1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

iStat for Tomato?

Discussion in 'Tomato Firmware' started by occamsrazor, Apr 26, 2010.

  1. occamsrazor

    occamsrazor Network Guru Member

    ****************************************

    UPDATE - Some of this info is now out-dated. Discussion of this topic has now moved to the following thread:

    "Definitive" guide to istatd installation on base Tomato (work in progress!)

    ****************************************

    I wrote previously about wanting a remote web interface for the iPhone, but so far there doesn't seem to have been any progress, perhaps there's not much interest...

    On a similar line, I'm wondering whether iStat could be compiled for Tomato. It comes in two components:

    1. An iPhone application, unfortunately not free but pretty cheap and with a great design.

    2. The server component which runs on Mac OS X, Linux, FreeBSD and Solaris, and is available as open-source here, hosted on github here, with some info on compiling here.

    I also happen to own a QNAP NAS (Atom processor) and they managed to successfully port it for ARM and x86. It works superbly and is very handy to monitor network throughput and other stuff.

    Any chance this could be made to work for Tomato?
     
  2. rhester72

    rhester72 Network Guru Member

    Static and dynamic binaries on my utilities site (untested).

    Rodney
     
  3. occamsrazor

    occamsrazor Network Guru Member

    Thanks Rodney!

    Sadly I just don't have the knowledge to know where to start on testing this, hopefully someone else with more experience does...

    On the offchance it helps, here's a screenshot of how the iStat server is configured on the QNAP NAS device... I guess they've implemented a web-interface for the admin, though that's not really necessary as once set up and working there's little need to access the server configuration again, so it could easily be hard-coded into the files.

    The main things to configure for the user are Network Port (i.e. port the server listens on) and the Server Code (a 5-digit numerical password that the iPhone user also enters to authenticate access)
     

    Attached Files:

  4. rhester72

    rhester72 Network Guru Member

    Take a look at resource/istat.conf for a template and the README for directions on installing (what directories need to be created, etc.). It looks reasonably straightforward, but to be honest writing HTML a la Tomato's GUI is _not_ my strong suit...I'm very much a CLI guy. =)

    Rodney
     
  5. occamsrazor

    occamsrazor Network Guru Member

    Could you explain a few things for a Linux newbie like me? :)

    In the ReadMe, am I right in saying steps 1 to 3 have already been done by you, and that results in the file "istatd" here?

    http://multics.dynalias.com/tomato/istatd-0.5.7/

    What's the file "tomato-istatd" ?


    Code:
    4) Build istatd
    
       # cd istatd-x.x.x
    
       Here you can configure where you want your binary and config to end up (default /usr/local).
       # ./configure
       or
       # ./configure --prefix=/ --sysconfdir=/etc
    
       # make
       # make install
    
    Where and how do I do this? Is this the stage where I copy the file "istatd" somewhere? Does the default location makes sense, would it survive a firmware upgrade, or would it be better to install in JFFS?

    Code:
    5) Add user and configure directories
    
       # useradd istat
       # mkdir -p /var/{run,cache}/istat
       # chown istat.istat /var/{run,cache}/istat
    
    These are commands I could type in via Tomato Menu > Tools > System, or via an SSH connection? I tried to use the useradd command via CLI, but it said the command was not found. Is this related to this post on adding a non-root user?

    Code:
    6) Configure your config to match your needs and system
    
       # vim /etc/istat.conf
    
       Note: Don't forget to change your server_code.
    
    This creates the istat.conf file in the /etc/ folder? Could I just copy the one from your website there via SCP instead?

    Code:
    7) Fire it up
    
       # /usr/bin/istatd -d
    
    Is this a command to put in Tomato Menu > Administration > Scripts? Which one? I'm guessing the init script....

    For remote access I guess I would need to open the firewall, and this would require some code in Firewall script - any ideas?

    Sorry for all the questions, my CLI skills are minimal, as you can see.... Would be great if someone could make this into an Optware package (Lost_Animal?), assuming it is possible to get it to work.
     
  6. rhester72

    rhester72 Network Guru Member

    Yes.

    My script to auto-build the binary - it runs configure and make in a Tomato SDK-friendly way. It's not necessary for use.

    You don't need to do any of that. Just copy istatd (or istatd-static in PRECOMPILED if the former doesn't work for you - the static binary is bigger/requires more RAM but sometimes is necessary if link dependencies aren't satisfied on your particular flavor of Tomato) somewhere "permanent". You can't use the default location, you'll need to place it on JFFS/CIFS/USB/etc. You can put istatd.conf somewhere similar and softlink it back to /etc for convenience.

    You can put the mkdir in Init. I don't know if the istat user is strictly required, unless it _demands_ to throttle down you can probably safely configure the user ID as root via istat.conf and then you can ignore steps 1 and 3. If it _is_ necessary to create the istat user, it is indeed related to the post you indicated (ie there is no 'useradd' in Tomato, nor would it be persistent).

    You should indeed copy it from resources and then edit to taste. Again, it must live on a persistent mount and you can softlink it to /etc in Init.

    Unless it has any particular WAN dependencies, yes - otherwise use WAN Up.

    Given there is zero authentication, I would strongly advise against that - it is clearly intended to be used on a local LAN. It *can* be done, I'm just not sure it *should* be. :)

    I'm not a huge fan of Optware personally, though I do see the benefits - you can always ask him! =)

    Rodney
     
  7. occamsrazor

    occamsrazor Network Guru Member

    Thanks so much for your help Rodney, will try to give this a go later when am back near my router...

    How do I do that softlink in init script, assuming I put it in /jffs/ ?

    I think there is authentication...

    Code:
    server_code              12345
    # server_user            istat
    
    This part in the config - the server code is used by the iPhone client to authenticate, see this screenshot:

    http://bjango.com/images/apps/istat/istat-passcode.jpg

    though I notice the server_user is #-commented-out, so maybe you're right you don't need the istat user...

    As for only using on the LAN... no, I absolutely want to use it remotely... I do this already for my two Macs and NAS at home - the iStat servers on each are set up with different ports that are manually forwarded by the router, giving me the ability to check the status of each from my iPhone from anywhere in the world. I'm sure it's not top-end security, but you do have to enter the 5-digit code on the iPhone before getting access, which is enough for me...

    Will let you know how I get on!
     
  8. rhester72

    rhester72 Network Guru Member

    ln -fs /jffs/istat.conf /etc (or similar)

    The user is the context that the process runs in (for security), but is separate and distinct from the passcode.

    Fair enough re: remote security - you'll need two rules, one manual iptables rule to allow the local incoming port and a forward rule to same (it really should work with just the former, but I've never had any luck without both). We can cross that bridge once it's up and running on your LAN. :)

    Rodney
     
  9. occamsrazor

    occamsrazor Network Guru Member

    Good stuff.... thanks again...

    Also while browsing through the directory of iStat files on your site, I came across this one, which explains a lot more about the different parameters:

    http://multics.dynalias.com/tomato/istatd-0.5.7/resource/istat.conf.5

    Re: users it confirms what you said i.e. that "User to switch to when entering daemon mode. It's not recommended to use high privilaged users like root due to security reasons. Defaults to root if the user doesn't exist. (default: istat)"

    So it recommends creating other user but should work as root if it doesn't find the istat user...
     
  10. rhester72

    rhester72 Network Guru Member

    The only reason for that is essentially jailing the priviledges of the user - if some bizarre buffer exploit is found or the like, if the process is running as istat (or any other unpriviledged user), the damage is limited - if running as root, it's worse. You can always just set it to run as nobody - as long as it doesn't require a valid home directory, no changes should be required to /etc/passwd.

    Rodney
     
  11. occamsrazor

    occamsrazor Network Guru Member

    OK, I've tried it but can't seem to get it working...

    First tried with dynamic istatd, then renamed istatd-static as istatd and copied it to JFFS.
    Copied the istat.conf file to JFFS.

    Put this in the init script:

    Code:
    ## Softlinks istat.conf file to /etc
    ln -fs /jffs/istat.conf /etc
    
    ## Creates iStat directories
    mkdir -p /var/{run,cache}/istat
    
    ## Run iStat
    /jffs/istatd -d
    
    I didn't put in the "chown" line

    ...but the iphone client can't see anything. If I do a "top" command via a terminal connection I can't see any process named istat or similar.

    Any ideas? Am I missing something?
     
  12. rhester72

    rhester72 Network Guru Member

    Try doing it by hand from the command-line rather than relying on the init script. At minimum, that mkdir isn't syntactically correct (it needs to be split into two different ones).

    Rodney
     
  13. occamsrazor

    occamsrazor Network Guru Member

    Good catch... I guess I read:

    Code:
    mkdir -p /var/{run,cache}/istat
    
    as a single command, it in fact created the directory named "{run,cache}".... doh! I deleted that then went through manually in the terminal and did all the commands, and checked the directories are there:

    Code:
    mkdir -p /var/run/istat
    mkdir -p /var/cache/istat
    ln -fs /jffs/istat.conf /etc
    
    The problem now comes when I try to execute istatd, I get the following error:

    Code:
    root@Tomato:/# /jffs/istatd -d
    -sh: /jffs/istatd: Permission denied
    
    I guess this is some permissions error, but preventing root??? I never did the chown command, it doesn't seem to work on Tomato. I think I managed to check the permissions, see here:

    Code:
    root@Tomato:/tmp/home/root# cd /jffs/
    root@Tomato:/jffs# ls -l
    -rw-r--r--    1 root     root          964 Apr 27 20:09 istat.conf
    -rw-r--r--    1 root     root       804812 Apr 27 19:56 istatd
    
    I guess this is the problem.... any ideas?
     
  14. rhester72

    rhester72 Network Guru Member

    Code:
    chmod u+x /jffs/istatd
    Rodney
     
  15. occamsrazor

    occamsrazor Network Guru Member

    I successfully chmod'd istatd, then tried to run it, but got an error:

    Code:
    root@Tomato:/tmp/home/root# chmod u+x /jffs/istatd
    root@Tomato:/tmp/home/root# /jffs/istatd -d
    Could not read configuration from /usr/local/etc/istat.conf: No such file or directory
    
    Seems that the istatd is looking for the istat.conf file there, not in /etc
    So I tried to softlink there, but got this:

    Code:
    root@Tomato:/tmp/home/root# ln -fs /jffs/istat.conf /usr/local/etc
    ln: /usr/local/etc: Read-only file system
    
    I had a look at what was there, and got this:

    Code:
    root@Tomato:/# ls /usr/local/    
    share
    root@Tomato:/# ls /usr/local/etc/
    ls: /usr/local/etc/: No such file or directory
    
    Going back to the ReadMe.txt, this part:

    Code:
    4) Build istatd
       # cd istatd-x.x.x
       Here you can configure where you want your binary and config to end up (default /usr/local).
       # ./configure
       or
       # ./configure --prefix=/ --sysconfdir=/etc
       # make
       # make install
    
    I wonder whether istatd needs to be built to look for istat.conf in a different directory? Or is there some other way to tell or trick it into looking in the right place?
     
  16. rhester72

    rhester72 Network Guru Member

    From istatd's help:

    Code:
        -d                 run in background
        -h                 print this help text
        -v                 print version number
    
        -c FILE            custom config file location
        -a HOST            listen on this address
        -p PORT            listen on this port
        -u USER            change running user
        -g GROUP           change running group
    
        --pid=FILE         custom pid file location
        --cache=DIR        custom cache file location
        --socket=FILE      custom socket file location
        --code=CODE        custom lock code
    
    This implies that "/jffs/istatd -d -c /jffs/istat.conf" is the correct syntax (and you should no longer need the softlink to /etc/istat.conf).

    For testing purposes, you might want to use "/jffs/istatd -c /jffs/istat.conf" until you get everything worked out - I believe most of the other command-line options referenced above are also covered by istat.conf, but you might want to explore things like adding "--pid=/var/run/istatd.pid" to the command so you have a process ID to restart when the WAN bounces, etc.

    We can cover off on all that (the ideal "permanent" installation configuration) later, let's continue to focus on just getting it up and running right now. :)

    Rodney
     
  17. rhester72

    rhester72 Network Guru Member

    Forget the above. See my guide post. :)

    Rodney
     
  18. occamsrazor

    occamsrazor Network Guru Member

Share This Page