我的 PVE(Proxmox VE)宿主机下的爱快 + LEDE + 黑群晖已经稳定运行一年多了,最近因为打雷突然停电,开始担心硬盘数据安全问题,于是开始研究如何通过 UPS 实现群晖、PVE 等设备停电自动关机。
经查相关资料,发现 APC(型号:Back-UPS-650)的 UPS 有停电通讯功能,且与群晖完美支持,并可通过群晖的网络 UPS 服务器实现 PVE 等设备联动断电关机。
群晖实现断电关机的方法:
1、购买一台 APC 的 BK650 UPS 电源,此电源带 USB 通讯口,插到 PVE 主机上,并给黑群晖虚拟机添加 USB 设备(记得关闭、重启群晖虚拟机)
2、登录群晖管理页面,打开 控制面板 -> 硬件和电源 -> 不断电系统,可以看到 UPS 电源已被正确识别。
这里可以自行设置断电后群晖进入安全模式的时间。
PVE 连接群晖 UPS 服务器实现自动关机的方法:
1、进入群晖控制面板 -> 硬件和电源 -> 不断电系统,启用网络 UPS 服务器,并点击允许的 DiskStation 设备,填入你的 PVE 管理 IP(我的是:192.168.100.4)。
2、打开 PVE 的 Shell 界面,依次输入以下命令操作
①下载 NUT 套件
apt install nut -y
②编辑 NUT 配置文件
vim /etc/nut/nut.conf
(如未安装 vim 工具可以用 vi 命令,VIM 工具比较方便修改,安装方法自行百度)
移动光标找到 MODE 参数项
将 “MODE=” 后面修改成如下参数(按键盘上的 “i” 进入编辑模式)
MODE=netclient
输入 “:wq” 保存退出
vim /etc/nut/upsmon.conf
找到 MONITOR 在下方增加一行
MONITOR ups@nas 的 ip 1 upsmon pass slave
③启动 nut-client 服务,并设置自动启动
systemctl start nut-client && systemctl enable nut-client
④测试是否成功连接 UPS 服务器
upsc ups@NAS IP
如显示如下信息则表示配置成功(不同设备信息不同)
Init SSL without certificate database
battery.charge: 100
battery.charge.low: 10
battery.charge.warning: 50
battery.date: not set
battery.mfr.date: 2019/03/20
battery.runtime: 2272
battery.runtime.low: 120
battery.type: PbAc
battery.voltage: 13.6
battery.voltage.nominal: 12.0
device.mfr: APC
device.model: Back-UPS 650
device.serial: 3B1912X62195
device.type: ups
driver.name: usbhid-ups
driver.parameter.pollfreq: 30
driver.parameter.pollinterval: 5
driver.parameter.port: auto
driver.version: DSM6-2-23656-180331
driver.version.data: APC HID 0.95
driver.version.internal: 0.38
input.sensitivity: low
input.transfer.high: 266
input.transfer.low: 165
input.voltage: 234.0
input.voltage.nominal: 220
ups.beeper.status: enabled
ups.delay.shutdown: 20
ups.firmware: 822.A3.I
ups.firmware.aux: A3
ups.load: 14
ups.mfr: APC
ups.mfr.date: 2019/03/20
ups.model: Back-UPS 650
ups.productid: 0002
ups.serial: 3B1912X62195
ups.status: OL
ups.timer.reboot: 0
ups.timer.shutdown: -1
ups.vendorid: 051d
Init SSL without certificate database
battery.charge: 100
battery.charge.low: 10
battery.charge.warning: 50
battery.date: not set
battery.mfr.date: 2017/11/11
battery.runtime: 1650
battery.runtime.low: 120
battery.type: PbAc
battery.voltage: 13.5
battery.voltage.nominal: 12.0
device.mfr: APC
device.model: Back-UPS 650
device.serial: 3B1745X17495
device.type: ups
driver.name: usbhid-ups
driver.parameter.pollfreq: 30
driver.parameter.pollinterval: 5
driver.parameter.port: auto
driver.version: DSM6-2-25510-201118
driver.version.data: APC HID 0.95
driver.version.internal: 0.38
input.sensitivity: low
input.transfer.high: 266
input.transfer.low: 165
input.transfer.reason: input voltage out of range
input.voltage: 244.0
input.voltage.nominal: 220
ups.beeper.status: enabled
ups.delay.shutdown: 20
ups.firmware: 822.A3.I
ups.firmware.aux: A3
ups.load: 26
ups.mfr: APC
ups.mfr.date: 2017/11/11
ups.model: Back-UPS 650
ups.productid: 0002
ups.serial: 3B1745X17495
ups.status: OL
ups.timer.reboot: 0
ups.timer.shutdown: -1
ups.vendorid: 051d
常用资源:
配置说明:
Start Network UPS Tools service:Yes #启动NUT服务,选择Yes Enable Manual Config Only:No #只允许手动配置,选择No UPS Mode:Netserver #UPS工作模式,选择Netserver为服务器模式 UPS IP Addresss:127.0.0.1 #UPS的IP地址,这个在Netserver模式下无法更改 UPS Name:ups #UPS主机名,必须是ups,否则群晖无法连接 UPS Monitor Username:monuser #UPS主机用户名 UPS Monitor Password:secret #UPS主机密码 UPS Slave Username:monuser #从机连接nut时所用的帐户名,必须是monuser UPS Slave Password:secret #从机联机密码,必须是secret,这里特别注意,某些浏览器或插件会自动生成密码,请一定要手工输入secret六个英文半角字符。 UPS Driver:Usbhid-ups #UPS驱动,选择Usbhid-ups,兼容APC绝大多数产品 UPS Port:auto #端口,选择auto Shutdown Mode:Time on Battery #关机模式,选择Time on Battery意味着在电池供电N分钟后会发送关机命令,具体时间在后面的选项设定 Battery Runtime Left:Battery Runtime #因为一些兼容性问题,电池剩余时间可能会显示错误的值,此时可以更改这个选项,确保显示正确 Time on battery before shutdown (minutes):8 #接上面的选项,设置UPS电池供电多少分钟后发送关机命令 Turn off UPS after shutdown:No #主机关机后将UPS也关机,打开这个选项以省电,建议选No,除非你的UPS有自动开机功能,否则来电后UPS不会工作,导致NAS也无法开机。
群晖 UPS-NUT 目录
1 | /usr/syno/etc/ups/ |
upsmon.conf 文件:
MONITOR ups@IP地址 1 monuser secret slave ups:是ups连接的名字。群晖的UPS服务器名字就是ups。 IP地址:就是UPS服务器的IP地址(群晖的IP地址)。 1:表示给系统供电的UPS数量。 monuser:群晖UPS连接的用户名 secret:群晖UPS连接的密码。 slave:表示当前设备作为客户端。 NOTIFYCMD 的路径也要改成软件的安装地址。修改完后,点击Apply。看Status中是否有Running as Application。注意,需要在群晖UPS服务器中设置客户端设备的IP,允许其连接。 |
/usr/syno/bin/synoups
我的群晖升级到了 DSM7, 断电后进入 “安全模式”,硬盘挂起并不会自动关机。此时,需要先在 “群晖控制面板”—“终端机和 SNMP”—“启用 SSH 功能” 上打勾,启用 SSH 功能,然后在 Windows 电脑上,使用 SSH 软件以 root 用户登录群晖,修改 /usr/syno/bin/synoups 文件,找到 UPSSafeMode () ,在最后面加上一行 poweroff。
WinNUT-Client
我的配置:
nut.conf
# The values of MODE can be: # - none: NUT is not configured, or use the Integrated Power Management, or use # some external system to startup NUT components. So nothing is to be started. # - standalone: This mode address a local only configuration, with 1 UPS # protecting the local system. This implies to start the 3 NUT layers (driver, # upsd and upsmon) and the matching configuration files. This mode can also # address UPS redundancy. # - netserver: same as for the standalone configuration, but also need # some more network access controls (firewall, tcp-wrappers) and possibly a # specific LISTEN directive in upsd.conf. # Since this MODE is opened to the network, a special care should be applied # to security concerns. # - netclient: this mode only requires upsmon. # # IMPORTANT NOTE: # This file is intended to be sourced by shell scripts. # You MUST NOT use spaces around the equal sign! MODE=netclient
ups.conf
# Network UPS Tools: example ups.conf # # --- SECURITY NOTE --- # # If you use snmp-ups and set a community string in here, you # will have to secure this file to keep other users from obtaining # that string. It needs to be readable by upsdrvctl and any drivers, # and by upsd. # # --- # # This is where you configure all the UPSes that this system will be # monitoring directly. These are usually attached to serial ports, but # USB devices and SNMP devices are also supported. # # This file is used by upsdrvctl to start and stop your driver(s), and # is also used by upsd to determine which drivers to monitor. The # drivers themselves also read this file for configuration directives. # # The general form is: # # [upsname] # driver = <drivername> # port = <portname> #< any other directives here > # # The section header ([upsname]) can be just about anything as long as # it is a single word inside brackets. upsd uses this to uniquely # identify a UPS on this system. # # If you have a UPS called snoopy, your section header would be "[snoopy]". # On a system called "doghouse", the line in your upsmon.conf to monitor # it would look something like this: # # MONITOR snoopy@doghouse 1 upsmonuser mypassword master # # It might look like this if monitoring in slave mode: # # MONITOR snoopy@doghouse 1 upsmonuser mypassword slave # # Configuration directives # ------------------------ # # These directives are used by upsdrvctl only and should be specified outside # of a driver definition: # # maxretry: Optional. Specify the number of attempts to start the driver(s), # in case of failure, before giving up. A delay of 'retrydelay' is # inserted between each attempt. Caution should be taken when using # this option, since it can impact the time taken by your system to # start. # # The default is 1 attempt. # # retrydelay: Optional. Specify the delay between each restart attempt of the # driver(s), as specified by 'maxretry'. Caution should be taken # when using this option, since it can impact the time taken by your # system to start. # # The default is 5 seconds. # # These directives are common to all drivers that support ups.conf: # # driver: REQUIRED. Specify the program to run to talk to this UPS. # apcsmart, bestups, and sec are some examples. # # port: REQUIRED. The serial port where your UPS is connected. # /dev/ttyS0 is usually the first port on Linux boxes, for example. # # sdorder: optional. When you have multiple UPSes on your system, you # usually need to turn them off in a certain order. upsdrvctl # shuts down all the 0s, then the 1s, 2s, and so on. To exclude # a UPS from the shutdown sequence, set this to -1. # # The default value for this parameter is 0. # # nolock: optional, and not recommended for use in this file. # # If you put nolock in here, the driver will not lock the # serial port every time it starts. This may allow other # processes to seize the port if you start more than one by # mistake. # # This is only intended to be used on systems where locking # absolutely must be disabled for the software to work. # # maxstartdelay: optional. This can be set as a global variable # above your first UPS definition and it can also be # set in a UPS section. This value controls how long # upsdrvctl will wait for the driver to finish starting. # This keeps your system from getting stuck due to a # broken driver or UPS. # # The default is 45 seconds. # # synchronous: optional. The driver work by default in asynchronous # mode (i.e *synchronous=no*). This means that all data # are pushed by the driver on the communication socket to # upsd (Unix socket on Unix, Named pipe on Windows) without # waiting for these data to be actually consumed. With # some HW, such as ePDUs, that can produce a lot of data, # asynchronous mode may cause some congestion, resulting in # the socket to be full, and the driver to appear as not # connected. By enabling the 'synchronous' flag # (value = 'yes'), the driver will wait for data to be # consumed by upsd, prior to publishing more. This can be # enabled either globally or per driver. # # The default is 'no' (i.e. asynchronous mode) for backward # compatibility of the driver behavior. # # Anything else is passed through to the hardware-specific part of # the driver. # # Examples # -------- # # A simple example for a UPS called "powerpal" that uses the blazer_ser # driver on /dev/ttyS0 is: # # [powerpal] #driver = blazer_ser #port = /dev/ttyS0 #desc = "Web server" # # If your UPS driver requires additional settings, you can specify them # here. For example, if it supports a setting of "1234" for the # variable "cable", it would look like this: # # [myups] # driver = mydriver #port = /dev/ttyS1 #cable = 1234 #desc = "Something descriptive" # # To find out if your driver supports any extra settings, start it with # the -h option and/or read the driver's documentation. # Set maxretry to 3 by default, this should mitigate race with slow devices: # pollinterval = 1 maxretry = 3 # My Configration 我的配置 # [bk650] # driver = usbhid-ups # port = auto # desc = "APC BK650 UPS" # vendorid = 051d # productid = 0002 # serial = 3B1745X17495
upsd.conf
LISTEN 0.0.0.0 3493
upsd.users
# -------------------------------------------------------------------------- # # Example: # # [admin] # password = mypass # actions = SET # instcmds = ALL # # # --- Configuring for upsmon # # To add a user for your upsmon, use this example: # # [upsmon] # password = pass # upsmon master # or # upsmon slave # # The matching MONITOR line in your upsmon.conf would look like this: # # MONITOR myups@localhost 1 upsmon pass master (or slave) # 管理员可set更改ups内变量参数,master可设置FSD关机标签,slave收到通知后关机 [admin] actions = SET FSD instcmds = ALL password = pass upsmon master # 别的电脑连接使用此用户,从机帐号信息 [upsmon] password = pass upsmon slave
upsmon.conf
RUN_AS_USER root MONITOR ups@192.168.199.180 1 upsmon pass slave MINSUPPLIES 1 SHUTDOWNCMD "/sbin/shutdown -h" NOTIFYCMD /usr/sbin/upssched POLLFREQ 2 POLLFREQALERT 1 HOSTSYNC 15 DEADTIME 15 POWERDOWNFLAG /etc/killpower NOTIFYMSG ONLINE "UPS %s on line power" NOTIFYMSG ONBATT "UPS %s on battery" NOTIFYMSG LOWBATT "UPS %s battery is low" NOTIFYMSG FSD "UPS %s: forced shutdown in progress" NOTIFYMSG COMMOK "Communications with UPS %s established" NOTIFYMSG COMMBAD "Communications with UPS %s lost!" NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced" NOTIFYMSG NOCOMM "UPS %s is unavailable" NOTIFYMSG NOPARENT "UPSMon parent process died - shutdown impossible" NOTIFYFLAG ONLINE SYSLOG+WALL+EXEC NOTIFYFLAG ONBATT SYSLOG+WALL+EXEC NOTIFYFLAG LOWBATT SYSLOG+WALL NOTIFYFLAG FSD SYSLOG+WALL+EXEC NOTIFYFLAG COMMOK SYSLOG+WALL+EXEC NOTIFYFLAG COMMBAD SYSLOG+WALL+EXEC NOTIFYFLAG SHUTDOWN SYSLOG+WALL+EXEC NOTIFYFLAG REPLBATT SYSLOG+WALL NOTIFYFLAG NOCOMM SYSLOG+WALL+EXEC NOTIFYFLAG NOPARENT SYSLOG+WALL RBWARNTIME 43200 NOCOMMWARNTIME 600 FINALDELAY 5
upssched.conf
CMDSCRIPT /etc/nut/upssched-cmd PIPEFN /etc/nut/upssched/upssched.pipe LOCKFN /etc/nut/upssched/upssched.lock AT ONBATT * START-TIMER onbatt 60 AT ONLINE * CANCEL-TIMER onbatt online AT ONBATT * START-TIMER earlyshutdown 60 AT LOWBATT * EXECUTE onbatt AT COMMBAD * START-TIMER commbad 600 AT COMMOK * CANCEL-TIMER commbad commok AT NOCOMM * EXECUTE commbad AT SHUTDOWN * EXECUTE powerdown AT SHUTDOWN * EXECUTE powerdown
upssched-cmd
#!/bin/sh case $1 in onbatt) logger -t upssched-cmd "UPS running on battery" ;; earlyshutdown) logger -t upssched-cmd "UPS on battery too long, early shutdown" /usr/sbin/upsmon -c fsd ;; shutdowncritical) logger -t upssched-cmd "UPS on battery critical, forced shutdown" /usr/sbin/upsmon -c fsd ;; upsgone) logger -t upssched-cmd "UPS has been gone too long, can't reach" ;; *) logger -t upssched-cmd "Unrecognized command: $1" ;; esac
upsset.conf
# Network UPS Tools - upsset.conf sample file # # This file is provided to ensure that you do not expose your upsd server # to the world upon installing the CGI programs. Specifically, it keeps # the upsset.cgi program from running until you have assured it that you # have secured your web server's CGI directory. # # By default, your web server will probably let anyone access upsset.cgi # once it is installed. This means that anyone could attempt to crack # upsd logins since they would appear to be coming from your web server, # rather than the outside world, slipping through any ACL/ACCESS definitions. # # For this reason, you *MUST* first secure your CGI programs before # enabling upsset in this configuration file. If you can't do this in # your web server, then you should *not* run this program. # # For Apache, the .htaccess file can be used in the directory with the # programs. You'll need something like this: # # <Files upsset.cgi> #deny from all #allow from your.network.addresses #</Files> # # You will probably have to set "AllowOverride Limit" for this directory in # your server-level configuration file as well. # # If this doesn't make sense, then stop reading and leave this program alone. # # Assuming you have all this done (and it works), then you may uncomment # the line below and start using upsset.cgi through your web browser. # ### ### I_HAVE_SECURED_MY_CGI_DIRECTORY I_HAVE_SECURED_MY_CGI_DIRECTORY ###
host.conf
# Network UPS Tools: example hosts.conf # # This file is used to control the CGI programs. If you have not # installed them, you may safely ignore or delete this file. # # ----------------------------------------------------------------------- # # upsstats will use the list of MONITOR entries when displaying the # default template (upsstats.html). The "FOREACHUPS" directive in the # template will use this file to find systems running upsd. # # upsstats and upsimage also use this file to determine if a host may be # monitored. This keeps evil people from using your system to annoy # others with unintended queries. # # upsset presents a list of systems that may be viewed and controlled # using this file. # # ----------------------------------------------------------------------- # # Usage: list systems running upsd that you want to monitor # # MONITOR <system> "<host description>" # # Examples: MONITOR ups@192.168.199.180 "APC-BK650 UPS" # MONITOR su2200@10.64.1.1 "Finance department" # MONITOR matrix@shs-server.example.edu "Sierra High School data room #1"