Bosse_B
Posts: 1121
Joined: Thu Jan 30, 2014 9:53 am

Is there a way to automate installation of a WiFi AP service?

Thu Apr 15, 2021 6:46 pm

I have been writing software for the RPi4 to control external equipment and it is supposed to run as a service.
It will be deployed to a remote location and powered by solar panels via a battery.
The software is running a TCP/IP configuration server so that it can be easily accessed and configured via the network.
But on location that will not be possible since there is no network...
Until the on-board WiFi adapter is configured as an Access Point, that is....

So I have found the RPi documentation for WiFi AP to create this function and I can now connect via WiFi from a PC or tablet or smartphone.

So now I want to be able to install and configure the WiFi AP functions using a setup script of some kind so the production people can do this many times over.

So how to do it?
Note that I don't want any routing outside of the RPi itself, the AP access is strictly only for configuring the system itself and to retrieve data from earlier sessions located on the Rpi4 disk.
So the client is supposed to only access the RPi4 itself via WiFi.

Right now the procedure I have noted down contains the commands below, but the notes are not updated after I got it actually working and I have forgotten the details on how I made it work...

Code: Select all

sudo apt install dnsmasq hostapd
sudo systemctl stop dnsmasq
sudo systemctl stop hostapd
sudo nano /etc/dhcpcd.conf #Edit the file, add to the end:
#-------------------------------
interface wlan0
    static ip_address=192.168.197.1/24
    nohook wpa_supplicant
#-------------------------------

sudo service dhcpcd restart
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf #Add stuff to this new file:
#-------------------------------
interface=wlan0 # Use the wireless interface - usually wlan0
dhcp-range=192.168.197.10,192.168.197.30,255.255.255.0,24h
#-------------------------------

sudo systemctl reload dnsmasq
sudo nano /etc/hostapd/hostapd.conf #Here again stuff is added to the file:
#-------------------------------
interface=wlan0
driver=nl80211
ssid=NameOfNetwork
wpa_passphrase=PasswordOfNetwork
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
#-------------------------------

sudo nano /etc/default/hostapd #Another file that needs extra stuff inside it:
#Modify daemon line:
#-------------------------------
DAEMON_CONF="/etc/hostapd/hostapd.conf"
#-------------------------------

#Start up
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd

#Check operations
sudo systemctl status hostapd
sudo systemctl status dnsmasq

And my notes says that already the first status call fails...

So:
1) Is there something flawed in the stuff done above? In that case what?
2) How can it be automated (especially those file edits)?
Creating a script is OK but making it such that no user interaction is needed is the hard to solve problem...
Adding stuff to the end of a file is not a problem but detecting an existing conf and replacing it with something else is...

One note about my existing working Rpi4 where this is working:
If I look inside the file /etc/default/hostapd the item DAEMON_CONF is commented out...
In fact *everything* in this file are just comments!
So maybe this file can be taken out from this setup operation completely?

Grateful for any suggestions/comments!
Bo Berglund
Sweden

epoch1970
Posts: 6353
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Is there a way to automate installation of a WiFi AP service?

Thu Apr 15, 2021 7:00 pm

There is no "country" option in your hostapd conf file, that might be a cause of failure.
If you don't need a lot of functions from the AP, then you can use wpa_supplicant in "mode=2", that creates an AP. (remove nohook wpa_supplicant from dhcpcd.conf in this case, of course.)
And if clients of the AP support zeroconf, you can also drop the install of dnsmasq and the configuration of dhcpcd...
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Bosse_B
Posts: 1121
Joined: Thu Jan 30, 2014 9:53 am

Re: Is there a way to automate installation of a WiFi AP service?

Thu Apr 15, 2021 9:11 pm

After posting the question I realized that maybe we could simply create an SDcard image after manually configuring a barebones RPi4 with both the WiFi stuff and our actual software.
Then duplication of this is just a matter of making an SDcard from the image and put it into a new RPi.
The only item that needs attending would then be setting the hostname of the new RPi.
Can this be put somewhere in the FAT partition so the card could be prepared ahead of first use?
Bo Berglund
Sweden

MiscBits
Posts: 181
Joined: Wed Jan 27, 2021 12:48 pm

Re: Is there a way to automate installation of a WiFi AP service?

Thu Apr 15, 2021 11:13 pm

A couple of ideas for setting the system name:

SDM - https://github.com/gitbls/sdm
Pi Boot Script - https://gitlab.com/JimDanner/pi-boot-script

The new Pi imager allows you to set the system name (ctrl-shift-X) and select the required image but I do not know if you can do both at the same time! Also I'm not sure if these options apply to the Mac version either.

bls
Posts: 1341
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA

Re: Is there a way to automate installation of a WiFi AP service?

Fri Apr 16, 2021 12:08 am

sdm (which @MiscBits mentioned) can do all of what you need except for installing and configuring the Access Point.

Today.

Funny thing though, I've actually been thinking about adding an AP capability to it, but was waiting for some inspiration to strike. Perhaps @Bosse_B just provided that :roll:

If you were to use sdm for this, you could build the Pi image, including your software, any needed RasPiOS packages, configure the AP, etc. etc.

Then you can burn SD Cards (or SSDs if you want) from that image, giving each SD Card a different hostname.

I'll take a look at the details in the next couple of days and update this thread. In the meantime, @Bosse_B, would this be interesting to you? If so...
  • Would each Pi need a different SSID/password, or would they all be the same. Either is possible, just changes where things get done.
  • What is your timeframe for when this is needed?
Pi tools:
Quickly and easily build customized-just-for-you SD Cards: https://github.com/gitbls/sdm
Easily run your network's DHCP/DNS on a Pi: https://github.com/gitbls/ndm
Easy strongSwan VPN installer/manager: https://github.com/gitbls/pistrong
Lightweight Virtual VNC Config: https://github.com/gitbls/RPiVNCHowTo

Bosse_B
Posts: 1121
Joined: Thu Jan 30, 2014 9:53 am

Re: Is there a way to automate installation of a WiFi AP service?

Sat Apr 17, 2021 9:51 am

bls wrote:
Fri Apr 16, 2021 12:08 am
sdm (which @MiscBits mentioned) can do all of what you need except for installing and configuring the Access Point.

Today.

Funny thing though, I've actually been thinking about adding an AP capability to it, but was waiting for some inspiration to strike. Perhaps @Bosse_B just provided that :roll:
I find it most useful for accessing a stand-alone RPi with no Internet connection, just to configure and manage its software.
This makes the AP route attractive, but the how-to on the raspberrypi website is over the top for this since it really tries to make the RPi operate as a router to the Internet.
If you were to use sdm for this, you could build the Pi image, including your software, any needed RasPiOS packages, configure the AP, etc. etc.
I will have a look at what "sdm" is and what it offers, but as I added to the thread after thinking a bit I realized that I could as well deposit the latest SDcard image as a file for production to pick up and use.

Then you can burn SD Cards (or SSDs if you want) from that image, giving each SD Card a different hostname.
I am really not sure if the hostname needs to be changed after all, since these units will not really operate on the same network anyway.
I'll take a look at the details in the next couple of days and update this thread. In the meantime, @Bosse_B, would this be interesting to you? If so...
  • Would each Pi need a different SSID/password, or would they all be the same. Either is possible, just changes where things get done.
  • What is your timeframe for when this is needed?
Unless a customer wants to secure their installation the user/password could remain the same.
Actually I am thinking of adding a factory service account with sudo priviliges so that the devices could at least be managed by our service folks even if the device has a customer specific login.
I might as well remove the pi account, or possibly better rename it to our own selected name so that it will continue to operate just with a new name.

As time frames go I believe there is at least 2-3 months before this needs to be nailed down.
(Thanks for your input! Much appreciated!)
Bo Berglund
Sweden

swampdog
Posts: 611
Joined: Fri Dec 04, 2015 11:22 am

Re: Is there a way to automate installation of a WiFi AP service?

Sat Apr 17, 2021 12:20 pm

I wouldn't remove the "pi" account. There might be oddness later - a gui app prompting for elevated privileges comes to mind. What I do is give it a complex passwd then lock it. Ditto for root because it then gives an alternate method for the prompt. You'll need to experiment because my needs were slightly different in that..

Code: Select all

#!/bin/bash
(
P="pi/foo passwd" 
R="root passwd"
sed -i 's/^\(pi:\)\(.*\)\(:1000:1000:\)/\1\2:1001:1001:/' /etc/passwd
sed -i 's/^\(pi:\)\(.*\):1000:/\1\2:1001:/' /etc/group
chown -Rc 1001:1001 /home/pi
useradd --uid 1000 -m -s /bin/bash foo
printf "$P""\n""$P""\n" | passwd foo
sudo -u foo -i /wrk/finit.sh
sudo -u foo -i /wrk/fipaddr.sh
printf "$P""\n""$P""\n" | passwd pi
passwd -l pi
printf "$R""\n""$R""\n" | passwd
) 2>&1 | tee /wrk/rinit.log
.."pi" uid clashes with "foo" user on other linux boxes (particularly my NAS for NFS) so I change it so "foo" is 1000:1000 everywhere inside my network. The above gets run once from /etc/rc.local btw.

Code: Select all

$ cat /etc/sudoers.d/010_foo-nopasswd 
foo	ALL=(ALL)	NOPASSWD:ALL,!FOO

Code: Select all

$ cat /etc/sudoers.d/000_foo-noreboot 
Cmnd_Alias FOO = /sbin/shutdown, \
	/sbin/poweroff, /usr/bin/poweroff, \
	/sbin/reboot, /usr/bin/reboot
..because even "foo" can muck up and power off accidentally.

Basically I have a script(*) on a linux box which 'dd's the standard image then mounts both partitions to add in the changes. There's other bits not shown: you'd at least want "foo" to be a member of "sudo" group for instance (mine just clones "pi" group list). wpa_supplicant/ssh can be added at this point and so forth.

I use the above for headless (typically lite) installations. It does work for GUI with the caveat I've not investigated how to prevent getting the initial GUI prompt for completing the config - pi password etc.

(*) lots of stuff not shown like getting passwordless "ssh" to work.

Hint: 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "$@"' may be handy initially.

Bosse_B
Posts: 1121
Joined: Thu Jan 30, 2014 9:53 am

Re: Is there a way to automate installation of a WiFi AP service?

Sat Apr 17, 2021 2:59 pm

swampdog wrote:
Sat Apr 17, 2021 12:20 pm
I use the above for headless (typically lite) installations. It does work for GUI with the caveat I've not investigated how to prevent getting the initial GUI prompt for completing the config - pi password etc.
Our usage is with a lite no-GUI Pi image.
It runs a service which is the core of our system and is meant to work unattended....
Never a need for a GUI.
Bo Berglund
Sweden

swampdog
Posts: 611
Joined: Fri Dec 04, 2015 11:22 am

Re: Is there a way to automate installation of a WiFi AP service?

Sat Apr 17, 2021 10:15 pm

It shouldn't be too hard then. I guess you could replace /etc/rc.local with a "one-shot" service if you wanted - I was considering doing that if ever I rewrite my tool because there's a mess of files.

I use 'udisksctl' for mounting the image after the 'dd..
sudo udisksctl status
udisksctl loop-setup -f
udisksctl loop-delete -b
..then I mount & modify the sdcard filesystems directly. Touch sdcard/boot/ssh and copy in sdcard/boot/wpa_supplicant.conf

I expect you want a fixed base image but there is the possibility of not having to do all of this from scratch. Just backup the newly modified sdcard image and use that as the image to ship. Maybe add a final stage to change the hostname?

I install packages as part of my /etc/rc.local , both dpkg *.deb and apt update/upgrade, which is the final headache if you require a fixed image.

bls
Posts: 1341
Joined: Mon Oct 22, 2018 11:25 pm
Location: Seattle, WA

Re: Is there a way to automate installation of a WiFi AP service?

Wed Apr 21, 2021 10:35 pm

Bosse_B wrote:
Sat Apr 17, 2021 9:51 am
bls wrote:
Fri Apr 16, 2021 12:08 am
sdm (which @MiscBits mentioned) can do all of what you need except for installing and configuring the Access Point.

Today.

Funny thing though, I've actually been thinking about adding an AP capability to it, but was waiting for some inspiration to strike. Perhaps @Bosse_B just provided that :roll:
I find it most useful for accessing a stand-alone RPi with no Internet connection, just to configure and manage its software.
This makes the AP route attractive, but the how-to on the raspberrypi website is over the top for this since it really tries to make the RPi operate as a router to the Internet.
If you were to use sdm for this, you could build the Pi image, including your software, any needed RasPiOS packages, configure the AP, etc. etc.
I will have a look at what "sdm" is and what it offers, but as I added to the thread after thinking a bit I realized that I could as well deposit the latest SDcard image as a file for production to pick up and use.

Then you can burn SD Cards (or SSDs if you want) from that image, giving each SD Card a different hostname.
I am really not sure if the hostname needs to be changed after all, since these units will not really operate on the same network anyway.
I'll take a look at the details in the next couple of days and update this thread. In the meantime, @Bosse_B, would this be interesting to you? If so...
  • Would each Pi need a different SSID/password, or would they all be the same. Either is possible, just changes where things get done.
  • What is your timeframe for when this is needed?
Unless a customer wants to secure their installation the user/password could remain the same.
Actually I am thinking of adding a factory service account with sudo priviliges so that the devices could at least be managed by our service folks even if the device has a customer specific login.
I might as well remove the pi account, or possibly better rename it to our own selected name so that it will continue to operate just with a new name.

As time frames go I believe there is at least 2-3 months before this needs to be nailed down.
(Thanks for your input! Much appreciated!)
I just checked in an updated sdm with hotspot support (routed, bridged, or local only...your choice). All the hotspot parameters are obtained from a simple configuration file you supply with the --hotspot command switch.

sdm can easily add the factory service account for you, remove/rename the pi account, change the hostname (or not), burn SD Card images to disk files or an SD Card, add per-device special customizations, etc. On Tuesdays it will vacuum your house, and on Fridays it mows the lawn :lol:

In fact, everything that you've mentioned can be done with sdm.

If this is a commercial product, it seems to me that you would definitely want to have a tool that can easily and repeatedly build your images. And, if it isn't a commercial product, you probably would rather focus on building stuff for your project. Either way, sdm can do what you need (or I'll add it :roll: ), and will save you a TON of time.
Pi tools:
Quickly and easily build customized-just-for-you SD Cards: https://github.com/gitbls/sdm
Easily run your network's DHCP/DNS on a Pi: https://github.com/gitbls/ndm
Easy strongSwan VPN installer/manager: https://github.com/gitbls/pistrong
Lightweight Virtual VNC Config: https://github.com/gitbls/RPiVNCHowTo

Return to “Networking and servers”