Master: TrueNAS SCALE - Handles all primary storage and server applications.
Slave: TrueNAS Core - Acts as a backup server for the Master system.
I need a way to issue a manual shutdown command from the Master (SCALE) to the Slave (CORE) without affecting the Master itself. This command is intended for maintenance or other scenarios where I want to power down the Slave while keeping the Master operational.
Additionally, both systems are connected to a UPS, and during a power failure, both should shut down gracefully, with the Slave shutting down first and the Master following later.
What Weâve Tried:
UPS Command Attempt:
Tried using upsmon -c fsd ups@<IP> to initiate a shutdown of the Slave.
However, this resulted in both the Master and Slave shutting down, which is not the intended behavior.
SSH-Based Shutdown:
Configured SSH keys for passwordless access from the Master to the Slave.
Encountered persistent issues with authentication and managing authorized_keys.
API Approach:
Investigated TrueNAS Coreâs API to see if shutdown commands could be issued.
Could not find an accessible API endpoint for this task.
NUT (Network UPS Tools):
Attempted to use the existing NUT UPS service to send a remote shutdown command like upscmd -u upsmon -p fixmepass ups@192.168.1.100 shutdown.return from the Master to the Slave.
Configured NUT on both systems but faced issues with missing configuration files and upscmd returning âConnection refusedâ errors.
UPS Timer Settings:
Confirmed that both systems have independent shutdown timers configured through the UPS integration.
This ensures proper shutdown during a power failure but does not allow for manual control outside of UPS events.
The Problem:
I need a reliable way to manually shut down the Slave (Core) from the Master (Scale), regardless of the method.
This functionality should not interfere with the existing UPS-triggered shutdown configuration.
Questions:
What is the simplest way to achieve this manual shutdown command?
Are there other methods (besides SSH, API, or NUT) that might be more straightforward for this use case?
Has anyone successfully configured a similar setup and can share their approach?
Current State:
Both systems are operational but have residual configurations from previous attempts (e.g., leftover SSH keys and partial NUT setups).
Manual shutdown via upscmd is still not functional, and SSH into root based methods remains unachievable.
Any guidance or recommendations would be greatly appreciated. Thanks in advance for your help!
Just posting a few things that come to mind, mostly as breadcrumbs:
Use a shell script to ssh to the slave-system and initiate an orderly shutdown using /usr/bin/midclt call system.shutdown.
Use websocket to issue the same command remotely. The API docs explains this to some degree. The âsystem.shutdownâ call is defined as a âJobâ and is called appropriately.
well iv tried a hundred times to create a ssh to root but it wont let me. but i only did that because i thought any shutdown command would need sudo. Maybe yours does not?
Well this is an odd one. I can not find the API in the gui anywhere at all. Its in Scale UI but not Core. But iv just found that if i use command sudo -i it gave this splash indicating that it does indeed have an API
jack@TruenasCore ~ $ sudo -i
Password:
Sorry, try again.
Password:
Warning: the supported mechanisms for making configuration changes
are the TrueNAS WebUI and API exclusively. ALL OTHERS ARE
NOT SUPPORTED AND WILL RESULT IN UNDEFINED BEHAVIOR AND MAY
RESULT IN SYSTEM FAILURE.
Donât ssh as root, ssh as your administrative user and then sudo the command, if needed.
Top Menu | TrueNAS Documentation Hub states that the button to make an API key is in the top menu. That is also where you will find a link to a local copy of the API documentation.
You will need to figure out how to wrangle the JSON to authenticate and then issue the call. I donât know how to do that.
Iâve never tried this myself but I would imagine my first attempt would be to use the ssh command.
EX: ssh ricky@remote.local -t 'shutdown -p now'
I know you said you had problems with âpersistent issues with auth and managing keysâ but Iâm not really sure I know what your dealing with so my answer assumes youâd have a set of usersâor oneâ(added to the operator group, which can manage their keys properly and/or setup their ssh.confg file) that can issue the command to shutdown the system.
Hi, yeah Iâve set up key pairs for a lot of SSH stuff but I just could not get it to work when I tried to SSH to root. Itâs either just me late at night with blurry vision or itâs a feature of Core that you canât SSH directly into root.
You need sudo to run shutdown.
I have used it now with the API, but if I could not have done so I would have tried another user as suggested above as I donât need to be root to execute root commands on a remote system. I just need the right user account with the right permissions and access.
Okay, letâs back up a step because I feel like this could be a âtempest in a teacupâ situation. You are certainly allowed to use whatever method you want (if thatâs the API, then sure, knock yourself out) but I think a few simple steps are messing you up.
never ssh in as root. I know there are several users here that recommend itâand I hope they are not sysadmins (Iâm not but Iâm almost 1000pct positive that is a bad idea) but Iâve argued with them about that on other occations. Itâs far easier to keep your configs and permissions tied to users and not pass out root info to bob, ricky, and jane. âŚjust donât. You create/destroy users and add them to groups (done. simple. easy. do it this way).
to issue the shutdown command, youâor the userâneeds to be added to the operator group. So, just add a user to that group and they can use the utility.
Users should keep their own ~/.ssh/config file which looks like:
Host server.local # or whatever your server is called.
User ricky
Hostname 192.168.x.x
IdentityFile ~/.ssh/id_rsa
# you could have 50 other entries below,
# ...after cleaning, I have 15 server entries in mine...
Users manage their own keys. They can upload their public keys like: % ssh-copy-id -i ~/.ssh/id_rsa.pub server
So, for my method to possibly work, youâthe admin, root, theman, etcâneed to add the users you want to be able to shutdown or poweroff to the operator group. That it. They, can then use the one-liner above or create a function or a shell script out of it. Youâor the admin, root, or themanâis totally hands-off. I, myself, strive for the KISS method and try to use it for as much as I can. For example, I donât have to remember or rely on any API function calls or methods and almost fool proof (answers to questions like: âI need to input a password every time I want to shutdown server0â are dead simple to answer, like: âwell, did you upload your private key, dummy?â). not to mention the bus-factor (question you should ask: âif you get hit by a bus, can the server still be shutdown by another user?â).
FYI (because I was curiousâI was almost positive an engineered system like BSD wouldnât allow root login via ssh by default but just wanted to check anyways): % man sshd_config
So, if thatâs not clear enough for everyone reading along: âIf you allow root access via ssh, you are at best a hackers wet-dream.â
jack@TruenasCore ~ $ sudo cat /etc/ssh/sshd_config | grep Perm
#PermitRootLogin no
#PermitEmptyPasswords no
# the setting of "PermitRootLogin prohibit-password".
#PermitTTY yes
#PermitUserEnvironment no
#PermitTunnel no
# PermitTTY no
jack@TruenasCore ~ $
I created the key-pair, I put the pub key in the remote roots authorized_keys, I connect (tried), I got the known_hosts warning, I type yes to add the host to known_hosts. I change the PermitRootLogin to yes but still I get root@192.168.1.117: Permission denied (publickey).
I have really struggled with SSH by key pair before so even though I was not actually going to be using it, I wanted to know why. Why would it not connect?
Anyhow, I spent a few hours trying. I failed, and could not get past that error. I have many other ssh key-pair connections that work so i just assumed maybe they made it so you can not even ssh into root at all.
I have put everything back how it was now as the API was so much easier, but Iâm sure I will be back at this SSH and key-pairs again with a normal user some time in the future (just not with root).
As @John and I have told you in this thread, please donât do this. You should never have to SSH as root like that. Never ever. This is bad practice in any *nix based OS.
Directly editing a /etc-file is also the wrong way to go about things in this appliance OS, as those changes wonât stick around in an update and some wonât even survive a reboot.
SSH as your administrative user and then use sudo command to do whatever you need. Or use the the -t flag like John mentioned and run the command (with sudo) directly in the same ssh-command.
White shutdown does indeed shut the system down, it should not be used in TrueNAS under normal circumstances because itâs akin to you pulling the rug out of the middleware. During that fire sale of a shutdown thereâs a fair risk things wonât get preserved as they should.
The correct shutdown command is, as I said earlier, midclt call system.shutdown (if you have midclt in your path).
I was never going to leave it that way. It was just that it really bugged me as to why it didnât work. Iâm hazy with SSH key pairs as it is and I thought I had misunderstood something that would crop up later, so I wanted to know before removing it all.
hmm, I shall see if I can implement it but I could be back to really struggling with the API if that command is not exposed.
As a programmer I find that very concerning (I would imagine that a room of engineers would have used the rc.d system because âwhy reinvent a new init?â). Sorry, but I call BS on that statement but if it is true, that seems like some low-hanging-fruit. Iâd kind like to investigate that (but honestly, if I did find some time to look into that it would only be out of curiosity because I donât really have a need for this). âŚI dunno, seems fishy (sorry).
For all annon guests, and future people reading this thread: never ssh in as root (a certified true statement by at least two people :] ).
My curiosity was killing me. So, from FreeBSD rc.d scripty stuffâŚ
I donât have access to TrueNAS at the moment, but I spent 5 minutes on github and found some rc.d scripts in the system (i.e. not, /usr/local/etc/rc.d) rc.d directory (specifically at: /etc/ix.rc.d/) and from a real quick look, there appears to be a âshutdownâ script. However, if you people are telling me a user still cannot shutdown the system using shutdown/halt/etc. thatâs really too bad iX couldnât get the middleware to shutdown using the built-in method.
Well, all I can say as a layman is I hope midclt call system.shutdown will be okay for me on a regular basis. If not, it will have to be 2 servers on 24/7, which is not necessary since one is purely a NAS and only receives replications once every 3 days.
When building server systems I insist having IPMI hardware management. All decent server mainboards have this. This is completely independent of the PC software itself and works even on the BIOS/UEFI Setup level.
IPMI allows me to turn the system on and off remotely, boot from a virtual CD and have a remote, hardware-based VNC session.
I donât know IPMI (forgive me, Iâm not a âprofessional sysadminâ) but I read the wikipedia quick, and if I understand the situation; you would NOT be allowed to use IPMI on a server running TrueNAS then (because in the case of TN Core, the IPMI driver uses shutdown(8) and this is NOT recommended by iX, apparently). Does that sound about right?
Assuming you are a professional; do you have TN instances in âproductionâ and have you used IPMI to shutdown/reboot a system?
