Not able to edit "WPA_Supplicant" as root - READ Only file

Product support balenaOS
1

I am ssh to the host os as root and trying to edit wpa_supllicant.conf but it says rad-only file. How can I edit the file to add more ssid ?

TIA,
Amit

4

Hi,

I think the general idea is to use the System Connections from NetworkManager for more wifi connections. See here for an example.

You can add these in your boot partition (/mnt/boot/system-connections in HostOS).
It may also be necessary to copy them to the state partition (/mnt/state/root-overlay/etc/NetworkManager/system-connections).

If you really need to edit stuff in the HostOS yourself, you can always try a mount -o remount,rw / to make the filesystem writable, but this also allows you to properly break things.

6

Hi Balenaforums,

I made changes in “resin-sample” file in both location. Mentioned my ssid and psk. At the same time edited the /etc/wpa_supplicant.conf file with the same credential. Also a reboot. but still wla0 is disconencted.

root@ecc3a34:/mnt/state/root-overlay/etc/NetworkManager/system-connections# nmcli d
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected Wired connection 1
supervisor0 bridge connected supervisor0
wlan0 wifi disconnected –

7

Also I do not see a config for wlan0 interface in runtime :Like one I have for wired

root@ecc3a34:/var/run/NetworkManager/system-connections# ls -l
total 8
-rw------- 1 root root 337 Feb 11 20:00 Wired connection 1.nmconnection
-rw------- 1 root root 389 Feb 11 20:00 supervisor0.nmconnection

8

Further debug shows following error -

root@ecc3a34:/var/run/NetworkManager/system-connections# systemctl status wpa_supplicant | cat
● wpa_supplicant.service - WPA supplicant
Loaded: loaded (/lib/systemd/system/wpa_supplicant.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2021-02-11 20:00:09 UTC; 55min ago
Main PID: 1561 (wpa_supplicant)
Tasks: 1 (limit: 1615)
Memory: 2.5M
CGroup: /system.slice/wpa_supplicant.service
└─1561 /usr/sbin/wpa_supplicant -u

Feb 11 20:00:09 ecc3a34 wpa_supplicant[1561]: Successfully initialized wpa_supplicant
Feb 11 20:00:09 ecc3a34 wpa_supplicant[1561]: Libgcrypt warning: missing initialization - please fix the application
Feb 11 20:27:28 ecc3a34 wpa_supplicant[1561]: wlan0: Reject scan trigger since one is already pending
Feb 11 20:32:44 ecc3a34 wpa_supplicant[1561]: wlan0: Reject scan trigger since one is already pending
Feb 11 20:38:00 ecc3a34 wpa_supplicant[1561]: wlan0: Reject scan trigger since one is already pending
Feb 11 20:43:16 ecc3a34 wpa_supplicant[1561]: wlan0: Reject scan trigger since one is already pending
Feb 11 20:49:00 ecc3a34 wpa_supplicant[1561]: wlan0: Reject scan trigger since one is already pending

9

root@ecc3a34:/var/run/NetworkManager/system-connections# systemctl status wpa_supplicant-nl80211@wlan0 | cat
● wpa_supplicant-nl80211@wlan0.service - WPA supplicant daemon (interface- and nl80211 driver-specific version)
Loaded: loaded (/lib/systemd/system/wpa_supplicant-nl80211@.service; disabled; vendor preset: disabled)
Active: inactive (dead)
root@ecc3a34:/var/run/NetworkManager/system-connections#

10

Hi,

I just checked with a local test device using the first example I linked to with my own SSID and password.
The connection won’t show up in /var/run/NetworkManager/system-connections.
However, it does show in /etc/NetworkManager/system-connections and if I run nmcli c it also shows up.
You should also be able to see relevant logging using journalctl -u wpa_supplicant* -u NetworkManager

Regarding the logging, I also see Libgcrypt warning: missing initialization - please fix the application, but I do not see the wlan0: Reject scan trigger since one is already pending messages.
Could it be you are trying to connect to the same SSID multiple times or from different sources?

11

Thanks TJ,

As you mentioned, The connection won’t show up in /var/run/NetworkManager/system-connections.
However, it does show in /etc/NetworkManager/system-connections.

#“nmcli c” does not show wlan0 interface. “nmcli -t” does and it is in a disconnected state. I am little confused here since it does not look like a debian distro, how to work with wireless interface - wpa_supplicant.conf is available and even if I create a new file and start the service still disconnected.

Thanks,
Amit

13

Thanks TJ for your help. I understand the wireless in BalenaOS better now. Here is the complete summary and tshoot steps. What I was doing wrong is trying to work with wpa_supplicant where as wifi config is handled differently in BalenaOS. Here a short write up to close the thread.

Initial state :

root@secret:~# nmcli c
NAME UUID TYPE DEVICE
Wired connection 1 c84aa153-db05-3955-bd54-428fcdd30a86 ethernet eth0
supervisor0 c58b2e92-586b-4eef-9724-2fe9d01a2b6e bridge supervisor0
!
#nmcli - t
wlan0: disconnected
“wlan0”
wifi (brcmfmac), A2:8C:9B:EB:55:12, hw, mtu 1500
!

Tshoot steps:

ip link set wlan0 down
ip link set wlan0 up

! above two command did not help in any new relevant log

root@secret:~#nmcli connection reload
! above command forced system to re-read the file and generated useful logs shown below.

Error from log:
Feb 12 15:49:36 secret NetworkManager[1474]: [1613144976.3304] keyfile: load: “/etc/NetworkManager/system-connections/resin-sample”: failed to load connection: Key file contains line “on]” which is not a key-value pair, group, or comment
!
! above log indicate that the Wifi config file “resin-sample” at two location - “/mnt/boot/system-connections” and “/etc/NetworkManager/system-connections” has syntax errors.
! used “mount -o remount,rw /” to enale edit to READ-Only file - resin-sample and fixed the syntax error. again perform “nmcli connection reload”. Tail the Network Manager logs.
! Log shows that wlan0 now active and connected - device (wlan0): Activation: successful, device activated

journalctl -u wpa_supplicant* -u NetworkManager -f

Feb 12 15:56:39 secret NetworkManager[1474]: [1613145399.9323] audit: op=“connections-reload” pid=31769 uid=0 result=“success”
Feb 12 15:56:39 secret NetworkManager[1474]: [1613145399.9336] policy: auto-activating connection ‘balena-wifi’ (bcb05b81-52cb-3828-8088-c0f55e950375)
Feb 12 15:56:39 secret NetworkManager[1474]: [1613145399.9382] device (wlan0): Activation: starting connection ‘balena-wifi’ (bcb05b81-52cb-3828-8088-c0f55e950375)
Feb 12 15:56:39 secret NetworkManager[1474]: [1613145399.9389] device (wlan0): state change: disconnected → prepare (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.4905] device (wlan0): set-hw-addr: reset MAC address to B8:27:EB:4B:2B:7A (preserve)
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5222] device (wlan0): supplicant interface state: inactive → disabled
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5227] device (wlan0): supplicant interface state: disabled → inactive
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5235] device (wlan0): state change: prepare → config (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5255] device (wlan0): Activation: (wifi) access point ‘balena-wifi’ has security, but secrets are required.
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5256] device (wlan0): state change: config → need-auth (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5420] device (wlan0): state change: need-auth → prepare (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5440] device (wlan0): state change: prepare → config (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5461] device (wlan0): Activation: (wifi) connection ‘balena-wifi’ has security, and secrets exist. No new secrets needed.
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5464] Config: added ‘ssid’ value ‘Akshu729’
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5465] Config: added ‘scan_ssid’ value ‘1’
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5465] Config: added ‘bgscan’ value ‘simple:30:-80:86400’
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5467] Config: added ‘key_mgmt’ value ‘WPA-PSK’
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5468] Config: added ‘auth_alg’ value ‘OPEN’
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.5468] Config: added ‘psk’ value ‘’
Feb 12 15:56:40 secret NetworkManager[1474]: [1613145400.7082] device (wlan0): supplicant interface state: inactive → scanning
Feb 12 15:56:41 secret wpa_supplicant[30644]: wlan0: Trying to associate with SSID ‘Akshu729’
Feb 12 15:56:41 secret NetworkManager[1474]: [1613145401.2433] device (wlan0): supplicant interface state: scanning → associating
Feb 12 15:56:41 secret wpa_supplicant[30644]: wlan0: Associated with c8:08:73:08:da:b8
Feb 12 15:56:41 secret wpa_supplicant[30644]: wlan0: CTRL-EVENT-CONNECTED - Connection to c8:08:73:08:da:b8 completed [id=0 id_str=]
Feb 12 15:56:41 secret wpa_supplicant[30644]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Feb 12 15:56:41 secret wpa_supplicant[30644]: wlan0: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US
Feb 12 15:56:41 secret NetworkManager[1474]: [1613145401.8164] device (wlan0): supplicant interface state: associating → completed
Feb 12 15:56:41 secret NetworkManager[1474]: [1613145401.8166] device (wlan0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network “Akshu729”
Feb 12 15:56:41 secret NetworkManager[1474]: [1613145401.8185] device (wlan0): state change: config → ip-config (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:41 secret NetworkManager[1474]: [1613145401.8269] dhcp4 (wlan0): activation: beginning transaction (no timeout)
Feb 12 15:56:42 secret NetworkManager[1474]: [1613145402.9786] dhcp6 (wlan0): activation: beginning transaction (timeout in 45 seconds)
Feb 12 15:56:44 secret NetworkManager[1474]: [1613145404.0761] dhcp4 (wlan0): state changed unknown → bound
Feb 12 15:56:44 secret NetworkManager[1474]: [1613145404.0921] device (wlan0): state change: ip-config → ip-check (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:44 secret NetworkManager[1474]: [1613145404.1610] device (wlan0): state change: ip-check → secondaries (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:44 secret NetworkManager[1474]: [1613145404.1624] device (wlan0): state change: secondaries → activated (reason ‘none’, sys-iface-state: ‘managed’)
Feb 12 15:56:44 secret NetworkManager[1474]: [1613145404.1882] dns-mgr: Writing DNS information to /sbin/resolvconf
Feb 12 15:56:44 secret NetworkManager[1474]: [1613145404.2387] device (wlan0): Activation: successful, device activated.

verification:

root@secret:~# ip a | grep wlan
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel qlen 1000
inet 192.168.1.143/24 brd 192.168.1.255 scope global dynamic wlan0
root@secret:~#
root@secret:~#
root@secret:~#
root@secret:~# nmcli c
NAME UUID TYPE DEVICE
Wired connection 1 c84aa153-db05-3955-bd54-428fcdd30a86 ethernet eth0
balena-wifi bcb05b81-52cb-3828-8088-c0f55e950375 wifi wlan0
supervisor0 c58b2e92-586b-4eef-9724-2fe9d01a2b6e bridge supervisor0

15

Hi,

Glad to hear it’s working now and nice write up.

17

Hi TJ,

One more thing, as I have wifi interface available I disconnected the ethernet and tryinh to connect to pi hole ui via http:// but it says connection refused on port 80.

TCP-Socket$curl -v 192.168.1.151

  • Rebuilt URL to: 192.168.1.151/
  • Trying 192.168.1.151…
  • TCP_NODELAY set
  • Connection failed
  • connect to 192.168.1.151 port 80 failed: Connection refused
  • Failed to connect to 192.168.1.151 port 80: Connection refused

Any idea why it is not listening on port 80 on wifi interface ?

Thanks,
Amit

18

Hi Amit,

I am not very familiar with pihole, so I cannot say for certain what’s going wrong.
Have you tried looking on the device which port it is listening to?
netstat -pln should give a list of active servers.
I often use socat or netcat to test my connections, just spin up a server on a port and see if you can connect to that.
That way, I can ensure the traffic is coming through without having to worry about whether or not the service I actually want is configured properly.

Hope this helps.

19

Hey,

Actually I made this check earlier, with wired and wireless and what I found that only when I have wired connection, Balena host start to LISTEN on port 80. I see this from Balena host CLI not Pi Hole console, so not sure who is responsible for this behavior.

root@ecc3a34:~# netstat -tnla
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:4711 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

root@ecc3a34:~# netstat -tanl
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.2:53 0.0.0.0:* LISTEN
tcp 0 0 10.114.102.1:53 0.0.0.0:* LISTEN

20

Once again, I am not familiar with the project you’re working on, so I am mostly guessing at this point.
It might help if you can point us to the actual project you are trying to do.

In this article about pi-hole with balena, I do see some environment variables relating to the network interfaces.
Assuming you are following this or a similar setup, have you tried changing those from eth0 to wlan0?

22

Hi TJ,
I am sorry for asking this without spending much time reading Pi-hole documentation. SO it was fairly easy as I changed the interface and DNSMASQ to wlan interface. All sorted.

Thanks,
Amit