159 lines
6.0 KiB
Plaintext
159 lines
6.0 KiB
Plaintext
UPSD.CONF(5)
|
|
============
|
|
|
|
NAME
|
|
----
|
|
|
|
upsd.conf - Configuration for Network UPS Tools upsd
|
|
|
|
DESCRIPTION
|
|
-----------
|
|
|
|
upsd uses this file to control access to the server and set some other
|
|
miscellaneous configuration values. This file contains details on
|
|
access controls, so keep it secure. Ideally, only the upsd process
|
|
should be able to read it.
|
|
|
|
CONFIGURATION DIRECTIVES
|
|
------------------------
|
|
|
|
"MAXAGE 'seconds'"::
|
|
|
|
upsd usually allows a driver to stop responding for up to 15 seconds
|
|
before declaring the data "stale". If your driver takes a very long
|
|
time to process updates but is otherwise operational, you can use MAXAGE
|
|
to make upsd wait longer.
|
|
+
|
|
Most users should leave this at the default value.
|
|
|
|
"TRACKINGDELAY 'seconds'"::
|
|
|
|
When instant commands and variables setting status tracking is enabled, status
|
|
execution information are kept during this amount of time, and then cleaned up.
|
|
This defaults to 3600 (1 hour).
|
|
|
|
"ALLOW_NO_DEVICE 'Boolean'"::
|
|
|
|
Normally upsd requires that at least one device section is defined in ups.conf
|
|
when the daemon starts, to serve its data. For automatically managed services
|
|
it may be preferred to have upsd always running, and reload the configuration
|
|
when power devices become defined.
|
|
+
|
|
Boolean values 'true', 'yes', 'on' and '1' mean that the server would not
|
|
refuse to start with zero device sections found in ups.conf.
|
|
+
|
|
Boolean values 'false', 'no', 'off' and '0' mean that the server should refuse
|
|
to start if zero device sections were found in ups.conf. This is the default,
|
|
unless the calling environment sets a same-named variable to enforce a value
|
|
for the current run. One way this can happen is somebody un-commenting it in
|
|
the 'nut.conf' file used by init-scripts and service unit method scripts.
|
|
|
|
"STATEPATH 'path'"::
|
|
|
|
Tell upsd to look for the driver state sockets in 'path' rather
|
|
than the default that was compiled into the program.
|
|
|
|
"LISTEN 'interface' 'port'"::
|
|
|
|
Bind a listening port to the interface specified by its Internet address or
|
|
name. This may be useful on hosts with multiple interfaces.
|
|
You should not rely exclusively on this for security, as it can be subverted
|
|
on many systems.
|
|
+
|
|
Optionally listen on TCP port 'port' instead of the default value which was
|
|
compiled into the code. This overrides any value you may have set with
|
|
'configure --with-port'. If you don't change it with configure or this value,
|
|
upsd will listen on port 3493 for this interface.
|
|
+
|
|
Multiple LISTEN addresses may be specified. The default is to bind to
|
|
127.0.0.1 if no LISTEN addresses are specified (and ::1 if IPv6 support is
|
|
compiled in).
|
|
+
|
|
To listen on all available interfaces, you may also use '0.0.0.0' for IPv4 and
|
|
and '::' for IPv6.
|
|
|
|
LISTEN 127.0.0.1
|
|
LISTEN 192.168.50.1
|
|
LISTEN myhostname.mydomain
|
|
LISTEN ::1
|
|
LISTEN 2001:0db8:1234:08d3:1319:8a2e:0370:7344
|
|
+
|
|
This parameter will only be read at startup. You'll need to restart
|
|
(rather than reload) upsd to apply any changes made here.
|
|
|
|
"MAXCONN 'connections'"::
|
|
|
|
This defaults to maximum number allowed on your system. Each UPS, each
|
|
LISTEN address and each client count as one connection. If the server
|
|
runs out of connections, it will no longer accept new incoming client
|
|
connections. Only set this if you know exactly what you're doing.
|
|
|
|
"CERTFILE 'certificate file'"::
|
|
|
|
When compiled with SSL support with OpenSSL backend, you can enter the
|
|
certificate file here.
|
|
The certificates must be in PEM format and must be sorted starting with
|
|
the subject's certificate (server certificate), followed by intermediate
|
|
CA certificates (if applicable_ and the highest level (root) CA. It should
|
|
end with the server key. See 'docs/security.txt' or the Security chapter of
|
|
NUT user manual for more information on the SSL support in NUT.
|
|
|
|
"CERTPATH 'certificate database'"::
|
|
|
|
When compiled with SSL support with NSS backend, you can enter the
|
|
certificate path here.
|
|
Certificates are stored in a dedicated database (data split in 3 files).
|
|
Specify the path of the database directory.
|
|
|
|
"CERTIDENT 'certificate name' 'database password'"::
|
|
|
|
When compiled with SSL support with NSS backend, you can specify the
|
|
certificate name to retrieve from database to authenticate itself and
|
|
the password required to access certificate related private key.
|
|
|
|
"CERTREQUEST 'certificate request level'"::
|
|
|
|
When compiled with SSL support with NSS backend and client certificate
|
|
validation (disabled by default, see 'docs/security.txt'),
|
|
you can specify if upsd requests or requires client's' certificates.
|
|
Possible values are :
|
|
- '0' to not request to clients to provide any certificate
|
|
- '1' to require to all clients a certificate
|
|
- '2' to require to all clients a valid certificate
|
|
|
|
"DISABLE_WEAK_SSL 'BOOLEAN'"::
|
|
|
|
Tell upsd to disable older/weak SSL/TLS protocols and ciphers.
|
|
With relatively recent versions of OpenSSL or NSS it will be restricted
|
|
to TLSv1.2 or better.
|
|
Unless you have really ancient clients, you probably want to enable this.
|
|
Currently disabled by default to ensure compatibility with existing setups.
|
|
|
|
"DEBUG_MIN 'INTEGER'"::
|
|
|
|
Optionally specify a minimum debug level for `upsd` data daemon, e.g. for
|
|
troubleshooting a deployment, without impacting foreground or background
|
|
running mode directly. Command-line option `-D` can only increase this
|
|
verbosity level.
|
|
+
|
|
NOTE: if the running daemon receives a `reload` command, presence of the
|
|
`DEBUG_MIN NUMBER` value in the configuration file can be used to tune
|
|
debugging verbosity in the running service daemon (it is recommended to
|
|
comment it away or set the minimum to explicit zero when done, to avoid
|
|
huge journals and I/O system abuse). Keep in mind that for this run-time
|
|
tuning, the `DEBUG_MIN` value *present* in *reloaded* configuration files
|
|
is applied instantly and overrides any previously set value, from file
|
|
or CLI options, regardless of older logging level being higher or lower
|
|
than the newly found number; a missing (or commented away) value however
|
|
does not change the previously active logging verbosity.
|
|
|
|
SEE ALSO
|
|
--------
|
|
|
|
linkman:upsd[8], linkman:nutupsdrv[8], linkman:upsd.users[5]
|
|
|
|
Internet resources:
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
The NUT (Network UPS Tools) home page: http://www.networkupstools.org/
|