monit to fix failure of APC Back-UPS CS-500

To fix the recent failure of Network UPS Tools on my APC Back-UPS attached to Debian Etch, I used a very pragmatic approach:

  1. The 1st problem was a missing or changing USB device. That was fixed by using udev providing a static device name.
  2. The 2nd problem of a crashing newhidups was solved by monit.

Perhaps all this is no longer necessary after updating NUT, but setup of monit is very straightforward and the USB problem is probably inherent and also needs a solution in the future.
Please find the details in the following lines:

  1. udev in Debian provides the file /etc/udev/rules.d/010_local.rules for this kind of configuration:
    BUS=="usb", SYSFS{serial}=="NB0635011712*", SYMLINK+="backups_cs500"
    

    I extracted the serial in the output of lsusb -v.

  2. The driver newhidups is failing quite frequently after boot. I don’t know, if there is a race condition (nut vs. udev), instead I used monit to restart. Just append the following lines to /etc/monit/monitrc. Of course you need to install and basically setup monit first.
    check process newhidups with pidfile /var/run/nut/newhidups-backups_cs500.pid
            group system
            start program = "/sbin/upsdrvctl start"
            stop program = "/sbin/upsdrvctl stop; sleep 5; /usr/bin/pkill newhidups"
            if 3 restarts within 5 cycles then timeout
    

    The pkill command will avoid multiple instances of newhidups, since the stop action of upsdrvctl is not very good at this.

Buffalo WLI-TX4-G54HP running DD-WRT v24-sp1 (07/27/08)

The same TFTP procedure used for the WHR-G125 also works for the ethernet connector. You just have to replace the default IP 192.168.11.1 of WHR-G125 with 1.1.1.1.

This 2nd run on installing DD-WRT on a Buffalo device also reveals some details:

  • ping will run into packets with ttl=100.
  • tftp will successfully close the transfer.
  • ping will stop and continue several seconds later with failure destination not reachable.
  • The ping very likely corresponds to the activation and reboot of the new firmware.
  • The ping failures very likely correspond to the finish of the reboot. The device is now up and running with a new IP.

Buffalo WHR-G125 running DD-WRT v24-sp1 (07/27/08)

Another Buffalo router is running DD-WRT.

Initial flashing was not as simple on the WHR-G125 as it was on my Linksys router, so I collect some things worth remembering (your mileage may vary, if not using Linux).

Rollback to Buffalo’s original firmware is difficult, because you need an unencrypted version, which is not officially available. So, please be extra careful. I will not give any warranties, that this will always work, but at least it worked for me.

  • Reset the router to factory defaults (Web GUI).
  • Install a tftp client.
  • Run ping 192.168.11.1 in a console and concentrate on the ttl values in the output.
  • Prepare tftp 192.168.11.1 in a second console using the location of the DD-WRT image as working directory.
  • Prepare the tftp session by copying the following lines into the clipboard:
    binary
    rexmt 1
    timeout 60
    put dd-wrt.VERSION_mini_generic.bin
    

    Of course you have use the proper file name of the firmware in the put statement.

  • Restart the router (Web GUI).
  • Switch immediately to the console running ping and watch out for ttl of the packets going up from 64 to 100.
  • On ttl change immediately switch to the other console and call tftp 192.168.11.1 pasting the sessions from clipboard.
  • If you missed the change window or the put command fails with timeout, start over beginning with the restart (assuming ping console and clipboard are still online).
  • On success the tftp command will report duration of the transmission. Now the race is over, you can slow down your actions.
  • You will probably see the ping status changing to destination not reachable. That’s fine, because DD-WRT is mapping the IP 192.168.1.1 to the router instead of 192.168.11.1.
  • Finish your tftp session using Control-D or the quit statement.
  • Change your static IP configuration to 192.168.1.10.
  • Call the Web GUI at http://192.168.1.1/ and under normal circumstances, DD-WRT will request a change of the admin login.

Good Luck!

gzip vs. bzip2

Sometimes using bzip2 instead of gzip will save you just the extra space you need to push some archives to CD or DVD…
A long time ago I already wrote a simple script to replace a gzip archive, if bzip2 compression is doing a better job.
After adding some verbose output and an additional md5 check of the result for paranoids, it’s time to publish it:

#!/bin/bash
################################################################################
# Convert gzip'ped files to bzip2 format, if that saves space.
################################################################################

VERBOSE="1"

files="$@"
[ -z "$files" ] && files="$(ls *.gz)"

for file_gz in $files; do
        [[ "$file_gz" == *.gz ]] || continue
        [ -r "$file_gz" ] || continue
        [ -w "$(dirname $file_gz)" ] || continue

        file_bz2="$(dirname "$file_gz")/$(basename "$file_gz" .gz).bz2"
        if [ -e "$file_bz2" ]; then
                echo "Cowardly refusing to overwrite $file_bz2."
                continue
        fi

        # bzip2 compression:
        [ -n "$VERBOSE" ] && echo "Conduct bzip2 on $file_gz..."
        zcat "$file_gz" | nice bzip2 >"$file_bz2" || continue

        # Check size (bz2 clone is smaller).
        size_gz="$(stat -c "%s" "$file_gz")"
        size_bz2="$(stat -c "%s" "$file_bz2")"
        if [ -z "$size_bz2" -o "$size_bz2" = 0 -o "$size_gz" -le "$size_bz2" ]; then
                [ -n "$VERBOSE" ] && echo "Result is not smaller."
                rm -f "$file_bz2"
                continue
        fi
        [ -n "$VERBOSE" ] && echo "bzip2 compression wins benchmark: $size_gz > $size_bz2"

        # Additional md5 check.
        md5_gz="$(zcat "$file_gz" | md5sum)"
        md5_bz2="$(bzcat "$file_bz2" | md5sum)"
        if [ "$md5_gz" != "$md5_bz2" ]; then
                [ -n "$VERBOSE" ] && echo "MD5 check failed."
                rm -f "$file_bz2"
                continue
        fi
        [ -n "$VERBOSE" ] && echo "MD5 check passed."

        # Size is better, md5 is ok, then drop the original file.
        [ -n "$VERBOSE" ] && echo "Drop original file: $file_gz"
        rm -f "$file_gz"
done

policyd-weight: Mind the default RBLs.

At least the package of policyd-weight in Debian Etch provides defaults, you should better check:

  • Start your review by storing the defaults at /etc/policyd-weight.conf: /usr/sbin/policyd-weight defaults >/etc/policyd-weight.conf
  • I dropped all lines except for the settings @dnsbl_score and @rhsbl_score.
  • Spamhaus recommends now zen.spamhaus.org.
  • You should drop dynablock.njabl.org, see http://njabl.org/dynablock.html for details.
  • You should drop multi.surbl.org, if you do not match their policy for free use http://www.surbl.org/usage-policy.html.
  • I then dropped all entries, I am already using for blacklisting, if the good score is not set. It does not make sense to blacklist first and ask the same list again in policyd-weight unless a positive result will provide a non-zero score.