Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure

JKnott

@gertjan said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

This means : a typical sub 300 $ UPS protects 'one device'.

I believe apcupsd can work with multiple devices on the same UPS. One device monitors the UPS and tells the others when to shut down. In businesses, it's common for one large UPS to power multiple devices.

Michel-angelo

@jknott

Thanks to all of you. I was not at home and am now back, late evening, just fit for bed. I apologise to forum members for wasting their time with already answered questions. Also I had not fully explored internet resources.

My UPS is a cheap 850 VA (not kVA) EATON UPS which is NUT-compatible. All devices are within easy access to the UPS' USB plug. My priorities are:

(1) to properly shut down the SG-1000 as it is the least hardened devices in my home set-up (so the SG-1000 would initially be the sole NUT client: the simplest set-up);

(2) Later, in addition, to issue an alarm via mail and/or SMS to help inform somebody at home or a neighbour nearby that power is down ar my home, in the kitchen (this is intended to preserve frozen food from decaying): this may be a task for home automation, maybe triggered by a Raspberry Pi configured either as master or as slave using NUT;

(3) properly shut-donw the iMac, used as a back-up server (slave under NUT).

(4) Nothing more.

So, tomorrow, one of my first orders of business will be to check how to install (preferably with a package ?) NUT for free-BSD 12.2 on the SG-1000 (using the console ?) and thereafter configure (if needed) the NUT software on the SG-1000 (if it does not "just work").

Thanks again to all of you. Bedtime for me.

stephenw10

There is a proper pfSense package for NUT. You can install and configure it in the GUI and it's config is retained in the main file etc.

Michel-angelo

@stephenw10
Great ! Thanks @stephenw10. I have installed the package from the GUI. I doubt, I have not attempted to do any configuration. Maybe it just works. as it is I still need to connect the micro USB of the SG-1000 to the UPS USB: a plug similar to big hard drive's USB plugs.

Michel-angelo

Corrrection ! I just checked: The NUT [and else] package is installed but not configured yet. So it is currently not enabled yet. Configuration is also in the GUI. I will configure it in its simplest configuration (USB) as soon as I will have installed the USB cable (with a micro-USB connexion on the SG-1000 side).

I have also noted that I will be able to notify status by email, which is what I needed to preserve my freezer whenever a power failure occur during vacation time. I won't need to install a raspberry-pi to feed my home automation simply to the purpose of notification.

My congratulations to the pfSense programmers forethought. Possibly all replies to my questions above ere answered by the package.

Michel-angelo

@michel-angelo
The UPS is a Eaton 3S/ Verifications made:
NUT is compatible with Eaton (despite the fact Eaton no longer collaborates with NUT). s
SLLenection: Simple, via USB . I use the Eaton supplied USB cable, together with a Raspberry-pi connector micro-usb (male) to USB A (female).
In the SG-1000 Command reached through the Graphic interface,
Services / UPS type : Local USB
UPS Name: Eaton UPS
Driver: upsdhid.
After a long wait for the UPS daemon, the SG-1000 stops waiting and declares the UPS does not work.
Not found any configuration possibility for the EATON.
NO SUCCESS.

SO FAR, SUCCEEDED Ato set a direct connection via USB to an iIMac
FAILED a direct connection via USB to the SG-1000.

stephenw10

Do you see the new device logged in the system log when you connect the USB cable?

What does it appear as if you run: usbconfig dump_device_desc ?

Steve

Gertjan

... and use the obtained info here to get more details : https://networkupstools.org/stable-hcl.html

Michel-angelo

@gertjan
Thanks, stephenw10 and Gertjan

I am deeply confused. Indeed I had a doubt that the USB connection, using the Raspberry-pi USB A female to micro USB could be defective. I did not know how to check but believed the connection was OK. It was not.

The log, which I had not checked, reported "26341 Poll UPS [Eaton] failed - Driver not connected"

I had already looked at https://networkupstools.org/stable-hcl.html, which selected for my Eaton 3S the default driver of the pfSense package. The configuration instructions were already correct

So the sole thing missing was an effective USB connection between the Eaton UPS and the microfirewall. I will get a better quality connector within a couple of days but, this morning, after making absolutely sure that the micro-USB connected effectively to the SG-1000. it all worked by magic and the Services > UPS Status Details reported as expected. I will test it right away, but I am certain it will work.

I can also report on the attempt I made yesterday with direct USB Connection to the iMac, which simply worked without any need for software installation.

I must now find the way to (1) get the SG-1000 to relay the instruction to shut down to the iMac and (2) get the iMac to accept this instruction and effectively shut down.

Many thanks for the correct pointers.

Gertjan

@michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

I must now find the way to (1) get the SG-1000 to relay the instruction to shut down

"NUT" is more then just 'ahev a chat with the locally connected USB-UPS and do something when it says the power switched to battery". Its far more capable.then that.

With this :

These settings expose my pfSense LAN IP as a NUT (upsmon) server.
As I showed earlier, my Synology NAS can now connect to pfSense for UPS info, with out an UPS connected directly to the NAS.

Michel-angelo

@gertjan
Hello Gertjan, Steve and others, time for a pause.

Indeed, I had a USB Connection between the UPS and the SG-1000, this connection is now gone again, I have not succeeded to restore it. I definitely believe the micro USB connector provided by my Raspberry Pi in not the best I could use. So I will be waiting for the arrival of a new connector to resume on my tests.

Steve, with the the defect I have in my USB connection, here is the result of the shell Script you suggested me [I ran it bravely on the pfSense SG-1000 trusting it would not damage anything].

Shell Output - usbconfig dump_device_desc
ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

This is it, non more

Gertjan

@michel-angelo said in Using an UPS to properly shut down and restart a pfSense SG-1000 microfirewall upon power failure:

here is the result of the shell Script

You can also look in the log.
Look closely at this one : Status > System Logs > System > OS Boot
I found my UPS :

ugen0.3: <American Power Conversion Back-UPS XS 700U FW:924.Z5 .I USB FW:Z5> at usbus0

stephenw10

Yes, it must appear as a USB device in that list before NUT or any drover can use it.

I assume you're using the USB OTG port? Can you see other devices connected there? A keyboard or flash drive maybe? If not it probably is the adapter you're using.

Steve

Michel-angelo

@stephenw10

Yes, Steve, I am looking at the USB OTG port, which is in the middle of the SG-1000. On its left, I see another port, certainly a micro USB as well, for the console. In it, I always leave plugged the USB to USB cable which came with the SG-1000, for the unlikely devent I would need to connect the device to a console. I fear losing the console cable and the connectors are so tiny I do not want to ruin then by plugging and unplugging them all the time. The USB is connected to the Eaton UPS.

So, no devices, no keyboards nor what else is connected to the USB OTG port.

The config of the UPS is

UPS: Local USB

UPS Name is EatonUPS

Notifications is unchecked

Driver is usbhid (default driver, recommended for Eaton 3S UPS)

Extra (optional) is empty

In USB Status, a red alert reads "The UPS requires attention"

In UPS status,

Name is EatonUPS@localhost

Summary status is "falled to retrieve status"

UPS detail is now empty (it has been full for a short while, which proves the config is correct but my defective cable ruins it all).

Running again usbconfig dump_device_desc

Shell Output - usbconfig dump_device_desc
ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

Running again usbconfig dump_device_desc

After removing the cables gives the same output

Shell Output - usbconfig dump_device_desc
ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

From now on and for as long as I have not changed my defective micro-USB male connector, to prevent possible damages, I will keep the UPS monitoring as disabled.

Thanks for the attention.

stephenw10

Yes, seems like a bad OTG cable. You should see he UPS listed even if nothing can talk to it.

I wouldn't worry too much about the connectors. I've plugged cables in the units have here hundreds of times (thousands maybe?) without issue. microUSB connectors are used in phones by millions and are really pretty reliable. Care should always be taken of course.

Steve

Gertjan

@michel-angelo

NUT master slave video :
Youtube Video

Michel-angelo

@gertjan

Thank you, Steve and Gertjian. I will need to review this Network UPS Tools (NUT) Ultimate guide over a thousand times, the line to line advice flies far above my level. I got the intent and actually have a Raspberry Pi 0 at home fit for use in UPS setting, which could come handy if needed.

I received my new micro-USB male plus (worth, alone, the price of the Pi). It fits nicely and connects to the SG-1000 USB-OTG port with a reassuring clic.

On my first attempt, the data was still missing. As a last attempt, I tried cold-plugging the USB connectors. It barely worked and the connection to the UPS was not robust. Just as if the signal was weak and the SG-1000 was nearly deaf to the UPS' signal.

I ran usbconfig dump_device_desc. when connection was ON and when connection was off. Her they are:

FAILED CONNECTION TO THE UPS

Shell Output - usbconfig dump_device_desc
ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

SUCCESSFUL CONNECTION TO THE UPS. If I look at the logs in Status > System Logs > System > OS Boot, I find my UPS ("ugen0.2: <EATON Eaton 3S> at usbus0"), and

Shell Output - usbconfig dump_device_desc
ugen1.1: <Mentor Graphics OTG Root HUB> at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.1: <Mentor Graphics OTG Root HUB> at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=SAVE (0mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0200
bDeviceClass = 0x0009 <HUB>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0001
bMaxPacketSize0 = 0x0040
idVendor = 0x0000
idProduct = 0x0000
bcdDevice = 0x0100
iManufacturer = 0x0001 <Mentor Graphics>
iProduct = 0x0002 <OTG Root HUB>
iSerialNumber = 0x0000 <no string>
bNumConfigurations = 0x0001

ugen0.2: <EATON Eaton 3S> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (20mA)

bLength = 0x0012
bDescriptorType = 0x0001
bcdUSB = 0x0110
bDeviceClass = 0x0000 <Probed by interface class>
bDeviceSubClass = 0x0000
bDeviceProtocol = 0x0000
bMaxPacketSize0 = 0x0008
idVendor = 0x0463
idProduct = 0xffff
bcdDevice = 0x0100
iManufacturer = 0x0001 <EATON>
iProduct = 0x0002 <Eaton 3S>
iSerialNumber = 0x0004 <Blank>
bNumConfigurations = 0x0001

Seems to me like the SG-1000 is a little deaf on its USB-OTG port. Is there any way to provide hearing aid if this is the correct diagnostic ?

I tested it: it worked. It shut down the SG-1000 at the 20% mark (battery load).

Strangely, on SERVICES > UPS, I can read under UPS runtime 0:46:23 which is less than an hour, which is far less that the SG-1000 (pfSense) runtime. Should I care ?

As far as NUT is concerned, this seems to be, so far, a simple configuration, whereby the UPS decides that the value of the variable battery.charge.low is 20 (20%), hence the SG-1000 was properly shut-down when the UPS battery reached the level 20%. This is enough for me. What I want now is achieving the clean shut-down of the mac as a consequence of shutting down the SG-1000. I would try to allow my mac to simply connect to pfSense for UPS info and directives without an UPS connected directly to it.

Configure SG1000 as a master. I believe I just need to determine the correct arguments to give to the SG-1000 driver for the purpose of shutting down the mac. Would that simply mean (1) an additional directive for upsd.conf and (2) an additional entry for upsd.users, both in services > ups (both ideas are inspired from an earlier Gertjan post).

Installing UPSMON on the Mac to allow the mac to receive the UPS info from pfSense (NUT for macOS). This I will need to explore separately. On the mac App store, I ca find a NUT client for macOS but only for 10.15 and later. The mac I have located in my basement for home automation and backups is a macOS 10.13 machine only, so it will be more challenging.

This is what I will explore now.

Thank you all for allowing me to reach this point.

stephenw10

Hmm, no I'm not aware of anything that might affect the SG-1000s USB OTG capability.

Michel-angelo

@stephenw10

Hello ! Information on status.
So far, in case of power failure, I want the UPS to start and the initiation of new back-up tasks to become impermissible, Upon a combination of time and remaining charge of the UPS' battery; a proper shut down of the mac; and, if possible, Shut-down of the UPS.
So Far,
On my pfSense firewall SG-1000, there is a pre-installed NUT package, It works already and can trigger termination of NUT clients.

For macOS, (version 10.13 High Sierra, the package manager Homebrew does not work any more, but the package manager MacPorts does), so I would (1) Install or update xCode on the mac; (2) install or update MacPorts, (3) configure and set instructions to slave on pfSense SG-1000, and (4) complete on pfSense the remainder of NUT configuration.
This is my current plan, which seems feasible so far.