NUT package (2.8.0 and below)
-
First, I want to thank the developers for their work in this open source project :)
I can confirm that the new package works with EATON Protection Station 800. But the E-mails notification option does not work, I have this error in the system log:php-cgi: nut_email.php: Could not send the message to email@example.com -- Error: could not start TLS connection encryption protocol
.
The E-mail notifications works well if I Test SMTP Settings under System -> Advanced -> Notifications.
Thanks (and sorry for my bad English). -
I have a new APC UPS (BN1080G) which only has a serial data port on the back but it came with a serial-to-USB cable.
According to APC documentation it's a USB port. A new model UPS with a real serial port is pretty rare these days.
According to the NUT HCL, the default values should support this UPS. Use "Local USB" for UPS Type and "usbhid" for the driver.
-
@afa:
But the E-mails notification option does not work, I have this error in the system log:
php-cgi: nut_email.php: Could not send the message to email@example.com -- Error: could not start TLS connection encryption protocol
.
The E-mail notifications works well if I Test SMTP Settings under System -> Advanced -> Notifications.NUT invokes a script to send the email. Unfortunately, SSL is not available when PHP is invoked from a script. This is a known issue with pfSense. It's considered a bug, but no one has tracked it down yet.
It's on my list when time permits.
-
@afa:
But the E-mails notification option does not work, I have this error in the system log:
php-cgi: nut_email.php: Could not send the message to email@example.com -- Error: could not start TLS connection encryption protocol
.
The E-mail notifications works well if I Test SMTP Settings under System -> Advanced -> Notifications.NUT invokes a script to send the email. Unfortunately, SSL is not available when PHP is invoked from a script. This is a known issue with pfSense. It's considered a bug, but no one has tracked it down yet.
I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:
RUN_AS_USER root
This will keep upsmon as root and allow secure connections from PHP.
As a security best practice it is generally recommended to run upsmon as a user other than root. However, given the closed environment nature of the firewall, I don't see an obvious security issue running upsmon as root.
-
I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:
RUN_AS_USER root
The solution works correctly, thanks dennypage!
-
You're welcome. Glad it works for you.
-
I had a brief moment to take a look at this. I've narrowed it to an issue with PHP scripts invoked by users other than root. By default, upsmon runs as uucp, so it isn't able to initialize the secure connection. It's not clear what the long term solution will be, but you can work around the issue by adding the following line to upsmon.conf in the Advanced section:
RUN_AS_USER root
This will keep upsmon as root and allow secure connections from PHP.
As a security best practice it is generally recommended to run upsmon as a user other than root. However, given the closed environment nature of the firewall, I don't see an obvious security issue running upsmon as root.
The core issue turns out to be an file permission issue with one of the php ini files, /usr/local/etc/php/extenstions.ini. The file is owned by root and created with permissions 600, which prevents it from being read by the user upsmon runs as (uucp).
This file is being removed in pfSense 2.4, so the issue should be resolved then. If you want to correct the issue in the interim, you can apply the following patch:
*** /etc/rc.php_ini_setup.org Thu Jul 14 18:14:42 2016 --- /etc/rc.php_ini_setup Tue Aug 9 11:58:33 2016 *************** *** 102,107 **** --- 102,108 ---- fi /usr/bin/sort -u -o /usr/local/etc/php/extensions.ini /usr/local/etc/php/extensions.ini + chmod 644 /usr/local/etc/php/extensions.ini # Set upload directory if [ "$PLATFORM" = "nanobsd" ]; then
Note that you cannot just change the permissions on /usr/local/etc/php/extensions.ini because it is recreated at every boot.
-
I just did the upgrade and it isn't working.. Was working with the previous version of NUT.
The service looks to be running.
It is on version 2.7.4_2
This is a APC Back UP NS 1250 LCD using USB
I noticed in the log
Aug 12 19:14:09 upsmon 23829 Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:14 upsmon 23829 Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:19 upsmon 23829 Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:24 upsmon 23829 Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:29 upsmon 23829 Poll UPS [APC] failed - Driver not connected
Aug 12 19:14:31 upsd 24571 Can't connect to UPS [APC] (usbhid-ups-APC): No such file or directory -
The driver itself has failed. You should see things in the log for the driver. Please post all the log entries for ups* from the point of service start. Also, can you provide detail on your configuration please?
-
Im running pfsense 2.3.2 I was running 2.2.x before. Started at 2.0
This is a vm on a vmware server.
This ups was working with the version of NUT before the upgrade to this version.
Here are the logs from the start of the service
Aug 12 20:42:12 upsmon 31925 Startup successful
Aug 12 20:42:13 upsd 38757 listening on ::1 port 3493
Aug 12 20:42:13 upsd 38757 listening on 127.0.0.1 port 3493
Aug 12 20:42:13 upsd 38757 Can't connect to UPS [APC] (usbhid-ups-APC): No such file or directory
Aug 12 20:42:13 upsd 39055 Startup successful
Aug 12 20:42:15 upsd 39055 User monuser@::1 logged into UPS [APC]
Aug 12 20:42:15 upsmon 32928 Poll UPS [APC] failed - Driver not connected
Aug 12 20:42:15 upsmon 32928 Communications with UPS APC lost
Aug 12 20:42:20 upsmon 32928 Poll UPS [APC] failed - Driver not connected
Aug 12 20:42:20 upsmon 32928 UPS APC is unavailable -
The configuration I am looking for is the NUT configuration: What type, what driver, any extra args etc. The best place for this is in your configuration file. Look for something that looks like this:
<nut><config><type>local_usb</type> <name>ups</name> <email>yes</email> <usb_driver>usbhid-ups</usb_driver> <upsmon_conf><extra_args></extra_args></upsmon_conf></config></nut>
It would also be very helpful to see the NUT configuration from before you upgraded.
For logs, go to Status / System Logs / System / General. Select the funnel icon, and put "ups" in the Message field and then Apply Filter. You should see all the ups logs, including the kernel identification of the UPS at boot assuming that it's connected via USB.
-
I rebooted the server since I wanted to get you fresh logs since I cleared out my logs and now its working. So not sure what the reboot did.
Here is what my nut config if your curious.
I guess like with everything.. if it doesn't work..reboot it once first. =)
before
<nut><config><monitor>local</monitor>
<powerdown>on</powerdown>
<custom_upsconf><custom_upsdconf><custom_upsdusers><custom_upsmonconf><allowaddr><allowuser>monuser</allowuser>
<allowpass>pass</allowpass>
<name>APC</name>
<driver>usbhid-ups00</driver>
<port>auto</port>
<upstype><cable><snmpname><snmpaddr><snmpcommunity><snmpversion>v2c</snmpversion>
<snmpmib>ietf</snmpmib>
<snmpfreq><snmpdisabletransfer><remotename><remoteaddr><remoteuser><remotepass></remotepass></remoteuser></remoteaddr></remotename></snmpdisabletransfer></snmpfreq></snmpcommunity></snmpaddr></snmpname></cable></upstype></allowaddr></custom_upsmonconf></custom_upsdusers></custom_upsdconf></custom_upsconf></config>after
<nut><config><type>local_usb</type>
<name>APC</name>
<email></email>
<usb_driver>usbhid-ups</usb_driver>
<upsmon_conf><extra_args></extra_args></upsmon_conf></config></nut></nut> -
Thank you for following up. Glad that it's working now.
The reboot really shouldn't have been required unless there was an issue with connecting to the USB device. I would keep an eye on it for a while, and if it happens again try
usbconfig dump_device_desc
to see if the kernel sees the UPS device as connected.
-
Notes on Power Off vs Halt
When shutdown time arrives, the NUT package uses the following shutdown command:
SHUTDOWNCMD "/sbin/shutdown -p +0"
This command will power off the pfSense system. This is generally appropriate for systems such as firewalls that are configured to always turn on when power is applied. If there is a power setting in the BIOS this is generally referred to as “always on”.
If you have a system that does not support the always on mode, and instead always returns to the prior (last) state when power is applied, then you probably want to override the shutdown command so that the system is halted but not powered off.
You can do this by placing the following in upsmon.conf section of the advanced settings:
SHUTDOWNCMD "/sbin/shutdown -h +0"
If you have an option, the default "always on" approach is preferable.
-
Notes on SNMP configuration
The NUT package uses defaults for SNMP values. In most situations, the defaults are appropriate. However, depending upon your particular use case, there are variables that you may want to set in the Extra Arguments section. Arguments that you may need include directives for SNMP version and associated security, polling frequency, timeouts, mibs, etc.
Full details on the many SNMP options can be found here:
http://networkupstools.org/docs/man/snmp-ups.html
One that is of particular interest is the mibs directive. The default value is "auto" which means that the driver will attempt to discover the correct mib at runtime. Most of the time, this works. Sometimes it doesn’t. Occasionally it appears to work, but reports incorrect values for various values like voltages, frequency, etc. If your UPS is reporting things that don’t make sense, this is the thing to check.
-
Notes on executing commands
NUT has command line tools that allow execution of local commands to perform tasks such as a battery test or set variables in the hardware of the ups. Information on these tools can be found here:
http://networkupstools.org/docs/man/upscmd.html
http://networkupstools.org/docs/man/upsrw.htmlIn order to use these tools, a privileged NUT user is required. The NUT package automatically creates an administrative user for this purpose. The username is “admin”, and the password can be found in /usr/local/etc/nut/upsd.users. Note that the password is automatically generated, and changes each time the NUT configuration is changed or the system is rebooted.
Be careful with these commands. :)
-
I didn't notice that this update went through, so I never removed the old version.
I thought it was broken at first, because I kept going to "Services -> NUT" and I kept getting an nginx error, didn't realize that it had moved to "Services -> UPS"
Is there any way to remove the old "Services -> NUT" menu entry? It seems stuck there.
-
I thought it was broken at first, because I kept going to "Services -> NUT" and I kept getting an nginx error, didn't realize that it had moved to "Services -> UPS"
Is there any way to remove the old "Services -> NUT" menu entry? It seems stuck there.
If you are comfortable editing the config file, you can remove the old menu section. It looks like this:
<menu>
<name>NUT</name>
<tooltiptext>Set Network UPS Tools settings.</tooltiptext>
Services
<url>/ups_status.php</url>
</menu>Be very careful editing the config file, and back up the config first.
-
I thought it was broken at first, because I kept going to "Services -> NUT" and I kept getting an nginx error, didn't realize that it had moved to "Services -> UPS"
Is there any way to remove the old "Services -> NUT" menu entry? It seems stuck there.
If you are comfortable editing the config file, you can remove the old menu section. It looks like this:
<menu>
<name>NUT</name>
<tooltiptext>Set Network UPS Tools settings.</tooltiptext>
Services
<url>/ups_status.php</url>
</menu>Be very careful editing the config file, and back up the config first.
Thank you,
I have no problem editing xml config files (though the pfsense version of vi is awful), but where is the file?
Or is it more appropriate to save a backup config to my workstation, edit the config, and then upload the edited version?
-
I have no problem editing xml config files (though the pfsense version of vi is awful), but where is the file?
Or is it more appropriate to save a backup config to my workstation, edit the config, and then upload the edited version?
You can download/edit/upload if you are okay with a firewall reboot. Alternatively, you can ssh in and use viconfig.