Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:apc [28.07.2012 14:21. ] – angelegt djangocentos:apc [22.07.2019 14:52. ] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 1: Zeile 1:
 +====== APC UPS Daemon unter CentOS 7.x ======
 +{{ :centos:rack-2016-11-24-22.33.57.jpg?nolink&150|Bild: Photo vom Serverschrank}}
 +{{:centos:apcupsd-logo.png?nolink&500|Bild: APC UPSD Logo}}
 +
 +Beim Betrieb eines Servers ist der Einsatz einer gesicherten Energieversorgung natürlich obligatorisch. Im **RZ**((**R**echen **Z**entrum)) stehen dazu meist unterbrechungsfreie Stromversorgungen, Ersatznetze oder auch Notstromaggregate zur Verfügung. Kann man auf derartige Techniken nicht zurückgreifen, lohnt sich die Anschaffung einer eigenen USV. 
 +
 +{{:centos:apc-smartusv-1400.jpg?direct&300 |Bild: Photo der APC Smart-UPS SU1400RMI 3HE}}So kommt z.B. bei nausch.org eine //**APC Smart-UPS SU1400RMI 3HE**// zum Einsatz.  Zur Überwachung, Verwaltung und Administration wird **[[http://www.apcupsd.org|APCUPSD]]** verwendet. In diesem Kapitel werden wir uns mit der Installation und Konfiguration des Daemon befassen. 
 +
 +Eine ausführliche Programmdokumentation ist auf der Seite [[http://www.apcupsd.org/manual/manual.html|APCUPSD User Manual]] zu finden.
 +
 +===== USB/RS.232-Adapter =====
 +Die Verbindung zwischen der USV und dem Server erfolgt mittels zugehörigem seriellen Verbindungskabel vom Typ **//[[http://rtfm.vtt.net/pinouts/data/apc_smart_cable_pinout.shtml.htm|940-0024B]]//** und einem 4-port USB/UART-Adapter **[[http://www.digitus.info/de/produkte/computer-accessories-and-components/computer-accessories/serial-and-parallel-adapter/da-70159/|DIGITUS USB 2.0 zu 4xRS232 Kabel]]**.
 +
 +Mit Hilfe der installierten **usbutiuls** können Details zum USB_Adapter abgefragt werden.
 +
 +Bei Bedarf installieren wir uns also besagtes RPM-Paket. 
 +   # yum install usbutils
 +
 +Den Inhalt des Paketes können wir uns wie folgt anzeigen lassen.
 +   # rpm -qil usbutils
 +<code>Name        : usbutils
 +Version     : 007
 +Release     : 5.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 12:03:27 PM CET
 +Group       : Applications/System
 +Size        : 187281
 +License     : GPLv2+
 +Signature   : RSA/SHA256, Wed 25 Nov 2015 05:02:14 PM CET, Key ID 24c6a8a7f4a80eb5
 +Source RPM  : usbutils-007-5.el7.src.rpm
 +Build Date  : Fri 20 Nov 2015 09:48:55 AM CET
 +Build Host  : worker1.bsys.centos.org
 +Relocations : (not relocatable)
 +Packager    : CentOS BuildSystem <http://bugs.centos.org>
 +Vendor      : CentOS
 +URL         : http://www.linux-usb.org/
 +Summary     : Linux USB utilities
 +Description :
 +This package contains utilities for inspecting devices connected to a
 +USB bus.
 +/usr/bin/lsusb
 +/usr/bin/lsusb.py
 +/usr/bin/usb-devices
 +/usr/bin/usbhid-dump
 +/usr/share/doc/usbutils-007
 +/usr/share/doc/usbutils-007/AUTHORS
 +/usr/share/doc/usbutils-007/COPYING
 +/usr/share/doc/usbutils-007/ChangeLog
 +/usr/share/doc/usbutils-007/NEWS
 +/usr/share/doc/usbutils-007/README
 +/usr/share/man/man1/usb-devices.1.gz
 +/usr/share/man/man8/lsusb.8.gz
 +/usr/share/man/man8/usbhid-dump.8.gz
 +/usr/share/pkgconfig/usbutils.pc</code>
 +
 +Der Aufruf von **lsusb** zeigt uns neben den anderen USB-Devices auch unseren 4-Port Adapter.
 +   # lsusb
 +
 +  Bus 001 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
 +  Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
 +  Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 +  Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 +  Bus 002 Device 002: ID 0627:0001 Adomax Technology Co., Ltd 
 +  Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
 +
 +Eine ähnliche aussagekräftige Detailanzeige können wir uns mit dem Befehl **usb-devices** anzeigen lassen.
 +   # usb-devices 
 +<code>T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#=  3 Spd=480 MxCh= 0
 +D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
 +P:  Vendor=0403 ProdID=6011 Rev=08.00
 +S:  Manufacturer=FTDI
 +S:  Product=FT4232H Device
 +S:  SerialNumber=FTZ9JWTW
 +C:  #Ifs= 4 Cfg#= 1 Atr=80 MxPwr=200mA
 +I:  If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
 +I:  If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
 +I:  If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
 +I:  If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio</code>
 +
 +Damit der Adapter auch verwendet werden kann, benötigen wir noch die **libftdi**-Bibliotheken, welche wir nun noch installieren werden.
 +   # yum install libftdi
 +
 +Auch hier können wir bei Interesse, den Inhalt des RPM-Paketes anzeigen lassen.
 +   # rpm -qil libftdi
 +<code>Name        : libftdi
 +Version     : 1.1
 +Release     : 4.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 11:55:10 AM CET
 +Group       : System Environment/Libraries
 +Size        : 96091
 +License     : LGPLv2
 +Signature   : RSA/SHA256, Tue 07 Oct 2014 10:19:03 PM CEST, Key ID 6a2faea2352c64e5
 +Source RPM  : libftdi-1.1-4.el7.src.rpm
 +Build Date  : Mon 06 Oct 2014 09:17:24 PM CEST
 +Build Host  : buildvm-24.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.intra2net.com/de/produkte/opensource/ftdi/
 +Summary     : Library to program and control the FTDI USB controller
 +Description :
 +A library (using libusb) to talk to FTDI's FT2232C,
 +FT232BM and FT245BM type chips including the popular bitbang mode.
 +/lib/udev/rules.d/69-libftdi.rules
 +/usr/lib64/libftdi1.so.2
 +/usr/lib64/libftdi1.so.2.1.0
 +/usr/share/doc/libftdi-1.1
 +/usr/share/doc/libftdi-1.1/AUTHORS
 +/usr/share/doc/libftdi-1.1/COPYING.LIB
 +/usr/share/doc/libftdi-1.1/ChangeLog
 +/usr/share/doc/libftdi-1.1/README</code>
 +
 +===== Installation und Konfiguration =====
 +==== apcupsd ====
 +=== Installation ===
 +Zur Administration unserer USV benötien wir nun noch einen passenden Daemon, den **[[http://www.apcupsd.org/|apcupsd]]**. Das RPM-Paket aus dem Repository **[[https://fedoraproject.org/wiki/EPEL|Extra Packages for Enterprise Linux (EPEL)]]** installieren wir wie gewohnt mittels **yum**
 +   # yum install apcupsd
 +
 +Welche Verzeichnisse und Dateien uns die Installation eben ins System brachte, lassen wir uns mit Unterstützung des Befehls **rpm** und der Option ''qil'' anzeigen.
 +   # rpm -qil apcupsd
 +
 +<code>Name        : apcupsd
 +Version     : 3.14.12
 +Release     : 1.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 01:02:05 AM CET
 +Group       : System Environment/Daemons
 +Size        : 1492686
 +License     : GPLv2
 +Signature   : RSA/SHA256, Thu 22 Jan 2015 01:28:09 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
 +Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
 +Build Host  : buildhw-04.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.apcupsd.com
 +Summary     : APC UPS Power Control Daemon for Linux
 +Description :
 +Apcupsd can be used for controlling most APC UPSes. During a
 +power failure, apcupsd will inform the users about the power
 +failure and that a shutdown may occur.  If power is not restored,
 +a system shutdown will follow when the battery is exausted, a
 +timeout (seconds) expires, or the battery runtime expires based
 +on internal APC calculations determined by power consumption
 +rates.  If the power is restored before one of the above shutdown
 +conditions is met, apcupsd will inform users about this fact.
 +Some features depend on what UPS model you have (simple or smart).
 +/etc/apcupsd
 +/etc/apcupsd/apccontrol
 +/etc/apcupsd/apcupsd.conf
 +/etc/apcupsd/changeme
 +/etc/apcupsd/commfailure
 +/etc/apcupsd/commok
 +/etc/apcupsd/offbattery
 +/etc/apcupsd/onbattery
 +/etc/logrotate.d/apcupsd
 +/lib/systemd/system-shutdown/apcupsd_shutdown
 +/lib/systemd/system/apcupsd.service
 +/sbin/apcaccess
 +/sbin/apctest
 +/sbin/apcupsd
 +/sbin/smtp
 +/usr/share/doc/apcupsd-3.14.12
 +/usr/share/doc/apcupsd-3.14.12/COPYING
 +/usr/share/doc/apcupsd-3.14.12/ChangeLog
 +/usr/share/doc/apcupsd-3.14.12/ReleaseNotes
 +/usr/share/doc/apcupsd-3.14.12/examples
 +/usr/share/doc/apcupsd-3.14.12/examples/Makefile
 +/usr/share/doc/apcupsd-3.14.12/examples/SmartUPS1400.snmp
 +/usr/share/doc/apcupsd-3.14.12/examples/client.c
 +/usr/share/doc/apcupsd-3.14.12/examples/gui
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/about.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/apcupsd.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/dialog.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/events.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/mainwindow.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/pkgIndex.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/splash.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/gui/status.tcl
 +/usr/share/doc/apcupsd-3.14.12/examples/hid-set.c
 +/usr/share/doc/apcupsd-3.14.12/examples/hid-ups.c
 +/usr/share/doc/apcupsd-3.14.12/examples/hiddev-hiddev.h-cleanup-2.4.patch
 +/usr/share/doc/apcupsd-3.14.12/examples/hiddev.h
 +/usr/share/doc/apcupsd-3.14.12/examples/hiddev.txt
 +/usr/share/doc/apcupsd-3.14.12/examples/index.php
 +/usr/share/doc/apcupsd-3.14.12/examples/libusb.h
 +/usr/share/doc/apcupsd-3.14.12/examples/linux-2.4.20-USB-reject.patch
 +/usr/share/doc/apcupsd-3.14.12/examples/linux-2.4.20-killpower.patch
 +/usr/share/doc/apcupsd-3.14.12/examples/linux-2.6.0-USB-queue-overflow.patch
 +/usr/share/doc/apcupsd-3.14.12/examples/linux-usb-patch-email.txt
 +/usr/share/doc/apcupsd-3.14.12/examples/linux-usb-patch2-email.txt
 +/usr/share/doc/apcupsd-3.14.12/examples/make-hiddev
 +/usr/share/doc/apcupsd-3.14.12/examples/megaclient.c
 +/usr/share/doc/apcupsd-3.14.12/examples/nagios_plugin_check_apcupsd.c
 +/usr/share/doc/apcupsd-3.14.12/examples/newslave.c
 +/usr/share/doc/apcupsd-3.14.12/examples/offbattery.cpufreq
 +/usr/share/doc/apcupsd-3.14.12/examples/onbattery.cpufreq
 +/usr/share/doc/apcupsd-3.14.12/examples/php-monitor.txt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-350-USB.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-350ES.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-500-USB.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-500ES.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-BR-800.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-CS-650.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-ES-550.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-XS-1300-LCD.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/BackUPS.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/Smart-UPS-1500.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/SmartUPS-USB.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/SmartUPS.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/rpt/hid-ups.rpt
 +/usr/share/doc/apcupsd-3.14.12/examples/safe.apccontrol
 +/usr/share/doc/apcupsd-3.14.12/examples/smartsim.c
 +/usr/share/doc/apcupsd-3.14.12/examples/snoopdecode.c
 +/usr/share/doc/apcupsd-3.14.12/examples/status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/Back-UPS-BX-1500.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/Back-UPS-Pro-1000.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/BackUPS-USB.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/JapaneseUPS.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/PowerStack450.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS-vs-650.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS1000.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS1400.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS3000.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS5000.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS600.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS700-2.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS700.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/newbackupspro1.status
 +/usr/share/doc/apcupsd-3.14.12/examples/status/newbackupspro2.status
 +/usr/share/doc/apcupsd-3.14.12/examples/upsapm.c
 +/usr/share/doc/apcupsd-3.14.12/examples/usb_hid_usages
 +/usr/share/doc/apcupsd-3.14.12/examples/usbsnoop.txt
 +/usr/share/hal/fdi/policy/20thirdparty/80-apcupsd-ups-policy.fdi
 +/usr/share/man/man5/apcupsd.conf.5.gz
 +/usr/share/man/man8/apcaccess.8.gz
 +/usr/share/man/man8/apccontrol.8.gz
 +/usr/share/man/man8/apctest.8.gz
 +/usr/share/man/man8/apcupsd.8.gz</code>
 +
 +=== Konfiguration ===
 +Zur Einstellungen des Daemon sind in der Konfigurationsdatei //**/etc/apcupsd/apcupsd.conf**// vorzunehmen. Diese Datei bearbeiten wir mit dem Editor unserer Wahl, z.B. **vim**.
 +   # vim /etc/apcupsd/apcupsd.conf
 +<file bash /etc/apcupsd/apcupsd.conf>## apcupsd.conf v1.1 ##
 +
 +#  for apcupsd release 3.14.12 (29 March 2014) - redhat
 +#
 +# "apcupsd" POSIX config file
 +
 +#
 +# ========= General configuration parameters ============
 +#
 +
 +# UPSNAME xxx
 +#   Use this to give your UPS a name in log files and such. This
 +#   is particulary useful if you have multiple UPSes. This does not
 +#   set the EEPROM. It should be 8 characters or less.
 +# Django : 2017-01-08
 +# default: #UPSNAME
 +UPSNAME APC1400
 +
 +# UPSCABLE <cable>
 +#   Defines the type of cable connecting the UPS to your computer.
 +#
 +#   Possible generic choices for <cable> are:
 +#     simple, smart, ether, usb
 +#
 +#   Or a specific cable model number may be used:
 +#     940-0119A, 940-0127A, 940-0128A, 940-0020B,
 +#     940-0020C, 940-0023A, 940-0024B, 940-0024C,
 +#     940-1524C, 940-0024G, 940-0095A, 940-0095B,
 +#     940-0095C, 940-0625A, M-04-02-2000
 +#
 +# Django : 2017-01-08
 +# default: UPSCABLE usb
 +UPSCABLE 940-0024B
 +
 +# To get apcupsd to work, in addition to defining the cable
 +# above, you must also define a UPSTYPE, which corresponds to
 +# the type of UPS you have (see the Description for more details).
 +# You must also specify a DEVICE, sometimes referred to as a port.
 +# For USB UPSes, please leave the DEVICE directive blank. For
 +# other UPS types, you must specify an appropriate port or address.
 +#
 +# UPSTYPE   DEVICE           Description
 +# apcsmart  /dev/tty**       Newer serial character device, appropriate for 
 +#                            SmartUPS models using a serial cable (not USB).
 +#
 +# usb       <BLANK>          Most new UPSes are USB. A blank DEVICE
 +#                            setting enables autodetection, which is
 +#                            the best choice for most installations.
 +#
 +# net       hostname:port    Network link to a master apcupsd through apcupsd'
 +#                            Network Information Server. This is used if the
 +#                            UPS powering your computer is connected to a 
 +#                            different computer for monitoring.
 +#
 +# snmp      hostname:port:vendor:community
 +#                            SNMP network link to an SNMP-enabled UPS device.
 +#                            Hostname is the ip address or hostname of the UPS 
 +#                            on the network. Vendor can be can be "APC" or 
 +#                            "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap 
 +#                            catching; you usually want "APC". Port is usually 
 +#                            161. Community is usually "private".
 +#
 +# netsnmp   hostname:port:vendor:community
 +#                            OBSOLETE
 +#                            Same as SNMP above but requires use of the 
 +#                            net-snmp library. Unless you have a specific need
 +#                            for this old driver, you should use 'snmp' instead.
 +#
 +# dumb      /dev/tty**       Old serial character device for use with 
 +#                            simple-signaling UPSes.
 +#
 +# pcnet     ipaddr:username:passphrase:port
 +#                            PowerChute Network Shutdown protocol which can be 
 +#                            used as an alternative to SNMP with the AP9617 
 +#                            family of smart slot cards. ipaddr is the IP 
 +#                            address of the UPS management card. username and 
 +#                            passphrase are the credentials for which the card 
 +#                            has been configured. port is the port number on 
 +#                            which to listen for messages from the UPS, normally 
 +#                            3052. If this parameter is empty or missing, the 
 +#                            default of 3052 will be used.
 +#
 +# modbus    /dev/tty**       Serial device for use with newest SmartUPS models
 +#                            supporting the MODBUS protocol.
 +#
 +# Django : 2017-01-08
 +# default: UPSTYPE usb
 +#          DEVICE 
 +UPSTYPE apcsmart
 +DEVICE /dev/ttyUSB3
 +
 +# POLLTIME <int>
 +#   Interval (in seconds) at which apcupsd polls the UPS for status. This
 +#   setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb, 
 +#   dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting
 +#   will improve apcupsd's responsiveness to certain events at the cost of
 +#   higher CPU utilization. The default of 60 is appropriate for most
 +#   situations.
 +# Django : 2017-01-08
 +# default: #POLLTIME 60
 +POLLTIME 60
 +
 +# LOCKFILE <path to lockfile>
 +#   Path for device lock file. Not used on Win32.
 +LOCKFILE /var/lock
 +
 +# SCRIPTDIR <path to script directory>
 +#   Directory in which apccontrol and event scripts are located.
 +SCRIPTDIR /etc/apcupsd
 +
 +# PWRFAILDIR <path to powerfail directory>
 +#   Directory in which to write the powerfail flag file. This file
 +#   is created when apcupsd initiates a system shutdown and is
 +#   checked in the OS halt scripts to determine if a killpower
 +#   (turning off UPS output power) is required.
 +PWRFAILDIR /etc/apcupsd
 +
 +# NOLOGINDIR <path to nologin directory>
 +#   Directory in which to write the nologin file. The existence
 +#   of this flag file tells the OS to disallow new logins.
 +NOLOGINDIR /etc
 +
 +
 +#
 +# ======== Configuration parameters used during power failures ==========
 +#
 +
 +# The ONBATTERYDELAY is the time in seconds from when a power failure
 +#   is detected until we react to it with an onbattery event.
 +#
 +#   This means that, apccontrol will be called with the powerout argument
 +#   immediately when a power failure is detected.  However, the
 +#   onbattery argument is passed to apccontrol only after the 
 +#   ONBATTERYDELAY time.  If you don't want to be annoyed by short
 +#   powerfailures, make sure that apccontrol powerout does nothing
 +#   i.e. comment out the wall.
 +ONBATTERYDELAY 6
 +
 +
 +# Note: BATTERYLEVEL, MINUTES, and TIMEOUT work in conjunction, so
 +# the first that occurs will cause the initation of a shutdown.
 +#
 +
 +# If during a power failure, the remaining battery percentage
 +# (as reported by the UPS) is below or equal to BATTERYLEVEL, 
 +# apcupsd will initiate a system shutdown.
 +BATTERYLEVEL 5
 +
 +# If during a power failure, the remaining runtime in minutes 
 +# (as calculated internally by the UPS) is below or equal to MINUTES,
 +# apcupsd, will initiate a system shutdown.
 +MINUTES 3
 +
 +# If during a power failure, the UPS has run on batteries for TIMEOUT
 +# many seconds or longer, apcupsd will initiate a system shutdown.
 +# A value of 0 disables this timer.
 +#
 +#  Note, if you have a Smart UPS, you will most likely want to disable
 +#    this timer by setting it to zero. That way, you UPS will continue
 +#    on batteries until either the % charge remaing drops to or below BATTERYLEVEL,
 +#    or the remaining battery runtime drops to or below MINUTES.  Of course,
 +#    if you are testing, setting this to 60 causes a quick system shutdown
 +#    if you pull the power plug.   
 +#  If you have an older dumb UPS, you will want to set this to less than
 +#    the time you know you can run on batteries.
 +TIMEOUT 0
 +
 +#  Time in seconds between annoying users to signoff prior to
 +#  system shutdown. 0 disables.
 +ANNOY 300
 +
 +# Initial delay after power failure before warning users to get
 +# off the system.
 +ANNOYDELAY 60
 +
 +# The condition which determines when users are prevented from
 +# logging in during a power failure.
 +# NOLOGON <string> [ disable | timeout | percent | minutes | always ]
 +NOLOGON disable
 +
 +# If KILLDELAY is non-zero, apcupsd will continue running after a
 +# shutdown has been requested, and after the specified time in
 +# seconds attempt to kill the power. This is for use on systems
 +# where apcupsd cannot regain control after a shutdown.
 +# KILLDELAY <seconds>  0 disables
 +KILLDELAY 0
 +
 +#
 +# ==== Configuration statements for Network Information Server ====
 +#
 +
 +# NETSERVER [ on | off ] on enables, off disables the network
 +#  information server. If netstatus is on, a network information
 +#  server process will be started for serving the STATUS and
 +#  EVENT data over the network (used by CGI programs).
 +NETSERVER on
 +
 +# NISIP <dotted notation ip address>
 +#  IP address on which NIS server will listen for incoming connections.
 +#  This is useful if your server is multi-homed (has more than one
 +#  network interface and IP address). Default value is 0.0.0.0 which
 +#  means any incoming request will be serviced. Alternatively, you can
 +#  configure this setting to any specific IP address of your server and 
 +#  NIS will listen for connections only on that interface. Use the
 +#  loopback address (127.0.0.1) to accept connections only from the
 +#  local machine.
 +NISIP 0.0.0.0
 +
 +# NISPORT <port> default is 3551 as registered with the IANA
 +#  port to use for sending STATUS and EVENTS data over the network.
 +#  It is not used unless NETSERVER is on. If you change this port,
 +#  you will need to change the corresponding value in the cgi directory
 +#  and rebuild the cgi programs.
 +NISPORT 3551
 +
 +# If you want the last few EVENTS to be available over the network
 +# by the network information server, you must define an EVENTSFILE.
 +EVENTSFILE /var/log/apcupsd.events
 +
 +# EVENTSFILEMAX <kilobytes>
 +#  By default, the size of the EVENTSFILE will be not be allowed to exceed
 +#  10 kilobytes.  When the file grows beyond this limit, older EVENTS will
 +#  be removed from the beginning of the file (first in first out).  The
 +#  parameter EVENTSFILEMAX can be set to a different kilobyte value, or set
 +#  to zero to allow the EVENTSFILE to grow without limit.
 +EVENTSFILEMAX 10
 +
 +#
 +# ========== Configuration statements used if sharing =============
 +#            a UPS with more than one machine
 +
 +#
 +# Remaining items are for ShareUPS (APC expansion card) ONLY
 +#
 +
 +# UPSCLASS [ standalone | shareslave | sharemaster ]
 +#   Normally standalone unless you share an UPS using an APC ShareUPS
 +#   card.
 +UPSCLASS standalone
 +
 +# UPSMODE [ disable | share ]
 +#   Normally disable unless you share an UPS using an APC ShareUPS card.
 +UPSMODE disable
 +
 +#
 +# ===== Configuration statements to control apcupsd system logging ========
 +#
 +
 +# Time interval in seconds between writing the STATUS file; 0 disables
 +STATTIME 0
 +
 +# Location of STATUS file (written to only if STATTIME is non-zero)
 +STATFILE /var/log/apcupsd.status
 +
 +# LOGSTATS [ on | off ] on enables, off disables
 +# Note! This generates a lot of output, so if         
 +#       you turn this on, be sure that the
 +#       file defined in syslog.conf for LOG_NOTICE is a named pipe.
 +#  You probably do not want this on.
 +LOGSTATS off
 +
 +# Time interval in seconds between writing the DATA records to
 +#   the log file. 0 disables.
 +DATATIME 0
 +
 +# FACILITY defines the logging facility (class) for logging to syslog. 
 +#          If not specified, it defaults to "daemon". This is useful 
 +#          if you want to separate the data logged by apcupsd from other
 +#          programs.
 +#FACILITY DAEMON
 +
 +#
 +# ========== Configuration statements used in updating the UPS EPROM =========
 +#
 +
 +#
 +# These statements are used only by apctest when choosing "Set EEPROM with conf
 +# file values" from the EEPROM menu. THESE STATEMENTS HAVE NO EFFECT ON APCUPSD.
 +#
 +
 +# UPS name, max 8 characters 
 +#UPSNAME UPS_IDEN
 +
 +# Battery date - 8 characters
 +#BATTDATE mm/dd/yy
 +
 +# Sensitivity to line voltage quality (H cause faster transfer to batteries)  
 +# SENSITIVITY H M L        (default = H)
 +#SENSITIVITY H
 +
 +# UPS delay after power return (seconds)
 +# WAKEUP 000 060 180 300   (default = 0)
 +#WAKEUP 60
 +
 +# UPS Grace period after request to power off (seconds)
 +# SLEEP 020 180 300 600    (default = 20)
 +#SLEEP 180
 +
 +# Low line voltage causing transfer to batteries
 +# The permitted values depend on your model as defined by last letter 
 +#  of FIRMWARE or APCMODEL. Some representative values are:
 +#    D 106 103 100 097
 +#    M 177 172 168 182
 +#    A 092 090 088 086
 +#    I 208 204 200 196     (default = 0 => not valid)
 +#LOTRANSFER  208
 +
 +# High line voltage causing transfer to batteries
 +# The permitted values depend on your model as defined by last letter 
 +#  of FIRMWARE or APCMODEL. Some representative values are:
 +#    D 127 130 133 136
 +#    M 229 234 239 224
 +#    A 108 110 112 114
 +#    I 253 257 261 265     (default = 0 => not valid)
 +#HITRANSFER 253
 +
 +# Battery charge needed to restore power
 +# RETURNCHARGE 00 15 50 90 (default = 15)
 +#RETURNCHARGE 15
 +
 +# Alarm delay 
 +# 0 = zero delay after pwr fail, T = power fail + 30 sec, L = low battery, N = never
 +# BEEPSTATE 0 T L N        (default = 0)
 +#BEEPSTATE T
 +
 +# Low battery warning delay in minutes
 +# LOWBATT 02 05 07 10      (default = 02)
 +#LOWBATT 2
 +
 +# UPS Output voltage when running on batteries
 +# The permitted values depend on your model as defined by last letter 
 +#  of FIRMWARE or APCMODEL. Some representative values are:
 +#    D 115
 +#    M 208
 +#    A 100
 +#    I 230 240 220 225     (default = 0 => not valid)
 +#OUTPUTVOLTS 230
 +
 +# Self test interval in hours 336=2 weeks, 168=1 week, ON=at power on
 +# SELFTEST 336 168 ON OFF  (default = 336)
 +#SELFTEST 336</file>
 +
 +=== Programmstart ===
 +Haben wir die Konfiguration unseren Wünschen nach angepasst, steht dem Start des **apcupsd** nichts mehr im Wege.
 +   # systemctl start apcupsd.service
 +
 +Damit der Daemon automatisch beim Starten des Servers gleich mitstartet, aktivieren wir gleich noch den Autostart des Daemon.
 +   # systemctl enable apcupsd.service
 +
 +Created symlink from /etc/systemd/system/multi-user.target.wants/apcupsd.service to /usr/lib/systemd/system/apcupsd.service.
 +
 +Den erfolgreichen Start des Daemon können wir wie folgt abfragen.
 +   # systemctl start apcupsd.service
 +
 +<html><pre class="code">
 +<font style="color: rgb(0, 255, 0)"><b>● </b></font><font style="color: rgb(0, 0, 0)">apcupsd.service - APC UPS Power Control Daemon for Linux
 +   Loaded: loaded (/usr/lib/systemd/system/apcupsd.service; disabled; vendor preset: disabled)
 +   Active: <font style="color: rgb(0, 255, 0)"><b>active (running) </b></font><font style="color: rgb(0, 0, 0)"> since Sun 2017-01-08 11:41:41 CET; 1s ago
 +  Process: 1750 ExecStartPre=/bin/rm -f /etc/apcupsd/powerfail (code=exited, status=0/SUCCESS)
 + Main PID: 1752 (apcupsd)
 +   CGroup: /system.slice/apcupsd.service
 +           └─1752 /sbin/apcupsd -b -f /etc/apcupsd/apcupsd.conf
 +
 +Jan 08 11:41:41 vml000127.dmz.nausch.org systemd[1]: Starting APC UPS Power Control Daemon for Linux...
 +Jan 08 11:41:41 vml000127.dmz.nausch.org systemd[1]: Started APC UPS Power Control Daemon for Linux.
 +Jan 08 11:41:41 vml000127.dmz.nausch.org apcupsd[1752]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded
 +Jan 08 11:41:41 vml000127.dmz.nausch.org apcupsd[1752]: NIS server startup succeeded</font>
 +</pre></html>
 +
 +Im Syslog wird der erfolgreiche Start entsprechend dokumentiert.
 +   # less /var/log/messages
 +
 +  Jan  8 11:41:41 vml000127 apcupsd[1752]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded
 +  Jan  8 11:41:41 vml000127 apcupsd[1752]: NIS server startup succeeded
 +
 +Ebenso erfolgt ein zum Start des Daemon gehöriger Log-Eintrag in der Log-/Events-Datei des **apcupsd**.
 +   # cat /var/log/apcupsd.events
 +
 +  2017-01-08 22:24:57 +0100  apcupsd 3.14.12 (29 March 2014) redhat startup succeeded
 +
 +=== Statusabfrage ===
 +Zur Abfrage des aktuellen Status unseres **apcupsd** verwenden wir das Programm **apcaccess**.
 +
 +# /sbin/apcaccess 
 +<code>APC      : 001,051,1170
 +DATE     : 2017-01-08 14:53:11 +0100  
 +HOSTNAME : vml000127.dmz.nausch.org
 +VERSION  : 3.14.12 (29 March 2014) redhat
 +UPSNAME  : APC1400
 +CABLE    : Custom Cable Smart
 +DRIVER   : APC Smart UPS (any)
 +UPSMODE  : Stand Alone
 +STARTTIME: 2017-01-08 14:52:58 +0100  
 +MODEL    : SMART-UPS 1400 RM
 +STATUS   : ONLINE 
 +LINEV    : 221.0 Volts
 +LOADPCT  : 23.9 Percent
 +BCHARGE  : 100.0 Percent
 +TIMELEFT : 17.0 Minutes
 +MBATTCHG : 5 Percent
 +MINTIMEL : 3 Minutes
 +MAXTIME  : 0 Seconds
 +MAXLINEV : 222.3 Volts
 +MINLINEV : 219.7 Volts
 +OUTPUTV  : 221.0 Volts
 +SENSE    : High
 +DWAKE    : 0 Seconds
 +DSHUTD   : 20 Seconds
 +DLOWBATT : 2 Minutes
 +LOTRANS  : 196.0 Volts
 +HITRANS  : 253.0 Volts
 +RETPCT   : 0.0 Percent
 +ITEMP    : 27.4 C
 +ALARMDEL : 5 Seconds
 +BATTV    : 27.6 Volts
 +LINEFREQ : 50.0 Hz
 +LASTXFER : Automatic or explicit self test
 +NUMXFERS : 0
 +TONBATT  : 0 Seconds
 +CUMONBATT: 0 Seconds
 +XOFFBATT : N/A
 +SELFTEST : NO
 +STESTI   : 336
 +STATFLAG : 0x05000008
 +DIPSW    : 0x00
 +REG1     : 0x00
 +REG2     : 0x00
 +REG3     : 0x00
 +MANDATE  : 09/23/99
 +SERIALNO : GS9939006549
 +BATTDATE : 09/23/99
 +NOMOUTV  : 230 Volts
 +NOMBATTV : 24.0 Volts
 +EXTBATTS : 0
 +FIRMWARE : 72.11.I
 +END APC  : 2017-01-08 14:53:15 +0100</code>
 +
 +=== Statusbenachrichtigungen per eMail ===
 +Bei einem Stromausfall oder anderen Störungen wird automatisch der User **root** per eMail informiert.
 +<code>Date:    Son, 8 Jul 2016 23:23:01 +0200
 +From:    root@nausch.org (root)
 +To:      root@nausch.org
 +Subject: vml000127.dmz.nausch.org Power Failure !!!
 +
 +
 +vml000127.dmz.nausch.org Power Failure !!!
 + 
 +APC      : 001,051,1170
 +DATE     : 2017-01-08 14:53:11 +0100  
 +HOSTNAME : vml000127.dmz.nausch.org
 +VERSION  : 3.14.12 (29 March 2014) redhat
 +UPSNAME  : APC1400
 +CABLE    : Custom Cable Smart
 +DRIVER   : APC Smart UPS (any)
 +UPSMODE  : Stand Alone
 +STARTTIME: 2012-07-28 16:31:25 +0200  
 +MODEL    : SMART-UPS 1400 RM
 +STATUS   : ONBATT 
 +LINEV    : 000.0 Volts
 +LOADPCT  :  33.2 Percent Load Capacity
 +BCHARGE  : 100.0 Percent
 +TIMELEFT :  10.0 Minutes
 +MBATTCHG : 5 Percent
 +MINTIMEL : 3 Minutes
 +MAXTIME  : 0 Seconds
 +MAXLINEV : 000.0 Volts
 +MINLINEV : 000.0 Volts
 +OUTPUTV  : 230.4 Volts
 +SENSE    : High
 +DWAKE    : 000 Seconds
 +DSHUTD   : 020 Seconds
 +DLOWBATT : 02 Minutes
 +LOTRANS  : 196.0 Volts
 +HITRANS  : 253.0 Volts
 +RETPCT   : 000.0 Percent
 +ITEMP    : 33.7 C Internal
 +ALARMDEL : 5 seconds
 +BATTV    : 24.4 Volts
 +LINEFREQ : 50.0 Hz
 +LASTXFER : Line voltage notch or spike
 +NUMXFERS : 1
 +XONBATT  : 2012-07-30 17:22:55 +0200  
 +TONBATT  : 6 seconds
 +CUMONBATT: 6 seconds
 +XOFFBATT : N/A
 +SELFTEST : NO
 +STESTI   : 336
 +STATFLAG : 0x07060010 Status Flag
 +DIPSW    : 0x00 Dip Switch
 +REG1     : 0x00 Register 1
 +REG2     : 0x00 Register 2
 +REG3     : 0x00 Register 3
 +MANDATE  : 09/23/99
 +SERIALNO : GS9939006549
 +BATTDATE : 09/23/99
 +NOMOUTV  : 230 Volts
 +NOMBATTV :  24.0 Volts
 +EXTBATTS : 0
 +FIRMWARE : 72.11.I
 +END APC  : 2017-01-08 23:23:01 +0200  
 +</code>
 +
 +Wird die Stromversorgung wieder hergestellt, erfolgt erneut eine positive Rückmeldung per eMail.
 +<code>Date:    Son, 1 Jan 2017 23:23:59 +0200
 +From:    root@nausch.org (root)
 +To:      root@nausch.org
 +Subject: vml000127.dmz.nausch.org Power has returned
 +
 +
 +vml000127.dmz.nausch.org Power has returned
 + 
 +APC      : 001,051,1170
 +DATE     : 2017-01-08 14:53:11 +0100  
 +HOSTNAME : vml000127.dmz.nausch.org
 +VERSION  : 3.14.12 (29 March 2014) redhat
 +UPSNAME  : APC1400
 +CABLE    : Custom Cable Smart
 +DRIVER   : APC Smart UPS (any)
 +UPSMODE  : Stand Alone
 +STARTTIME: 2012-07-28 16:31:25 +0200  
 +MODEL    : SMART-UPS 1400 RM
 +STATUS   : ONLINE 
 +LINEV    : 227.5 Volts
 +LOADPCT  :  33.2 Percent Load Capacity
 +BCHARGE  : 090.0 Percent
 +TIMELEFT :   9.0 Minutes
 +MBATTCHG : 5 Percent
 +MINTIMEL : 3 Minutes
 +MAXTIME  : 0 Seconds
 +MAXLINEV : 000.0 Volts
 +MINLINEV : 024.7 Volts
 +OUTPUTV  : 228.8 Volts
 +SENSE    : High
 +DWAKE    : 000 Seconds
 +DSHUTD   : 020 Seconds
 +DLOWBATT : 02 Minutes
 +LOTRANS  : 196.0 Volts
 +HITRANS  : 253.0 Volts
 +RETPCT   : 000.0 Percent
 +ITEMP    : 33.3 C Internal
 +ALARMDEL : 5 seconds
 +BATTV    : 25.9 Volts
 +LINEFREQ : 50.0 Hz
 +LASTXFER : Line voltage notch or spike
 +NUMXFERS : 1
 +XONBATT  : 2012-07-30 17:22:55 +0200  
 +TONBATT  : 0 seconds
 +CUMONBATT: 64 seconds
 +XOFFBATT : 2012-07-30 17:23:59 +0200  
 +SELFTEST : NO
 +STESTI   : 336
 +STATFLAG : 0x07040008 Status Flag
 +DIPSW    : 0x00 Dip Switch
 +REG1     : 0x00 Register 1
 +REG2     : 0x00 Register 2
 +REG3     : 0x00 Register 3
 +MANDATE  : 09/23/99
 +SERIALNO : GS9939006549
 +BATTDATE : 09/23/99
 +NOMOUTV  : 230 Volts
 +NOMBATTV :  24.0 Volts
 +EXTBATTS : 0
 +FIRMWARE : 72.11.I
 +END APC  : 2017-01-08 23:23:59 +0200  
 +</code>
 +
 +
 +
 +
 +===== apcupsd-gui =====
 +Hat man auf dem Server einen X-server am laufen, muss man sich nicht auf die textbasierten Informationen zurückgreifen. Hier kann man auch auf das **GUI**((**G**raphical **U**ser **I**nterface)) für den APCUPS-Daemon zurückgreifen. Die Installation dieser GUI erfolgt wie **yum**.
 +   # yum install -y apcupsd-gui
 +
 +Den Inhalt des RPM-Paketes erforscht man bei Interesse wie folgt.
 +   # rpm -qil apcupsd-gui
 +<code>Name        : apcupsd-gui
 +Version     : 3.14.12
 +Release     : 1.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 02:58:20 PM CET
 +Group       : Applications/System
 +Size        : 135050
 +License     : GPLv2
 +Signature   : RSA/SHA256, Thu 22 Jan 2015 01:39:58 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
 +Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
 +Build Host  : buildhw-04.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.apcupsd.com
 +Summary     : GUI interface for apcupsd
 +Description :
 +A GUI interface to the APC UPS monitoring daemon.
 +/usr/bin/gapcmon
 +/usr/share/applications/gapcmon.desktop
 +/usr/share/pixmaps/apcupsd.png
 +/usr/share/pixmaps/charging.png
 +/usr/share/pixmaps/gapc_prefs.png
 +/usr/share/pixmaps/onbatt.png
 +/usr/share/pixmaps/online.png
 +/usr/share/pixmaps/unplugged.png</code>
 +
 +Der Start der GUI erfolgt über das Startmenü oder durch Aufruf des Befehls **gamcmon** nach Eingabe der Tatsenkobination **ALT**+**F2**.
 +
 +{{ :centos:apcupsd-gui-01.png?direct&800 |Bild: Bildschirmhardcopy des APCUPS-Dämon}}
 +
 +
 +===== apcupsd-cgi =====
 +Eine weitere Möglichkeit zur Visualisierung der Stati unseres APCUPS-Daemon ist die Verwendung einer WEB-GUI, so dass von berechtigten Hosts, Netzen und/oder Nutzern eine Statusabfrage im Intra- oder auch Internet erfolgen kann. Die notwendigen Programmteile und Konfigurationsbeispiele sind in dem RPm-Paket **apcupsd-cgi** enthalten.
 +
 +==== Installation ====
 +Dieses Paket installieren wir nun mit Unterstützung des Befehls **yum**.
 +   # yum install apcupsd-cgi
 +
 +Den Inhalt des Paketes und auch den Speicherort ermitteln wir wie gewohnt mittels **rpm** und der Option //-qil//.
 +   # rpm -qil apcupsd-cgi
 +
 +<code>Name        : apcupsd-cgi
 +Version     : 3.14.12
 +Release     : 1.el7
 +Architecture: x86_64
 +Install Date: Sun 08 Jan 2017 03:05:58 PM CET
 +Group       : Applications/Internet
 +Size        : 121261
 +License     : GPLv2
 +Signature   : RSA/SHA256, Thu 22 Jan 2015 01:28:22 AM CET, Key ID 6a2faea2352c64e5
 +Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
 +Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
 +Build Host  : buildhw-04.phx2.fedoraproject.org
 +Relocations : (not relocatable)
 +Packager    : Fedora Project
 +Vendor      : Fedora Project
 +URL         : http://www.apcupsd.com
 +Summary     : Web interface for apcupsd
 +Description :
 +A CGI interface to the APC UPS monitoring daemon.
 +/etc/apcupsd/apcupsd.css
 +/etc/apcupsd/hosts.conf
 +/etc/apcupsd/multimon.conf
 +/etc/httpd/conf.d/apcupsd.conf
 +/var/www/apcupsd
 +/var/www/apcupsd/multimon.cgi
 +/var/www/apcupsd/upsfstats.cgi
 +/var/www/apcupsd/upsimage.cgi
 +/var/www/apcupsd/upsstats.cgi</code>
 +
 +==== Konfiguration ====
 +Da wir die WEB-GUI über einen separaten Apache vHOST ansprechen wollen deaktivieren wir als erstes die mitgelieferte Apache Konfigurationsdatei //**/etc/httpd/conf.d/apcupsd.conf**// in dem wir alle Zeilen auskommentieren. 
 +
 +Die Installation und Konfiguration des **//[[centos:web_c7:apache_1|Apache httpd, "der" WEB-Server unter CentOS 7.x]]//** sowie die Konfiguration //**[[centos:web_c7:apache_2|SSL gesicherter Webserver mit mod_ssl für Apache httpd 2.4 unter CentOS 7.x]]**// werden entsprechend vorausgesetzt.
 +   # vim /etc/httpd/conf.d/apcupsd.conf
 +<file apache /etc/httpd/conf.d/apcupsd.conf>##
 +## apcupsd configuration file for Apache Web server
 +##
 +#
 +## files are off the documentroot of Web server
 +#Alias /apcupsd /var/www/apcupsd
 +#<Directory /var/www/apcupsd>
 +# AddHandler cgi-script cgi pl
 +# Options ExecCGI
 +#</Directory>
 +#
 +##
 +## Allow only local access at default
 +## Change the ".example.com" to match your domain or modify
 +## access rights to your needs to enable remote access also.
 +##
 +#<Directory "/var/www/apcupsd">
 +#    DirectoryIndex upsstats.cgi
 +#    AllowOverride None
 +#    Options ExecCGI Indexes
 +#  <IfModule mod_authz_core.c>
 +#    # Apache 2.4
 +#    Require local
 +#  </IfModule>
 +#  <IfModule !mod_authz_core.c>
 +#    # Apache 2.2
 +#    Order deny,allow
 +#    Deny from all
 +#    Allow from 127.0.0.1
 +#    Allow from ::1
 +#  </IfModule>
 +#</Directory></file>
 +
 +Die Konfiguration unseres Apache vHOST erledigen wir mit Hilfe einer eigenen Konfigurationsdatei //**/etc/httpd/conf.d/3rd_apcupsd.conf**//.
 +
 +<file bash /etc/httpd/conf.d/3rd_apcupsd.conf>#
 +# power.nausch.org
 +#
 +<VirtualHost *:80>
 +        ServerAdmin webmaster@nausch.org
 +        ServerName power.nausch.org
 +        ServerPath /
 +        DocumentRoot "/var/www/apcupsd"
 +        AddHandler cgi-script .cgi
 + DirectoryIndex multimon.cgi
 +
 + <Directory /var/www/apcupsd>
 +        Require all granted
 +        AddHandler cgi-script cgi pl
 +        Options ExecCGI
 + </Directory>
 +
 +        AddType application/x-httpd-php .php
 +        ErrorLog logs/power_error.log
 +        CustomLog logs/power_access.log combined
 +</VirtualHost>
 +</file>
 +
 +Den Zugriff werden wir natürlich entsprechend beschneiden und den Transportweg absichern. Auf unserem HTTP-Proxy-Host legen wir hierzu eine passende vHOST-Konfigurationsdatei an.
 +   # vim /etc/httpd/conf.d/3rd_power.conf
 +<file apache /etc/httpd/conf.d/3rd_power.conf>#
 +# Django : 2015-10-29
 +#          vHost power
 +#
 +
 +# Variablen der Hostvariablen
 +Define vhost power
 +Define errors_log logs/${vhost}_error.log
 +Define access_log logs/${vhost}_access.log
 +Define ssl_log logs/${vhost}_ssl_request.log
 +
 +<VirtualHost 10.0.0.97:80>
 +    ServerAdmin webmaster@nausch.org
 +    ServerName ${vhost}.nausch.org
 +
 +    RewriteEngine on
 +    RewriteCond %{HTTPS} off
 +    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 +
 +    # Welche Logdateien sollen beschrieben werden
 +    SetEnvIf Remote_Addr "10\.0\.0\.20" dontlog
 +    ErrorLog  ${errors_log}
 +    CustomLog ${access_log} combined env=!dontlog
 +</VirtualHost>
 +<VirtualHost 10.0.0.97:443>
 +    ServerAdmin webmaster@nausch.org
 +    ServerName ${vhost}.nausch.org
 +    ServerPath /
 +
 +    # Wer soll Zugriff auf die Webseite(n) bekommen?
 +    <Proxy *>
 +        Options +FollowSymLinks +Multiviews -Indexes
 +        AllowOverride None
 +        AuthType Basic
 +        AuthName "Fuer den Zugriff auf den Webserver bitte Anmeldedaten eingeben!"
 +        AuthBasicProvider ldap
 +        AuthLDAPUrl ldaps://openldap.dmz.nausch.org:636/ou=People,dc=nausch,dc=org?uid
 +        AuthLDAPBindDN cn=TechnischerUser,dc=nausch,dc=org
 +        AuthLDAPBindPassword "MwDWrcdRnw95zMt7A5bS/dPnEHuuO7h0"
 +        AuthLDAPBindAuthoritative on
 +        Require ldap-user django
 +    </Proxy>
 +
 +   # Welcher Inhalt soll angezeigt bzw. auf welchen Server sollen die HTTP-Requests weitergeleitet werden?
 +    ProxyRequests Off
 +    ProxyPreserveHost On
 +    ProxyPass / http://10.0.0.127/
 +    ProxyPassReverse / http://10.0.0.127/
 +
 +    # Welche Logdateien sollen beschrieben werden
 +    SetEnvIf Remote_Addr "10\.0\.0\.20" dontlog
 +    ErrorLog  ${errors_log}
 +    CustomLog ${access_log} combined env=!dontlog
 +    CustomLog ${ssl_log} "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 +
 +    # Absicherung der Übertragung mit Hilfe von TLS
 +    # Django : 2015-10-04 - TLS-Verschlüsselung mit Hilfe von mod_ssl
 +    SSLEngine on
 +    # Definition der anzubietenden Protokolle
 +    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 +    # Definition der Cipher
 +    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384
 +    # Schlüsseldatei, mit der der CSR erstellt wurde
 +    SSLCertificateKeyFile /etc/pki/tls/private/power.nausch.org.serverkey.pem
 +    # Zertifikatsdatei, die von der CA signiert wurde
 +    SSLCertificateFile /etc/pki/tls/certs/power.nausch.org.certificate_161118.pem
 +    # Zertifikatsdatei des bzw. der Intermediate-Zertifikate(s)
 +    SSLCertificateChainFile /etc/pki/tls/certs/AlphaSSL_Intermediate.certificate.pem
 +    # Änderung der Cipherorder der Clients verneinen 
 +    SSLHonorCipherOrder on
 +    # TLS 1.0 Kompremmierung deaktivieren (CRIME attacks)
 +    SSLCompression off
 +    # Online Certificate Status Protocol stapling zum Prüfen des Gültigkeitsstatus des Serverzertifikats.
 +    SSLUseStapling on
 +    SSLStaplingResponderTimeout 5
 +    SSLStaplingReturnResponderErrors off
 +
 +    # HTTP Strict Transport Security (HSTS), bei dem der Server dem Client im HTTP-Header mitteilt,
 +    # dass dieser nur noch verschlüsselt mit dem Server kommunizieren soll.
 +    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 +
 +    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
 +    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
 +    # this particular website if it was disabled by the user.
 +    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
 +    #Header set X-XSS-Protection "1; mode=block"
 +    Header always set X-Xss-Protection "1; mode=block"
 +
 +    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
 +    # to disable content-type sniffing on some browsers.
 +    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
 +    # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
 +    # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
 +    # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
 +    # Sofern die Datei auch den entsprechenden MIME-Typ "text/css" entspricht, soll der Browser 
 +    # CSS-Dateien nur als CSS interprätieren.
 +    Header always set X-Content-Type-Options nosniff
 +
 +    # config to don't allow the browser to render the page inside an frame or iframe
 +    # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
 +    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
 +    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
 +    ###header set X-Frame-Options SAMEORIGIN
 +    header always set X-Frame-Options DENY
 +
 +    # hide server header (apache and php version)
 +    Header always unset Server
 +
 +    # Only allow JavaScript from the same domain to be run.
 +    # don't allow inline JavaScript to run.
 +    Header always set X-Content-Security-Policy "allow 'self';"
 +
 +    # Add Secure and HTTP only attributes to cookies
 +    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
 +
 +    # prevent Clickjacking Attack
 +    #Header always append X-Frame-Options SAMEORIGIN
 +    Header always set X-Frame-Options "SAMEORIGIN"
 +
 +    # hkpk-stuff
 +    Header always set Public-Key-Pins "pin-sha256=\"nMiOpb6vUnjCoWCkPkDaG4ND8SNWzFTsQf2ZfruLno0=\"; pin-sha256=\"INhxSQ38nCS6ijaAAyo4xAhAZj9xeL3Xaak+GGiM2fo=\"; max-age=2592000; report-uri=\"https://nausch.report-uri.io/r/default/hpkp/enforce\""
 +</VirtualHost></file>
 +
 +Bevor wir zur Aktivierung unserer Konfigurationsänderungen den bzw. die HTTP-Daemon einmal durchstarten überprüfen wir unsere Apache-Konfigurationsdateien auf syntaktische Fehler.
 +   # apachectl -t
 +
 +  Syntax OK
 +
 +Ist alles O.K. starten wir den/die Daemon nun einmal neu.
 +   # systemctl restart httpd.service
 +
 +<html><pre class="code">
 +<font style="color: rgb(0, 255, 0)"><b>● </b></font><font style="color: rgb(0, 0, 0)">httpd.service - The Apache HTTP Server
 +   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
 +   Active: <font style="color: rgb(0, 255, 0)"><b>active (running) </b></font><font style="color: rgb(0, 0, 0)"> since Mon 2017-01-09 11:03:23 CET; 48s ago
 +     Docs: man:httpd(8)
 +           man:apachectl(8)
 +  Process: 11642 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 + Main PID: 11647 (httpd)
 +   Status: "Total requests: 2; Current requests/sec: 0.1; Current traffic: 307 B/sec"
 +   CGroup: /system.slice/httpd.service
 +           ├─11647 /usr/sbin/httpd -DFOREGROUND
 +           ├─11648 /usr/sbin/httpd -DFOREGROUND
 +           ├─11649 /usr/sbin/httpd -DFOREGROUND
 +           ├─11650 /usr/sbin/httpd -DFOREGROUND
 +           ├─11651 /usr/sbin/httpd -DFOREGROUND
 +           ├─11652 /usr/sbin/httpd -DFOREGROUND
 +           └─11699 /usr/sbin/httpd -DFOREGROUND
 +
 +Jan 09 11:03:23 vml000127.dmz.nausch.org systemd[1]: Starting The Apache HTTP Server...
 +Jan 09 11:03:23 vml000127.dmz.nausch.org systemd[1]: Started The Apache HTTP Server.</font>
 +</pre></html>
 +
 +Nun starten wir einen Browser und öffnen die zugehörige URL.
 +   $ konqueror http://power.nausch.org
 +
 +Im ersten Bild sehen wir die Startseite der WEB-GUI.
 +
 +{{ :centos:apcupsd-cgi-01.png?direct&800 |BILD: WEB GUI des APCUPS-Daemon}}
 +
 +Das zweite Bild zeigt die Übersicht zu den aktuellen Stati unserer USV.
 +
 +{{ :centos:apcupsd-cgi-02.png?direct&800 |BILD: WEB GUI des APCUPS-Daemon}}
 +
 +Eine Ansicht aller Detailangaben zeigt das dritte Bild.
 +
 +{{ :centos:apcupsd-cgi-03.png?direct&800 |BILD: WEB GUI des APCUPS-Daemon}}
 +
 +====== Links ======
 +  * **[[wiki:start| ⇐ Zurück zu Projekte und Themenkapitel]]**
 +  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**
 +
 +
 +