{"id":144,"date":"2016-01-20T14:52:51","date_gmt":"2016-01-20T13:52:51","guid":{"rendered":"http:\/\/it-merge.com\/?p=144"},"modified":"2016-02-19T10:58:45","modified_gmt":"2016-02-19T09:58:45","slug":"ups-secure-my-data","status":"publish","type":"post","link":"https:\/\/it-merge.com\/?p=144","title":{"rendered":"UPS &#8230; secure my data?"},"content":{"rendered":"<h1>Why should I &#8230;<\/h1>\n<figure style=\"width: 380px\" class=\"wp-caption alignright imagepro-radius\"><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"\/wp-content\/uploads\/2016\/01\/_d_improd_\/image_f_improf_380x285.jpeg\" alt=\"\" width=\"380\" height=\"285\" data-imagepro-frames=\"imagepro-radius\" data-mce-height=\"60\" data-mce-width=\"80\" \/><figcaption class=\"wp-caption-text\"><small><\/small><\/figcaption><\/figure>\n<p>think about to protect my @home <a href=\"http:\/\/it-merge.com\/new-nas-server\">NAS<\/a> with a UPS?<\/p>\n<p>Initially I wasn&#8217;t keen on add a UPS to my home network. Clear it cost money and consume energy for what?<\/p>\n<p>So why I go for that and start the next small project:<\/p>\n<ul>\n<li>My impression is that the Government decision to move away from conventional energy\u00a0increase the risk of energy failure<\/li>\n<li>I want to be sure that my private data is better protected from energy failure<\/li>\n<\/ul>\n<p>so let&#8217;s start what I&#8217;m going to do.<\/p>\n<ul>\n<li>add an UPS<\/li>\n<li>think about the network (probably\u00a0VLAN project)<\/li>\n<li>add new power plug<\/li>\n<\/ul>\n<h2>&#8230; let&#8217;s start<\/h2>\n<p>Well I think about to let serve two NAS from the UPS. My plan is to autoshutdown the first by the UPS \u00a0and second will be shutdown from the first via ssh issued shutdown command.<\/p>\n<pre><span style=\"color: #ff9900;\">local server<\/span>: ssh -t &lt;<span style=\"color: #00ccff;\">remote user<\/span>&gt;@&lt;<span style=\"color: #00ff00;\">remote server ip<\/span>&gt; 'sudo shutdown -h now'<\/pre>\n<p>Configure autologin via ssh on local server, where ssh key is already present:<\/p>\n<pre><span style=\"color: #ff9900;\">local server<\/span>: scp ~\/.ssh\/id_rsa.pub &lt;<span style=\"color: #00ccff;\">remote user<\/span>&gt;@&lt;<span style=\"color: #00ff00;\">remote server ip<\/span>&gt;:<\/pre>\n<p>Login to <span style=\"color: #00ff00;\">remote server<\/span><\/p>\n<pre style=\"text-align: justify;\"><span style=\"color: #00ff00;\">remote server<\/span>: cat .\/id_rsa.pub &gt;&gt; ~\/.ssh\/authorized_keys\r\n<span style=\"color: #00ff00;\">remote server<\/span>: rm .\/id_rsa.pub\r\n<span style=\"color: #00ff00;\">remote server<\/span>: chmod 600 ~\/.ssh\/authorized_keys<\/pre>\n<pre style=\"text-align: justify;\"><span style=\"color: #00ff00;\">remote server<\/span>: exit<\/pre>\n<p>Now check if ssh login is working. You&#8217;ll login without been prompted to enter the password.<\/p>\n<pre><span style=\"color: #ff9900;\">local server<\/span>: ssh &lt;<span style=\"color: #00ccff;\">remote user<\/span>&gt;@&lt;<span style=\"color: #00ff00;\">remote server ip<\/span>&gt;\r\n<span style=\"color: #00ff00;\">remote server<\/span>: _<\/pre>\n<p>Done.<\/p>\n<p>&nbsp;<\/p>\n<h2>&#8230;select the UPS<\/h2>\n<p>To select a UPS isn&#8217;t such easy as I thought. First I think about the requirements.<\/p>\n<ul>\n<li>shutdown a server<\/li>\n<li>colour should be black<\/li>\n<li>high max 20 cm<\/li>\n<li>capacity not\u00a0smaller then 500va<\/li>\n<\/ul>\n<p>As the conclusion I go for <a href=\"http:\/\/www.amazon.de\/gp\/aw\/d\/B00T7BYV6W\/ref=mp_s_a_1_2?qid=1453059291&amp;sr=8-2&amp;pi=SY200_QL40&amp;keywords=ups+700va&amp;dpPl=1&amp;dpID=41HjmoUkT8L&amp;ref=plSrch\" target=\"_blank\">Apc bakup ups 700va<\/a>. Yes oversized, but I don&#8217;t know what I&#8217;ll add in the future.<\/p>\n<h3>Configure the UPS on OMV<\/h3>\n<ol>\n<li>Installing the openmediavault-nut plugin.<\/li>\n<li>Configure the UPS plugin by entering the driver setup (no spaces, otherwise the service isn&#8217;t running)<a href=\"\/wp-content\/uploads\/2016\/01\/configure-service.png\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"\/wp-content\/uploads\/2016\/01\/_d_improd_\/configure-service_f_improf_313x192.png\" alt=\"\" width=\"313\" height=\"192\" data-mce-height=\"49\" data-mce-width=\"80\" \/><\/a>\n<pre>driver=usbhid-ups\r\nport=auto<\/pre>\n<\/li>\n<li>Check that the service is running<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"\/wp-content\/uploads\/2016\/01\/_d_improd_\/Check-service-is-running_f_improf_306x222.png\" alt=\"\" width=\"306\" height=\"222\" data-mce-height=\"58\" data-mce-width=\"80\" \/><\/li>\n<\/ol>\n<h2>&#8230; shutdown the second NAS<\/h2>\n<p>The solution is simple and with a short skript fast to implement.<\/p>\n<h3>Setup a small support script to shutdown both NAS<\/h3>\n<p>I call the script ups_poweroff_nas.sh<\/p>\n<pre><span style=\"color: #ff9900;\">local server<\/span>: cat ups_poweroff_nas.sh\r\n#\/bin\/sh\r\nlogger \"UPS Shutdown:Send shutdown to diskstation\"<\/pre>\n<pre>ssh -t root@&lt;other NAS ip&gt; nohup \/sbin\/poweroff \/sbin\/shutdown -h +0<\/pre>\n<h3>Update the upsmon.conf<\/h3>\n<p>On the local server I update the upsmon.conf file to call the new script and change the shutdown variable from<\/p>\n<pre><span style=\"color: #ff9900;\">local server<\/span>: cat \/etc\/nut\/upsmon.conf.save | grep SHUTDOWNCMD \r\nSHUTDOWNCMD \"\/sbin\/shutdown -h +0\"<\/pre>\n<p>to<\/p>\n<pre><span style=\"color: #ff9900;\">local server:<\/span> cat \/etc\/nut\/upsmon.conf | grep SHUTDOWNCMD\r\nSHUTDOWNCMD \"<span style=\"color: #ff0000;\">\/root\/ups_poweroff_nas.sh<\/span>\"<\/pre>\n<p>Finally reload the UPS config.<\/p>\n<h2>Stop spaming your OMC mail with NUT messages<\/h2>\n<p>If you OMC mail is spammed by messages from nut that a mail can&#8217;t be delivered it might be releated to the fact that the weekly driver update can&#8217;t be done. As the issue is not new you can follow the <a href=\"http:\/\/forums.openmediavault.org\/index.php\/Thread\/7910-Anacron-weekly-Message\/\">thread<\/a> discussion the solution or execute the following command to get the issue fixed.<\/p>\n<p>Check as root if your update script is working properly:<\/p>\n<pre><span style=\"color: #ff9900;\">local server: <\/span>update-smart-drivedb\r\n\/usr\/share\/smartmontools\/drivedb.h.error: <span style=\"color: #ff0000;\">rejected by \/usr\/sbin\/smartctl, probably no longer compatible<\/span><\/pre>\n<p><span style=\"color: #ff9900;\"><span style=\"color: #000000;\">Call the sed command to change the source:<\/span><br \/>\n<\/span><\/p>\n<pre><span style=\"color: #ff9900;\">local server: <span style=\"color: #000000;\">sed -i \"\/^SRCEXPR\/{s#=.*#='http:\/\/sourceforge.net\/p\/smartmontools\/code\/HEAD\/tree\/\\$location\/smartmontools\/drivedb.h?format=raw'#}\" $(which update-smart-drivedb)<\/span>\r\nlocal server: <\/span>update-smart-drivedb\r\n\/usr\/share\/smartmontools\/drivedb.h updated from branches\/RELEASE_5_41_DRIVEDB<\/pre>\n<p>Change generic file of postfix<\/p>\n<pre><span style=\"color: #ff9900;\">local server: <span style=\"color: #000000;\">grep nut \/etc\/postfix\/generic\r\n<span style=\"color: #ff0000;\">nut@OpenMediaVault.localdomain<\/span> &lt;your target email&gt;<\/span><\/span><\/pre>\n<p>Create the new generic.db and reload the configuration<\/p>\n<pre><span style=\"color: #ff9900;\">local server: <span style=\"color: #000000;\">postmap \/etc\/postfix\/generic\r\n<\/span>local server: <span style=\"color: #000000;\">service postfix reload<\/span><\/span><\/pre>\n<p>That&#8217;s it.<\/p>\n<h2>&#8230; power planning<\/h2>\n<p>I need a new power plug, because the UPS might consume a lot during recharging the battery. To be on the save side I put a 3.5kW power plug from <a href=\"http:\/\/www.amazon.de\/Brennenstuhl-Premium-Alu-Line-Steckdosenleiste-Schalter-1391000016\/dp\/B000R56BCE\/ref=sr_1_fkmr1_1?ie=UTF8&amp;qid=1453027761&amp;sr=8-1-fkmr1&amp;keywords=brennenstuhl+6+fach+16000\" target=\"_blank\">Brennstuhl<\/a>.<\/p>\n<h2>&#8230; connect the net<\/h2>\n<p>Add a <a href=\"http:\/\/www.amazon.de\/Trendnet-Gigabit-GREENnet-TEG-S5g-schwarz\/dp\/B002HH0W5W\/ref=sr_1_1?s=computers&amp;ie=UTF8&amp;qid=1453027953&amp;sr=1-1&amp;keywords=switch+trendnet+5-port\" target=\"_blank\">5 port trendnet switch<\/a> to connect the 2 NAS and link it to the rest of the network.<\/p>\n<h2>Gap in the solution<\/h2>\n<p>Well the solution of shutdown the second NAS is just working when the NAS connected to the UPS is running. To fix this, I would need<\/p>\n<ol>\n<li>to connect the UPS to both, unfortunatelly not possible<\/li>\n<li>somehow wakeup the connected NAS<\/li>\n<li>let it keep the connected NAS to the UPS longer then the not connected NAS<\/li>\n<\/ol>\n<p>Option is expensive as requires specific hardware, and option 2 I&#8217;ve no clue how to fix. So I choose the option 3. It&#8217;s the best solution in terms of cost and complexity.<\/p>\n<p>&nbsp;<\/p>\n<p>Project closed at 31.01.2016.<\/p>\n<h2>History<\/h2>\n<p>2016-01-31: Finish project<\/p>\n<p>2016-02-04: Fix the mail spam by NUT driver update<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Why should I &#8230; think about to protect my @home NAS with a UPS? Initially I wasn&#8217;t keen on add[&#8230;]<\/p>\n","protected":false},"author":2,"featured_media":248,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,25],"tags":[23,32,22,34,31,33,28],"class_list":["post-144","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical","category-ups","tag-energy","tag-logger","tag-network","tag-omv","tag-poweroff","tag-ssh","tag-toc"],"_links":{"self":[{"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/posts\/144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/it-merge.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=144"}],"version-history":[{"count":25,"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/posts\/144\/revisions"}],"predecessor-version":[{"id":217,"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/posts\/144\/revisions\/217"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/it-merge.com\/index.php?rest_route=\/wp\/v2\/media\/248"}],"wp:attachment":[{"href":"https:\/\/it-merge.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it-merge.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it-merge.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}