Procd service restart on contained wg0 interface configuration

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi there. I'm attempting to have a procd service restart if it detects that a WireGuard configuration occurs. I'm able to determine the trigger for the service. Here's how I configure WireGuard:

ip netns delete container || true
ip netns add container
ip link delete wg0 || true
ip link add wg0 type wireguard
ip link set wg0 netns container
ip -n container addr add $VPN_CLIENT_IP/32 dev wg0
ip netns exec container \
  wg set wg0 \
    listen-port 51820 \
    private-key $VPN_CLIENT_KEY_PATH \
    peer $VPN_SERVER_PUB_KEY \
    persistent-keepalive 25 \
    allowed-ips 0.0.0.0/0 \
    endpoint $VPN_SERVER_HOST
ip -n container link set wg0 up
ip -n container route add default dev wg0

i.e. a container is created having moved the wg0 interface into it.

I had thought that if I change the contents of some file then that might cause procd to reload my service, but it looks as though an explicit reload of the service is required.

The twist to this is that my configuring WireGuard is oblivious of what services depend on it. Therefore, an explicit reload is to be avoided as I'd have to maintain a list of those dependent services.

Here's my (incorrect) procd config so far:

#!/bin/sh /etc/rc.common

USE_PROCD=1
START=95
STOP=01

start_service() {
    procd_open_instance
    procd_set_param command /sbin/ip
    procd_append_param command netns
    procd_append_param command exec
    procd_append_param command container
    procd_append_param command /tmp/a
    procd_set_param netdev wg0
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_set_param file /var/run/test
    procd_set_param respawn
    procd_close_instance
}

service_triggers()
{
    procd_add_reload_interface_trigger wg0
}

reload_service()
{
    echo "Config changed"
    stop
    start
}

Thanks for any help.

2

I've also tried using the watch sub command to watch ubus state. I've not been able to find any examples on the format of the name=value syntax. I was hoping that the following command could be trapped by my procd scripts to cause a reload:

ubus send foo '{ "bar": "baz" }'

updated procd script:

#!/bin/sh /etc/rc.common

USE_PROCD=1
START=95
STOP=01

start_service() {
    procd_open_instance
    procd_set_param command /sbin/ip
    procd_append_param command netns
    procd_append_param command exec
    procd_append_param command container
    procd_append_param command /tmp/a
    procd_set_param stdout 1
    procd_set_param stderr 1
    procd_set_param watch foo
    procd_set_param respawn
    procd_close_instance
}

reload_service()
{   
    echo "Config changed"
    stop
    start
}

The script doesn't appear to trigger though. I'm obviously doing something incorrect.

3

Maybe this will help.

Is there a reason you're not using OpenWrt configs for this (i.e. editing /etc/config/network)?

Have you tried that?

4

Thanks for the reply. The method shown has been working well for the network namespace scenario, and something that I picked up from reading up on various blogs. I could spend some time trying the uci approach. However, it’d be great to learn of a solution with the above ip command based approach if there is one.

1 Like