freebsd_wpa_cli

Documentation at readthedocs.io

Table of Contents

• Introduction
• Requirements
• Recommended
• Role Variables
• Dependencies
• Example playbooks
• Details
  • action_file.sh
  • /etc/rc.d/wpa_cli
  • /etc/network.subr
  • /etc/defaults
  • DHCP and SYNCDHCP options
  • /etc/rc.d/netif
• Ansible Lint
• References
• License
• Author Information

Introduction

Ansible role. FreeBSD. Configuration of RC system. Use wpa_cli action_file to configure wlan devices.

The goal of this configuration is to start dhclient and other system services (e.g. routing, ntpdate, ntpd, ...) after the wifi interface connects to the network. The utility wpa_cli, running in the background, will be notified by wpa_supplicant when the interface connects or disconnects to/from the network. On such event wpa_cli executes the action file (-a action_file). See templates what pre-configured scripts are available. For example, 1.1.0-wpa_action.sh, after the connection, starts dhclient, restarts routing, and optionally synchronize date and time. This solves the potential problem of synchronizing date and time by settimeofday at boot time of a wireless-only system. If wpa_supplicant doesn't manage to connect to the network by the time ntpdate is executed ntpdate will time-out. Then, in most systems, the ntpd service will start (see rcorder /etc/rc.d/*). When the hardware device has no battery and no RTC, the offset might be huge. In this case ntpd will reject the offset and will terminate itself, believing something very strange must have happened.

Feel free to share your feedback and report issues.

Contributions are welcome.

Requirements and dependencies

Collections

• ansible.posix
• community.general

Recommended

• freebsd_postinstall task wpa_supplicant
• freebsd_network

Role Variables

See defaults, templates and examples in vars.

Example playbooks

1. Configure wpa_supplicant

shell> cat freebsd-postinstall.yml
- hosts: router
  roles:
    - vbotka.freebsd_postinstall


shell> ansible-playbook freebsd-postinstall.yml -t fp_wpasupplicant

2. Configure wpa_cli and network

shell> cat freebsd-wpacli.yml

- hosts: router
  roles:
    - vbotka.freebsd_wpa_cli
    - vbotka.freebsd_network

shell> ansible-playbook freebsd-wpacli.yml

Details

• wpa_cli is an utility developed, built and packaged together with wpa_supplicant.
• wpa_cli is installed in the base system together with wpa_supplicant.
• wpa_cli can run in the background, listen to the events from wpa_supplicant and execute programmable actions (wpa_cli -B -i wlan0 -a action_file.sh).
• wpa_cli provides reliable synchronous method to configure DHCP and routing of wireless adapters. See example of action_file.sh below. See also templates.

action_file.sh

#!/bin/sh
ifname=$1
cmd=$2
if [ "$cmd" = "CONNECTED" ]; then
    /etc/rc.d/dhclient forcestart $ifname
    /etc/rc.d/routing restart
fi
if [ "$cmd" = "DISCONNECTED" ]; then
    /etc/rc.d/dhclient forcestop $ifname
    /etc/rc.d/routing restart

/etc/rc.d/wpa_cli

To control wpa_cli rc script /etc/rc.d/wpa_cli is created from template wpa_cli.j2

#!/bin/sh

# PROVIDE: wpa_cli
# REQUIRE: mountcritremote
# KEYWORD: nojail nostart

. /etc/rc.subr
. /etc/network.subr

name="wpa_cli"
desc="Frontend to WPA/802.11i Supplicant for wireless network
devices. Run in daemon mode executing the action file based on events
from wpa_supplicant"
rcvar=

ifn="$2"
if [ -z "$ifn" ]; then
	return 1
fi

load_rc_config $name

command="${wpa_cli_program}"
pidfile="/var/run/${name}/${ifn}.pid"
command_args="-B -i $ifn -P $pidfile -p ${wpa_cli_ctrl_interface} -a ${wpa_cli_action_file}"
required_files="${wpa_cli_action_file}"

run_rc_command "$1"

/etc/network.subr

wpa_cli is started and stopped from network.subr . See patch

shell> grep -A 1 -B 3 wpa_cli /etc/network.subr
	if wpaif $1; then
		/etc/rc.d/wpa_supplicant start $1
		_cfg=0		# XXX: not sure this should count
		/etc/rc.d/wpa_cli start $1
	elif hostapif $1; then
--
	_cfg=1

	if wpaif $1; then
		/etc/rc.d/wpa_cli stop $1
		/etc/rc.d/wpa_supplicant stop $1

/etc/defaults

Following default variables are added to /etc/defaults . See patch

shell> grep -r wpa_cli /etc/defaults/
/etc/defaults/rc.conf:wpa_cli_program="/usr/sbin/wpa_cli"
/etc/defaults/rc.conf:wpa_cli_ctrl_interface="/var/run/wpa_supplicant"
/etc/defaults/rc.conf:wpa_cli_action_file="/root/bin/wpa_action.sh"

DHCP and SYNCDHCP options

When the dhclient is controlled by wpa_cli, ifconfig must by configured in rc.conf to control wpa_supplicant only. Options DHCP and SYNCDHCP would start unwanted additional dhclient.

ifconfig_wlan0="WPA"

As a consequence, service dhclient fails:

shell> /etc/rc.d/dhclient restart wlan0
'wlan0' is not a DHCP-enabled interface
dhclient already running?  (pid=45658).

Instead, use wpa_cli to manually reconfigure the interface

shell> wpa_cli -i wlan0 reconfigure
OK

/etc/rc.d/netif

Then, the service netif starts/restarts and stops both wpa_supplicant and wpa_cli

# ps ax | grep wpa
 4161  -  Ss      0:00.65 /usr/local/sbin/wpa_supplicant -s -B -i wlan0 -c /etc/wpa_supplicant.conf.wlan0 -D bsd -P /var/run/wpa_supplicant/wlan0.pid
 4171  -  Ss      0:00.44 /usr/local/sbin/wpa_cli -B -i wlan0 -P /var/run/wpa_cli/wlan0.pid -p /var/run/wpa_supplicant -a /root/bin/wpa_action.sh

Ansible Lint

Use the configuration file .ansible-lint.local when running ansible-lint. Some rules might be disabled and some warnings might be ignored. See the notes in the configuration file.

shell> ansible-lint -c .ansible-lint.local

References

• hostapd and wpa_supplicant
• Practical rc.d scripting in BSD
• Wireless Advanced Authentication
• Dynamic Host Configuration Protocol (DHCP)

License

Author Information

Vladimir Botka