Should I use NUT in a jail?

[djidji perroto]

I'm running TrueNAS Core 13.0-U6.1 which apparently is still stuck on on nut 2.7.4. I also have a small UPS whose driver has been updated to actually show meaningful info in the past 8 years.
The freshports port looks quite up-to-date.
Is there a reason I should not turn off the 'UPS Service' setting and install nut in a jail while waiting for the next release of Core?
Thanks in advance.

 

[Ericloewe]

It should be fine. If you want to shut down the host, you can probably configure the host's NUT to talk to the jailed NUT.

 

[joeschmuck]

Hint: Master/Slave

 

[ChrisRJ]

Being aware that this was not the actual question, I wanted to throw in the approach I have taken for NUT.

It is running on a Raspberry Pi here. This allows for a setup where power-hungry devices like TrueNAS or XCP-ng will be shut down after 3-5 minutes of a power outage occurring. While at the same time the pfSense box and switches will be kept alive until the battery reaches a critical level.

 

[djidji perroto]

I spent a couple of evenings googling only to find that I can’t passthrough my usb devices from the host to a jail. Apparently it is the same with bhyve guests. At this point I’m seriously considering forsaking what was once a cool platform and going to a simple OS plus zfs.

 

[joeschmuck]

I'm running TrueNAS Core 13.0-U6.1 which apparently is still stuck on on nut 2.7.4. I also have a small UPS whose driver has been updated to actually show meaningful info in the past 8 years.

Out of curiosity, does the current (old) nut driver provide the minimum which is required to notify TrueNAS if it is Online or Offline?

I'm asking if the minimum is available to monitor and shutdown TrueNAS safely.

Let's say your answer is Yes, online and offline are recognized, setup the UPS service as follow:
If you have frequent brownouts or blackouts that last under 1 minute: Set UPS Service to shut down TrueNAS after 60 seconds.
If you have rare brownouts or blackouts that last over 1 minute: Set UPS Service to shutdown TrueNAS after one third or less of it's maximum run time. My 1500 VA UPS can last 15 minutes on new batteries so my shutdown time is 5 minutes. If my power is out for 5 minutes, odds are it will be out for hours. Remember, batteries lose capacity over time regardless of the UPS reporting a full charge.

If in doubt, choose 1 minute, it is the safest option.

If TrueNAS cannot work at all with your UPS, that is a different situation and I understand why you would need to update NUT.

Some assumptions: You are able to establish communications with the UPS, just less "meaningful" information.

What is output if you enter upsmon ups assuming you did not change any defaults and you do have communications.

 

[dak180]

I spent a couple of evenings googling only to find that I can’t passthrough my usb devices from the host to a jail.

This is possible though non trivial: it requires a custom devfs ruleset: see this hardware transcoding setup for an example of how this might be done (it will need to be adjusted for the usb devices you want to see in the jail instead of a gpu).

 

[djidji perroto]

The old nut driver does provide basic on-wall/on-battery functionality, so I’m able to shutdown after i.e. 5m of battery use. Battery capacity reads ‘255’ all the time, which is why I wanted an upgrade. I did try to do a custom devfs ruleset, no success, but I’ll probably keep trying.

 

[dak180]

I did try to do a custom devfs ruleset, no success, but I’ll probably keep trying.

You can also check out how I activate the rule set in my scripted jail creation process.

 

[djidji perroto]

Thanks for the input and good examples.
I've managed to setup a jail and install an up-to-date version of nat in it.

Code:

iocage create --release="13.2-RELEASE" --name='my-new-jail'
iocage set vnet=on interfaces="vnet0:bridge0" ip4_addr="vnet0|192.168.x.y/24" defaultrouter="192.168.x.1" my-new-jail
iocage start my-new-jail
iocage console my-new-jail
pkg install nut

I've then created a devfs rules file for my new jail

Code:

#!/bin/sh
#custom ruleset for the ups jail
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
#Get the port
CABLE_NAME='Cypress Semiconductor USB to Serial'
## Create custom devfs_ruleset RULE_NUM
RULE_NUM=99
OPERATOR_GID=5
# Find the UPS USB Port
UGEN_DEV=$(usbconfig | grep "$CABLE_NAME" | cut -d':' -f 1)
USB_DEV=$(readlink /dev/$UGEN_DEV)
if [ -z "$UGEN_DEV" -o -z "$USB_DEV" ]
then
  echo "error: cannot find cable '$CABLE_NAME'"
  echo "error: please check with usbconfig"
  exit 1
fi
echo "Found $CABLE_NAME on $UGEN_DEV"
# Clean the ruleset
devfs rule -s $RULE_NUM delset
/sbin/devfs rule -s ${RULE_NUM} add include 5
/sbin/devfs rule -s ${RULE_NUM} add path usb unhide
/sbin/devfs rule -s ${RULE_NUM} add path $USB_DEV mode 0660 group $OPERATOR_GID mode 0660 unhide
/sbin/devfs rule -s ${RULE_NUM} add path $UGEN_DEV group $OPERATOR_GID mode 0660 unhide
/sbin/devfs rule -s ${RULE_NUM} add path usbctl mode 644 unhide

I've finally created a script that is activated post init so that I can generate the ruleset after host restart and added the script as a GUI Init script. I also used this script to detach the kernel driver form the host (not sure why I need this but it seems to get the job done:

Code:

#!/bin/sh
#detach kernel driver?
usbconfig -d ugen0.2 detach_kernel_driver
# Manually start ups jails.
sh /path-to/ups-ruleset-script.sh
/usr/local/bin/iocage start my-new-jail

The result is a NUT master in a jail that talks to the ups via usb and a NUT slave configured via the host GUI that talks to the master at 192.168.x.y. When the UPS goes on battery for 5 minutes the master (aka NUT-in-a-jail) tells the slave (NUT-on-the-host) to shutdown.
The host then shuts down (stopping the jail in the process).
The only issue that remains is that because of the untimely demise of the jail, the NUT master fails to execute the delayed shutdown script and the ups continues to run until the batteries run out completely.
(skipping nut config files as they are probably device specific)

 

[dak180]

The only issue that remains is that because of the untimely demise of the jail, the NUT master fails to execute the delayed shutdown script and the ups continues to run until the batteries run out completely.

This is why I ultimately decided to run run nut on my router (pfsense) and have TrueNAS connect to that since I want my router to be the last one standing anyway.

 

[djidji perroto]

OT, but it would really help me decide, how recent are package builds on pfsense as compared to TrueNAS? I'm planning my next router/firewall and I'm in between pfsense, opnsense and going fully managed with something like mikrotik.

 

[joeschmuck]

how recent are package builds on pfsense

Releases — Versions of pfSense software and FreeBSD | pfSense Documentation

docs.netgate.com