I’m trying to implement proper wifi connection management in a python container on Torizon. All commands to connect to a new SSID, to disconnect, to disable wireless transmitters, to request a password etc. are done by MQTT messages. A web application that is running in kiosk mode sends those messages and replies to requests eg. for a password. I have tried running a command server in Torizon that could run nmcli on the OS, but it’s difficult to get a nice user experience that way because you can’t see what is happening in the UI. On top of that, the command runner service is a serious security issue.
Next, I tried to recreate the nmcli tool using Python and the NetworkManager DBus interface. I can get some basic functionality working, but I see a lot of objects appearing and disappearing, especially AccesPoints. I could not find a way to reliably create and establish a connection to a new, unknown, and secured SSID. There are virtually no samples that show how to do this or what is expected from an application point of view.
I found a couple of threads related to this on the forum:
but none show a working solution.
I suspect a lot of Toradex clients need this and I think a solution by Toradex would be much appreciated by many. I have a GitHub repository that I can share with Toradex engineers to have a look at. I really hope we can come to a nice solution as I have invested a lot of time in this already.
I’ve done a bit of playing in the past with NetworkManager and DBUS. I was able to establish a connection to my home WIFI using this example:
I’ve also played a bit with running nmcli/nmtui from containers but I don’t have anything reproducible. As I recall it was just a matter of mapping the DBUS socket into the container. The big issue with this approach is that the apt package dependencies assume you want all of NetworkManager and systemd to be able to get the CLI installed.
My recommendation would be to use the DBUS API to do this. If you have specific tasks you cannot figure how to do, we can see what we can do to help.
Thanks for your reply. I agree that the DBUS API is the way to go, but the code you shared has a lot of loose ends. For example, there’s no way to request a password through a user interface. This I think must be done with a SecretAgent registered to the NetworkManager. There’s no monitoring of the active connection or signal strength, to be reported back to the UI. There’s no difference between creating a connection for a secure network and an open network. A connection is only created but never activated in your code, so I don’t think one could actually switch networks with this. I can share with you my project in its current state if you share with me your GitHub account.
Adding a new unsecured network is working. The connection is added and activated properly and DBUS sends notifications as expected. When the SSID is password protected, an MQTT message should be generated to ask for that password, and a second MQTT message should return with the given password or cancel. I get a password request in the SecretAgent but the MQTT message is not generated. Then there’s a timeout and the network manager decides to reconnect with the last used SSID, but no DBUS notifications are generated.
Also, DBUS is continuously monitored for changes in AccessPoints and signal strength, to report back to the UI. Sometimes however the AccessPoint objects are already gone when I try to read their properties. A lot of AccessPoint objects are created anyway, which is a bit strange to me but I don’t have that much experience with DBUS or NetworkManager.