cloud93421.baby

ShutItDown RBS Setup: Step-by-Step Installation & Configuration

Written by

admin

in

ShutItDown RBS Setup: Step-by-Step Installation & ConfigurationShutItDown RBS is a robust shutdown and resource-management service designed to centralize, automate, and secure the shutdown procedures for servers, virtual machines, or other managed endpoints. This guide walks you through a complete step-by-step installation and configuration process, covering prerequisites, installation methods, basic and advanced configuration, testing, troubleshooting, and best practices for production deployment.

Before you begin — prerequisites and planning

  • System requirements: Ensure target machines meet the minimum CPU, RAM, and storage requirements listed by ShutItDown RBS documentation (typical lightweight service: 1 vCPU, 512 MB RAM, 50–100 MB disk for agent).
  • Supported platforms: Confirm support for your OS (Linux distributions, Windows Server versions, container environments). This guide focuses on Linux (Debian/Ubuntu, RHEL/CentOS) and Windows Server.
  • Network and security:
    • Open required ports (default agent-to-server port: 8443 for TLS API; adjust if customized).
    • Ensure mutual TLS or token-based authentication is part of your security plan.
    • Prepare firewall rules and VPN or secure LAN access if needed.
  • Accounts and privileges:
    • Administrator/root access on installation hosts.
    • Service account for the management server with least privilege required to query and trigger shutdown operations.
  • Backup and rollback plan: Snapshot VMs or back up configurations before installing in production.

Step 1 — Obtain the software

  1. Visit the official ShutItDown RBS download location or your internal package repository.
  2. Choose the appropriate package:
    • Debian/Ubuntu: .deb
    • RHEL/CentOS/Fedora: .rpm
    • Windows: MSI or ZIP
    • Docker image: registry/shutitdown-rbs:latest
  3. Verify package integrity with SHA256 checksum or signed package verification.

Step 2 — Install the management server

This section covers installing the central management server on Linux. For Windows, use the MSI installer and follow comparable steps.

Debian/Ubuntu (example):

sudo dpkg -i shutitdown-rbs-server_1.0.0_amd64.deb sudo apt-get install -f

RHEL/CentOS:

sudo rpm -ivh shutitdown-rbs-server-1.0.0.x86_64.rpm

Docker (alternative):

docker run -d --name shutitdown-rbs-server    -p 8443:8443    -v /opt/shutitdown/data:/var/lib/shutitdown    registry/shutitdown-rbs:latest

After installation, start and enable the service:

sudo systemctl enable --now shutitdown-rbs-server sudo systemctl status shutitdown-rbs-server

Step 3 — Initial server configuration

  1. Configuration file locations:

    • Linux package: /etc/shutitdown/server.conf
    • Docker: /var/lib/shutitdown/config/server.conf

  2. Core configuration options to set:

    • server.listen_address = 0.0.0.0:8443
    • auth.mode = mTLS | token (choose per policy)
    • storage.backend = sqlite | postgres (use Postgres for production)
    • tls.cert = /etc/shutitdown/certs/server.crt
    • tls.key = /etc/shutitdown/certs/server.key

  3. Generate or install TLS certificates. For production use CA-signed certs; for testing, generate self-signed: 

    
openssl req -x509 -nodes -days 365 -newkey rsa:2048  -keyout /etc/shutitdown/certs/server.key  -out /etc/shutitdown/certs/server.crt  -subj "/CN=shutitdown.example.local"

  4. Configure database (Postgres example):

    # /etc/shutitdown/server.conf storage.backend = postgres storage.postgres.host = db.example.local storage.postgres.port = 5432 storage.postgres.user = shutit_user storage.postgres.password = securepassword storage.postgres.dbname = shutitdb

    Run migrations:

    sudo shutitdown-admin migrate

Restart server after config changes:

sudo systemctl restart shutitdown-rbs-server

Step 4 — Install and register agents on endpoints

Agents handle local shutdown commands and communicate with the management server.

Linux agent (Debian/Ubuntu):

sudo dpkg -i shutitdown-rbs-agent_1.0.0_amd64.deb sudo systemctl enable --now shutitdown-rbs-agent

RHEL/CentOS:

sudo rpm -ivh shutitdown-rbs-agent-1.0.0.x86_64.rpm

Windows agent:

  • Run MSI installer as Administrator.
  • Use PowerShell to set service startup to automatic.

Agent configuration (/etc/shutitdown/agent.conf):

Register agent with the server:

  1. On server UI or CLI, create an agent registration token (one-time).
  2. Paste token into agent.conf or run: 
    
sudo shutitdown-agent register --token YOUR_TOKEN --server https://shutitdown.example.local:8443
  3. Confirm on server UI that the agent appears as online.

Step 5 — Define shutdown policies and schedules

ShutItDown RBS allows fine-grained policies, e.g., scheduled maintenance, emergency shutdown, resource-triggered shutdown, or conditional shutdown based on load.

Example policy concepts:

  • Immediate shutdown with no delay (emergency).
  • Graceful shutdown with pre-shutdown scripts and health checks.
  • Scheduled shutdowns (cron-like schedule).
  • Conditional shutdown when CPU > 95% for 10 minutes.

Create a policy via UI or CLI:

shutitdown-cli policy create    --name "Nightly Maintenance"    --targets "web-servers"    --schedule "0 3 * * *"    --grace-period 300    --pre-hook /opt/scripts/pre_shutdown.sh    --post-hook /opt/scripts/post_shutdown.sh

Step 6 — Hooks, scripts, and safe shutdown procedures

Configure pre-shutdown and post-shutdown hooks to run tasks such as notifying users, quiescing services, or taking snapshots.

Example pre-shutdown script (safe quiesce):

#!/bin/bash # /opt/scripts/pre_shutdown.sh systemctl stop nginx rsync -a /var/www/html /backups/www-$(date +%F).tar.gz

Make executable:

sudo chmod +x /opt/scripts/pre_shutdown.sh

Ensure graceful shutdown commands are used:

  • Linux: systemctl poweroff or shutdown -h +0
  • Windows: Stop-Computer or shutdown.exe /s /t 0

Step 7 — Testing and validation

  1. Test agent registration and communication: verify heartbeat and logs.
  2. Run a dry-run or simulation: 
    
shutitdown-cli action simulate --policy "Nightly Maintenance"
  3. Perform a controlled test on a non-production host: 
    
shutitdown-cli action execute --policy "Nightly Maintenance" --target test-server-01
  4. Verify hooks executed, services stopped cleanly, and system state after shutdown.

Step 8 — Monitoring, logging, and alerting

  • Configure centralized logging (syslog, journald, or ELK stack).
  • Ship logs from server and agents to your logging pipeline.
  • Enable alerting for failed shutdowns, agent disconnections, or policy errors.
  • Use server metrics endpoint (Prometheus) to monitor agent counts, actions, and success rates.

Step 9 — High availability and scaling

For production, avoid single points of failure:

  • Run multiple management server instances behind a load balancer.
  • Use an external Postgres cluster for storage.
  • Configure agents to fail-over to alternate server endpoints.
  • Use container orchestration (Kubernetes) for horizontal scaling of the management server.

Troubleshooting — common issues and fixes

  • Agent not connecting:
    • Check network reachability to server (curl https://server:8443).
    • Verify TLS certificates and server name.
    • Confirm token validity and time synchronization (NTP).
  • Policy execution fails:
    • Inspect server logs (/var/log/shutitdown/server.log).
    • Check hook script permissions and environment.
  • Failed graceful shutdown:
    • Increase grace-period and add retries.
    • Ensure processes respond to SIGTERM; update service unit files.

Security best practices

  • Use mutual TLS between agents and server where possible.
  • Rotate registration tokens regularly.
  • Limit admin accounts and use RBAC to control who can execute shutdowns.
  • Keep server and agents updated; apply security patches promptly.
  • Audit logs for shutdown actions and approvals.

Example topology

  • HA load balancer -> multiple shutitdown-rbs-server instances -> Postgres cluster
  • Agents on each host (physical servers, VMs, cloud instances) connecting to servers via TLS
  • Central logging and monitoring (Prometheus + Grafana, ELK)

Final checklist before production rollout

  • [ ] Confirm backups/snapshots of critical hosts
  • [ ] Use signed TLS certificates and enforce mTLS
  • [ ] Configure external database and run migrations
  • [ ] Create and test recovery procedures
  • [ ] Implement monitoring and alerting
  • [ ] Conduct controlled rollout and verify agent behavior

If you want, I can generate example policy JSON/YAML, sample systemd unit files for custom hooks, or a Windows PowerShell pre-shutdown script for integration — tell me which you’d like.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts