diff --git a/README.rst b/README.rst index c51cb43..4646967 100644 --- a/README.rst +++ b/README.rst @@ -66,6 +66,7 @@ UCI configuration options must go in ``/etc/config/openwisp``. - ``key``: key required to download the configuration - ``shared_secret``: shared secret, needed for `Automatic registration`_ - ``unmanaged``: list of config sections which won't be overwritten, see `Unmanaged Configurations`_ +- ``consistent_key``: whether `Consistent key generation`_ is enabled or not, defaults to ``1`` - ``test_config``: whether a new configuration must be tested before being considered applied, defaults to ``1`` - ``test_script``: custom test script, read more about this feature in `Configuration test`_ - ``capath``: value passed to curl ``--capath`` argument, defaults to ``/etc/ssl/certs``; see also `curl capath argument `_ @@ -86,6 +87,18 @@ in the latter case it will simply register itself with the current hostname. When the registration is completed, the agent will automatically set ``uuid`` and ``key`` in ``/etc/config/openwisp``. +Consistent key generation +------------------------- + +When using `Automatic registration`_, this feature allows devices to keep the same configuration +even if reset or reflashed. + +The ``key`` is generated consistently with an operation like ``md5sum(mac_address + shared_secret)``; +this allows the controller application to recognize that an existing device is registering itself again. + +This feature is enabled by default, but must be enabled also in the controller application +in order to work. + Configuration test ------------------ diff --git a/openwisp-config/files/openwisp.agent b/openwisp-config/files/openwisp.agent index d0133c0..90a9323 100644 --- a/openwisp-config/files/openwisp.agent +++ b/openwisp-config/files/openwisp.agent @@ -9,6 +9,7 @@ while [ -n "$1" ]; do --uuid) export UUID="$2"; shift;; --key) export KEY="$2"; shift;; --shared-secret) export SHARED_SECRET="$2"; shift;; + --consistent-key) export CONSISTENT_KEY="$2"; shift;; --unmanaged) export UNMANAGED="$2"; shift;; --test-config) export TEST_CONFIG="$2"; shift;; --test-script) export TEST_SCRIPT="$2"; shift;; @@ -41,6 +42,7 @@ fi INTERVAL=${INTERVAL:-120} VERIFY_SSL=${VERIFY_SSL:-1} TEST_CONFIG=${TEST_CONFIG:-1} +CONSISTENT_KEY=${CONSISTENT_KEY:-1} CONNECT_TIMEOUT=${CONNECT_TIMEOUT:-15} MAX_TIME=${MAX_TIME:-30} CAPATH=${CAPATH:-/etc/ssl/certs} @@ -85,12 +87,18 @@ register() { -t openwisp \ -p daemon.info local hostname=$(uci get system.@system[0].hostname) + local macaddr=$(ifconfig | grep -v lo | grep HWaddr | awk '/HWaddr/ { print $5 }' | head -n 1) + # use macaddress if hostname has not been changed if [ "$hostname" == "OpenWrt" ] || [ "$hostname" == "lede" ]; then - # gets the mac address of the first interface that shows in ifconfig - hostname=$(ifconfig | grep -v lo | grep HWaddr | awk '/HWaddr/ { print $5 }' | head -n 1) + hostname="$macaddr" fi local backend="netjsonconfig.OpenWrt" local params="secret=$SHARED_SECRET&name=$hostname&backend=$backend" + # generate key from macaddress + shared secret + if [ "$CONSISTENT_KEY" == "1" ]; then + local key=$(echo -n "$macaddr+$SHARED_SECRET" | md5sum | awk '{print $1}') + params="$params&key=$key" + fi $($FETCH_COMMAND -i --data $params $REGISTRATION_URL > $REGISTRATION_PARAMETERS) local exit_code=$? diff --git a/openwisp-config/files/openwisp.config b/openwisp-config/files/openwisp.config index 05a6724..2e42eb4 100644 --- a/openwisp-config/files/openwisp.config +++ b/openwisp-config/files/openwisp.config @@ -7,6 +7,7 @@ config controller 'http' option verify_ssl '1' option uuid '' option key '' + option consistent_key '1' option shared_secret '' option test_config '1' #option test_script '/usr/sbin/mytest' diff --git a/openwisp-config/files/openwisp.init b/openwisp-config/files/openwisp.init index 1ecbe51..3d7d50b 100644 --- a/openwisp-config/files/openwisp.init +++ b/openwisp-config/files/openwisp.init @@ -14,6 +14,7 @@ start_service() { uuid=$(config_get http uuid) key=$(config_get http key) shared_secret=$(config_get http shared_secret) + consistent_key=$(config_get http consistent_key) unmanaged=$(config_get http unmanaged) test_config=$(config_get http test_config) test_script=$(config_get http test_script) @@ -26,6 +27,7 @@ start_service() { if [ $uuid ]; then uuid="--uuid $uuid"; fi if [ $key ]; then key="--key $key"; fi if [ $shared_secret ]; then shared_secret="--shared-secret $shared_secret"; fi + if [ $consistent_key ]; then consistent_key="--consistent-key $consistent_key"; fi if [ -n "$unmanaged" ]; then # replace spaces with commas to avoid problems when # passing this arg to procd_set_param command @@ -53,8 +55,8 @@ start_service() { fi procd_open_instance - procd_set_param command $PROG $url $interval $verify_ssl $uuid $key \ - $shared_secret $unmanaged $test_config $test_script \ + procd_set_param command $PROG $url $interval $verify_ssl $uuid $key $shared_secret \ + $consistent_key $unmanaged $test_config $test_script \ $connect_timeout $max_time $capath procd_set_param respawn procd_close_instance