@ -15,298 +15,111 @@ networkd is a small and lean service to configure network interfaces, designed m
* ad-hoc interface with additional USB/WiFi dongle for uplink to internet router
== Install systemd-networkd
== Install prerequisites
=== deinstall classic networking and install it!
* *sudo su* # if not already done
*deinstall*
[source,sh]
----
systemctl daemon-reload
systemctl disable --now ifupdown dhcpcd dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog
apt --autoremove purge -f ifupdown dhcpcd dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog
rm -r /etc/network /etc/dhcp
# setup/enable systemd-resolved and systemd-networkd
systemctl disable --now avahi-daemon libnss-mdns
apt --autoremove -f purge avahi-daemon
apt install -f libnss-resolve
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
apt-mark hold avahi-daemon dhcpcd dhcpcd5 ifupdown isc-dhcp-client isc-dhcp-common libnss-mdns openresolv raspberrypi-net-mods rsyslog
systemctl enable systemd-networkd.service systemd-resolved.service
sudo apt-get install apt-transport-https ca-certificates software-properties-common -y
----
=== setup wired connection
== Download and install Docker.
* *sudo su* # if not already done
*wired connection*
[source,sh]
----
cat > /etc/systemd/network/04-wired.network <<EOF
[Match]
Name=e*
[Network]
## Uncomment only one option block
# Option: using a DHCP server and multicast DNS
LLMNR=no
LinkLocalAddressing=no
MulticastDNS=yes
DHCP=ipv4
# Option: using link-local ip addresses and multicast DNS
#LLMNR=no
#LinkLocalAddressing=yes
#MulticastDNS=yes
# Option: using static ip address and multicast DNS
Address=192.168.1.18/24 // <1>
Gateway=192.168.1.1 // <2>
DNS=8.8.8.8 1.1.1.1 // <3>
MulticastDNS=yes
EOF
curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh
usermod -aG docker pi
curl https://download.docker.com/linux/raspbian/gpg
----
<1> use your settings
<2> use your settings
<2> use your settings
=== Reboot
NOTE: reboot
== Config
=== NSS
== Give the ‘pi’ user the ability to run Docker.
*config nss*
[source,sh]
----
apt --autoremove purge avahi-daemon
apt-mark hold avahi-daemon
apt install -f libnss-resolve
echo ""
echo "For troubleshooting you may have a look at /etc/nsswitch.conf. It should contain a line like this:"
echo ""
echo "hosts: files resolve [!UNAVAIL=return] dns"
echo ""
echo ""
echo ""
echo ""
sudo usermod -aG docker pi
----
== Import Docker and swarmlab.io keys
=== DNS
*config dns*
[source,sh]
----
curl https://download.docker.com/linux/raspbian/gpg
cat > /root/get-certs-swarmlab <<'EOF'
registry_address=hub.swarmlab.io
registry_port=5443
mkdir -p /etc/docker/certs.d/$registry_address:$registry_port
openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt
echo ""
echo "Configure DNS stub listener interface"
echo ""
echo "Here we have to symlink /etc/resolv.conf to the stub listener:"
echo ""
echo " exec4you ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf"
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
echo ""
registry_port=5480
mkdir -p /etc/docker/certs.d/$registry_address:$registry_port
openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt
EOF
echo "Check name resolution"
chmod +x /root/get-certs-swarmlab
/root/get-certs-swarmlab
resolvectl status
----
== unprotected ad-hoc interface using wpa_supplicant
Follow *Install systemd-networkd*
Then come back here.
TIP: unprotected
* *sudo su* # if not already done
== Add the Docker Repo.
[source,sh]
----
cat > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf <<EOF
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
update_config=1
p2p_disabled=1
country=GR
network={
ssid="IBSS-RPiNet"
frequency=2412 # channel 1
mode=1 # IBSS (ad-hoc, peer-to-peer)
key_mgmt=NONE
}
EOF
chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
systemctl enable wpa_supplicant@wlan0.service
echo ""
echo "enabled4you"
echo "systemctl enable wpa_supplicant@wlan0.service"
echo ""
echo "deb https://download.docker.com/linux/raspbian/ buster stable" >> /etc/apt/sources.list
----
=== Reboot
NOTE: Reboot
=== Check
== Update your Pi.
[source,sh]
----
echo ""
echo "Check with:"
echo ""
echo "iw dev"
echo ""
echo "iw dev wlan0 link"
echo ""
echo "ip addr"
echo ""
echo "sudo iw dev wlan0 scan | grep -B8 -A3 "IBSS-RPiNet""
echo ""
# From another ad hoc connected device you should be able to
echo "From another ad hoc connected device you should be able to"
echo ""
echo "ping -c3 raspberrypi.local"
echo ""
apt-get update
apt-get upgrade
----
== protected ad-hoc interface using wpa_supplicant
CAUTION: Raspberry Pi does not support encrypted IBSS connections!. You have to use an additional USB WiFi dongle that usually registers an interface wlan1. My setup shows:
== Start the Docker service.
Follow *Install systemd-networkd*
Then come back here.
*check*
[source,sh]
----
iw list | grep -P "Wiphy|RSN-IBSS"
systemctl enable docker.service
systemctl start docker.service
----
*output*
== Verify that Docker is installed and running.
[source,sh]
----
Wiphy phy1
Device supports RSN-IBSS.
Wiphy phy0
docker info
docker ps
----
You cannot find this support entry for Wiphy pyh0 that is the on-board WiFi device.
=== Install driver
== Fix "x509: certificate signed by unknown authority" issue
TIP: Example TP-Link
[source,sh]
----
echo "lsusb"
echo ""
echo "Example for TP-Link"
echo ""
echo "Bus 001 Device 005: ID 2357:0109 TP-Link TL WN823N RTL8192EU"
echo ""
sudo wget http://downloads.fars-robotics.net/wifi-drivers/install-wifi -O /usr/bin/install-wifi
sudo chmod +x /usr/bin/install-wifi
echo ""
echo "sudo install-wifi -h"
echo ""
echo "will give details on how to use the script."
echo ""
echo "To download the driver for your current kernel use command"
sudo install-wifi
echo "sudo install-wifi 8192eu"
echo ""
sudo install-wifi 8192eu
echo ""
echo "If you update your kernel version you will need to re-run the script to update the driver version."
----
* On Error:
=== setup
Get https ://registry.vlabs.uniwa.gr:5080/v2/: x509: certificate
[source,sh]
----
sudo systemctl disable --now wpa_supplicant@wlan0.service
echo "sudo -Es # if not already done"
echo ""
cat > /etc/wpa_supplicant/wpa_supplicant-wlan1.conf <<EOF
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
update_config=1
p2p_disabled=1
country=GR
network={
ssid="IBSS-RPiNet"
key_mgmt=WPA-PSK
proto=RSN
psk="verySecretPasswordi123"
mode=1
frequency=2412
}
EOF
Pulling ...
ERROR: Get https://registry.vlabs.uniwa.gr:5080/v2/: x509: certificate signed by unknown authority
chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan1.conf
systemctl enable wpa_supplicant@wlan1.service
----
=== Reboot
http://docs.swarmlab.io/SwarmLab-HowTos/swarmlab/docs/swarmlab/docs/install/install-docker.html#fix-x509-certificate-signed-by-unknown-authority-issue[See here^]
NOTE: reboot
or simple run:
[source,sh]
----
echo ""
echo "reboot."
echo ""
/root/get-certs-swarmlab
----
=== Check
[source,sh]
----
echo "iw dev"
echo ""
echo "iw dev wlan1 link"
echo ""
echo "ip addr"
echo ""
echo "sudo iw dev wlan1 scan | grep -B8 -A3 "IBSS-RPiNet""
echo ""
echo "From another ad hoc connected device you should be able to"
echo ""
echo "ping -c3 raspberrypi.local"
echo ""
----
== Reboot
NOTE: reboot
* https://raspberrypi.stackexchange.com/questions/94047/how-to-setup-an-unprotected-ad-hoc-ibss-network-and-if-possible-with-wpa-encry/94048#94048[origin^]
zeus
3 years ago