/
OpenSync Node Reboot Deferral

OpenSync Node Reboot Deferral

General

Overview

The scope of this feature is to introduce a special flag, along with corresponding firmware CLI and API support, allowing the device to notify the cloud controller that it should not be rebooted at the current time - for example, during periods of high-priority traffic or critical activity.

Initially, ODMs will be responsible for implementing their own logic to detect high-priority traffic and will use OpenSync APIs to communicate this state to the cloud. In a future phase, native detection capabilities can be introduced within OpenSync itself, leveraging FSM or other existing modules to identify high-priority traffic conditions autonomously.

To support uninterrupted execution of critical tasks, multiple modules (e.g., VoIP, FSM, third-party management services) will be permitted to raise the reboot deferral flag. Each module will be responsible for clearing the flag once its critical operation is complete.

OpenSync will aggregate these signals and propagate only the final, consolidated status to the cloud. If any module raises the flag, the cloud will receive a true status. Only when all modules have cleared the flag will the cloud be notified with a false status.

Example:

When a VoIP call begins, the VoIP module sets the no-reboot flag, tagging it with its own identifier (e.g., voip). This signals OpenSync to report no_reboot = true to the cloud.

Later, another module (e.g., a third-party management service) may also set the no_reboot flag for its own critical task.

Once the VoIP call ends, the VoIP module clears its flag. However, since the other module still holds an active no-reboot flag, the cloud continues to receive no_reboot = true.

Only after all participating modules have cleared their flags will OpenSync update the cloud with no_reboot = false.

Implementation Outline

To facilitate communication between firmware modules and the DM the Inter-Process-Communication between modules setting or clearing no_reboot and DM is needed.

The Device Manager (DM) tracks no_reboot requests from different firmware modules and updates the cloud using the Node_State table with a module/key/value tuple.

Note: The term "module" appears in two contexts:

  • As a column in the Node_State table (cloud-side).

  • As internal firmware components (e.g., VoIP, FSM) that may request a reboot deferral.

If any firmware module sets a no_reboot flag, DM must report no_reboot = true to the cloud. Only when all modules have cleared their flags should DM report no_reboot = false.

While the cloud only sees the aggregated no_reboot status, DM maintains full visibility of which modules requested it. For that reason, when a module sets no_reboot, it must provide its module ID as a required argument. However, this detail is not included in the Node_State update — the cloud receives only the overall true/false value.

Usage

Command Line Interface

DM provides command line interface for no_reboot APIs. See /usr/opensync/bin/dm --help for available options:

-n -s, --no-reboot --set <module name> -n -c, --no-reboot --clear <module name> -n -C, --no-reboot --clear-all -n -l, --no-reboot --list

Example

root@opensync:~# /usr/opensync/bin/dm --no-reboot --set voip_service [13484] 30 Jun 09:04:31 UTC DM_CLI_NO_REBOOT: <INFO> MISC: NO-REBOOT: no_reboot_set: Created file /tmp/.no_reboot/voip_service

C APIs

C code APIs are available in lib/reboot_flags:

/* no_reboot_set: do not reboot from now on - critical task in module <module_name> just about to start */ bool no_reboot_set(char *module_name); /* no_reboot_clear: allow to go back to reboot regime as usually - critical task in module <module_name> just finished */ bool no_reboot_clear(char *module_name); /* no_reboot_get: check if module <module_name> has active do not reboot request */ bool no_reboot_get(char *module_name); /* no_reboot_clear_all: caution: this discards all the modules active do not reboot requests */ bool no_reboot_clear_all(void); /* dump modules with active do not reboot requests */ bool no_reboot_dump_modules(void);

Northbound API

No changes in OVSDB schema or MQTT. Node_State table will come with new model-key-value tuples.

Node_State Column

Column Value at no-reboot

Description

Node_State Column

Column Value at no-reboot

Description

module

no_reboot

Module responsible to prevent commanding reboot if device requested no-reboot for the time of a critical task running on the device

key

no_reboot

 

value

  • true

  • false

Possibly we could allow for empty, i.e. ["set",[]] meaning the same as false

persist

not used

 

Example

root@opensync:~# ovsh s Node_State -w module==no_reboot ----------------------- _uuid | 870d~e27c | _version | e075~4c5e | key | no_reboot | module | no_reboot | persist | ["set",[]] | value | true | -----------------------

Southbound API

There are no southbound API changes needed for this feature.

Requirements

No particularities.