[Nut-upsuser] A short review of Synology's Safe Mode for power management

Roger Price roger at rogerprice.org
Wed Aug 12 09:51:22 BST 2020 

Synology, in their NAS products, include NUT for UPS based power management. But 
although Synology use upsd to talk to the UPS unit, they have their own power 
management software called "Safe Mode".  This reduces upsmon and upssched to 
pure passthrough with the status changes handled by Synology scripts 
synoupscommon + synoups.

  What NUT does
  -------------

NUT, in upsmon, provides a basic UPS management which I will call "Emergency 
Shutdown" based on status [LB], and in upssched NUT provides a more complex 
time-based UPS management which I call "Managed Shutdown", and which is more 
suitable for installations with frequent wall power failures.  Managed Shutdown 
becomes Emergency Shutdown when the battery is exhausted.  The software design 
is simple with rapid handling by upsmon of the received status changes following 
the declarations in the configuration file..  Timers run independently and 
generate further status changes for upssched, again following the declarations 
in the configuration file.

  What Synology does
  ------------------

Synology do neither of NUT's Emergency or Managed shutdowns.  Even the basic 
Emergency Shutdown mechanism of NUT's upsmon is absent.  See SHUTDOWNCMD "" in 
their upsmon.conf.  They have invented their own shutdown plan which they call 
"Safe Mode".  It's an emotive term which is good in sales literature but 
something of a red flag in a disaster recovery audit.

The software design differs from NUT.  While handling a status change, Synology 
will loop waiting for confirmation via upsc of the UPS status.  This can lead to 
complex situations.

The following descriptions will refer to Synology's SZF flags.  These are files, 
often in /tmp, which are either defined or not defined.  Their contents are 
comments on what is happening.  Synology's function UPSStatusGet returns the 
upsc report for ups.status.

Synology's Safe Mode accepts 5 status changes: online, onbatt, lowbatt, fsd and 
shutdownups. I summarise each one:

  Status change: online
  ---------------------

Function UPSRestart loops waiting up to 3 minutes for flag SZF_SAFEMODE_DONE aka 
/tmp/safeModeDone to be defined before calling telinit 6 for a system re-boot. 
Note that the timer is in a local loop. If power fails during this time, it 
looks as if the status change is ignored.  Good timer management would requires 
the timer to be run externally producing a new call of Synology's software.

  Status change: onbatt
  ---------------------

Sets flag SZF_ONBATT aka /tmp/ups.onbatt

  Status changes: lowbatt, fsd
  ----------------------------

Calls function UPSSafeMode which checks the UPS status and exits if [OL].  This 
code will fail if the UPS status is [OL CHRG], and although the UPS is online, 
the NAS will shutdown.   Here is the relevant snippet:

 	St=`UPSStatusGet`
 	if [ "$St" = "OL" ]; then
 		SYSLOG "WARNING: UPS is On-Line"
 		return
 	fi
 	echo "$1" > $SZF_SAFEMODE

 	/usr/syno/bin/synologset1 sys warn 0x11300011
 	SYSLOG "[UPS] Server is going to Safe Mode. It will stop all services and umount all volumes."


  Status change: shutdownups
  --------------------------

Calls function UPSShutdown. which checks the UPS status and reboots if [OL]. 
This code will fail if the UPS status is [OL CHRG], and although the UPS is 
online, the NAS will shutdown.  Here is the relevant snippet:

 	OL=0
 	LB=0
 	while [ $OL -ne 2 -a $LB -ne 2 ]; do
 		sleep 10
 		St=`UPSStatusGet`

The following test will fail if St="OL CHRG".

 		if [ "$St" = "OL" ]; then
 			OL=`expr $OL + 1`
 			LB=0
 		else
 			LB=`expr $LB + 1`
 			OL=0
 		fi
 		echo "OL=$OL LB=$LB" >> $SZF_SAFEMODE
 	done
 	if [ $OL -eq 2 ]; then
 		synologset1 sys warn 0x11300012
 		echo "UPS back to On-Line and reboot." >> $SZF_SAFEMODE
 		$SYNOBOOTBIN --unset-safe-shutdown
 		telinit 6

If St="OL CHRG", the following code is executed and the NAS shuts down even 
though the UPS is online.

 	elif [ $LB -eq 2 ]; then
 		touch /var/.NormalShutdown
 		if [ $UPSSafeShutdown -eq 0 ]; then
 			echo "Waiting UPS exhausted." >> $SZF_SAFEMODE
 			SYSLOG "Waiting UPS exhausted."
 		else
 			echo "UPS safe shutdown." >> $SZF_SAFEMODE
 			SYSLOG "UPS safe shutdown."


  Summary
  -------

Synology's Safe Mode is a complete replacement for NUT's upsmon and upssched and 
looks to be buggy with at least some UPS units.  The Safe Mode seems to be an 
attempt to do a Managed Shutdown, but keeps the NAS running which will deplete 
the UPS.  The overall design is weak.  The logic is code-based rather than 
configuration file based, and is unduly complex.

If you have problems with having the NAS as master, make it a slave, and run the 
NUT configuration of your choice in your PC/workstation.

Roger

More information about the Nut-upsuser mailing list