Get WiFi psk by nmcli on container

I have installed wifi-connect inside the container and configured the WiFi of RPi Zero W successfully.

I want to get the WiFi passphrase of the currently connected AP from the container, but nmcli command is not working:

nmcli -s -g 802-11-wireless-security.psk connection show <SSID>

But I can see <SSID>.nmconnection file at /etc/NetworkManager/system-connections/ directory of the hostOS, which has the psk information I want to get.

How can I read the nmconnection file on hostOS from a container?

Hey Wester,

Do you have a single container or multiple containers running in the app?

If it is a multicontainer app, can you make sure you set the container as privileged and also the network mode to host and try again?

Yeah, multicontainer.
And of course, network mode is host and privileged is true…

Hey there,

I’ve just run the following command in a container:

nmcli -s -f 802-11-wireless-security.psk connection show resin-wifi-01 

and got back the passphrase for my connection. I think you can’t specify the SSID, you have to specify the name of the system connection. I also had to issue:

export DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socke

in order to get nmcli to work.

Hope this helps.

Phil

I think it depends on the version of nmcli whether you need to use the -g flag or my -f flag.

Ok, let me try.

Thanks!

@phil-d-wilson

Hmm, it still doesn’t work…
Here is my docker-compose.yml file:

version: "2.1"

volumes:
    yokoso-data:

services:
    yokoso:
        build: ./yokoso
        network_mode: "host"
        privileged: true
        restart: always
        labels:
            io.balena.features.dbus: '1'
            io.balena.features.kernel-modules: '1'
            io.balena.features.firmware: '1'
            io.balena.features.supervisor-api: '1'
        cap_add:
            - NET_ADMIN
            - SYS_RAWIO
        environment:
            DBUS_SYSTEM_BUS_ADDRESS: "unix:path=/host/run/dbus/system_bus_socket"
        ports:
            - "80:80"
        volumes:
            - 'yokoso-data:/yokoso'

# SSH into the yokoso container:
ubuntu@ubuntu-desktop:~$ sudo balena ssh 192.168.1.115 yokoso
# Check if the environment is set correctly:
root@yokoso:/usr/src/app# printenv | grep DBUS
DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket
# Get connection list:
root@yokoso:/usr/src/app# nmcli -g NAME connection show
resin-sample
supervisor0
# Get psk of `resin-sample`:
root@yokoso:/usr/src/app# nmcli -s -g 802-11-wireless-security.psk connection show resin-sample

root@yokoso:/usr/src/app# nmcli -s -f 802-11-wireless-security.psk connection show resin-sample
802-11-wireless-security.psk:           --
root@yokoso:/usr/src/app# exit
exit
Connection to 192.168.1.115 closed.
# SSH into the hostOS:
ubuntu@ubuntu-desktop:~$ sudo balena ssh 192.168.1.115
Last login: Tue Oct 20 12:33:45 2020 from 192.168.1.103
# Well, it has `resin-wifi`??? instead of `resin-sample`?
root@yokoso:~# ls /etc/NetworkManager/system-connections/
README.ignore  resin-sample.ignore  resin-wifi
root@yokoso:~# ls /mnt/boot/system-connections/
README.ignore  resin-sample.ignore  resin-wifi
root@yokoso:~#

So, resin-wifi is actually used to configure the wifi, but I cannot see it on container? but seeing resin-sample instead?

What do you see for nmcli connection in the container ?

See the command result above.
Anyway:

root@yokoso:/usr/src/app# nmcli connection
NAME          UUID                                  TYPE    DEVICE
resin-sample  1669d9b1-30a7-3d20-87ec-aad518cd9e8f  wifi    wlan0
supervisor0   8ff101d3-49f8-480d-b8ff-68d13367b01c  bridge  supervisor0

Well, I am not sure where the resin-sample is?

Thanks!

Hi Wester,
in contrast what does nmcli connection show when called from the host-os ?

On hostOS:

root@yokoso:~# nmcli connection show
NAME          UUID                                  TYPE    DEVICE
resin-sample  1669d9b1-30a7-3d20-87ec-aad518cd9e8f  wifi    wlan0
supervisor0   8ff101d3-49f8-480d-b8ff-68d13367b01c  bridge  supervisor0

root@yokoso:~# ls /etc/NetworkManager/system-connections/
README.ignore  resin-sample.ignore  resin-wifi

root@yokoso:~# ls /mnt/boot/system-connections/
README.ignore  resin-sample.ignore  resin-wifi

Looks like the connection added by wifi-connect (resin-wifi) is not recognized by nmcli independently from where it is called. I am wondering if this will work after a device reboot …

Well, same after rebooting the device…

root@yokoso:~# cat /etc/os-release
ID="balena-os"
NAME="balenaOS"
VERSION="2.54.2+rev1"
VERSION_ID="2.54.2+rev1"
PRETTY_NAME="balenaOS 2.54.2+rev1"
MACHINE="raspberrypi"
VARIANT="Development"
VARIANT_ID="dev"
META_BALENA_VERSION="2.54.2"
RESIN_BOARD_REV="9117cc6"
META_RESIN_REV="abdd15e"
SLUG="raspberry-pi"

Installed the latest 2.54.2 balenaOS…

Can you post the contents of your resin-sample.ignore file in /mnt/boot/system-connections ?

root@yokoso:~# cat /mnt/boot/system-connections/resin-sample.ignore
[connection]
id=resin-sample
type=wifi

[wifi]
hidden=true
mode=infrastructure
ssid=My_Wifi_Ssid

[wifi-security]
auth-alg=open
key-mgmt=wpa-psk
psk=super_secret_wifi_password

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

Hi there, can you please confirm once again, the output of the following from your container:

DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket nmcli c s

Hi, @ab77

root@yokoso:/usr/src/app# DBUS_SYSTEM_BUS_ADDRESS=unix:path=/host/run/dbus/system_bus_socket nmcli c s
NAME          UUID                                  TYPE    DEVICE
resin-sample  1669d9b1-30a7-3d20-87ec-aad518cd9e8f  wifi    wlan0
supervisor0   15f1b362-7469-4e49-84de-367020f45a65  bridge  supervisor0

This is pretty weird…

Hey there
this is pretty weird indeed. Can you please enable support access and share the device UUID with us?

Hmm, it’s a local image without any cloud application installed. So I cannot enable support access…

Let me flash a new image from scratch and try again.

I figured out!

Just found id=resin-sample in resin-wifi file.

So networkmanager displays the id field instead of the file name.

Thanks!