|WATCHDOG(4)||Device Drivers Manual||WATCHDOG(4)|
A number of hardware watchdogs are supported, and all are configured using sysctl(8) under the kern.watchdog name:
In situations where the machine provides vital services which are not handled completely in kernel space, e.g. mail exchange, it may be desirable to reboot the machine if process scheduling fails. This is done by setting kern.watchdog.auto to zero and running a process which repeatedly sets kern.watchdog.period to the desired timeout value. Then, if process scheduling fails, the process resetting the timer will not be run, leading to the machine being rebooted. Note that the kernel will not automatically disable an enabled watchdog at system shutdown time when kern.watchdog.auto is set to zero.
Watchdog timers should be used in high-availability environments where getting machines up and running quickly after a crash is more important than determining the cause of the crash. A watchdog timer enables a crashed machine to autonomously attempt to recover quickly after a system failure.
Note that this also means that it is unwise to combine watchdog timers with ddb(4) since the latter may prevent the former from resetting the watchdog timeout before it expires. This means that the machine will be rebooted before any debugging can be done. In other words: For mission critical machines, disable ddb(4) by adding “ddb.panic=0” to sysctl.conf(5) since this will give the chance to perform a crash dump and reboot. Simply setting the watchdog will lose the debug trace of what went wrong.
|May 21, 2009||OpenBSD-current|