NetworkManager dispatcher scripts

Woodsman · 07-08-2013, 04:20 PM

Quote:

You absolutely have to have your uuid in the script as that is how it know to run the script.

Where is this defined? I see only a vague reference in the man page to $CONNECTION_UUID.

That said, I see part of the problem. NM runs outside any user environment. Originally in my test script I used $TMP rather than /tmp. There was no file in $TMP but eventually I found the file in /. That always happens when environment variables are not defined.

Here is my test script:

Code:

#!/bin/sh

INTERFACE=$1
STATUS=$2

WIRED_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wired | grep -v grep | cut -d = -f 2`"

if [ "$CONNECTION_UUID" = "$WIRED_UUID" ]; then
  case $STATUS in
    up)
      echo "$INTERFACE ($WIRED_UUID) is up." >> /tmp/int-status
      ;;
    down)
      echo "$INTERFACE ($WIRED_UUID) is down." >> /tmp/int-status
      ;;
  esac
fi

I named the script 10_test.sh. Permissions are 755, root:root. I have two files /etc/NetworkManager/system-connections: Wired and Wireless. My script greps and grabs the UUID of the wired connection. I could copy and paste the UUID into the script but this way works too.

I rebooted the laptop with the cable connected. I verified the wired connection was active. Then I pulled the cable. The 'nmcli d' command indicated the cable was no longer available. Eventually I found the output file and then changed the output to /tmp.

That said, I then commented out the if and fi statements. The script still works every time I pull and connect the cable. Yes, without the if/fi statements the test script will always respond to any up or down event, although I have not tested toggling the wireless switch.

I suspect another problem is echo statements are not routed to stdout. Without a typical user environment, they disappear into the bit bucket unless redirected to a file or log. That does not explain why previous scripts failed. I'm still foggy about this whole UUID "requirement."

I still have to test re-running the firewall script on an up/down event. I'll post later.

manwichmakesameal · 07-08-2013, 05:48 PM

Your $CONNECTION_UUID is what you are going to see when you run nmcli con after you have your network defined through NM. When you run it, you'll get output similar to this:

Code:

NAME                      UUID                                   TYPE              TIMESTAMP-REAL                    
test                      59a36d2c-cf8e-4d34-b2c0-1e31cfa6112f   vpn               Sun 09 Jun 2013 06:32:24 PM CDT   
linksys 1                 0c6598d3-a4f3-4d97-a0af-455475bbcdbf   802-11-wireless   Tue 25 Jun 2013 07:00:42 PM CDT   
Wired connection 1        09787076-5e84-4cc9-806c-76b3b25b815e   802-3-ethernet    Sat 06 Jul 2013 07:47:26 PM CDT   
Sprint connection         24020f77-bf6f-4f3d-8fa4-41e50e11053b   cdma              Sun 09 Jun 2013 06:40:19 PM CDT   
linksys                   d4fb2a82-5768-4d60-a479-a0a186da46c0   802-11-wireless   Tue 25 Jun 2013 05:29:05 PM CDT

The UUID is going to be your $CONNECTION_UUID. Substitute that key in your script.

Woodsman · 07-08-2013, 07:13 PM

My test script was good enough for proof of concept.

My next step was to use the same basic script and add support to run my firewall script:

Code:

#!/bin/sh

INTERFACE=$1
STATUS=$2

WIRED_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wired | grep -v grep | cut -d = -f 2`"
WIRELESS_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wireless | grep -v grep | cut -d = -f 2`"

restart_firewall () {
if [ -x /etc/rc.d/rc.firewall ]; then
  /etc/rc.d/rc.firewall start
fi
}

if [ "$CONNECTION_UUID" = "$WIRED_UUID" ]; then
  case $STATUS in
    up)
      echo "$INTERFACE ($WIRED_UUID) is up." >> /tmp/int-status
      restart_firewall
      ;;
    down)
      echo "$INTERFACE ($WIRED_UUID) is down." >> /tmp/int-status
      restart_firewall
      ;;
  esac
fi

The echo statements remain in the script. The tmp file still updates when eth0 is down or up. When I pull the cable, NM shows in /var/log/syslog the script exited with error status 1. There are no clues why the dispatcher script won't run the rc.d script.

allend · 07-08-2013, 07:30 PM

Quote:

There are no clues why the dispatcher script won't run the rc.d script.

Unnecessary use of grep?

Code:

WIRED_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wired | grep -v grep | cut -d = -f 2`"
WIRELESS_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wireless | grep -v grep | cut -d = -f 2`"

might be better as

Code:

WIRED_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wired | cut -d = -f 2`"
WIRELESS_UUID="`grep uuid= /etc/NetworkManager/system-connections/Wireless | cut -d = -f 2`"

manwichmakesameal · 07-08-2013, 07:36 PM

I'm no expert, but I would go with actually using the UUID instead of the grep command. It very well may not make a difference, but I would try it. It took me a lot of messing around with my scripts and the only way it would work is the way that I have them set. I also wouldn't use a function for starting the firewall script. If you know that the file is there, just run it. I'm not sure how NM handles dispatcher scripts with functions in them. It SHOULD handle them fine, but who knows.

edit: Just copied your script and made some changes for testing. Here is what I used:

Code:

#!/bin/sh

INTERFACE=$1
STATUS=$2

restart_firewall () {
if [ -x /etc/rc.d/rc.firewall* ]; then
  echo "There is a firewall script!" > /tmp/firewalltest
fi
}

if [ "$CONNECTION_UUID" = "8ce64a46-14a9-4f7b-a9f9-ee4bb9094ffc" ]; then
  case $STATUS in
    up)
      #echo "$INTERFACE is up." >> /tmp/int-status
      #restart_firewall
      echo "There is a firewall script!" > /tmp/firewalltest
      ;;
    down)
      echo "$INTERFACE is down." >> /tmp/int-status
      #restart_firewall
      ;;
  esac
fi

This works. Putting the echo statements into a function didn't work at all. I also tried having the case switch call an outside script, like rc.firewall, and that also worked.

Woodsman · 07-08-2013, 09:33 PM

I updated the script with hard-coded UUIDs and moved the function directly into the case statements. Same results.

In my test script I then ran a test of redirecting the set command to my /tmp file. I noticed the PATH variable does not include any standard root directories, such as /sbin and /usr/sbin. That could explain why NM won't execute the firewall script --- in Slackware the iptables command is located at /usr/sbin/iptables.

Next I tested explicitly declaring $PATH in my dispatcher test script. My /tmp file confirmed the explicit $PATH variable was being used, but again NM failed to run the firewall script with the same error status 1 failure.

Possibly I don't have something configured correctly that causes NM to puke.

I don't expect to regularly pull or insert the network cable. I'm dispensing with trying to script anything with the dispatcher other than absurdly simple scripts. I'll just resign NM to the category of poorly designed software.

Thanks much for all your help and patience.

manwichmakesameal · 07-08-2013, 09:48 PM

It looks like you are basically trying to run a firewall script when your connection changes. Here is my script that calls my rc.firewall.wlan0 when I connect to my wireless.

Code:

#!/bin/sh

interface=$1 status=$2
if [ "$CONNECTION_UUID" = "8ce64a46-14a9-4f7b-a9f9-ee4bb9094ffc" ]; then
  case $status in
    up)
      /etc/rc.d/rc.firewall.wlan0 start
      ;;
    down)
      /etc/rc.d/rc.firewall.wlan0 stop
      ;;
  esac
fi

My rc.firewall.wlan0 script was generated from AlienBOB's efg page. Maybe this helps?

Woodsman · 07-08-2013, 11:23 PM

I suspect the NM scripting abilities are primitive. My firewall script is complicated and covers several use cases. Long ago I had one script for each use case and then one day decided to merge them into one script. I suspect the script is too complicated for NM.

That said, after my previous post I pondered whether stripping the script into only a bunch of iptables command might work. I have a hunch probably, but my mind is too beat up after the past week configuring and tweaking the laptop. This is my first laptop and although much is similar to a desktop system, enough is different too. For now I'm content with the week's efforts and the laptop is working in the comfort of my living room using wireless. I'm getting about -47dBm and 23 MB/s. All acceptable for a web surfing machine.

One day I might test a stripped version of the firewall script. Hopefully I'll remember to post something here.