APC UPS Daemon unter CentOS 7.x

Bild: Photo vom Serverschrank Bild: APC UPSD Logo

Beim Betrieb eines Servers ist der Einsatz einer gesicherten Energieversorgung natürlich obligatorisch. Im RZ1) stehen dazu meist unterbrechungsfreie Stromversorgungen, Ersatznetze oder auch Notstromaggregate zur Verfügung. Kann man auf derartige Techniken nicht zurückgreifen, lohnt sich die Anschaffung einer eigenen USV.

Bild: Photo der APC Smart-UPS SU1400RMI 3HESo kommt z.B. bei nausch.org eine APC Smart-UPS SU1400RMI 3HE zum Einsatz. Zur Überwachung, Verwaltung und Administration wird APCUPSD verwendet. In diesem Kapitel werden wir uns mit der Installation und Konfiguration des Daemon befassen.

Eine ausführliche Programmdokumentation ist auf der Seite APCUPSD User Manual zu finden.

Die Verbindung zwischen der USV und dem Server erfolgt mittels zugehörigem seriellen Verbindungskabel vom Typ 940-0024B und einem 4-port USB/UART-Adapter DIGITUS USB 2.0 zu 4xRS232 Kabel.

Mit Hilfe der installierten usbutiuls können Details zum USB_Adapter abgefragt werden.

Bei Bedarf installieren wir uns also besagtes RPM-Paket.

 # yum install usbutils

Den Inhalt des Paketes können wir uns wie folgt anzeigen lassen.

 # rpm -qil usbutils
Name        : usbutils
Version     : 007
Release     : 5.el7
Architecture: x86_64
Install Date: Sun 08 Jan 2017 12:03:27 PM CET
Group       : Applications/System
Size        : 187281
License     : GPLv2+
Signature   : RSA/SHA256, Wed 25 Nov 2015 05:02:14 PM CET, Key ID 24c6a8a7f4a80eb5
Source RPM  : usbutils-007-5.el7.src.rpm
Build Date  : Fri 20 Nov 2015 09:48:55 AM CET
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.linux-usb.org/
Summary     : Linux USB utilities
Description :
This package contains utilities for inspecting devices connected to a
USB bus.
/usr/bin/lsusb
/usr/bin/lsusb.py
/usr/bin/usb-devices
/usr/bin/usbhid-dump
/usr/share/doc/usbutils-007
/usr/share/doc/usbutils-007/AUTHORS
/usr/share/doc/usbutils-007/COPYING
/usr/share/doc/usbutils-007/ChangeLog
/usr/share/doc/usbutils-007/NEWS
/usr/share/doc/usbutils-007/README
/usr/share/man/man1/usb-devices.1.gz
/usr/share/man/man8/lsusb.8.gz
/usr/share/man/man8/usbhid-dump.8.gz
/usr/share/pkgconfig/usbutils.pc

Der Aufruf von lsusb zeigt uns neben den anderen USB-Devices auch unseren 4-Port Adapter.

 # lsusb
Bus 001 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 002: ID 0627:0001 Adomax Technology Co., Ltd 
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Eine ähnliche aussagekräftige Detailanzeige können wir uns mit dem Befehl usb-devices anzeigen lassen.

 # usb-devices 
T:  Bus=01 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#=  3 Spd=480 MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs=  1
P:  Vendor=0403 ProdID=6011 Rev=08.00
S:  Manufacturer=FTDI
S:  Product=FT4232H Device
S:  SerialNumber=FTZ9JWTW
C:  #Ifs= 4 Cfg#= 1 Atr=80 MxPwr=200mA
I:  If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
I:  If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
I:  If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
I:  If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio

Damit der Adapter auch verwendet werden kann, benötigen wir noch die libftdi-Bibliotheken, welche wir nun noch installieren werden.

 # yum install libftdi

Auch hier können wir bei Interesse, den Inhalt des RPM-Paketes anzeigen lassen.

 # rpm -qil libftdi
Name        : libftdi
Version     : 1.1
Release     : 4.el7
Architecture: x86_64
Install Date: Sun 08 Jan 2017 11:55:10 AM CET
Group       : System Environment/Libraries
Size        : 96091
License     : LGPLv2
Signature   : RSA/SHA256, Tue 07 Oct 2014 10:19:03 PM CEST, Key ID 6a2faea2352c64e5
Source RPM  : libftdi-1.1-4.el7.src.rpm
Build Date  : Mon 06 Oct 2014 09:17:24 PM CEST
Build Host  : buildvm-24.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.intra2net.com/de/produkte/opensource/ftdi/
Summary     : Library to program and control the FTDI USB controller
Description :
A library (using libusb) to talk to FTDI's FT2232C,
FT232BM and FT245BM type chips including the popular bitbang mode.
/lib/udev/rules.d/69-libftdi.rules
/usr/lib64/libftdi1.so.2
/usr/lib64/libftdi1.so.2.1.0
/usr/share/doc/libftdi-1.1
/usr/share/doc/libftdi-1.1/AUTHORS
/usr/share/doc/libftdi-1.1/COPYING.LIB
/usr/share/doc/libftdi-1.1/ChangeLog
/usr/share/doc/libftdi-1.1/README

Installation

Zur Administration unserer USV benötien wir nun noch einen passenden Daemon, den apcupsd. Das RPM-Paket aus dem Repository Extra Packages for Enterprise Linux (EPEL) installieren wir wie gewohnt mittels yum

 # yum install apcupsd

Welche Verzeichnisse und Dateien uns die Installation eben ins System brachte, lassen wir uns mit Unterstützung des Befehls rpm und der Option qil anzeigen.

 # rpm -qil apcupsd
Name        : apcupsd
Version     : 3.14.12
Release     : 1.el7
Architecture: x86_64
Install Date: Sun 08 Jan 2017 01:02:05 AM CET
Group       : System Environment/Daemons
Size        : 1492686
License     : GPLv2
Signature   : RSA/SHA256, Thu 22 Jan 2015 01:28:09 AM CET, Key ID 6a2faea2352c64e5
Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
Build Host  : buildhw-04.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.apcupsd.com
Summary     : APC UPS Power Control Daemon for Linux
Description :
Apcupsd can be used for controlling most APC UPSes. During a
power failure, apcupsd will inform the users about the power
failure and that a shutdown may occur.  If power is not restored,
a system shutdown will follow when the battery is exausted, a
timeout (seconds) expires, or the battery runtime expires based
on internal APC calculations determined by power consumption
rates.  If the power is restored before one of the above shutdown
conditions is met, apcupsd will inform users about this fact.
Some features depend on what UPS model you have (simple or smart).
/etc/apcupsd
/etc/apcupsd/apccontrol
/etc/apcupsd/apcupsd.conf
/etc/apcupsd/changeme
/etc/apcupsd/commfailure
/etc/apcupsd/commok
/etc/apcupsd/offbattery
/etc/apcupsd/onbattery
/etc/logrotate.d/apcupsd
/lib/systemd/system-shutdown/apcupsd_shutdown
/lib/systemd/system/apcupsd.service
/sbin/apcaccess
/sbin/apctest
/sbin/apcupsd
/sbin/smtp
/usr/share/doc/apcupsd-3.14.12
/usr/share/doc/apcupsd-3.14.12/COPYING
/usr/share/doc/apcupsd-3.14.12/ChangeLog
/usr/share/doc/apcupsd-3.14.12/ReleaseNotes
/usr/share/doc/apcupsd-3.14.12/examples
/usr/share/doc/apcupsd-3.14.12/examples/Makefile
/usr/share/doc/apcupsd-3.14.12/examples/SmartUPS1400.snmp
/usr/share/doc/apcupsd-3.14.12/examples/client.c
/usr/share/doc/apcupsd-3.14.12/examples/gui
/usr/share/doc/apcupsd-3.14.12/examples/gui/about.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/apcupsd.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/dialog.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/events.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/mainwindow.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/pkgIndex.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/splash.tcl
/usr/share/doc/apcupsd-3.14.12/examples/gui/status.tcl
/usr/share/doc/apcupsd-3.14.12/examples/hid-set.c
/usr/share/doc/apcupsd-3.14.12/examples/hid-ups.c
/usr/share/doc/apcupsd-3.14.12/examples/hiddev-hiddev.h-cleanup-2.4.patch
/usr/share/doc/apcupsd-3.14.12/examples/hiddev.h
/usr/share/doc/apcupsd-3.14.12/examples/hiddev.txt
/usr/share/doc/apcupsd-3.14.12/examples/index.php
/usr/share/doc/apcupsd-3.14.12/examples/libusb.h
/usr/share/doc/apcupsd-3.14.12/examples/linux-2.4.20-USB-reject.patch
/usr/share/doc/apcupsd-3.14.12/examples/linux-2.4.20-killpower.patch
/usr/share/doc/apcupsd-3.14.12/examples/linux-2.6.0-USB-queue-overflow.patch
/usr/share/doc/apcupsd-3.14.12/examples/linux-usb-patch-email.txt
/usr/share/doc/apcupsd-3.14.12/examples/linux-usb-patch2-email.txt
/usr/share/doc/apcupsd-3.14.12/examples/make-hiddev
/usr/share/doc/apcupsd-3.14.12/examples/megaclient.c
/usr/share/doc/apcupsd-3.14.12/examples/nagios_plugin_check_apcupsd.c
/usr/share/doc/apcupsd-3.14.12/examples/newslave.c
/usr/share/doc/apcupsd-3.14.12/examples/offbattery.cpufreq
/usr/share/doc/apcupsd-3.14.12/examples/onbattery.cpufreq
/usr/share/doc/apcupsd-3.14.12/examples/php-monitor.txt
/usr/share/doc/apcupsd-3.14.12/examples/rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-350-USB.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-350ES.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-500-USB.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-500ES.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-BR-800.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-CS-650.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-ES-550.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Back-UPS-XS-1300-LCD.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/BackUPS.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/Smart-UPS-1500.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/SmartUPS-USB.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/SmartUPS.rpt
/usr/share/doc/apcupsd-3.14.12/examples/rpt/hid-ups.rpt
/usr/share/doc/apcupsd-3.14.12/examples/safe.apccontrol
/usr/share/doc/apcupsd-3.14.12/examples/smartsim.c
/usr/share/doc/apcupsd-3.14.12/examples/snoopdecode.c
/usr/share/doc/apcupsd-3.14.12/examples/status
/usr/share/doc/apcupsd-3.14.12/examples/status/Back-UPS-BX-1500.status
/usr/share/doc/apcupsd-3.14.12/examples/status/Back-UPS-Pro-1000.status
/usr/share/doc/apcupsd-3.14.12/examples/status/BackUPS-USB.status
/usr/share/doc/apcupsd-3.14.12/examples/status/JapaneseUPS.status
/usr/share/doc/apcupsd-3.14.12/examples/status/PowerStack450.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS-vs-650.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS1000.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS1400.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS3000.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS5000.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS600.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS700-2.status
/usr/share/doc/apcupsd-3.14.12/examples/status/SmartUPS700.status
/usr/share/doc/apcupsd-3.14.12/examples/status/newbackupspro1.status
/usr/share/doc/apcupsd-3.14.12/examples/status/newbackupspro2.status
/usr/share/doc/apcupsd-3.14.12/examples/upsapm.c
/usr/share/doc/apcupsd-3.14.12/examples/usb_hid_usages
/usr/share/doc/apcupsd-3.14.12/examples/usbsnoop.txt
/usr/share/hal/fdi/policy/20thirdparty/80-apcupsd-ups-policy.fdi
/usr/share/man/man5/apcupsd.conf.5.gz
/usr/share/man/man8/apcaccess.8.gz
/usr/share/man/man8/apccontrol.8.gz
/usr/share/man/man8/apctest.8.gz
/usr/share/man/man8/apcupsd.8.gz

Konfiguration

Zur Einstellungen des Daemon sind in der Konfigurationsdatei /etc/apcupsd/apcupsd.conf vorzunehmen. Diese Datei bearbeiten wir mit dem Editor unserer Wahl, z.B. vim.

 # vim /etc/apcupsd/apcupsd.conf
/etc/apcupsd/apcupsd.conf
## apcupsd.conf v1.1 ##
# 
#  for apcupsd release 3.14.12 (29 March 2014) - redhat
#
# "apcupsd" POSIX config file
 
#
# ========= General configuration parameters ============
#
 
# UPSNAME xxx
#   Use this to give your UPS a name in log files and such. This
#   is particulary useful if you have multiple UPSes. This does not
#   set the EEPROM. It should be 8 characters or less.
# Django : 2017-01-08
# default: #UPSNAME
UPSNAME APC1400
 
# UPSCABLE <cable>
#   Defines the type of cable connecting the UPS to your computer.
#
#   Possible generic choices for <cable> are:
#     simple, smart, ether, usb
#
#   Or a specific cable model number may be used:
#     940-0119A, 940-0127A, 940-0128A, 940-0020B,
#     940-0020C, 940-0023A, 940-0024B, 940-0024C,
#     940-1524C, 940-0024G, 940-0095A, 940-0095B,
#     940-0095C, 940-0625A, M-04-02-2000
#
# Django : 2017-01-08
# default: UPSCABLE usb
UPSCABLE 940-0024B
 
# To get apcupsd to work, in addition to defining the cable
# above, you must also define a UPSTYPE, which corresponds to
# the type of UPS you have (see the Description for more details).
# You must also specify a DEVICE, sometimes referred to as a port.
# For USB UPSes, please leave the DEVICE directive blank. For
# other UPS types, you must specify an appropriate port or address.
#
# UPSTYPE   DEVICE           Description
# apcsmart  /dev/tty**       Newer serial character device, appropriate for 
#                            SmartUPS models using a serial cable (not USB).
#
# usb       <BLANK>          Most new UPSes are USB. A blank DEVICE
#                            setting enables autodetection, which is
#                            the best choice for most installations.
#
# net       hostname:port    Network link to a master apcupsd through apcupsd's 
#                            Network Information Server. This is used if the
#                            UPS powering your computer is connected to a 
#                            different computer for monitoring.
#
# snmp      hostname:port:vendor:community
#                            SNMP network link to an SNMP-enabled UPS device.
#                            Hostname is the ip address or hostname of the UPS 
#                            on the network. Vendor can be can be "APC" or 
#                            "APC_NOTRAP". "APC_NOTRAP" will disable SNMP trap 
#                            catching; you usually want "APC". Port is usually 
#                            161. Community is usually "private".
#
# netsnmp   hostname:port:vendor:community
#                            OBSOLETE
#                            Same as SNMP above but requires use of the 
#                            net-snmp library. Unless you have a specific need
#                            for this old driver, you should use 'snmp' instead.
#
# dumb      /dev/tty**       Old serial character device for use with 
#                            simple-signaling UPSes.
#
# pcnet     ipaddr:username:passphrase:port
#                            PowerChute Network Shutdown protocol which can be 
#                            used as an alternative to SNMP with the AP9617 
#                            family of smart slot cards. ipaddr is the IP 
#                            address of the UPS management card. username and 
#                            passphrase are the credentials for which the card 
#                            has been configured. port is the port number on 
#                            which to listen for messages from the UPS, normally 
#                            3052. If this parameter is empty or missing, the 
#                            default of 3052 will be used.
#
# modbus    /dev/tty**       Serial device for use with newest SmartUPS models
#                            supporting the MODBUS protocol.
#
# Django : 2017-01-08
# default: UPSTYPE usb
#          DEVICE 
UPSTYPE apcsmart
DEVICE /dev/ttyUSB3
 
# POLLTIME <int>
#   Interval (in seconds) at which apcupsd polls the UPS for status. This
#   setting applies both to directly-attached UPSes (UPSTYPE apcsmart, usb, 
#   dumb) and networked UPSes (UPSTYPE net, snmp). Lowering this setting
#   will improve apcupsd's responsiveness to certain events at the cost of
#   higher CPU utilization. The default of 60 is appropriate for most
#   situations.
# Django : 2017-01-08
# default: #POLLTIME 60
POLLTIME 60
 
# LOCKFILE <path to lockfile>
#   Path for device lock file. Not used on Win32.
LOCKFILE /var/lock
 
# SCRIPTDIR <path to script directory>
#   Directory in which apccontrol and event scripts are located.
SCRIPTDIR /etc/apcupsd
 
# PWRFAILDIR <path to powerfail directory>
#   Directory in which to write the powerfail flag file. This file
#   is created when apcupsd initiates a system shutdown and is
#   checked in the OS halt scripts to determine if a killpower
#   (turning off UPS output power) is required.
PWRFAILDIR /etc/apcupsd
 
# NOLOGINDIR <path to nologin directory>
#   Directory in which to write the nologin file. The existence
#   of this flag file tells the OS to disallow new logins.
NOLOGINDIR /etc
 
 
#
# ======== Configuration parameters used during power failures ==========
#
 
# The ONBATTERYDELAY is the time in seconds from when a power failure
#   is detected until we react to it with an onbattery event.
#
#   This means that, apccontrol will be called with the powerout argument
#   immediately when a power failure is detected.  However, the
#   onbattery argument is passed to apccontrol only after the 
#   ONBATTERYDELAY time.  If you don't want to be annoyed by short
#   powerfailures, make sure that apccontrol powerout does nothing
#   i.e. comment out the wall.
ONBATTERYDELAY 6
 
# 
# Note: BATTERYLEVEL, MINUTES, and TIMEOUT work in conjunction, so
# the first that occurs will cause the initation of a shutdown.
#
 
# If during a power failure, the remaining battery percentage
# (as reported by the UPS) is below or equal to BATTERYLEVEL, 
# apcupsd will initiate a system shutdown.
BATTERYLEVEL 5
 
# If during a power failure, the remaining runtime in minutes 
# (as calculated internally by the UPS) is below or equal to MINUTES,
# apcupsd, will initiate a system shutdown.
MINUTES 3
 
# If during a power failure, the UPS has run on batteries for TIMEOUT
# many seconds or longer, apcupsd will initiate a system shutdown.
# A value of 0 disables this timer.
#
#  Note, if you have a Smart UPS, you will most likely want to disable
#    this timer by setting it to zero. That way, you UPS will continue
#    on batteries until either the % charge remaing drops to or below BATTERYLEVEL,
#    or the remaining battery runtime drops to or below MINUTES.  Of course,
#    if you are testing, setting this to 60 causes a quick system shutdown
#    if you pull the power plug.   
#  If you have an older dumb UPS, you will want to set this to less than
#    the time you know you can run on batteries.
TIMEOUT 0
 
#  Time in seconds between annoying users to signoff prior to
#  system shutdown. 0 disables.
ANNOY 300
 
# Initial delay after power failure before warning users to get
# off the system.
ANNOYDELAY 60
 
# The condition which determines when users are prevented from
# logging in during a power failure.
# NOLOGON <string> [ disable | timeout | percent | minutes | always ]
NOLOGON disable
 
# If KILLDELAY is non-zero, apcupsd will continue running after a
# shutdown has been requested, and after the specified time in
# seconds attempt to kill the power. This is for use on systems
# where apcupsd cannot regain control after a shutdown.
# KILLDELAY <seconds>  0 disables
KILLDELAY 0
 
#
# ==== Configuration statements for Network Information Server ====
#
 
# NETSERVER [ on | off ] on enables, off disables the network
#  information server. If netstatus is on, a network information
#  server process will be started for serving the STATUS and
#  EVENT data over the network (used by CGI programs).
NETSERVER on
 
# NISIP <dotted notation ip address>
#  IP address on which NIS server will listen for incoming connections.
#  This is useful if your server is multi-homed (has more than one
#  network interface and IP address). Default value is 0.0.0.0 which
#  means any incoming request will be serviced. Alternatively, you can
#  configure this setting to any specific IP address of your server and 
#  NIS will listen for connections only on that interface. Use the
#  loopback address (127.0.0.1) to accept connections only from the
#  local machine.
NISIP 0.0.0.0
 
# NISPORT <port> default is 3551 as registered with the IANA
#  port to use for sending STATUS and EVENTS data over the network.
#  It is not used unless NETSERVER is on. If you change this port,
#  you will need to change the corresponding value in the cgi directory
#  and rebuild the cgi programs.
NISPORT 3551
 
# If you want the last few EVENTS to be available over the network
# by the network information server, you must define an EVENTSFILE.
EVENTSFILE /var/log/apcupsd.events
 
# EVENTSFILEMAX <kilobytes>
#  By default, the size of the EVENTSFILE will be not be allowed to exceed
#  10 kilobytes.  When the file grows beyond this limit, older EVENTS will
#  be removed from the beginning of the file (first in first out).  The
#  parameter EVENTSFILEMAX can be set to a different kilobyte value, or set
#  to zero to allow the EVENTSFILE to grow without limit.
EVENTSFILEMAX 10
 
#
# ========== Configuration statements used if sharing =============
#            a UPS with more than one machine
 
#
# Remaining items are for ShareUPS (APC expansion card) ONLY
#
 
# UPSCLASS [ standalone | shareslave | sharemaster ]
#   Normally standalone unless you share an UPS using an APC ShareUPS
#   card.
UPSCLASS standalone
 
# UPSMODE [ disable | share ]
#   Normally disable unless you share an UPS using an APC ShareUPS card.
UPSMODE disable
 
#
# ===== Configuration statements to control apcupsd system logging ========
#
 
# Time interval in seconds between writing the STATUS file; 0 disables
STATTIME 0
 
# Location of STATUS file (written to only if STATTIME is non-zero)
STATFILE /var/log/apcupsd.status
 
# LOGSTATS [ on | off ] on enables, off disables
# Note! This generates a lot of output, so if         
#       you turn this on, be sure that the
#       file defined in syslog.conf for LOG_NOTICE is a named pipe.
#  You probably do not want this on.
LOGSTATS off
 
# Time interval in seconds between writing the DATA records to
#   the log file. 0 disables.
DATATIME 0
 
# FACILITY defines the logging facility (class) for logging to syslog. 
#          If not specified, it defaults to "daemon". This is useful 
#          if you want to separate the data logged by apcupsd from other
#          programs.
#FACILITY DAEMON
 
#
# ========== Configuration statements used in updating the UPS EPROM =========
#
 
#
# These statements are used only by apctest when choosing "Set EEPROM with conf
# file values" from the EEPROM menu. THESE STATEMENTS HAVE NO EFFECT ON APCUPSD.
#
 
# UPS name, max 8 characters 
#UPSNAME UPS_IDEN
 
# Battery date - 8 characters
#BATTDATE mm/dd/yy
 
# Sensitivity to line voltage quality (H cause faster transfer to batteries)  
# SENSITIVITY H M L        (default = H)
#SENSITIVITY H
 
# UPS delay after power return (seconds)
# WAKEUP 000 060 180 300   (default = 0)
#WAKEUP 60
 
# UPS Grace period after request to power off (seconds)
# SLEEP 020 180 300 600    (default = 20)
#SLEEP 180
 
# Low line voltage causing transfer to batteries
# The permitted values depend on your model as defined by last letter 
#  of FIRMWARE or APCMODEL. Some representative values are:
#    D 106 103 100 097
#    M 177 172 168 182
#    A 092 090 088 086
#    I 208 204 200 196     (default = 0 => not valid)
#LOTRANSFER  208
 
# High line voltage causing transfer to batteries
# The permitted values depend on your model as defined by last letter 
#  of FIRMWARE or APCMODEL. Some representative values are:
#    D 127 130 133 136
#    M 229 234 239 224
#    A 108 110 112 114
#    I 253 257 261 265     (default = 0 => not valid)
#HITRANSFER 253
 
# Battery charge needed to restore power
# RETURNCHARGE 00 15 50 90 (default = 15)
#RETURNCHARGE 15
 
# Alarm delay 
# 0 = zero delay after pwr fail, T = power fail + 30 sec, L = low battery, N = never
# BEEPSTATE 0 T L N        (default = 0)
#BEEPSTATE T
 
# Low battery warning delay in minutes
# LOWBATT 02 05 07 10      (default = 02)
#LOWBATT 2
 
# UPS Output voltage when running on batteries
# The permitted values depend on your model as defined by last letter 
#  of FIRMWARE or APCMODEL. Some representative values are:
#    D 115
#    M 208
#    A 100
#    I 230 240 220 225     (default = 0 => not valid)
#OUTPUTVOLTS 230
 
# Self test interval in hours 336=2 weeks, 168=1 week, ON=at power on
# SELFTEST 336 168 ON OFF  (default = 336)
#SELFTEST 336

Programmstart

Haben wir die Konfiguration unseren Wünschen nach angepasst, steht dem Start des apcupsd nichts mehr im Wege.

 # systemctl start apcupsd.service

Damit der Daemon automatisch beim Starten des Servers gleich mitstartet, aktivieren wir gleich noch den Autostart des Daemon.

 # systemctl enable apcupsd.service

Created symlink from /etc/systemd/system/multi-user.target.wants/apcupsd.service to /usr/lib/systemd/system/apcupsd.service.

Den erfolgreichen Start des Daemon können wir wie folgt abfragen.

 # systemctl start apcupsd.service

apcupsd.service - APC UPS Power Control Daemon for Linux
   Loaded: loaded (/usr/lib/systemd/system/apcupsd.service; disabled; vendor preset: disabled)
   Active: active (running)  since Sun 2017-01-08 11:41:41 CET; 1s ago
  Process: 1750 ExecStartPre=/bin/rm -f /etc/apcupsd/powerfail (code=exited, status=0/SUCCESS)
 Main PID: 1752 (apcupsd)
   CGroup: /system.slice/apcupsd.service
           └─1752 /sbin/apcupsd -b -f /etc/apcupsd/apcupsd.conf

Jan 08 11:41:41 vml000127.dmz.nausch.org systemd[1]: Starting APC UPS Power Control Daemon for Linux...
Jan 08 11:41:41 vml000127.dmz.nausch.org systemd[1]: Started APC UPS Power Control Daemon for Linux.
Jan 08 11:41:41 vml000127.dmz.nausch.org apcupsd[1752]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded
Jan 08 11:41:41 vml000127.dmz.nausch.org apcupsd[1752]: NIS server startup succeeded

Im Syslog wird der erfolgreiche Start entsprechend dokumentiert.

 # less /var/log/messages
Jan  8 11:41:41 vml000127 apcupsd[1752]: apcupsd 3.14.12 (29 March 2014) redhat startup succeeded
Jan  8 11:41:41 vml000127 apcupsd[1752]: NIS server startup succeeded

Ebenso erfolgt ein zum Start des Daemon gehöriger Log-Eintrag in der Log-/Events-Datei des apcupsd.

 # cat /var/log/apcupsd.events
2017-01-08 22:24:57 +0100  apcupsd 3.14.12 (29 March 2014) redhat startup succeeded

Statusabfrage

Zur Abfrage des aktuellen Status unseres apcupsd verwenden wir das Programm apcaccess.

# /sbin/apcaccess

APC      : 001,051,1170
DATE     : 2017-01-08 14:53:11 +0100  
HOSTNAME : vml000127.dmz.nausch.org
VERSION  : 3.14.12 (29 March 2014) redhat
UPSNAME  : APC1400
CABLE    : Custom Cable Smart
DRIVER   : APC Smart UPS (any)
UPSMODE  : Stand Alone
STARTTIME: 2017-01-08 14:52:58 +0100  
MODEL    : SMART-UPS 1400 RM
STATUS   : ONLINE 
LINEV    : 221.0 Volts
LOADPCT  : 23.9 Percent
BCHARGE  : 100.0 Percent
TIMELEFT : 17.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
MAXLINEV : 222.3 Volts
MINLINEV : 219.7 Volts
OUTPUTV  : 221.0 Volts
SENSE    : High
DWAKE    : 0 Seconds
DSHUTD   : 20 Seconds
DLOWBATT : 2 Minutes
LOTRANS  : 196.0 Volts
HITRANS  : 253.0 Volts
RETPCT   : 0.0 Percent
ITEMP    : 27.4 C
ALARMDEL : 5 Seconds
BATTV    : 27.6 Volts
LINEFREQ : 50.0 Hz
LASTXFER : Automatic or explicit self test
NUMXFERS : 0
TONBATT  : 0 Seconds
CUMONBATT: 0 Seconds
XOFFBATT : N/A
SELFTEST : NO
STESTI   : 336
STATFLAG : 0x05000008
DIPSW    : 0x00
REG1     : 0x00
REG2     : 0x00
REG3     : 0x00
MANDATE  : 09/23/99
SERIALNO : GS9939006549
BATTDATE : 09/23/99
NOMOUTV  : 230 Volts
NOMBATTV : 24.0 Volts
EXTBATTS : 0
FIRMWARE : 72.11.I
END APC  : 2017-01-08 14:53:15 +0100

Statusbenachrichtigungen per eMail

Bei einem Stromausfall oder anderen Störungen wird automatisch der User root per eMail informiert.

Date:    Son, 8 Jul 2016 23:23:01 +0200
From:    root@nausch.org (root)
To:      root@nausch.org
Subject: vml000127.dmz.nausch.org Power Failure !!!


vml000127.dmz.nausch.org Power Failure !!!
 
APC      : 001,051,1170
DATE     : 2017-01-08 14:53:11 +0100  
HOSTNAME : vml000127.dmz.nausch.org
VERSION  : 3.14.12 (29 March 2014) redhat
UPSNAME  : APC1400
CABLE    : Custom Cable Smart
DRIVER   : APC Smart UPS (any)
UPSMODE  : Stand Alone
STARTTIME: 2012-07-28 16:31:25 +0200  
MODEL    : SMART-UPS 1400 RM
STATUS   : ONBATT 
LINEV    : 000.0 Volts
LOADPCT  :  33.2 Percent Load Capacity
BCHARGE  : 100.0 Percent
TIMELEFT :  10.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
MAXLINEV : 000.0 Volts
MINLINEV : 000.0 Volts
OUTPUTV  : 230.4 Volts
SENSE    : High
DWAKE    : 000 Seconds
DSHUTD   : 020 Seconds
DLOWBATT : 02 Minutes
LOTRANS  : 196.0 Volts
HITRANS  : 253.0 Volts
RETPCT   : 000.0 Percent
ITEMP    : 33.7 C Internal
ALARMDEL : 5 seconds
BATTV    : 24.4 Volts
LINEFREQ : 50.0 Hz
LASTXFER : Line voltage notch or spike
NUMXFERS : 1
XONBATT  : 2012-07-30 17:22:55 +0200  
TONBATT  : 6 seconds
CUMONBATT: 6 seconds
XOFFBATT : N/A
SELFTEST : NO
STESTI   : 336
STATFLAG : 0x07060010 Status Flag
DIPSW    : 0x00 Dip Switch
REG1     : 0x00 Register 1
REG2     : 0x00 Register 2
REG3     : 0x00 Register 3
MANDATE  : 09/23/99
SERIALNO : GS9939006549
BATTDATE : 09/23/99
NOMOUTV  : 230 Volts
NOMBATTV :  24.0 Volts
EXTBATTS : 0
FIRMWARE : 72.11.I
END APC  : 2017-01-08 23:23:01 +0200  

Wird die Stromversorgung wieder hergestellt, erfolgt erneut eine positive Rückmeldung per eMail.

Date:    Son, 1 Jan 2017 23:23:59 +0200
From:    root@nausch.org (root)
To:      root@nausch.org
Subject: vml000127.dmz.nausch.org Power has returned


vml000127.dmz.nausch.org Power has returned
 
APC      : 001,051,1170
DATE     : 2017-01-08 14:53:11 +0100  
HOSTNAME : vml000127.dmz.nausch.org
VERSION  : 3.14.12 (29 March 2014) redhat
UPSNAME  : APC1400
CABLE    : Custom Cable Smart
DRIVER   : APC Smart UPS (any)
UPSMODE  : Stand Alone
STARTTIME: 2012-07-28 16:31:25 +0200  
MODEL    : SMART-UPS 1400 RM
STATUS   : ONLINE 
LINEV    : 227.5 Volts
LOADPCT  :  33.2 Percent Load Capacity
BCHARGE  : 090.0 Percent
TIMELEFT :   9.0 Minutes
MBATTCHG : 5 Percent
MINTIMEL : 3 Minutes
MAXTIME  : 0 Seconds
MAXLINEV : 000.0 Volts
MINLINEV : 024.7 Volts
OUTPUTV  : 228.8 Volts
SENSE    : High
DWAKE    : 000 Seconds
DSHUTD   : 020 Seconds
DLOWBATT : 02 Minutes
LOTRANS  : 196.0 Volts
HITRANS  : 253.0 Volts
RETPCT   : 000.0 Percent
ITEMP    : 33.3 C Internal
ALARMDEL : 5 seconds
BATTV    : 25.9 Volts
LINEFREQ : 50.0 Hz
LASTXFER : Line voltage notch or spike
NUMXFERS : 1
XONBATT  : 2012-07-30 17:22:55 +0200  
TONBATT  : 0 seconds
CUMONBATT: 64 seconds
XOFFBATT : 2012-07-30 17:23:59 +0200  
SELFTEST : NO
STESTI   : 336
STATFLAG : 0x07040008 Status Flag
DIPSW    : 0x00 Dip Switch
REG1     : 0x00 Register 1
REG2     : 0x00 Register 2
REG3     : 0x00 Register 3
MANDATE  : 09/23/99
SERIALNO : GS9939006549
BATTDATE : 09/23/99
NOMOUTV  : 230 Volts
NOMBATTV :  24.0 Volts
EXTBATTS : 0
FIRMWARE : 72.11.I
END APC  : 2017-01-08 23:23:59 +0200  

Hat man auf dem Server einen X-server am laufen, muss man sich nicht auf die textbasierten Informationen zurückgreifen. Hier kann man auch auf das GUI2) für den APCUPS-Daemon zurückgreifen. Die Installation dieser GUI erfolgt wie yum.

 # yum install -y apcupsd-gui

Den Inhalt des RPM-Paketes erforscht man bei Interesse wie folgt.

 # rpm -qil apcupsd-gui
Name        : apcupsd-gui
Version     : 3.14.12
Release     : 1.el7
Architecture: x86_64
Install Date: Sun 08 Jan 2017 02:58:20 PM CET
Group       : Applications/System
Size        : 135050
License     : GPLv2
Signature   : RSA/SHA256, Thu 22 Jan 2015 01:39:58 AM CET, Key ID 6a2faea2352c64e5
Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
Build Host  : buildhw-04.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.apcupsd.com
Summary     : GUI interface for apcupsd
Description :
A GUI interface to the APC UPS monitoring daemon.
/usr/bin/gapcmon
/usr/share/applications/gapcmon.desktop
/usr/share/pixmaps/apcupsd.png
/usr/share/pixmaps/charging.png
/usr/share/pixmaps/gapc_prefs.png
/usr/share/pixmaps/onbatt.png
/usr/share/pixmaps/online.png
/usr/share/pixmaps/unplugged.png

Der Start der GUI erfolgt über das Startmenü oder durch Aufruf des Befehls gamcmon nach Eingabe der Tatsenkobination ALT+F2.

Bild: Bildschirmhardcopy des APCUPS-Dämon

Eine weitere Möglichkeit zur Visualisierung der Stati unseres APCUPS-Daemon ist die Verwendung einer WEB-GUI, so dass von berechtigten Hosts, Netzen und/oder Nutzern eine Statusabfrage im Intra- oder auch Internet erfolgen kann. Die notwendigen Programmteile und Konfigurationsbeispiele sind in dem RPm-Paket apcupsd-cgi enthalten.

Dieses Paket installieren wir nun mit Unterstützung des Befehls yum.

 # yum install apcupsd-cgi

Den Inhalt des Paketes und auch den Speicherort ermitteln wir wie gewohnt mittels rpm und der Option -qil.

 # rpm -qil apcupsd-cgi
Name        : apcupsd-cgi
Version     : 3.14.12
Release     : 1.el7
Architecture: x86_64
Install Date: Sun 08 Jan 2017 03:05:58 PM CET
Group       : Applications/Internet
Size        : 121261
License     : GPLv2
Signature   : RSA/SHA256, Thu 22 Jan 2015 01:28:22 AM CET, Key ID 6a2faea2352c64e5
Source RPM  : apcupsd-3.14.12-1.el7.src.rpm
Build Date  : Mon 19 Jan 2015 07:17:55 PM CET
Build Host  : buildhw-04.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.apcupsd.com
Summary     : Web interface for apcupsd
Description :
A CGI interface to the APC UPS monitoring daemon.
/etc/apcupsd/apcupsd.css
/etc/apcupsd/hosts.conf
/etc/apcupsd/multimon.conf
/etc/httpd/conf.d/apcupsd.conf
/var/www/apcupsd
/var/www/apcupsd/multimon.cgi
/var/www/apcupsd/upsfstats.cgi
/var/www/apcupsd/upsimage.cgi
/var/www/apcupsd/upsstats.cgi

Da wir die WEB-GUI über einen separaten Apache vHOST ansprechen wollen deaktivieren wir als erstes die mitgelieferte Apache Konfigurationsdatei /etc/httpd/conf.d/apcupsd.conf in dem wir alle Zeilen auskommentieren.

Die Installation und Konfiguration des Apache httpd, "der" WEB-Server unter CentOS 7.x sowie die Konfiguration SSL gesicherter Webserver mit mod_ssl für Apache httpd 2.4 unter CentOS 7.x werden entsprechend vorausgesetzt.

 # vim /etc/httpd/conf.d/apcupsd.conf
/etc/httpd/conf.d/apcupsd.conf
##
## apcupsd configuration file for Apache Web server
##
#
## files are off the documentroot of Web server
#Alias /apcupsd /var/www/apcupsd
#<Directory /var/www/apcupsd>
# AddHandler cgi-script cgi pl
# Options ExecCGI
#</Directory>
#
##
## Allow only local access at default
## Change the ".example.com" to match your domain or modify
## access rights to your needs to enable remote access also.
##
#<Directory "/var/www/apcupsd">
#    DirectoryIndex upsstats.cgi
#    AllowOverride None
#    Options ExecCGI Indexes
#  <IfModule mod_authz_core.c>
#    # Apache 2.4
#    Require local
#  </IfModule>
#  <IfModule !mod_authz_core.c>
#    # Apache 2.2
#    Order deny,allow
#    Deny from all
#    Allow from 127.0.0.1
#    Allow from ::1
#  </IfModule>
#</Directory>

Die Konfiguration unseres Apache vHOST erledigen wir mit Hilfe einer eigenen Konfigurationsdatei /etc/httpd/conf.d/3rd_apcupsd.conf.

/etc/httpd/conf.d/3rd_apcupsd.conf
#
# power.nausch.org
#
<VirtualHost *:80>
        ServerAdmin webmaster@nausch.org
        ServerName power.nausch.org
        ServerPath /
        DocumentRoot "/var/www/apcupsd"
        AddHandler cgi-script .cgi
	DirectoryIndex multimon.cgi
 
	<Directory /var/www/apcupsd>
        	Require all granted
        	AddHandler cgi-script cgi pl
        	Options ExecCGI
	</Directory>
 
        AddType application/x-httpd-php .php
        ErrorLog logs/power_error.log
        CustomLog logs/power_access.log combined
</VirtualHost>

Den Zugriff werden wir natürlich entsprechend beschneiden und den Transportweg absichern. Auf unserem HTTP-Proxy-Host legen wir hierzu eine passende vHOST-Konfigurationsdatei an.

 # vim /etc/httpd/conf.d/3rd_power.conf
/etc/httpd/conf.d/3rd_power.conf
#
# Django : 2015-10-29
#          vHost power
#
 
# Variablen der Hostvariablen
Define vhost power
Define errors_log logs/${vhost}_error.log
Define access_log logs/${vhost}_access.log
Define ssl_log logs/${vhost}_ssl_request.log
 
<VirtualHost 10.0.0.97:80>
    ServerAdmin webmaster@nausch.org
    ServerName ${vhost}.nausch.org
 
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 
    # Welche Logdateien sollen beschrieben werden
    SetEnvIf Remote_Addr "10\.0\.0\.20" dontlog
    ErrorLog  ${errors_log}
    CustomLog ${access_log} combined env=!dontlog
</VirtualHost>
<VirtualHost 10.0.0.97:443>
    ServerAdmin webmaster@nausch.org
    ServerName ${vhost}.nausch.org
    ServerPath /
 
    # Wer soll Zugriff auf die Webseite(n) bekommen?
    <Proxy *>
        Options +FollowSymLinks +Multiviews -Indexes
        AllowOverride None
        AuthType Basic
        AuthName "Fuer den Zugriff auf den Webserver bitte Anmeldedaten eingeben!"
        AuthBasicProvider ldap
        AuthLDAPUrl ldaps://openldap.dmz.nausch.org:636/ou=People,dc=nausch,dc=org?uid
        AuthLDAPBindDN cn=TechnischerUser,dc=nausch,dc=org
        AuthLDAPBindPassword "MwDWrcdRnw95zMt7A5bS/dPnEHuuO7h0"
        AuthLDAPBindAuthoritative on
        Require ldap-user django
    </Proxy>
 
   # Welcher Inhalt soll angezeigt bzw. auf welchen Server sollen die HTTP-Requests weitergeleitet werden?
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://10.0.0.127/
    ProxyPassReverse / http://10.0.0.127/
 
    # Welche Logdateien sollen beschrieben werden
    SetEnvIf Remote_Addr "10\.0\.0\.20" dontlog
    ErrorLog  ${errors_log}
    CustomLog ${access_log} combined env=!dontlog
    CustomLog ${ssl_log} "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
    # Absicherung der Übertragung mit Hilfe von TLS
    # Django : 2015-10-04 - TLS-Verschlüsselung mit Hilfe von mod_ssl
    SSLEngine on
    # Definition der anzubietenden Protokolle
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    # Definition der Cipher
    SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384
    # Schlüsseldatei, mit der der CSR erstellt wurde
    SSLCertificateKeyFile /etc/pki/tls/private/power.nausch.org.serverkey.pem
    # Zertifikatsdatei, die von der CA signiert wurde
    SSLCertificateFile /etc/pki/tls/certs/power.nausch.org.certificate_161118.pem
    # Zertifikatsdatei des bzw. der Intermediate-Zertifikate(s)
    SSLCertificateChainFile /etc/pki/tls/certs/AlphaSSL_Intermediate.certificate.pem
    # Änderung der Cipherorder der Clients verneinen 
    SSLHonorCipherOrder on
    # TLS 1.0 Kompremmierung deaktivieren (CRIME attacks)
    SSLCompression off
    # Online Certificate Status Protocol stapling zum Prüfen des Gültigkeitsstatus des Serverzertifikats.
    SSLUseStapling on
    SSLStaplingResponderTimeout 5
    SSLStaplingReturnResponderErrors off
 
    # HTTP Strict Transport Security (HSTS), bei dem der Server dem Client im HTTP-Header mitteilt,
    # dass dieser nur noch verschlüsselt mit dem Server kommunizieren soll.
    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 
    # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
    # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for
    # this particular website if it was disabled by the user.
    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    #Header set X-XSS-Protection "1; mode=block"
    Header always set X-Xss-Protection "1; mode=block"
 
    # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
    # to disable content-type sniffing on some browsers.
    # https://www.owasp.org/index.php/List_of_useful_HTTP_headers
    # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
    # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
    # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
    # Sofern die Datei auch den entsprechenden MIME-Typ "text/css" entspricht, soll der Browser 
    # CSS-Dateien nur als CSS interprätieren.
    Header always set X-Content-Type-Options nosniff
 
    # config to don't allow the browser to render the page inside an frame or iframe
    # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
    # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
    # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
    ###header set X-Frame-Options SAMEORIGIN
    header always set X-Frame-Options DENY
 
    # hide server header (apache and php version)
    Header always unset Server
 
    # Only allow JavaScript from the same domain to be run.
    # don't allow inline JavaScript to run.
    Header always set X-Content-Security-Policy "allow 'self';"
 
    # Add Secure and HTTP only attributes to cookies
    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
 
    # prevent Clickjacking Attack
    #Header always append X-Frame-Options SAMEORIGIN
    Header always set X-Frame-Options "SAMEORIGIN"
 
    # hkpk-stuff
    Header always set Public-Key-Pins "pin-sha256=\"nMiOpb6vUnjCoWCkPkDaG4ND8SNWzFTsQf2ZfruLno0=\"; pin-sha256=\"INhxSQ38nCS6ijaAAyo4xAhAZj9xeL3Xaak+GGiM2fo=\"; max-age=2592000; report-uri=\"https://nausch.report-uri.io/r/default/hpkp/enforce\""
</VirtualHost>

Bevor wir zur Aktivierung unserer Konfigurationsänderungen den bzw. die HTTP-Daemon einmal durchstarten überprüfen wir unsere Apache-Konfigurationsdateien auf syntaktische Fehler.

 # apachectl -t
Syntax OK

Ist alles O.K. starten wir den/die Daemon nun einmal neu.

 # systemctl restart httpd.service

httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: active (running)  since Mon 2017-01-09 11:03:23 CET; 48s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 11642 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
 Main PID: 11647 (httpd)
   Status: "Total requests: 2; Current requests/sec: 0.1; Current traffic: 307 B/sec"
   CGroup: /system.slice/httpd.service
           ├─11647 /usr/sbin/httpd -DFOREGROUND
           ├─11648 /usr/sbin/httpd -DFOREGROUND
           ├─11649 /usr/sbin/httpd -DFOREGROUND
           ├─11650 /usr/sbin/httpd -DFOREGROUND
           ├─11651 /usr/sbin/httpd -DFOREGROUND
           ├─11652 /usr/sbin/httpd -DFOREGROUND
           └─11699 /usr/sbin/httpd -DFOREGROUND

Jan 09 11:03:23 vml000127.dmz.nausch.org systemd[1]: Starting The Apache HTTP Server...
Jan 09 11:03:23 vml000127.dmz.nausch.org systemd[1]: Started The Apache HTTP Server.

Nun starten wir einen Browser und öffnen die zugehörige URL.

 $ konqueror http://power.nausch.org

Im ersten Bild sehen wir die Startseite der WEB-GUI.

BILD: WEB GUI des APCUPS-Daemon

Das zweite Bild zeigt die Übersicht zu den aktuellen Stati unserer USV.

BILD: WEB GUI des APCUPS-Daemon

Eine Ansicht aller Detailangaben zeigt das dritte Bild.

BILD: WEB GUI des APCUPS-Daemon

Links


1)
Rechen Zentrum
2)
Graphical User Interface
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
  • centos/apc.txt
  • Zuletzt geändert: 22.07.2019 14:52.
  • von 127.0.0.1