• Stars
    star
    374
  • Rank 114,346 (Top 3 %)
  • Language
    Lua
  • License
    GNU General Publi...
  • Created almost 9 years ago
  • Updated about 1 month ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OpenWRT configuration agent for OpenWISP Controller

openwisp-config

ci build support chat

OpenWISP Controller agent for OpenWrt.

Want to help OpenWISP? Find out how to help us grow here.

Want a quick overview of OpenWISP? Try the OpenWISP Demo.


Install precompiled package

First run:

opkg update

Then install one of the latest builds:

opkg install <URL>

Where <URL> is the URL of the precompiled openwisp-config package.

For a list of the latest built images, take a look at downloads.openwisp.io/?prefix=openwisp-config/.

If you need to compile the package yourself, see Compiling openwisp-config and Compiling a custom OpenWRT image.

Once installed openwisp-config needs to be configured (see Configuration options) and then started with:

/etc/init.d/openwisp_config start

To ensure the agent is working correctly find out how to perform debugging in the Debugging section.

Configuration options

UCI configuration options must go in /etc/config/openwisp.

  • url: url of controller, eg: https://controller.openwisp.org
  • interval: time in seconds between checks for changes to the configuration, defaults to 120
  • management_interval: time in seconds between the management ip discovery attempts, defaults to $interval/12
  • registration_interval: time in seconds between the registration attempts, defaults to $interval/4
  • verify_ssl: whether SSL verification must be performed or not, defaults to 1
  • shared_secret: shared secret, needed for Automatic registration
  • consistent_key: whether Consistent key generation is enabled or not, defaults to 1
  • merge_config: whether Merge configuration is enabled or not, defaults to 1
  • tags: template tags to use during registration, multiple tags separated by space can be used, for more information see Template Tags
  • test_config: whether a new configuration must be tested before being considered applied, defaults to 1
  • test_retries: maximum number of retries when doing the default configuration test, defaults to 3
  • test_script: custom test script, read more about this feature in Configuration test
  • uuid: unique identifier of the router configuration in the controller application
  • key: key required to download the configuration
  • hardware_id_script: custom script to read out a hardware id (e.g. a serial number), read more about this feature in Hardware ID
  • hardware_id_key: whether to use the hardware id for key generation or not, defaults to 1
  • bootup_delay: maximum value in seconds of a random delay after bootup, defaults to 10, see Bootup Delay
  • unmanaged: list of config sections which won't be overwritten, see Unmanaged Configurations
  • capath: value passed to curl --capath argument, by default is empty; see also curl capath argument
  • cacert: value passed to curl --cacert argument, by default is empty; see also curl cacert argument
  • connect_timeout: value passed to curl --connect-timeout argument, defaults to 15; see curl connect-timeout argument
  • max_time: value passed to curl --max-time argument, defaults to 30; see curl max-time argument
  • mac_interface: the interface from which the MAC address is taken when performing automatic registration, defaults to eth0
  • management_interface: management interface name (both openwrt UCI names and linux interface names are supported), it's used to collect the management interface ip address and send this information to the OpenWISP server, for more information please read how to make sure OpenWISP can reach your devices
  • default_hostname: if your firmware has a custom default hostname, you can use this configuration option so the agent can recognize it during registration and replicate the standard behavior (new device will be named after its mac address, to avoid having many new devices with the same name), the possible options are to either set this to the value of the default hostname used by your firmware, or set it to * to always force to register new devices using their mac address as their name (this last option is useful if you have a firmware which can work on different hardware models and each model has a different default hostname)
  • pre_reload_hook: path to custom executable script, see pre-reload-hook
  • post_reload_hook: path to custom executable script, see post-reload-hook
  • post_reload_delay: delay in seconds to wait before the post-reload-hook and any configuration test, defaults to 5
  • post_registration_hook: path to custom executable script, see post-registration-hook
  • respawn_threshold: time in seconds used as procd respawn threshold, defaults to 3600
  • respawn_timeout: time in seconds used as procd respawn timeout, defaults to 5
  • respawn_retry: number of procd respawn retries (use 0 for infinity), defaults to 5
  • checksum_max_retries: maximum number of retries for checksum requests which fail with 404, defaults to 5, after these failures the agent will assume the device has been deleted from OpenWISP Controller and will exit; please keep in mind that due to respawn_retry, procd will try to respawn the agent after it exits, so the total number of attempts which will be tried has to be calculated as: checksum_max_retries * respawn_retry
  • checksum_retry_delay: time in seconds between retries, defaults to 6

Automatic registration

When the agent starts, if both uuid and key are not defined, it will consider the router to be unregistered and it will attempt to perform an automatic registration.

The automatic registration is performed only if shared_secret is correctly set.

The device will choose as name one of its mac addresses, unless its hostname is not OpenWrt, in the latter case it will simply register itself with the current hostname.

When the registration is completed, the agent will automatically set uuid and key in /etc/config/openwisp.

To enable this feature by default on your firmware images, follow the procedure described in Compiling a custom OpenWRT image.

Consistent key generation

When using Automatic registration, this feature allows devices to keep the same configuration even if reset or reflashed.

The key is generated consistently with an operation like md5sum(mac_address + shared_secret); this allows the controller application to recognize that an existing device is registering itself again.

The mac_interface configuration key specifies which interface is used to calculate the mac address, this setting defaults to eth0. If no eth0 interface exists, the first non-loopback, non-bridge and non-tap interface is used. You won't need to change this setting often, but if you do, ensure you choose a physical interface which has constant mac address.

The "Consistent key generation" feature is enabled by default, but must be enabled also in the controller application in order to work.

Merge configuration

By default the remote configuration is merged with the local one. This has several advantages:

  • less boilerplate configuration stored in the remote controller
  • local users can change local configurations without fear of losing their changes

It is possible to turn this feature off by setting merge_config to 0 in /etc/config/openwisp.

Details about the merging behavior:

  • if a configuration option or list is present both in the remote configuration and in the local configuration, the remote configurations will overwrite the local ones
  • configuration options that are present in the local configuration but are not present in the remote configuration will be retained
  • configuration files that were present in the local configuration and are replaced by the remote configuration are backed up and eventually restored if the modifications are removed from the controller

Configuration test

When a new configuration is downloaded, the agent will first backup the current running configuration, then it will try to apply the new one and perform a basic test, which consists in trying to contact the controller again;

If the test succeeds, the configuration is considered applied and the backup is deleted.

If the test fails, the backup is restored and the agent will log the failure via syslog (see Debugging for more information on auditing logs).

Disable testing

To disable this feature, set the test_config option to 0, then reload/restart openwisp_config.

Define custom tests

If the default test does not satisfy your needs, you can define your own tests in an executable script and indicate the path to this script in the test_script config option.

If the exit code of the executable script is higher than 0 the test will be considered failed.

Hardware ID

It is possible to use a unique hardware id for device identification, for example a serial number.

If hardware_id_script contains the path to an executable script, it will be used to read out the hardware id from the device. The hardware id will then be sent to the controller when the device is registered.

If the above configuration option is set then the hardware id will also be used for generating the device key, instead of the mac address. If you use a hardware id script but prefer to use the mac address for key generation then set hardware_id_key to 0.

See also the related hardware ID settings in OpenWISP Controller.

Bootup Delay

The option bootup_delay is used to delay the initialization of the agent for a random amount of seconds after the device boots.

The value specified in this option represents the maximum value of the range of possible random values, the minimum value being 0.

The default value of this option is 10, meaning that the initialization of the agent will be delayed for a random number of seconds, this random number being comprised between 0 and 10.

This feature is used to spread the load on the OpenWISP server when a large amount of devices boot up at the same time after a blackout.

Large OpenWISP installations may want to increase this value.

Unmanaged Configurations

In some cases it could be necessary to ensure that some configuration sections won't be overwritten by the controller.

These settings are called "unmanaged", in the sense that they are not managed remotely. In the default configuration of openwisp_config there are no unmanaged settings.

Example unmanaged settings:

config controller 'http'
        ...
        list unmanaged 'system.@led'
        list unmanaged 'network.loopback'
        list unmanaged 'network.@switch'
        list unmanaged 'network.@switch_vlan'
        ...

Note the lines with the @ sign; this syntax means any UCI section of the specified type will be unmanaged.

In the previous example, the loopback interface, all led settings, all switch and switch_vlan directives will never be overwritten by the remote configuration and will only be editable via SSH or via the web interface.

Hooks

Below are described the available hooks in openwisp-config.

pre-reload-hook

Defaults to /etc/openwisp/pre-reload-hook; the hook is not called if the path does not point to an executable script file.

This hook is called each time openwisp-config applies a configuration, but before services are reloaded, more precisely in these situations:

  • after a new remote configuration is downloaded and applied
  • after a configuration test failed (see Configuration test) and a previous backup is restored

You can use this hook to perform custom actions before services are reloaded, eg: to perform auto-configuration with LibreMesh.

Example configuration:

config controller 'http'
        ...
        option pre_reload_hook '/usr/sbin/my-pre-reload-hook'
        ...

Complete example:

# set hook in configuration
uci set openwisp.http.pre_reload_hook='/usr/sbin/my-pre-reload-hook'
uci commit openwisp
# create hook script
cat <<EOF > /usr/sbin/my-pre-reload-hook
#!/bin/sh
# put your custom operations here
EOF
# make script executable
chmod +x /usr/sbin/my-pre-reload-hook
# reload openwisp_config by using procd's convenient utility
reload_config

post-reload-hook

Defaults to /etc/openwisp/post-reload-hook; the hook is not called if the path does not point to an executable script file.

Same as pre_reload_hook but with the difference that this hook is called after the configuration services have been reloaded.

post-registration-hook

Defaults to /etc/openwisp/post-registration-hook;

Path to an executable script that will be called after the registration is completed.

Hotplug Events

The agent sends the following Hotplug events:

  • After the registration is successfully completed: post-registration
  • After the registration failed: registration-failed
  • When the agent first starts after the bootup of the device: bootup
  • After any subsequent restart: restart
  • After the configuration has been successfully applied: config-applied
  • After the previous configuration has been restored: config-restored
  • Before services are reloaded: pre-reload
  • After services have been reloaded: post-reload

If a hotplug event is sent by openwisp-config then all scripts existing in /etc/hotplug.d/openwisp/ will be executed. In scripts the type of event is visible in the variable $ACTION. For example, a script to log the hotplug events, /etc/hotplug.d/openwisp/01_log_events, could look like this:

#!/bin/sh

logger "openwisp-config sent a hotplug event. Action: $ACTION"

It will create log entries like this:

Wed Jun 22 06:15:17 2022 user.notice root: openwisp-config sent a hotplug event. Action: registration-failed

For more information on using these events refer to the Hotplug Events OpenWrt Documentation.

Compiling openwisp-config

The following procedure illustrates how to compile openwisp-config and its dependencies:

git clone https://github.com/openwrt/openwrt.git openwrt
cd openwrt
git checkout <openwrt-branch>

# configure feeds
echo "src-git openwisp https://github.com/openwisp/openwisp-config.git" > feeds.conf
cat feeds.conf.default >> feeds.conf
./scripts/feeds update -a
./scripts/feeds install -a
# any arch/target is fine because the package is architecture indipendent
arch="ar71xx"
echo "CONFIG_TARGET_$arch=y" > .config;
echo "CONFIG_PACKAGE_openwisp-config=y" >> .config
make defconfig
make tools/install
make toolchain/install
make package/openwisp-config/compile

Alternatively, you can configure your build interactively with make menuconfig, in this case you will need to select openwisp-config by going to Administration > openwisp:

git clone https://github.com/openwrt/openwrt.git openwrt
cd openwrt
git checkout <openwrt-branch>

# configure feeds
echo "src-git openwisp https://github.com/openwisp/openwisp-config.git" > feeds.conf
cat feeds.conf.default >> feeds.conf
./scripts/feeds update -a
./scripts/feeds install -a
make menuconfig
# go to Administration > openwisp and select the variant you need interactively
make -j1 V=s

Compiling a custom OpenWRT image

If you are managing many devices and customizing your openwisp-config configuration by hand on each new device, you should switch to using a custom OpenWRT firmware image that includes openwisp-config and its precompiled configuration file, this strategy has a few important benefits:

  • you can save yourself the effort of installing and configuring openwisp-config on each device
  • you can enable Automatic registration by setting shared_secret, hence saving extra time and effort to register each device on the controller app
  • if you happen to reset the firmware to initial settings, these precompiled settings will be restored as well

The following procedure illustrates how to compile a custom OpenWRT image with a precompiled minimal /etc/config/openwisp configuration file:

git clone https://github.com/openwrt/openwrt.git openwrt
cd openwrt
git checkout <openwrt-branch>

# include precompiled file
mkdir -p files/etc/config
cat <<EOF > files/etc/config/openwisp
config controller 'http'
    # change the values of the following 2 options
    option url 'https://openwisp2.mydomain.com'
    option shared_secret 'mysharedsecret'
EOF

# configure feeds
echo "src-git openwisp https://github.com/openwisp/openwisp-config.git" > feeds.conf
cat feeds.conf.default >> feeds.conf
./scripts/feeds update -a
./scripts/feeds install -a
# replace with your desired arch target
arch="ar71xx"
echo "CONFIG_TARGET_$arch=y" > .config
echo "CONFIG_PACKAGE_openwisp-config=y" >> .config
make defconfig
# compile with verbose output
make -j1 V=s

Automate compilation for different organizations

If you are working with OpenWISP, there are chances you may be compiling several images for different organizations (clients or non-profit communities) and use cases (full featured, mesh, 4G, etc).

Doing this by hand without tracking your changes can lead you into a very disorganized and messy situation.

To alleviate this pain you can use ansible-openwisp2-imagegenerator.

Debugging

Debugging openwisp-config can be easily done by using the logread command:

logread

Use grep to filter out any other log message:

logread | grep openwisp

If you are in doubt openwisp-config is running at all, you can check with:

ps | grep openwisp

You should see something like:

3800 root      1200 S    {openwisp_config} /bin/sh /usr/sbin/openwisp_config --url https://openwisp2.mydomain.com --verify-ssl 1 --consistent-key 1 ...

You can inspect the version of openwisp-config currently installed with:

openwisp_config --version

Quality Assurance Checks

We use LuaFormatter and shfmt to format lua files and shell scripts respectively.

First of all, you will need install the lua packages mentioned above, then you can format all files with:

./qa-format

To run quality assurance checks you can use the run-qa-checks script:

# install openwisp-utils QA tools first
pip install openwisp-utils[qa]

# run QA checks before committing code
./run-qa-checks

Run tests

To run the unit tests, you must install the required dependencies first; to do this, you can take a look at the install-dev.sh script.

You can run all the unit tests by launching the dedicated script:

./runtests

Alternatively, you can run specifc tests, eg:

cd openwisp-config/tests/
lua test_utils.lua -v

Contributing

Please read the OpenWISP contributing guidelines.

Changelog

See CHANGELOG.

License

See LICENSE.

Support

See OpenWISP Support Channels.

More Repositories

1

django-rest-framework-gis

Geographic add-ons for Django REST Framework. Maintained by the OpenWISP Project.
Python
1,081
star
2

openwisp-controller

Network and WiFi controller: provisioning, configuration management and updates, (pull via openwisp-config or push via SSH), x509 PKI management and more. Mainly OpenWRT, but designed to work also on other systems.
Python
556
star
3

ansible-openwisp2

Ansible role that installs and upgrades OpenWISP.
Python
477
star
4

django-freeradius

Administration web interface and REST API for freeradius 3 build in django & python, development has moved to openwisp-radius
Python
365
star
5

openwisp-radius

Administration web interface and REST API for freeradius 3 build in django & python. Supports captive portal authentication, WPA Enerprise (802.1x), freeradius rlm_rest, social login, Hotspot 2.0 / 802.11u, importing users from CSV, registration of new users and more.
Python
363
star
6

netjsonconfig

Network configuration management library based on NetJSON DeviceConfiguration
Python
359
star
7

django-x509

Reusable django app implementing x509 PKI certificates management
Python
340
star
8

netjsongraph.js

NetJSON NetworkGraph visualizer.
JavaScript
270
star
9

django-netjsonconfig

Configuration manager for embedded devices, implemented as a reusable django-app
JavaScript
194
star
10

django-loci

Reusable Django app for storing geographic and indoor coordinates. Maintained by the OpenWISP Project.
Python
181
star
11

openwisp-network-topology

Network topology collector and visualizer. Collects network topology data from dynamic mesh routing protocols or other popular networking software like OpenVPN, allows to visualize the network graph, save daily snapshots that can be viewed in the future and more.
Python
170
star
12

openwisp-monitoring

Network monitoring system written in Python and Django, designed to be extensible, programmable, scalable and easy to use by end users: once the system is configured, monitoring checks, alerts and metric collection happens automatically.
Python
166
star
13

openwisp-users

Implementation of user management and multi-tenancy for OpenWISP
Python
163
star
14

docker-openwisp

OpenWISP in docker. For production usage we recommend using the ansible-openwisp2 role.
Python
153
star
15

django-netjsongraph

Network Topology Visualizer & Network Topology Collector
Python
141
star
16

openwisp-wifi-login-pages

Configurable captive page for public/private WiFi services providing login, sign up, social login, SMS verification, change password, reset password, change phone number and more.
JavaScript
128
star
17

ansible-openwisp2-imagegenerator

Automatically build several openwisp2 firmware images for different organizations while keeping track of their differences
Shell
120
star
18

openwisp-ipam

IP address space administration module of OpenWISP
Python
104
star
19

OpenWISP-Firmware

An OpenWRT based firmware to be used with OpenWISP Manager
Shell
86
star
20

netdiff

Python library for parsing network topology data (e.g.: OpenVPN, Wireguard, ZeroTier, NetJSON, Dynamic Routing Protocols) and detect changes.
Python
80
star
21

django-ipam

The development of this project has moved to openwisp-ipam
Python
78
star
22

openwisp-utils

Python and Django utilities shared between different openwisp modules
Python
74
star
23

django-flat-json-widget

Flat JSON widget for django, used and maintained by the OpenWISP project.
Python
64
star
24

OpenWISP-Captive-Portals-Manager

OWCPM is a captive portal written from scratch with Ruby on Rails.
Ruby
58
star
25

openwisp-firmware-upgrader

Firmware upgrade solution for OpenWRT with possibility to add support for other embedded OSes. Provides features like automatic retry for network failures, mass upgrades, REST API and more.
Python
53
star
26

openwisp-docs

OpenWISP Documentation.
Python
50
star
27

vagrant-openwisp2

Ansible Vagrant profile to install an OpenWISP 2 server
44
star
28

openwisp-notifications

Notifications module of OpenWISP
Python
41
star
29

OpenWISP-User-Management-System

OpenWISP User Management System (OWUMS) is a Ruby on Rails application, capable of managing a WISP's user base.
Ruby
40
star
30

OpenWISP-Website

OpenWISP Project's website
HTML
39
star
31

netengine

Python abstraction layer for extracting information from network devices.
Python
38
star
32

OpenWISP-Manager

The OpenWISP Manager is a RoR web GUI for configuring OpenWISP firmware-based access points.
Ruby
36
star
33

openwrt-openwisp-monitoring

OpenWRT monitoring agent for openwisp-monitoring
Lua
23
star
34

luci-openwisp

OpenWISP configuration interface implemented as LuCI extensions
HTML
20
star
35

django-owm-legacy

OpenWISP Manager backward compatible legacy features implemented in django
Python
17
star
36

OpenWISP-Geographic-Monitoring

A Rails application for managing a wISP's access points
Ruby
15
star
37

coova-chilli-openwrt

Makefile
13
star
38

openwrt-zabbixd

Ucified Zabbix Packages
Makefile
13
star
39

netjsonconfig-editor.js

[GSOC 2017] This project has stalled.
JavaScript
12
star
40

django-jsonschema-widget

JavaScript
11
star
41

OpenWISP-Middle-Ware

A Sinatra application for interconnecting OpenWISP applications via a RESTful API
Ruby
11
star
42

OpenWISP-Puppet-Modules

A set of modules and hacks for the https://openwisp.caspur.it project
HTML
10
star
43

AdaLoveBot-intents

Helping bot of the OpenWISP Chat
JavaScript
9
star
44

ansible-freeitaliawifi-login-page

Standard login page for Free ItaliaWifi federated networks
JavaScript
9
star
45

openwisp-netcheck

Shell
9
star
46

openwisp-template-library-backend

Python
8
star
47

netjson-templates

CSS
6
star
48

ansible-wireguard-openwisp

Python
6
star
49

openwisp-template-library-frontend

GSOC 19
JavaScript
6
star
50

OpenWISP-ETL

Extract Transform Load Module developed with pentaho pdi ce-5.0.1.A
6
star
51

openVPNServer

Ruby
5
star
52

openwrt-feed

DEPRECATED, work moved on OpenWisp-Firmware repo
Shell
5
star
53

ansible-openwisp-wifi-login-pages

Ansible role to deploy and manage OpenWISP WiFi Login Pages
Jinja
5
star
54

lxdock-openwisp2

This repository is only a mirror. If you want to work on it, make a fork on https://gitlab.com/openwisp/lxdock-openwisp2
5
star
55

packet-legacy

packet-legacy
Ruby
4
star
56

ansible-ow-influxdb

4
star
57

OpenWISP-BI

Business Intelligence module developed with pentaho biserver ce-4.8.0
4
star
58

openwisp-sphinx-theme

OpenWISP Sphinx Theme
CSS
3
star
59

openwisp-dev-env

Automated development environment for OpenWISP, work in progress.
3
star
60

openwisp-sentry-utils

Python
2
star
61

ansible-openwisp2-iptables

ansible role containing iptables rules to protect an openwisp2 instance
Shell
2
star