Closed yashodhank closed 5 years ago
Do you have full Docker privileges? Are you a member of the docker group on the host machine?
Yes, yes.
I tried running with Debian 8 machine with Docker version 18.06.1-ce, build e68fc7a
as root user as well as sudo enabled user who is also member of docker group on host.
I am running as a normal user that is a member of the docker group on Fedora 28 64-bit with Docker version 18.06.1-ce, build e68fc7a. Could you try Fedora 28 or 29?
I have started with fresh cloud separate instances and one dedicated server for testing.
Debian 8
Operating System: Debian GNU/Linux 8 (jessie)
Kernel: Linux 3.16.0-7-amd64
Architecture: x86-64
Docker version 18.06.1-ce, build e68fc7a
STATUS: NOT WORKING
ERROR resolving ZT address: Error: EACCES: permission denied, open '/var/lib/zerotier-one/authtoken.secret'
Ubuntu 16.04.5 LTS
Docker version 18.09.0, build 4d60db4
Operating System: Ubuntu 16.04.5 LTS
Kernel: Linux 4.4.0-137-generic
Architecture: x86-64
STATUS: WORKING
Fedora 28
Docker version 18.09.0, build 4d60db4
Operating System: Fedora 28 (Server Edition)
CPE OS Name: cpe:/o:fedoraproject:fedora:28
Kernel: Linux 4.16.3-301.fc28.x86_64
Architecture: x86-64
STATUS: WORKING
Debian 8.1 with Plesk 17 (Dedicated Server)
Docker version 18.06.1-ce, build e68fc7a
Operating System: Debian GNU/Linux 8 (jessie)
Kernel: Linux 3.16.0-7-amd64
Architecture: x86-64
Product version: Plesk Onyx 17.8.11 Update #31
STATUS: NOT WORKING
ERROR resolving ZT address: Error: EACCES: permission denied, open '/var/lib/zerotier-one/authtoken.secret'
Debian 9
Docker version 18.09.0, build 4d60db4
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Architecture: x86-64
STATUS: WORKING
CoreOS
Docker version 18.06.1-ce, build e68fc7a
Operating System: Container Linux by CoreOS 1855.4.0 (Rhyolite)
Kernel: Linux 4.14.67-coreos
Architecture: x86-64
STATUS: WORKING
Apparently same error is causing only for Debian 8 instances. I suspect because of 3.X Kernel ?
Confirmed, it is kernel issue. After manually upgrading Debian 8 Kernel 3.X to 4.X on fresh system resolved the issue.
Thank you for sharing awesome project..
I have a similar issue when using volumes (Kubuntu 19.10).
Error: EACCES: permission denied, mkdir '/opt/key-networks/ztncui/etc/storage'
$ ls -l
drwxr-xr-x 3 systemd-coredump 998 4096 Dez 14 22:10 zt1
drwxr-xr-x 2 root root 4096 Dez 14 22:10 ztncui
For whatever reason it's chosing ID 999
and 1000
instead of 998
and 997
when running without volumes, which clashes with Kubuntu's IDs for systemd-coredump and root.
Any idea how to solve this?
Edit: I tried to fix it by creating my own image:
Run the container from the official image: docker run -dp 3443:3443 --name ztncui --cap-add=NET_ADMIN keynetworks/ztncui
Open terminal in container: docker exec -it ztncui /bin/bash
Assign new user IDs: usermod -u 2001 zerotier-one && groupmod -g 2002 zerotier-one && usermod -u 2003 ztncui && groupmod -g 2004 ztncui
Correct IDs in filesystem:
find / -user zerotier-one -exec chown -h 2001 {} \;
find / -group zerotier-one -exec chgrp -h 2002 {} \;
find / -user ztncui -exec chown -h 2003 {} \;
find / -group ztncui -exec chgrp -h 2004 {} \;
exit
Stop the running container: docker stop ztncui
Commit changes to new image: docker commit ztncui ztncui_fixedimage
Remove container: docker rm ztncui
Create volumes: mkdir zt1 ztncui && sudo chown -R 2001:2002 zt1 && sudo chown -R 2003:2004 ztncui
Create a container from the new image docker run -p 3443:3443 --name ztncui -v /PATH/ztncui:/opt/key-networks/ztncui/etc/ -v /PATH/zt1:/var/lib/zerotier-one/ --cap-add=NET_ADMIN ztncui_fixedimage
But this results in Error: ENOENT: no such file or directory, open 'etc/tls/fullchain.pem'
Edit2: I've just created a Dockerfile to work around all of this.
@mdPlusPlus - thanks for your feedback and the gist of your Dockerfile. I'll check it out further the next time I build the Docker image.
Just a heads-up: My Dockerfile is a quick hack and probably has some issues. I haven't tested it extensively yet.
Edit: @key-networks I spent the last two hours rewriting/polishing it. I don't think there are any apparent issues anymore. It uses UIDs 2001 and 2002 and GID 2000 now. I also allowed myself to push an image to Docker Hub: https://hub.docker.com/r/mdplusplus/zerotier-network-controller-ui
Thanks!
Just a heads-up: My Dockerfile is a quick hack and probably has some issues. I haven't tested it extensively yet.
Edit: @key-networks I spent the last two hours rewriting/polishing it. I don't think there are any apparent issues anymore. It uses UIDs 2001 and 2002 and GID 2000 now. I also allowed myself to push an image to Docker Hub: https://hub.docker.com/r/mdplusplus/zerotier-network-controller-ui
@mdPlusPlus I had massive issues with this one but with yours is working just fine. Any place to raise issues or ask questions in case there is trouble with your image?
Leave a comment here: https://gist.github.com/mdPlusPlus/0f6285c6402aa4aff4aa4a9e5dfc38c0
Keep in mind that this was more of an one-shot. I haven't extensively tested and am not currently running it. Also the image on the Docker Hub is possibly outdated.
This should be resolved in the latest version: https://hub.docker.com/repository/docker/keynetworks/ztncui
I see this upon running
Logs: