Get WiFi psk by nmcli on container

westerweerdt · October 18, 2020, 5:17am

I have installed wifi-connect inside the container and configured the WiFi of RPi Zero W successfully.

I want to get the WiFi passphrase of the currently connected AP from the container, but nmcli command is not working:

nmcli -s -g 802-11-wireless-security.psk connection show <SSID>

But I can see <SSID>.nmconnection file at /etc/NetworkManager/system-connections/ directory of the hostOS, which has the psk information I want to get.

How can I read the nmconnection file on hostOS from a container?

rahul-thakoor · October 19, 2020, 7:36am

Hey Wester,

Do you have a single container or multiple containers running in the app?

If it is a multicontainer app, can you make sure you set the container as privileged and also the network mode to host and try again?

westerweerdt · October 19, 2020, 8:45pm

Yeah, multicontainer.
And of course, network mode is host and privileged is true…

phil-d-wilson · October 19, 2020, 9:36pm

Hey there,

I’ve just run the following command in a container:

nmcli -s -f 802-11-wireless-security.psk connection show resin-wifi-01

and got back the passphrase for my connection. I think you can’t specify the SSID, you have to specify the name of the system connection. I also had to issue:

export DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socke

in order to get nmcli to work.

Hope this helps.

Phil

phil-d-wilson · October 19, 2020, 9:38pm

I think it depends on the version of nmcli whether you need to use the -g flag or my -f flag.

westerweerdt · October 20, 2020, 11:53am

Ok, let me try.

Thanks!

westerweerdt · October 20, 2020, 12:36pm

@phil-d-wilson

Hmm, it still doesn’t work…
Here is my docker-compose.yml file:

version: "2.1"

volumes:
    yokoso-data:

services:
    yokoso:
        build: ./yokoso
        network_mode: "host"
        privileged: true
        restart: always
        labels:
            io.balena.features.dbus: '1'
            io.balena.features.kernel-modules: '1'
            io.balena.features.firmware: '1'
            io.balena.features.supervisor-api: '1'
        cap_add:
            - NET_ADMIN
            - SYS_RAWIO
        environment:
            DBUS_SYSTEM_BUS_ADDRESS: "unix:path=/host/run/dbus/system_bus_socket"
        ports:
            - "80:80"
        volumes:
            - 'yokoso-data:/yokoso'

# SSH into the yokoso container:
ubuntu@ubuntu-desktop:~$ sudo balena ssh 192.168.1.115 yokoso
# Check if the environment is set correctly:
root@yokoso:/usr/src/app# printenv | grep DBUS
DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket
# Get connection list:
root@yokoso:/usr/src/app# nmcli -g NAME connection show
resin-sample
supervisor0
# Get psk of `resin-sample`:
root@yokoso:/usr/src/app# nmcli -s -g 802-11-wireless-security.psk connection show resin-sample

root@yokoso:/usr/src/app# nmcli -s -f 802-11-wireless-security.psk connection show resin-sample
802-11-wireless-security.psk:           --
root@yokoso:/usr/src/app# exit
exit
Connection to 192.168.1.115 closed.
# SSH into the hostOS:
ubuntu@ubuntu-desktop:~$ sudo balena ssh 192.168.1.115
Last login: Tue Oct 20 12:33:45 2020 from 192.168.1.103
# Well, it has `resin-wifi`??? instead of `resin-sample`?
root@yokoso:~# ls /etc/NetworkManager/system-connections/
README.ignore  resin-sample.ignore  resin-wifi
root@yokoso:~# ls /mnt/boot/system-connections/
README.ignore  resin-sample.ignore  resin-wifi
root@yokoso:~#

So, resin-wifi is actually used to configure the wifi, but I cannot see it on container? but seeing resin-sample instead?

zvin · October 20, 2020, 1:47pm

What do you see for nmcli connection in the container ?

westerweerdt · October 20, 2020, 9:47pm

See the command result above.
Anyway:

root@yokoso:/usr/src/app# nmcli connection
NAME          UUID                                  TYPE    DEVICE
resin-sample  1669d9b1-30a7-3d20-87ec-aad518cd9e8f  wifi    wlan0
supervisor0   8ff101d3-49f8-480d-b8ff-68d13367b01c  bridge  supervisor0

Well, I am not sure where the resin-sample is?

Thanks!

samothx · October 20, 2020, 9:55pm

Hi Wester,
in contrast what does nmcli connection show when called from the host-os ?

westerweerdt · October 20, 2020, 10:28pm

On hostOS:

root@yokoso:~# nmcli connection show
NAME          UUID                                  TYPE    DEVICE
resin-sample  1669d9b1-30a7-3d20-87ec-aad518cd9e8f  wifi    wlan0
supervisor0   8ff101d3-49f8-480d-b8ff-68d13367b01c  bridge  supervisor0

root@yokoso:~# ls /etc/NetworkManager/system-connections/
README.ignore  resin-sample.ignore  resin-wifi

root@yokoso:~# ls /mnt/boot/system-connections/
README.ignore  resin-sample.ignore  resin-wifi

samothx · October 20, 2020, 10:38pm

Looks like the connection added by wifi-connect (resin-wifi) is not recognized by nmcli independently from where it is called. I am wondering if this will work after a device reboot …

westerweerdt · October 20, 2020, 10:42pm

Well, same after rebooting the device…

root@yokoso:~# cat /etc/os-release
ID="balena-os"
NAME="balenaOS"
VERSION="2.54.2+rev1"
VERSION_ID="2.54.2+rev1"
PRETTY_NAME="balenaOS 2.54.2+rev1"
MACHINE="raspberrypi"
VARIANT="Development"
VARIANT_ID="dev"
META_BALENA_VERSION="2.54.2"
RESIN_BOARD_REV="9117cc6"
META_RESIN_REV="abdd15e"
SLUG="raspberry-pi"

Installed the latest 2.54.2 balenaOS…

samothx · October 20, 2020, 10:54pm

Can you post the contents of your resin-sample.ignore file in /mnt/boot/system-connections ?

westerweerdt · October 20, 2020, 10:54pm

root@yokoso:~# cat /mnt/boot/system-connections/resin-sample.ignore
[connection]
id=resin-sample
type=wifi

[wifi]
hidden=true
mode=infrastructure
ssid=My_Wifi_Ssid

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=super_secret_wifi_password

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

ab77 · October 21, 2020, 12:40am

Hi there, can you please confirm once again, the output of the following from your container:

DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket nmcli c s

westerweerdt · October 21, 2020, 5:21am

Hi, @ab77

root@yokoso:/usr/src/app# DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket nmcli c s
NAME          UUID                                  TYPE    DEVICE
resin-sample  1669d9b1-30a7-3d20-87ec-aad518cd9e8f  wifi    wlan0
supervisor0   15f1b362-7469-4e49-84de-367020f45a65  bridge  supervisor0

This is pretty weird…

rahul-thakoor · October 21, 2020, 6:07am

Hey there
this is pretty weird indeed. Can you please enable support access and share the device UUID with us?

westerweerdt · October 21, 2020, 9:11am

Hmm, it’s a local image without any cloud application installed. So I cannot enable support access…

Let me flash a new image from scratch and try again.

westerweerdt · October 21, 2020, 8:56pm

I figured out!

Just found id=resin-sample in resin-wifi file.

So networkmanager displays the id field instead of the file name.

Thanks!