OPNsense Forum
English Forums => Development and Code Review => Topic started by: mihak on February 23, 2021, 10:11:57 pm
-
My first attempt to build a plugin, I started from the backend side.
1. Installed freeBSD package for speedtest:
sudo pkg add "https://bintray.com/ookla/download/download_file?file_path=ookla-speedtest-1.0.0-freebsd.pkg"
speedtest is successfully installed to /usr/local/bin and works from terminal
2. Created /usr/local/opnsense/service/conf/actions.d/actions_speedtest.conf:
[serverlist]
command:/usr/local/bin/speedtest -L
parameters:
type:script_output
message:list nearest speedtest servers
[serverlist-json]
command:/usr/local/bin/speedtest -L -fjson
parameters:
type:script_output
message:list nearest speedtest servers (json)
[runtest]
command:/usr/local/bin/speedtest -pno
parameters:
type:script_output
message:test
[runtest-json]
command:/usr/local/bin/speedtest -fjson
parameters:
type:script_output
message:test (json)
After restarting configd with service configd restart, some commands work and some don't:
- configctl speedtest serverlist and configctl speedtest serverlist-json execute without issues
- configctl speedtest runtest and configctl speedtest runtest-json both throw an error:
root@OPNsense:/usr/local # configctl speedtest runtest
Execute error
Obvious questions: why, and how to bypass that?
-
What does configd.log say?
-
Feb 24 05:09:52 OPNsense configd.py[65044]: [f85621d2-7b0c-4dc2-a722-2530acb531f2] test (json)
Feb 24 05:09:52 OPNsense configd.py[65044]: [f85621d2-7b0c-4dc2-a722-2530acb531f2] Script action failed with Command '/usr/local/bin/speedtest -fjson' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 479, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python3.7/subprocess.py", line 363, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/speedtest -fjson' returned non-zero exit status 1.
executing /usr/local/bin/speedtest -fjson directly from a command line works just fine.
-
Does it require some kind of user interaction? What is the output when running directly?
-
No interaction:
root@OPNsense:/usr/local # /usr/local/bin/speedtest -fjson
{"type":"result","timestamp":"2021-02-24T05:33:17Z","ping":{"jitter":0.20699999999999999,"latency":3.7770000000000001},"download":{"bandwidth":15712471,"bytes":159084520,"elapsed":9906},"upload":{"bandwidth":24847543,"bytes":107273632,"elapsed":4310},"isp":"Ziply Fiber","interface":{"internalIp":"192.168.3.114","name":"em1","macAddr":"00:0C:29:17:27:AB","isVpn":false,"externalIp":"xx.xx.xx.xx"},"server":{"id":26805,"name":"Rock Island Communications","location":"Seattle, WA","country":"United States","host":"fast.rockisland.net","port":8080,"ip":"64.119.5.68"},"result":{"id":"34a8666f-8e45-4bdd-9ba2-98c5c2869aa8","url":"https://www.speedtest.net/result/c/34a8666f-8e45-4bdd-9ba2-98c5c2869aa8"}}
BUT: I vaguely remember that it asked for some type of EULA acceptance the first time I ran it - after I installed the pkg. Now it looks all happy even when I delete and re-install the pkg.
This begs a question: under what user context does configd run?
-
GOTCHA! :)
I created a new user and executed speedtest:
$ speedtest
==============================================================================
You may only use this Speedtest software and information generated
from it for personal, non-commercial use, through a command line
interface on a personal computer. Your use of this software is subject
to the End User License Agreement, Terms of Use and Privacy Policy at
these URLs:
https://www.speedtest.net/about/eula
https://www.speedtest.net/about/terms
https://www.speedtest.net/about/privacy
==============================================================================
Do you accept the license? [type YES to accept]:
After the license is accepted, speedtest works without interaction...
Workaround: there are two (poorly documented) switches for speedtest that allow it to run without interactive license acceptance:
speedtest --accept-license --accept-gdpr
-
Not that much about interactivity here, but same result: if the return code is not zero we assume something went wrong. If you can't work around a buggy binary you need to use something like "/my/command --args; true"
Cheers,
Franco
-
I am still interested to understand: which user context is used by configd to execute these configctl services? Clearly it is not root...
-
Let's test this theory:
# tail -n 5 /usr/local/opnsense/service/conf/actions_service.conf
[whoami]
command:whoami
parameters:
type:script_output
message:Who am I?
# service configd restart
# configctl service whoami
root
Cheers,
Franco