From b9fafdbea253582da141710ca7dbc85876a1b0dd Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Tue, 28 Nov 2023 05:32:18 +0000 Subject: [PATCH 01/13] openwrt: enable prometheus exporter --- openwrt/configs/common.config | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/openwrt/configs/common.config b/openwrt/configs/common.config index 4403cc8e..26c455a3 100644 --- a/openwrt/configs/common.config +++ b/openwrt/configs/common.config @@ -49,6 +49,10 @@ CONFIG_PACKAGE_libevent2=y CONFIG_PACKAGE_libfastjson=y CONFIG_PACKAGE_libfido2=y CONFIG_PACKAGE_libiperf3=y +CONFIG_PACKAGE_libiwinfo=y +CONFIG_PACKAGE_libiwinfo-data=y +CONFIG_PACKAGE_libiwinfo-lua=y +CONFIG_PACKAGE_liblua=y # CONFIG_PACKAGE_libmnl is not set CONFIG_PACKAGE_libncurses=y # CONFIG_PACKAGE_libnftnl is not set @@ -56,17 +60,27 @@ CONFIG_PACKAGE_libopenssl=y CONFIG_PACKAGE_libpcap=y CONFIG_PACKAGE_libpopt=y CONFIG_PACKAGE_libreadline=y +CONFIG_PACKAGE_libubus-lua=y # CONFIG_PACKAGE_libucode is not set CONFIG_PACKAGE_libudev-zero=y CONFIG_PACKAGE_lldpd=y CONFIG_PACKAGE_logrotate=y +CONFIG_PACKAGE_lua=y +CONFIG_PACKAGE_luasocket=y # CONFIG_PACKAGE_nftables-json is not set CONFIG_PACKAGE_openssh-client=y CONFIG_PACKAGE_openssh-client-utils=y CONFIG_PACKAGE_openssh-keygen=y CONFIG_PACKAGE_openssh-server=y +CONFIG_PACKAGE_prometheus-node-exporter-lua=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-netstat=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-openwrt=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi=y +CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi_stations=y CONFIG_PACKAGE_rsyslog=y CONFIG_PACKAGE_tcpdump=y CONFIG_PACKAGE_terminfo=y # CONFIG_PACKAGE_ucode is not set +CONFIG_PACKAGE_uhttpd=y +CONFIG_PACKAGE_uhttpd-mod-lua=y CONFIG_PACKAGE_zlib=y From 722c5f9c91f71a3eaccab094e652e0a4cb267b56 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Tue, 28 Nov 2023 05:35:39 +0000 Subject: [PATCH 02/13] openwrt: disable busybox logd rsyslog is already being used, this was incorrectly re-enabled after the shuffling of our configs to support the mt7622. --- openwrt/configs/common.config | 1 + 1 file changed, 1 insertion(+) diff --git a/openwrt/configs/common.config b/openwrt/configs/common.config index 26c455a3..b42b12a7 100644 --- a/openwrt/configs/common.config +++ b/openwrt/configs/common.config @@ -3,6 +3,7 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="sha512" # CONFIG_BUSYBOX_CONFIG_FEATURE_PASSWD_WEAK_CHECK is not set CONFIG_BUSYBOX_CONFIG_FEATURE_STAT_FILESYSTEM=y CONFIG_BUSYBOX_CONFIG_FEATURE_STAT_FORMAT=y +# CONFIG_BUSYBOX_CONFIG_LOGGER is not set CONFIG_BUSYBOX_CONFIG_STAT=y CONFIG_LLDPD_WITH_CDP=y CONFIG_LLDPD_WITH_CUSTOM=y From a262c1f255770b66760e59a135fde339eadacb55 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Tue, 28 Nov 2023 06:00:44 +0000 Subject: [PATCH 03/13] openwrt: serverspec test to ensure logd is removed This way we dont have another regression and accidentally find logd installed. --- tests/serverspec/spec/shared/openwrt/init.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/serverspec/spec/shared/openwrt/init.rb b/tests/serverspec/spec/shared/openwrt/init.rb index ea90f16b..70ade425 100644 --- a/tests/serverspec/spec/shared/openwrt/init.rb +++ b/tests/serverspec/spec/shared/openwrt/init.rb @@ -6,7 +6,7 @@ DEFAULT_BINS=["apinger", "awk", "bash", "logrotate", "rsyslogd", "tcpdump"] - REMOVED_BINS=["snmpd", "dropbear"] + REMOVED_BINS=["snmpd", "dropbear", "logd"] DEFAULT_SERVICES=["apinger", "crond", "rsyslogd", "lldpd"] From deff7d5cf323ff6872f352692b6f2493699e100d Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Wed, 10 Jan 2024 08:58:08 +0000 Subject: [PATCH 04/13] openwrt: prometheus listen on mgmt interface --- openwrt/files/etc/config/prometheus-node-exporter-lua | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 openwrt/files/etc/config/prometheus-node-exporter-lua diff --git a/openwrt/files/etc/config/prometheus-node-exporter-lua b/openwrt/files/etc/config/prometheus-node-exporter-lua new file mode 100644 index 00000000..659c9b09 --- /dev/null +++ b/openwrt/files/etc/config/prometheus-node-exporter-lua @@ -0,0 +1,4 @@ +config prometheus-node-exporter-lua 'main' + option listen_interface 'mgmt' + option listen_ipv6 '1' + option listen_port '9100' From 216813d931623f76082ce96cb488bdadf4a9e248 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Wed, 10 Jan 2024 08:58:33 +0000 Subject: [PATCH 05/13] openwrt: disable uhttpd service on start Some pkgs from opkg we require but dont need their default service to start. There isnt a clear way to do this at build time so setting it via rc.local seems to be the most straight forward approach uhttpd is an example of such a service where its need for prometheus but not by itself. --- openwrt/files/etc/rc.local | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openwrt/files/etc/rc.local b/openwrt/files/etc/rc.local index 018486ff..c7f7786a 100644 --- a/openwrt/files/etc/rc.local +++ b/openwrt/files/etc/rc.local @@ -4,6 +4,11 @@ # TODO make this a true service /root/bin/wifi-details.sh >/dev/null 2>/dev/null Date: Wed, 10 Jan 2024 09:06:26 +0000 Subject: [PATCH 06/13] openwrt: init logger over busybox the default busybox logger was erroring: logger: applet not found This could have been due to disabled logd but regardless going to opt to have a full logger via the busybox variant. --- openwrt/configs/common.config | 1 + 1 file changed, 1 insertion(+) diff --git a/openwrt/configs/common.config b/openwrt/configs/common.config index b42b12a7..1ccfae66 100644 --- a/openwrt/configs/common.config +++ b/openwrt/configs/common.config @@ -65,6 +65,7 @@ CONFIG_PACKAGE_libubus-lua=y # CONFIG_PACKAGE_libucode is not set CONFIG_PACKAGE_libudev-zero=y CONFIG_PACKAGE_lldpd=y +CONFIG_PACKAGE_logger=y CONFIG_PACKAGE_logrotate=y CONFIG_PACKAGE_lua=y CONFIG_PACKAGE_luasocket=y From 7ef61079f47de617c96e37f1015ef07f4a431e60 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 03:17:57 +0000 Subject: [PATCH 07/13] openwrt: remove zabbix agent config --- openwrt/files/etc/zabbix_agentd.conf | 24 ------------------------ 1 file changed, 24 deletions(-) delete mode 100644 openwrt/files/etc/zabbix_agentd.conf diff --git a/openwrt/files/etc/zabbix_agentd.conf b/openwrt/files/etc/zabbix_agentd.conf deleted file mode 100644 index 66908cb8..00000000 --- a/openwrt/files/etc/zabbix_agentd.conf +++ /dev/null @@ -1,24 +0,0 @@ -# use syslog -LogType=system -LogFile=no -DebugLevel=3 -MaxLinesPerSecond=1000 -EnableRemoteCommands=1 -AllowRoot=1 - -# Auto-reg -HostMetadata=ap - -# How often list of active checks is refreshed, in seconds. -RefreshActiveChecks=60 - -# List of comma delmited IP addressses of Zabbix servers -Server={{ (datasource "openwrt").zabbix.server }} -ServerActive={{ (datasource "openwrt").zabbix.server }} - -# Number of pre-forked instances of zabbix_agentd that -# process passive checks -StartAgents=1 - -# Include additional config -Include=/etc/zabbix_agentd.conf.d/ From 0819c3fc7fa58feae22dfa63bf3cedff7c2dfe7c Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 03:19:23 +0000 Subject: [PATCH 08/13] openwrt: lldpd listen on all interfaces Removed various other openwrt default config options since many of the lldp-like modes do not apply to our network. location option also didnt seem to show up in my "lldpcli neighbors show detail" output so removing for now. --- openwrt/files/etc/config/lldpd | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/openwrt/files/etc/config/lldpd b/openwrt/files/etc/config/lldpd index 936d9915..92cd6a79 100644 --- a/openwrt/files/etc/config/lldpd +++ b/openwrt/files/etc/config/lldpd @@ -1,17 +1,16 @@ config lldpd config - option enable_cdp 1 - option enable_fdp 1 - option enable_sonmp 1 - option enable_edp 1 + # LLDP frames are link-local frames, do not use any + # network interfaces other than the ones that achieve + # a link with its link partner, and the link partner + # being another networking device. Do not use bridge, + # VLAN, or DSA conduit interfaces. + # + # lldp unable to receive frames on mediatek due to bug + # ref: https://github.com/openwrt/openwrt/issues/13788 - option lldp_class 4 - # TODO make this mean something - option lldp_location "2:FR:6:Commercial Rd:3:Roseville:19:4" + # lldp will default to listening on all interfaces - # if empty, the distribution description is sent - option lldp_description "OpenWrt System" - - # interfaces to listen on - # TODO: This should be dynamic and based on - # yaml config - list interface "eth1" + # Set class of device + option lldp_class 4 + # if empty, the distribution description is sent + option lldp_description "OpenWrt System" From 30607f20561107713ed7e4aeba75a7d76e3f33b3 Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 03:22:19 +0000 Subject: [PATCH 09/13] openwrt: small note about mt7622 upgrade behavior --- openwrt/docs/MT7622.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/openwrt/docs/MT7622.md b/openwrt/docs/MT7622.md index 3f573db5..f2377371 100644 --- a/openwrt/docs/MT7622.md +++ b/openwrt/docs/MT7622.md @@ -24,6 +24,10 @@ 10. Upload the SCaLE latest image: `openwrt-...-mediatek-mt7622-linksys_e8450-ubi-squashfs-sysupgrade.itb`. 12. The device will reboot, it will come up on the mgmt vlan setup +### Upgrading our image + +Immediately after `sysupgrade` the router will close all SSH connections. The power LED will flash, then go solid. The entire flash process is very quick, ~1 minute. + ### UBI Force Recovery Mode Use this section when you have another UBI image on the hardware and you need to get it to accept our image From d2c9cf895fd13e9b96c4340c018acf90cf9924ea Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 07:52:37 +0000 Subject: [PATCH 10/13] serverspec: prometheus exporter and logger test --- tests/serverspec/spec/shared/openwrt/init.rb | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/tests/serverspec/spec/shared/openwrt/init.rb b/tests/serverspec/spec/shared/openwrt/init.rb index 70ade425..139ab9b6 100644 --- a/tests/serverspec/spec/shared/openwrt/init.rb +++ b/tests/serverspec/spec/shared/openwrt/init.rb @@ -8,7 +8,8 @@ REMOVED_BINS=["snmpd", "dropbear", "logd"] - DEFAULT_SERVICES=["apinger", "crond", "rsyslogd", "lldpd"] + DEFAULT_SERVICES=["apinger", "crond", "rsyslogd", "lldpd", + "ntpd" ] DEFAULT_BINS.each do |bin| describe command("which #{bin} 2> /dev/null") do @@ -28,10 +29,26 @@ end end + # make sure uhttpd is actually stopped + describe port(80) do + it { should_not be_listening } + end + + # check for prometheus exporter + describe port(9100) do + it { should be_listening } + end + describe command('rsyslogd -N1') do its(:exit_status) { should eq 0 } end + # make sure logger is actually working since we had + # an issue with busybox logger in the past + describe command('logger "serverspec test msg"') do + its(:exit_status) { should eq 0 } + end + describe file('/root/bin/wifi-details.sh') do it { should exist } it { should be_mode 750 } From 4096a1181fe403483e8e730b52c52c59e781d11c Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 08:05:49 +0000 Subject: [PATCH 11/13] openwrt: logd service disabled --- openwrt/configs/common.config | 1 + 1 file changed, 1 insertion(+) diff --git a/openwrt/configs/common.config b/openwrt/configs/common.config index 1ccfae66..773d9197 100644 --- a/openwrt/configs/common.config +++ b/openwrt/configs/common.config @@ -66,6 +66,7 @@ CONFIG_PACKAGE_libubus-lua=y CONFIG_PACKAGE_libudev-zero=y CONFIG_PACKAGE_lldpd=y CONFIG_PACKAGE_logger=y +# CONFIG_PACKAGE_logd is not set CONFIG_PACKAGE_logrotate=y CONFIG_PACKAGE_lua=y CONFIG_PACKAGE_luasocket=y From 945488ee02b84b708f52c68e46185faaa7607bbc Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 22:39:39 +0000 Subject: [PATCH 12/13] openwrt-golden: make test and update behaviors exclusive --- tests/unit/openwrt/test.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/unit/openwrt/test.sh b/tests/unit/openwrt/test.sh index 5df4fad9..80a6fdf8 100644 --- a/tests/unit/openwrt/test.sh +++ b/tests/unit/openwrt/test.sh @@ -8,7 +8,7 @@ OPTIONS: -h Show this message -o specify output for temporary generated templates -t Target arch to build - -u Update golden templates + -u Update golden templates (no test) EXAMPLES: Run tests for all templates against existing golden files: @@ -52,6 +52,7 @@ gen_templates(){ # Export to support ENV datasource export TARGET=$TARGET export KEYPATH=$KEYPATH + rm -rf "${1}" gomplate -d openwrt=../../../facts/secrets/${TARGET}-openwrt-example.yaml -d keys_dir=${KEYPATH} --input-dir=../../../openwrt/files --output-dir="${1}" if [ -d ../../../openwrt/files-${TARGET} ]; then gomplate -d openwrt=../../../facts/secrets/${TARGET}-openwrt-example.yaml -d keys_dir=${KEYPATH} --input-dir=../../../openwrt/files-${TARGET} --output-dir="${1}" @@ -59,10 +60,9 @@ gen_templates(){ } if [ ${UPDATE} -eq 1 ]; then - rm -rf "golden/${TARGET}" gen_templates "golden/${TARGET}" +else + gen_templates "$TMPLOC" + diff -u -r "golden/${TARGET}" $TMPLOC/ fi -gen_templates "$TMPLOC" - -diff -u -r "golden/${TARGET}" $TMPLOC/ From 0f1646d2ce08b32ab33cb70e8613dcc197decf9d Mon Sep 17 00:00:00 2001 From: Robert James Hernandez Date: Thu, 11 Jan 2024 22:38:04 +0000 Subject: [PATCH 13/13] openwrt-golden: updates to ar71xx output --- .../openwrt/golden/ar71xx/etc/config/lldpd | 27 +++++++++---------- .../etc/config/prometheus-node-exporter-lua | 4 +++ tests/unit/openwrt/golden/ar71xx/etc/rc.local | 5 ++++ .../golden/ar71xx/etc/zabbix_agentd.conf | 24 ----------------- .../golden/ar71xx/root/bin/apinger-pop.sh | 0 .../golden/ar71xx/root/bin/config-version.sh | 0 .../golden/ar71xx/root/bin/wifi-details.sh | 0 7 files changed, 22 insertions(+), 38 deletions(-) create mode 100644 tests/unit/openwrt/golden/ar71xx/etc/config/prometheus-node-exporter-lua delete mode 100644 tests/unit/openwrt/golden/ar71xx/etc/zabbix_agentd.conf mode change 100644 => 100755 tests/unit/openwrt/golden/ar71xx/root/bin/apinger-pop.sh mode change 100644 => 100755 tests/unit/openwrt/golden/ar71xx/root/bin/config-version.sh mode change 100644 => 100755 tests/unit/openwrt/golden/ar71xx/root/bin/wifi-details.sh diff --git a/tests/unit/openwrt/golden/ar71xx/etc/config/lldpd b/tests/unit/openwrt/golden/ar71xx/etc/config/lldpd index 936d9915..92cd6a79 100644 --- a/tests/unit/openwrt/golden/ar71xx/etc/config/lldpd +++ b/tests/unit/openwrt/golden/ar71xx/etc/config/lldpd @@ -1,17 +1,16 @@ config lldpd config - option enable_cdp 1 - option enable_fdp 1 - option enable_sonmp 1 - option enable_edp 1 + # LLDP frames are link-local frames, do not use any + # network interfaces other than the ones that achieve + # a link with its link partner, and the link partner + # being another networking device. Do not use bridge, + # VLAN, or DSA conduit interfaces. + # + # lldp unable to receive frames on mediatek due to bug + # ref: https://github.com/openwrt/openwrt/issues/13788 - option lldp_class 4 - # TODO make this mean something - option lldp_location "2:FR:6:Commercial Rd:3:Roseville:19:4" + # lldp will default to listening on all interfaces - # if empty, the distribution description is sent - option lldp_description "OpenWrt System" - - # interfaces to listen on - # TODO: This should be dynamic and based on - # yaml config - list interface "eth1" + # Set class of device + option lldp_class 4 + # if empty, the distribution description is sent + option lldp_description "OpenWrt System" diff --git a/tests/unit/openwrt/golden/ar71xx/etc/config/prometheus-node-exporter-lua b/tests/unit/openwrt/golden/ar71xx/etc/config/prometheus-node-exporter-lua new file mode 100644 index 00000000..659c9b09 --- /dev/null +++ b/tests/unit/openwrt/golden/ar71xx/etc/config/prometheus-node-exporter-lua @@ -0,0 +1,4 @@ +config prometheus-node-exporter-lua 'main' + option listen_interface 'mgmt' + option listen_ipv6 '1' + option listen_port '9100' diff --git a/tests/unit/openwrt/golden/ar71xx/etc/rc.local b/tests/unit/openwrt/golden/ar71xx/etc/rc.local index 018486ff..c7f7786a 100644 --- a/tests/unit/openwrt/golden/ar71xx/etc/rc.local +++ b/tests/unit/openwrt/golden/ar71xx/etc/rc.local @@ -4,6 +4,11 @@ # TODO make this a true service /root/bin/wifi-details.sh >/dev/null 2>/dev/null