How can I ensure a complete system shutdown on FreeNAS/FreeBSD?

Question

upsmon is configured to automatically shutdown the system upon power failure.

However, the shutdown seems to fail halfway, leaving me without remote access to the system:

Feb  2 12:21:54 the_host upsmon[22861]: Executing automatic power-fail shutdown
Feb  2 12:21:54 the_host shutdown: power-down by root:
Stopping cron.
Waiting for PIDS: 3871.
Stopping zfsd.
Waiting for PIDS: 3857.
Stoppingthejail....arp: writing to routing socket: No such file or directory
bridge0: can't disable some capabilities on em0: 0x1
Unmounting user-supplied file-systems
90 second watchdog timeout expired. Shutdown terminated.
Fri Feb  2 12:23:55 CET 2018
Feb  2 12:23:55 the_host init: /bin/sh on /etc/rc.shutdown terminated abnormally, going to single user mode
Feb  2 12:23:55 the_host init: /bin/sh on /etc/rc.shutdown terminated abnormally, going to single user mode
Feb  2 12:23:55 the_host upsd[22837]: mainloop: Interrupted system call
Feb  2 12:23:55 the_jail syslogd: exiting on signal 15
Feb  2 12:24:15 init: some processes would not die; ps axl advised

Physical access is required to reboot.

1. How can I make sure the shutdown completes and leaves the system in a powered off state (so that I may boot it via an ethernet magic packet)?

2. How can I ensure to maintain remote access in said scenario?

Answer 1

You cannot.

The state machine in the FreeBSD /sbin/init program simply does not accommodate you. On these and other failures it transitions out of the state where it runs /etc/rc.shutdown into the "single user mode" state where it has spawned an interactive shell on the "console" terminal and expects a system operator to be sitting and working there.

The system is, as the notice tells you, expecting you to directly intervene, on that privileged terminal, and use the ps and other commands to find out why you have processes that won't terminate, terminate them, and re-initiate shutdown.

You could of course make the console a real, serial, terminal (rather than a virtual one provided by the kernel's terminal emulator using the directly attached HID hardware) and use some extra kit to make that serial terminal a remote one.

Or you could replace the FreeBSD-supplied system management with a system manager that does not incorporate the idea of a "single user mode" being a step on a ladder that is traversed, in opposite directions, by both bootstrap and shutdown.

But apart from those, the design here, originating in the world where big multi-terminal machines had distinguished stations for the system operator whence xe directly supervised bootstrap and shutdown and manually intervened on errors, really does militate against the notion of an entirely headless file server that does not have a babysitter.

Further reading

• Jonathan de Boyne Pollard (2016). The gen on emergency and rescue mode bootstrap. Frequently Given Answers.
• https://unix.stackexchange.com/a/196471/5132