressed with this type of UPS in general, and
have switched to several APC products, depending on how many machines need to
be supported at each location. (I believe we have a rack-mount SmartUPS 1400
several matrix 2000 or 5000 (I don't remember whether its 2 or 5) and several
smaller units for some offices.)
|
gregc
|
|
response 49 of 61:
|
Apr 6 14:06 UTC 1996 |
Yes, of course. If you halt the machine, and then power comes back on,
before the UPS shutoff, there is nothing to actually reboot the machine,
and it sits at the monitor prompt until a human comes over and types in
a bootup command. In single user mode, you can still be running a program
that monitors the UPS, but the system is quiescent and the disks are synced.
|