Error in creating directory

lifehome commented 4 years ago

I find difficulties in using this docker, without having the following error:

pkg/prelude/bootstrap.js:1176
      throw error;
      ^

Error: EACCES: permission denied, mkdir '/opt/key-networks/ztncui/etc/storage'
    at Object.fs.mkdirSync (fs.js:885:18)
    at Function.sync (/snapshot/src/node_modules/mkdirp/index.js:71:13)
    at LocalStorage.parseStorageDirSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:619:20)
    at LocalStorage.initSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:142:14)
    at Object.nodePersist.initSync (/snapshot/src/node_modules/node-persist/src/node-persist.js:37:32)
    at Object.<anonymous> (/snapshot/src/controllers/networkController.js:0:0)
    at Module._compile (pkg/prelude/bootstrap.js:1252:22)
    at Object.Module._extensions..js (module.js:661:10)
    at Module.load (module.js:563:32)
    at tryModuleLoad (module.js:503:12)

The command I tried to start the docker is:

docker run -d \
  -p 127.0.0.1:25001:3000 \
  -v /path/to/config:/opt/key-networks/ztncui/etc \
  -v /path/to/zerotier-one:/var/lib/zerotier-one \
  -e PUID=$(id -u) \
  -e PGID=$(id -g) \
  --cap-add=NET_ADMIN \
  --name ztncui \
  keynetworks/ztncui

I have read #4 and I think it's a similar issue? But I am not sure. Hopefully someone can give two cents on this issue. :D

ghost commented 4 years ago

https://github.com/key-networks/ztncui-containerized/issues/12

key-networks commented 4 years ago

What are your host OS and Docker versions?

lifehome commented 4 years ago

Thanks for the reply! I'm using ArchLinux with the latest Docker version 19.03.8

key-networks commented 4 years ago

Can you try Fedora 32?

Seji64 commented 4 years ago

I got the same error (Ubuntu server 20.04) and made my own Docker Image as a workaround / fix. Hope it helps.

https://github.com/Seji64/ztncui-containerized

key-networks commented 4 years ago

Thanks @Seji64 - I need to regenerate the Docker image fairly soon to include another fix, so may use the info you have provided.

mdPlusPlus commented 4 years ago

@Seji64 You mean you took my Dockerfile and added two lines for http listening ;)

https://gist.github.com/mdPlusPlus/0f6285c6402aa4aff4aa4a9e5dfc38c0
https://hub.docker.com/r/mdplusplus/zerotier-network-controller-ui

key-networks commented 3 years ago

Please try version 1.2.5: https://hub.docker.com/r/keynetworks/ztncui

key-networks commented 3 years ago

Thanks @mdPlusPlus for the clues you provided.

kmahyyg commented 3 years ago

Same problem here:

[root@mymachine zerotier]# docker logs ztncui
/usr/sbin/zerotier-one: WARNING: failed to drop privileges (kernel may not support required prctl features), running as root
pkg/prelude/bootstrap.js:1176
      throw error;
      ^

Error: EACCES: permission denied, mkdir '/opt/key-networks/ztncui/etc/storage'
    at Object.fs.mkdirSync (fs.js:885:18)
    at Function.sync (/snapshot/src/node_modules/mkdirp/index.js:72:13)
    at LocalStorage.parseStorageDirSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:619:20)
    at LocalStorage.initSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:142:14)
    at Object.nodePersist.initSync (/snapshot/src/node_modules/node-persist/src/node-persist.js:37:32)
    at Object.<anonymous> (/snapshot/src/controllers/networkController.js:0:0)
    at Module._compile (pkg/prelude/bootstrap.js:1252:22)
    at Object.Module._extensions..js (module.js:661:10)
    at Module.load (module.js:563:32)
    at tryModuleLoad (module.js:503:12)

kmahyyg commented 3 years ago

Note: I use the volume mount like -v /mydata/zt1:/var/lib/zerotier-one and -v /mydata/ztncui/etc:/opt/key-networks/ztncui/etc to run this docker. Since it's most general way that everyone use, you might need to add a little script to fix the permission.

kmahyyg commented 3 years ago

About behaviours

By the way, use sudo in docker container is not a prefer way for this purpose, use gosu instead.

About file permissions

I added sudo chown -R ztncui:ztncui /opt/key-networks/ztncui at the above of the last line in exec.sh, it works fine.

Another problem again

But another problem exists, since I've mounted /opt/key-networks/ztncui/etc, this folder is empty, so your program will failed to start due to missing SSL cert.

You either should notice user to generate one before you mount, or just check if it exists before you call up your program.

You might say, configure the env var. Yes, I did.

But not working...

I personally recommend https://github.com/jsha/minica for generate a site key and deprecate the big and heavy openssl.

About Docker Image Size

PURGE CACHE BEFORE YOU SUBMIT IT!
Use debian:sid-slim if possible. (I prefer Debian personally, -slim one is the minimal base image comparing to normal one)

kmahyyg commented 3 years ago

One more critical thing... You run /usr/sbin/zerotier-one & , which means you are totally not using any supervisor??!! If somehow the zt1 was accidentally getting OOM-killed or something else, something bad might happen...

key-networks commented 3 years ago

@kmahyyg thanks for all your comments - I'll look into them. What supervisor do you recommend, given that systemd is not available in the container?

kmahyyg commented 3 years ago

Personally, I use s6 from skarnet or supervisord. Someone also loves pm2.

kmahyyg commented 3 years ago

@kmahyyg thanks for all your comments - I'll look into them. What supervisor do you recommend, given that systemd is not available in the container?

I'm not interested in UID/GID conflict issues, so my homemade one doesn't care about this...

After all, I added:

Argon2 Password Generator (also reads environment variable)
Supervisord for daemonization
Certificate generation
A Simple HTTP File Server for distributing planet file... Since I'm gonna use all self-hosted infra, I don't want any ZT Official server rolling in...

Currently, user only need to use empty folder to start my docker container.

For more details, check: https://github.com/kmahyyg/ztncui-aio

You could also directly pull the image from Docker Hub.

key-networks commented 3 years ago

@kmahyyg - I'm impressed with what you have done! If you don't mind, I'm thinking of cloning your repo, making a few mods, and using it as the basis for generating the keynetworks/ztncui image.

kmahyyg commented 3 years ago

@kmahyyg - I'm impressed with what you have done! If you don't mind, I'm thinking of cloning your repo, making a few mods, and using it as the basis for generating the keynetworks/ztncui image.

Of course. I'm so glad for contributing to open source community. By the way, You have my authorization to re-license your clone to the same license as ztncui (which currently is GPLv3). Thanks for y'all and also your excellent product.

key-networks commented 3 years ago

@kmahyyg - I'm impressed with what you have done! If you don't mind, I'm thinking of cloning your repo, making a few mods, and using it as the basis for generating the keynetworks/ztncui image.

Of course. I'm so glad for contributing to open source community. By the way, You have my authorization to re-license your clone to the same license as ztncui (which currently is GPLv3). Thanks for y'all and also your excellent product.

Many thanks, @kmahyyg !

key-networks commented 3 years ago

Ver 1.2.6 is now available at https://hub.docker.com/r/keynetworks/ztncui based on https://github.com/key-networks/ztncui-aio

key-networks / ztncui-containerized