Mirrors/network
1
0
Fork 0
mirror of https://github.com/linux-system-roles/network.git synced 2026-01-23 02:15:17 +00:00
Code Issues Projects Releases Wiki Activity

wifi: Add Opportunistic Wireless Encryption (OWE) support

Browse source 
Enable WPA3 OWE support via:

    ```yaml
    network_connections:
      - name: wlan0
        type: wireless
        wireless:
          ssid: "WIFI_SSID"
          key_mgmt: "owe"
    ```

Integration test case was included for Fedora and CentOS. ( Failed in setting up the
mock wifi on RHEL, so skipped the integration test on RHEL)

Signed-off-by: Wen Liang <liangwen12year@gmail.com>
This commit is contained in:
Wen Liang 2021-02-21 11:18:00 -05:00 committed by Gris Ge
parent ae2d60a0b2
commit 2444e27cce
9 changed files with 195 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.yamllint.yml
View file

@ -23,3 +23,5 @@ rules:
/tests/tests_team_plugin_installation_nm.yml
/tests/tests_ethtool_coalesce_initscripts.yml
/tests/tests_ethtool_ring_initscripts.yml
/tests/tests_wireless_wpa3_owe_nm.yml
/tests/tasks/setup_mock_wifi_wpa3_owe.yml

23
README.md
View file

@ -261,8 +261,8 @@ the ansible role.
#### `type: wireless`
The `wireless` type supports WPA-PSK (password) authentication and WPA-EAP (802.1x)
authentication.
The `wireless` type supports WPA-PSK (password) authentication, WPA-EAP (802.1x)
authentication, and Enhanced Open (OWE).
`nm` (NetworkManager) is the only supported `network_provider` for this type.
@ -272,7 +272,13 @@ If WPA-EAP is used, ieee802_1x settings must be defined in the
The following options are supported:
- `ssid`: the SSID of the wireless network (required)
- `key_mgmt`: `wpa-psk` or `wpa-eap` (required)
- `key_mgmt` (required)
Any key from following key list:
- `owe`
- `wpa-eap`
- `wpa-psk`
- `password`: password for the network (required if `wpa-psk` is used)
### `autoconnect`
@ -845,6 +851,17 @@ network_connections:
domain_suffix_match: example.com
```
Configuring Enhanced Open(OWE):
```yaml
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "WIFI_SSID"
key_mgmt: "owe"
```
### Invalid and Wrong Configuration
The `network` role rejects invalid configurations. It is recommended to test the role

12
examples/wireless_wpa3_owe.yml Normal file
View file

@ -0,0 +1,12 @@
# SPDX-License-Identifier: BSD-3-Clause
---
- hosts: all
vars:
network_connections:
- name: wlan0
type: wireless
wireless:
ssid: "My Enhanced Open(OWE) Network"
key_mgmt: "owe"
roles:
- linux-system-roles.network

1
module_utils/network_lsr/argument_validator.py
View file

@ -1194,6 +1194,7 @@ class ArgValidator_DictWireless(ArgValidatorDict):
VALID_KEY_MGMT = [
"wpa-psk",
"wpa-eap",
"owe",
]
def __init__(self):

7
tests/ensure_provider_tests.py
View file

@ -84,6 +84,13 @@ NM_ONLY_TESTS = {
EXTRA_RUN_CONDITION: "ansible_distribution_major_version == '7'",
},
"playbooks/tests_wireless_plugin_installation.yml": {},
"playbooks/tests_wireless_wpa3_owe.yml": {
"comment": "# OWE has not been supported by NetworkManager 1.18.8 on \
RHEL 7(dist-tag). Failed in setting up mock wifi on RHEL 8",
EXTRA_RUN_CONDITION: "ansible_distribution_major_version > '7' and \
ansible_distribution == 'CentOS' or\n ansible_distribution_major_version > '32' \
and ansible_distribution == 'Fedora'",
},
}
# NM_CONDITIONAL_TESTS is used to store the test playbooks which are demanding for NM
# minimum version or extra running condition, test playbooks in NM_CONDITIONAL_TESTS

43
tests/playbooks/tests_wireless_wpa3_owe.yml Normal file
View file

@ -0,0 +1,43 @@
# SPDX-License-Identifier: BSD-3-Clause
---
- hosts: all
vars:
interface: wlan0
tasks:
- name: "INIT: wireless tests"
debug:
msg: "##################################################"
- include_tasks: tasks/setup_mock_wifi_wpa3_owe.yml
- block:
- name: "TEST: wireless connection with OWE"
debug:
msg: "##################################################"
- import_role:
name: linux-system-roles.network
vars:
network_allow_restart: true
network_connections:
- name: "{{ interface }}"
state: up
type: wireless
ip:
address:
- 203.0.113.2/24
dhcp4: "no"
auto6: "no"
wireless:
ssid: "hostapd-owe"
key_mgmt: "owe"
- name: "Verify connection profile"
shell:
nmcli c show {{ interface }} | grep 802-11-wireless-security.key-mgmt
register: key_mgmt
ignore_errors: yes
changed_when: false
- name: "Assert that OWE is configured correctly"
assert:
that:
- "'owe' in key_mgmt.stdout"
msg: "OWE is configured incorrectly"

57
tests/tasks/setup_mock_wifi_wpa3_owe.yml Normal file
View file

@ -0,0 +1,57 @@
# SPDX-License-Identifier: BSD-3-Clause
---
- name: Install packages required to set up mock wifi network
package:
name:
- NetworkManager
- wpa_supplicant
state: present
# Even though hostapd can be installed via EPEL 8, Opportunistic Wireless Encryption
# (OWE) has not been enabled by default. To warrant the test support on RHEL(dist-tag),
# we setup hostapd copr repo to enable OWE option.
- name: install hostapd and mac80211_hwsim kernel module in CentOS 8
shell: |
dnf -y copr enable liangwen12year/hostapd-owe
dnf -y install hostapd
release=$(uname -r)
tmp="${release/-//}"
tmp="${tmp/.x//x}"
dnf -y install https://koji.mbox.centos.org/pkgs/packages/kernel/$tmp/kernel-core-$release.rpm
dnf -y install https://koji.mbox.centos.org/pkgs/packages/kernel/$tmp/kernel-modules-$release.rpm
dnf -y install https://koji.mbox.centos.org/pkgs/packages/kernel/$tmp/kernel-modules-internal-$release.rpm
when:
- ansible_distribution_major_version == '8'
- ansible_distribution == 'CentOS'
- name: install hostapd in Fedora
shell: |
dnf -y copr enable liangwen12year/hostapd-owe
dnf -y install hostapd
when:
- ansible_distribution == 'Fedora'
- name: install mac80211_hwsim kernel modules in Fedora
shell: |
dnf -y install koji
koji download-build --arch=$(uname -p) kernel-modules-internal-$(uname -r)
dnf -y install kernel-modules*.rpm
when:
- ansible_distribution == 'Fedora'
- name: Create hostapd config
copy:
content: |
interface=wlan1
ssid=hostapd-owe
hw_mode=g
channel=6
wpa=2
wpa_key_mgmt=OWE
rsn_pairwise=CCMP
ieee80211w=2
nas_identifier=ap.example.com
dest: /etc/hostapd/wireless.conf
mode: "0644"
- include_tasks: tasks/start_mock_wifi.yml

31
tests/tasks/start_mock_wifi.yml Normal file
View file

@ -0,0 +1,31 @@
# SPDX-License-Identifier: BSD-3-Clause
---
- name: Ensure NetworkManager is running
service:
name: NetworkManager
state: started
- name: Load mac80211_hwsim kernel module to mock a wifi network
shell: modprobe mac80211_hwsim radio=2 && sleep 5
changed_when: false
- name: Restart NetworkManager and wpa_supplicant
service:
name: "{{ item }}"
state: restarted
with_items:
- NetworkManager
- wpa_supplicant
- name: Bring up wlan0 and wlan1 (mock wifi interfaces)
shell: |
ip link set up wlan0
ip link set up wlan1
nmcli device set wlan1 managed off
ip addr add 203.0.113.1/24 dev wlan1
sleep 5
changed_when: false
- name: Start hostapd
shell: hostapd -B /etc/hostapd/wireless.conf && sleep 5
changed_when: false

22
tests/tests_wireless_wpa3_owe_nm.yml Normal file
View file

@ -0,0 +1,22 @@
# SPDX-License-Identifier: BSD-3-Clause
# This file was generated by ensure_provider_tests.py
---
# set network provider and gather facts
- hosts: all
name: Run playbook 'playbooks/tests_wireless_wpa3_owe.yml' with nm as provider
tasks:
- name: Set network provider to 'nm'
set_fact:
network_provider: nm
tags:
- always
# The test requires or should run with NetworkManager, therefore it cannot run
# on RHEL/CentOS 6
# OWE has not been supported by NetworkManager 1.18.8 on RHEL 7(dist-tag). Failed in setting up mock wifi on RHEL 8
- import_playbook: playbooks/tests_wireless_wpa3_owe.yml
when:
- ansible_distribution_major_version != '6'
- ansible_distribution_major_version > '7' and ansible_distribution == 'CentOS' or
ansible_distribution_major_version > '32' and ansible_distribution == 'Fedora'