Merge pull request #2268 from jimklimov/issue-2265

Update upsd/upsmon conf docs regarding NSS and general asciidoc markup
networkupstools · Jan 19, 2024 · d9477f9 · d9477f9
2 parents b2bcac1 + 9441ed2
commit d9477f9
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 76 deletions.
diff --git a/docs/man/upsd.conf.txt b/docs/man/upsd.conf.txt
@@ -124,6 +124,7 @@ connections.  Only set this if you know exactly what you're doing.
 
 When compiled with SSL support with OpenSSL backend, you can enter the
 certificate file here.
++
 The certificates must be in PEM format and must be sorted starting with
 the subject's certificate (server certificate), followed by intermediate
 CA certificates (if applicable_ and the highest level (root) CA. It should
@@ -134,6 +135,7 @@ NUT user manual for more information on the SSL support in NUT.
 
 When compiled with SSL support with NSS backend, you can enter the
 certificate path here.
++
 Certificates are stored in a dedicated database (data split in 3 files).
 Specify the path of the database directory.
 
@@ -142,12 +144,16 @@ Specify the path of the database directory.
 When compiled with SSL support with NSS backend, you can specify the
 certificate name to retrieve from database to authenticate itself and
 the password required to access certificate related private key.
++
+NOTE: Be sure to enclose "certificate name" in double-quotes if you
+are using a value with spaces in it.
 
 "CERTREQUEST 'certificate request level'"::
 
 When compiled with SSL support with NSS backend and client certificate
 validation (disabled by default, see 'docs/security.txt'),
 you can specify if upsd requests or requires client's' certificates.
++
 Possible values are :
 - '0' to not request to clients to provide any certificate
 - '1' to require to all clients a certificate
@@ -158,6 +164,7 @@ Possible values are :
 Tell upsd to disable older/weak SSL/TLS protocols and ciphers.
 With relatively recent versions of OpenSSL or NSS it will be restricted
 to TLSv1.2 or better.
++
 Unless you have really ancient clients, you probably want to enable this.
 Currently disabled by default to ensure compatibility with existing setups.
 

diff --git a/docs/man/upsmon.conf.txt b/docs/man/upsmon.conf.txt
@@ -103,55 +103,63 @@ Each UPS that you need to be monitor should have a MONITOR line.  Not
 all of these need supply power to the system that is running upsmon.
 You may monitor other systems if you want to be able to send
 notifications about status changes on them.
-
++
 You must have at least one MONITOR directive in `upsmon.conf`.
-
-'system' is a UPS identifier.  It is in this form:
-
++
+* 'system' is a UPS identifier.  It is in this form:
++
 +<upsname>[@<hostname>[:<port>]]+
-
++
 The default hostname is "localhost".  Some examples:
-
- - "su700@mybox" means a UPS called "su700" on a system called "mybox".
++
+  - "su700@mybox" means a UPS called "su700" on a system called "mybox".
 This is the normal form.
- - "fenton@bigbox:5678" is a UPS called "fenton" on a system called
+  - "fenton@bigbox:5678" is a UPS called "fenton" on a system called
 "bigbox" which runs linkman:upsd[8] on port "5678".
 
-'powervalue' is an integer representing the number of power supplies
++
+* 'powervalue' is an integer representing the number of power supplies
 that the UPS feeds on this system.  Most normal computers have one power
 supply, and the UPS feeds it, so this value will be 1.  You need a very
 large or special system to have anything higher here.
-
++
 You can set the 'powervalue' to 0 if you want to monitor a UPS that
 doesn't actually supply power to this system.  This is useful when you
 want to have upsmon do notifications about status changes on a UPS
 without shutting down when it goes critical.
 
-The 'username' and 'password' on this line must match an entry in
++
+* The 'username' and 'password' on this line must match an entry in
 the `upsd` server system's linkman:upsd.users[5] file.
-
++
 If your username is "observer" and your password is "abcd", the MONITOR
 line might look like this (likely on a remote secondary system):
-
-+MONITOR myups@bigserver 1 observer abcd secondary+
-
++
+----
+MONITOR myups@bigserver 1 observer abcd secondary
+----
++
 Meanwhile, the `upsd.users` on `bigserver` would look like this:
++
+----
+[observer]
+	password = abcd
+	upsmon secondary
 
-	[observer]
-		password = abcd
-		upsmon secondary
-
-	[upswired]
-		password = blah
-		upsmon primary
-
+[upswired]
+	password = blah
+	upsmon primary
+----
++
 And the copy of upsmon on that bigserver would run with the primary
 configuration:
++
+----
+MONITOR myups@bigserver 1 upswired blah primary
+----
 
-+MONITOR myups@bigserver 1 upswired blah primary+
-
-
-The 'type' refers to the relationship with linkman:upsd[8].  It can
++
+* The 'type' refers to the relationship with linkman:upsd[8].  It can
 be either "primary" or "secondary".  See linkman:upsmon[8] for more
 information on the meaning of these modes.  The mode you pick here
 also goes in the `upsd.users` file, as seen in the example above.
@@ -438,6 +446,9 @@ When compiled with SSL support, you can enter the certificate path here.
 When compiled with SSL support with NSS, you can specify the certificate
 name to retrieve from database to authenticate itself and the password
 required to access certificate related private key.
++
+NOTE: Be sure to enclose "certificate name" in double-quotes if you
+are using a value with spaces in it.
 
 *CERTHOST* 'hostname' 'certificate name' 'certverify' 'forcessl'::
 
@@ -447,6 +458,9 @@ for each server you can contact.
 Each entry maps server name with the expected certificate name and flags
 indicating if the server certificate is verified and if the connection
 must be secure.
++
+NOTE: Be sure to enclose "certificate name" in double-quotes if you
+are using a value with spaces in it.
 
 *CERTVERIFY* '0 | 1'::