Netgate SG-1000 microFirewall

Author Topic: NUT package  (Read 23252 times)

0 Members and 1 Guest are viewing this topic.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #30 on: August 09, 2016, 02:37:40 am »
You're welcome. Glad it works for you.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #31 on: August 09, 2016, 02:22:29 pm »
I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:

  RUN_AS_USER root

This will keep upsmon as root and allow secure connections from PHP.

As a security best practice it is generally recommended to run upsmon as a user other than root. However, given the closed environment nature of the firewall, I don't see an obvious security issue running upsmon as root.

The core issue turns out to be an file permission issue with one of the php ini files, /usr/local/etc/php/extenstions.ini. The file is owned by root and created with permissions 600, which prevents it from being read by the user upsmon runs as (uucp).

This file is being removed in pfSense 2.4, so the issue should be resolved then. If you want to correct the issue in the interim, you can apply the following patch:

Code: [Select]
*** /etc/rc.php_ini_setup.org Thu Jul 14 18:14:42 2016
--- /etc/rc.php_ini_setup Tue Aug  9 11:58:33 2016
***************
*** 102,107 ****
--- 102,108 ----
  fi
 
  /usr/bin/sort -u -o /usr/local/etc/php/extensions.ini /usr/local/etc/php/extensions.ini
+ chmod 644 /usr/local/etc/php/extensions.ini
 
  # Set upload directory
  if [ "$PLATFORM" = "nanobsd" ]; then

Note that you cannot just change the permissions on /usr/local/etc/php/extensions.ini because it is recreated at every boot.

Offline runjmc

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #32 on: August 12, 2016, 09:16:58 pm »
I just did the upgrade and it isn't working.. Was working with the previous version of NUT.

The service looks to be running.

It is on version 2.7.4_2

This is a APC Back UP NS 1250 LCD using USB

I noticed in the log
 Aug 12 19:14:09   upsmon   23829   Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:14   upsmon   23829   Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:19   upsmon   23829   Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:24   upsmon   23829   Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:29   upsmon   23829   Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:31   upsd   24571   Can't connect to UPS [APC] (usbhid-ups-APC): No such file or directory

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #33 on: August 12, 2016, 09:43:59 pm »
The driver itself has failed. You should see things in the log for the driver. Please post all the log entries for ups* from the point of service start. Also, can you provide detail on your configuration please?

Offline runjmc

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #34 on: August 12, 2016, 10:48:25 pm »
Im running pfsense 2.3.2  I was running 2.2.x before. Started at 2.0

This is a vm on a vmware server.

This ups was working with the version of NUT before the upgrade to this version.


Here are the logs from the start of the service

Aug 12 20:42:12   upsmon   31925   Startup successful
Aug 12 20:42:13   upsd   38757   listening on ::1 port 3493
Aug 12 20:42:13   upsd   38757   listening on 127.0.0.1 port 3493
Aug 12 20:42:13   upsd   38757   Can't connect to UPS [APC] (usbhid-ups-APC): No such file or directory
Aug 12 20:42:13   upsd   39055   Startup successful
Aug 12 20:42:15   upsd   39055   User monuser@::1 logged into UPS [APC]
Aug 12 20:42:15   upsmon   32928   Poll UPS [APC] failed - Driver not connected
Aug 12 20:42:15   upsmon   32928   Communications with UPS APC lost
Aug 12 20:42:20   upsmon   32928   Poll UPS [APC] failed - Driver not connected
Aug 12 20:42:20   upsmon   32928   UPS APC is unavailable

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #35 on: August 12, 2016, 11:31:05 pm »
The configuration I am looking for is the NUT configuration: What type, what driver, any extra args etc. The best place for this is in your configuration file. Look for something that looks like this:

Code: [Select]
                <nut>
                        <config>
                                <type>local_usb</type>
                                <name>ups</name>
                                <email>yes</email>
                                <usb_driver>usbhid-ups</usb_driver>
                                <upsmon_conf/>
                                <extra_args/>
                                <ups_conf/>
                                <upsd_conf/>
                                <upsd_users/>
                        </config>
                </nut>

It would also be very helpful to see the NUT configuration from before you upgraded.

For logs, go to Status / System Logs / System / General. Select the funnel icon, and put "ups" in the Message field and then Apply Filter. You should see all the ups logs, including the kernel identification of the UPS at boot assuming that it's connected via USB.

Offline runjmc

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: NUT package
« Reply #36 on: August 13, 2016, 12:27:53 am »
I rebooted the server since I wanted to get you fresh logs since I cleared out my logs and now its working. So not sure what the reboot did.

Here is what my nut config if your curious.

I guess like with everything.. if it doesn't work..reboot it once first. =) 

before

<nut>
         <config>
            <monitor>local</monitor>
            <powerdown>on</powerdown>
            <custom_upsconf/>
            <custom_upsdconf/>
            <custom_upsdusers/>
            <custom_upsmonconf/>
            <allowaddr/>
            <allowuser>monuser</allowuser>
            <allowpass>pass</allowpass>
            <name>APC</name>
            <driver>usbhid-ups00</driver>
            <port>auto</port>
            <upstype/>
            <cable/>
            <snmpname/>
            <snmpaddr/>
            <snmpcommunity/>
            <snmpversion>v2c</snmpversion>
            <snmpmib>ietf</snmpmib>
            <snmpfreq/>
            <snmpdisabletransfer/>
            <remotename/>
            <remoteaddr/>
            <remoteuser/>
            <remotepass/>
         </config>

after

<nut>
         <config>
            <type>local_usb</type>
            <name>APC</name>
            <email></email>
            <usb_driver>usbhid-ups</usb_driver>
            <upsmon_conf/>
            <extra_args/>
            <ups_conf/>
            <upsd_conf/>
            <upsd_users/>
         </config>

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #37 on: August 13, 2016, 12:39:07 am »
Thank you for following up. Glad that it's working now.

The reboot really shouldn't have been required unless there was an issue with connecting to the USB device. I would keep an eye on it for a while, and if it happens again try

  usbconfig dump_device_desc

to see if the kernel sees the UPS device as connected.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #38 on: August 19, 2016, 03:42:01 pm »
Notes on Power Off vs Halt

When shutdown time arrives, the NUT package uses the following shutdown command:

  SHUTDOWNCMD "/sbin/shutdown -p +0"

This command will power off the pfSense system. This is generally appropriate for systems such as firewalls that are configured to always turn on when power is applied. If there is a power setting in the BIOS this is generally referred to as “always on”.

If you have a system that does not support the always on mode, and instead always returns to the prior (last) state when power is applied, then you probably want to override the shutdown command so that the system is halted but not powered off.

You can do this by placing the following in upsmon.conf section of the advanced settings:

  SHUTDOWNCMD "/sbin/shutdown -h +0"

If you have an option, the default "always on" approach is preferable.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #39 on: August 22, 2016, 10:54:43 pm »
Notes on SNMP configuration

The NUT package uses defaults for SNMP values. In most situations, the defaults are appropriate. However, depending upon your particular use case, there are variables that you may want to set in the Extra Arguments section. Arguments that you may need include directives for SNMP version and associated security, polling frequency, timeouts, mibs, etc.

Full details on the many SNMP options can be found here:

  http://networkupstools.org/docs/man/snmp-ups.html

One that is of particular interest is the mibs directive. The default value is "auto" which means that the driver will attempt to discover the correct mib at runtime. Most of the time, this works. Sometimes it doesn’t. Occasionally it appears to work, but reports incorrect values for various values like voltages, frequency, etc. If your UPS is reporting things that don’t make sense, this is the thing to check.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #40 on: August 24, 2016, 09:10:30 pm »
Notes on executing commands

NUT has command line tools that allow execution of local commands to perform tasks such as a battery test or set variables in the hardware of the ups. Information on these tools can be found here:

  http://networkupstools.org/docs/man/upscmd.html
  http://networkupstools.org/docs/man/upsrw.html

In order to use these tools, a privileged NUT user is required. The NUT package automatically creates an administrative user for this purpose. The username is “admin”, and the password can be found in /usr/local/etc/nut/upsd.users. Note that the password is automatically generated, and changes each time the NUT configuration is changed or the system is rebooted.

Be careful with these commands. :)

Offline mattlach

  • Full Member
  • ***
  • Posts: 168
  • Karma: +9/-0
    • View Profile
Re: NUT package
« Reply #41 on: August 25, 2016, 02:58:05 pm »
I didn't notice that this update went through, so I never removed the old version.

I thought it was broken at first, because I kept going to "Services -> NUT" and I kept getting an nginx error, didn't realize that it had moved to "Services -> UPS"

Is there any way to remove the old "Services -> NUT" menu entry?  It seems stuck there.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #42 on: August 25, 2016, 06:23:31 pm »
I thought it was broken at first, because I kept going to "Services -> NUT" and I kept getting an nginx error, didn't realize that it had moved to "Services -> UPS"

Is there any way to remove the old "Services -> NUT" menu entry?  It seems stuck there.

If you are comfortable editing the config file, you can remove the old menu section. It looks like this:

                <menu>
                        <name>NUT</name>
                        <tooltiptext>Set Network UPS Tools settings.</tooltiptext>
                        <section>Services</section>
                        <url>/ups_status.php</url>
                </menu>

Be very careful editing the config file, and back up the config first.

Offline mattlach

  • Full Member
  • ***
  • Posts: 168
  • Karma: +9/-0
    • View Profile
Re: NUT package
« Reply #43 on: August 25, 2016, 07:56:17 pm »
I thought it was broken at first, because I kept going to "Services -> NUT" and I kept getting an nginx error, didn't realize that it had moved to "Services -> UPS"

Is there any way to remove the old "Services -> NUT" menu entry?  It seems stuck there.

If you are comfortable editing the config file, you can remove the old menu section. It looks like this:

                <menu>
                        <name>NUT</name>
                        <tooltiptext>Set Network UPS Tools settings.</tooltiptext>
                        <section>Services</section>
                        <url>/ups_status.php</url>
                </menu>

Be very careful editing the config file, and back up the config first.

Thank you,

I have no problem editing xml config files (though the pfsense version of vi is awful), but where is the file?

Or is it more appropriate to save a backup config to my workstation, edit the config, and then upload the edited version?

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: NUT package
« Reply #44 on: August 25, 2016, 08:10:12 pm »
I have no problem editing xml config files (though the pfsense version of vi is awful), but where is the file?

Or is it more appropriate to save a backup config to my workstation, edit the config, and then upload the edited version?

You can download/edit/upload if you are okay with a firewall reboot. Alternatively, you can ssh in and use viconfig.