key-networks
commented
5 years ago Do you have full Docker privileges? Are you a member of the docker group on the host machine?
Closed yashodhank closed 5 years ago
key-networks
commented
5 years ago Do you have full Docker privileges? Are you a member of the docker group on the host machine?
yashodhank
commented
5 years ago Yes, yes.
I tried running with Debian 8 machine with Docker version 18.06.1-ce, build e68fc7a as root user as well as sudo enabled user who is also member of docker group on host.
key-networks
commented
5 years ago I am running as a normal user that is a member of the docker group on Fedora 28 64-bit with Docker version 18.06.1-ce, build e68fc7a. Could you try Fedora 28 or 29?
yashodhank
commented
5 years ago I have started with fresh cloud separate instances and one dedicated server for testing.
Debian 8
Operating System: Debian GNU/Linux 8 (jessie)
Kernel: Linux 3.16.0-7-amd64
Architecture: x86-64
Docker version 18.06.1-ce, build e68fc7a
STATUS: NOT WORKING
ERROR resolving ZT address: Error: EACCES: permission denied, open '/var/lib/zerotier-one/authtoken.secret'Ubuntu 16.04.5 LTS
Docker version 18.09.0, build 4d60db4
Operating System: Ubuntu 16.04.5 LTS
Kernel: Linux 4.4.0-137-generic
Architecture: x86-64
STATUS: WORKINGFedora 28
Docker version 18.09.0, build 4d60db4
Operating System: Fedora 28 (Server Edition)
CPE OS Name: cpe:/o:fedoraproject:fedora:28
Kernel: Linux 4.16.3-301.fc28.x86_64
Architecture: x86-64
STATUS: WORKINGDebian 8.1 with Plesk 17 (Dedicated Server)
Docker version 18.06.1-ce, build e68fc7a
Operating System: Debian GNU/Linux 8 (jessie)
Kernel: Linux 3.16.0-7-amd64
Architecture: x86-64
Product version: Plesk Onyx 17.8.11 Update #31
STATUS: NOT WORKING
ERROR resolving ZT address: Error: EACCES: permission denied, open '/var/lib/zerotier-one/authtoken.secret'Debian 9
Docker version 18.09.0, build 4d60db4
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-8-amd64
Architecture: x86-64
STATUS: WORKINGCoreOS
Docker version 18.06.1-ce, build e68fc7a
Operating System: Container Linux by CoreOS 1855.4.0 (Rhyolite)
Kernel: Linux 4.14.67-coreos
Architecture: x86-64
STATUS: WORKINGApparently same error is causing only for Debian 8 instances. I suspect because of 3.X Kernel ?
yashodhank
commented
5 years ago Confirmed, it is kernel issue. After manually upgrading Debian 8 Kernel 3.X to 4.X on fresh system resolved the issue.
Thank you for sharing awesome project..
mdPlusPlus
commented
4 years ago I have a similar issue when using volumes (Kubuntu 19.10).
Error: EACCES: permission denied, mkdir '/opt/key-networks/ztncui/etc/storage'
$ ls -l
drwxr-xr-x 3 systemd-coredump 998 4096 Dez 14 22:10 zt1
drwxr-xr-x 2 root root 4096 Dez 14 22:10 ztncuiFor whatever reason it's chosing ID 999 and 1000 instead of 998 and 997 when running without volumes, which clashes with Kubuntu's IDs for systemd-coredump and root.
Any idea how to solve this?
Edit: I tried to fix it by creating my own image:
Run the container from the official image: docker run -dp 3443:3443 --name ztncui --cap-add=NET_ADMIN keynetworks/ztncui
Open terminal in container: docker exec -it ztncui /bin/bash
Assign new user IDs: usermod -u 2001 zerotier-one && groupmod -g 2002 zerotier-one && usermod -u 2003 ztncui && groupmod -g 2004 ztncui
Correct IDs in filesystem:
find / -user zerotier-one -exec chown -h 2001 {} \;
find / -group zerotier-one -exec chgrp -h 2002 {} \;
find / -user ztncui -exec chown -h 2003 {} \;
find / -group ztncui -exec chgrp -h 2004 {} \;
exit
Stop the running container: docker stop ztncui
Commit changes to new image: docker commit ztncui ztncui_fixedimage
Remove container: docker rm ztncui
Create volumes: mkdir zt1 ztncui && sudo chown -R 2001:2002 zt1 && sudo chown -R 2003:2004 ztncui
Create a container from the new image docker run -p 3443:3443 --name ztncui -v /PATH/ztncui:/opt/key-networks/ztncui/etc/ -v /PATH/zt1:/var/lib/zerotier-one/ --cap-add=NET_ADMIN ztncui_fixedimage
But this results in Error: ENOENT: no such file or directory, open 'etc/tls/fullchain.pem'
Edit2: I've just created a Dockerfile to work around all of this.
key-networks
commented
4 years ago @mdPlusPlus - thanks for your feedback and the gist of your Dockerfile. I'll check it out further the next time I build the Docker image.
mdPlusPlus
commented
4 years ago Just a heads-up: My Dockerfile is a quick hack and probably has some issues. I haven't tested it extensively yet.
Edit: @key-networks I spent the last two hours rewriting/polishing it. I don't think there are any apparent issues anymore. It uses UIDs 2001 and 2002 and GID 2000 now. I also allowed myself to push an image to Docker Hub: https://hub.docker.com/r/mdplusplus/zerotier-network-controller-ui
key-networks
commented
4 years ago Thanks!
ovizii
commented
4 years ago Just a heads-up: My Dockerfile is a quick hack and probably has some issues. I haven't tested it extensively yet.
Edit: @key-networks I spent the last two hours rewriting/polishing it. I don't think there are any apparent issues anymore. It uses UIDs 2001 and 2002 and GID 2000 now. I also allowed myself to push an image to Docker Hub: https://hub.docker.com/r/mdplusplus/zerotier-network-controller-ui
@mdPlusPlus I had massive issues with this one but with yours is working just fine. Any place to raise issues or ask questions in case there is trouble with your image?
mdPlusPlus
commented
4 years ago Leave a comment here: https://gist.github.com/mdPlusPlus/0f6285c6402aa4aff4aa4a9e5dfc38c0
Keep in mind that this was more of an one-shot. I haven't extensively tested and am not currently running it. Also the image on the Docker Hub is possibly outdated.
key-networks
commented
3 years ago This should be resolved in the latest version: https://hub.docker.com/repository/docker/keynetworks/ztncui
I see this upon running
Logs: