From c6755e8d97d399d4e83b07faead5dec27bc51636 Mon Sep 17 00:00:00 2001 From: michael Date: Thu, 11 Jan 2024 18:15:16 +1300 Subject: [PATCH] nut and acme working --- ansible/inventory/group_vars/all/nut.yaml | 1 + .../acme_certificate.yaml | 2 +- .../hv00.balsillie.house/nut_client.yaml | 25 +++- .../hv00.balsillie.house/nut_server.yaml | 2 +- .../acme_certificate.yaml | 2 +- .../ansible_connection.yaml | 13 +- .../kube00.balsillie.house/nut_client.yaml | 19 ++- ansible/playbooks/infra/nut.yaml | 7 +- .../roles/acme_certificate/tasks/main.yaml | 126 +++++++++++++++--- .../templates/combined.pem.j2 | 2 + ...errride.conf => nut-monitor_override.conf} | 0 ansible/roles/nut_client/handlers/main.yaml | 5 + ansible/roles/nut_client/tasks/main.yaml | 20 ++- .../roles/nut_client/templates/upsmon.conf.j2 | 12 +- ansible/roles/nut_server/handlers/main.yaml | 11 ++ ansible/roles/nut_server/tasks/main.yaml | 63 ++++++--- .../roles/nut_server/templates/ups.conf.j2 | 13 +- .../roles/nut_server/templates/upsd.conf.j2 | 18 +++ .../roles/nut_server/templates/upsd.users.j2 | 16 ++- 19 files changed, 287 insertions(+), 70 deletions(-) create mode 100644 ansible/roles/acme_certificate/templates/combined.pem.j2 rename ansible/roles/nut_client/files/{nut-monitor_overrride.conf => nut-monitor_override.conf} (100%) create mode 100644 ansible/roles/nut_client/handlers/main.yaml create mode 100644 ansible/roles/nut_server/handlers/main.yaml diff --git a/ansible/inventory/group_vars/all/nut.yaml b/ansible/inventory/group_vars/all/nut.yaml index ce374c1..120fdfc 100644 --- a/ansible/inventory/group_vars/all/nut.yaml +++ b/ansible/inventory/group_vars/all/nut.yaml @@ -1,2 +1,3 @@ +nut_client_admin_username: nut-admin nut_client_primary_username: nut-primary nut_client_secondary_username: nut-secondary diff --git a/ansible/inventory/host_vars/hv00.balsillie.house/acme_certificate.yaml b/ansible/inventory/host_vars/hv00.balsillie.house/acme_certificate.yaml index c46a48c..b3b6b9a 100644 --- a/ansible/inventory/host_vars/hv00.balsillie.house/acme_certificate.yaml +++ b/ansible/inventory/host_vars/hv00.balsillie.house/acme_certificate.yaml @@ -1 +1 @@ -acme_certifcate_account_email: acme.hv00@balsillie.email \ No newline at end of file +acme_certificate_account_email: acme.hv00@balsillie.email \ No newline at end of file diff --git a/ansible/inventory/host_vars/hv00.balsillie.house/nut_client.yaml b/ansible/inventory/host_vars/hv00.balsillie.house/nut_client.yaml index 1b4532a..d0f7d89 100644 --- a/ansible/inventory/host_vars/hv00.balsillie.house/nut_client.yaml +++ b/ansible/inventory/host_vars/hv00.balsillie.house/nut_client.yaml @@ -3,6 +3,7 @@ nut_client_shutdown_cmd: /usr/bin/poweroff nut_client_shutdown_exit: "true" nut_client_hostsync: 120 nut_client_notify_cmd: /scripts/notify.sh +nut_client_min_supplies: 1 nut_client_ups_devices: - name: ups0 host: hv00.balsillie.house @@ -10,5 +11,27 @@ nut_client_ups_devices: port: 3493 powervalue: 1 nut_client_notify_flags: + - name: ONLINE + flags: SYSLOG+WALL+EXEC + - name: ONBATT + flags: SYSLOG+WALL+EXEC + - name: LOWBATT + flags: SYSLOG+WALL+EXEC + - name: FSD + flags: SYSLOG+WALL+EXEC + - name: COMMOK + flags: SYSLOG+WALL+EXEC + - name: COMMBAD + flags: SYSLOG+WALL+EXEC - name: SHUTDOWN - flags: EXEC + flags: SYSLOG+WALL+EXEC + - name: REPLBATT + flags: SYSLOG+WALL+EXEC + - name: NOCOMM + flags: SYSLOG+WALL+EXEC + - name: NOPARENT + flags: SYSLOG+WALL+EXEC + - name: BYPASS + flags: SYSLOG+WALL+EXEC + - name: NOTBYPASS + flags: SYSLOG+WALL+EXEC diff --git a/ansible/inventory/host_vars/hv00.balsillie.house/nut_server.yaml b/ansible/inventory/host_vars/hv00.balsillie.house/nut_server.yaml index 1e3eb0f..f042a0e 100644 --- a/ansible/inventory/host_vars/hv00.balsillie.house/nut_server.yaml +++ b/ansible/inventory/host_vars/hv00.balsillie.house/nut_server.yaml @@ -1,6 +1,6 @@ nut_server_listen_address: 10.192.110.100 nut_server_listen_port: 3493 - +nut_server_certificate_file: /etc/ssl/private/hv00.balsillie.house.plain.combined.pem nut_server_ups_devices: - name: ups0 driver: usbhid-ups diff --git a/ansible/inventory/host_vars/kube00.balsillie.house/acme_certificate.yaml b/ansible/inventory/host_vars/kube00.balsillie.house/acme_certificate.yaml index 53db571..8234293 100644 --- a/ansible/inventory/host_vars/kube00.balsillie.house/acme_certificate.yaml +++ b/ansible/inventory/host_vars/kube00.balsillie.house/acme_certificate.yaml @@ -1 +1 @@ -acme_certifcate_account_email: acme.kube00@balsillie.email \ No newline at end of file +acme_certificate_account_email: acme.kube00@balsillie.email \ No newline at end of file diff --git a/ansible/inventory/host_vars/kube00.balsillie.house/ansible_connection.yaml b/ansible/inventory/host_vars/kube00.balsillie.house/ansible_connection.yaml index 6d79d49..1ed88be 100644 --- a/ansible/inventory/host_vars/kube00.balsillie.house/ansible_connection.yaml +++ b/ansible/inventory/host_vars/kube00.balsillie.house/ansible_connection.yaml @@ -1,4 +1,9 @@ ---- -ansible_host: kube01.balsillie.net -ssh_public_key_string: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtk+mk1+J3sZ3CA/yS7XV2wH913IdJj0gznmb/nI2nV ladmin@kube01.balsillie.net -k8s_remove_control_plane_taint: true \ No newline at end of file +ansible_connection: ssh +ansible_host: kube00.balsillie.house +ansible_fqdn: kube00.balsillie.house +ansible_remote_addr: 10.192.110.110 +ansible_port: 22 +ansible_user: ladmin +ansible_become_user: root +ansible_become_method: sudo +static_fqdn: hv00.balsillie.house \ No newline at end of file diff --git a/ansible/inventory/host_vars/kube00.balsillie.house/nut_client.yaml b/ansible/inventory/host_vars/kube00.balsillie.house/nut_client.yaml index aaf9475..1dc2ec4 100644 --- a/ansible/inventory/host_vars/kube00.balsillie.house/nut_client.yaml +++ b/ansible/inventory/host_vars/kube00.balsillie.house/nut_client.yaml @@ -1,8 +1,15 @@ nut_client_local_server: false - -nut_client_server_list: - - host: hv00.balsillie.house +nut_client_shutdown_cmd: /scripts/shutdown.sh +nut_client_shutdown_exit: "false" +nut_client_hostsync: 15 +nut_client_notify_cmd: /scripts/notify.sh +nut_client_min_supplies: 1 +nut_client_ups_devices: + - name: ups0 + host: hv00.balsillie.house + type: secondary port: 3493 - ssl: true - username: "{{ nut_client_username }}" - password: "{{ nut_client_password }}" \ No newline at end of file + powervalue: 1 +nut_client_notify_flags: + - name: SHUTDOWN + flags: SYSLOG+WALL+EXEC \ No newline at end of file diff --git a/ansible/playbooks/infra/nut.yaml b/ansible/playbooks/infra/nut.yaml index 7f2aa5b..308c3ee 100644 --- a/ansible/playbooks/infra/nut.yaml +++ b/ansible/playbooks/infra/nut.yaml @@ -12,7 +12,6 @@ name: nut state: latest update_cache: true - upgrade: false - name: Setup NUT servers gather_facts: false @@ -20,9 +19,9 @@ become: true roles: - role: acme_certificate - vars: - acme_certificate_subject: "{{ ansible_hostname }}" - acme_certificate_zone: balsillie.house + acme_certificate_subject: "{{ ansible_host }}" + acme_certificate_zone: balsillie.house + acme_certificate_restart_services: ['nut-server.service'] - role: nut_server - name: Setup NUT clients diff --git a/ansible/roles/acme_certificate/tasks/main.yaml b/ansible/roles/acme_certificate/tasks/main.yaml index 810d057..b746b44 100644 --- a/ansible/roles/acme_certificate/tasks/main.yaml +++ b/ansible/roles/acme_certificate/tasks/main.yaml @@ -1,6 +1,26 @@ --- -- name: Create ACME account directory +- name: Install required python libraries system wide + when: ansible_facts['os_family'] == "Archlinux" + community.general.pacman: + name: + - python-cryptography + - python-dnspython + state: latest + update_cache: true + +- name: Set certificate path facts + ansible.builtin.set_fact: + acme_certificate_certificate_path: "/etc/ssl/private/{{ acme_certificate_subject }}.pem" + acme_certificate_chain_path: "/etc/ssl/private/{{ acme_certificate_subject }}.chain.pem" + acme_certificate_combined_path: "/etc/ssl/private/{{ acme_certificate_subject }}.combined.pem" + acme_certificate_csr_path: "/etc/ssl/private/{{ acme_certificate_subject }}.csr" + acme_certificate_fullchain_path: "/etc/ssl/private/{{ acme_certificate_subject }}.fullchain.pem" + acme_certificate_key_path: "/etc/ssl/private/{{ acme_certificate_subject }}.key" + acme_certificate_plain_combined_path: "/etc/ssl/private/{{ acme_certificate_subject }}.plain.combined.pem" + acme_certificate_plain_key_path: "/etc/ssl/private/{{ acme_certificate_subject }}.plain.key" + +- name: Create ACME account key directory ansible.builtin.file: group: root mode: '0700' @@ -12,29 +32,30 @@ community.crypto.openssl_privatekey: cipher: auto curve: secp384r1 - format: pkcs1 + format: auto_ignore group: root mode: '0600' owner: root passphrase: "{{ acme_certificate_account_key_passphrase }}" path: /etc/ssl/private/ACME/account.key - size: 384 + size: 4096 state: present - type: Ed25519 + type: RSA - name: Generate RSA private key community.crypto.openssl_privatekey: cipher: auto curve: secp384r1 - format: pkcs1 + format: auto_ignore group: root mode: '0600' owner: root passphrase: "{{ ssl_passphrase }}" - path: "/etc/ssl/private/{{ acme_certificate_subject }}.key" + path: "{{ acme_certificate_key_path }}" size: 4096 state: present type: RSA + register: genrsa_private_key - name: Generate CSR community.crypto.openssl_csr: @@ -47,8 +68,9 @@ mode: '0600' organization_name: "{{ acme_certificate_csr_organization }}" owner: root - path: "/etc/ssl/private/{{ acme_certificate_subject }}.csr" - privatekey_path: "/etc/ssl/private/{{ acme_certificate_subject }}.key" + path: "{{ acme_certificate_csr_path }}" + privatekey_passphrase: "{{ ssl_passphrase }}" + privatekey_path: "{{ acme_certificate_key_path }}" state: present state_or_province_name: "{{ acme_certificate_csr_state }}" use_common_name_for_san: true @@ -60,10 +82,11 @@ account_key_src: /etc/ssl/private/ACME/account.key acme_directory: "{{ acme_certificate_directory }}" acme_version: 2 - chain_dest: "/etc/ssl/private/{{ acme_certificate_subject }}.chain" + chain_dest: "{{ acme_certificate_chain_path }}" challenge: dns-01 - csr: "/etc/ssl/private/{{ acme_certificate_subject }}.csr" - dest: "/etc/ssl/private/{{ acme_certificate_subject }}.crt" + csr: "{{ acme_certificate_csr_path }}" + dest: "{{ acme_certificate_certificate_path }}" + fullchain_dest: "{{ acme_certificate_fullchain_path }}" modify_account: true select_crypto_backend: cryptography terms_agreed: true @@ -87,13 +110,18 @@ key_secret: "{{ rfc2136_key_secret }}" port: 53 protocol: tcp - record: "{{ challenge.challenge_data[acme_certificate_subject]['dns-01'].record }}" + record: "{{ challenge.challenge_data[acme_certificate_subject]['dns-01'].record }}." server: "{{ rfc2136_server_address }}" state: present ttl: 3600 type: TXT value: "{{ challenge.challenge_data[acme_certificate_subject]['dns-01'].resource_value }}" - zone: "{{ acme_certificate_zone }}" + # zone: "{{ acme_certificate_zone }}" + register: nsupdate_result + + - name: Debug nsupdate result + ansible.builtin.debug: + var: nsupdate_result - name: Retrieve ACME certificate community.crypto.acme_certificate: @@ -102,12 +130,12 @@ account_key_src: /etc/ssl/private/ACME/account.key acme_directory: "{{ acme_certificate_directory }}" acme_version: 2 - chain_dest: "/etc/ssl/private/{{ acme_certificate_subject }}.chain" + chain_dest: "{{ acme_certificate_chain_path }}" challenge: dns-01 - csr: "/etc/ssl/private/{{ acme_certificate_subject }}.csr" + csr: "{{ acme_certificate_csr_path }}" data: "{{ challenge }}" - dest: "/etc/ssl/private/{{ acme_certificate_subject }}.crt" - modify_account: true + dest: "{{ acme_certificate_certificate_path }}" + fullchain_dest: "{{ acme_certificate_fullchain_path }}" select_crypto_backend: cryptography terms_agreed: true validate_certs: true @@ -119,10 +147,72 @@ key_secret: "{{ rfc2136_key_secret }}" port: 53 protocol: tcp - record: "{{ challenge.challenge_data[acme_certificate_subject]['dns-01'].record }}" + record: "{{ challenge.challenge_data[acme_certificate_subject]['dns-01'].record }}." server: "{{ rfc2136_server_address }}" state: absent ttl: 3600 type: TXT value: "{{ challenge.challenge_data[acme_certificate_subject]['dns-01'].resource_value }}" zone: "{{ acme_certificate_zone }}" + +- name: Slurp fullchain contents + ansible.builtin.slurp: + src: "{{ acme_certificate_fullchain_path }}" + register: acme_certificate_fullchain_content + +- name: Slurp private key contents + ansible.builtin.slurp: + src: "{{ acme_certificate_key_path }}" + register: acme_certificate_key_content + +- name: Create combined cert file + ansible.builtin.template: + dest: "{{ acme_certificate_combined_path }}" + group: root + mode: '0600' + owner: root + src: combined.pem.j2 + +- name: Check if plain key file exists + ansible.builtin.stat: + path: "{{ acme_certificate_plain_key_path }}" + register: plain_key_file + +- name: Create a plain text copy of the SSL private key # noqa: no-handler + when: | + genrsa_private_key.changed or + not plain_key_file.stat.exists + ansible.builtin.command: + cmd: openssl rsa -in {{ acme_certificate_key_path }} -passin pass:{{ ssl_passphrase }} -out {{ acme_certificate_plain_key_path }} + changed_when: true + +- name: Slurp plain text private key contents + ansible.builtin.slurp: + src: "{{ acme_certificate_plain_key_path }}" + register: acme_certificate_key_content + +- name: Create plain text combined cert file + ansible.builtin.template: + dest: "{{ acme_certificate_plain_combined_path }}" + group: root + mode: '0600' + owner: root + src: combined.pem.j2 + +- name: Dependant services block + when: + - (acme_certificate_restart_services | default([]) | length) >= 1 + - challenge is changed + block: + + - name: Check state of running services + ansible.builtin.service_facts: + + - name: Restart dependant services + when: + - ansible_facts.services[item] is defined + - ansible_facts.services[item].state in ['running','failed'] + ansible.builtin.service: + name: "{{ item }}" + state: restarted + loop: "{{ acme_certificate_restart_services }}" diff --git a/ansible/roles/acme_certificate/templates/combined.pem.j2 b/ansible/roles/acme_certificate/templates/combined.pem.j2 new file mode 100644 index 0000000..426d23c --- /dev/null +++ b/ansible/roles/acme_certificate/templates/combined.pem.j2 @@ -0,0 +1,2 @@ +{{ acme_certificate_fullchain_content['content'] | b64decode }} +{{ acme_certificate_key_content['content'] | b64decode }} \ No newline at end of file diff --git a/ansible/roles/nut_client/files/nut-monitor_overrride.conf b/ansible/roles/nut_client/files/nut-monitor_override.conf similarity index 100% rename from ansible/roles/nut_client/files/nut-monitor_overrride.conf rename to ansible/roles/nut_client/files/nut-monitor_override.conf diff --git a/ansible/roles/nut_client/handlers/main.yaml b/ansible/roles/nut_client/handlers/main.yaml new file mode 100644 index 0000000..8b79e9a --- /dev/null +++ b/ansible/roles/nut_client/handlers/main.yaml @@ -0,0 +1,5 @@ +- name: Restart nut-monitor + when: not nut_monitor_started.changed + ansible.builtin.service: + name: nut-monitor.service + state: restarted diff --git a/ansible/roles/nut_client/tasks/main.yaml b/ansible/roles/nut_client/tasks/main.yaml index 9d1b24c..365a35a 100644 --- a/ansible/roles/nut_client/tasks/main.yaml +++ b/ansible/roles/nut_client/tasks/main.yaml @@ -6,18 +6,32 @@ owner: root group: nut mode: '0640' + notify: + - Restart nut-monitor + +- name: Ensure nut-monitor systemd drop in directory exists + when: not ( nut_client_local_server | default(true) ) + ansible.builtin.file: + path: /etc/systemd/system/nut-monitor.service.d + state: directory + owner: root + group: root + mode: '0755' - name: Copy nut-monitor systemd drop in file when: not ( nut_client_local_server | default(true) ) - ansible.builtin.template: + ansible.builtin.copy: src: nut-monitor_override.conf dest: /etc/systemd/system/nut-monitor.service.d/override.conf owner: root group: root mode: '0644' + notify: + - Restart nut-monitor - name: Start and enable nut-monitor ansible.builtin.service: - name: nut-monitor - state: restarted + name: nut-monitor.service + state: started enabled: true + register: nut_monitor_started diff --git a/ansible/roles/nut_client/templates/upsmon.conf.j2 b/ansible/roles/nut_client/templates/upsmon.conf.j2 index ee8e4e8..a608574 100644 --- a/ansible/roles/nut_client/templates/upsmon.conf.j2 +++ b/ansible/roles/nut_client/templates/upsmon.conf.j2 @@ -1,6 +1,6 @@ # File configured by Ansible playbook -# Configuration reference: -# https://man.archlinux.org/man/upsmon.conf.5 +# Reference documentation: +# https://networkupstools.org/docs/man/upsmon.conf.html {% for ups in nut_client_ups_devices %} {% if ups.type == 'primary' %} @@ -21,13 +21,13 @@ HOSTSYNC {{ nut_client_hostsync | default('30') }} POLLFREQALERT 5 POLLFREQ 5 MINSUPPLIES {{ nut_client_min_supplies | default('1') }} -CERTPATH /usr/ssl/certs +CERTPATH /etc/ssl/certs FORCESSL 1 CERTVERIFY 1 -NOTIFYCMD {{ nut_client_notify_cmd | default('/usr/bin/notify-send') }} -{% for message in nut_client_notify_messages %} +NOTIFYCMD "{{ nut_client_notify_cmd | default('/usr/bin/notify-send') }}" +{% for message in (nut_client_notify_messages | default([])) %} NOTIFYMSG {{ message.name }} {{ message.message }} {% endfor %} -{% for notify in nut_client_notify_flags %} +{% for notify in (nut_client_notify_flags | default([])) %} NOTIFYFLAG {{ notify.name }} {{ notify.flags }} {% endfor %} \ No newline at end of file diff --git a/ansible/roles/nut_server/handlers/main.yaml b/ansible/roles/nut_server/handlers/main.yaml new file mode 100644 index 0000000..dadf943 --- /dev/null +++ b/ansible/roles/nut_server/handlers/main.yaml @@ -0,0 +1,11 @@ +- name: Restart nut-driver-enumerator + when: not nut_driver_enumerator_started.changed + ansible.builtin.service: + name: nut-driver-enumerator.service + state: restarted + +- name: Restart nut-server + when: not nut_server_started.changed + ansible.builtin.service: + name: nut-server.service + state: restarted diff --git a/ansible/roles/nut_server/tasks/main.yaml b/ansible/roles/nut_server/tasks/main.yaml index 9a62fc3..89fa3bc 100644 --- a/ansible/roles/nut_server/tasks/main.yaml +++ b/ansible/roles/nut_server/tasks/main.yaml @@ -1,43 +1,72 @@ - name: Template out ups.conf ansible.builtin.template: - src: ups.conf.j2 dest: /etc/nut/ups.conf - owner: root group: root mode: '0644' - -- name: Start and enable nut-enumerator - ansible.builtin.service: - name: nut-driver-enumerator - state: restarted - enabled: true + owner: root + src: ups.conf.j2 + trim_blocks: true + notify: + - Restart nut-driver-enumerator - name: Template out upsd.conf ansible.builtin.template: - src: upsd.conf.j2 dest: /etc/nut/upsd.conf - owner: root group: nut mode: '0640' + owner: root + src: upsd.conf.j2 + trim_blocks: true + notify: + - Restart nut-server - name: Template out upsd.users ansible.builtin.template: - src: upsd.users.j2 dest: /etc/nut/upsd.users - owner: root group: nut mode: '0640' + owner: root + src: upsd.users.j2 + trim_blocks: true + notify: + - Restart nut-server -- name: Open nut server firewall port +- name: Open nut server firewall port (UFW) community.general.ufw: rule: allow - to_ip: "{{ nut_server_listen_address }}" - to_port: "{{ nut_server_listen_port }}}}" + to_ip: "{{ nut_server_listen_address | string }}" + to_port: "{{ nut_server_listen_port | string }}" proto: tcp comment: "NUT server" +- name: Chown nut server cert to nut user + ansible.builtin.file: + group: nut + mode: '0600' + owner: nut + path: "{{ nut_server_certificate_file }}" + notify: + - Restart nut-server + +- name: Start and enable nut-driver-enumerator + ansible.builtin.service: + name: nut-driver-enumerator.service + state: started + enabled: true + register: nut_driver_enumerator_started + - name: Start and enable nut-server ansible.builtin.service: - name: nut-server - state: restarted + name: nut-server.service + state: started enabled: true + register: nut_server_started + +- name: Start and enable nut targets + ansible.builtin.service: + name: "{{ item }}" + state: started + enabled: true + loop: + - nut-driver.target + - nut.target diff --git a/ansible/roles/nut_server/templates/ups.conf.j2 b/ansible/roles/nut_server/templates/ups.conf.j2 index 05e7f76..b64e074 100644 --- a/ansible/roles/nut_server/templates/ups.conf.j2 +++ b/ansible/roles/nut_server/templates/ups.conf.j2 @@ -1,5 +1,12 @@ -{% for ups in ups_devices %} -[ups{{ loop.index }}] +# File configured via Ansible playbook +# Reference documentation: +# https://networkupstools.org/docs/man/ups.conf.html + +maxretry = 5 + +{% for ups in nut_server_ups_devices %} +[{{ ups.name }}] driver = {{ ups.driver }} port = {{ ups.port }} -{% endfor %} \ No newline at end of file +{% endfor %} + diff --git a/ansible/roles/nut_server/templates/upsd.conf.j2 b/ansible/roles/nut_server/templates/upsd.conf.j2 index e69de29..8eba59f 100644 --- a/ansible/roles/nut_server/templates/upsd.conf.j2 +++ b/ansible/roles/nut_server/templates/upsd.conf.j2 @@ -0,0 +1,18 @@ +# File configured via Ansible playbook +# Reference documentation: +# https://networkupstools.org/docs/man/upsd.conf.html + +# MAXAGE 15 +# TRACKINGDELAY 3600 +# ALLOW_NO_DEVICE false +# STATEPATH /var/run/nut +LISTEN {{ nut_server_listen_address }} {{ nut_server_listen_port }} +LISTEN localhost {{ nut_server_listen_port }} +# MAXCONN 1024 +CERTFILE {{ nut_server_certificate_file }} +# CERTPATH /usr/local/ups/etc/cert/upsd +# CERTIDENT "my nut server" "MyPasSw0rD" +# CERTREQUEST REQUIRE +DISABLE_WEAK_SSL true +# DEBUG_MIN 2 + diff --git a/ansible/roles/nut_server/templates/upsd.users.j2 b/ansible/roles/nut_server/templates/upsd.users.j2 index 873ddac..19c2c5f 100644 --- a/ansible/roles/nut_server/templates/upsd.users.j2 +++ b/ansible/roles/nut_server/templates/upsd.users.j2 @@ -1,11 +1,17 @@ +# File configured via Ansible playbook +# Reference documentation: +# https://networkupstools.org/docs/man/upsd.users.html + +[{{ nut_client_admin_username }}] + password = {{ nut_client_admin_password }} + actions = set + actions = fsd + instcmds = all + [{{ nut_client_primary_username }}] password = {{ nut_client_primary_password }} upsmon primary - actions = SET - instcmds = ALL [{{ nut_client_secondary_username }}] password = {{ nut_client_secondary_password }} - upsmon secondary - actions = SET - instcmds = ALL \ No newline at end of file + upsmon secondary \ No newline at end of file