• R/O
  • HTTP
  • SSH
  • HTTPS

grid-chef-repo: コミット

Grid環境構築用のChefリポジトリです。


コミットメタ情報

リビジョンe1b5723a755dbadd77d56187f01f6e63e6da8773 (tree)
日時2018-09-15 18:30:04
作者whitestar <whitestar@user...>
コミッターwhitestar

ログメッセージ

adds ups_utils cookbook.

変更サマリ

差分

--- /dev/null
+++ b/cookbooks/ups_utils/.foodcritic
@@ -0,0 +1 @@
1+~FC001
--- /dev/null
+++ b/cookbooks/ups_utils/.rubocop.yml
@@ -0,0 +1,53 @@
1+AllCops:
2+ Exclude:
3+ - vendor/**/*
4+
5+AlignParameters:
6+ Enabled: false
7+LineLength:
8+ Enabled: false
9+Lint/UnusedBlockArgument:
10+ Enabled: false
11+Metrics/AbcSize:
12+ Enabled: false
13+Style/BlockComments:
14+ Enabled: false
15+Style/BlockDelimiters:
16+ Enabled: false
17+Style/ExtraSpacing:
18+ Enabled: false
19+Style/FileName:
20+ Enabled: false
21+Style/LeadingCommentSpace:
22+ Enabled: false
23+Style/RescueModifier:
24+ Enabled: false
25+Style/SpaceAroundOperators:
26+ Enabled: false
27+Style/SpaceBeforeFirstArg:
28+ Enabled: false
29+Style/SpaceInsideBlockBraces:
30+ Enabled: false
31+Style/SpaceInsidePercentLiteralDelimiters:
32+ Enabled: false
33+Style/TrailingCommaInLiteral:
34+ EnforcedStyleForMultiline: consistent_comma
35+Style/WordArray:
36+ Enabled: false
37+
38+#Lint/ShadowingOuterLocalVariable:
39+# Enabled: false
40+#Metrics/MethodLength:
41+# Max: 10
42+#Metrics/ModuleLength:
43+# Max: 100
44+#Metrics/CyclomaticComplexity:
45+# Max: 6
46+#Metrics/PerceivedComplexity:
47+# Max: 7
48+#Style/AccessorMethodName:
49+# Enabled: false
50+#Style/MultilineOperationIndentation:
51+# Enabled: false
52+#Style/PerlBackrefs:
53+# Enabled: false
--- /dev/null
+++ b/cookbooks/ups_utils/Berksfile
@@ -0,0 +1,19 @@
1+#
2+# Copyright 2018 whitestar
3+#
4+# Licensed under the Apache License, Version 2.0 (the "License");
5+# you may not use this file except in compliance with the License.
6+# You may obtain a copy of the License at
7+#
8+# http://www.apache.org/licenses/LICENSE-2.0
9+#
10+# Unless required by applicable law or agreed to in writing, software
11+# distributed under the License is distributed on an "AS IS" BASIS,
12+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+# See the License for the specific language governing permissions and
14+# limitations under the License.
15+#
16+
17+source 'https://supermarket.chef.io'
18+
19+metadata
--- /dev/null
+++ b/cookbooks/ups_utils/CHANGELOG.md
@@ -0,0 +1,6 @@
1+ups_utils CHANGELOG
2+===================
3+
4+0.1.0
5+-----
6+- Initial release of ups_utils
--- /dev/null
+++ b/cookbooks/ups_utils/Gemfile
@@ -0,0 +1,4 @@
1+source 'https://rubygems.org'
2+
3+# with Chef DK
4+gem 'stove'
--- /dev/null
+++ b/cookbooks/ups_utils/Gemfile.lock
@@ -0,0 +1,22 @@
1+GEM
2+ remote: https://rubygems.org/
3+ specs:
4+ chef-api (0.8.0)
5+ logify (~> 0.1)
6+ mime-types
7+ logify (0.2.0)
8+ mime-types (3.2.2)
9+ mime-types-data (~> 3.2015)
10+ mime-types-data (3.2018.0812)
11+ stove (6.0.0)
12+ chef-api (~> 0.5)
13+ logify (~> 0.2)
14+
15+PLATFORMS
16+ ruby
17+
18+DEPENDENCIES
19+ stove
20+
21+BUNDLED WITH
22+ 1.16.0
--- /dev/null
+++ b/cookbooks/ups_utils/README.md
@@ -0,0 +1,258 @@
1+ups_utils Cookbook
2+==================
3+
4+This cookbook sets up Network UPS Tools.
5+
6+## Contents
7+
8+- [Requirements](#requirements)
9+ - [platforms](#platforms)
10+ - [packages](#packages)
11+- [Attributes](#attributes)
12+- [Usage](#usage)
13+ - [Recipes](#recipes)
14+ - [ups_utils::default](#ups_utilsdefault)
15+ - [ups_utils::nut](#ups_utilsnut)
16+ - [ups_utils::nut-cgi](#ups_utilsnut-cgi)
17+ - [Role Examples](#role-examples)
18+ - [Secrets management by Chef Vault](#secrets-management-by-chef-vault)
19+- [License and Authors](#license-and-authors)
20+
21+## Requirements
22+
23+### platforms
24+
25+- Debian >= 9.0
26+- Ubuntu >= 16.04
27+
28+### packages
29+- none.
30+
31+## Attributes
32+
33+|Key|Type|Description, example|Default|
34+|:--|:--|:--|:--|
35+|`['ups_utils']['nut']['secrets']`|String|Chef-vault conf. for secrets (password,...).|empty. See `attributes/default.rb`|
36+|`['ups_utils']['nut']['hosts.conf']`|Hash|Conf. for CGI.|empty. See `attributes/default.rb`|
37+|`['ups_utils']['nut']['hosts.conf']['MONITORs']`|Array|e.g. `['by80s@upsd.example.com "@upsd - Omron BY80S"']`|empty.|
38+|`['ups_utils']['nut']['nut.conf']`|Hash||See `attributes/default.rb`|
39+|`['ups_utils']['nut']['nut.conf']['MODE']`|String|`'none'`, `'netclient'`, `'standalone'` or `'netserver'`|`'none'`|
40+|`['ups_utils']['nut']['ups.conf']`|Hash||empty. See `attributes/default.rb`|
41+|`['ups_utils']['nut']['upsd.conf']`|Hash||See `attributes/default.rb`|
42+|`['ups_utils']['nut']['upsd.conf']['LISTENs']`|Array|e.g. `['LISTEN 0.0.0.0 3493']`|empty.|
43+|`['ups_utils']['nut']['upsd.users']`|String||empty. See `attributes/default.rb`|
44+|`['ups_utils']['nut']['upsmon.conf']`|Hash||See `attributes/default.rb`|
45+|`['ups_utils']['nut']['upsmon.conf']['MONITORs']`|Array|e.g. `['by80s@localhost 1 upsmon {{upsmon_password}} master']`|empty.|
46+|`['ups_utils']['nut']['udev_usbups_rules']`|Array|e.g. `['ATTR{idVendor}=="0590", ATTR{idProduct}=="00a1", MODE="664", GROUP="nut"']`|empty.|
47+
48+## Usage
49+
50+### Recipes
51+
52+#### ups_utils::default
53+
54+This recipe does nothing.
55+
56+#### ups_utils::nut
57+
58+This recipe sets up a NUT server or client.
59+
60+#### ups_utils::nut-cgi
61+
62+This recipe configures NUT CGI.
63+
64+### Role Examples
65+
66+- `roles/nut-server.rb`
67+
68+```ruby
69+name 'nut-server'
70+description 'Network UPS Tools Server'
71+
72+upsd_port = '3493'
73+
74+run_list(
75+ 'recipe[ups_utils::nut]',
76+)
77+
78+override_attributes(
79+ 'ups_utils' => {
80+ 'nut' => {
81+ 'secrets' => {
82+ 'upsmon_password' => {
83+ 'vault' => 'nut',
84+ 'name' => 'upsmon',
85+ 'env_context' => false,
86+ 'key' => 'password', # real hash path: "/password"
87+ },
88+ },
89+ 'nut.conf' => {
90+ 'MODE' => 'netserver',
91+ },
92+ 'ups.conf' => {
93+ 'by80s' => {
94+ 'driver' => 'blazer_usb',
95+ 'port' => 'auto',
96+ 'desc' => '"Omron UPS"',
97+ 'vendorid' => '0590',
98+ 'productid' => '00a1',
99+ 'subdriver' => 'ippon',
100+ 'default.battery.voltage.high' => '27.2',
101+ 'default.battery.voltage.low' => '23.5',
102+ },
103+ },
104+ 'upsd.conf' => {
105+ 'LISTENs' => [
106+ "0.0.0.0 #{upsd_port}",
107+ ],
108+ },
109+ 'upsd.users' => {
110+ 'upsmon' => {
111+ 'password' => '{{upsmon_password}}',
112+ 'upsmon' => 'master',
113+ },
114+ },
115+ 'upsmon.conf' => {
116+ 'MONITORs' => [
117+ 'by80s@localhost 1 upsmon {{upsmon_password}} master',
118+ ],
119+ },
120+ 'udev_usbups_rules' => [
121+ '# Omron BY80S - blazer_usb',
122+ 'ATTR{idVendor}=="0590", ATTR{idProduct}=="00a1", MODE="664", GROUP="nut"',
123+ ],
124+ },
125+ },
126+)
127+```
128+
129+- `roles/nut-client.rb`
130+
131+```ruby
132+name 'nut-client'
133+description 'Network UPS Tools Client'
134+
135+nut_host = 'upsd.example.com'
136+
137+run_list(
138+ 'recipe[ups_utils::nut]',
139+)
140+
141+override_attributes(
142+ 'ups_utils' => {
143+ 'nut' => {
144+ 'secrets' => {
145+ 'upsmon_password' => {
146+ 'vault' => 'nut',
147+ 'name' => 'upsmon',
148+ 'env_context' => false,
149+ 'key' => 'password', # real hash path: "/password"
150+ },
151+ },
152+ 'nut.conf' => {
153+ 'MODE' => 'netclient',
154+ },
155+ 'upsd.conf' => {
156+ 'LISTENs' => [
157+ # empty,
158+ ],
159+ },
160+ 'upsmon.conf' => {
161+ 'MONITORs' => [
162+ "by80s@#{nut_host} 1 upsmon {{upsmon_password}} master",
163+ ],
164+ },
165+ },
166+ },
167+)
168+```
169+
170+- `roles/nut-cgi.rb`
171+
172+```ruby
173+name 'nut-cgi'
174+description 'Network UPS Tools CGI'
175+
176+nut_host = 'upsd.example.com'
177+
178+run_list(
179+ 'role[nut-client]',
180+ 'recipe[ups_utils::nut-cgi]',
181+)
182+
183+override_attributes(
184+ 'ups_utils' => {
185+ 'nut' => {
186+ 'hosts.conf' => {
187+ 'MONITORs' => [
188+ %(by80s@#{nut_host} "@#{nut_host.split('.')[0]} - Omron BY80S"),
189+ ],
190+ },
191+ },
192+ },
193+)
194+```
195+
196+### Secrets management by Chef Vault
197+
198+- create vault items.
199+
200+```text
201+$ cat ~/sec/tmp/upsmon_password.json
202+{
203+ "password":"********************"
204+}
205+
206+$ cd $CHEF_REPO_PATH
207+$ knife vault create nut upsmon --json ~/sec/tmp/upsmon_password.json
208+```
209+
210+- grant reference permission to the upsd host
211+
212+```text
213+$ knife vault update nut upsmon -S 'name:upsd-host.example.com'
214+```
215+
216+- modify attributes
217+
218+```ruby
219+override_attributes(
220+ 'ups_utils' => {
221+ 'nut' => {
222+ 'secrets' => {
223+ 'upsmon_password' => {
224+ 'vault' => 'nut',
225+ 'name' => 'upsmon',
226+ # single password or nested hash password path delimited by slash
227+ 'env_context' => false,
228+ 'key' => 'password', # real hash path: "/password"
229+ # or nested hash password path delimited by slash
230+ #'env_context' => true,
231+ #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
232+ },
233+ },
234+ # ...
235+ },
236+ },
237+)
238+```
239+
240+## License and Authors
241+
242+- Author:: whitestar at osdn.jp
243+
244+```text
245+Copyright 2018, whitestar
246+
247+Licensed under the Apache License, Version 2.0 (the "License");
248+you may not use this file except in compliance with the License.
249+You may obtain a copy of the License at
250+
251+ http://www.apache.org/licenses/LICENSE-2.0
252+
253+Unless required by applicable law or agreed to in writing, software
254+distributed under the License is distributed on an "AS IS" BASIS,
255+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
256+See the License for the specific language governing permissions and
257+limitations under the License.
258+```
--- /dev/null
+++ b/cookbooks/ups_utils/Rakefile
@@ -0,0 +1,93 @@
1+require 'rspec/core/rake_task'
2+require 'rubocop/rake_task'
3+require 'foodcritic'
4+require 'stove/rake_task'
5+
6+tpl_cookbook = '00cookbook'
7+cookbook_name = File.basename(Dir.pwd)
8+
9+desc 'Initialize project'
10+task :init do
11+ next if cookbook_name == tpl_cookbook
12+
13+ ruby [
14+ %(-pne '$_.gsub!(/^cookbook-name: .*$/, "cookbook-name: #{cookbook_name}")'),
15+ '-i fly-vars.local.yml',
16+ ].join(' ')
17+
18+ [
19+ '.foodcritic',
20+ '.rubocop.yml',
21+ 'Berksfile',
22+ 'concourse.yml',
23+ 'fly-vars.yml',
24+ 'fly-vars.local.yml',
25+ 'Gemfile',
26+ 'Gemfile.lock',
27+ 'version',
28+ ].each {|conf|
29+ sh "cp ../#{tpl_cookbook}/#{conf} ./" unless File.exist?(conf)
30+ }
31+end
32+
33+desc 'Update project'
34+task :update do
35+ next if cookbook_name == tpl_cookbook
36+
37+ [
38+ 'Rakefile',
39+ 'concourse.yml',
40+ 'fly-vars.yml',
41+ 'Gemfile',
42+ 'Gemfile.lock',
43+ ].each {|conf|
44+ sh "cp ../#{tpl_cookbook}/#{conf} ./"
45+ }
46+end
47+
48+desc 'fly set-pipeline'
49+task :'set-pipeline' do
50+ sh [
51+ "fly -t $CC_TARGET sp -p #{cookbook_name}-cookbook -c concourse.yml",
52+ '-l fly-vars.yml -l fly-vars.local.yml -l ~/sec/credentials-prod.yml',
53+ ].join(' ')
54+end
55+desc 'rake set-pipeline alias'
56+task sp: 'set-pipeline'
57+
58+namespace :style do
59+ desc 'Run Ruby style checks'
60+ RuboCop::RakeTask.new(:ruby) do |t|
61+ t.options = [
62+ '--auto-gen-config', # creates .rubocop_todo.yml
63+ ]
64+ end
65+
66+ desc 'Run Chef style checks'
67+ FoodCritic::Rake::LintTask.new(:chef) do |t|
68+ t.options = {
69+ fail_tags: ['any'],
70+ }
71+ end
72+end
73+
74+desc 'Run all style checks'
75+task style: ['style:chef', 'style:ruby']
76+
77+desc 'Run ChefSpec examples'
78+RSpec::Core::RakeTask.new(:spec)
79+
80+desc 'Publish cookbook'
81+Stove::RakeTask.new(:publish) do |t|
82+ t.stove_opts = [
83+ # `--username` and `--key` are set in ~/.stove typically.
84+ #'--username', 'somebody',
85+ #'--key', '~/chef/chef.io.example.com/somebody.pem',
86+ #'--endpoint', 'https://supermarket.io.example.com/api/v1', # default: supermarket.chef.io
87+ #'--no-ssl-verify',
88+ '--no-git',
89+ '--log-level', 'info',
90+ ]
91+end
92+
93+task default: ['style', 'spec']
--- /dev/null
+++ b/cookbooks/ups_utils/attributes/default.rb
@@ -0,0 +1,81 @@
1+#
2+# Cookbook Name:: ups_utils
3+# Attributes:: default
4+#
5+# Copyright 2018, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+default['ups_utils']['nut'] = {
21+ 'secrets' => {
22+=begin
23+ # <key_name> => <chef-vault conf.>,
24+ # `{{<key_name>}}` in the templates (`upsd.users`, `upsmon.conf`) are replaced
25+ # with the each value in chef-vault.
26+ 'upsmon_password' => {
27+ 'vault' => 'nut',
28+ 'name' => 'upsmon',
29+ # single password or nested hash password path delimited by slash
30+ 'env_context' => false,
31+ 'key' => 'password', # real hash path: "/password"
32+ # or nested hash password path delimited by slash
33+ #'env_context' => true,
34+ #'key' => 'hash/path/to/password', # real hash path: "/#{node.chef_environment}/hash/path/to/password"
35+ },
36+=end
37+ },
38+ 'hosts.conf' => { # for cgi
39+ 'MONITORs' => [
40+ #'by80s@localhost "Local - Omron BY80S"',
41+ #'by80s@upsd.example.com "@upsd - Omron BY80S"',
42+ ],
43+ },
44+ 'nut.conf' => {
45+ 'MODE' => 'none',
46+ },
47+ 'ups.conf' => {
48+ # 'by80s' => {
49+ # 'driver' => 'blazer_usb',
50+ # 'port' => 'auto',
51+ # 'desc' => '"Omron UPS"',
52+ # 'vendorid' => '0590',
53+ # 'productid' => '00a1',
54+ # 'subdriver' => 'ippon',
55+ # 'default.battery.voltage.high' => '27.2',
56+ # 'default.battery.voltage.low' => '23.5',
57+ # },
58+ },
59+ 'upsd.conf' => {
60+ 'LISTENs' => [
61+ #'LISTEN 127.0.0.1 3493',
62+ #'LISTEN 0.0.0.0 3493',
63+ ],
64+ },
65+ 'upsd.users' => {
66+ # 'upsmon' => {
67+ # 'password' => '{{upsmon_password}}',
68+ # 'upsmon' => 'master',
69+ # },
70+ },
71+ 'upsmon.conf' => {
72+ 'MONITORs' => [
73+ #'by80s@localhost 1 <user> {{user_password}} master',
74+ #'by80s@localhost 1 upsmon {{upsmon_password}} master',
75+ ],
76+ },
77+ 'udev_usbups_rules' => [
78+ # Omron BY80S - blazer_usb
79+ #'ATTR{idVendor}=="0590", ATTR{idProduct}=="00a1", MODE="664", GROUP="nut"',
80+ ],
81+}
--- /dev/null
+++ b/cookbooks/ups_utils/concourse.yml
@@ -0,0 +1,101 @@
1+---
2+resources:
3+- name: src-git
4+ type: git
5+ source:
6+ uri: ((git-id-osdn))@git.osdn.net:/gitroot/metasearch/grid-chef-repo.git
7+ branch: master
8+ paths:
9+ - cookbooks/((cookbook-name))
10+ private_key: ((git-private-key))
11+ git_user: ((git-user-osdn))
12+ #check_every: 1h # default: 1m
13+- name: chefdk-cache
14+ type: docker-image
15+ source:
16+ repository: chef/chefdk
17+ tag: ((chefdk-version))
18+ # ((param)) style: fly >= 3.2.0
19+ registry_mirror: https://((registry-mirror-domain)) # e.g. https://registry.docker.example.com:5000
20+ ca_certs:
21+ - domain: ((registry-mirror-domain)) # e.g. registry.docker.example.com:5000
22+ cert: ((docker-reg-ca-cert))
23+ check_every: 6h # default: 1m
24+
25+jobs:
26+- name: test-cookbook
27+ plan:
28+ - aggregate:
29+ - get: src-git
30+ params:
31+ depth: 5
32+ trigger: true
33+ - get: chefdk-cache
34+ - task: ci-build
35+ image: chefdk-cache
36+ params:
37+ http_proxy: ((http-proxy)) # e.g. http://proxy.example.com:3128
38+ #HTTP_PROXY: ((http-proxy))
39+ config:
40+ platform: linux
41+ #image_resource:
42+ # type: docker-image
43+ # source:
44+ # repository: chef/chefdk
45+ # tag: ((chefdk-version))
46+ # NG, setting disable
47+ #registry_mirror: https://((registry-mirror-domain))
48+ #ca_certs:
49+ #- domain: ((registry-mirror-domain))
50+ # cert: ((docker-reg-ca-cert))
51+ inputs:
52+ - name: src-git
53+ run:
54+ #dir: ./src-git/cookbooks/((cookbook-name))
55+ #path: rake
56+ path: /bin/bash
57+ args:
58+ - -c
59+ - |
60+ cd ./src-git/cookbooks/((cookbook-name))
61+ bundle config --local silence_root_warning 1
62+ bundle install
63+ rake
64+- name: publish-cookbook
65+ plan:
66+ - aggregate:
67+ - get: src-git
68+ params:
69+ depth: 5
70+ trigger: false
71+ passed: [test-cookbook]
72+ - get: chefdk-cache
73+ passed: [test-cookbook]
74+ - task: publish
75+ image: chefdk-cache
76+ params:
77+ http_proxy: ((http-proxy))
78+ chef_username: ((chef-username))
79+ chef_client_key: ((chef-client-key))
80+ config:
81+ platform: linux
82+ inputs:
83+ - name: src-git
84+ run:
85+ path: /bin/bash
86+ args:
87+ - -c
88+ - |
89+ echo '{"username":"((chef-username))","key":"/root/chef-client-key.pem"}' > /root/.stove
90+ echo "$chef_client_key" > /root/chef-client-key.pem
91+ cd ./src-git/cookbooks/((cookbook-name))
92+ bundle config --local silence_root_warning 1
93+ bundle install
94+ rake publish
95+ - put: src-git
96+ params:
97+ repository: src-git
98+ tag_prefix: ((cookbook-name))-
99+ tag: src-git/cookbooks/((cookbook-name))/version
100+ only_tag: true
101+ annotate: src-git/cookbooks/((cookbook-name))/version
--- /dev/null
+++ b/cookbooks/ups_utils/fly-vars.local.yml
@@ -0,0 +1,2 @@
1+---
2+cookbook-name: ups_utils
--- a/cookbooks/ups_utils/fly-vars.yml
+++ b/cookbooks/ups_utils/fly-vars.yml
@@ -1,3 +1,2 @@
11 ---
2-cookbook-name: ups_utils
32 chefdk-version: 1.6.11
--- /dev/null
+++ b/cookbooks/ups_utils/metadata.rb
@@ -0,0 +1,15 @@
1+name 'ups_utils'
2+maintainer 'whitestar'
3+maintainer_email ''
4+license 'Apache 2.0'
5+description 'Installs/Configures Network UPS Tools'
6+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
7+version IO.read(File.join(File.dirname(__FILE__), 'version')).chomp
8+source_url 'http://scm.osdn.jp/gitroot/metasearch/grid-chef-repo.git'
9+issues_url 'https://osdn.jp/projects/metasearch/ticket'
10+
11+chef_version '>= 12'
12+supports 'debian', '>= 9.0'
13+supports 'ubuntu', '>= 16.04'
14+
15+depends 'ssl_cert', '>= 0.4.1'
--- /dev/null
+++ b/cookbooks/ups_utils/recipes/default.rb
@@ -0,0 +1,18 @@
1+#
2+# Cookbook Name:: ups_utils
3+# Recipe:: default
4+#
5+# Copyright 2018, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
--- /dev/null
+++ b/cookbooks/ups_utils/recipes/nut-cgi.rb
@@ -0,0 +1,33 @@
1+#
2+# Cookbook Name:: ups_utils
3+# Recipe:: nut-cgi
4+#
5+# Copyright 2018, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+package 'nut-cgi' do
21+ action :install
22+end
23+
24+[
25+ 'hosts.conf',
26+].each {|tpl|
27+ template "/etc/nut/#{tpl}" do
28+ source "etc/nut/#{tpl}"
29+ owner 'root'
30+ group 'root'
31+ mode '0644'
32+ end
33+}
--- /dev/null
+++ b/cookbooks/ups_utils/recipes/nut.rb
@@ -0,0 +1,71 @@
1+#
2+# Cookbook Name:: ups_utils
3+# Recipe:: nut
4+#
5+# Copyright 2018, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+mode = node['ups_utils']['nut']['nut.conf']['MODE']
21+is_server = (mode == 'standalone' || mode == 'netserver')
22+
23+package 'nut' do
24+ action :install
25+end
26+
27+service 'nut-server' do
28+ action [:enable] if is_server
29+ supports status: true, restart: true, reload: false
30+end
31+
32+service 'nut-client' do
33+ action [:nothing]
34+ supports status: true, restart: true, reload: false
35+end
36+
37+template '/lib/udev/rules.d/53-nut-usbups-local.rules' do
38+ source 'lib/udev/rules.d/53-nut-usbups-local.rules'
39+ owner 'root'
40+ group 'root'
41+ mode '0644'
42+ not_if { node['ups_utils']['nut']['udev_usbups_rules'].empty? }
43+end
44+
45+secrets = {}
46+node['ups_utils']['nut']['secrets'].each {|key, vault_item|
47+ secrets[key] = get_vault_item_value(vault_item)
48+}
49+
50+[
51+ 'nut.conf',
52+ 'ups.conf',
53+ 'upsd.conf',
54+ 'upsd.users',
55+ 'upsmon.conf',
56+].each {|tpl|
57+ template "/etc/nut/#{tpl}" do
58+ source "etc/nut/#{tpl}"
59+ owner 'root'
60+ group 'nut'
61+ mode '0640'
62+ if tpl == 'upsd.users' || tpl == 'upsmon.conf'
63+ sensitive true
64+ variables(
65+ secrets: secrets
66+ )
67+ end
68+ notifies :restart, 'service[nut-server]' if is_server
69+ notifies :restart, 'service[nut-client]'
70+ end
71+}
--- /dev/null
+++ b/cookbooks/ups_utils/spec/recipes/default_spec.rb
@@ -0,0 +1,9 @@
1+require_relative '../spec_helper'
2+
3+describe 'ups_utils::default' do
4+ let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) }
5+
6+ #it 'does something' do
7+ # expect(chef_run).to do_something('...')
8+ #end
9+end
--- /dev/null
+++ b/cookbooks/ups_utils/spec/spec_helper.rb
@@ -0,0 +1,25 @@
1+# Added by ChefSpec
2+require 'chefspec'
3+
4+# Uncomment to use ChefSpec's Berkshelf extension
5+# require 'chefspec/berkshelf'
6+
7+RSpec.configure do |config|
8+ # Specify the path for Chef Solo to find cookbooks
9+ # config.cookbook_path = '/var/cookbooks'
10+
11+ # Specify the path for Chef Solo to find roles
12+ # config.role_path = '/var/roles'
13+
14+ # Specify the Chef log_level (default: :warn)
15+ # config.log_level = :debug
16+
17+ # Specify the path to a local JSON file with Ohai data
18+ # config.path = 'ohai.json'
19+
20+ # Specify the operating platform to mock Ohai data from
21+ # config.platform = 'ubuntu'
22+
23+ # Specify the operating version to mock Ohai data from
24+ # config.version = '12.04'
25+end
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/etc/nut/hosts.conf
@@ -0,0 +1,38 @@
1+# Network UPS Tools: example hosts.conf
2+#
3+# This file is used to control the CGI programs. If you have not
4+# installed them, you may safely ignore or delete this file.
5+#
6+# -----------------------------------------------------------------------
7+#
8+# upsstats will use the list of MONITOR entries when displaying the
9+# default template (upsstats.html). The "FOREACHUPS" directive in the
10+# template will use this file to find systems running upsd.
11+#
12+# upsstats and upsimage also use this file to determine if a host may be
13+# monitored. This keeps evil people from using your system to annoy
14+# others with unintended queries.
15+#
16+# upsset presents a list of systems that may be viewed and controlled
17+# using this file.
18+#
19+# -----------------------------------------------------------------------
20+#
21+# Usage: list systems running upsd that you want to monitor
22+#
23+# MONITOR <system> "<host description>"
24+#
25+# Examples:
26+#
27+# MONITOR myups@localhost "Local UPS"
28+# MONITOR su2200@10.64.1.1 "Finance department"
29+# MONITOR matrix@shs-server.example.edu "Sierra High School data room #1"
30+
31+<%
32+node['ups_utils']['nut']['hosts.conf']['MONITORs'].each {|item|
33+-%>
34+MONITOR <%= item %>
35+<%
36+}
37+-%>
38+
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/etc/nut/nut.conf
@@ -0,0 +1,33 @@
1+# Network UPS Tools: example nut.conf
2+#
3+##############################################################################
4+# General section
5+##############################################################################
6+# The MODE determines which part of the NUT is to be started, and which
7+# configuration files must be modified.
8+#
9+# This file try to standardize the various files being found in the field, like
10+# /etc/default/nut on Debian based systems, /etc/sysconfig/ups on RedHat based
11+# systems, ... Distribution's init script should source this file to see which
12+# component(s) has to be started.
13+#
14+# The values of MODE can be:
15+# - none: NUT is not configured, or use the Integrated Power Management, or use
16+# some external system to startup NUT components. So nothing is to be started.
17+# - standalone: This mode address a local only configuration, with 1 UPS
18+# protecting the local system. This implies to start the 3 NUT layers (driver,
19+# upsd and upsmon) and the matching configuration files. This mode can also
20+# address UPS redundancy.
21+# - netserver: same as for the standalone configuration, but also need
22+# some more network access controls (firewall, tcp-wrappers) and possibly a
23+# specific LISTEN directive in upsd.conf.
24+# Since this MODE is opened to the network, a special care should be applied
25+# to security concerns.
26+# - netclient: this mode only requires upsmon.
27+#
28+# IMPORTANT NOTE:
29+# This file is intended to be sourced by shell scripts.
30+# You MUST NOT use spaces around the equal sign!
31+
32+MODE=<%= node['ups_utils']['nut']['nut.conf']['MODE'] %>
33+
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/etc/nut/ups.conf
@@ -0,0 +1,139 @@
1+# Network UPS Tools: example ups.conf
2+#
3+# --- SECURITY NOTE ---
4+#
5+# If you use snmp-ups and set a community string in here, you
6+# will have to secure this file to keep other users from obtaining
7+# that string. It needs to be readable by upsdrvctl and any drivers,
8+# and by upsd.
9+#
10+# ---
11+#
12+# This is where you configure all the UPSes that this system will be
13+# monitoring directly. These are usually attached to serial ports, but
14+# USB devices and SNMP devices are also supported.
15+#
16+# This file is used by upsdrvctl to start and stop your driver(s), and
17+# is also used by upsd to determine which drivers to monitor. The
18+# drivers themselves also read this file for configuration directives.
19+#
20+# The general form is:
21+#
22+# [upsname]
23+# driver = <drivername>
24+# port = <portname>
25+# < any other directives here >
26+#
27+# The section header ([upsname]) can be just about anything as long as
28+# it is a single word inside brackets. upsd uses this to uniquely
29+# identify a UPS on this system.
30+#
31+# If you have a UPS called snoopy, your section header would be "[snoopy]".
32+# On a system called "doghouse", the line in your upsmon.conf to monitor
33+# it would look something like this:
34+#
35+# MONITOR snoopy@doghouse 1 upsmonuser mypassword master
36+#
37+# It might look like this if monitoring in slave mode:
38+#
39+# MONITOR snoopy@doghouse 1 upsmonuser mypassword slave
40+#
41+# Configuration directives
42+# ------------------------
43+#
44+# These directives are used by upsdrvctl only and should be specified outside
45+# of a driver definition:
46+#
47+# maxretry: Optional. Specify the number of attempts to start the driver(s),
48+# in case of failure, before giving up. A delay of 'retrydelay' is
49+# inserted between each attempt. Caution should be taken when using
50+# this option, since it can impact the time taken by your system to
51+# start.
52+#
53+# The default is 1 attempt.
54+#
55+# retrydelay: Optional. Specify the delay between each restart attempt of the
56+# driver(s), as specified by 'maxretry'. Caution should be taken
57+# when using this option, since it can impact the time taken by your
58+# system to start.
59+#
60+# The default is 5 seconds.
61+#
62+# These directives are common to all drivers that support ups.conf:
63+#
64+# driver: REQUIRED. Specify the program to run to talk to this UPS.
65+# apcsmart, bestups, and sec are some examples.
66+#
67+# port: REQUIRED. The serial port where your UPS is connected.
68+# /dev/ttyS0 is usually the first port on Linux boxes, for example.
69+#
70+# sdorder: optional. When you have multiple UPSes on your system, you
71+# usually need to turn them off in a certain order. upsdrvctl
72+# shuts down all the 0s, then the 1s, 2s, and so on. To exclude
73+# a UPS from the shutdown sequence, set this to -1.
74+#
75+# The default value for this parameter is 0.
76+#
77+# nolock: optional, and not recommended for use in this file.
78+#
79+# If you put nolock in here, the driver will not lock the
80+# serial port every time it starts. This may allow other
81+# processes to seize the port if you start more than one by
82+# mistake.
83+#
84+# This is only intended to be used on systems where locking
85+# absolutely must be disabled for the software to work.
86+#
87+# maxstartdelay: optional. This can be set as a global variable
88+# above your first UPS definition and it can also be
89+# set in a UPS section. This value controls how long
90+# upsdrvctl will wait for the driver to finish starting.
91+# This keeps your system from getting stuck due to a
92+# broken driver or UPS.
93+#
94+# The default is 45 seconds.
95+#
96+#
97+# Anything else is passed through to the hardware-specific part of
98+# the driver.
99+#
100+# Examples
101+# --------
102+#
103+# A simple example for a UPS called "powerpal" that uses the blazer_ser
104+# driver on /dev/ttyS0 is:
105+#
106+# [powerpal]
107+# driver = blazer_ser
108+# port = /dev/ttyS0
109+# desc = "Web server"
110+#
111+# If your UPS driver requires additional settings, you can specify them
112+# here. For example, if it supports a setting of "1234" for the
113+# variable "cable", it would look like this:
114+#
115+# [myups]
116+# driver = mydriver
117+# port = /dev/ttyS1
118+# cable = 1234
119+# desc = "Something descriptive"
120+#
121+# To find out if your driver supports any extra settings, start it with
122+# the -h option and/or read the driver's documentation.
123+
124+# Set maxretry to 3 by default, this should mitigate race with slow devices:
125+maxretry = 3
126+
127+
128+<%
129+node['ups_utils']['nut']['ups.conf'].each {|ups, items|
130+-%>
131+[<%= ups %>]
132+<%
133+ items.each {|key, value|
134+-%>
135+<%= key %> = <%= value %>
136+<%
137+ }
138+}
139+-%>
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/etc/nut/upsd.conf
@@ -0,0 +1,116 @@
1+# Network UPS Tools: example upsd configuration file
2+#
3+# This file contains access control data, you should keep it secure.
4+#
5+# It should only be readable by the user that upsd becomes. See the FAQ.
6+#
7+# Each entry below provides usage and default value.
8+
9+# =======================================================================
10+# MAXAGE <seconds>
11+# MAXAGE 15
12+#
13+# This defaults to 15 seconds. After a UPS driver has stopped updating
14+# the data for this many seconds, upsd marks it stale and stops making
15+# that information available to clients. After all, the only thing worse
16+# than no data is bad data.
17+#
18+# You should only use this if your driver has difficulties keeping
19+# the data fresh within the normal 15 second interval. Watch the syslog
20+# for notifications from upsd about staleness.
21+
22+# =======================================================================
23+# STATEPATH <path>
24+# STATEPATH /var/run/nut
25+#
26+# Tell upsd to look for the driver state sockets in 'path' rather
27+# than the default that was compiled into the program.
28+
29+# =======================================================================
30+# LISTEN <address> [<port>]
31+# LISTEN 127.0.0.1 3493
32+# LISTEN ::1 3493
33+#
34+# This defaults to the localhost listening addresses and port 3493.
35+# In case of IP v4 or v6 disabled kernel, only the available one will be used.
36+#
37+# You may specify each interface you want upsd to listen on for connections,
38+# optionally with a port number.
39+#
40+# You may need this if you have multiple interfaces on your machine and
41+# you don't want upsd to listen to all interfaces (for instance on a
42+# firewall, you may not want to listen to the external interface).
43+#
44+# This will only be read at startup of upsd. If you make changes here,
45+# you'll need to restart upsd, reload will have no effect.
46+<%
47+node['ups_utils']['nut']['upsd.conf']['LISTENs'].each {|item|
48+-%>
49+LISTEN <%= item %>
50+<%
51+}
52+-%>
53+
54+# =======================================================================
55+# MAXCONN <connections>
56+# MAXCONN 1024
57+#
58+# This defaults to maximum number allowed on your system. Each UPS, each
59+# LISTEN address and each client count as one connection. If the server
60+# runs out of connections, it will no longer accept new incoming client
61+# connections. Only set this if you know exactly what you're doing.
62+
63+# =======================================================================
64+# CERTFILE <certificate file>
65+# CERTFILE /usr/local/ups/etc/upsd.pem
66+#
67+# When compiled with SSL support with OpenSSL backend,
68+# you can enter the certificate file here.
69+# The certificates must be in PEM format and must be sorted starting with
70+# the subject's certificate (server certificate), followed by intermediate
71+# CA certificates (if applicable_ and the highest level (root) CA. It should
72+# end with the server key. See 'docs/security.txt' or the Security chapter of
73+# NUT user manual for more information on the SSL support in NUT.
74+#
75+# See 'docs/security.txt' or the Security chapter of NUT user manual
76+# for more information on the SSL support in NUT.
77+
78+# =======================================================================
79+# CERTPATH <certificate file or directory>
80+# CERTPATH /usr/local/ups/etc/cert/upsd
81+#
82+# When compiled with SSL support with NSS backend,
83+# you can enter the certificate path here.
84+# Certificates are stored in a dedicated database (splitted in 3 files).
85+# Specify the path of the database directory.
86+#
87+# See 'docs/security.txt' or the Security chapter of NUT user manual
88+# for more information on the SSL support in NUT.
89+
90+# =======================================================================
91+# CERTIDENT <certificate name> <database password>
92+# CERTIDENT "my nut server" "MyPasSw0rD"
93+#
94+# When compiled with SSL support with NSS backend,
95+# you can specify the certificate name to retrieve from database to
96+# authenticate itself and the password
97+# required to access certificate related private key.
98+#
99+# See 'docs/security.txt' or the Security chapter of NUT user manual
100+# for more information on the SSL support in NUT.
101+
102+# =======================================================================
103+# CERTREQUEST <certificate request level>
104+# CERTREQUEST REQUIRE
105+#
106+# When compiled with SSL support with NSS backend and client certificate
107+# validation (disabled by default, see 'docs/security.txt'),
108+# you can specify if upsd requests or requires client's' certificates.
109+# Possible values are :
110+# - 0 to not request to clients to provide any certificate
111+# - 1 to require to all clients a certificate
112+# - 2 to require to all clients a valid certificate
113+#
114+# See 'docs/security.txt' or the Security chapter of NUT user manual
115+# for more information on the SSL support in NUT.
116+
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/etc/nut/upsd.users
@@ -0,0 +1,98 @@
1+# Network UPS Tools: Example upsd.users
2+#
3+# This file sets the permissions for upsd - the UPS network daemon.
4+# Users are defined here, are given passwords, and their privileges are
5+# controlled here too. Since this file will contain passwords, keep it
6+# secure, with only enough permissions for upsd to read it.
7+
8+# --------------------------------------------------------------------------
9+
10+# Each user gets a section. To start a section, put the username in
11+# brackets on a line by itself. To set something for that user, specify
12+# it under that section heading. The username is case-sensitive, so
13+# admin and AdMiN are two different users.
14+#
15+# Possible settings:
16+#
17+# password: The user's password. This is case-sensitive.
18+#
19+# --------------------------------------------------------------------------
20+#
21+# actions: Let the user do certain things with upsd.
22+#
23+# Valid actions are:
24+#
25+# SET - change the value of certain variables in the UPS
26+# FSD - set the "forced shutdown" flag in the UPS
27+#
28+# --------------------------------------------------------------------------
29+#
30+# instcmds: Let the user initiate specific instant commands. Use "ALL"
31+# to grant all commands automatically. There are many possible
32+# commands, so use 'upscmd -l' to see what your hardware supports. Here
33+# are a few examples:
34+#
35+# test.panel.start - Start a front panel test
36+# test.battery.start - Start battery test
37+# test.battery.stop - Stop battery test
38+# calibrate.start - Start calibration
39+# calibrate.stop - Stop calibration
40+#
41+# --------------------------------------------------------------------------
42+#
43+# Example:
44+#
45+# [admin]
46+# password = mypass
47+# actions = SET
48+# instcmds = ALL
49+#
50+
51+#
52+# --- Configuring for a user who can execute tests only
53+#
54+# [testuser]
55+# password = pass
56+# instcmds = test.battery.start
57+# instcmds = test.battery.stop
58+
59+#
60+# --- Configuring for upsmon
61+#
62+# To add a user for your upsmon, use this example:
63+#
64+# [upsmon]
65+# password = pass
66+# upsmon master
67+# or
68+# upsmon slave
69+#
70+# The matching MONITOR line in your upsmon.conf would look like this:
71+#
72+# MONITOR myups@localhost 1 upsmon pass master (or slave)
73+
74+
75+<%
76+node['ups_utils']['nut']['upsd.users'].each {|user, items|
77+-%>
78+[<%= user %>]
79+<%
80+ items.each {|key, value|
81+ # Note: value is a frozen String.
82+ val = +value # unfreeze
83+ @secrets.each {|sec_key, sec_val|
84+ val.gsub!("{{#{sec_key}}}", sec_val)
85+ }
86+
87+ if key == 'upsmon'
88+-%>
89+<%= key %> <%= val %>
90+<%
91+ else
92+-%>
93+<%= key %> = <%= val %>
94+<%
95+ end
96+ }
97+}
98+-%>
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/etc/nut/upsmon.conf
@@ -0,0 +1,389 @@
1+# Network UPS Tools: example upsmon configuration
2+#
3+# This file contains passwords, so keep it secure.
4+
5+# --------------------------------------------------------------------------
6+# RUN_AS_USER <userid>
7+#
8+# By default, upsmon splits into two processes. One stays as root and
9+# waits to run the SHUTDOWNCMD. The other one switches to another userid
10+# and does everything else.
11+#
12+# The default nonprivileged user is set at compile-time with
13+# 'configure --with-user=...'.
14+#
15+# You can override it with '-u <user>' when starting upsmon, or just
16+# define it here for convenience.
17+#
18+# Note: if you plan to use the reload feature, this file (upsmon.conf)
19+# must be readable by this user! Since it contains passwords, DO NOT
20+# make it world-readable. Also, do not make it writable by the upsmon
21+# user, since it creates an opportunity for an attack by changing the
22+# SHUTDOWNCMD to something malicious.
23+#
24+# For best results, you should create a new normal user like "nutmon",
25+# and make it a member of a "nut" group or similar. Then specify it
26+# here and grant read access to the upsmon.conf for that group.
27+#
28+# This user should not have write access to upsmon.conf.
29+#
30+# RUN_AS_USER nut
31+
32+# --------------------------------------------------------------------------
33+# MONITOR <system> <powervalue> <username> <password> ("master"|"slave")
34+#
35+# List systems you want to monitor. Not all of these may supply power
36+# to the system running upsmon, but if you want to watch it, it has to
37+# be in this section.
38+#
39+# You must have at least one of these declared.
40+#
41+# <system> is a UPS identifier in the form <upsname>@<hostname>[:<port>]
42+# like ups@localhost, su700@mybox, etc.
43+#
44+# Examples:
45+#
46+# - "su700@mybox" means a UPS called "su700" on a system called "mybox"
47+#
48+# - "fenton@bigbox:5678" is a UPS called "fenton" on a system called
49+# "bigbox" which runs upsd on port "5678".
50+#
51+# The UPS names like "su700" and "fenton" are set in your ups.conf
52+# in [brackets] which identify a section for a particular driver.
53+#
54+# If the ups.conf on host "doghouse" has a section called "snoopy", the
55+# identifier for it would be "snoopy@doghouse".
56+#
57+# <powervalue> is an integer - the number of power supplies that this UPS
58+# feeds on this system. Most computers only have one power supply, so this
59+# is normally set to 1. You need a pretty big or special box to have any
60+# other value here.
61+#
62+# You can also set this to 0 for a system that doesn't supply any power,
63+# but you still want to monitor. Use this when you want to hear about
64+# changes for a given UPS without shutting down when it goes critical,
65+# unless <powervalue> is 0.
66+#
67+# <username> and <password> must match an entry in that system's
68+# upsd.users. If your username is "monmaster" and your password is
69+# "blah", the upsd.users would look like this:
70+#
71+# [monmaster]
72+# password = blah
73+# upsmon master (or slave)
74+#
75+# "master" means this system will shutdown last, allowing the slaves
76+# time to shutdown first.
77+#
78+# "slave" means this system shuts down immediately when power goes critical.
79+#
80+# Examples:
81+#
82+# MONITOR myups@bigserver 1 monmaster blah master
83+# MONITOR su700@server.example.com 1 upsmon secretpass slave
84+# MONITOR myups@localhost 1 upsmon pass master (or slave)
85+<%
86+node['ups_utils']['nut']['upsmon.conf']['MONITORs'].each {|item|
87+ # Note: item is a frozen String.
88+ val = +item # unfreeze
89+ @secrets.each {|sec_key, sec_val|
90+ val.gsub!("{{#{sec_key}}}", sec_val)
91+ }
92+-%>
93+MONITOR <%= val %>
94+<%
95+}
96+-%>
97+
98+# --------------------------------------------------------------------------
99+# MINSUPPLIES <num>
100+#
101+# Give the number of power supplies that must be receiving power to keep
102+# this system running. Most systems have one power supply, so you would
103+# put "1" in this field.
104+#
105+# Large/expensive server type systems usually have more, and can run with
106+# a few missing. The HP NetServer LH4 can run with 2 out of 4, for example,
107+# so you'd set that to 2. The idea is to keep the box running as long
108+# as possible, right?
109+#
110+# Obviously you have to put the redundant supplies on different UPS circuits
111+# for this to make sense! See big-servers.txt in the docs subdirectory
112+# for more information and ideas on how to use this feature.
113+
114+MINSUPPLIES 1
115+
116+# --------------------------------------------------------------------------
117+# SHUTDOWNCMD "<command>"
118+#
119+# upsmon runs this command when the system needs to be brought down.
120+#
121+# This should work just about everywhere ... if it doesn't, well, change it.
122+
123+SHUTDOWNCMD "/sbin/shutdown -h +0"
124+
125+# --------------------------------------------------------------------------
126+# NOTIFYCMD <command>
127+#
128+# upsmon calls this to send messages when things happen
129+#
130+# This command is called with the full text of the message as one argument.
131+# The environment string NOTIFYTYPE will contain the type string of
132+# whatever caused this event to happen.
133+#
134+# Note that this is only called for NOTIFY events that have EXEC set with
135+# NOTIFYFLAG. See NOTIFYFLAG below for more details.
136+#
137+# Making this some sort of shell script might not be a bad idea. For more
138+# information and ideas, see docs/scheduling.txt
139+#
140+# Example:
141+# NOTIFYCMD /bin/notifyme
142+
143+# --------------------------------------------------------------------------
144+# POLLFREQ <n>
145+#
146+# Polling frequency for normal activities, measured in seconds.
147+#
148+# Adjust this to keep upsmon from flooding your network, but don't make
149+# it too high or it may miss certain short-lived power events.
150+
151+POLLFREQ 5
152+
153+# --------------------------------------------------------------------------
154+# POLLFREQALERT <n>
155+#
156+# Polling frequency in seconds while UPS on battery.
157+#
158+# You can make this number lower than POLLFREQ, which will make updates
159+# faster when any UPS is running on battery. This is a good way to tune
160+# network load if you have a lot of these things running.
161+#
162+# The default is 5 seconds for both this and POLLFREQ.
163+
164+POLLFREQALERT 5
165+
166+# --------------------------------------------------------------------------
167+# HOSTSYNC - How long upsmon will wait before giving up on another upsmon
168+#
169+# The master upsmon process uses this number when waiting for slaves to
170+# disconnect once it has set the forced shutdown (FSD) flag. If they
171+# don't disconnect after this many seconds, it goes on without them.
172+#
173+# Similarly, upsmon slave processes wait up to this interval for the
174+# master upsmon to set FSD when a UPS they are monitoring goes critical -
175+# that is, on battery and low battery. If the master doesn't do its job,
176+# the slaves will shut down anyway to avoid damage to the file systems.
177+#
178+# This "wait for FSD" is done to avoid races where the status changes
179+# to critical and back between polls by the master.
180+
181+HOSTSYNC 15
182+
183+# --------------------------------------------------------------------------
184+# DEADTIME - Interval to wait before declaring a stale ups "dead"
185+#
186+# upsmon requires a UPS to provide status information every few seconds
187+# (see POLLFREQ and POLLFREQALERT) to keep things updated. If the status
188+# fetch fails, the UPS is marked stale. If it stays stale for more than
189+# DEADTIME seconds, the UPS is marked dead.
190+#
191+# A dead UPS that was last known to be on battery is assumed to have gone
192+# to a low battery condition. This may force a shutdown if it is providing
193+# a critical amount of power to your system.
194+#
195+# Note: DEADTIME should be a multiple of POLLFREQ and POLLFREQALERT.
196+# Otherwise you'll have "dead" UPSes simply because upsmon isn't polling
197+# them quickly enough. Rule of thumb: take the larger of the two
198+# POLLFREQ values, and multiply by 3.
199+
200+DEADTIME 15
201+
202+# --------------------------------------------------------------------------
203+# POWERDOWNFLAG - Flag file for forcing UPS shutdown on the master system
204+#
205+# upsmon will create a file with this name in master mode when it's time
206+# to shut down the load. You should check for this file's existence in
207+# your shutdown scripts and run 'upsdrvctl shutdown' if it exists.
208+#
209+# See the shutdown.txt file in the docs subdirectory for more information.
210+
211+POWERDOWNFLAG /etc/killpower
212+
213+# --------------------------------------------------------------------------
214+# NOTIFYMSG - change messages sent by upsmon when certain events occur
215+#
216+# You can change the default messages to something else if you like.
217+#
218+# NOTIFYMSG <notify type> "message"
219+#
220+# NOTIFYMSG ONLINE "UPS %s on line power"
221+# NOTIFYMSG ONBATT "UPS %s on battery"
222+# NOTIFYMSG LOWBATT "UPS %s battery is low"
223+# NOTIFYMSG FSD "UPS %s: forced shutdown in progress"
224+# NOTIFYMSG COMMOK "Communications with UPS %s established"
225+# NOTIFYMSG COMMBAD "Communications with UPS %s lost"
226+# NOTIFYMSG SHUTDOWN "Auto logout and shutdown proceeding"
227+# NOTIFYMSG REPLBATT "UPS %s battery needs to be replaced"
228+# NOTIFYMSG NOCOMM "UPS %s is unavailable"
229+# NOTIFYMSG NOPARENT "upsmon parent process died - shutdown impossible"
230+#
231+# Note that %s is replaced with the identifier of the UPS in question.
232+#
233+# Possible values for <notify type>:
234+#
235+# ONLINE : UPS is back online
236+# ONBATT : UPS is on battery
237+# LOWBATT : UPS has a low battery (if also on battery, it's "critical")
238+# FSD : UPS is being shutdown by the master (FSD = "Forced Shutdown")
239+# COMMOK : Communications established with the UPS
240+# COMMBAD : Communications lost to the UPS
241+# SHUTDOWN : The system is being shutdown
242+# REPLBATT : The UPS battery is bad and needs to be replaced
243+# NOCOMM : A UPS is unavailable (can't be contacted for monitoring)
244+# NOPARENT : The process that shuts down the system has died (shutdown impossible)
245+
246+# --------------------------------------------------------------------------
247+# NOTIFYFLAG - change behavior of upsmon when NOTIFY events occur
248+#
249+# By default, upsmon sends walls (global messages to all logged in users)
250+# and writes to the syslog when things happen. You can change this.
251+#
252+# NOTIFYFLAG <notify type> <flag>[+<flag>][+<flag>] ...
253+#
254+# NOTIFYFLAG ONLINE SYSLOG+WALL
255+# NOTIFYFLAG ONBATT SYSLOG+WALL
256+# NOTIFYFLAG LOWBATT SYSLOG+WALL
257+# NOTIFYFLAG FSD SYSLOG+WALL
258+# NOTIFYFLAG COMMOK SYSLOG+WALL
259+# NOTIFYFLAG COMMBAD SYSLOG+WALL
260+# NOTIFYFLAG SHUTDOWN SYSLOG+WALL
261+# NOTIFYFLAG REPLBATT SYSLOG+WALL
262+# NOTIFYFLAG NOCOMM SYSLOG+WALL
263+# NOTIFYFLAG NOPARENT SYSLOG+WALL
264+#
265+# Possible values for the flags:
266+#
267+# SYSLOG - Write the message in the syslog
268+# WALL - Write the message to all users on the system
269+# EXEC - Execute NOTIFYCMD (see above) with the message
270+# IGNORE - Don't do anything
271+#
272+# If you use IGNORE, don't use any other flags on the same line.
273+
274+# --------------------------------------------------------------------------
275+# RBWARNTIME - replace battery warning time in seconds
276+#
277+# upsmon will normally warn you about a battery that needs to be replaced
278+# every 43200 seconds, which is 12 hours. It does this by triggering a
279+# NOTIFY_REPLBATT which is then handled by the usual notify structure
280+# you've defined above.
281+#
282+# If this number is not to your liking, override it here.
283+
284+RBWARNTIME 43200
285+
286+# --------------------------------------------------------------------------
287+# NOCOMMWARNTIME - no communications warning time in seconds
288+#
289+# upsmon will let you know through the usual notify system if it can't
290+# talk to any of the UPS entries that are defined in this file. It will
291+# trigger a NOTIFY_NOCOMM by default every 300 seconds unless you
292+# change the interval with this directive.
293+
294+NOCOMMWARNTIME 300
295+
296+# --------------------------------------------------------------------------
297+# FINALDELAY - last sleep interval before shutting down the system
298+#
299+# On a master, upsmon will wait this long after sending the NOTIFY_SHUTDOWN
300+# before executing your SHUTDOWNCMD. If you need to do something in between
301+# those events, increase this number. Remember, at this point your UPS is
302+# almost depleted, so don't make this too high.
303+#
304+# Alternatively, you can set this very low so you don't wait around when
305+# it's time to shut down. Some UPSes don't give much warning for low
306+# battery and will require a value of 0 here for a safe shutdown.
307+#
308+# Note: If FINALDELAY on the slave is greater than HOSTSYNC on the master,
309+# the master will give up waiting for the slave to disconnect.
310+
311+FINALDELAY 5
312+
313+# --------------------------------------------------------------------------
314+# CERTPATH - path to certificates (database directory or directory with CA's)
315+#
316+# When compiled with SSL support, you can enter the certificate path here.
317+#
318+# With NSS:
319+# Certificates are stored in a dedicated database (splitted in 3 files).
320+# Specify the path of the database directory.
321+#
322+# CERTPATH /etc/nut/cert/upsmon
323+#
324+# With OpenSSL:
325+# Directory containing CA certificates in PEM format, used to verify
326+# the server certificate presented by the upsd server. The files each
327+# contain one CA certificate. The files are looked up by the CA subject
328+# name hash value, which must hence be available.
329+#
330+# CERTPATH /usr/ssl/certs
331+#
332+# See 'docs/security.txt' or the Security chapter of NUT user manual
333+# for more information on the SSL support in NUT.
334+
335+# --------------------------------------------------------------------------
336+# CERTIDENT - self certificate name and database password
337+# CERTIDENT <certificate name> <database password>
338+#
339+# When compiled with SSL support with NSS, you can specify the certificate
340+# name to retrieve from database to authenticate itself and the password
341+# required to access certificate related private key.
342+#
343+# CERTIDENT "my nut monitor" "MyPasSw0rD"
344+#
345+# See 'docs/security.txt' or the Security chapter of NUT user manual
346+# for more information on the SSL support in NUT.
347+
348+# --------------------------------------------------------------------------
349+# CERTHOST - security properties for an host
350+# CERTHOST <hostname> <certificate name> <certverify> <forcessl>
351+#
352+# When compiled with SSL support with NSS, you can specify security directive
353+# for each server you can contact.
354+# Each entry maps server name with the expected certificate name and flags
355+# indicating if the server certificate is verified and if the connection
356+# must be secure.
357+#
358+# CERTHOST localhost "My nut server" 1 1
359+#
360+# See 'docs/security.txt' or the Security chapter of NUT user manual
361+# for more information on the SSL support in NUT.
362+
363+# --------------------------------------------------------------------------
364+# CERTVERIFY - make upsmon verify all connections with certificates
365+# CERTVERIFY 1
366+#
367+# When compiled with SSL support, make upsmon verify all connections with
368+# certificates.
369+# Without this, there is no guarantee that the upsd is the right host.
370+# Enabling this greatly reduces the risk of man in the middle attacks.
371+# This effectively forces the use of SSL, so don't use this unless
372+# all of your upsd hosts are ready for SSL and have their certificates
373+# in order.
374+# When compiled with NSS support of SSL, can be overriden for host
375+# specified with a CERTHOST directive.
376+
377+
378+# --------------------------------------------------------------------------
379+# FORCESSL - force upsmon to use SSL
380+# FORCESSL 1
381+#
382+# When compiled with SSL, specify that a secured connection must be used
383+# to communicate with upsd.
384+# If you don't use 'CERTVERIFY 1', then this will at least make sure
385+# that nobody can sniff your sessions without a large effort. Setting
386+# this will make upsmon drop connections if the remote upsd doesn't
387+# support SSL, so don't use it unless all of them have it running.
388+# When compiled with NSS support of SSL, can be overriden for host
389+# specified with a CERTHOST directive.
--- /dev/null
+++ b/cookbooks/ups_utils/templates/default/lib/udev/rules.d/53-nut-usbups-local.rules
@@ -0,0 +1,18 @@
1+# This file cantains local settings for the Network UPS Tools.
2+
3+ACTION!="add|change", GOTO="nut-usbups_rules_end"
4+SUBSYSTEM=="usb_device", GOTO="nut-usbups_rules_real"
5+SUBSYSTEM=="usb", GOTO="nut-usbups_rules_real"
6+SUBSYSTEM!="usb", GOTO="nut-usbups_rules_end"
7+
8+LABEL="nut-usbups_rules_real"
9+
10+<%
11+node['ups_utils']['nut']['udev_usbups_rules'].each {|rule|
12+-%>
13+<%= rule %>
14+<%
15+}
16+-%>
17+
18+LABEL="nut-usbups_rules_end"
--- /dev/null
+++ b/cookbooks/ups_utils/version
@@ -0,0 +1 @@
1+0.1.0
旧リポジトリブラウザで表示