[Nut-upsuser] New NUT user with HP R3000XR problem

Brother Railgun of Reason alaric at caerllewys.net
Wed May 27 22:46:12 UTC 2009 

On Wed, May 27, 2009 at 11:51:44PM +0200, Arjen de Korte wrote:
> Citeren Brother Railgun of Reason <alaric at caerllewys.net>:
>
>>>> babylon4:root:/opt/nut:25 # sbin/upsd
>>>> Network UPS Tools upsd 2.4.1
>>>> listening on 127.0.0.1 port 3493
>>>> listening on ::1 port 3493
>>>> /opt/nut/var is world readable
>>>> Connected to UPS [tokamak]: bcmxcp-tokamak
>>>> Maximum number of connections limited to 256 [requested 1024]
>>> Weird, apparently your system has a limited number of file descriptors
>>> available. I have a feeling that this is not a standard operating system.
>> I was a little puzzled by that myself.  It's Solaris 10 x86 running on a
>> pretty substantial box, it shouldn't be an OS limitation.
>
> Oops, looking at the code I saw this isn't a warning, but a (fatal) error 
> instead (this was not one of the most descriptive error messages I ever 
> wrote). I now recall that this value is OS dependent, so you probably 
> want/need to limit this in upsd.conf through the MAXCONN parameter (which 
> in your case seems to be mandatory).

Ah, ...  yeah, that would have been better than patching the code, 
wouldn't it?

*sheepish*

I missed that parameter.  I'll undo my patch and try using the maxconn 
param instead.

As just mentioned, my studies appear to indicate that this is a tunable 
kernel parameter which, on Solaris, defaults out-of-the-box to 256.


> I'm not quite sure what would be the better thing to do in case the 
> (default) MAXCONN value is too high:
>
> 1) Bail out with a more descriptive error message
> 2) Adjust the number of connections to the maximum allowed (with message to 
> syslog)
>
> I think it would be much more user friendly to do the latter, but opinions 
> on this are welcomed.

Given that this varies by OS *but* may be tunable, my inclination would 
be to adjust the connections to the max available if less than MAXCONN, 
emit a warning in syslog and on the console, and document in the sample 
upsd.conf that depending on OS this MAY be a tunable parameter.


>> BTW, upsd.conf is default with everything commented out, which should
>> result in listening on everything:
>>
>> # This defaults to the global IPv4 listening address and port 3493. You
>> # may specify each interface you want upsd to listen on for connections,
>> # optionally with a port number.
>
> We need to change this. This used to be the case in older versions, but we 
> now default to a (safer) localhost only.

Ah, so the behavior is as *intended*, but the documentation has gotten 
out of step with the intent.  I see.

If this change was made for security reasons, perhaps this goal might be 
aided by adding a netblock ALLOW or ACCEPT directive?  For example, with 
two subnets, I might specify:

LISTEN 127.0.0.1 3493
ACCEPT 127.0.0.0/8

LISTEN 10.24.32.14 3493
ACCEPT 10.24.32.0/24
ACCEPT 10.24.33.0/24

upsd could simply refuse connections from outside the netblocks it had 
been told to ACCEPT, without doing any further authentication.


-- 
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.

More information about the Nut-upsuser mailing list