If the cluster administrator wants to take the current
initnode out of service, "clusternode_shutdown -N# -h
..." will not work right. The problem is that the
sys_reboot base system call doesn't completely stop the
node from doing things. I've added code to take down
ics interfaces and run ics_nodedown() on all other
nodes, but although services are stopped, init is still
running. In a failover environment, which is the only
one which makes sense, this is bad because the shared
root is still writable.
I've checked-in code into clusternode_shutdown, to
disallow halt in this case.
Areas to fix:
1. Make the root read-only during service stop.
2. Improve the halting code in the kernel.
3. Stop init. Process 1 should also be sent a SIGSTOP.
This can be added to /sbin/halt which skips that in
the local "-L" case because it shouldn't be done when a
non-initnode is being halted (-L).