NUT Package (2.8.1 and above)

hbastasic

@pfpv said in NUT Package (2.8.1 and above):

@hbastasic said in NUT Package (2.8.1 and above):

is there a way to invoke a battery test from pfSense, shell command or something?

Usually you can initiate it by pressing the physical power button on the UPS for 10 seconds or until the UPS switches to battery mode indicating the test has started. This is kind of dangerous. If you release the button earlier the UPS will turn off. This can happen unintentionally - if the button is wearing off or if you flinch. I also found this from 2019, I don't know if it still works:

well, thanks, forgot to check the manual, APC FAQ, although they mention only SmartUPS line nothing on BackUPS

@dennypage said in NUT package (2.8.0 and below):
You can initiate a battery test via nut, but you will have to use the command line. Log into the system and use
upscmd -l ups
to see what commands are available. Look for commands that begin "test.battery..." Start with a quick test if available, then proceed to a deep test.

WARNING if the battery is defective, running these tests can cause the ups to cut power to the load (your pfSense box). Use at your own risk!

command line seems more convenient, thanks for this find, waiting for wife's all clear to start screwing with internet ...

pfpv

@hbastasic, find a manual for your particular model. I found this for two random APC Back-UPS's:

Press and hold the POWER ON/OFF button for 4 to 8 seconds to initiate the UPS Self Test.
During On Line Mode, a longer press of the POWER button until three beeps are heard will perform a manual battery self-test. Then, the LED will flash and UPS will enter self-test mode. Note: This will happen only when battery is fully charged in On Line Mode.

pfguy2018

@pfguy2018 said in NUT Package (2.8.1 and above):

@NinthWave said in NUT Package (2.8.1 and above):

Move the files in appropriate directories and make sure to have appropriate file permission or CHMOD 755
@dennypage said in NUT Package (2.8.1 and above):

[23.09.1-RELEASE][root@fw]/root: ls -l /usr/local/sbin/upsmon* /usr/local/libexec/nut/usbhid-ups*
-rwxr-xr-x 1 root wheel 333728 Dec 27 10:14 /usr/local/libexec/nut/usbhid-ups
-rwxr-xr-x 1 root wheel 287088 Nov 1 00:57 /usr/local/libexec/nut/usbhid-ups.org
-rwxr-xr-x 1 root wheel 87760 Dec 27 10:13 /usr/local/sbin/upsmon
-rwxr-xr-x 1 root wheel 68904 Nov 1 00:57 /usr/local/sbin/upsmon.org
[23.09.1-RELEASE][root@fw]/root:

Restart service and voilà

I have been waiting for the "official" patch to be released, but am experiencing frequent shutdowns as a result of this issue, so I would like to update manually. But I am not at all versed in how to accomplish the 2 steps outlined above ("Move the files in appropriate directories and make sure to have appropriate file permission or CHMOD 755") (I have been able to download and extract the archives). Would it be possible for someone to provide the specific commands needed, and where exactly to enter them in pfSense, to accomplish these steps?

Thanks in advance!

I have tried to figure out how to do this. I think I have moved the files into the correc directories, but I have no idea how to run "CHMOD 755" and now NUT won't start. Can someone please walk me through this?

hbastasic

@pfpv said in NUT Package (2.8.1 and above):

@hbastasic, find a manual for your particular model. I found this for two random APC Back-UPS's:

Press and hold the POWER ON/OFF button for 4 to 8 seconds to initiate the UPS Self Test.

During On Line Mode, a longer press of the POWER button until three beeps are heard will perform a manual battery self-test. Then, the LED will flash and UPS will enter self-test mode. Note: This will happen only when battery is fully charged in On Line Mode.

yep, found it, thanks
RTFM is still current, and somehow comforting or ... shaming

will report after self-test, just for reference

endy66

Short question about client / slave logins.
I have two different client machines I wanna read the UPS values. UPS is ofc connected to pfSense and works.
So for a longer time I already had a client entry withing the "Additional configuration lines for upsd.users" field:

[client-xx1]
password = mypass
upsmon slave

Now for better log reading, I've added a second entry, for my second client

[client-xx2]
password = mypass
upsmon slave

I'm able to connect, however I can't see that this second client has connected from within the system logs in my pfSense. Does someone know why that is?

dennypage

@endy66 said in NUT Package (2.8.1 and above):

Now for better log reading, I've added a second entry, for my second client
...
I'm able to connect, however I can't see that this second client has connected from within the system logs in my pfSense. Does someone know why that is?

No idea. Are you sure it is connecting with the username you expect? FWIW, you can distinguish client by IP address. Do you see a connection from the IP address you expect?

endy66

@dennypage said in NUT Package (2.8.1 and above):

@endy66 said in NUT Package (2.8.1 and above):

Now for better log reading, I've added a second entry, for my second client
...
I'm able to connect, however I can't see that this second client has connected from within the system logs in my pfSense. Does someone know why that is?

No idea. Are you sure it is connecting with the username you expect? FWIW, you can distinguish client by IP address. Do you see a connection from the IP address you expect?

After a few restarts of the NUT service on my pfSense it's there in the log. However the second login doesn't have an explicit IP address.

upsd	81154	User client-xx1@192.168.1.xx logged into UPS [CyberPower_USV]
upsd	81154	User client-xx2@::1 logged into UPS [CyberPower_USV]

dennypage

@endy66 said in NUT Package (2.8.1 and above):

After a few restarts of the NUT service on my pfSense it's there in the log. However the second login doesn't have an explicit IP address.

upsd 81154 User client-xx1@192.168.1.xx logged into UPS [CyberPower_USV]
upsd 81154 User client-xx2@::1 logged into UPS [CyberPower_USV]

"::1" is an IP address. It's the IPv6 version of localhost, equivalent to 127.0.0.1 in IPv4.

endy66

@dennypage said in NUT Package (2.8.1 and above):

@endy66 said in NUT Package (2.8.1 and above):

After a few restarts of the NUT service on my pfSense it's there in the log. However the second login doesn't have an explicit IP address.

upsd 81154 User client-xx1@192.168.1.xx logged into UPS [CyberPower_USV]
upsd 81154 User client-xx2@::1 logged into UPS [CyberPower_USV]

"::1" is an IP address. It's the IPv6 version of localhost, equivalent to 127.0.0.1 in IPv4.

Hm this is weird because this user is connecting from a different host, so shouldn't it be anything other than a "localhost" address?

dennypage

@endy66 said in NUT Package (2.8.1 and above):

Hm this is weird because this user is connecting from a different host, so shouldn't it be anything other than a "localhost" address?

Referring to post #2 in this thread, how are you allowing remote connections? Are you using option 1 (NAT/Port forward)? Or are you using option 2 (LISTEN)?

endy66

@dennypage said in NUT Package (2.8.1 and above):

@endy66 said in NUT Package (2.8.1 and above):

Hm this is weird because this user is connecting from a different host, so shouldn't it be anything other than a "localhost" address?

Referring to post #2 in this thread, how are you allowing remote connections? Are you using option 1 (NAT/Port forward)? Or are you using option 2 (LISTEN)?

I'm using option 2 (LISTEN).

dennypage

@endy66 Please post the contents of these files:

/usr/local/etc/nut/upsmon.conf
/usr/local/etc/nut/upsd.conf
/usr/local/etc/nut/upsd.users

endy66

@dennypage said in NUT Package (2.8.1 and above):

@endy66 Please post the contents of these files:
/usr/local/etc/nut/upsmon.conf
/usr/local/etc/nut/upsd.conf
/usr/local/etc/nut/upsd.users

Here's the content of these 3 files. Passwords are masked. Monitor password of the upsmon.conf matches the one from the [admin] section of the upsd.users.

upsmon.conf

MONITOR CyberPower_USV 1 local-monitor *************** master
SHUTDOWNCMD "/sbin/shutdown -p +0"
POWERDOWNFLAG /etc/killpower

upsd.conf

LISTEN 127.0.0.1
LISTEN ::1


LISTEN 192.168.1.1

upsd.users

[admin]
password=***************
actions=set
instcmds=all
[local-monitor]
password=***************
upsmon master


[client-xx1]
password = ***************
upsmon slave

[client-xx2]
password = ***************
upsmon slave

dennypage

@endy66 And the output of

netstat -a -n | grep 3493

please.

endy66

@dennypage said in NUT Package (2.8.1 and above):

@endy66 And the output of
netstat -a -n | grep 3493
please.

netstat -a -n | grep 3493
tcp4       0      0 192.168.1.1.3493       192.168.1.8.33624      ESTABLISHED
tcp6       0      0 ::1.3493               ::1.2785               ESTABLISHED
tcp6       0      0 ::1.2785               ::1.3493               ESTABLISHED
tcp4       0      0 192.168.1.1.3493       *.*                    LISTEN
tcp6       0      0 ::1.3493               *.*                    LISTEN
tcp4       0      0 127.0.0.1.3493         *.*                    LISTEN

dennypage

@endy66 In the output I see one local connection and one remote connection.

The local connection will be upsmon, and is the one that is on ::1.2785 -> ::1.3493. This will be user local-monitor. You can easily confirm this with

sockstat -c | grep 3493

The local upsmon connection should generate a log entry like this,

Feb  1 08:01:20 fw upsd[45590]: User local-monitor@::1 logged into UPS [CyberPower_USV]

however you did not show such a log entry. Given that you clearly have a local upsmon connection, there absolutely should be a corresponding log entry.

The remote connection is on 192.168.1.8.33624 -> 192.168.1.1.3493. This presumably is one of your client-xx users.

In sort, your config files are good. Your netstat output is good, with one remote connection [there is no second remote connection]. The only thing is that I cannot reconcile your configuration files and netstat output with the log entries that you posted.

Is it possible that you made configuration changes between when the logs were taken and when the config files / netstat output were taken?

endy66

@dennypage

@dennypage said in NUT Package (2.8.1 and above):

@endy66 In the output I see one local connection and one remote connection.

The local connection will be upsmon, and is the one that is on ::1.2785 -> ::1.3493. This will be user local-monitor. You can easily confirm this with
sockstat -c | grep 3493
The local upsmon connection should generate a log entry like this,
Feb  1 08:01:20 fw upsd[45590]: User local-monitor@::1 logged into UPS [CyberPower_USV]
however you did not show such a log entry. Given that you clearly have a local upsmon connection, there absolutely should be a corresponding log entry.

The remote connection is on 192.168.1.8.33624 -> 192.168.1.1.3493. This presumably is one of your client-xx users.

In sort, your config files are good. Your netstat output is good, with one remote connection [there is no second remote connection]. The only thing is that I cannot reconcile your configuration files and netstat output with the log entries that you posted.

Is it possible that you made configuration changes between when the logs were taken and when the config files / netstat output were taken?

I've re-checked everything and you're right indeed, I might have missed something. The log only shows the local and one remote connection

User local-monitor@::1 logged into UPS [CyberPower_USV]
User client-xx1@192.168.1.8 logged into UPS [CyberPower_USV]

So the second user is missing, but I'm clearly able to receive all the values on it. This client is a Home Assistant instance with the NUT client package and I see all the things. And I also used the second login I specified in upsd.users.

dennypage

@endy66 said in NUT Package (2.8.1 and above):

So the second user is missing, but I'm clearly able to receive all the values on it. This client is a Home Assistant instance with the NUT client package and I see all the things.

This one?

Network UPS Tools (NUT) integration

endy66

@dennypage said in NUT Package (2.8.1 and above):

@endy66 said in NUT Package (2.8.1 and above):

So the second user is missing, but I'm clearly able to receive all the values on it. This client is a Home Assistant instance with the NUT client package and I see all the things.

This one?

Network UPS Tools (NUT) integration

Yes exactly.

dennypage

@endy66 That's what I thought.

The short version is that you are wasting your time trying to set up a username/password for a remote HA client because the HA integration doesn't use it. You don't need to enter a username/password when you set up the integration.

Since you asked, here's the longer version...

You won't see a login from the integration because it isn't a NUT client, and doesn't actually send a LOGON command to upsd. The NUT HA integration doesn't even send the username and password for remote connections. And even if it did send the username/password, upsd would not attempt to validate it until a command (such as LOGON or an instant command) is sent by the client.

NUT allows read-only access to ups information without a login which is how the HA integration is written. It connects every 60 seconds (default), polls current status, and disconnects. An actual NUT monitoring client is different. It connects, sends username and password, then issues a LOGIN command to attach to the UPS. It remains connected and polls the UPS on a frequent interval (usually less than 15 seconds).

For upsd, the difference is significant. A logged in client is something that upsd is responsible for, and it will monitor the client connection and wait for the client to disconnect before initiating its own shutdown. A non logged in client is expected to be something like a web page. Information display only.

I believe that the only time the username/password for HA NUT is used is if you are running the dedicated HA OS and want to be able to issue instant commands to the UPS. Entertainingly, even though it has not sent a LOGIN command, the HA integrations always sends a LOGOUT command before disconnecting from upsd. Very polite.