June 3, 2009

APC PowerChute Agents on CentOS

This is a quick how to on installing APC PowerChute monitoring agents on CentOS. This has been tested on CentOS 5.x versions and will likely work on RedHat Enterprise as well.

APC provides a free “5 node” version of the PowerChute Business Edition Basic which includes the PowerChute server (used for real time monitoring), PowerChute Console (used for monitoring and managing agents/clients) and the PowerChute Agent (available for Windows, Linux etc. and used to monitor a specific machine). Whilst this version is limited to managing a maximum of 5 server agents at a time, for a small office or branch data centers, its more than adequate. The PowerChute console allows for monitoring and management of UPS units connected to production Windows and Linux servers via serial (RS-232). Status information including battery health, UPS and battery age, total run time available, city power conditions and remote shutdown are all available within the console.

The CentOS agents may be installed and configured as follows:

1. Install the PowerChute Server and Console on an existing Windows machine.

2. Deploy any Windows agents you will be using and add them into the PowerChute management console.

3. Download the “PowerChute Business Edition v8.0.1 for Linux” agent from here.

4. Extract the contents of the ‘pcbe801_linux.tar’ tarball (tar -zxvf pcbe801_linux.tar)

5. Take 5 minutes to read the “Linuxreadme.txt” file which includes simple install instructions, e.g.

a. rpm -Uvh pbeagent-8.0.1-609.i386.rpm
b. Run ‘/opt/APC/PowerChuteBusinessEdition/Agent/config.sh’
c. Enter a username, password,  communication type and communication port etc.

6. If the server is located in your DMZ, you will need to configure IPTABLES to permit access to the APC agents service ports which include TCP/UDP 2161, UDP 80, TCP/UDP 160, TCP/UDP 161 and TCP/UPD 162.

A simple APC rule set example:

[root@server /] tail -f -n 30 /etc/sysconfig/iptables

# APC

-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 2161 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state -m udp –dport 2161 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 3052 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state -m udp –dport 80 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state -m udp –dport 160 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 160 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state -m udp –dport 161 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 161 -s 192.168.1.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state -m udp –dport 162 -s 58.137.157.0/24 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 162 -s 192.168.1.0/24 –state NEW -j ACCEPT

NOTE: Change 192.168.1.0/24 to your perimeter firewalls IP which the APC console traffic will be natted from. For example, if your server (which is connected in the DMZ) will be managed by a client which is behind firewall IP 192.168.1.10 then you can either add: 192.168.1.10 as the source (-s) IP or the entire IP block, 192.168.1.0/24.

7. Login to your APC console and add the server using its DMZ IP address.

Issues? Post a comment…