Packaging Omada Controller for NixOS Linux
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hi, I am looking to package Omada Controller for NixOS Linux and have a few questions:
1. The only way I can see to grab tarballs is from link on https://www.tp-link.com/us/support/download/omada-software-controller/ . Is there a better place to grab this program?
2. I see in another thread that people are running v4 on linux... where is this coming from? (I do not see v4 for linux at the above url).
Any other tips? I have very limited experience with Omada Controller but I have packaged a few things on NixOS already.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
goertzenator wrote
1. The only way I can see to grab tarballs is from link on https://www.tp-link.com/us/support/download/omada-software-controller/ . Is there a better place to grab this program?
2. I see in another thread that people are running v4 on linux... where is this coming from? (I do not see v4 for linux at the above url).
1) No. The TAR archive at the linked site is the official version from TP-Link.
2) How about this post (3rd from top of this subforum)?
However, as I understand NixOS uses its own package manager. Can this package manager process .deb packages?
- Copy Link
- Report Inappropriate Content
Thanks! So is "ftp.rent-a-guru.de" the authoritative source for community packages? Are these repacks of the official versions or is there another source? Just want to make sure I'm grabbing the right thing...
NixOS can indeed take apart .debs and put the pieces were it likes. I'll start chewing on it and see where I get.
- Copy Link
- Report Inappropriate Content
goertzenator wrote
So is "ftp.rent-a-guru.de" the authoritative source for community packages?
It's the source for this particular package which I call »Community Version (CV)« b/c it's from me (community member) to you, the reader (also a community member) made available on my FTP server. :-)
There is also at least one up-to-date docker image maintained by community member Ronald1965 which is hosted in the docker repository.
Are these repacks of the official versions or is there another source?
Yes, it is the official Java code re-packed to a .deb package. See the first post in the linked thread, at the end of the post you find a note describing the differences between the official and the CV package. This are not really different »versions«, since the Omada Java classes are always based on the same, official version which is proprietary code owned by TP-Link. One cannot get the sources for this software.
Reason for the re-packaging was a serious root expoit in the Java code due to missing Privilege Separation, wrong file permissions, bugs in the start/stop script and bundling with old binaries in the official versions of former EAP Controller V2.4 and V2.5 for Linux/Windows and V2.6, which back then was available for Windows only.
Since bug fixes did last way too long for my business, I created a V2.6 for Linux by using the Java classes from the official Windows package, adding Privilege Separation to mitigate against root privilege escalation, correcting file ownerships and by removing bundled binaries to make the package architecture-independent.
This V2.6 CV came out long before next official version for Linux, which was V2.7 (this official release did skip V2.6 silently, but still had all mentioned bugs from V2.4). You can find the gory details in several old posts here in the forum.
Starting with version V3.0 of the – meanwhile renamed – Omada Controller TP-Link added some of the enhancements from the community version V2.6 to the official version, e.g. Privilege Separation and some critical bug fixes in the start/stop script. This was the first official version which eventually solved the Java privilege escalation bug.
With the release of Omada SDN Controller V4.1.5 the official version also removed previously bundled binaries (JRE8, mongodb).
Current community version 4.1.5 fixed two bugs with pathnames in Java property files, which in the official release will be fixed in the next release. Also, the management script omadactl is present only in the community version. Another enhancement of the CV is omadactl's feature to switch between different versions of Omada Controller, which can be installed at the same time. This was temporarily removed in V3, but added again for V3/V4 controllers with the release of V4.1.
- Copy Link
- Report Inappropriate Content
Thank you for the excellent information, it helps a great deal. It's clear to me now that the NixOS package should be based on the Windows binary and do manipulations similar to what you've done to package a .deb (such as drop embedded mongo/jre, add new scripts). Your .deb will be a good reference for where I need to go.
- Copy Link
- Report Inappropriate Content
@goertzenator, unfortunately you can't base a Linux version on Windows Java classes anymore since V3.0.1. Reason is that there are some calls identifying the OS the controller runs on. Windows Java classes won't start at all on a Linux server.
I recommend yoy take the latest CV as a starting base. If you don't trust the copies of official Java files in the CV, you can replace them by the Java classes from the official Linux version – but that would be a huge waste of time since they are byte for byte identical.
Also better use the existing omadactl rather than building your own (you would need a profound Linux knowledge and experience to do so). But much more important is the UNIX/Linux principle of not re-inventing the wheel again and again. omadactl is a portable shell script, thus comes as open source, can be audited for bugs by everyone and should run on NixOS, too. Historically, the community version of omadactl (former name: tpeap) was needed b/c official control.sh/tpeap scripts did lack essential functions.
Next reason to use omadactl is that it still supports Privilege Separation for older controller versions (some users still need to run controller version V2.7 for management of EAP120/220) and the fact that omadactl allows to switch between different versions of Omada Controller installed at the same time.
If you insist to re-invent the start/stop script, I recommend to base it on control.sh from the official version as a blue-print.
Only thing I will never ever support in the CV are native systemd scripts (see »reinventing the wheel« if you wonder why). Rather I urge people to switch over to systemd-free Devuan (https://devuan.org) instead of jumping on the systemd train, which IMO is the gravedigger of the UNIX philosophy if not the whole Linux OSS scene at all.
- Copy Link
- Report Inappropriate Content
@R1D2 I've finally had some time work on this and am making good progress. I've been using version 3, but I will flip it to your version 4 CV before I am done.
I've had good luck splitting the program up into read-only and writable parts (as required by NixOS) by changing paths in properties/, but I now see there is value in splitting the properties/ dir to a seperate location too. From what I can tell the program finds the properties dir as a relative path to the .jar files. It seemed to ignore the current working directory. Are you aware of any tricks, such as environment variables, that I can use to direct it elsewhere?
UPDATE: I am having good luck with "-D" parameters so I can specify the writable dir and other parameters at runtime. I think I am good for now!
- Copy Link
- Report Inappropriate Content
My first good attempt at packaging Omada Controller 4:
https://github.com/goertzenator/nixpkgs/commit/6b1c1f980c597c0d93df13b01f16fb955ae056c4
It is *not* working... mongod cannot be started for reasons unknown (log below). A few random notes:
- This implemtation is derived from the Community Edition 4.1.5.
- NixOS requires separation of mutable data from read-only program code. The properties files were modified to achieve this.
- I actually had Omada Controller 3 working; it seemed to have more hooks for splitting up the immutable and mutable parts, and importantly a setting for specifying the mongod to use. But, I want version 4...
- A NixOS module directly invokes "java" with the right arguments to start the program.
2020-08-27 11:24:39 [log4j-thread] [INFO]-[SourceFile:29] - success to load configuration omada.properties
2020-08-27 11:24:39 [main] [INFO]-[SourceFile:75] - going to start local mongod.
2020-08-27 11:26:19 [main] [WARN]-[SourceFile:142] - Fail to start mongo DB server
2020-08-27 11:26:19 [main] [WARN]-[SourceFile:78] - com.tplink.omada.start.a.a: Fail to start mongo DB server
com.tplink.omada.start.a.a: Fail to start mongo DB server
at com.tplink.omada.start.b.d.a(SourceFile:143) ~[omada-start.jar:?]
at com.tplink.omada.start.b.b.e(SourceFile:75) [omada-start.jar:?]
at com.tplink.omada.start.OmadaBootstrap.d(SourceFile:209) [omada-start.jar:?]
at com.tplink.omada.start.OmadaBootstrap.q(SourceFile:273) [omada-start.jar:?]
at com.tplink.omada.start.OmadaBootstrap.a(SourceFile:86) [omada-start.jar:?]
at com.tplink.omada.start.OmadaBootstrap.e(SourceFile:231) [omada-start.jar:?]
at com.tplink.omada.start.OmadaLinuxMain.b(SourceFile:80) [omada-start.jar:?]
at com.tplink.omada.start.OmadaLinuxMain.main(SourceFile:25) [omada-start.jar:?]
I am posting this work here in case anybody wants to assist me (nudge nudge tp-link people ;) or carry on with the project themself. A quick reference to using this under NixOS:
To /etc/nixos/configuration.nix add..
services.omadad.enable = true;
.. and then test it with...
git clone https://github.com/goertzenator/nixpkgs mynixpkgs
nixos-rebuild test -I nixpkgs=./mynixpkgs
There are also better ways to test services if you don't want to mess with your running system: https://www.reddit.com/r/NixOS/comments/ih4nik/nixos_module_development_workflow/
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1421
Replies: 7
Voters 0
No one has voted for it yet.