Ping not working and possible bug - /etc/dropbear/authorized_keys seems to be destroyed by OpenWisp

[jordipalet]

I got the same problem as in https://github.com/orgs/openwisp/discussions/923 in a number of devices in our initial testing of OpenWisp2.

The OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY: "False" in the vars section of the playbook didn't helped.

(actually I'm not sure if the right format is that one or OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY=false)

Using option management_interface 'br-lan' in the OpenWRT device config file fixed it.

However I also discovered what I think is a bug.

The /etc/dropbear/authorized_keys seems to be destroyed by OpenWisp. Instead of adding the key, it re-creates the file, so previous keys are lost? Or I did something wrong?

[nemesifier]

I got the same problem as in https://github.com/orgs/openwisp/discussions/923 in a number of devices in our initial testing of OpenWisp2.

The OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY: "False" in the vars section of the playbook didn't helped.

(actually I'm not sure if the right format is that one or OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY=false)

I need to see the playbook in order to advice.

The right syntax in Python is OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY = False, you can check /opt/openwisp2/openwisp2/settings.py to verify.

Using option management_interface 'br-lan' in the OpenWRT device config file fixed it.

However I also discovered what I think is a bug.

The /etc/dropbear/authorized_keys seems to be destroyed by OpenWisp. Instead of adding the key, it re-creates the file, so previous keys are lost? Or I did something wrong?

Keys are supplied as files, which replace the target file entirely. If you don't want to overwrite the pre-exiting keys, add them to the template.

[jordipalet]

This is the playbook (some data redacted)

- hosts: openwisp2 become: "{{ become | default('yes') }}" roles: - openwisp.openwisp2 vars: openwisp2_default_from_email: "[email protected]" OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY: "False" openwisp2_ssl_cert: "/opt/openwisp2/nginx-conf/openwisp2/fullchain.pem" openwisp2_ssl_key: "/opt/openwisp2/nginx-conf/openwisp2/privkey.pem"

(I was following the syntax from the email previous line)

In settings.py, what I should find if the playbook is correct?

[jordipalet]

As code it doesn't shows well, so here is it again:

• hosts: openwisp2
  become: "{{ become | default('yes') }}"
  roles:
  • openwisp.openwisp2
    vars:
    openwisp2_default_from_email: "[email protected]"
    OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY: "False"
    openwisp2_ssl_cert: "/opt/openwisp2/nginx-conf/openwisp2/fullchain.pem"
    openwisp2_ssl_key: "/opt/openwisp2/nginx-conf/openwisp2/privkey.pem"

I just tested running the playbook with
OPENWISP_CONTROLLER_MANAGEMENT_IP_ONLY = False

the it complains
[ERROR]: YAML parsing failed: While scanning a simple key could not find expected ':'.

[nemesifier]

That wont't work.

Refer to openwisp2_extra_django_settings or openwisp2_extra_django_settings_instructions in the Ansible Role Variables docs page.

[jordipalet]

Ok tks a lot! now I correctly understood the place to config those settings.

Another issue I'm having, is that two different OpenWRT boxes both in AP mode, having identical openwisp config, one of them is showing in the log every few seconds:
daemon.err openwisp: Failed to connect to controller while getting checksum: curl exit code 28

However, both are getting the ping correctly, health status is OK, etc., so not able to see what could be the reason.

[nemesifier]

Let's open a new discussion for further issues please.

Provide your openwisp-config sample, give us proper context and we'll help out.