RE: Re: nut et ups

[tech <tech@rkn.ovh>]

pas de soucis en ports:

ma conf:  tcp/upg 3493 présente et active

#!/bin/sh

# Vider les tables actuelles

# iptables -t filter -F

# Vider les règles personnelles

iptables -t filter -X

# Interdire toute connexion entrante et sortante

iptables -t filter -P INPUT DROP iptables -t filter -P FORWARD DROP iptables -t filter -P OUTPUT ACCEPT

# --- Ne pas casser les connexions etablies

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state

RELATED,ESTABLISHED -j ACCEPT

# Autoriser loopback

iptables -t filter -A INPUT -i lo -j ACCEPT iptables -t filter -A OUTPUT -o lo -j ACCEPT

# ICMP (Ping)

iptables -t filter -A INPUT -p icmp -j ACCEPT iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# --- SSH In

iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT

# SSH Out

iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT

# DNS In/Out

iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT iptables -t filter -A OUTPUT -p udp --dport 53

-j ACCEPT iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT iptables -t filter -A INPUT -p udp

--dport 53 -j ACCEPT

# NTP Out

iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

# HTTP + HTTPS Out

iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A OUTPUT -p tcp --dport 443

-j ACCEPT

# HTTP + HTTPS In

iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443

-j ACCEPT iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT

# FTP Out

iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT

# FTP In

modprobe ip_conntrack_ftp # ligne facultative avec les serveurs OVH iptables -t filter -A INPUT -p tcp

--dport 20:21 -j ACCEPT iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# NUT/UPST

iptables -t filter -A INPUT -p tcp --dport 3493 -j ACCEPT   <------------------------------------------------

iptables -t filter -A INPUT -p udp --dport 3493 -j ACCEPT  <------------------------------------------------

# webmin

iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

#Samba

iptables -A INPUT -i eth0 -p tcp --dport 135 -j ACCEPT iptables -A INPUT -p TCP --dport 137 -j ACCEPT

iptables -A INPUT -p TCP --dport 138 -j ACCEPT iptables -A INPUT -p TCP --dport 139 -j ACCEPT iptables

-A INPUT -p TCP --dport 445 -j ACCEPT iptables -A INPUT -p UDP --dport 135 -j ACCEPT iptables -A INPUT

-p UDP --dport 137 -j ACCEPT iptables -A INPUT -p UDP --dport 138 -j ACCEPT iptables -A INPUT -p UDP

--dport 139 -j ACCEPT iptables -A INPUT -p UDP --dport 445 -j ACCEPT

# FINAL RULE

# EOF !

---

De : babouchko <babouchko@gmail.com>
Envoyé : lundi 25 juin 2018 15:20:27
À : tech
Cc : debian
Objet : Re: Re: nut et ups

 

Le port est ouvert ? (que dit netstat)

Ton firewall est off ? (un petit flush) 

Autre piste(mais j'y crois pas),  tu as mis les bons droits/utilisateurs sur les fichiers ?

Bab

Le lun. 25 juin 2018 à 15:15, tech <tech@rkn.ovh> a écrit :

Bonjour.

Si SSl désactive, le problème est le meme.

Si SSl purgé totalement via apt-get purge idem

Error: Connection failure: Connection refused

rien sur github, la communauté nut semble être en long sommeil ou morte. Rien non plus en doc -faq ou support sur networkupstools.org

---

De : babouchko <babouchko@gmail.com>
Envoyé : lundi 25 juin 2018 15:07:48
À : tech
Cc : debian
Objet : Re:

 

Bonjour,

Et sans SSL ca ne fct pas non plus ?

Je me souviens plus dr l'option maos tu peux ld désactiver dans un premier temps... 

Après, si tu veux utiliser ssl, as tu mis e' place les certificats ?

Bab

Le lun. 25 juin 2018 à 14:56, tech <tech@rkn.ovh> a écrit :

Bonjour,

j'ai créé :  : https://github.com/networkupstools/nut/issues/563

Je tente d'utiliser un onduleur EATON 850pro via USB sur une Debian Stretch Stable.

J'ai letsencrypt sur cette machine.

Dans les logs j'ai:

upsmon Can not initialize SSL context

si 850pro est connecté via usb:

lsusb

Bus 009 Device 003: ID 0463:ffff MGE UPS Systems UPS

after install nut using apt-get

apt-get install nut libupsclient1 nut-client nut-server

upsdrvctl start

Network UPS Tools - UPS driver controller 2.7.4

Network UPS Tools - Generic HID driver 0.41 (2.7.4)

USB communication driver 0.33

Using subdriver: MGE HID 1.39

nut=standalone 

mes confs:

/etc/nut/ups.conf

[850PRO]

driver = usbhid-ups

port = auto

desc = "850PRO"

/etc/nut/upsd.conf

STATEPATH /var/run/nut

MAXCONN 1024

# CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem

CERTPATH /etc/letsencrypt/live/REDACTED/

# CERTIDENT "my nut server" "MyPasSw0rD"

# CERTREQUEST REQUIRE

#  - 0 to not request to clients to provide any certificate

#  - 1 to require to all clients a certificate

#  - 2 to require to all clients a valid certificate

LISTEN ::1 3493

LISTEN 127.0.0.1 3493

/etc/nut/upsd.users

#upsmon master

[admin]

    password = 1401

    allowfrom = localhost

    upsmon master

    actions = SET

    instcmds = ALL

/etc/nut/upsmon.conf

MINSUPPLIES 1

SHUTDOWNCMD "/sbin/shutdown -h +1"

POLLFREQ 10

POLLFREQALERT 10

HOSTSYNC 15

DEADTIME 20

POWERDOWNFLAG /etc/killpower

RBWARNTIME 432000

NOCOMMWARNTIME 300

FINALDELAY 4

CERTPATH /etc/letsencrypt/live/REDACTED/

# CERTHOST <hostname> <certificate name> <certverify> <forcessl>

# CERTVERIFY 1

# FORCESSL 0

MONITOR 850PRO@localhost 1 admin 1401 master

SHUTDOWNCMD "/sbin/shutdown -h now"

HOSTSYNC 15

POWERDOWNFLAG /etc/nut/killpower

FINALDELAY 5

NOTIFYCMD /sbin/upssched

NOTIFYMSG ONBATT "%s is on battery"

NOTIFYMSG ONLINE "%s is back online"

NOTIFYMSG LOWBATT "%s has a low battery!"

NOTIFYMSG SHUTDOWN "System is being shutdown!"

NOTIFYFLAG ONLINE SYSLOG+EXEC

NOTIFYFLAG ONBATT SYSLOG+EXEC

NOTIFYFLAG LOWBATT SYSLOG+EXEC

NOTIFYFLAG FSD SYSLOG+WALL+EXEC

NOTIFYFLAG COMMOK SYSLOG+EXEC

NOTIFYFLAG COMMBAD SYSLOG+EXEC

NOTIFYFLAG SHUTDOWN SYSLOG+EXEC

NOTIFYFLAG REPLBATT SYSLOG+EXEC

NOTIFYFLAG NOCOMM SYSLOG+EXEC

/etc/nut/upssched.conf

LOCKFN /var/lib/nut/upssched.lock

PIPEFN /var/lib/nut/upssched.pipe

CMDSCRIPT /bin/upssched-cmd

AT ONBATT * START-TIMER onbatt1 13

AT ONLINE * CANCEL-TIMER onbatt1

#AT ONBATT * START-TIMER earlyshutdown 30

#AT ONLINE * CANCEL-TIMER earlyshutdown

AT ONBATT * START-TIMER onbattwarn 30

AT ONLINE * CANCEL-TIMER onbattwarn

when doing:

/etc/init.d/ups-monitor restart && tail -f /var/log/syslog

output:

[ ok ] Restarting ups-monitor (via systemctl): ups-monitor.service.

Jun 19 16:34:54 REDACTED systemd[1]: Stopping LSB: Network UPS Tools monitor initscript...

Jun 19 16:34:55 REDACTED ups-monitor[7377]: Stopping NUT - power device monitor and shutdown controller: nut-client.

Jun 19 16:34:55 REDACTED systemd[1]: Stopped LSB: Network UPS Tools monitor initscript.

Jun 19 16:34:55 REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript...

Jun 19 16:34:55 REDACTED upsmon[7387]: Startup successful

Jun 19 16:34:55 REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown controller: nut-client.

Jun 19 16:34:55 REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript.

Jun 19 16:34:55 REDACTED upsmon[7389]: Init SSL with cerificate database located at /etc/letsencrypt/live/REDACTED/

Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context

Jun 19 16:34:55 REDACTED upsmon[7387]: upsmon parent: read

status give:

/etc/init.d/ups-monitor status

● ups-monitor.service - LSB: Network UPS Tools monitor initscript

   Loaded: loaded (/etc/init.d/ups-monitor; generated; vendor preset: enabled)

   Active: active (exited) since Tue 2018-06-19 16:34:55 CEST; 2min 18s ago

     Docs: man:systemd-sysv-generator(8)

  Process: 7377 ExecStop=/etc/init.d/ups-monitor stop (code=exited, status=0/SUCCESS)

  Process: 7382 ExecStart=/etc/init.d/ups-monitor start (code=exited, status=0/SUCCESS)

REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript...

REDACTED upsmon[7387]: Startup successful

REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown contr…lient.

REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript.

REDACTED upsmon[7389]: Init SSL with cerificate database located at /etc/letsencry…/

.

lorque

upsl -l

réponse:

Error: Connection failure: Connection refused

Je suis un peu perdue et j'ai pas d'idée.