Add support for Airos in OpenWISP2

[edoput]

This PR is now closed as the work has been included in an external package, netjsonconfig-airos and will be available from the next release (v0.6.3)

this is the airos v8.3 backend as of today

• tests are ok for both python2 and python3

I will go on with squashing commits where possible to keep size down

Another important things to do is to implement the backward_conversion for the radio converter as of now the radio configuration values are mostly hardware dependents. This may be superseded by an approach where the user writes a very verbose netjson with lots of additional values for the radio object.

[nemesifier]

At the moment I limited myself to style issues which are usually the first thing noticed when reviewing.

Please see my inline comments, fix the flake8/isort issues and update the PR.
In the meanwhile I'll test with an ubiquiti PowerBeam AC feed.

Fed

[nemesifier]

could you please add a dot . at the end of the line?

[nemesifier]

missing dot at end of the line

[nemesifier]

maybe a colon : at the end of the line?

[nemesifier]

missing dot at end of the line

[nemesifier]

missing a colon : at the end of the line?

[nemesifier]

I don't like the name of the file, can we find a more professional name?

[nemesifier]

extra blank lines everywhere! :-D :-P

[nemesifier]

check spaces

[nemesifier]

at least this one you may remove it :-P

[nemesifier]

check spaces

[nemesifier]

why not on a single line? :-)

[edoput]

because I'm mad and I REALLY LOVE my enter key

[nemesifier]

you can remove this line too, it's not needed here.

[coveralls]

Coverage decreased (-3.2%) to 96.737% when pulling 7c8e27b on airos into a37cdea on master.

[nemesifier]

Great progress! 👍

As a side note among other things, try to get higher test coverage

[nemesifier]

More inline feedback

[nemesifier]

what about a more compact version:

base['flowcontrol'] = {
    'rx': {'status': 'enabled'},
    'tx': {'status': 'enabled'},
}

[nemesifier]

wouldn't an explicit declaration be more compact and readable? Eg:

temp['autoip'] = {'status': 'enabled'}

[nemesifier]

you can take this from general.maintainer, see http://netjson.org/rfc.html#general1

[nemesifier]

we may add general.location to NetJSON in the near future, take this value from there.

[nemesifier]

indentation looks wrong here

[nemesifier]

remove blank line

[nemesifier]

remove these dots because they are not being recognized as JSON

[nemesifier]

Should be AirOs here and on the rest of the document

[nemesifier]

hey @edoput I think you forgot this one

[nemesifier]

keep only the python example, having both is redundant and doesn't help the user much

[nemesifier]

it looks like 8 spaces indentation to me, can you check?

[nemesifier]

we'll need to implement this soon, it shouldn't have priority right now but we will have to do it in the 3rd phase

[nemesifier]

Here's some more detailed feedback on the configuration front.

I'm testing a configuration I downloaded from a production device and I'm comparing it with a config
I am generating with netjsonconfig.

The NetJSON I am using is:

{
    "general":{
        "hostname": "PBPomeziaDiegoApriliana",
        "timezone": "Europe/Rome"
    },
    "gui": {
        "language": "en_US"
    },
    "netmode": "bridge",
    "interfaces": [
        {
            "name": "ath0",
            "type": "wireless",
            "wireless": {
                "radio": "ath0",
                "mode": "access_point",
                "ssid": "ninux-diego-pomezia",
                "wds": true,
                "bssid": "04:18:D6:F8:01:F7"
            }
        },
        {
            "type": "ethernet",
            "name": "eth0",
            "mtu": 1500,
            "addresses": [
                {
                    "management": true,
                    "address": "10.8.2.71",
                    "gateway": "10.8.2.1",
                    "mask": 24,
                    "family": "ipv4",
                    "proto": "static"
                }
            ]
        },
        {
            "type": "ethernet",
            "name": "eth0.24",
            "mtu": 1500
        },
        {
            "name": "br0",
            "type": "bridge",
            "bridge_members": ["ath0", "eth0.24"]
        }
    ],
    "radios": [
        {
            "name": "ath0",
            "channel": 1,
            "channel_width": 20,
            "disabled": true,
            "protocol": "802.11n",
            "tx_power": -4
        }
    ],
    "ntp_servers": ["193.204.114.233", "193.204.114.234"],
    "dns_servers": ["193.204.5.4", "8.8.8.8"],
    "user": {
        "name": "root",
        "password": "gpO0LLzr9C8L.LKdsqGEf.",
        "salt": "WdnaHPry"
    }
}

Spanning Tree Protocol for bridges

Seems always enabled, eg:

bridge.1.stp.status=enabled

But may also be disabled:

bridge.1.stp.status=disabled

Use the stp attribute of bridge interfaces to set this.

If the attribute is omitted, it should mean disabled.

Can comment be omitted if empty/not present?

I see bridge.1.comment= in my generated config, but this type of attribute was not present
in my test configuration that I downloaded from a production device.

Therefore I think it may be omitted if no comment is present in the NetJSON. What do you think?

ebtables

My production conf doesn't have this section.

Can this section be omitted if not specified in NetJSON?

igmpproxy

My production conf doesn't have this section.

Can this section be omitted if not specified in NetJSON?

iptables

My production conf doesn't have this section.

Can this section be omitted if not specified in NetJSON?

netconf flowcontrol

I get this:

+netconf.2.flowcontrol.tx.status=enabled
+netconf.2.flowcontrol.rx.status=enabled

Even though I don't define any flowcontrol in the NetJSON.

I think flowcontrol can be omitted if not defined in the NetJSON, what do you think?

netconf autoneg

I get this:

+netconf.2.autoneg=enabled

Even though I don't define any autoneg in the NetJSON.

I think autoneg can be omitted if not explicitly defined, what do you think?

I think we can add a negotiation parameter to the schema of ethernet interfaces for this.

ntp

This works, can you use the same NTP schema that is being used by OpenWrt and Raspbian?

That way we can keep differences to the minimum and we may even be able to add this new section to the official NetJSON spec.

You can ignore the enable_server property.

pwdog

I have this situation:

-pwdog.status=disabled
pwdog.status=enabled

Is this feature enabled by default on AirOS?

resolv

I get this situation:

-resolv.nameserver.status=enabled
+resolv.status=enabled

Are we sure this is ok?

Default route

I have the following:

-route.1.devname=eth0
-route.1.gateway=10.8.2.1
-route.1.ip=0.0.0.0
-route.1.netmask=0
-route.1.status=enabled

This is the default route, you can infer this information
from the gateway attribute of an address of an interface,
probably only the management interface.

sshd

I have this situation:

-QYva4bK2zA4faxwtZbtOyQ7x4IYNt5Z+Vv381cM1g2NyGetS3qs0mPXt9JaQRi4aYre7MtSkOOJymwpJj4pPJz8t/H3pVLyi17FAXXWVh1j42C4Mi7IBgtYn0T4GMn0FGx3+dRv2rDrwDaA0guC9GKH8PzHsbrlH1ibewJ5VLFcUzFy6CY14muXTFNb/XyvK0Z8fCU2UR3VILVDotDJfJCOEhhOs0uKLNOeyoApbeS2N
-sshd.auth.key.1.comment=nemesis@freedom
-sshd.auth.key.1.status=enabled
-sshd.auth.key.1.type=ssh-rsa
+sshd.port=22
+sshd.status=enabled
+sshd.auth.passwd=enabled

The added lines should not be an issue, but SSH keys are removed and this can cause annoyances.

In the OpenWrt backend one can add an SSH key by specifying a custom file
with path /etc/dropbear/authorized_keys but I would have liked to introduce
a more specific and more portable way to specify SSH keys.

Since most evolved networking firmware support some kind of SSH configuration,
I think it's time to define a new NetJSON attribute for this and we could start
doing it in this backend.

A way of doing it in the NetJSON style would be:

{
    "sshd": {
        "port": 22,
        "enabled": True,
        "password_auth": True,
        "keys": [
            {
                "type": "ssh-rsa",
                "key": "QYva4bK2zA4faxwtZbtOyQ7x4IYNt5Z+Vv381cM1g2NyGetS3qs0mPXt9JaQRi4aYre7MtSkOOJymwpJj4pPJz8t/H3pVLyi17FAXXWVh1j42C4Mi7IBgtYn0T4GMn0FGx3+dRv2rDrwDaA0guC9GKH8PzHsbrlH1ibewJ5VLFcUzFy6CY14muXTFNb/XyvK0Z8fCU2UR3VILVDotDJfJCOEhhOs0uKLNOeyoApbeS2N",
                "comment": "nemesis@freedom",
                "enabled": True
            }
        ]
    }
}

Could you create an additional seciton in the airos schema for this and update the Sshd
converter accordingly?

Wireless ap attribute (bssid)

I have:

-wireless.1.ap=04:18:D6:F8:01:F7

But this attribute is needed, you can use the bssid attribute in
NetJSON wireless interfaces.

WPA supplicant

I have this situation:

-wpasupplicant.device.1.status=disabled
+wpasupplicant.status=disabled
+wpasupplicant.profile.1.network.1.key_mgmt.1.name=NONE
+wpasupplicant.profile.1.network.1.priority=100
+wpasupplicant.profile.1.network.2.status=disabled
 wpasupplicant.profile.1.network.1.ssid=ninux-diego-pomezia
+wpasupplicant.profile.1.name=AUTO
+wpasupplicant.device.1.status=disabled
+wpasupplicant.profile.1.network.2.key_mgmt.1.name=NONE
+wpasupplicant.profile.1.network.2.priority=2
+wpasupplicant.device.1.profile=AUTO

Can we avoid adding the necessary lines if not needed?

[nemesifier]

as you pointed out, encryption should go in wireless :-D

[nemesifier]

as you pointed out, encryption should go in wireless :-D

[nemesifier]

as you pointed out, encryption should go in wireless :-D

[nemesifier]

as you pointed out, encryption should go in wireless :-D

[nemesifier]

Try also to sort the order of keys so the generated output is always identical (as explained via IM).

[nemesifier]

add default, title and description please

[nemesifier]

add default, title and description please

[nemesifier]

better if this boolean defaults to True

[nemesifier]

there's a double space before the first and

[edoput]

I'm attaching a diff between the "default configuration" (reset the antenna and enable advanced network configuration) and the default netjson

default.txt

there are minimal differencies except for the radio section , the one not implemented in netjsonconfig.

I'll go over other configurations (station+wpa2 personal, ap,...) and post the diff later

[nemesifier]

I think we need a relative import here because I'm getting an exception while testing

[nemesifier]

the encryption key is not mandatory, see: http://netjson.org/rfc.html#rfc.section.5.4.2
if encryption is omitted it means encryption off. I discovered this because I got an exception while testing.

Please, before fixing this issue could you first create a failing test?

[coveralls]

Coverage decreased (-1.04%) to 98.887% when pulling 309e712 on airos into a2611ef on master.

[nemesifier]

@edoput this code can be used as a good starting point for future work, or we may resume it together as well when I have cleared out some urgent matters and in case you want to dedicate some more time on it.

Can we leave it open or do you have anything against this?

[edoput]

Hey, I extracted this work to a different package that can be imported at runtime with my last contribution

This PR is now closed as the work has been included in an external package, netjsonconfig-airos and will be available from the next release (v0.6.3)

Right now is still sitting there as testing on hardware is still too hard but we can manage to include it better in the openwisp controller.

Because the code has been migrated I think that the discussion should too.

I edited the top comment to explain what happened but didn't leave an explanation at the bottom.

[nemesifier]

@edoput that's great! What about the docs you wrote? Maybe those could go in your README?

We should also find a way to give visibility to your package somehow, so the chances to find somebody who will help us out will increase.
We could do 2 things: add a new page in the netjsonconfig docs which links your package; show this PR in the contributors board, I just did that.