wpa_supplicant

Synopsis

Project wpa_supplicant provides the complete set of utilities to configure and manage wireless interfaces

You can disable NetworkManager and configure, connect, and manage the wireless interfaces on your own. Optionally, you can use netplan to perform some of these tasks. But, in the minimal installation, you can also get rid of D-Bus, configure and start wpa_supplicant on your own. Depending on the use-case, you can manage wireless network by the CLI wpa_cli or GUI wpa_gui. This scheme provides complete, transparent, and secure management of wireless networks.

See also

Create a playbook

shell> cat lp.yml
---
- hosts: test_01
  become: true
  roles:
    - vbotka.linux_postinstall

Enable tasks import and install wpa_supplicant

By default, the management of wpa_supplicant is disabled

- name: Import wpasupplicant.yml
  ansible.builtin.import_tasks: wpasupplicant.yml
  when: ((ansible_os_family == 'RedHat') or
        (ansible_os_family == 'Debian')) and lp_wpasupplicant|bool
  tags: lp_wpasupplicant

Enable it if you want to proceed

lp_wpasupplicant: true

If you want to install or upgrade wpa_supplicant set

lp_wpasupplicant_install: true

Run the play

(env) > ansible-playbook lp.yml -t lp_wpasupplicant

Disable NetworkManager

By default, Ubuntu distributions come with netplan configured renderer NetworkManager

network:
  version: 2
  renderer: NetworkManager

This chapter doesn’t cover the configuration of NetworkManager. Instead, the use-cases described below require NetworkManager disabled.

See also

networkd

Optionally, you can use netplan and configure the wireless interfaces with the renderer networkd

network:
  version: 2
  renderer: networkd

It is also possible to use netplan to configure wpa_supplicant

network:
version: 2
wifis:
  wlan0:
    access-points:
      "TEST":
        password: "password"

In this chapter we don’t use netplan to configure wpa_supplicant. Instead, we use this Ansible role to create the wpa_supplicant configuration files. Later, we describe how to control wpa_supplicant services by the CLI utility wpa_cli and GUI wpa_gui.

See also

Configure wpa_supplicant services

The most important parts of this section are the configurations of the services and access points. Take a look at the wpa_supplicant services available at the remote host

test_01> systemctl list-unit-files | grep wpa
wpa_supplicant-nl80211@.service  disabled        enabled
wpa_supplicant-wired@.service    disabled        enabled
wpa_supplicant.service           disabled        enabled
wpa_supplicant@.service          disabled        enabled

Warning

This role doesn’t test whether an interface uses other services. It’s necessary to stop and disable such services before you run this Ansible role. Kill corresponding wpa_supplicants if they are still running. Otherwise, the restart of such an interface will crash.

In the below example we configure services:

  • wpa_supplicant@.service (3) and

  • wpa_supplicant-nl80211@.service (12)

 1lp_wpasupplicant_service_conf:
 2  - path: /lib/systemd/system
 3    service: wpa_supplicant@.service
 4    no_extra_spaces: true
 5    handlers:
 6      - 'reload systemd daemon'
 7    ini:
 8      - section: Service
 9        option: ExecStart
10        value: "{{ lp_wpasupplicant_bin }} -c/etc/wpa_supplicant/wpa_supplicant-%I.conf -i%I"
11  - path: /lib/systemd/system
12    service: wpa_supplicant-nl80211@.service
13    no_extra_spaces: true
14    handlers:
15      - 'reload systemd daemon'
16    ini:
17      - section: Service
18        option: ExecStart
19        value: "{{ lp_wpasupplicant_bin }} -c/etc/wpa_supplicant/wpa_supplicant-nl80211-%I.conf -Dnl80211 -i%I"

For details, see the examples at the end of this section.

See also

Configure access points

In the below example we configure the wpa_supplicant global parameters (1) and the interface wlan0 (8) with one disabled (17) access point (14). The configuration file /etc/wpa_supplicant/wpa_supplicant-nl80211-wlan0.conf will be created and the service wpa_supplicant-nl80211@wlan0.service (8,11) will be started (10) by the play. However, the service won’t be started (9) at the start of the system.

 1lp_wpasupplicant_conf_global:
 2  - {key: ctrl_interface, value: "{{ lp_wpasupplicant_conf_ctrl_interface }}"}
 3  - {key: ctrl_interface_group, value: adm}
 4  - {key: fast_reauth, value: 0}
 5  - {key: update_config, value: 1}
 6
 7lp_wpasupplicant_conf:
 8  - dev: wlan0
 9    enabled: false
10    state: started
11    type: nl80211
12    network:
13      - conf:
14          - {key: ssid, value: '"TEST"'}
15          - {key: psk, value: '"password"'}
16          - {key: pairwise, value: CCMP}
17          - {key: disabled, value: 1}

Example of the configuration file created from the above configuration

 1test_01> sudo cat /etc/wpa_supplicant/wpa_supplicant-nl80211-wlan0.conf
 2# Ansible managed
 3ctrl_interface=/run/wpa_supplicant
 4ctrl_interface_group=adm
 5fast_reauth=0
 6update_config=1
 7
 8network={
 9        ssid="TEST"
10        psk="password"
11        pairwise=CCMP
12        disabled=1
13}

Example of the running process

test_01> ps ax | grep wpa
  124727 ?        Ss     2:37 /usr/sbin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-nl80211-wlan0.conf -Dnl80211 -iwlan0

See also

Configure DHCP client

Set dhcp4: true (8) in the netplan configuration. In this case, when wpa_supplicant connects to an AP, netplan will start the DHCP client on the interface wlan0, will configure the resolver, and routing

 1test_01> sudo cat /etc/netplan/10-ethernets.yaml
 2# Ansible managed
 3network:
 4  version: 2
 5  renderer: networkd
 6  ethernets:
 7    wlan0:
 8      dhcp4: true
 9      dhcp6: false
10      match: {macaddress: '<sanitized>'}
11      set-name: wlan0

See also

Netplan - Example 2: Configure wifi interface by Netplan

Configure wpa_cli (optional)

Instead of the DHCP configuration in netplan you can use wpa_cli. Create the action file, by default /root/bin/wpa_action.sh (1), and declare the template wpa_action.sh.j2 parameters(2,3)

1lp_wpa_action_script: true
2lp_wpasupplicant_conf_ctrl_interface: /run/wpa_supplicant
3lp_wpa_action_script_dhclient: /usr/sbin/dhclient

The play will create the action file, by default /root/bin/wpa_action.sh

 1#!/bin/bash
 2
 3# Ansible template
 4# https://github.com/vbotka/ansible-linux-postinstall/templates/wpa_action.sh.j2
 5# Example how to activate the script
 6# wpa_cli -B -i wlan2 -a /root/bin/wpa_action.sh
 7
 8ifname=$1
 9cmd=$2
10
11dhclient="/usr/sbin/dhclient"
12pidfile="/var/run/dhclient.$ifname.pid"
13options_connect="-4 -nw -pf $pidfile -v"
14options_disconnect="-4 -r -pf $pidfile -v"
15logfile="/tmp/wpa_action.$ifname"
16date_format="+%F %T" # Date format in the log messages
17
18my_date=$(date +"$date_format")
19printf '%b\n' "$my_date $ifname: $cmd \n" >> "$logfile"
20
21if [ "$cmd" == "CONNECTED" ]; then
22    # SSID=`wpa_cli -i$ifname status | grep ^ssid= | cut -f2- -d=`
23    $dhclient "$options_connect" "$ifname"
24fi
25if [ "$cmd" == "DISCONNECTED" ]; then
26    $dhclient "$options_disconnect" "$ifname"
27fi
28exit 0

See also

  • Install wpa_gui

  • Install script contrib/wpa_ctl. Quoting:

    wpa_ctl facilitates the control of wireless interfaces without the NetworkManager (NM). Typically, it brings up an interface and starts wpa_supplicant. Optionally, it starts also wpa_cli and wpa_gui. You have to disable NM and wpa_supplicant services if you want to use wpa_gui. Do not configure the interface in netplan if you want to use wpa_cli. See the notes. Run ‘wpa_ctl -n’.

Examples