upsmon Can not initialize SSL context + letsencrypt

root@rkn · 19-06-2018 16:01:48

et oui, sa arrive toujours sur les choses les plus simples !!! help welcome

bonjour a tous,

TJe tente d'installer un onduleur usb type EATON 850pro sur une Debian Stretch Stable.
J'ai des certificats letsencrypt installés et fonctionnels

Quand je veux manager/discuter avec l'onduleur, j'ai ce retour:

upsmon Can not initialize SSL context

Via usb, je peux lancer:

lsusb

 

Bus 009 Device 003: ID 0463:ffff MGE UPS Systems UPS

Procédures d'installation, verification et de configuration:

apt-get install nut libupsclient1 nut-client nut-server

suivie de:

upsdrvctl start

Network UPS Tools - UPS driver controller 2.7.4

Network UPS Tools - Generic HID driver 0.41 (2.7.4)

USB communication driver 0.33

Using subdriver: MGE HID 1.39

Mes fichiers de configurations avec nut=standalone

/etc/nut/ups.conf

[850PRO]

driver = usbhid-ups

port = auto

desc = "850PRO"

/etc/nut/upsd.conf

STATEPATH /var/run/nut

MAXCONN 1024

# CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem

CERTPATH /etc/letsencrypt/live/REDACTED/

# CERTIDENT "my nut server" "MyPasSw0rD"

# CERTREQUEST REQUIRE

#  - 0 to not request to clients to provide any certificate

#  - 1 to require to all clients a certificate

#  - 2 to require to all clients a valid certificate

LISTEN ::1 3493

LISTEN 127.0.0.1 3493

/etc/nut/upsd.users

#upsmon master

[admin]

    password = 1401

    allowfrom = localhost

    upsmon master

    actions = SET

    instcmds = ALL

/etc/nut/upsmon.conf

MINSUPPLIES 1

SHUTDOWNCMD "/sbin/shutdown -h +1"

POLLFREQ 10

POLLFREQALERT 10

HOSTSYNC 15

DEADTIME 20

POWERDOWNFLAG /etc/killpower

RBWARNTIME 432000

NOCOMMWARNTIME 300

FINALDELAY 4

CERTPATH /etc/letsencrypt/live/REDACTED/

# CERTHOST <hostname> <certificate name> <certverify> <forcessl>

# CERTVERIFY 1

# FORCESSL 0

MONITOR 850PRO@localhost 1 admin 1401 master

SHUTDOWNCMD "/sbin/shutdown -h now"

HOSTSYNC 15

POWERDOWNFLAG /etc/nut/killpower

FINALDELAY 5

NOTIFYCMD /sbin/upssched

NOTIFYMSG ONBATT "%s is on battery"

NOTIFYMSG ONLINE "%s is back online"

NOTIFYMSG LOWBATT "%s has a low battery!"

NOTIFYMSG SHUTDOWN "System is being shutdown!"

NOTIFYFLAG ONLINE SYSLOG+EXEC

NOTIFYFLAG ONBATT SYSLOG+EXEC

NOTIFYFLAG LOWBATT SYSLOG+EXEC

NOTIFYFLAG FSD SYSLOG+WALL+EXEC

NOTIFYFLAG COMMOK SYSLOG+EXEC

NOTIFYFLAG COMMBAD SYSLOG+EXEC

NOTIFYFLAG SHUTDOWN SYSLOG+EXEC

NOTIFYFLAG REPLBATT SYSLOG+EXEC

NOTIFYFLAG NOCOMM SYSLOG+EXEC

/etc/nut/upssched.conf

LOCKFN /var/lib/nut/upssched.lock

PIPEFN /var/lib/nut/upssched.pipe

CMDSCRIPT /bin/upssched-cmd

AT ONBATT * START-TIMER onbatt1 13

AT ONLINE * CANCEL-TIMER onbatt1

#AT ONBATT * START-TIMER earlyshutdown 30

#AT ONLINE * CANCEL-TIMER earlyshutdown

AT ONBATT * START-TIMER onbattwarn 30

AT ONLINE * CANCEL-TIMER onbattwarn

Lorsuqe je fais:

/etc/init.d/ups-monitor restart && tail -f /var/log/syslog

[ ok ] Restarting ups-monitor (via systemctl): ups-monitor.service.

Jun 19 16:34:54 REDACTED systemd[1]: Stopping LSB: Network UPS Tools monitor initscript...

Jun 19 16:34:55 REDACTED ups-monitor[7377]: Stopping NUT - power device monitor and shutdown controller: nut-client.

Jun 19 16:34:55 REDACTED systemd[1]: Stopped LSB: Network UPS Tools monitor initscript.

Jun 19 16:34:55 REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript...

Jun 19 16:34:55 REDACTED upsmon[7387]: Startup successful

Jun 19 16:34:55 REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown controller: nut-client.

Jun 19 16:34:55 REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript.

Jun 19 16:34:55 REDACTED upsmon[7389]: Init SSL with cerificate database located at /etc/letsencrypt/live/REDACTED/

Jun 19 16:34:55 REDACTED upsmon[7389]: Can not initialize SSL context

Jun 19 16:34:55 REDACTED upsmon[7387]: upsmon parent: read

et autrement, un status donne:

/etc/init.d/ups-monitor status

● ups-monitor.service - LSB: Network UPS Tools monitor initscript

   Loaded: loaded (/etc/init.d/ups-monitor; generated; vendor preset: enabled)

   Active: active (exited) since Tue 2018-06-19 16:34:55 CEST; 2min 18s ago

     Docs: man:systemd-sysv-generator(8)

  Process: 7377 ExecStop=/etc/init.d/ups-monitor stop (code=exited, status=0/SUCCESS)

  Process: 7382 ExecStart=/etc/init.d/ups-monitor start (code=exited, status=0/SUCCESS)

REDACTED systemd[1]: Starting LSB: Network UPS Tools monitor initscript...

REDACTED upsmon[7387]: Startup successful

REDACTED ups-monitor[7382]: Starting NUT - power device monitor and shutdown contr…lient.

REDACTED systemd[1]: Started LSB: Network UPS Tools monitor initscript.

REDACTED upsmon[7389]: Init SSL with cerificate database located at /etc/letsencry…/

Et pour finir, lorsque je fait:

upsl -l

et ou

upsc 850PRO@localhost

 

Error: Connection failure: Connection refused

 

Voila, je suis un peu stupide car je pense que c'est tous simple mais ...

Dernière modification par root@rkn (19-06-2018 16:03:28)

root@rkn · 23-06-2018 15:22:01

ben non, ont est pas en plein mois d’août, pourtant il y a personne ...

root@rkn · 27-06-2018 13:36:51

Bon, pas beaucoup d'aide.... en attendant, j'avance un peu:

Mes corrections:

1: Bien penser a ouvrir son firewall pour le port 3493

2: changer le chown et chmod des répertoire pour letsenctypt.
Création d'un nouveau group letsups qui groupe les utilisateurs suivant: root, nut, cerbot

chown -R root:letsup /etc/letsencrypt 

Puis modification des droit pour drwxrwxr--

3: Corrections des fichiers de conf

/etc/nut/upsd.conf ( correction CERTFILE et CERTIODENT )

# MAXAGE <seconds>

# MAXAGE 15

# STATEPATH <path>

STATEPATH /var/run/nut

MAXCONN 1024

CERTFILE /etc/letsencrypt/live/REDACTED/cert.pem

CERTPATH /etc/letsencrypt/live/REDACTED/

CERTIODENT "USER" "PASSWORD"

# CERTREQUEST <certificate request level>

# CERTREQUEST REQUIRE - 0

#  - 0 to not request to clients to provide any certificate

#  - 1 to require to all clients a certificate

#  - 2 to require to all clients a valid certificate

LISTEN ::1 3493

LISTEN 127.0.0.1 3493

/etc/nut/upsd.users ( correction allowfrom plus nescesaire )

#upsmon master

[admin]

    password = 1401

# allowfrom = localhost

    upsmon master

    actions = SET

    instcmds = ALL

4: relancer le service

Lorsque je fait:

upsc -l

j'obtiens maintenant

upsc -l

Init SSL without certificate database

850PRO

et

 upsc 850PRO@localhost

Init SSL without certificate database

battery.charge: 95

battery.charge.low: 20

battery.runtime: 2548

battery.type: PbAc

device.mfr: EATON

device.model: Ellipse PRO 850

device.serial: REDACTED

device.type: ups

driver.name: usbhid-ups

driver.parameter.pollfreq: 30

driver.parameter.pollinterval: 2

driver.parameter.port: auto

driver.parameter.synchronous: no

driver.version: 2.7.4

driver.version.data: MGE HID 1.39

driver.version.internal: 0.41

input.frequency: 50.0

input.transfer.high: 285

input.transfer.low: 165

input.voltage: 237.0

input.voltage.extended: no

outlet.1.desc: PowerShare Outlet 1

outlet.1.id: 2

outlet.1.status: on

outlet.1.switchable: no

outlet.2.desc: PowerShare Outlet 2

outlet.2.id: 3

outlet.2.status: on

outlet.2.switchable: no

outlet.desc: Main Outlet

outlet.id: 1

outlet.switchable: no

output.frequency: 50.0

output.frequency.nominal: 50

output.voltage: 238.0

output.voltage.nominal: 230

ups.beeper.status: enabled

ups.delay.shutdown: 20

ups.delay.start: 30

ups.firmware: 01.16.0020

ups.load: 11

ups.mfr: EATON

ups.model: Ellipse PRO 850

ups.power: 98

ups.power.nominal: 850

ups.productid: ffff

ups.realpower: 63

ups.serial: REDACTED

ups.status: OL

ups.timer.shutdown: 0

ups.timer.start: 0

ups.vendorid: 0463

Ce qui est nettement mieux.

Le warning sur le SSL de la db m’embêtes un peux mais bon.

Des idées ... ? pour ceux qui peuvent ...

root@rkn · 12-08-2018 02:34:33

Un up, si quelqu'un voit mon erreur, svp !!!

Freemaster · 12-08-2018 08:24:03

Salut,

je ne sais pas si cela va corriger ou pas, mais je tenterais bien :

apt install ca-certificates

et modifier /etc/nut/upsd.conf

CERTFILE /etc/letsencrypt/live/REDACTED/fullchain.pem

CERTPATH /etc/ssl/certs

Dernière modification par Freemaster (12-08-2018 08:24:33)

root@rkn · 12-08-2018 21:24:04

Freemaster a écrit :

Salut,

je ne sais pas si cela va corriger ou pas, mais je tenterais bien :

apt install ca-certificates

et modifier /etc/nut/upsd.conf

CERTFILE /etc/letsencrypt/live/REDACTED/fullchain.pem
CERTPATH /etc/ssl/certs

Merci, mais ca-certificates Package: ca-certificates (20161130+nmu1+deb9u1) est inutile pour moi, car je suis en headless. Pas de navigateur et openssl est deja present.

Common CA certificates

Contains the certificate authorities shipped with Mozilla's browser to allow SSL-based applications to check for the authenticity of SSL connections

root@rkn · 12-08-2018 21:25:56

En visitant le site du support devell de nut sir github https://github.com/networkupstools/nut/issues il semblerait qu'il y ait un soucis lié a debian actuellement.

Je vais donc suspendre temporairement ma tentative pour fixer mon probleme.

Merci a tous.

root@rkn · 13-08-2018 22:28:43

officiel, plusieurs problèmes en cours

https://github.com/networkupstools/nut/issues/572

Debian-facile

#1 19-06-2018 16:01:48

upsmon Can not initialize SSL context + letsencrypt

#2 23-06-2018 15:22:01

Re : upsmon Can not initialize SSL context + letsencrypt

#3 27-06-2018 13:36:51

Re : upsmon Can not initialize SSL context + letsencrypt

#4 12-08-2018 02:34:33

Re : upsmon Can not initialize SSL context + letsencrypt

#5 12-08-2018 08:24:03

Re : upsmon Can not initialize SSL context + letsencrypt

#6 12-08-2018 21:24:04

Re : upsmon Can not initialize SSL context + letsencrypt

#7 12-08-2018 21:25:56

Re : upsmon Can not initialize SSL context + letsencrypt

#8 13-08-2018 22:28:43

Re : upsmon Can not initialize SSL context + letsencrypt

Pied de page des forums