Omada Controller 3.0.2 for Linux (including new tpeap v1.4)
Update 2020-04-30: Omada EAP Controller 3.2.10 community version has just been released.
There is now a .deb-package available for easy installation on Debian, Raspbian and any other Debian-based Linux. The steps below are not necessary anymore for the installation of Omada Controller using the dpkg package manager.
The following (now obsolete) post is still here for reference only:
Hello world!
TP-Link just released the latest version of Omada Controller 3.0.2. Thanks to a tip from forum user humor_amarillo I got my hands on it early. So here it is, baked in just no time: The community version of
Omada EAP Controller 3.0.2 for Linux
Last update: 2018-08-28 22:40
What's new in this version?
- Cloud support. See the official release notes on the TP-Link website.
- Auto-backup, but the Windows-way. See below for the Linux-way to do backups.
- From what I saw so far, the directory structure has been cleaned up. Photoshop file with icons from v2.7.0 has been removed from the images directory.
- GUI now seems much more cleaner, too. Well done, TP-Link!
- EAP Controller starts ~30% faster compared with v2.7.0.
- All steps in the initial wizard now can be skipped! Finally my feature request was honored, thanks to R&D very much!
What's new in the Linux release?
- Logo now shows »Community version« below the TP-Link logo, so you can recognize it better.
- Two new options for tpeap:
- dump lets you dump the database as well as the maps and keystores.
- restore lets you restore a database dump including maps and previous keystores.
- A surprise (see below).
Update #1: New tpeap 1.4 has been released (see this post for more details).
For your convenience, I have attached the new tpeap script v1.4 to this posting, too. It might be handy for doing a backup of your v2.7.0 installation, which can be easily restored in EAP Controller 3.0.2.
Update #2: The tpeap 1.4 just has been added to the TAR archive with Omada Controller 3.0.2. If you download the TAR archive as described below, you will get the new tpeap script already - no need to install it twice.
Standard disclaimer, as usual: Use at your own risk.
This community version (cv for short) is neither released nor supported by TP-Link and it still needs some testing.
Installation of the Linux version
— If you want to install the Linux version for the first time, please see this post first, replace the instructions in step 2 there with the instructions in the same step 2 in this post below and proceed with the remaining steps here when you have installed all the pre-requisites (eapc role account, Java JRE, mongodb database).
— If you already have installed Omada EAP Controller 2.7.0cv on your Linux system, just read on.
Step 1: Make a backup
Obviously, to make a backup, the old EAP Controller needs to be running. Download the tpeap script attached to this posting and install it (you can safely overwrite the old tpeap version in the 2.7.0cv Controller):
cp tpeap /opt/tplink/EAPController/bin/
Next, create a backup. You need to specify a directory for the database dump (else it uses the directory EAPC_HOME/backup):
tpeap dump /tmp/backup
tpeap will create the directory, copy your maps and keystore to it, and then execute mongodump, which dumps the database in binary BSON format into the backup archive. Now you can safely stop the EAP Controller.
Step 2: Download and extract the software
Download the TAR archive from https://rent-a-guru.de/ftp/eapc-3.0.2.tar.gz
Check the SHA256 sum:
$ sha256sum -b eapc-3.0.2.tar.gz
2b9c9ce54a3bc698b25901f1234aef79e3d1e51703a9af1dcaa8360c4b407f66 *eapc-3.0.2.tar.gz
9638bb2ed43d58169a33b52ea2be1d48482fae68a5d93028f162ff66f2b0c4ea *eapc-3.0.2.tar.gz
$
Step 3: Set up the EAP Controller
Installation is straight-forward: Extract the TAR archive as root in /opt/tplink, remove the symlink EAPController pointing to version 2.7.0cv and create a new one pointing to the EAPController-3.0.2 directory just extracted from the TAR archive. Easy, isn't it?
cd /opt/tplink
tar xvzf /your-download-dir/eapc-3.0.2.tar.gz
rm EAPController
ln -s EAPController-3.0.2 EAPController
Do a quick check wether the permissions and ownership has been set correctly (complete dialog shown here):
# ls -ld /opt/tplink/EAPController-3.0.2
drwxr-xr-x 13 eapc eapc 4096 Aug 21 05:53 /opt/tplink/EAPController-3.0.2
# ls -l /opt/tplink/EAPController-3.0.2
total 12
drwxr-xr-x 2 root root 6 Aug 21 05:27 backup
drwxr-xr-x 2 root root 55 Aug 21 02:11 bin
drwxr-xr-x 6 eapc eapc 55 Aug 21 05:53 data
drwxr-x--- 2 root eapc 39 Aug 21 01:30 keystore
drwxr-xr-x 2 root root 4096 Aug 21 01:30 lib
drwxr-xr-x 2 eapc eapc 58 Aug 21 05:53 logs
drwxr-xr-x 2 root root 22 Aug 21 03:18 man
drwxr-x--- 2 root eapc 4096 Aug 21 01:30 properties
drwxr-xr-x 2 root root 36 Aug 21 05:36 webapps
drwxr-xr-x 3 eapc eapc 32 Aug 21 05:53 work
#
Two more things: Install the symlink to the Java JRE:
cd /opt/tplink/EAPController
ln -s /where-your-JRE-lives/ jre
and the manpage of tpeap (you find it in the man subdirectory):
cp man/tpeap.man /usr/share/man/man8/tpeap.8
gzip -v --best /usr/share/man/man8/tpeap.8
My JRE resides under /opt/jvm, so it looks like this:
# ls -l jre
lrwxrwxrwx 1 root root 21 Aug 21 05:53 jre -> /opt/jvm/jre1.8.0_181
Important note for users of Ubuntu and probably other distros, too:
If your mongodb version is >= 3.6 you need to edit the argument list EAPC uses to start the mongod daemon. The option --nohttpinterface, which is set by EAPC, has been removed in mongodb version 3.6 and newer.
Find out your mongod version:
mongod --version
To get rid of the --nohttpinterface option, you will have to delete it from the file mongodb.properties:
cd /opt/tplink/EAPController/properties
cp mongod.properties ../mongod.properties.ORIG
sed -i 's/^\(eap.mongod.args=.*\) --nohttpinterface \(.*\)$/\1 \2/' mongodb.properties
Of course, you can use any other editor, too.
Last step: fire up the new Controller
tpeap -w start
Now restore the database saved in step 1:
tpeap restore /tmp/backup
Enjoy!
Uh, and if you want to see what probably comes next to a Linux server near you:
The color-intense theme awesome with FontAwesome icons - no more image files needed, clean layout for EAPC 2.7.0cv.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi,
today TP-Link released the official version 3.0.2 of the Omada Controller for Linux. Unfortunately, I am unable to un-tar the tar-file. Can anyone confirm that the tar-file is broken or is it my or my system's fault?
But - even more important - what is the difference between the Omada-EAP-Controller-for-Linux-community-version and the official version? Which one should I choose? I am currently running the official version 2.5.3 on my QNAP NAS.
Thanks for your thoughts,
AMB
- Copy Link
- Report Inappropriate Content
AlienMindbender wrote
today TP-Link released the official version 3.0.2 of the Omada Controller for Linux. Unfortunately, I am unable to un-tar the tar-file. Can anyone confirm that the tar-file is broken or is it my or my system's fault?
Hi AlienMindbender,
it's not a TAR file, it's a .deb package. Install with dpkg --install Omada_Controller_V3.0.2_Linux_x64.deb.deb
But - even more important - what is the difference between the Omada-EAP-Controller-for-Linux-community-version and the official version? Which one should I choose? I am currently running the official version 2.5.3 on my QNAP NAS.
This are the differences:
The community version is architecture-independent, thus running on a variety of systems (even none-x64). For the community version you need to provide mongodb and a Java JRE, both available in repositories or as TAR packages for most platforms, while in TP-Link's official Linux version both packages mongodb and JRE are still embedded (which makes their Omada Controller package depending on the CPU architecture).
The Java classes in the community version have been taken from the Windows pendant of Omada Controller 3.0.2, so they are the same as those in the Windows version.
A few classes in the official Linux version differ - probably due to updates or improvements - and most important: they eventualy added a new Java class providing privilege separation for the Omada process, what I did request already in April 2017 for EAP Controller 2.4.7. In contrary, the community version added privilege separation in the start/stop script since EAP Controller 2.5.3 (due to the lack of the Java sources it had to be a work-around).
Anyway, the privilege separation in Java classes will be integrated into the community version soon, since this is the "right" way to do it, so the work-around in the community version now can be abolished.
Another difference of the community version is my tpeap utility, which provides functions to manage and maintain Omada Controller such as scriptable backup procedures, theme and version selection for Omada Controller. And a manpage of course.
Which OS does your NAS use?
- Copy Link
- Report Inappropriate Content
Hi R1D2,
thanks for your reply!
R1D2 wrote
it's not a TAR file, it's a .deb package. Install with dpkg --install Omada_Controller_V3.0.2_Linux_x64.deb.deb
Sorry to correct you, but they released both a deb and a tar file as two separate downloads (scroll down a litte further to find the tar-file). I am running Linux x86_64 on my QNAP-NAS and today I tried to use the distro-independent tar-file of v3.0.2, which I could not unpack...
But thanks for your explanation of your community version, on which I had a brief look earlier in the past. However, (linux) user management on the QNAP is rather poor and that was the reason why I did not further look into your community version, since - if I remind correcty - needs a special user which runs the app. Maybe I'll give it a try now.
Anyway, many thanks for all your efforts and your kind support!
- Copy Link
- Report Inappropriate Content
AlienMindbender wrote
Sorry to correct you, but they released both a deb and a tar file as two separate downloads (scroll down a litte further to find the tar-file). I am running Linux x86_64 on my QNAP-NAS and today I tried to use the distro-independent tar-file of v3.0.2, which I could not unpack...
Oops, sorry, my fault. Didn't see this. Yes, it's a TAR file and yes, you are right: the gzip file is broken (gzip exits with error message "invalid compressed data--format violated").
However, (linux) user management on the QNAP is rather poor and that was the reason why I did not further look into your community version, since - if I remind correcty - needs a special user which runs the app. Maybe I'll give it a try now.
Yes, any server process on any Linux system (web server, FTP server, print service etc.) always runs under an unprivileged user. That's called Privilege Separation, a very common technique in the UNIX world, even older than Linux itself. It prevents root exploits in case some software has security-related bugs — such as the big holes in Java JRE7's RMI method for example, which unfortunately was used by EAP Controller up to v2.5.3 w/o privilege separation. And yes, hackers successfully did broke into a public server running EAP Controller using this well-known root exploit in the Java RMI method. That was the main reason why I did develop tpeap and later did create a portable community version.
In short: you never ever should run any service listening on network ports with administrative (root) privileges.
So, the official Omada Controller v3.0.2 for Linux finally introduces privilege separation — and that means that it will require such an user account, too. What's more, in the official version you have to manually create one, while in next release of the 3.0.2 community version it will get created automatically when installing the package.
See this, it's the start of Omada Controller official version immediately after installation:
# ./control.sh start
id: omada: no such user
id: omada: no such user
Failed to start Omada Controller. Please create user omada user
#
For now, you will have to create such an unprivileged order on the NAS, no matter which version of Omada Controller you use.
Can you log into the NAS using ssh?
- Copy Link
- Report Inappropriate Content
Thanks againg for your comment and explanation. I can login with ssh and should be able to create a new user. I am confident that it will work, the problem is that it is a NAS and not a full-blown linux distribution. I do not know whether the Linux system really supports the creation of new users via command line and outside the fancy WebUI, e.g. with respect to persistence after reboot etc.
Long story short: Let's give it a try and create a new user and see it if works. But what seems like a downside of the official Omada-Controller for Linux for you (mongodb and JRE are included) might be an advantage for me, since otherwise mongodb and JRE have to be installed separately on my NAS. But as I am writing this I think that both mongodb and JRE should be available for my NAS...
And thanks for confirming that the tar-file is broken - that saves me from further tries to unpack it. Do you happen to know where I can report the broken file?
Cheers, AMB
- Copy Link
- Report Inappropriate Content
R1D2 wrote
See this, it's the start of Omada Controller official version immediately after installation:
# ./control.sh start
id: omada: no such user
id: omada: no such user
Failed to start Omada Controller. Please create user omada user
#
For now, you will have to create such an unprivileged order on the NAS, no matter which version of Omada Controller you use.
Can you log into the NAS using ssh?
Just another addition: This is the first part of the readme.txt from the platform-independent tar-file (I was able to unpack this file):
Omada Controller v3.0.2 for Linux (X64)
Notes:
1. You need to install jsvc first before you install Omada Controller.
2. The Omada Controller program needs to use the system's netstat command. If the Linux system does not have net-tools installed (which contain the netstat command), the program may run abnormally.
3. If you want Omada Controller to run as a user(it runs as root by default), you should modify OMADA_USER value in bin/control.sh
4. For Ubuntu 18.04, you may need to start Omada Controller manually after install it.
5. Supporting 64-bit Linux operating system, including Ubuntu 14.04/16.04/17.04, CentOS 6.x/7.x and Fedora 20 or above.
6. Built-in JRE 1.8 Java environment.
The official Omada-Controller for Linux shipped as deb file seems to differ from the tar file. The tar-file version seems to run it as user root (which is not the preferred method as I learned from your posting)
- Copy Link
- Report Inappropriate Content
AlienMindbender wrote
3. If you want Omada Controller to run as a user(it runs as root by default), you should modify OMADA_USER value in bin/control.sh
I had no change yet to look at the TAR file, but sure, you can run Omada Controller as a regular user. In this case:
- it can't be started on boot (since this requires to run as root),
- it won't be able to write it's PID into /var/run/pidfile (since this is one of the reasons it is requires to run as root on system boot) and
- its process has some restrictions on the system-call level, which might or might not be used by the program (only the developers know).
The only consequence I see at the moment is that you have to start and stop it manually.
As for your other questions:
To add an user you could also edit the system files /etc/passwd, /etc/shadow and /etc/group, but be careful to not lock you out by accident due to wrong entries. Search the web for a tutorial how to do this or read the mapages of those files in section 5 of the online manual (i.e. man 5 passwd).
As for embedded mongod and JRE: you're right, it can be an advantage if you don't have those packages installed. But beware: them commons daemon (jsvc) needed by the package version of Omada Cntroller isn't embedded, albeit it's just a single binary.
If you need it, I just re-packaged it to get rid of its rattail of dependencies — unbelievable, what some package maintainers want you have to install for just a binary .
- Copy Link
- Report Inappropriate Content
R1D2 wrote
If you need it, I just re-packaged it to get rid of its rattail of dependencies — unbelievable, what some package maintainers want you have to install for just a binary .
Thanks for your offer to re-package jsvc, but fortunately a lot of binaries from other Linux_x86-64 distros are working on my QNAP and I already extracted a jsvc binary from an Ubuntu package, which can be executed. However, since the current tarball of the official EAP Controller for Linux v3.0.2 is broken, I am currently not making any progress and cannot even test whether my jsvc binary would work to start the official Omada/EAP Controller.
I like the idea of your community edition to symlink to the already installed JRE, but I need to get mongodb installed separately first. I will definitely ask for help, if I am running into issues.
Thanks!
edit: I just realized that your community edition should also work on a RPi, which is perfect and even better for me than using the NAS. Just a short question: Which packages for mongodb and JRE are recommended? Is mongodb-server and openjdk-8-jre sufficient?
- Copy Link
- Report Inappropriate Content
I installed the community edition on a Raspberry Pi last night (impeccable timing!). It is a great solution. Highly recommended.
- Copy Link
- Report Inappropriate Content
AlienMindbender wrote
edit: I just realized that your community edition should also work on a RPi, which is perfect and even better for me than using the NAS. Just a short question: Which packages for mongodb and JRE are recommended? Is mongodb-server and openjdk-8-jre sufficient?
Sure, everything is in place already on Raspbian; mongodb, java and even jsvc are pre-installed by default. I worked the whole night on a new release of tpeap and it's nearly ready to run the official release of Omada Controller 3.0.2 on Raspbian, too. Just needs some polishing of tpeap's manpage, preparation of the .deb package and final integration to make it compatible with the 2.x versions of Omada Controller.
gabrielhopkins, thanks for your feedback. Glad that it works for you, too!
- Copy Link
- Report Inappropriate Content
Information
Helpful: 9
Views: 59587
Replies: 109