Apcupsd 3.14.10 on pfSense 2.1.5 (amd64)
-
Hello all,
We've been using pfsense for over 5 years now and it's been great to see how things have come along, especially in the package department. I have notes of how to install apcupsd on older versions of pfSense without the new package management features, and it was always a bit of a pain, but that's all behind us now. It was great to install the package and configure the service through the interface and just have it work. Great job!
However, there seems to be an issue with the package- at least for my implementation.
Without getting in too much detail regarding my environment, I have a network operations server to which a number of UPSes are connected. Each UPS has a separate apcupsd instance listening on a specific port. Most internal servers have a service installed that listens on the port belonging to their connected UPS, and this works just fine.
For my pfSense server, which serves a DMZ, connecting to the netops server via the internal network isn't a viable solution. So, this traffic is routed over the web. I poked a hole in the firewall in front of my netops box so external agents can listen in to the necessary apcupsd service. Other external servers can connect just fine, but this particular apcupsd package on pfSense just doesn't seem to want to connect.
I also poked a hole in the pfSense firewall configuration so the netops server can query the status of the service on pfSense. This works fine: the service is up and running and reports it status back to the netops server.
When querying the service on pfSense via command line via
apcaccess status localhost:port
the service reports the UPS status as COMMLOST. None of the initial UPS data (runtime, battery status, voltages etc) have been initialized.
However, if I run
apcaccess status netopserverip:port
I can see all of the info pertaining to the UPS for which pfSense is configured. So, network connectivity is good: it's just that for some reason, the package isn't picking up the information for the configured UPS.
I tested this further by spinning up a second apcupsd service on my computer at home. With the exact same config settings, it picked up all the UPS info from the netops server and off it went. Note that the version of apcupsd running on the netops server and my home computer is 3.14.8, which is 2 versions behind what's running on pfSense.
I'm just wondering if anyone has any suggestions as to what else I could try here? In the past, apcupsd on pfSense has depended on perl and snmp packages, and older verisons yet also needed the snmp and trap services running in order to function: I tried toggling these on in my pfSense installation, but it didn't make any difference.
Thanks in advance for any insight or suggestions.
Cheers,
Greg -
What is the contents of: /usr/pbi/apcupsd-amd64/etc/apcupsd/apcupsd.conf
-
Certainly…
$ cat /usr/pbi/apcupsd-amd64/etc/apcupsd/apcupsd.conf ## apcupsd.conf v1.1 ## # # for apcupsd release 3.14.10 (13 September 2011) - freebsd # # "apcupsd" POSIX config file # # ========= General configuration parameters ============ # # UPSNAME xxx # Use this to give your UPS a name in log files and such. This # is particulary useful if you have multiple UPSes. This does not # set the EEPROM. It should be 8 characters or less. UPSNAME UPS02 # UPSCABLE <cable> # Defines the type of cable connecting the UPS to your computer. # # Possible generic choices for <cable> are: # simple, smart, ether, usb # # Or a specific cable model number may be used: # 940-0119A, 940-0127A, 940-0128A, 940-0020B, # 940-0020C, 940-0023A, 940-0024B, 940-0024C, # 940-1524C, 940-0024G, 940-0095A, 940-0095B, # 940-0095C, M-04-02-2000 # UPSCABLE ether # To get apcupsd to work, in addition to defining the cable # above, you must also define a UPSTYPE, which corresponds to # the type of UPS you have (see the Description for more details). # You must also specify a DEVICE, sometimes referred to as a port. # For USB UPSes, please leave the DEVICE directive blank. For # other UPS types, you must specify an appropriate port or address. # # UPSTYPE DEVICE Description # apcsmart /dev/tty** Newer serial character device, appropriate for # SmartUPS models using a serial cable (not USB). # # usb <blank> Most new UPSes are USB. A blank DEVICE # setting enables autodetection, which is # the best choice for most installations. # # net hostname:port Network link to a master apcupsd through apcupsd's # Network Information Server. This is used if the # UPS powering your computer is connected to a # different computer for monitoring. # # snmp hostname:port:vendor:community # SNMP network link to an SNMP-enabled UPS device. # Hostname is the ip address or hostname of the UPS # on the network. Vendor can be can be "APC" or # "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap # catching; you usually want "APC". Port is usually # 161\. Community is usually "private". # # netsnmp hostname:port:vendor:community # OBSOLETE # Same as SNMP above but requires use of the # net-snmp library. Unless you have a specific need # for this old driver, you should use 'snmp' instead. # # dumb /dev/tty** Old serial character device for use with # simple-signaling UPSes. # # pcnet ipaddr:username:passphrase:port # PowerChute Network Shutdown protocol which can be # used as an alternative to SNMP with the AP9617 # family of smart slot cards. ipaddr is the IP # address of the UPS management card. username and # passphrase are the credentials for which the card # has been configured. port is the port number on # which to listen for messages from the UPS, normally # 3052\. If this parameter is empty or missing, the # default of 3052 will be used. # UPSTYPE net DEVICE <my.netop.ip.here>: <myport># POLLTIME <int> # Interval (in seconds) at which apcupsd polls the UPS for status. This # setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb, # dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting # will improve apcupsd's responsiveness to certain events at the cost of # higher CPU utilization. The default of 60 is appropriate for most # situations. POLLTIME 30 # LOCKFILE <path to="" lockfile=""> # Path for device lock file. Not used on Win32. LOCKFILE /var/lock # SCRIPTDIR <path to="" script="" directory=""> # Directory in which apccontrol and event scripts are located. SCRIPTDIR /usr/local/etc/apcupsd # PWRFAILDIR <path to="" powerfail="" directory=""> # Directory in which to write the powerfail flag file. This file # is created when apcupsd initiates a system shutdown and is # checked in the OS halt scripts to determine if a killpower # (turning off UPS output power) is required. PWRFAILDIR /var/run # NOLOGINDIR <path to="" nologin="" directory=""> # Directory in which to write the nologin file. The existence # of this flag file tells the OS to disallow new logins. NOLOGINDIR /var/run # # ======== Configuration parameters used during power failures ========== # # The ONBATTERYDELAY is the time in seconds from when a power failure # is detected until we react to it with an onbattery event. # # This means that, apccontrol will be called with the powerout argument # immediately when a power failure is detected. However, the # onbattery argument is passed to apccontrol only after the # ONBATTERYDELAY time. If you don't want to be annoyed by short # powerfailures, make sure that apccontrol powerout does nothing # i.e. comment out the wall. ONBATTERYDELAY 6 # # Note: BATTERYLEVEL, MINUTES, and TIMEOUT work in conjunction, so # the first that occurs will cause the initation of a shutdown. # # If during a power failure, the remaining battery percentage # (as reported by the UPS) is below or equal to BATTERYLEVEL, # apcupsd will initiate a system shutdown. BATTERYLEVEL 5 # If during a power failure, the remaining runtime in minutes # (as calculated internally by the UPS) is below or equal to MINUTES, # apcupsd, will initiate a system shutdown. MINUTES 1 # If during a power failure, the UPS has run on batteries for TIMEOUT # many seconds or longer, apcupsd will initiate a system shutdown. # A value of 0 disables this timer. # # Note, if you have a Smart UPS, you will most likely want to disable # this timer by setting it to zero. That way, you UPS will continue # on batteries until either the % charge remaing drops to or below BATTERYLEVEL, # or the remaining battery runtime drops to or below MINUTES. Of course, # if you are testing, setting this to 60 causes a quick system shutdown # if you pull the power plug. # If you have an older dumb UPS, you will want to set this to less than # the time you know you can run on batteries. TIMEOUT 0 # Time in seconds between annoying users to signoff prior to # system shutdown. 0 disables. ANNOY 0 # Initial delay after power failure before warning users to get # off the system. ANNOYDELAY 60 # The condition which determines when users are prevented from # logging in during a power failure. # NOLOGON <string> [ disable | timeout | percent | minutes | always ] NOLOGON disable # If KILLDELAY is non-zero, apcupsd will continue running after a # shutdown has been requested, and after the specified time in # seconds attempt to kill the power. This is for use on systems # where apcupsd cannot regain control after a shutdown. # KILLDELAY <seconds> 0 disables KILLDELAY 0 # # ==== Configuration statements for Network Information Server ==== # # NETSERVER [ on | off ] on enables, off disables the network # information server. If netstatus is on, a network information # server process will be started for serving the STATUS and # EVENT data over the network (used by CGI programs). NETSERVER on # NISIP <dotted notation="" ip="" address=""> # IP address on which NIS server will listen for incoming connections. # This is useful if your server is multi-homed (has more than one # network interface and IP address). Default value is 0.0.0.0 which # means any incoming request will be serviced. Alternatively, you can # configure this setting to any specific IP address of your server and # NIS will listen for connections only on that interface. Use the # loopback address (127.0.0.1) to accept connections only from the # local machine. NISIP 0.0.0.0 # NISPORT <port> default is 3551 as registered with the IANA # port to use for sending STATUS and EVENTS data over the network. # It is not used unless NETSERVER is on. If you change this port, # you will need to change the corresponding value in the cgi directory # and rebuild the cgi programs. NISPORT <myport> # If you want the last few EVENTS to be available over the network # by the network information server, you must define an EVENTSFILE. EVENTSFILE /var/log/apcupsd.events # EVENTSFILEMAX <kilobytes> # By default, the size of the EVENTSFILE will be not be allowed to exceed # 10 kilobytes. When the file grows beyond this limit, older EVENTS will # be removed from the beginning of the file (first in first out). The # parameter EVENTSFILEMAX can be set to a different kilobyte value, or set # to zero to allow the EVENTSFILE to grow without limit. EVENTSFILEMAX 10 # # ========== Configuration statements used if sharing ============= # a UPS with more than one machine # # Remaining items are for ShareUPS (APC expansion card) ONLY # # UPSCLASS [ standalone | shareslave | sharemaster ] # Normally standalone unless you share an UPS using an APC ShareUPS # card. UPSCLASS standalone # UPSMODE [ disable | share ] # Normally disable unless you share an UPS using an APC ShareUPS card. UPSMODE disable # # ===== Configuration statements to control apcupsd system logging ======== # # Time interval in seconds between writing the STATUS file; 0 disables STATTIME 0 # Location of STATUS file (written to only if STATTIME is non-zero) STATFILE /var/log/apcupsd.status # LOGSTATS [ on | off ] on enables, off disables # Note! This generates a lot of output, so if # you turn this on, be sure that the # file defined in syslog.conf for LOG_NOTICE is a named pipe. # You probably do not want this on. LOGSTATS off # Time interval in seconds between writing the DATA records to # the log file. 0 disables. DATATIME 0 # FACILITY defines the logging facility (class) for logging to syslog. # If not specified, it defaults to "daemon". This is useful # if you want to separate the data logged by apcupsd from other # programs. #FACILITY DAEMON # # ========== Configuration statements used in updating the UPS EPROM ========= # # # These statements are used only by apctest when choosing "Set EEPROM with conf # file values" from the EEPROM menu. THESE STATEMENTS HAVE NO EFFECT ON APCUPSD. # # UPS name, max 8 characters #UPSNAME UPS_IDEN # Battery date - 8 characters #BATTDATE mm/dd/yy # Sensitivity to line voltage quality (H cause faster transfer to batteries) # SENSITIVITY H M L (default = H) #SENSITIVITY H # UPS delay after power return (seconds) # WAKEUP 000 060 180 300 (default = 0) #WAKEUP 60 # UPS Grace period after request to power off (seconds) # SLEEP 020 180 300 600 (default = 20) #SLEEP 180 # Low line voltage causing transfer to batteries # The permitted values depend on your model as defined by last letter # of FIRMWARE or APCMODEL. Some representative values are: # D 106 103 100 097 # M 177 172 168 182 # A 092 090 088 086 # I 208 204 200 196 (default = 0 => not valid) #LOTRANSFER 208 # High line voltage causing transfer to batteries # The permitted values depend on your model as defined by last letter # of FIRMWARE or APCMODEL. Some representative values are: # D 127 130 133 136 # M 229 234 239 224 # A 108 110 112 114 # I 253 257 261 265 (default = 0 => not valid) #HITRANSFER 253 # Battery charge needed to restore power # RETURNCHARGE 00 15 50 90 (default = 15) #RETURNCHARGE 15 # Alarm delay # 0 = zero delay after pwr fail, T = power fail + 30 sec, L = low battery, N = never # BEEPSTATE 0 T L N (default = 0) #BEEPSTATE T # Low battery warning delay in minutes # LOWBATT 02 05 07 10 (default = 02) #LOWBATT 2 # UPS Output voltage when running on batteries # The permitted values depend on your model as defined by last letter # of FIRMWARE or APCMODEL. Some representative values are: # D 115 # M 208 # A 100 # I 230 240 220 225 (default = 0 => not valid) #OUTPUTVOLTS 230 # Self test interval in hours 336=2 weeks, 168=1 week, ON=at power on # SELFTEST 336 168 ON OFF (default = 336) #SELFTEST 336</kilobytes></myport></port></dotted></seconds></string></path></path></path></path></int></myport></my.netop.ip.here></blank></cable></cable>
For those interested, here is the output of acpaccess for the local and remote services.
$ apcaccess status localhost: <myport>APC : 001,018,0476 DATE : 2014-12-08 18:32:31 +0000 HOSTNAME : pfsense.localdomain VERSION : 3.14.10 (13 September 2011) freebsd UPSNAME : UPS02 CABLE : Ethernet Link DRIVER : NETWORK UPS Driver UPSMODE : Net Slave STARTTIME: 2014-12-08 18:32:11 +0000 STATUS : COMMLOST MBATTCHG : 5 Percent MINTIMEL : 1 Minutes MAXTIME : 0 Seconds NUMXFERS : 0 TONBATT : 0 seconds CUMONBATT: 0 seconds XOFFBATT : N/A STATFLAG : 0x07000100 Status Flag END APC : 2014-12-08 23:57:10 +0000</myport>
$ apcaccess status <my.netops.ip.here>: <port>APC : 001,045,1178 DATE : 2014-12-08 15:57:54 -0800 HOSTNAME : my.netops.fqdn VERSION : 3.14.8 (16 January 2010) gentoo UPSNAME : UPSO2 CABLE : USB Cable MODEL : Smart-UPS 2200 XL UPSMODE : ShareUPS Master STARTTIME: 2013-09-29 20:45:42 -0700 SHARE : ShareUPS STATUS : ONLINE LINEV : 117.3 Volts LOADPCT : 94.9 Percent Load Capacity BCHARGE : 100.0 Percent TIMELEFT : 85.0 Minutes MBATTCHG : -1 Percent MINTIMEL : 2 Minutes MAXTIME : 0 Seconds OUTPUTV : 117.3 Volts SENSE : High DWAKE : -01 Seconds DSHUTD : 090 Seconds LOTRANS : 106.0 Volts HITRANS : 127.0 Volts RETPCT : 000.0 Percent ITEMP : 22.5 C Internal ALARMDEL : Always BATTV : 55.4 Volts LINEFREQ : 60.0 Hz LASTXFER : Automatic or explicit self test NUMXFERS : 42 XONBATT : 2014-12-07 18:55:45 -0800 TONBATT : 0 seconds CUMONBATT: 321 seconds XOFFBATT : 2014-12-07 18:55:52 -0800 LASTSTEST: 2014-12-07 18:55:45 -0800 SELFTEST : NO STESTI : 14 days STATFLAG : 0x07000008 Status Flag SERIALNO : JS1047018233 BATTDATE : 2010-11-19 NOMOUTV : 120 Volts NOMBATTV : 48.0 Volts FIRMWARE : 690.19.D USB FW:7.4 APCMODEL : Smart-UPS 2200 XL END APC : 2014-12-08 15:57:58 -0800</port></my.netops.ip.here>
-
LOCKFILE option should have /var/tmp
You have /var/lock which does not exist by default. -
I toggled this setting during my troubleshooting… sadly, changing it back to the /var/tmp default has no effect, but I appreciate the suggestion.
-
Have you tried running this from the command line: /usr/local/etc/rc.d/apcupsd.sh
To see want errors you get?
-
I've been starting and stopping the daemon from the command line. Whether or not it's started or stopped, that command doesn't produce any output, nor does it drop anything into the log:
[2.1.5-RELEASE][admin@pfsense.localdomain]/var/log(20): /usr/local/etc/rc.d/apcupsd.sh stop Stopping APC UPS Daemon... [2.1.5-RELEASE][admin@pfsense.localdomain]/var/log(21): /usr/local/etc/rc.d/apcupsd.sh [2.1.5-RELEASE][admin@pfsense.localdomain]/var/log(22): /usr/local/etc/rc.d/apcupsd.sh start Starting APC UPS Daemon... [2.1.5-RELEASE][admin@pfsense.localdomain]/var/log(23): /usr/local/etc/rc.d/apcupsd.sh Broadcast Message from admin@pfsense.localdomain (no tty) at 21:00 UTC... Communications with UPS lost. [2.1.5-RELEASE][admin@pfsense.localdomain]/var/log(24): cat /var/log/apcupsd.events ... 2014-12-09 20:59:43 +0000 apcupsd exiting, signal 15 2014-12-09 20:59:43 +0000 apcupsd shutdown succeeded 2014-12-09 21:00:09 +0000 apcupsd 3.14.10 (13 September 2011) freebsd startup succeeded 2014-12-09 21:00:14 +0000 Communications with UPS lost.
-
Any contents in this file?
/var/log/apcupsd.events -
I think this is a problem similar with pcnet.
If you use pcnet on the Upstype field, the parameters need to be on same field, not in DEVICE.
Try to do the same.
-
Thanks dbaio… this hadn't occurred to me. All my other apcupsd instances have the conf files configured by hand with net as the UPSTYPE and _<my.netop.ip.here>: <myport>_as the DEVICE.
After making this change, the relevant section in the conf file now looks like so:
... # UPSTYPE net <my.netop.ip.here>: <myport>#DEVICE ...</myport></my.netop.ip.here>
Sadly, after restart, the service still isn't able to consume the UPS data over the network.</myport></my.netop.ip.here>
-
Hi.
I've tried here and "net" doesn't have the simular bug like "pcnet", thanks for trying.
Change your UPS Class and UPS Mode to Share Master and Share and try it again, please.
Regards.
-
Maybe apcaccess uses all settings (standalone | shareslave | sharemaster)
$ apcaccess status <my.netops.ip.here>: <port>[snip] UPSMODE : ShareUPS Master SHARE : ShareUPS STATUS : ONLINE [snip]</port></my.netops.ip.here>
-
Hi Danilo,
Thanks for the suggestion. I gave this a try as well, but sadly those changes didn't work either.
If I can find a similar version of apcupsd I'm going to try installing it on a linux machine behind pfSense to see if this is an issue with this specific version of apcupsd and the net connectivity I'm using.
Cheers,
Greg -
Hi Danilo,
Thanks for the suggestion. I gave this a try as well, but sadly those changes didn't work either.
If I can find a similar version of apcupsd I'm going to try installing it on a linux machine behind pfSense to see if this is an issue with this specific version of apcupsd and the net connectivity I'm using.
Cheers,
GregThank you for your time.
I submitted a PR and I asked for build the new binaries (3.14.12).
Best Regards.
-
Actually same here, after a couple of seconds after system start a broadcast appears:
"Communications with UPS lost"
My config uses PCNET driver,apcupsd.events:
2015-01-08 22:24:48 +0100 apcupsd FATAL ERROR in newups.c at line 103 Mutex lock failure. ERR=Resource deadlock avoided 2015-01-08 22:24:48 +0100 apcupsd FATAL ERROR in newups.c at line 103 Mutex lock failure. ERR=Resource deadlock avoided 2015-01-08 22:24:48 +0100 apcupsd FATAL ERROR in newups.c at line 103 Mutex lock failure. ERR=Resource deadlock avoided 2015-01-08 22:25:28 +0100 apcupsd 3.14.10 (13 September 2011) freebsd startup succeeded 2015-01-08 22:26:28 +0100 Communications with UPS lost. 2015-01-08 22:32:11 +0100 apcupsd exiting, signal 15 2015-01-08 22:32:11 +0100 apcupsd shutdown succeeded 2015-01-08 22:32:25 +0100 apcupsd 3.14.10 (13 September 2011) freebsd startup succeeded 2015-01-08 22:32:25 +0100 apcupsd exiting, signal 15 2015-01-08 22:32:30 +0100 apcupsd 3.14.10 (13 September 2011) freebsd startup succeeded 2015-01-08 22:33:30 +0100 Communications with UPS lost. 2015-01-08 22:35:33 +0100 apcupsd exiting, signal 15 2015-01-08 22:35:38 +0100 apcupsd 3.14.10 (13 September 2011) freebsd startup succeeded 2015-01-08 22:35:38 +0100 apcupsd exiting, signal 15 2015-01-08 22:35:43 +0100 apcupsd 3.14.10 (13 September 2011) freebsd startup succeeded 2015-01-08 22:36:43 +0100 Communications with UPS lost.
On the other installation works fine using serial cable, but this one with this strange issue uses an APC MNC2 card AP9631
-
Seems it is solved by adding the IP of the PFsense box to the powerchute clients in the web interface of the AP9631 NMC card
-
hello,
I ve the same problem.
even with the correct config / IP , in the webinterface and /usr/pbi/apcupsd-amd64/etc/apcupsd/apcupsd.conf it doenst work, I only get this error:
/usr/local/sbin: apcaccess
Error contacting apcupsd @ localhost:3551: Operation timed out
But this is working:
apcaccess -h 192.168.2.1:3551
using apcupsd-3.14.12_1 with pfSense 2.2-R.
Any ideas?
-
The command apcaccess tries to connect through many ways(SNMP, PCNET with auth, PCNET without auth and others), seeing the log you can know how it did.
You need to check your config on the UPS (pcnet) - PowerChute Network Shutdown.
Some tips from apcupsd.com:
UPSCABLE ether UPSTYPE pcnet DEVICE ipaddr:user:passphrase UPSCLASS standalone UPSMODE disable
The DEVICE setting specifies the IP address of the UPS as well as the username and authentication passphrase to use. Note th
at the username and passphrase are not the Web/SNMP login credentials. They are separate settings. The default username on a new card is "apc" and the default passphrase is "admin user phrase". To change the passphrase, log in to the Web UI and go to the UPS tab, then to PowerChute -> Configuration. (This assumes firmware v3.3.1. Other versions may place the setting elsewhere.) The password must be a minimum of 15 characters long. The web UI will silently ignore shorter passwords and does not give an error message. There is no apparent way to change the username.Note that you may leave DEVICE blank and Apcupsd will accept information from any PCNET UPS on the network, however it will be very insecure since an attacker could easily send packets crafted to cause your server to shut down. Using the ipaddr, user, and passphrase will prevent this behavior.
http://www.apcupsd.com/manual/manual.html#powerchute-network-shutdown-driver-pcnet
Also, you can add the IP of pfSense box to the powerchute clients in the web interface like @mk96 saied.
Regards
-
hi, I tryd to change "net" to "pcnet" - but it doesnt help. I guess there`s a bug between pfSende web-GUI and apcaccess…
-
hi, I tryd to change "net" to "pcnet" - but it doesnt help. I guess there`s a bug between pfSende web-GUI and apcaccess…
You were right, it was improved.