From e1b5723a755dbadd77d56187f01f6e63e6da8773 Mon Sep 17 00:00:00 2001 From: whitestar Date: Sat, 15 Sep 2018 18:30:04 +0900 Subject: [PATCH] adds ups_utils cookbook. --- cookbooks/ups_utils/.foodcritic | 1 + cookbooks/ups_utils/.rubocop.yml | 53 +++ cookbooks/ups_utils/Berksfile | 19 + cookbooks/ups_utils/CHANGELOG.md | 6 + cookbooks/ups_utils/Gemfile | 4 + cookbooks/ups_utils/Gemfile.lock | 22 ++ cookbooks/ups_utils/README.md | 258 ++++++++++++++ cookbooks/ups_utils/Rakefile | 93 +++++ cookbooks/ups_utils/attributes/default.rb | 81 +++++ cookbooks/ups_utils/concourse.yml | 101 ++++++ cookbooks/ups_utils/fly-vars.local.yml | 2 + cookbooks/ups_utils/fly-vars.yml | 1 - cookbooks/ups_utils/metadata.rb | 15 + cookbooks/ups_utils/recipes/default.rb | 18 + cookbooks/ups_utils/recipes/nut-cgi.rb | 33 ++ cookbooks/ups_utils/recipes/nut.rb | 71 ++++ cookbooks/ups_utils/spec/recipes/default_spec.rb | 9 + cookbooks/ups_utils/spec/spec_helper.rb | 25 ++ .../ups_utils/templates/default/etc/nut/hosts.conf | 38 ++ .../ups_utils/templates/default/etc/nut/nut.conf | 33 ++ .../ups_utils/templates/default/etc/nut/ups.conf | 139 ++++++++ .../ups_utils/templates/default/etc/nut/upsd.conf | 116 ++++++ .../ups_utils/templates/default/etc/nut/upsd.users | 98 ++++++ .../templates/default/etc/nut/upsmon.conf | 389 +++++++++++++++++++++ .../lib/udev/rules.d/53-nut-usbups-local.rules | 18 + cookbooks/ups_utils/version | 1 + 26 files changed, 1643 insertions(+), 1 deletion(-) create mode 100644 cookbooks/ups_utils/.foodcritic create mode 100644 cookbooks/ups_utils/.rubocop.yml create mode 100644 cookbooks/ups_utils/Berksfile create mode 100644 cookbooks/ups_utils/CHANGELOG.md create mode 100644 cookbooks/ups_utils/Gemfile create mode 100644 cookbooks/ups_utils/Gemfile.lock create mode 100644 cookbooks/ups_utils/README.md create mode 100644 cookbooks/ups_utils/Rakefile create mode 100644 cookbooks/ups_utils/attributes/default.rb create mode 100644 cookbooks/ups_utils/concourse.yml create mode 100644 cookbooks/ups_utils/fly-vars.local.yml create mode 100644 cookbooks/ups_utils/metadata.rb create mode 100644 cookbooks/ups_utils/recipes/default.rb create mode 100644 cookbooks/ups_utils/recipes/nut-cgi.rb create mode 100644 cookbooks/ups_utils/recipes/nut.rb create mode 100644 cookbooks/ups_utils/spec/recipes/default_spec.rb create mode 100644 cookbooks/ups_utils/spec/spec_helper.rb create mode 100644 cookbooks/ups_utils/templates/default/etc/nut/hosts.conf create mode 100644 cookbooks/ups_utils/templates/default/etc/nut/nut.conf create mode 100644 cookbooks/ups_utils/templates/default/etc/nut/ups.conf create mode 100644 cookbooks/ups_utils/templates/default/etc/nut/upsd.conf create mode 100644 cookbooks/ups_utils/templates/default/etc/nut/upsd.users create mode 100644 cookbooks/ups_utils/templates/default/etc/nut/upsmon.conf create mode 100644 cookbooks/ups_utils/templates/default/lib/udev/rules.d/53-nut-usbups-local.rules create mode 100644 cookbooks/ups_utils/version diff --git a/cookbooks/ups_utils/.foodcritic b/cookbooks/ups_utils/.foodcritic new file mode 100644 index 0000000..3907cff --- /dev/null +++ b/cookbooks/ups_utils/.foodcritic @@ -0,0 +1 @@ +~FC001 diff --git a/cookbooks/ups_utils/.rubocop.yml b/cookbooks/ups_utils/.rubocop.yml new file mode 100644 index 0000000..4de4294 --- /dev/null +++ b/cookbooks/ups_utils/.rubocop.yml @@ -0,0 +1,53 @@ +AllCops: + Exclude: + - vendor/**/* + +AlignParameters: + Enabled: false +LineLength: + Enabled: false +Lint/UnusedBlockArgument: + Enabled: false +Metrics/AbcSize: + Enabled: false +Style/BlockComments: + Enabled: false +Style/BlockDelimiters: + Enabled: false +Style/ExtraSpacing: + Enabled: false +Style/FileName: + Enabled: false +Style/LeadingCommentSpace: + Enabled: false +Style/RescueModifier: + Enabled: false +Style/SpaceAroundOperators: + Enabled: false +Style/SpaceBeforeFirstArg: + Enabled: false +Style/SpaceInsideBlockBraces: + Enabled: false +Style/SpaceInsidePercentLiteralDelimiters: + Enabled: false +Style/TrailingCommaInLiteral: + EnforcedStyleForMultiline: consistent_comma +Style/WordArray: + Enabled: false + +#Lint/ShadowingOuterLocalVariable: +# Enabled: false +#Metrics/MethodLength: +# Max: 10 +#Metrics/ModuleLength: +# Max: 100 +#Metrics/CyclomaticComplexity: +# Max: 6 +#Metrics/PerceivedComplexity: +# Max: 7 +#Style/AccessorMethodName: +# Enabled: false +#Style/MultilineOperationIndentation: +# Enabled: false +#Style/PerlBackrefs: +# Enabled: false diff --git a/cookbooks/ups_utils/Berksfile b/cookbooks/ups_utils/Berksfile new file mode 100644 index 0000000..2500fb4 --- /dev/null +++ b/cookbooks/ups_utils/Berksfile @@ -0,0 +1,19 @@ +# +# Copyright 2018 whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +source 'https://supermarket.chef.io' + +metadata diff --git a/cookbooks/ups_utils/CHANGELOG.md b/cookbooks/ups_utils/CHANGELOG.md new file mode 100644 index 0000000..c5e0a56 --- /dev/null +++ b/cookbooks/ups_utils/CHANGELOG.md @@ -0,0 +1,6 @@ +ups_utils CHANGELOG +=================== + +0.1.0 +----- +- Initial release of ups_utils diff --git a/cookbooks/ups_utils/Gemfile b/cookbooks/ups_utils/Gemfile new file mode 100644 index 0000000..ad84be7 --- /dev/null +++ b/cookbooks/ups_utils/Gemfile @@ -0,0 +1,4 @@ +source 'https://rubygems.org' + +# with Chef DK +gem 'stove' diff --git a/cookbooks/ups_utils/Gemfile.lock b/cookbooks/ups_utils/Gemfile.lock new file mode 100644 index 0000000..6fb9a3b --- /dev/null +++ b/cookbooks/ups_utils/Gemfile.lock @@ -0,0 +1,22 @@ +GEM + remote: https://rubygems.org/ + specs: + chef-api (0.8.0) + logify (~> 0.1) + mime-types + logify (0.2.0) + mime-types (3.2.2) + mime-types-data (~> 3.2015) + mime-types-data (3.2018.0812) + stove (6.0.0) + chef-api (~> 0.5) + logify (~> 0.2) + +PLATFORMS + ruby + +DEPENDENCIES + stove + +BUNDLED WITH + 1.16.0 diff --git a/cookbooks/ups_utils/README.md b/cookbooks/ups_utils/README.md new file mode 100644 index 0000000..4446b6e --- /dev/null +++ b/cookbooks/ups_utils/README.md @@ -0,0 +1,258 @@ +ups_utils Cookbook +================== + +This cookbook sets up Network UPS Tools. + +## Contents + +- [Requirements](#requirements) + - [platforms](#platforms) + - [packages](#packages) +- [Attributes](#attributes) +- [Usage](#usage) + - [Recipes](#recipes) + - [ups_utils::default](#ups_utilsdefault) + - [ups_utils::nut](#ups_utilsnut) + - [ups_utils::nut-cgi](#ups_utilsnut-cgi) + - [Role Examples](#role-examples) + - [Secrets management by Chef Vault](#secrets-management-by-chef-vault) +- [License and Authors](#license-and-authors) + +## Requirements + +### platforms + +- Debian >= 9.0 +- Ubuntu >= 16.04 + +### packages +- none. + +## Attributes + +|Key|Type|Description, example|Default| +|:--|:--|:--|:--| +|`['ups_utils']['nut']['secrets']`|String|Chef-vault conf. for secrets (password,...).|empty. See `attributes/default.rb`| +|`['ups_utils']['nut']['hosts.conf']`|Hash|Conf. for CGI.|empty. See `attributes/default.rb`| +|`['ups_utils']['nut']['hosts.conf']['MONITORs']`|Array|e.g. `['by80s@upsd.example.com "@upsd - Omron BY80S"']`|empty.| +|`['ups_utils']['nut']['nut.conf']`|Hash||See `attributes/default.rb`| +|`['ups_utils']['nut']['nut.conf']['MODE']`|String|`'none'`, `'netclient'`, `'standalone'` or `'netserver'`|`'none'`| +|`['ups_utils']['nut']['ups.conf']`|Hash||empty. See `attributes/default.rb`| +|`['ups_utils']['nut']['upsd.conf']`|Hash||See `attributes/default.rb`| +|`['ups_utils']['nut']['upsd.conf']['LISTENs']`|Array|e.g. `['LISTEN 0.0.0.0 3493']`|empty.| +|`['ups_utils']['nut']['upsd.users']`|String||empty. See `attributes/default.rb`| +|`['ups_utils']['nut']['upsmon.conf']`|Hash||See `attributes/default.rb`| +|`['ups_utils']['nut']['upsmon.conf']['MONITORs']`|Array|e.g. `['by80s@localhost 1 upsmon {{upsmon_password}} master']`|empty.| +|`['ups_utils']['nut']['udev_usbups_rules']`|Array|e.g. `['ATTR{idVendor}=="0590", ATTR{idProduct}=="00a1", MODE="664", GROUP="nut"']`|empty.| + +## Usage + +### Recipes + +#### ups_utils::default + +This recipe does nothing. + +#### ups_utils::nut + +This recipe sets up a NUT server or client. + +#### ups_utils::nut-cgi + +This recipe configures NUT CGI. + +### Role Examples + +- `roles/nut-server.rb` + +```ruby +name 'nut-server' +description 'Network UPS Tools Server' + +upsd_port = '3493' + +run_list( + 'recipe[ups_utils::nut]', +) + +override_attributes( + 'ups_utils' => { + 'nut' => { + 'secrets' => { + 'upsmon_password' => { + 'vault' => 'nut', + 'name' => 'upsmon', + 'env_context' => false, + 'key' => 'password', # real hash path: "/password" + }, + }, + 'nut.conf' => { + 'MODE' => 'netserver', + }, + 'ups.conf' => { + 'by80s' => { + 'driver' => 'blazer_usb', + 'port' => 'auto', + 'desc' => '"Omron UPS"', + 'vendorid' => '0590', + 'productid' => '00a1', + 'subdriver' => 'ippon', + 'default.battery.voltage.high' => '27.2', + 'default.battery.voltage.low' => '23.5', + }, + }, + 'upsd.conf' => { + 'LISTENs' => [ + "0.0.0.0 #{upsd_port}", + ], + }, + 'upsd.users' => { + 'upsmon' => { + 'password' => '{{upsmon_password}}', + 'upsmon' => 'master', + }, + }, + 'upsmon.conf' => { + 'MONITORs' => [ + 'by80s@localhost 1 upsmon {{upsmon_password}} master', + ], + }, + 'udev_usbups_rules' => [ + '# Omron BY80S - blazer_usb', + 'ATTR{idVendor}=="0590", ATTR{idProduct}=="00a1", MODE="664", GROUP="nut"', + ], + }, + }, +) +``` + +- `roles/nut-client.rb` + +```ruby +name 'nut-client' +description 'Network UPS Tools Client' + +nut_host = 'upsd.example.com' + +run_list( + 'recipe[ups_utils::nut]', +) + +override_attributes( + 'ups_utils' => { + 'nut' => { + 'secrets' => { + 'upsmon_password' => { + 'vault' => 'nut', + 'name' => 'upsmon', + 'env_context' => false, + 'key' => 'password', # real hash path: "/password" + }, + }, + 'nut.conf' => { + 'MODE' => 'netclient', + }, + 'upsd.conf' => { + 'LISTENs' => [ + # empty, + ], + }, + 'upsmon.conf' => { + 'MONITORs' => [ + "by80s@#{nut_host} 1 upsmon {{upsmon_password}} master", + ], + }, + }, + }, +) +``` + +- `roles/nut-cgi.rb` + +```ruby +name 'nut-cgi' +description 'Network UPS Tools CGI' + +nut_host = 'upsd.example.com' + +run_list( + 'role[nut-client]', + 'recipe[ups_utils::nut-cgi]', +) + +override_attributes( + 'ups_utils' => { + 'nut' => { + 'hosts.conf' => { + 'MONITORs' => [ + %(by80s@#{nut_host} "@#{nut_host.split('.')[0]} - Omron BY80S"), + ], + }, + }, + }, +) +``` + +### Secrets management by Chef Vault + +- create vault items. + +```text +$ cat ~/sec/tmp/upsmon_password.json +{ + "password":"********************" +} + +$ cd $CHEF_REPO_PATH +$ knife vault create nut upsmon --json ~/sec/tmp/upsmon_password.json +``` + +- grant reference permission to the upsd host + +```text +$ knife vault update nut upsmon -S 'name:upsd-host.example.com' +``` + +- modify attributes + +```ruby +override_attributes( + 'ups_utils' => { + 'nut' => { + 'secrets' => { + 'upsmon_password' => { + 'vault' => 'nut', + 'name' => 'upsmon', + # single password or nested hash password path delimited by slash + 'env_context' => false, + 'key' => 'password', # real hash path: "/password" + # or nested hash password path delimited by slash + #'env_context' => true, + #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password" + }, + }, + # ... + }, + }, +) +``` + +## License and Authors + +- Author:: whitestar at osdn.jp + +```text +Copyright 2018, whitestar + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/cookbooks/ups_utils/Rakefile b/cookbooks/ups_utils/Rakefile new file mode 100644 index 0000000..92df2f3 --- /dev/null +++ b/cookbooks/ups_utils/Rakefile @@ -0,0 +1,93 @@ +require 'rspec/core/rake_task' +require 'rubocop/rake_task' +require 'foodcritic' +require 'stove/rake_task' + +tpl_cookbook = '00cookbook' +cookbook_name = File.basename(Dir.pwd) + +desc 'Initialize project' +task :init do + next if cookbook_name == tpl_cookbook + + ruby [ + %(-pne '$_.gsub!(/^cookbook-name: .*$/, "cookbook-name: #{cookbook_name}")'), + '-i fly-vars.local.yml', + ].join(' ') + + [ + '.foodcritic', + '.rubocop.yml', + 'Berksfile', + 'concourse.yml', + 'fly-vars.yml', + 'fly-vars.local.yml', + 'Gemfile', + 'Gemfile.lock', + 'version', + ].each {|conf| + sh "cp ../#{tpl_cookbook}/#{conf} ./" unless File.exist?(conf) + } +end + +desc 'Update project' +task :update do + next if cookbook_name == tpl_cookbook + + [ + 'Rakefile', + 'concourse.yml', + 'fly-vars.yml', + 'Gemfile', + 'Gemfile.lock', + ].each {|conf| + sh "cp ../#{tpl_cookbook}/#{conf} ./" + } +end + +desc 'fly set-pipeline' +task :'set-pipeline' do + sh [ + "fly -t $CC_TARGET sp -p #{cookbook_name}-cookbook -c concourse.yml", + '-l fly-vars.yml -l fly-vars.local.yml -l ~/sec/credentials-prod.yml', + ].join(' ') +end +desc 'rake set-pipeline alias' +task sp: 'set-pipeline' + +namespace :style do + desc 'Run Ruby style checks' + RuboCop::RakeTask.new(:ruby) do |t| + t.options = [ + '--auto-gen-config', # creates .rubocop_todo.yml + ] + end + + desc 'Run Chef style checks' + FoodCritic::Rake::LintTask.new(:chef) do |t| + t.options = { + fail_tags: ['any'], + } + end +end + +desc 'Run all style checks' +task style: ['style:chef', 'style:ruby'] + +desc 'Run ChefSpec examples' +RSpec::Core::RakeTask.new(:spec) + +desc 'Publish cookbook' +Stove::RakeTask.new(:publish) do |t| + t.stove_opts = [ + # `--username` and `--key` are set in ~/.stove typically. + #'--username', 'somebody', + #'--key', '~/chef/chef.io.example.com/somebody.pem', + #'--endpoint', 'https://supermarket.io.example.com/api/v1', # default: supermarket.chef.io + #'--no-ssl-verify', + '--no-git', + '--log-level', 'info', + ] +end + +task default: ['style', 'spec'] diff --git a/cookbooks/ups_utils/attributes/default.rb b/cookbooks/ups_utils/attributes/default.rb new file mode 100644 index 0000000..9a57c42 --- /dev/null +++ b/cookbooks/ups_utils/attributes/default.rb @@ -0,0 +1,81 @@ +# +# Cookbook Name:: ups_utils +# Attributes:: default +# +# Copyright 2018, whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +default['ups_utils']['nut'] = { + 'secrets' => { +=begin + # => , + # `{{}}` in the templates (`upsd.users`, `upsmon.conf`) are replaced + # with the each value in chef-vault. + 'upsmon_password' => { + 'vault' => 'nut', + 'name' => 'upsmon', + # single password or nested hash password path delimited by slash + 'env_context' => false, + 'key' => 'password', # real hash path: "/password" + # or nested hash password path delimited by slash + #'env_context' => true, + #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password" + }, +=end + }, + 'hosts.conf' => { # for cgi + 'MONITORs' => [ + #'by80s@localhost "Local - Omron BY80S"', + #'by80s@upsd.example.com "@upsd - Omron BY80S"', + ], + }, + 'nut.conf' => { + 'MODE' => 'none', + }, + 'ups.conf' => { + # 'by80s' => { + # 'driver' => 'blazer_usb', + # 'port' => 'auto', + # 'desc' => '"Omron UPS"', + # 'vendorid' => '0590', + # 'productid' => '00a1', + # 'subdriver' => 'ippon', + # 'default.battery.voltage.high' => '27.2', + # 'default.battery.voltage.low' => '23.5', + # }, + }, + 'upsd.conf' => { + 'LISTENs' => [ + #'LISTEN 127.0.0.1 3493', + #'LISTEN 0.0.0.0 3493', + ], + }, + 'upsd.users' => { + # 'upsmon' => { + # 'password' => '{{upsmon_password}}', + # 'upsmon' => 'master', + # }, + }, + 'upsmon.conf' => { + 'MONITORs' => [ + #'by80s@localhost 1 {{user_password}} master', + #'by80s@localhost 1 upsmon {{upsmon_password}} master', + ], + }, + 'udev_usbups_rules' => [ + # Omron BY80S - blazer_usb + #'ATTR{idVendor}=="0590", ATTR{idProduct}=="00a1", MODE="664", GROUP="nut"', + ], +} diff --git a/cookbooks/ups_utils/concourse.yml b/cookbooks/ups_utils/concourse.yml new file mode 100644 index 0000000..d373185 --- /dev/null +++ b/cookbooks/ups_utils/concourse.yml @@ -0,0 +1,101 @@ +--- +resources: +- name: src-git + type: git + source: + uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git + branch: master + paths: + - cookbooks/((cookbook-name)) + private_key: ((git-private-key)) + git_user: ((git-user-osdn)) + #check_every: 1h # default: 1m +- name: chefdk-cache + type: docker-image + source: + repository: chef/chefdk + tag: ((chefdk-version)) + # ((param)) style: fly >= 3.2.0 + registry_mirror: https://((registry-mirror-domain)) # e.g. https://registry.docker.example.com:5000 + ca_certs: + - domain: ((registry-mirror-domain)) # e.g. registry.docker.example.com:5000 + cert: ((docker-reg-ca-cert)) + check_every: 6h # default: 1m + +jobs: +- name: test-cookbook + plan: + - aggregate: + - get: src-git + params: + depth: 5 + trigger: true + - get: chefdk-cache + - task: ci-build + image: chefdk-cache + params: + http_proxy: ((http-proxy)) # e.g. http://proxy.example.com:3128 + #HTTP_PROXY: ((http-proxy)) + config: + platform: linux + #image_resource: + # type: docker-image + # source: + # repository: chef/chefdk + # tag: ((chefdk-version)) + # NG, setting disable + #registry_mirror: https://((registry-mirror-domain)) + #ca_certs: + #- domain: ((registry-mirror-domain)) + # cert: ((docker-reg-ca-cert)) + inputs: + - name: src-git + run: + #dir: ./src-git/cookbooks/((cookbook-name)) + #path: rake + path: /bin/bash + args: + - -c + - | + cd ./src-git/cookbooks/((cookbook-name)) + bundle config --local silence_root_warning 1 + bundle install + rake +- name: publish-cookbook + plan: + - aggregate: + - get: src-git + params: + depth: 5 + trigger: false + passed: [test-cookbook] + - get: chefdk-cache + passed: [test-cookbook] + - task: publish + image: chefdk-cache + params: + http_proxy: ((http-proxy)) + chef_username: ((chef-username)) + chef_client_key: ((chef-client-key)) + config: + platform: linux + inputs: + - name: src-git + run: + path: /bin/bash + args: + - -c + - | + echo '{"username":"((chef-username))","key":"/root/chef-client-key.pem"}' > /root/.stove + echo "$chef_client_key" > /root/chef-client-key.pem + cd ./src-git/cookbooks/((cookbook-name)) + bundle config --local silence_root_warning 1 + bundle install + rake publish + - put: src-git + params: + repository: src-git + tag_prefix: ((cookbook-name))- + tag: src-git/cookbooks/((cookbook-name))/version + only_tag: true + annotate: src-git/cookbooks/((cookbook-name))/version diff --git a/cookbooks/ups_utils/fly-vars.local.yml b/cookbooks/ups_utils/fly-vars.local.yml new file mode 100644 index 0000000..4334c76 --- /dev/null +++ b/cookbooks/ups_utils/fly-vars.local.yml @@ -0,0 +1,2 @@ +--- +cookbook-name: ups_utils diff --git a/cookbooks/ups_utils/fly-vars.yml b/cookbooks/ups_utils/fly-vars.yml index 8865c70..76f2fcd 100644 --- a/cookbooks/ups_utils/fly-vars.yml +++ b/cookbooks/ups_utils/fly-vars.yml @@ -1,3 +1,2 @@ --- -cookbook-name: ups_utils chefdk-version: 1.6.11 diff --git a/cookbooks/ups_utils/metadata.rb b/cookbooks/ups_utils/metadata.rb new file mode 100644 index 0000000..373e7b8 --- /dev/null +++ b/cookbooks/ups_utils/metadata.rb @@ -0,0 +1,15 @@ +name 'ups_utils' +maintainer 'whitestar' +maintainer_email '' +license 'Apache 2.0' +description 'Installs/Configures Network UPS Tools' +long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) +version IO.read(File.join(File.dirname(__FILE__), 'version')).chomp +source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git' +issues_url 'https://osdn.jp/projects/metasearch/ticket' + +chef_version '>= 12' +supports 'debian', '>= 9.0' +supports 'ubuntu', '>= 16.04' + +depends 'ssl_cert', '>= 0.4.1' diff --git a/cookbooks/ups_utils/recipes/default.rb b/cookbooks/ups_utils/recipes/default.rb new file mode 100644 index 0000000..b4da8f2 --- /dev/null +++ b/cookbooks/ups_utils/recipes/default.rb @@ -0,0 +1,18 @@ +# +# Cookbook Name:: ups_utils +# Recipe:: default +# +# Copyright 2018, whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# diff --git a/cookbooks/ups_utils/recipes/nut-cgi.rb b/cookbooks/ups_utils/recipes/nut-cgi.rb new file mode 100644 index 0000000..f3830eb --- /dev/null +++ b/cookbooks/ups_utils/recipes/nut-cgi.rb @@ -0,0 +1,33 @@ +# +# Cookbook Name:: ups_utils +# Recipe:: nut-cgi +# +# Copyright 2018, whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package 'nut-cgi' do + action :install +end + +[ + 'hosts.conf', +].each {|tpl| + template "/etc/nut/#{tpl}" do + source "etc/nut/#{tpl}" + owner 'root' + group 'root' + mode '0644' + end +} diff --git a/cookbooks/ups_utils/recipes/nut.rb b/cookbooks/ups_utils/recipes/nut.rb new file mode 100644 index 0000000..1544ec8 --- /dev/null +++ b/cookbooks/ups_utils/recipes/nut.rb @@ -0,0 +1,71 @@ +# +# Cookbook Name:: ups_utils +# Recipe:: nut +# +# Copyright 2018, whitestar +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +mode = node['ups_utils']['nut']['nut.conf']['MODE'] +is_server = (mode == 'standalone' || mode == 'netserver') + +package 'nut' do + action :install +end + +service 'nut-server' do + action [:enable] if is_server + supports status: true, restart: true, reload: false +end + +service 'nut-client' do + action [:nothing] + supports status: true, restart: true, reload: false +end + +template '/lib/udev/rules.d/53-nut-usbups-local.rules' do + source 'lib/udev/rules.d/53-nut-usbups-local.rules' + owner 'root' + group 'root' + mode '0644' + not_if { node['ups_utils']['nut']['udev_usbups_rules'].empty? } +end + +secrets = {} +node['ups_utils']['nut']['secrets'].each {|key, vault_item| + secrets[key] = get_vault_item_value(vault_item) +} + +[ + 'nut.conf', + 'ups.conf', + 'upsd.conf', + 'upsd.users', + 'upsmon.conf', +].each {|tpl| + template "/etc/nut/#{tpl}" do + source "etc/nut/#{tpl}" + owner 'root' + group 'nut' + mode '0640' + if tpl == 'upsd.users' || tpl == 'upsmon.conf' + sensitive true + variables( + secrets: secrets + ) + end + notifies :restart, 'service[nut-server]' if is_server + notifies :restart, 'service[nut-client]' + end +} diff --git a/cookbooks/ups_utils/spec/recipes/default_spec.rb b/cookbooks/ups_utils/spec/recipes/default_spec.rb new file mode 100644 index 0000000..97def8c --- /dev/null +++ b/cookbooks/ups_utils/spec/recipes/default_spec.rb @@ -0,0 +1,9 @@ +require_relative '../spec_helper' + +describe 'ups_utils::default' do + let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) } + + #it 'does something' do + # expect(chef_run).to do_something('...') + #end +end diff --git a/cookbooks/ups_utils/spec/spec_helper.rb b/cookbooks/ups_utils/spec/spec_helper.rb new file mode 100644 index 0000000..1995e2b --- /dev/null +++ b/cookbooks/ups_utils/spec/spec_helper.rb @@ -0,0 +1,25 @@ +# Added by ChefSpec +require 'chefspec' + +# Uncomment to use ChefSpec's Berkshelf extension +# require 'chefspec/berkshelf' + +RSpec.configure do |config| + # Specify the path for Chef Solo to find cookbooks + # config.cookbook_path = '/var/cookbooks' + + # Specify the path for Chef Solo to find roles + # config.role_path = '/var/roles' + + # Specify the Chef log_level (default: :warn) + # config.log_level = :debug + + # Specify the path to a local JSON file with Ohai data + # config.path = 'ohai.json' + + # Specify the operating platform to mock Ohai data from + # config.platform = 'ubuntu' + + # Specify the operating version to mock Ohai data from + # config.version = '12.04' +end diff --git a/cookbooks/ups_utils/templates/default/etc/nut/hosts.conf b/cookbooks/ups_utils/templates/default/etc/nut/hosts.conf new file mode 100644 index 0000000..633314a --- /dev/null +++ b/cookbooks/ups_utils/templates/default/etc/nut/hosts.conf @@ -0,0 +1,38 @@ +# Network UPS Tools: example hosts.conf +# +# This file is used to control the CGI programs. If you have not +# installed them, you may safely ignore or delete this file. +# +# ----------------------------------------------------------------------- +# +# upsstats will use the list of MONITOR entries when displaying the +# default template (upsstats.html). The "FOREACHUPS" directive in the +# template will use this file to find systems running upsd. +# +# upsstats and upsimage also use this file to determine if a host may be +# monitored. This keeps evil people from using your system to annoy +# others with unintended queries. +# +# upsset presents a list of systems that may be viewed and controlled +# using this file. +# +# ----------------------------------------------------------------------- +# +# Usage: list systems running upsd that you want to monitor +# +# MONITOR "" +# +# Examples: +# +# MONITOR myups@localhost "Local UPS" +# MONITOR su2200@10.64.1.1 "Finance department" +# MONITOR matrix@shs-server.example.edu "Sierra High School data room #1" + +<% +node['ups_utils']['nut']['hosts.conf']['MONITORs'].each {|item| +-%> +MONITOR <%= item %> +<% +} +-%> + diff --git a/cookbooks/ups_utils/templates/default/etc/nut/nut.conf b/cookbooks/ups_utils/templates/default/etc/nut/nut.conf new file mode 100644 index 0000000..05d37ae --- /dev/null +++ b/cookbooks/ups_utils/templates/default/etc/nut/nut.conf @@ -0,0 +1,33 @@ +# Network UPS Tools: example nut.conf +# +############################################################################## +# General section +############################################################################## +# The MODE determines which part of the NUT is to be started, and which +# configuration files must be modified. +# +# This file try to standardize the various files being found in the field, like +# /etc/default/nut on Debian based systems, /etc/sysconfig/ups on RedHat based +# systems, ... Distribution's init script should source this file to see which +# component(s) has to be started. +# +# The values of MODE can be: +# - none: NUT is not configured, or use the Integrated Power Management, or use +# some external system to startup NUT components. So nothing is to be started. +# - standalone: This mode address a local only configuration, with 1 UPS +# protecting the local system. This implies to start the 3 NUT layers (driver, +# upsd and upsmon) and the matching configuration files. This mode can also +# address UPS redundancy. +# - netserver: same as for the standalone configuration, but also need +# some more network access controls (firewall, tcp-wrappers) and possibly a +# specific LISTEN directive in upsd.conf. +# Since this MODE is opened to the network, a special care should be applied +# to security concerns. +# - netclient: this mode only requires upsmon. +# +# IMPORTANT NOTE: +# This file is intended to be sourced by shell scripts. +# You MUST NOT use spaces around the equal sign! + +MODE=<%= node['ups_utils']['nut']['nut.conf']['MODE'] %> + diff --git a/cookbooks/ups_utils/templates/default/etc/nut/ups.conf b/cookbooks/ups_utils/templates/default/etc/nut/ups.conf new file mode 100644 index 0000000..9b3d302 --- /dev/null +++ b/cookbooks/ups_utils/templates/default/etc/nut/ups.conf @@ -0,0 +1,139 @@ +# Network UPS Tools: example ups.conf +# +# --- SECURITY NOTE --- +# +# If you use snmp-ups and set a community string in here, you +# will have to secure this file to keep other users from obtaining +# that string. It needs to be readable by upsdrvctl and any drivers, +# and by upsd. +# +# --- +# +# This is where you configure all the UPSes that this system will be +# monitoring directly. These are usually attached to serial ports, but +# USB devices and SNMP devices are also supported. +# +# This file is used by upsdrvctl to start and stop your driver(s), and +# is also used by upsd to determine which drivers to monitor. The +# drivers themselves also read this file for configuration directives. +# +# The general form is: +# +# [upsname] +# driver = +# port = +# < any other directives here > +# +# The section header ([upsname]) can be just about anything as long as +# it is a single word inside brackets. upsd uses this to uniquely +# identify a UPS on this system. +# +# If you have a UPS called snoopy, your section header would be "[snoopy]". +# On a system called "doghouse", the line in your upsmon.conf to monitor +# it would look something like this: +# +# MONITOR snoopy@doghouse 1 upsmonuser mypassword master +# +# It might look like this if monitoring in slave mode: +# +# MONITOR snoopy@doghouse 1 upsmonuser mypassword slave +# +# Configuration directives +# ------------------------ +# +# These directives are used by upsdrvctl only and should be specified outside +# of a driver definition: +# +# maxretry: Optional. Specify the number of attempts to start the driver(s), +# in case of failure, before giving up. A delay of 'retrydelay' is +# inserted between each attempt. Caution should be taken when using +# this option, since it can impact the time taken by your system to +# start. +# +# The default is 1 attempt. +# +# retrydelay: Optional. Specify the delay between each restart attempt of the +# driver(s), as specified by 'maxretry'. Caution should be taken +# when using this option, since it can impact the time taken by your +# system to start. +# +# The default is 5 seconds. +# +# These directives are common to all drivers that support ups.conf: +# +# driver: REQUIRED. Specify the program to run to talk to this UPS. +# apcsmart, bestups, and sec are some examples. +# +# port: REQUIRED. The serial port where your UPS is connected. +# /dev/ttyS0 is usually the first port on Linux boxes, for example. +# +# sdorder: optional. When you have multiple UPSes on your system, you +# usually need to turn them off in a certain order. upsdrvctl +# shuts down all the 0s, then the 1s, 2s, and so on. To exclude +# a UPS from the shutdown sequence, set this to -1. +# +# The default value for this parameter is 0. +# +# nolock: optional, and not recommended for use in this file. +# +# If you put nolock in here, the driver will not lock the +# serial port every time it starts. This may allow other +# processes to seize the port if you start more than one by +# mistake. +# +# This is only intended to be used on systems where locking +# absolutely must be disabled for the software to work. +# +# maxstartdelay: optional. This can be set as a global variable +# above your first UPS definition and it can also be +# set in a UPS section. This value controls how long +# upsdrvctl will wait for the driver to finish starting. +# This keeps your system from getting stuck due to a +# broken driver or UPS. +# +# The default is 45 seconds. +# +# +# Anything else is passed through to the hardware-specific part of +# the driver. +# +# Examples +# -------- +# +# A simple example for a UPS called "powerpal" that uses the blazer_ser +# driver on /dev/ttyS0 is: +# +# [powerpal] +# driver = blazer_ser +# port = /dev/ttyS0 +# desc = "Web server" +# +# If your UPS driver requires additional settings, you can specify them +# here. For example, if it supports a setting of "1234" for the +# variable "cable", it would look like this: +# +# [myups] +# driver = mydriver +# port = /dev/ttyS1 +# cable = 1234 +# desc = "Something descriptive" +# +# To find out if your driver supports any extra settings, start it with +# the -h option and/or read the driver's documentation. + +# Set maxretry to 3 by default, this should mitigate race with slow devices: +maxretry = 3 + + +<% +node['ups_utils']['nut']['ups.conf'].each {|ups, items| +-%> +[<%= ups %>] +<% + items.each {|key, value| +-%> +<%= key %> = <%= value %> +<% + } +} +-%> diff --git a/cookbooks/ups_utils/templates/default/etc/nut/upsd.conf b/cookbooks/ups_utils/templates/default/etc/nut/upsd.conf new file mode 100644 index 0000000..a00815e --- /dev/null +++ b/cookbooks/ups_utils/templates/default/etc/nut/upsd.conf @@ -0,0 +1,116 @@ +# Network UPS Tools: example upsd configuration file +# +# This file contains access control data, you should keep it secure. +# +# It should only be readable by the user that upsd becomes. See the FAQ. +# +# Each entry below provides usage and default value. + +# ======================================================================= +# MAXAGE +# MAXAGE 15 +# +# This defaults to 15 seconds. After a UPS driver has stopped updating +# the data for this many seconds, upsd marks it stale and stops making +# that information available to clients. After all, the only thing worse +# than no data is bad data. +# +# You should only use this if your driver has difficulties keeping +# the data fresh within the normal 15 second interval. Watch the syslog +# for notifications from upsd about staleness. + +# ======================================================================= +# STATEPATH +# STATEPATH /var/run/nut +# +# Tell upsd to look for the driver state sockets in 'path' rather +# than the default that was compiled into the program. + +# ======================================================================= +# LISTEN
[] +# LISTEN 127.0.0.1 3493 +# LISTEN ::1 3493 +# +# This defaults to the localhost listening addresses and port 3493. +# In case of IP v4 or v6 disabled kernel, only the available one will be used. +# +# You may specify each interface you want upsd to listen on for connections, +# optionally with a port number. +# +# You may need this if you have multiple interfaces on your machine and +# you don't want upsd to listen to all interfaces (for instance on a +# firewall, you may not want to listen to the external interface). +# +# This will only be read at startup of upsd. If you make changes here, +# you'll need to restart upsd, reload will have no effect. +<% +node['ups_utils']['nut']['upsd.conf']['LISTENs'].each {|item| +-%> +LISTEN <%= item %> +<% +} +-%> + +# ======================================================================= +# MAXCONN +# MAXCONN 1024 +# +# This defaults to maximum number allowed on your system. Each UPS, each +# LISTEN address and each client count as one connection. If the server +# runs out of connections, it will no longer accept new incoming client +# connections. Only set this if you know exactly what you're doing. + +# ======================================================================= +# CERTFILE +# CERTFILE /usr/local/ups/etc/upsd.pem +# +# When compiled with SSL support with OpenSSL backend, +# you can enter the certificate file here. +# The certificates must be in PEM format and must be sorted starting with +# the subject's certificate (server certificate), followed by intermediate +# CA certificates (if applicable_ and the highest level (root) CA. It should +# end with the server key. See 'docs/security.txt' or the Security chapter of +# NUT user manual for more information on the SSL support in NUT. +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# ======================================================================= +# CERTPATH +# CERTPATH /usr/local/ups/etc/cert/upsd +# +# When compiled with SSL support with NSS backend, +# you can enter the certificate path here. +# Certificates are stored in a dedicated database (splitted in 3 files). +# Specify the path of the database directory. +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# ======================================================================= +# CERTIDENT +# CERTIDENT "my nut server" "MyPasSw0rD" +# +# When compiled with SSL support with NSS backend, +# you can specify the certificate name to retrieve from database to +# authenticate itself and the password +# required to access certificate related private key. +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# ======================================================================= +# CERTREQUEST +# CERTREQUEST REQUIRE +# +# When compiled with SSL support with NSS backend and client certificate +# validation (disabled by default, see 'docs/security.txt'), +# you can specify if upsd requests or requires client's' certificates. +# Possible values are : +# - 0 to not request to clients to provide any certificate +# - 1 to require to all clients a certificate +# - 2 to require to all clients a valid certificate +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + diff --git a/cookbooks/ups_utils/templates/default/etc/nut/upsd.users b/cookbooks/ups_utils/templates/default/etc/nut/upsd.users new file mode 100644 index 0000000..cfb07ab --- /dev/null +++ b/cookbooks/ups_utils/templates/default/etc/nut/upsd.users @@ -0,0 +1,98 @@ +# Network UPS Tools: Example upsd.users +# +# This file sets the permissions for upsd - the UPS network daemon. +# Users are defined here, are given passwords, and their privileges are +# controlled here too. Since this file will contain passwords, keep it +# secure, with only enough permissions for upsd to read it. + +# -------------------------------------------------------------------------- + +# Each user gets a section. To start a section, put the username in +# brackets on a line by itself. To set something for that user, specify +# it under that section heading. The username is case-sensitive, so +# admin and AdMiN are two different users. +# +# Possible settings: +# +# password: The user's password. This is case-sensitive. +# +# -------------------------------------------------------------------------- +# +# actions: Let the user do certain things with upsd. +# +# Valid actions are: +# +# SET - change the value of certain variables in the UPS +# FSD - set the "forced shutdown" flag in the UPS +# +# -------------------------------------------------------------------------- +# +# instcmds: Let the user initiate specific instant commands. Use "ALL" +# to grant all commands automatically. There are many possible +# commands, so use 'upscmd -l' to see what your hardware supports. Here +# are a few examples: +# +# test.panel.start - Start a front panel test +# test.battery.start - Start battery test +# test.battery.stop - Stop battery test +# calibrate.start - Start calibration +# calibrate.stop - Stop calibration +# +# -------------------------------------------------------------------------- +# +# Example: +# +# [admin] +# password = mypass +# actions = SET +# instcmds = ALL +# + +# +# --- Configuring for a user who can execute tests only +# +# [testuser] +# password = pass +# instcmds = test.battery.start +# instcmds = test.battery.stop + +# +# --- Configuring for upsmon +# +# To add a user for your upsmon, use this example: +# +# [upsmon] +# password = pass +# upsmon master +# or +# upsmon slave +# +# The matching MONITOR line in your upsmon.conf would look like this: +# +# MONITOR myups@localhost 1 upsmon pass master (or slave) + + +<% +node['ups_utils']['nut']['upsd.users'].each {|user, items| +-%> +[<%= user %>] +<% + items.each {|key, value| + # Note: value is a frozen String. + val = +value # unfreeze + @secrets.each {|sec_key, sec_val| + val.gsub!("{{#{sec_key}}}", sec_val) + } + + if key == 'upsmon' +-%> +<%= key %> <%= val %> +<% + else +-%> +<%= key %> = <%= val %> +<% + end + } +} +-%> diff --git a/cookbooks/ups_utils/templates/default/etc/nut/upsmon.conf b/cookbooks/ups_utils/templates/default/etc/nut/upsmon.conf new file mode 100644 index 0000000..686abaa --- /dev/null +++ b/cookbooks/ups_utils/templates/default/etc/nut/upsmon.conf @@ -0,0 +1,389 @@ +# Network UPS Tools: example upsmon configuration +# +# This file contains passwords, so keep it secure. + +# -------------------------------------------------------------------------- +# RUN_AS_USER +# +# By default, upsmon splits into two processes. One stays as root and +# waits to run the SHUTDOWNCMD. The other one switches to another userid +# and does everything else. +# +# The default nonprivileged user is set at compile-time with +# 'configure --with-user=...'. +# +# You can override it with '-u ' when starting upsmon, or just +# define it here for convenience. +# +# Note: if you plan to use the reload feature, this file (upsmon.conf) +# must be readable by this user! Since it contains passwords, DO NOT +# make it world-readable. Also, do not make it writable by the upsmon +# user, since it creates an opportunity for an attack by changing the +# SHUTDOWNCMD to something malicious. +# +# For best results, you should create a new normal user like "nutmon", +# and make it a member of a "nut" group or similar. Then specify it +# here and grant read access to the upsmon.conf for that group. +# +# This user should not have write access to upsmon.conf. +# +# RUN_AS_USER nut + +# -------------------------------------------------------------------------- +# MONITOR ("master"|"slave") +# +# List systems you want to monitor. Not all of these may supply power +# to the system running upsmon, but if you want to watch it, it has to +# be in this section. +# +# You must have at least one of these declared. +# +# is a UPS identifier in the form @[:] +# like ups@localhost, su700@mybox, etc. +# +# Examples: +# +# - "su700@mybox" means a UPS called "su700" on a system called "mybox" +# +# - "fenton@bigbox:5678" is a UPS called "fenton" on a system called +# "bigbox" which runs upsd on port "5678". +# +# The UPS names like "su700" and "fenton" are set in your ups.conf +# in [brackets] which identify a section for a particular driver. +# +# If the ups.conf on host "doghouse" has a section called "snoopy", the +# identifier for it would be "snoopy@doghouse". +# +# is an integer - the number of power supplies that this UPS +# feeds on this system. Most computers only have one power supply, so this +# is normally set to 1. You need a pretty big or special box to have any +# other value here. +# +# You can also set this to 0 for a system that doesn't supply any power, +# but you still want to monitor. Use this when you want to hear about +# changes for a given UPS without shutting down when it goes critical, +# unless is 0. +# +# and must match an entry in that system's +# upsd.users. If your username is "monmaster" and your password is +# "blah", the upsd.users would look like this: +# +# [monmaster] +# password = blah +# upsmon master (or slave) +# +# "master" means this system will shutdown last, allowing the slaves +# time to shutdown first. +# +# "slave" means this system shuts down immediately when power goes critical. +# +# Examples: +# +# MONITOR myups@bigserver 1 monmaster blah master +# MONITOR su700@server.example.com 1 upsmon secretpass slave +# MONITOR myups@localhost 1 upsmon pass master (or slave) +<% +node['ups_utils']['nut']['upsmon.conf']['MONITORs'].each {|item| + # Note: item is a frozen String. + val = +item # unfreeze + @secrets.each {|sec_key, sec_val| + val.gsub!("{{#{sec_key}}}", sec_val) + } +-%> +MONITOR <%= val %> +<% +} +-%> + +# -------------------------------------------------------------------------- +# MINSUPPLIES +# +# Give the number of power supplies that must be receiving power to keep +# this system running. Most systems have one power supply, so you would +# put "1" in this field. +# +# Large/expensive server type systems usually have more, and can run with +# a few missing. The HP NetServer LH4 can run with 2 out of 4, for example, +# so you'd set that to 2. The idea is to keep the box running as long +# as possible, right? +# +# Obviously you have to put the redundant supplies on different UPS circuits +# for this to make sense! See big-servers.txt in the docs subdirectory +# for more information and ideas on how to use this feature. + +MINSUPPLIES 1 + +# -------------------------------------------------------------------------- +# SHUTDOWNCMD "" +# +# upsmon runs this command when the system needs to be brought down. +# +# This should work just about everywhere ... if it doesn't, well, change it. + +SHUTDOWNCMD "/sbin/shutdown -h +0" + +# -------------------------------------------------------------------------- +# NOTIFYCMD +# +# upsmon calls this to send messages when things happen +# +# This command is called with the full text of the message as one argument. +# The environment string NOTIFYTYPE will contain the type string of +# whatever caused this event to happen. +# +# Note that this is only called for NOTIFY events that have EXEC set with +# NOTIFYFLAG. See NOTIFYFLAG below for more details. +# +# Making this some sort of shell script might not be a bad idea. For more +# information and ideas, see docs/scheduling.txt +# +# Example: +# NOTIFYCMD /bin/notifyme + +# -------------------------------------------------------------------------- +# POLLFREQ +# +# Polling frequency for normal activities, measured in seconds. +# +# Adjust this to keep upsmon from flooding your network, but don't make +# it too high or it may miss certain short-lived power events. + +POLLFREQ 5 + +# -------------------------------------------------------------------------- +# POLLFREQALERT +# +# Polling frequency in seconds while UPS on battery. +# +# You can make this number lower than POLLFREQ, which will make updates +# faster when any UPS is running on battery. This is a good way to tune +# network load if you have a lot of these things running. +# +# The default is 5 seconds for both this and POLLFREQ. + +POLLFREQALERT 5 + +# -------------------------------------------------------------------------- +# HOSTSYNC - How long upsmon will wait before giving up on another upsmon +# +# The master upsmon process uses this number when waiting for slaves to +# disconnect once it has set the forced shutdown (FSD) flag. If they +# don't disconnect after this many seconds, it goes on without them. +# +# Similarly, upsmon slave processes wait up to this interval for the +# master upsmon to set FSD when a UPS they are monitoring goes critical - +# that is, on battery and low battery. If the master doesn't do its job, +# the slaves will shut down anyway to avoid damage to the file systems. +# +# This "wait for FSD" is done to avoid races where the status changes +# to critical and back between polls by the master. + +HOSTSYNC 15 + +# -------------------------------------------------------------------------- +# DEADTIME - Interval to wait before declaring a stale ups "dead" +# +# upsmon requires a UPS to provide status information every few seconds +# (see POLLFREQ and POLLFREQALERT) to keep things updated. If the status +# fetch fails, the UPS is marked stale. If it stays stale for more than +# DEADTIME seconds, the UPS is marked dead. +# +# A dead UPS that was last known to be on battery is assumed to have gone +# to a low battery condition. This may force a shutdown if it is providing +# a critical amount of power to your system. +# +# Note: DEADTIME should be a multiple of POLLFREQ and POLLFREQALERT. +# Otherwise you'll have "dead" UPSes simply because upsmon isn't polling +# them quickly enough. Rule of thumb: take the larger of the two +# POLLFREQ values, and multiply by 3. + +DEADTIME 15 + +# -------------------------------------------------------------------------- +# POWERDOWNFLAG - Flag file for forcing UPS shutdown on the master system +# +# upsmon will create a file with this name in master mode when it's time +# to shut down the load. You should check for this file's existence in +# your shutdown scripts and run 'upsdrvctl shutdown' if it exists. +# +# See the shutdown.txt file in the docs subdirectory for more information. + +POWERDOWNFLAG /etc/killpower + +# -------------------------------------------------------------------------- +# NOTIFYMSG - change messages sent by upsmon when certain events occur +# +# You can change the default messages to something else if you like. +# +# NOTIFYMSG "message" +# +# NOTIFYMSG ONLINE "UPS %s on line power" +# NOTIFYMSG ONBATT "UPS %s on battery" +# NOTIFYMSG LOWBATT "UPS %s battery is low" +# NOTIFYMSG FSD "UPS %s: forced shutdown in progress" +# NOTIFYMSG COMMOK "Communications with UPS %s established" +# NOTIFYMSG COMMBAD "Communications with UPS %s lost" +# NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding" +# NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced" +# NOTIFYMSG NOCOMM "UPS %s is unavailable" +# NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible" +# +# Note that %s is replaced with the identifier of the UPS in question. +# +# Possible values for : +# +# ONLINE : UPS is back online +# ONBATT : UPS is on battery +# LOWBATT : UPS has a low battery (if also on battery, it's "critical") +# FSD : UPS is being shutdown by the master (FSD = "Forced Shutdown") +# COMMOK : Communications established with the UPS +# COMMBAD : Communications lost to the UPS +# SHUTDOWN : The system is being shutdown +# REPLBATT : The UPS battery is bad and needs to be replaced +# NOCOMM : A UPS is unavailable (can't be contacted for monitoring) +# NOPARENT : The process that shuts down the system has died (shutdown impossible) + +# -------------------------------------------------------------------------- +# NOTIFYFLAG - change behavior of upsmon when NOTIFY events occur +# +# By default, upsmon sends walls (global messages to all logged in users) +# and writes to the syslog when things happen. You can change this. +# +# NOTIFYFLAG [+][+] ... +# +# NOTIFYFLAG ONLINE SYSLOG+WALL +# NOTIFYFLAG ONBATT SYSLOG+WALL +# NOTIFYFLAG LOWBATT SYSLOG+WALL +# NOTIFYFLAG FSD SYSLOG+WALL +# NOTIFYFLAG COMMOK SYSLOG+WALL +# NOTIFYFLAG COMMBAD SYSLOG+WALL +# NOTIFYFLAG SHUTDOWN SYSLOG+WALL +# NOTIFYFLAG REPLBATT SYSLOG+WALL +# NOTIFYFLAG NOCOMM SYSLOG+WALL +# NOTIFYFLAG NOPARENT SYSLOG+WALL +# +# Possible values for the flags: +# +# SYSLOG - Write the message in the syslog +# WALL - Write the message to all users on the system +# EXEC - Execute NOTIFYCMD (see above) with the message +# IGNORE - Don't do anything +# +# If you use IGNORE, don't use any other flags on the same line. + +# -------------------------------------------------------------------------- +# RBWARNTIME - replace battery warning time in seconds +# +# upsmon will normally warn you about a battery that needs to be replaced +# every 43200 seconds, which is 12 hours. It does this by triggering a +# NOTIFY_REPLBATT which is then handled by the usual notify structure +# you've defined above. +# +# If this number is not to your liking, override it here. + +RBWARNTIME 43200 + +# -------------------------------------------------------------------------- +# NOCOMMWARNTIME - no communications warning time in seconds +# +# upsmon will let you know through the usual notify system if it can't +# talk to any of the UPS entries that are defined in this file. It will +# trigger a NOTIFY_NOCOMM by default every 300 seconds unless you +# change the interval with this directive. + +NOCOMMWARNTIME 300 + +# -------------------------------------------------------------------------- +# FINALDELAY - last sleep interval before shutting down the system +# +# On a master, upsmon will wait this long after sending the NOTIFY_SHUTDOWN +# before executing your SHUTDOWNCMD. If you need to do something in between +# those events, increase this number. Remember, at this point your UPS is +# almost depleted, so don't make this too high. +# +# Alternatively, you can set this very low so you don't wait around when +# it's time to shut down. Some UPSes don't give much warning for low +# battery and will require a value of 0 here for a safe shutdown. +# +# Note: If FINALDELAY on the slave is greater than HOSTSYNC on the master, +# the master will give up waiting for the slave to disconnect. + +FINALDELAY 5 + +# -------------------------------------------------------------------------- +# CERTPATH - path to certificates (database directory or directory with CA's) +# +# When compiled with SSL support, you can enter the certificate path here. +# +# With NSS: +# Certificates are stored in a dedicated database (splitted in 3 files). +# Specify the path of the database directory. +# +# CERTPATH /etc/nut/cert/upsmon +# +# With OpenSSL: +# Directory containing CA certificates in PEM format, used to verify +# the server certificate presented by the upsd server. The files each +# contain one CA certificate. The files are looked up by the CA subject +# name hash value, which must hence be available. +# +# CERTPATH /usr/ssl/certs +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# -------------------------------------------------------------------------- +# CERTIDENT - self certificate name and database password +# CERTIDENT +# +# When compiled with SSL support with NSS, you can specify the certificate +# name to retrieve from database to authenticate itself and the password +# required to access certificate related private key. +# +# CERTIDENT "my nut monitor" "MyPasSw0rD" +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# -------------------------------------------------------------------------- +# CERTHOST - security properties for an host +# CERTHOST +# +# When compiled with SSL support with NSS, you can specify security directive +# for each server you can contact. +# Each entry maps server name with the expected certificate name and flags +# indicating if the server certificate is verified and if the connection +# must be secure. +# +# CERTHOST localhost "My nut server" 1 1 +# +# See 'docs/security.txt' or the Security chapter of NUT user manual +# for more information on the SSL support in NUT. + +# -------------------------------------------------------------------------- +# CERTVERIFY - make upsmon verify all connections with certificates +# CERTVERIFY 1 +# +# When compiled with SSL support, make upsmon verify all connections with +# certificates. +# Without this, there is no guarantee that the upsd is the right host. +# Enabling this greatly reduces the risk of man in the middle attacks. +# This effectively forces the use of SSL, so don't use this unless +# all of your upsd hosts are ready for SSL and have their certificates +# in order. +# When compiled with NSS support of SSL, can be overriden for host +# specified with a CERTHOST directive. + + +# -------------------------------------------------------------------------- +# FORCESSL - force upsmon to use SSL +# FORCESSL 1 +# +# When compiled with SSL, specify that a secured connection must be used +# to communicate with upsd. +# If you don't use 'CERTVERIFY 1', then this will at least make sure +# that nobody can sniff your sessions without a large effort. Setting +# this will make upsmon drop connections if the remote upsd doesn't +# support SSL, so don't use it unless all of them have it running. +# When compiled with NSS support of SSL, can be overriden for host +# specified with a CERTHOST directive. diff --git a/cookbooks/ups_utils/templates/default/lib/udev/rules.d/53-nut-usbups-local.rules b/cookbooks/ups_utils/templates/default/lib/udev/rules.d/53-nut-usbups-local.rules new file mode 100644 index 0000000..fdbde4e --- /dev/null +++ b/cookbooks/ups_utils/templates/default/lib/udev/rules.d/53-nut-usbups-local.rules @@ -0,0 +1,18 @@ +# This file cantains local settings for the Network UPS Tools. + +ACTION!="add|change", GOTO="nut-usbups_rules_end" +SUBSYSTEM=="usb_device", GOTO="nut-usbups_rules_real" +SUBSYSTEM=="usb", GOTO="nut-usbups_rules_real" +SUBSYSTEM!="usb", GOTO="nut-usbups_rules_end" + +LABEL="nut-usbups_rules_real" + +<% +node['ups_utils']['nut']['udev_usbups_rules'].each {|rule| +-%> +<%= rule %> +<% +} +-%> + +LABEL="nut-usbups_rules_end" diff --git a/cookbooks/ups_utils/version b/cookbooks/ups_utils/version new file mode 100644 index 0000000..6e8bf73 --- /dev/null +++ b/cookbooks/ups_utils/version @@ -0,0 +1 @@ +0.1.0 -- 2.11.0