Using Webmin to Setup Networking - No Effect

Having issues? Post them here, and help other users.
Post Reply
kevinds
Junior Member
Posts: 23
Joined: Thu Jul 13, 2017 5:11 pm

Using Webmin to Setup Networking - No Effect

Post by kevinds »

Howdy,

I am trying to use Webmin to setup static IPs, both IPv4 and IPv6.  The changes simply don't take effect.

Complete steps to produce, a lot of these are my 'standard' setup on a new install so can be skipped, but I'm going for completeness in case something I am doing it breaking it.  haha  I don't think so, but I try really hard not to assume things.

Write NEMS to the MicroSD card,

Code: Select all

echo 1 > /proc/sys/kernel/sysrq
    
curl -L http://www.baldnerd.com/downloads/nems/NEMS_v1.2.1.zip | funzip | dd bs=4M of=/dev/mmcblk0

echo b > /proc/sysrq-trigger
Login to the pi account with SSH

Code: Select all

ssh-keygen

echo "ssh-rsa AAAA [SNIP] Pgw== " >>  .ssh/authorized_keys

passwd

sudo su -

ssh-keygen

echo "ssh-rsa AAAA [SNIP] Pgw== " >>  .ssh/authorized_keys

cp /home/pi/.bashrc ~/

passwd

exit

sudo nems-init

[Reboots from the nems-init]

sudo nems-upgrade

[Reboot]

What they do..
1.  Sets up a private-public RSA key for SSH for the pi user
2.  Adds my RSA public key to use with password-less CLI login
3.  Change pi account password
4.  Switches to the root account
5.  Sets up the RSA keypair for the root account
6.  Adds my RSA key for password-less root login
7.  Copies the .bashrc from the Pi account for CLI colours and such
8.  Sets a password for the root account
9.  Back to Pi account
10. Sets up NEMS
11. Upgrades NEMS to newest version.

Then I log into Webmin with the Pi account.

Networking > Network Configuration

Network Interfaces > Activated at Boot

eth0

IPv4 Addresses - Static Configuration >
        IPv4 address    192.168.1.4
        Netmask        255.255.255.0
        Broadcast    Automatic
        
IPv6 Addresses - Static Configuration
        IPv6 Address    2001:a:a:a::c:4
        Netmask        64
        
Save

Return to Network Configuration

Routing and Gateways

Default Router    - Gateway  192.168.1.1  eth0
Default IPv6 router - Gateway    2001:a:a:a::1

Hostname and DNS Client

Hostname  NEMS.local

Resolution Order shows:

Code: Select all

files mdns4_minimal [NOTFOUND=return] dns
I leave it alone.

DNS servers show the two DNS servers from DHCP, so I add 2001:a:a:a::c:2

Search Domains - Listed
    local

Save

Hostname and DNS Client

DNS Servers
add 2001:a:a:a::c:3

Save

Now I flip back to the CLI, Pi account or root account
sudo reboot / reboot



After Reboot

Code: Select all

root@Oracle:~ # ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.117  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::7ebb:4571:1afc:4dc6  prefixlen 64  scopeid 0x20<link>
        inet6 2001:a:a:a:a:a:a:7584  prefixlen 64  scopeid 0x0<global>
        ether c7:ed:9a:4a:7f:cd  txqueuelen 1000  (Ethernet)
        RX packets 367  bytes 45728 (44.6 KiB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 345  bytes 45374 (44.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: Using Webmin to Setup Networking - No Effect

Post by Robbie Ferguson »

Hi there,
I use my DHCP server to assign the reservations, so I have not tried using Webmin for this. I do not like setting static IP's on my devices: IMHO, this is best to be controlled by DHCP reservations on your network's DHCP server.

That said, I know not everyone agrees with all my decisions (just ask my wife - lol!) - so.... I'm guessing Webmin is not setup to use dhcpcd, but is probably using the old /etc/network/interfaces method. If you want to revert to using /etc/network/interfaces as normal, you can tell dhcpcd to ignore your eth0 interface by adding denyinterfaces eth0 to the tail of /etc/dhcpd.conf. For example:

Code: Select all

echo "denyinterfaces eth0" >> /etc/dhcpcd.conf

Then, a quick reboot, just to be sure. If you lose networking/access to your Pi, just plug it into a TV and keyboard and remove that line from /etc/dhcpcd.conf to undo.

Side note, in your steps you are manually setting the pi password. That's fine (and good practice) but nems-init automatically forces you to change it, so the step is redundant. I also like that you're setting a different password for the root shell, and may consider adding that to nems-init. I'd really like to see you compare the md5sum before 'burning' your downloaded image. Your method is slick, but could be improved by confirming a successful download before burning.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
kevinds
Junior Member
Posts: 23
Joined: Thu Jul 13, 2017 5:11 pm

RE: Using Webmin to Setup Networking - No Effect

Post by kevinds »

Robbie Ferguson wrote:

Code: Select all

echo "denyinterfaces eth0" >> /etc/dhcpcd.conf

Then, a quick reboot, just to be sure. If you lose networking/access to your Pi, just plug it into a TV and keyboard and remove that line from /etc/dhcpcd.conf to undo.

 I'd really like to see you compare the md5sum before 'burning' your downloaded image. Your method is slick, but could be improved by confirming a successful download before burning.
Yes, after rebooting, it broke the network.

could be improved by confirming a successful download before burning.

'Slick' is the goal!  Lots of Google-Fu was involved most of it was already on another page.  I'm open to suggestions on how to improve it.  I've tried breaking it, a corrupt download stopped in the unzipping process.  If the file unzips, it writes it, if there is corruption that causes the unzip to error, then it stops.

Which MitM may work, at that point they'd be able to spoof the md5sum on your webserver too.

Thinking checking the md5sum after curl and before funzip would be the best place to do this, I'm haven't figured out the correct commands to use to generate and then compare the hashes.  While keeping the command simple, so this will work for now.

So this works well for now.  The bigger issue is using this with the Raspbian images..  lol SSH disabled on boot..  There is a work-around for that  though  ; ;)

Any other ideas on the Webmin setting the network settings?  I can not find proper documentation for dhcpcd  :(
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: Using Webmin to Setup Networking - No Effect

Post by Robbie Ferguson »

All you did by echoing that to the conf is tell dhcpcd to ignore eth0 and allow it to operate as normal. So now, you have to configure your /etc/network/interfaces like an old-school boss! :) Or, try using the Webmin interface now and save the settings from there, and reboot. Since dhcpcd is now ignoring the eth0 interface, your settings should [hypothetically] work. Again, I would prefer not to do it this way (use DHCP reservations instead!) so it's untested.

I can do some testing over the weekend if you still haven't got it.

On another note... when you pipe (|) you are proceeding regardless of success or failure.

Your command:

Code: Select all

curl -L http://www.baldnerd.com/downloads/nems/NEMS_v1.2.1.zip | funzip | dd bs=4M of=/dev/mmcblk0
This is saying:
  1. Download the NEMS 1.2.1 file.
  2. Unzip it, regardless of whether the file successfully downloaded or the MD5 sum matches.
  3. DD it to my SD card regardless of whether the file successfully downloaded or the MD5 sum matches or the file was succesfully unzipped.
As you can see, this offers a lot of room for error which is not being caught.

Here is a very verbose, quick (and un-tested) example of how you might do this differently (with error handling):

Code: Select all

curl https://www.baldnerd.com/downloads/nems/NEMS_v1.2.1.zip > /tmp/nems.zip
if [ -f /tmp/nems.zip ]; then
 mkdir /tmp/nems && cd /tmp/nems
 unzip ../nems.zip
 if [ -f /tmp/nems/NEMS_v1.2.1.img ]; then
   md51=$(md5sum < NEMS_v1.2.1.img | cut -d\  -f1)
   wget -q https://www.baldnerd.com/downloads/nems/NEMS_v1.2.1.img.md5
   md52=$(cat < NEMS_v1.2.1.img.md5 | cut -d\  -f1)
   if cmp --silent "$md51" "$md52"; then
     dd bs=4M if=/tmp/nems/NEMS_v1.2.1.img of=/dev/mmcblk0
   fi
 fi
fi
You could throw in some "else" statements to echo errors like "MD5 didn't match" or the like... but at least this concept should verify your files.

Also, you'll note I switched the URL to https because as you say, we don't want MITM. I also removed -L for this reason. I doubt that could be exploited via https, but since I know I won't be adding 301 redirects to the NEMS image files, best to hard link.

Cheers.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
kevinds
Junior Member
Posts: 23
Joined: Thu Jul 13, 2017 5:11 pm

RE: Using Webmin to Setup Networking - No Effect

Post by kevinds »

Yes, I had /etc/network/interfaces configured.

I have to disagree that DHCP is best.. Yes, I have majority of the devices here on DHCP, including some reservations, but just setting the IPs statically is a lot simpler for many devices. At the basic level, if the DHCP server goes crazy for some reason, I can still get into the other machines to fix it (when it is running in a VM). Really for this I could use DHCP for the IPv4, but IPv6 not so much. Lastly, it is easier not to see the DHCP traffic/logs from static devices.

Do you have a full/complete manual for dhcpcd? I've been searching, but I have not found anything even close yet.

If Webmin is there, using it to manage the OS makes sense.. As you said in another place, text is not recommended for NEMS, use the GUIs for configuration.

Your edit to what I've been using to write the images is interesting.. So far I've been using it because my Pi is easier to use remotely only, if it writes a corrupt image, I have to go get it to reimage it, so really, no time is lost. Only saved when it does work. There are also people with their Pi in a hosted/colo data center.. Which is where I grabbed it to begin with. I didn't like the idea of using dd from a file saved on the memory that I was overwriting.

Might need to change to a script, rather than a couple commands, I set the -L to be more flexible on other servers. I copied the link from http://www.baldnerd.com/nems/ the Direct-Download button is HTTP
Last edited by kevinds on Fri Jul 21, 2017 6:27 pm, edited 1 time in total.
User avatar
Robbie Ferguson
Posting Freak
Posts: 835
Joined: Wed Mar 07, 2012 3:23 pm
Location: Ontario, Canada
Contact:

RE: Using Webmin to Setup Networking - No Effect

Post by Robbie Ferguson »

Hi kevinds,
Yes, you're right. I need to take more time to tweak tools like Webmin. As it is, they were just added (v1.2) so are fairly young features. My focus with 1.2 has been on stability, performance, migration and feature set. 1.3 will be more of a "tweak and optimize" release.

It really helps me to know use cases. For example, knowing you've attempted to use Webmin to configure networking (and failed) tells me this is something I need to work on, specifically. When I upgraded NEMS to Stretch, we lost WiFi because the Stretch firmware drivers for the Pi WiFi chip were broken. So 1.2.1 came out to fix that. Similarly, I will add your needs to the to-do list and work this out for an upcoming release. Since NEMS now supports rolling releases, I may just roll out the fix to your Pi in an incremental release (1.2.3 is coming fairly soon, and 1.3 is scheduled for this fall).

For dhcpcd man pages, I see a man page here: http://www.phystech.com/download/dhcpcd_man.html

Will make sure to have this working for you within the next release or two.
Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
kevinds
Junior Member
Posts: 23
Joined: Thu Jul 13, 2017 5:11 pm

RE: Using Webmin to Setup Networking - No Effect

Post by kevinds »

Robbie Ferguson wrote: For dhcpcd man pages, I see a man page here: http://www.phystech.com/download/dhcpcd_man.html

Will make sure to have this working for you within the next release or two.
Yes, I've seen that man page, but for example denyinterfaces isn't mentioned at all.

Otherwise, sounds good, I look forward to it.

Side Question:  Your rolling-releases/updates, does this mean you are not going to be releasing new images with the updates included?  Have to install the old versions and then update?
Post Reply