Apcupsd Shutdown Program

Basic Instructions to Setup apcupsd - Under Construction

A demonstration on how to implement the apcupsd program.

The following information outlines the basic steps.

apcupsd

Many machine rooms incorporate the use of APC power conditioner/backup units. These APC units are only effective if there is a means for the APC to trigger a shutdown to the client machines when the power goes down. Otherwise the clients will simply drain the battery on the APC and will ultimately shutdown uncleanly.

APC distributes Powerchute. Powerchute is a Windows based program which basically monitors the APC and will provide a clean shutdown to Windows machines. This does not help if your machine room has boxes that are of other "better" operating systems. These instructions are for those who are not running Windows and require apcupsd to shutdown their machines

Getting Started

These are notes for setting up apcupsd in a larger machine room environment. There are several APC UPSs supporting an array of machines running on various OSs. Instead of setting up several control servers I am setting up one control server with an associated UPS to monitor the power for the entire machine room. The problem with this configuration is if the power/circuit breaker goes out for single control server it will assume that the power is off for the entire lab and commence a shutdown. This risk is taken into account.

Here's how I'm setting up the environment. The central control server is running the standard apcupsd program. The onbattery and offbattery scripts have been modified. These scripts contain a listing of all the machines in the lab. The scripts will also iterate through the list and execute a 'upswatch' command a each of the remote machines. The 'upswatch' command will perform a operating system specific shutdown command on each of the machines. If power returns prior to the completion of the shutdown the shutdown will be aborted.

The first thing you'll need to do is optain apcupsd. You can find it here . Follow the build instructions . Chances are you shouldn't simply run the configure script without adding additional arguments. Check out ./configure --help for further information. Since I'm running OpenBSD I am not configuring with --enable-pthreads. There are issues with the OpenBSD pthread implementation. Here's a configure example:

./configure --with-cgi-bin=/var/www/cgi-bin --enable-cgi --with-css-dir=/var/www/apcupsd/css

--enable-cgi This enables the building of the CGI programs that permit Web browser access to apcupsd data. This option is not necessary for the proper execution of apcupsd.

--with-cgi-bin=<path> The with-cgi-bin configuration option allows you to define the directory where the CGI programs will be installed. The default is /etc/apcupsd, which is probably not what you want.

--with-css-dir=<path> This option allows you to specify where you want apcupsd to put the Cascading Style Sheet that goes with the multimoncss.cgi CGI program.

Depending how you configured the build you will probably find the apcupsd configuration files/shell scripts under /etc/apcupsd and the apcupsd executable and associated support binaries under /sbin

% ls /etc/apcupsd
apccontrol apcupsd.css commfailure hosts.conf masterconnect multimon.conf apcupsd.conf changeme commok mainsback mastertimeout onbattery

Setting up SSH

mmand including an ssh command that will iterate The apcuspd is running on your control server
/etc/apcupsd

ssh_config
# the client run the following commands:
$ mkdir -p $HOME/.ssh $ chmod 0700 $HOME/.ssh $ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key). # Copy $HOME/.ssh/id_dsa.pub to the server. # On the server run the following commands:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2 $ chmod 0600 $HOME/.ssh/authorized_keys2
Depending on the version of OpenSSH the following commands may also be required:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys $ chmod 0600 $HOME/.ssh/authorized_keys
An alternative is to create a link from authorized_keys2 to authorized_keys:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
# On the client test the results by ssh'ing to the server:
$ ssh -i $HOME/.ssh/id_dsa server
# (Optional) Add the following $HOME/.ssh/config on the client:
Host server IdentityFile ~/.ssh/id_dsa
This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time. upswatch is the name of the user On Solaris, disable the /home automounter so that you can manually create a local home directory
# Master map for automounter # +auto_master /net -hosts -nosuid,nobrowse /home /xfn -xfn chmod 610 upswatch chmod u+s upswatch chmod 4710 /usr/local/sysadm/upswatch
On Solaris 10 restart the automounter and sshd to reset the configuration vcadm disable -t network/ssh:default vcadm disable -t svc:/system/filesystem/autofs:default kill sshd to restart ipv6 enabled needs to ::ffff: prefix chmod 4710 /usr/local/sysadm/upswatch kill sshd to restart allow only sshd connection from a particular host
ipv6 enabled needs to ::ffff: prefix from="::ffff:12.34.56.789",command="/usr/local/sysadm/upswatch",no-port-forwardi ng,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss AAAAB3NzaC1kc3MAAACBAJBS Phet2CmK/Z8dTql506J8dnY9ZDEvkeKxgTIXLSNnIAC0SAdg9DVFbhyBr3/c/uyRNOcwjkP4FtIae0pRW M+OLvViHkEWjZhyr9kD4VGWeAeD7yshNoGUpxGu0MBWb6NnDj5WXvRe6MEblKjwhjvMvqR+6tGv6+9Re RBuOqFejAAAAFQCXQkABKl5mUuGQVqpgggd6JWWuQAAAIBzv8LnaH9V7AbzkgHYQPj7o7eNxSCyC0Zm J72p+pY3MGP9tU17ajopeTYCU0G5mGp5dpuzs2WyIO391/GsxiIn9NS/kX8YNUUDTmYpZE7wDCxayim5 vW1Gn3T6F/1H+gXeAphS8MuquzlT7URiwP/VCMSBmE27qqWilLp7JlvXxQAAAIBILpu/uT4eXL73kBKt N/PISg0qJXvQP3sbmRGrtRSa7xfk5ARxEs0/9V9KyZpp+vzVY4u2eTtCmoEcKTQ0kouSi5eQwLhkvxum xhdDey5kuCUHFc+didtRhKuyt7ip3prCO6XB4ifny0tROyYHHp1vzrsgXFTwYveUPfbI+Ddu8Q== ups watch@yourmachine.com
/usr/local/bin/ssh -F /etc/apcupsd/ssh_config upswatch@yourhost.yourdomain.com log this is a test # on solaris cc -xc99 -o upswatch upswatch.c -lsocket -lnsl Solaris groupadd upswatch useradd -g upswatch upswatch useradd -m -g upswatch upswatch edit the shadow and change the LK to NP

updated: 06Oct06