Author Topic: Understanding configctl (Read 5624 times)

mihak · « **on:** February 23, 2021, 10:11:57 pm »

My first attempt to build a plugin, I started from the backend side.

1. Installed freeBSD package for speedtest:
sudo pkg add "https://bintray.com/ookla/download/download_file?file_path=ookla-speedtest-1.0.0-freebsd.pkg"
speedtest is successfully installed to /usr/local/bin and works from terminal

2. Created /usr/local/opnsense/service/conf/actions.d/actions_speedtest.conf:
[serverlist] command:/usr/local/bin/speedtest -L parameters: type:script_output message:list nearest speedtest servers [serverlist-json] command:/usr/local/bin/speedtest -L -fjson parameters: type:script_output message:list nearest speedtest servers (json) [runtest] command:/usr/local/bin/speedtest -pno parameters: type:script_output message:test [runtest-json] command:/usr/local/bin/speedtest -fjson parameters: type:script_output message:test (json)

After restarting configd with service configd restart, some commands work and some don't:
- configctl speedtest serverlist and configctl speedtest serverlist-json execute without issues
- configctl speedtest runtest and configctl speedtest runtest-json both throw an error:

root@OPNsense:/usr/local # configctl speedtest runtest Execute error

Obvious questions: why, and how to bypass that?

mimugmail · « **Reply #1 on:** February 24, 2021, 06:03:01 am »

What does configd.log say?

mihak · « **Reply #2 on:** February 24, 2021, 06:13:24 am »

Feb 24 05:09:52 OPNsense configd.py[65044]: [f85621d2-7b0c-4dc2-a722-2530acb531f2] test (json) Feb 24 05:09:52 OPNsense configd.py[65044]: [f85621d2-7b0c-4dc2-a722-2530acb531f2] Script action failed with Command '/usr/local/bin/speedtest -fjson' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 479, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python3.7/subprocess.py", line 363, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/bin/speedtest -fjson' returned non-zero exit status 1.

executing /usr/local/bin/speedtest -fjson directly from a command line works just fine.

mimugmail · « **Reply #3 on:** February 24, 2021, 06:31:53 am »

Does it require some kind of user interaction? What is the output when running directly?

mihak · « **Reply #4 on:** February 24, 2021, 06:37:38 am »

No interaction:

root@OPNsense:/usr/local # /usr/local/bin/speedtest -fjson
{"type":"result","timestamp":"2021-02-24T05:33:17Z","ping":{"jitter":0.20699999999999999,"latency":3.7770000000000001},"download":{"bandwidth":15712471,"bytes":159084520,"elapsed":9906},"upload":{"bandwidth":24847543,"bytes":107273632,"elapsed":4310},"isp":"Ziply Fiber","interface":{"internalIp":"192.168.3.114","name":"em1","macAddr":"00:0C:29:17:27:AB","isVpn":false,"externalIp":"xx.xx.xx.xx"},"server":{"id":26805,"name":"Rock Island Communications","location":"Seattle, WA","country":"United States","host":"fast.rockisland.net","port":8080,"ip":"64.119.5.68"},"result":{"id":"34a8666f-8e45-4bdd-9ba2-98c5c2869aa8","url":"https://www.speedtest.net/result/c/34a8666f-8e45-4bdd-9ba2-98c5c2869aa8"}}

BUT: I vaguely remember that it asked for some type of EULA acceptance the first time I ran it - after I installed the pkg. Now it looks all happy even when I delete and re-install the pkg.

This begs a question: under what user context does configd run?

mihak · « **Reply #5 on:** February 24, 2021, 06:41:24 am »

GOTCHA!

I created a new user and executed speedtest:

$ speedtest ============================================================================== You may only use this Speedtest software and information generated from it for personal, non-commercial use, through a command line interface on a personal computer. Your use of this software is subject to the End User License Agreement, Terms of Use and Privacy Policy at these URLs: https://www.speedtest.net/about/eula https://www.speedtest.net/about/terms https://www.speedtest.net/about/privacy ============================================================================== Do you accept the license? [type YES to accept]:

After the license is accepted, speedtest works without interaction...

Workaround: there are two (poorly documented) switches for speedtest that allow it to run without interactive license acceptance:

speedtest --accept-license --accept-gdpr

franco · « **Reply #6 on:** February 24, 2021, 10:24:53 am »

Not that much about interactivity here, but same result: if the return code is not zero we assume something went wrong. If you can't work around a buggy binary you need to use something like "/my/command --args; true"

Cheers,
Franco

mihak · « **Reply #7 on:** February 24, 2021, 04:26:18 pm »

I am still interested to understand: which user context is used by configd to execute these configctl services? Clearly it is not root...

franco · « **Reply #8 on:** February 24, 2021, 04:50:32 pm »

Let's test this theory:

# tail -n 5 /usr/local/opnsense/service/conf/actions_service.conf
[whoami]
command:whoami
parameters:
type:script_output
message:Who am I?
# service configd restart
# configctl service whoami
root

Cheers,
Franco

Author Topic: Understanding configctl (Read 5624 times)

mihak

Understanding configctl

mimugmail

Re: Understanding configctl

mihak

Re: Understanding configctl

mimugmail

Re: Understanding configctl

mihak

Re: Understanding configctl

mihak

Re: Understanding configctl

franco

Re: Understanding configctl

mihak

Re: Understanding configctl

franco

Re: Understanding configctl