[Nut-upsuser] NUT & UPS, how to shut down client after 2 min on battery?

Thu Jan 12 10:29:26 GMT 2023

Cheers,

At least a few things that DO NOT seem right upon quick reading are:

* upsmon.conf:

RUN_AS_USER root

Should not normally be required: when started as root, upsmon splits into
unprivileged process for most of the work and leaves the shutdown handler
running as root; with this setting you get it all running as root which is
potentially unsafe.

* upsmon.conf:

MONITOR qnapups at localhost 1 admin 123456 master
MONITOR qnapups at 192.168.222.252 3493 admin 123456 slaveMINSUPPLIES 1

Do you have two UPSes powering this system, or are you trying to monitor
the same one by localhost and LAN IP addresses? Note that the number ("1"
in the first line) is how many power sources of the current system that UPS
powers (e.g. you may monitor remote UPSes in some branch office without
critically reacting to their state by setting 0 here).
So the second line has the other UPS feed 3494 power sources of this system
while you only require one to be powered reliably and stay calm ;)
I suppose here you meant the port - it should be a colon-separated suffix
after the IP address (IIRC), and 3493 is the IANA registered default for
NUT so not needed at all here.

The master/slave regards direct connection to the UPS (does *this* system
control it, including a power-cut command, or a remote one does?)

* I did not use upssched much myself so do not feel qualified to comment;
however pipe and lock files may better belong in /var/state/ups,
/var/run/nut, /tmp or /dev/shm - preferably in a tmpfs to avoid hitting
real storage with I/O that should not persist across reboots:

PIPEFN /etc/nut/upssched.pipe
LOCKFN /etc/nut/upssched.lock

While it should not be "fatal" to have them under /etc/nut as long as the
processes involved have access there (in your case, ones already running as
root), generally the daemon process should only have read-only access to
its configuration files and their directory - to avoid having it exploited
to overwrite the configs to something more sinister.

* FWIW upsmon.conf should not be world-readable as it has a copy of the
passwords. Generally ups.conf also - it may be sensitive depending on
protocols involved (snmp communities, netxml/ipmi/... logins...)

* admin/123456 - this should be set in upsd.users so not sure how much QNAP
intervenes into the content of that config file to be "not working"
otherwise. These are NUT accounts, not OS ones.

Hope this helps,
Jim Klimov

On Thu, Jan 12, 2023 at 10:54 AM Rafael Reinoso via Nut-upsuser <
nut-upsuser at alioth-lists.debian.net> wrote:

> Now I have this in /etc/nut/upsmon.conf (my QNAP NAS wants admin and
> 123456 or not working)
>
>
> RUN_AS_USER root
> MONITOR qnapups at localhost 1 admin 123456 master
> MONITOR qnapups at 192.168.222.252 3493 admin 123456 slave
> MINSUPPLIES 1
> SHUTDOWNCMD "/sbin/shutdown -h +0"
> POLLFREQ 5
> POLLFREQALERT 5
> HOSTSYNC 15
> DEADTIME 15
> POWERDOWNFLAG /etc/killpower
>
> NOTIFYFLAG ONLINE SYSLOG+EXEC
> NOTIFYFLAG ONBATT SYSLOG+EXEC
> NOTIFYFLAG LOWBATT SYSLOG+EXEC
> NOTIFYFLAG REPLBATT SYSLOG+EXEC
> NOTIFYCMD /usr/sbin/upssched
>
> RBWARNTIME 43200
> NOCOMMWARNTIME 300
> FINALDELAY 5
>
>  And in /etc/nut/upssched.conf (changed from 2 min to 4 min)
>
>
>
> CMDSCRIPT /etc/nut/upssched-execscript.sh
>
> PIPEFN /etc/nut/upssched.pipe
> LOCKFN /etc/nut/upssched.lock
> AT ONBATT * START-TIMER shutdown_onbatt 240AT ONBATT * EXECUTE info_onbatt
> AT ONLINE * CANCEL-TIMER shutdown_onbattAT ONLINE * EXECUTE ups-back-on-power
> AT LOWBATT * EXECUTE shutdown_lowbatt
> AT REPLBATT * EXECUTE replace_batt
>
> And in /etc/nut/upssched-execscript.sh
>
>
>
> #! /bin/shcase $1 in
>     shutdown_onbatt)
>         logger -t upsmon[upssched] "shutdown_onbatt): Triggering shutdown after 4 minutes on battery"
>         /sbin/shutdown -h +0
>         ;;
>
>     shutdown_lowbatt)
>         logger -t upsmon[upssched] "shutdown_lowbatt): Triggering shutdown when battery.charge.low is under 50%"
>         /sbin/shutdown -h +0
>         ;;
>
>     info_onbatt)
>         logger -t upsmon[upssched] "info_onbatt): Now on battery"
>         ;;
>
>     ups-back-on-power)
>         logger -t upsmon[upssched] "ups-back-on-power): UPS back on power"
>         ;;
>
>     replace_batt)
>         message="Quick self-test indicates battery requires replacement"
>         logger -t upsmon[upssched] "replace_batt): $message"
>         ;;
>
>     *)
>         logger -t upsmon[upssched] "*) = Unrecognized command: $1"
>         ;;esac
>
>  And in /etc/nut/ups.conf
>
>
> [qnapups]
>     driver = usbhid-ups
>     port = auto
>     desc = "UPS"
>     ignorelb
>     override.battery.charge.low=50
>
>
>
> So I have these files
>
> [root at ipfire2 nut]# pwd/etc/nut
> [root at ipfire2 nut]# ls -latotal 104drwxr-xr-x  2 root root  4096 Jan 10 09:23 .drwxr-xr-x 50 root root  4096 Jan 10 10:33 ..-rw-r--r--  1 root root  1542 Jan 10 09:05 nut.conf-rw-r--r--  1 root root  1538 Dec 18  2020 nut.conf.sample-rw-r--r--  1 root root  4734 Jan 10 09:10 ups.conf-rw-r--r--  1 root root  4618 Dec 18  2020 ups.conf.sample-rw-r-----  1 root root  4606 Dec 22 08:44 upsd.conf-rw-r--r--  1 root root  4578 Dec 18  2020 upsd.conf.sample-rw-r-----  1 root root  2292 Dec 22 07:11 upsd.users-rw-r--r--  1 root root  2131 Dec 18  2020 upsd.users.sample-rw-r--r--  1 root root 15569 Jan 10 10:20 upsmon.conf-rw-r--r--  1 root root 15313 Dec 18  2020 upsmon.conf.sample-rw-r--r--  1 root root  4173 Jan 10 10:22 upssched.conf-rw-r--r--  1 root root  3895 Dec 18  2020 upssched.conf.sample-rwxr-xr-x  1 root root   810 Jan 10 10:29 upssched-execscript.sh
>
> Do all that seem right to you?
>
> _______________________________________________
> Nut-upsuser mailing list
> Nut-upsuser at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/nut-upsuser
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/nut-upsuser/attachments/20230112/bd4cdc18/attachment-0001.htm>