NUT package



  • This topic is for information on the new NUT package.

    The new package, version 2.7.4, has been released. If you have the prior 2.3.X package installed, it is recommended, but not required, that you uninstall the old package before installing the new package. This will ensure that all files from the prior package are removed.

    The new package brings an all new gui and alignment with current NUT architecture. It supports configuration for all UPS types that the FreeBSD NUT distribution supports, including local USB, local serial, remote SNMP, remote NUT and apcupsd servers.

    After installing the new package, NUT status and settings can be accessed in Services / UPS. The new widget can be added to the dashboard by selecting UPS Status.

    Background information can be found in the beta test topic here: https://forum.pfsense.org/index.php?topic=114871.0

    Version history:

    • 2.7.4_1  Fix repo/build issues

    • 2.7.4_2  Fix repo/build issues

    • 2.7.4_3  Remove orphaned NUT menu entry on upgrade

    • 2.7.4_4  Allow mixed case for serial port (/dev/cua[uU]?)

    • 2.7.4_5  Add support for NUT's "dummy" driver

    • 2.7.4_6  Add support for power kill following shutdown (requires pfSense 2.4.3)



  • If you want to allow access to the NUT daemon from other hosts, there are two options available. You can either use a port forward in the firewall rules, or you can add a listen directive to upsd.conf.

    Option 1: To add a port forward, go to Firewall / NAT / Port Forward, and create a port forward with the following attributes:

    Interface: The interface you want to allow access from, usually LAN
    Protocol: TCP
    Destination: The firewall address matching the interface, usually LAN address.
    Destination port: The port you want to use for access, usually 3493
    Redirect target IP 127.0.0.1
    Redirect target port: 3493

    In general, this option is simpler because you can easily restrict access by adding a Source Address to the NAT rule.

    Option 2: To add a listen directive to NUT, go to Services / UPS / Settings. Use the Display Advanced button to show the Advanced settings section. In the section for upsd.conf, add a line like:

    LISTEN 192.168.1.1

    where 192.168.1.1 is the address of the interface you want to allow access from. You can also specify IPv6 addresses with the listen directive. Note that if you use this option, you will need to use firewall rules to restrict access to specific source addresses.

    It is important to choose one option or the other. DO NOT DO BOTH AT THE SAME TIME.

    Regardless of which option above you choose, you will also need to add a user entry in upsd.users. To add the entry, go to Services / UPS / Settings. Use the Display Advanced button to show the Advanced settings section. In the section for upsd.users, add lines like:

    [remoteuser]
    password = mypassword
    upsmon slave

    Allowing remote access to NUT on the firewall should not be done casually. If you do allow remote access, it is a good idea to restrict access to trusted source addresses only.



  • Cross post from the beta…

    Hello All,

    Thank you for the work on this.

    After installing the new version, I no longer see it listed in the services menu (neither NUT nor UPS).  I tried the install on two different pfSense FW's running 2.3.2 (pfsense amd64 and nanobsd) and right now it doesn't work on either box.

    When I do a full reinstall it says this:

    Upgrading pfSense-pkg-nut...
    Updating pfSense-core repository catalogue...
    pfSense-core repository is up-to-date.
    Updating pfSense repository catalogue...
    pfSense repository is up-to-date.
    All repositories are up-to-date.
    Checking integrity... done (0 conflicting)
    The following 1 package(s) will be affected (of 0 checked):

    Installed packages to be REINSTALLED:
      pfSense-pkg-nut-2.7.4_1 [pfSense]

    Number of packages to be reinstalled: 1
    [1/1] Reinstalling pfSense-pkg-nut-2.7.4_1…
    [1/1] Extracting pfSense-pkg-nut-2.7.4_1: …....... done
    The nut package is not installed.

    Deletion aborted.XML error: PKGINFOLINK at line 8 cannot occur more than once

    Cleaning up cache... done.
    Success

    I tried a full uninstall and reinstall but the service is nowhere to be found.  It shows that the package is installed, I just can't do anything besides that.  Any ideas?

    Thanks,

    -th3r3isnospoon



  • FYI, I pulled the package from the factory download apart, and there are indeed two pkginfo lines in the file usr/local/share/pfSense-pkg-nut/info.xml. The second occurrence of the pkginfo line is not present in github, but appears in the version downloaded by the package manager. I have an email in to ask if anyone knows how this got added.



  • The issue has been tracked down to a specific problem with a branch of the repo. I'm sure it will be fixed soon.

    Thank you for your patience.



  • The fun is that I have successfully reinstalled NUT in VM, and doing the same steps on production caused error posted above. Strange.



  • Is the VM using beta.pfsense.org as its repo? You can check with "pkg -vv".



  • Yes, you are right. I just forgot that changed repository some time before. It's just beta.



  • After updating to 2.7.4_1 I can't find the Service! Where can I download the previous version or how can I repair this Version.

    Thx!
    Thomas



  • @esquire1968:

    After updating to 2.7.4_1 I can't find the Service! Where can I download the previous version or how can I repair this Version.

    Thx!
    Thomas

    https://forum.pfsense.org/index.php?topic=114871.msg645613#msg645613



  • Well me too. Installed the new package and its gone. Maybe you should pull this update till this problem is fixed…



  • @AR15USR:

    Maybe you should pull this update till this problem is fixed…

    I don't have access to pull the package from the servers.

    It's correct in the development branch of the repo, which is why beta works. There appears to have been a merge problem in moving between the development branch and the 2_3_2 branch which resulted in a duplicate line in the xml file. I don't have access to modify the 2_3_2 branch, or update the package servers. If I did, I would fix the issue.

    I have an email in, but don't know if anyone will be available over the weekend to update the package servers.



  • @dennypage:

    @AR15USR:

    Maybe you should pull this update till this problem is fixed…

    I don't have access to pull the package from the servers.

    It's correct in the development branch of the repo, which is why beta works. There appears to have been a merge problem in moving between the development branch and the 2_3_2 branch which resulted in a duplicate line in the xml file. I don't have access to modify the 2_3_2 branch, or update the package servers. If I did, I would fix the issue.

    I have an email in, but don't know if anyone will be available over the weekend to update the package servers.

    Gotcha, hopefully it will get fixed shortly..



  • It sure is flooding my logs now though:

    Aug 6 14:39:40	kernel		uhid0: <cps 0="" 1="" or1500lcdrm1u,="" class="" 0,="" rev="" 1.10="" 2.00,="" addr=""> on usbus0
    Aug 6 14:39:39	kernel		ugen0.2: <cps> at usbus0
    Aug 6 14:39:37	kernel		uhid0: at uhub1, port 5, addr 1 (disconnected)
    Aug 6 14:39:37	kernel		ugen0.2: <cps> at usbus0 (disconnected)
    Aug 6 14:39:31	kernel		uhid0: <cps 0="" 1="" or1500lcdrm1u,="" class="" 0,="" rev="" 1.10="" 2.00,="" addr=""> on usbus0
    Aug 6 14:39:30	kernel		ugen0.2: <cps> at usbus0
    Aug 6 14:39:28	kernel		uhid0: at uhub1, port 5, addr 1 (disconnected)
    Aug 6 14:39:28	kernel		ugen0.2: <cps> at usbus0 (disconnected)
    Aug 6 14:39:21	kernel		uhid0: <cps 0="" 1="" or1500lcdrm1u,="" class="" 0,="" rev="" 1.10="" 2.00,="" addr=""> on usbus0
    Aug 6 14:39:21	kernel		ugen0.2: <cps> at usbus0
    Aug 6 14:39:18	kernel		uhid0: at uhub1, port 5, addr 1 (disconnected)
    Aug 6 14:39:18	kernel		ugen0.2: <cps> at usbus0 (disconnected)
    Aug 6 14:39:12	kernel		uhid0: <cps 0="" 1="" or1500lcdrm1u,="" class="" 0,="" rev="" 1.10="" 2.00,="" addr=""> on usbus0</cps></cps></cps></cps></cps></cps></cps></cps></cps></cps>
    

    on and on…



  • If you are comfortable with the command line, you can fully delete the package with the following command:

    pkg delete pfSense-pkg-nut

    If you need a functioning package right away, you can update the package using the beta switch switch as w0w describes in the beta thread, or you can PM me with an email address and I will send you a package which is functionally the same as the release version.



  • Well got this result, but it has disappeared off the Installed Packages list. However my logs are still being flooded…

    [2.3.2-RELEASE][xxxx@xxxxx.lan]/root: pkg delete pfSense-pkg-nut
    Checking integrity... done (0 conflicting)
    Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):
    
    Installed packages to be REMOVED:
    	pfSense-pkg-nut-2.7.4_1
    
    Number of packages to be removed: 1
    
    Proceed with deinstalling packages? [y/N]: y
    [1/1] Deinstalling pfSense-pkg-nut-2.7.4_1...
    The nut package is not installed.
    
    [1/1] Deleting files for pfSense-pkg-nut-2.7.4_1: 100%nut-2.7.4_1:   0%
    The nut package is not installed.
    
    


  • OK I did the install from the development branch and it still didn't show up afterwards. So I uninstalled and switched back to Stable.

    I'll be waiting for the update/fix to show in the Stable…



  • Are you sure that you are looked for "UPS" in Services menu instead of "NUT"?

    Just because "development trick" still working for me on VM and production.



  • @w0w:

    Are you sure that you are looked for "UPS" in Services menu instead of "NUT"?

    Just because "development trick" still working for me on VM and production.

    Ah, there it is. See it now, thanks…



  • The repo issue has been fixed. The package version has been updated to 2.7.4_2.



  • I can confirm it's working with apcupsd as a remote host. Thanks Dennypage !



  • Confirmed here as well. Thanks!



  • Confirmed working, thanks.



  • @dennypage:

    The repo issue has been fixed. The package version has been updated to 2.7.4_2.

    Thank you for the fix!  Looks good!

    -th3r3isnospoon



  • I have a new APC UPS (BN1080G) which only has a serial data port on the back but it came with a serial-to-USB cable. I already tried to use the default USB driver via the UPS service settings but it couldn't connect to the UPS. From what I read (http://www.freebsddiary.org/apcupsd.php) in order for the serial-to-USB connection to typically work you'll need to also be running the apcupsd daemon. "apcupsd" is listed as a remote connection option in the UPS services settings, but I would like to run it local to the firewall if possible.

    There isn't a PFSense plugin for this yet but there is a BSD port for it (https://www.freshports.org/sysutils/apcupsd/).

    Unfortunately it doesn't appear to be listed as an available package in the latest stable PFSense release's core package repository.

    2.3.2-RELEASE (amd64)
    built on Tue Jul 19 12:44:43 CDT 2016
    FreeBSD 10.3-RELEASE-p5

    I have another FreeBSD machine internally that I can probably run apcupsd on and then have its port available for PFSense to use in the meantime.

    Any advice?

    Thanks



  • First, I want to thank the developers for their work in this open source project  :)
    I can confirm that the new package works with EATON Protection Station 800.  But the E-mails notification option does not work, I have this error in the system log:

    php-cgi: nut_email.php: Could not send the message to email@example.com -- Error: could not start TLS connection encryption protocol
    

    .
    The E-mail notifications works well if I Test SMTP Settings under System -> Advanced -> Notifications.
    Thanks (and sorry for my bad English).



  • @lemonkey:

    I have a new APC UPS (BN1080G) which only has a serial data port on the back but it came with a serial-to-USB cable.

    According to APC documentation it's a USB port. A new model UPS with a real serial port is pretty rare these days.

    According to the NUT HCL, the default values should support this UPS. Use "Local USB" for UPS Type and "usbhid" for the driver.



  • @afa:

    But the E-mails notification option does not work, I have this error in the system log:

    php-cgi: nut_email.php: Could not send the message to email@example.com -- Error: could not start TLS connection encryption protocol
    

    .
    The E-mail notifications works well if I Test SMTP Settings under System -> Advanced -> Notifications.

    NUT invokes a script to send the email. Unfortunately, SSL is not available when PHP is invoked from a script. This is a known issue with pfSense. It's considered a bug, but no one has tracked it down yet.

    It's on my list when time permits.



  • @dennypage:

    @afa:

    But the E-mails notification option does not work, I have this error in the system log:

    php-cgi: nut_email.php: Could not send the message to email@example.com -- Error: could not start TLS connection encryption protocol
    

    .
    The E-mail notifications works well if I Test SMTP Settings under System -> Advanced -> Notifications.

    NUT invokes a script to send the email. Unfortunately, SSL is not available when PHP is invoked from a script. This is a known issue with pfSense. It's considered a bug, but no one has tracked it down yet.

    I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:

    RUN_AS_USER root

    This will keep upsmon as root and allow secure connections from PHP.

    As a security best practice it is generally recommended to run upsmon as a user other than root. However, given the closed environment nature of the firewall, I don't see an obvious security issue running upsmon as root.



  • @dennypage:

    I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:

    RUN_AS_USER root

    The solution works correctly, thanks dennypage!



  • You're welcome. Glad it works for you.



  • @dennypage:

    I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:

    RUN_AS_USER root

    This will keep upsmon as root and allow secure connections from PHP.

    As a security best practice it is generally recommended to run upsmon as a user other than root. However, given the closed environment nature of the firewall, I don't see an obvious security issue running upsmon as root.

    The core issue turns out to be an file permission issue with one of the php ini files, /usr/local/etc/php/extenstions.ini. The file is owned by root and created with permissions 600, which prevents it from being read by the user upsmon runs as (uucp).

    This file is being removed in pfSense 2.4, so the issue should be resolved then. If you want to correct the issue in the interim, you can apply the following patch:

    *** /etc/rc.php_ini_setup.org	Thu Jul 14 18:14:42 2016
    --- /etc/rc.php_ini_setup	Tue Aug  9 11:58:33 2016
    ***************
    *** 102,107 ****
    --- 102,108 ----
      fi
    
      /usr/bin/sort -u -o /usr/local/etc/php/extensions.ini /usr/local/etc/php/extensions.ini
    + chmod 644 /usr/local/etc/php/extensions.ini
    
      # Set upload directory
      if [ "$PLATFORM" = "nanobsd" ]; then
    
    

    Note that you cannot just change the permissions on /usr/local/etc/php/extensions.ini because it is recreated at every boot.



  • I just did the upgrade and it isn't working.. Was working with the previous version of NUT.

    The service looks to be running.

    It is on version 2.7.4_2

    This is a APC Back UP NS 1250 LCD using USB

    I noticed in the log
    Aug 12 19:14:09 upsmon 23829 Poll UPS [APC] failed - Driver not connected
    Aug 12 19:14:14 upsmon 23829 Poll UPS [APC] failed - Driver not connected
    Aug 12 19:14:19 upsmon 23829 Poll UPS [APC] failed - Driver not connected
    Aug 12 19:14:24 upsmon 23829 Poll UPS [APC] failed - Driver not connected
    Aug 12 19:14:29 upsmon 23829 Poll UPS [APC] failed - Driver not connected
    Aug 12 19:14:31 upsd 24571 Can't connect to UPS [APC] (usbhid-ups-APC): No such file or directory



  • The driver itself has failed. You should see things in the log for the driver. Please post all the log entries for ups* from the point of service start. Also, can you provide detail on your configuration please?



  • Im running pfsense 2.3.2  I was running 2.2.x before. Started at 2.0

    This is a vm on a vmware server.

    This ups was working with the version of NUT before the upgrade to this version.

    Here are the logs from the start of the service

    Aug 12 20:42:12 upsmon 31925 Startup successful
    Aug 12 20:42:13 upsd 38757 listening on ::1 port 3493
    Aug 12 20:42:13 upsd 38757 listening on 127.0.0.1 port 3493
    Aug 12 20:42:13 upsd 38757 Can't connect to UPS [APC] (usbhid-ups-APC): No such file or directory
    Aug 12 20:42:13 upsd 39055 Startup successful
    Aug 12 20:42:15 upsd 39055 User monuser@::1 logged into UPS [APC]
    Aug 12 20:42:15 upsmon 32928 Poll UPS [APC] failed - Driver not connected
    Aug 12 20:42:15 upsmon 32928 Communications with UPS APC lost
    Aug 12 20:42:20 upsmon 32928 Poll UPS [APC] failed - Driver not connected
    Aug 12 20:42:20 upsmon 32928 UPS APC is unavailable



  • The configuration I am looking for is the NUT configuration: What type, what driver, any extra args etc. The best place for this is in your configuration file. Look for something that looks like this:

    
                    <nut><config><type>local_usb</type>
                                    <name>ups</name>
                                    <email>yes</email>
                                    <usb_driver>usbhid-ups</usb_driver>
                                    <upsmon_conf><extra_args></extra_args></upsmon_conf></config></nut> 
    
    

    It would also be very helpful to see the NUT configuration from before you upgraded.

    For logs, go to Status / System Logs / System / General. Select the funnel icon, and put "ups" in the Message field and then Apply Filter. You should see all the ups logs, including the kernel identification of the UPS at boot assuming that it's connected via USB.



  • I rebooted the server since I wanted to get you fresh logs since I cleared out my logs and now its working. So not sure what the reboot did.

    Here is what my nut config if your curious.

    I guess like with everything.. if it doesn't work..reboot it once first. =)

    before

    <nut><config><monitor>local</monitor>
    <powerdown>on</powerdown>
    <custom_upsconf><custom_upsdconf><custom_upsdusers><custom_upsmonconf><allowaddr><allowuser>monuser</allowuser>
    <allowpass>pass</allowpass>
    <name>APC</name>
    <driver>usbhid-ups00</driver>
    <port>auto</port>
    <upstype><cable><snmpname><snmpaddr><snmpcommunity><snmpversion>v2c</snmpversion>
    <snmpmib>ietf</snmpmib>
    <snmpfreq><snmpdisabletransfer><remotename><remoteaddr><remoteuser><remotepass></remotepass></remoteuser></remoteaddr></remotename></snmpdisabletransfer></snmpfreq></snmpcommunity></snmpaddr></snmpname></cable></upstype></allowaddr></custom_upsmonconf></custom_upsdusers></custom_upsdconf></custom_upsconf></config>

    after

    <nut><config><type>local_usb</type>
    <name>APC</name>
    <email></email>
    <usb_driver>usbhid-ups</usb_driver>
    <upsmon_conf><extra_args></extra_args></upsmon_conf></config></nut></nut>



  • Thank you for following up. Glad that it's working now.

    The reboot really shouldn't have been required unless there was an issue with connecting to the USB device. I would keep an eye on it for a while, and if it happens again try

    usbconfig dump_device_desc

    to see if the kernel sees the UPS device as connected.



  • Notes on Power Off vs Halt

    When shutdown time arrives, the NUT package uses the following shutdown command:

    SHUTDOWNCMD "/sbin/shutdown -p +0"

    This command will power off the pfSense system. This is generally appropriate for systems such as firewalls that are configured to always turn on when power is applied. If there is a power setting in the BIOS this is generally referred to as “always on”.

    If you have a system that does not support the always on mode, and instead always returns to the prior (last) state when power is applied, then you probably want to override the shutdown command so that the system is halted but not powered off.

    You can do this by placing the following in upsmon.conf section of the advanced settings:

    SHUTDOWNCMD "/sbin/shutdown -h +0"

    If you have an option, the default "always on" approach is preferable.



  • Notes on SNMP configuration

    The NUT package uses defaults for SNMP values. In most situations, the defaults are appropriate. However, depending upon your particular use case, there are variables that you may want to set in the Extra Arguments section. Arguments that you may need include directives for SNMP version and associated security, polling frequency, timeouts, mibs, etc.

    Full details on the many SNMP options can be found here:

    http://networkupstools.org/docs/man/snmp-ups.html

    One that is of particular interest is the mibs directive. The default value is "auto" which means that the driver will attempt to discover the correct mib at runtime. Most of the time, this works. Sometimes it doesn’t. Occasionally it appears to work, but reports incorrect values for various values like voltages, frequency, etc. If your UPS is reporting things that don’t make sense, this is the thing to check.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy