Difference between revisions of "Linux/Services/Ups"

From Iveze
Jump to: navigation, search
 
Line 59: Line 59:
  
 
=== Selinux ===
 
=== Selinux ===
Selinux causes quite some trouble for apcupsd.
+
[[Linux/Security/Selinux|Selinux]] causes quite some trouble for apcupsd.
 
# The override scripts have the wrong type, so apcupsd does not execute them.
 
# The override scripts have the wrong type, so apcupsd does not execute them.
 
# Ssh usage is not allowed by apcupsd
 
# Ssh usage is not allowed by apcupsd

Latest revision as of 14:48, 12 June 2015

Shutdown the servers before the Uninterruptible Power Supply is completely drained.

Use case

A Ups is great to avoid hard shutdowns of servers with short power cuts. But what if the power is interrupted for a longer time than the battery can provide the servers? For such cases there is software that shuts down the servers at a certain percentage of battery drainage.

Apcupsd

Apcupsd is software specifically for Apc Ups-es. The hardware link between the Ups and a server is (often) a Usb cable. Apc Ups-es come with an odd cable, with on one end a Usb connector and on the other end something that looks like a Utp connector. One server can be connected with the Ups. Other servers must be shutdown from that connected server.

Install

Apcupsd is in the non standard Epel repository.

yum install apcupsd

Connect the usb cable to the Ups and start the service and make it auto start at boot.

Run apcaccess to check if the Ups is found. It will display several parameters of the Ups.

Configure

The configuration files are in the directory
/etc/apcupsd
The most interesting variable in apcupsd.conf is
BATTERYLEVEL 50
Here it is set to initiate shutdown at 50% battery level. Be sure there is enough battery for the time the server needs to shutdown.

Basically apcupsd will now shutdown this server when there is a power cut. If there are other servers that must be shutdown too, you can make use of the internal NIS server that communicates Ups events to other servers where apcupsd is installed too. More information about that is in the manual of apcupsd.

Override default behaviour

With default behaviour there are 2 issues

  1. The NIS solution needs apcupsd installed on every machine and it needs open ports in the firewalls.
  2. Apart from shutting down this machine, apcupsd also shuts down the Ups (killpower). This may lead to a situation where the Ups is shutdown before this machine is ready shutting down.

We prefer to shutdown the other servers from this server via ssh. Therefore we must override default behaviour of the script apccontrol. Do not edit this script, because it will be overwritten with an update. The case options in apccontrol can be overridden by adding an executable script with the same name as the option to /etc/apcupsd. We add two override scripts.

doshutdown

#!/bin/sh
# redirect all output to file exec >>/var/log/apcupsd.events 2>&1
echo "$(/bin/date) Shutdown start"
# use ip's because the DNS server may go down at some time /usr/bin/ssh root@192.168.1.1 'shutdown -h +1' & # servername1
/usr/bin/ssh root@192.168.1.2 'shutdown -h +1' & # servername2
echo "$(/bin/date) Shutdown stop"
# prevent default action (this machine is not shutdown automatically) exit 99

doreboot

#!/bin/sh
# redirect all output to file exec >>/var/log/apcupsd.events 2>&1
# We do not know if reboots are desirable, so we do nothing but prevent them
echo "$(/bin/date) Reboot start"
echo "Reboot not done" echo "$(/bin/date) Reboot stop"
# prevent default action (this machine is not rebooted automatically) exit 99

These two override scripts also prevent the killpower issue. The Ups just stays on until the battery is empty. If this is not the case, then an override script to prevent the default action of killpower may be necessary.

Note that you can not pass a password to ssh from within a script. Use one of these options.

Windows

If a Windows machine needs to be shutdown, some things need to be done first.

  1. Windows has no ssh server, so a third party ssh server needs to be installed there.
  2. The Windows ssh server does not accept authentication keys to make ssh password free, so sshpass must be installed on this apcupsd server.

Now ssh statements can be added to the override script doshutdown.

 sshpass -p 'password' ssh administrator@192.168.1.3 'shutdown /s' & # myWindowsServerName

WARNING: Since there are now passwords in the script doshutdown, be sure to chmod it 700.

Selinux

Selinux causes quite some trouble for apcupsd.

  1. The override scripts have the wrong type, so apcupsd does not execute them.
  2. Ssh usage is not allowed by apcupsd

Since we do not consider apcupsd a great liability to the server, we choose to make the type apcupsd_t permissive.

semanage permissive -a apcupsd_t

Do this before any configuration, else it will not work as expected.

Alternatives

Nut is a generic software, suitable for more Ups brands than Apc.