155 lines
6.1 KiB
Text
155 lines
6.1 KiB
Text
Network UPS Tools - Quick Start for Debian
|
|
------------------------------------------
|
|
|
|
Anyway, here are the quick start instructions for using nut:
|
|
|
|
These Quick Start instructions are useful for a UPS connected to a single
|
|
machine. For a UPS connected to multiple machines, additional steps must be
|
|
taken, as outlined at the end of this file, including the notice regarding
|
|
SECURITY CONSIDERATIONS.
|
|
|
|
(I) Upgrading
|
|
=============
|
|
|
|
In case of upgrading, follow instructions given in:
|
|
/usr/share/doc/nut/UPGRADING
|
|
|
|
Note that service(s) (driver(s), upsd, upsmon) are not restarted upon
|
|
upgrade, to avoid service disruption. You have to manually do it.
|
|
|
|
(II) Installation
|
|
=================
|
|
|
|
Configuration files are located in /etc/nut/
|
|
In order to tune NUT configuration according to your needs, follow the below
|
|
information, along with the one provided inside these files.
|
|
|
|
(1) /etc/nut/nut.conf (see 'man 5 nut.conf' for more information)
|
|
Edit /etc/nut/nut.conf and modify the "MODE" variable according to your
|
|
configuration.
|
|
|
|
You can also fine tune the daemons options through UPSD_OPTIONS and
|
|
UPSMON_OPTIONS.
|
|
|
|
The steps 2 to 5 are only required if you use a "standalone" or "netserver"
|
|
MODE. If you are running in "netclient" MODE, jump directly to section 6.
|
|
|
|
(2) /etc/nut/ups.conf (see 'man 5 ups.conf' for more information)
|
|
|
|
Edit /etc/nut/ups.conf and add something like:
|
|
[myups]
|
|
driver = usbhid-ups
|
|
port = auto
|
|
Use the appropriate driver for your UPS and select the correct port.
|
|
To select the driver, take a look at the UPS compatibility list:
|
|
/usr/share/nut/driver.list
|
|
|
|
If you have more than one UPS, add as many entries as needed.
|
|
|
|
If you wish to test manually whether your configuration of ups.conf is
|
|
correct, you may invoke upsdrvctl by hand (as root):
|
|
/sbin/upsdrvctl start [myups]
|
|
/sbin/upsdrvctl stop [myups]
|
|
|
|
Ensure that the permissions of ups.conf do not permit the world to
|
|
read it. It should already be thus, but the following command
|
|
accomplishes this:
|
|
chown root:nut /etc/nut/ups.conf
|
|
chmod 640 /etc/nut/ups.conf
|
|
|
|
(3) device port permissions
|
|
The nut user need to be able to access the device port both for reading and
|
|
writing.
|
|
|
|
For serial devices, there are two possibilities:
|
|
|
|
a) You can add the nut user to the dialout group.
|
|
The following command accomplishes this:
|
|
addgroup nut dialout
|
|
|
|
This is not done by default for security reason on Debian, but is applied
|
|
on Ubuntu.
|
|
|
|
b) Another solution, for system supporting udev, is to create a file
|
|
(for example /etc/udev/rules.d/52_nut-serialups.rules), placed
|
|
after 020_permissions.rules and to add something like:
|
|
KERNEL=="ttyS1", GROUP="nut"
|
|
|
|
where 'ttyS1' has to be replaced by the exact name of your serial port.
|
|
|
|
For USB devices, permissions are automatically set by the
|
|
52-nut-usbups.rules udev rules file.
|
|
|
|
(4) /etc/nut/upsd.conf (see 'man 5 upsd.conf' for more information)
|
|
the default /etc/nut/upsd.conf is fine for a "standalone" configuration.
|
|
If you are in "netserver" MODE, you will have to modify the LISTEN option
|
|
to something suitable.
|
|
|
|
Ensure that the permissions of upsd.conf do not permit the world to
|
|
read it. It should already be thus, but the following command
|
|
accomplishes this:
|
|
chown root:nut /etc/nut/upsd.conf
|
|
chmod 640 /etc/nut/upsd.conf
|
|
|
|
(5) /etc/nut/upsd.users (see 'man 5 upsd.users' for more information)
|
|
Edit /etc/nut/upsd.users and add something like the following,
|
|
without the comments, in order to define a user:
|
|
[monmaster]
|
|
password = blah
|
|
upsmon master
|
|
Please use *different* usernames and passwords than you use on your
|
|
system; see the note regarding SECURITY CONSIDERATIONS at the end
|
|
of this file.
|
|
|
|
Ensure that the permissions of upsd.users do not permit the world to
|
|
read it. It should already be thus, but the following command
|
|
accomplishes this:
|
|
chown root:nut /etc/nut/upsd.users
|
|
chmod 640 /etc/nut/upsd.users
|
|
|
|
(6) /etc/nut/upsmon.conf (see 'man 5 upsmon.conf' for more information)
|
|
Edit /etc/nut/upsmon.conf and add something like the following:
|
|
MONITOR myups@localhost 1 monmaster blah master
|
|
POWERDOWNFLAG /etc/killpower
|
|
SHUTDOWNCMD "/sbin/shutdown -h +0"
|
|
|
|
Ensure that the permissions of upsmon.conf do not permit the world to
|
|
read it. It should already be thus, but the following commands
|
|
accomplishes this:
|
|
chown root:nut /etc/nut/upsmon.conf
|
|
chmod 640 /etc/nut/upsmon.conf
|
|
|
|
(7) /etc/default/nut
|
|
This file is not used anymore.
|
|
nut.conf provides all the needed features to replace this file.
|
|
|
|
(8) start the daemon
|
|
Invoke '/etc/init.d/nut start' to start the daemon(s). Check
|
|
/var/log/syslog to ensure that upsd, appropriate drivers, and upsmon
|
|
started up correctly.
|
|
|
|
|
|
Additional Notes for Sharing a UPS
|
|
----------------------------------
|
|
If you have multiple machines connected to the same UPS, you will need to
|
|
(a) modify the access control lists in upsd.conf on the server;
|
|
(b) add additional users to upsd.users on the server; and
|
|
(c) configure upsmon.conf on the clients.
|
|
|
|
Please note that upsmon on a client machine and upsd on a server machine need
|
|
to communicate via your network. This means that you need to ensure that all
|
|
the networking equipment (hub, switch, router, etc.) between the client and the
|
|
server is powered by the UPS. Otherwise, when the power goes down, the network
|
|
connection between the client machine will be broken and the client will not
|
|
be told to shut down.
|
|
|
|
SECURITY CONSIDERATIONS
|
|
-----------------------
|
|
Finally, please be aware of the following SECURITY CONSIDERATIONS: the TCP
|
|
communications between the client daemon, upsmon, and the server daemon, upsd,
|
|
send the username and passwords defined in upsd.users and used in upsmon.conf
|
|
over the wire UNENCRYPTED. This means that somebody could sniff the username
|
|
and password. A version that encrypts the connection using SSL should be
|
|
available someday.
|
|
|
|
Please see the documentation in /usr/share/doc/nut/docs for more information.
|