In the material I will talk about Network UPS Tool (NUT), which is responsible for the communication of servers with UPS, but not only. Then I'll talk about how to choose a UPS in terms of cooperation with TrueNAS. Then we will configure TrueNAS to communicate with UPS. Next we will force two other TrueNAS to communicate with the same UPS.
What is a NUT?
TrueNAS just uses the NUT to communicate with the UPS. We connect our UPS using a USB cable with the server and the NUT should be able to communicate with our UPS. If the power fails then the NUT is responsible for executing the scheduled action. In most cases, in the absence of power after a certain period of time, it will simply be the server only, so that there is no uncontrollable shutdown.
The NUT is designed not only to communicate with the UPS to read its current status. It can read the voltage and state of charge of the batteries, the frequency of the network, the current load and many other parameters. Importantly, the NUT will tell us that the batteries on our UPS are about time to be replaced. It can also control the UPS to switch the operating mode, shut down, turn off the UPS or simply turn off the audible alarm. Because why should the UPS beep when we already know what's going on anyway, or if we need to replace the batteries and the ones ordered won't be in until tomorrow.
NUT limitations
When it comes to reading and controlling the UPS, the functionality of the NUT, as I mentioned before, is quite extensive, but remember that it is open source and there is no guarantee that the NUT will be able to communicate properly with your UPS. In practice, all server-class UPSs will be able to communicate with NUT for basic functions like reading UPS status or battery level. The NUT is a very popular tool used on most if not all Linux-like systems. This makes manufacturers care about it working properly, too. However, this does not mean that all information or controllability will be available. Depending on the level of cooperation between UPS manufacturers and NUT developers, this level of cooperation between NUT and UPS will be better or worse. In a word, the bigger the bush the manufacturer of our UPS is, the worse it bodes for proper communication of the NUT with the UPS.
I know that you can download NUT for Windows but I don't know how it performs because we didn't particularly need to install this version. Maybe you have more experience with it then let me know in the comments.
Budget UPS for NUT
Well, and after the introduction about the quality of UPS manufacturers, we enter the topic of budget UPS. Here it can be different. The most important thing is that the description should mention USB communication at all. So far, for example, APC, Ever or Eaton have not failed me, but this does not mean that others will not work. In general, however, if you can't read the name or the price falls below 400 PLN, check whether someone has already had problems with something like this. The best though definitely not the most up-to-date source of information about the compatibility of a particular UPS with the NUT is the "Hardware compatibility list" page.
Lab
We'll start with what we'll be configuring. Our master server, from a UPS and NUT perspective of course, will be a physical server with TrueNAS CORE installed with a UPS physically connected to it via USB cable. And being strict it will be one of our test setups an HP ProLiant ML350p gen8 server and a PowerWalker VI 1200 SHL UPS connected to it. As someone was interested in the details. Two additional TrueNAS CORE and SCALE in the form of virtual machines will act as slaves for us, from a NUT perspective of course. In this case, at least one server should be real, physical to have somewhere to plug in USB from our however physical UPS. The ultimate goal of our tests will be to disable multiple servers with a single interconnected UPS. Here it will no longer matter whether physical or virtual.
UPS configuration in TrueNAS
First, we configure our physical TrueNAS SCALE
Services > UPS
UPS configuration in TrueNAS - slave
Next, we configure the other TrueNAS servers that are supposed to shut down with the power off connected to our physical server.
Services > UPS
Security of the NUT solution
As for the safety of this solution. Leaving aside the danger when, despite the full redundancy of UPS power and generators, someone unplugs one plug and de facto culturally tells the entire server room to go to sleep. While it may be fun, it is probably from some scale of the number of devices and progressive paranoia, it would be worthwhile to divide such NUT groups into more than one part, just in case.
Worth mentioning is the fact that NUT's network communication in its basic configuration is practically unsecured, and it might be worth keeping it in some sort of separated network.
The NUT server itself can be configured to listen on a separate IP and a specific port, so that it is only available on a separate network. By default, the NUT uses port 3493. Unfortunately, in TrueNAS via the WEB interface, I was unable to restrict the NUT to listen on a specific IP or interface. This is definitely a flaw in the NUT implementation in TrueNAS. In addition, TrueNAS has no general built-in firewall mechanism to limit access to its resources both in general and in the case of the NUT itself. This can generally be restricted at the level of the services themselves, such as NFS, SMB or iSCSI, or the WEB interface itself, where you can and even should restrict access only from trusted networks.
But back to the topic of security. We don't want to have a washing machine or other "smart" devices on the same network that, at best, report back to servers in China what they see and hear and, at worst, when hacked, will be used to break into our devices. This should lead us over to the conclusion that we need to separate networks and filter traffic between them with devices like our NAS from other devices over which, to put it mildly, we have little control and the timeliness and quality of their software is at least questionable
NUT debug
Port opening test
nmap [NUT_SERVER_IP] -p 3493
Infomation from UPS
upsc ups@[NUT_SERVER_IP]