search

netbirdio / addon-netbird

NetBird Home Assistant Add-on
MIT License
27 stars 7 forks source link

Error setting up sysctl and DNS configuration failure on linux/arm64 #157

Closed corrreia closed 2 weeks ago

corrreia commented 2 weeks ago

Problem/Motivation

I'm encountering multiple issues when trying to run the NetBird client on a linux/arm64 environment. The client fails to start correctly, and the logs show errors related to sysctl configuration, missing iptables, and DNS setup. Below are the details of the errors and the steps I have taken to reproduce the issue.

Expected behavior

Tunnel to connect.

Actual behavior

Tunel failed with:

2024-10-24T22:50:59+01:00 ERRO client/internal/routemanager/systemops/systemops_linux.go:101: Error setting up sysctl: 1 error occurred:
    * write sysctl net.ipv4.conf.all.src_valid_mark: open /proc/sys/net/ipv4/conf/all/src_valid_mark: read-only file system

2024-10-24T22:50:59+01:00 WARN client/firewall/nftables/router_linux.go:672: Will use nftables to manipulate the filter table because iptables is not available: exec: "iptables": executable file not found in $PATH

2024-10-24T22:50:59+01:00 ERRO client/internal/dns/server.go:323: unable to configure DNS for this peer using file manager without a nameserver group with all domains configured

Steps to reproduce

Install addon and configure a connection

Proposed changes

The client cannot configure net.ipv4.conf.all.src_valid_mark due to the file system being read-only. It seems like /proc/sys might have limited permissions in the container.

corrreia commented 2 weeks ago

Full log:

-----------------------------------------------------------
 Add-on: NetBird
 Connect your devices into a single secure private WireGuard®-based mesh network.
-----------------------------------------------------------
 Add-on version: v0.30.3
 You are running the latest version of this add-on.
 System: Home Assistant OS 13.2  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2024.10.3
 Home Assistant Supervisor: 2024.10.3
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
s6-rc: info: service base-addon-banner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service base-addon-log-level: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service base-addon-log-level successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service netbird: starting
s6-rc: info: service netbird successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
[22:53:36] INFO: Using Default Admin URL
[22:53:36] INFO: Using Default Management URL
[22:53:36] INFO: Using 70B6A2AC-2D8D-40A2-B45C-A02F4D2A25A8 as Setup Key
[22:53:36] INFO: Using ha-teste as hostname
[22:53:36] INFO: Rosenpass disabled
[22:53:36] INFO: No log level Set
[22:53:36] INFO: This client will use the default logging.
[22:53:36] INFO: Starting NetBird Client...
[22:53:36] INFO: netbird up  --foreground-mode --config /config/config.json --log-file console --setup-key 70B6A2AC-2D8D-40A2-B45C-A02F4D2A25A8 --hostname ha-teste --enable-rosenpass=false
2024-10-24T22:53:38+01:00 INFO client/internal/connect.go:111: starting NetBird client version 0.30.3 on linux/arm64
2024-10-24T22:53:39+01:00 INFO client/internal/connect.go:240: connecting to the Relay service(s): rels://relay.netbird.io:443
2024-10-24T22:53:39+01:00 INFO relay/client/picker.go:66: try to connecting to relay server: rels://relay.netbird.io:443
2024-10-24T22:53:39+01:00 INFO [relay: rels://relay.netbird.io:443] relay/client/client.go:166: create new relay connection: local peerID: t9Tlblt8wZLFQtIQS3Ij/3DID5YTcCAyQRV3nfNNaDs=, local peer hashedID: sha-aG77BiAK4b+3P8VzCqMKLk635I/1PcnVZFutuau3RZ8=
2024-10-24T22:53:39+01:00 INFO [relay: rels://relay.netbird.io:443] relay/client/client.go:172: connecting to relay server
2024-10-24T22:53:40+01:00 INFO [relay: rels://streamline-es-mad1-1.relay.netbird.io:443] relay/client/client.go:189: relay connection established
2024-10-24T22:53:40+01:00 INFO relay/client/picker.go:84: connected to Relay server: rels://relay.netbird.io:443
2024-10-24T22:53:40+01:00 INFO relay/client/picker.go:58: chosen home Relay server: rels://relay.netbird.io:443
2024-10-24T22:53:40+01:00 INFO client/iface/wgproxy/ebpf/proxy.go:91: local wg proxy listening on: 3128
2024-10-24T22:53:40+01:00 INFO client/iface/wgproxy/factory_kernel.go:29: WireGuard Proxy Factory will produce eBPF proxy
2024-10-24T22:53:40+01:00 ERRO client/internal/routemanager/systemops/systemops_linux.go:101: Error setting up sysctl: 1 error occurred:
    * write sysctl net.ipv4.conf.all.src_valid_mark: open /proc/sys/net/ipv4/conf/all/src_valid_mark: read-only file system
2024-10-24T22:53:40+01:00 INFO client/internal/routemanager/manager.go:144: Routing setup complete
2024-10-24T22:53:40+01:00 INFO client/firewall/create_linux.go:77: creating an nftables firewall manager
2024-10-24T22:53:40+01:00 WARN client/firewall/nftables/router_linux.go:672: Will use nftables to manipulate the filter table because iptables is not available: exec: "iptables": executable file not found in $PATH
2024-10-24T22:53:40+01:00 WARN client/firewall/nftables/router_linux.go:579: Will use nftables to manipulate the filter table because iptables is not available: exec: "iptables": executable file not found in $PATH
2024-10-24T22:53:40+01:00 INFO client/internal/dns/host_unix.go:54: System DNS manager discovered: file
2024-10-24T22:53:40+01:00 INFO client/internal/engine.go:1415: Network monitor is disabled, not starting
2024-10-24T22:53:40+01:00 INFO client/internal/connect.go:268: Netbird engine started, the IP is: 100.100.156.247/16
2024-10-24T22:53:40+01:00 INFO client/internal/peer/guard/sr_watcher.go:106: reconnected to Signal or Relay server
2024-10-24T22:53:40+01:00 INFO signal/client/grpc.go:149: connected to the Signal Service stream
2024-10-24T22:53:40+01:00 INFO management/client/grpc.go:155: connected to the Management Service stream
2024-10-24T22:53:40+01:00 WARN client/internal/engine.go:597: running SSH server is not permitted
2024-10-24T22:53:40+01:00 INFO client/internal/acl/manager.go:56: ACL rules processed in: 5.331326ms, total rules count: 2
2024-10-24T22:53:40+01:00 ERRO client/internal/dns/server.go:323: unable to configure DNS for this peer using file manager without a nameserver group with all domains configured
2024-10-24T22:53:41+01:00 INFO [relay: rels://streamline-es-mad1-1.relay.netbird.io:443] relay/client/client.go:218: open connection to peer: sha-+ju9dRpgU2+YM9vZdVnMtio6wQfAYnwJ1/I0VD/cM8M=
2024-10-24T22:53:41+01:00 INFO client/iface/wgproxy/ebpf/proxy.go:102: turn conn added to wg proxy store: rels://streamline-es-mad1-1.relay.netbird.io:443, endpoint port: :1
2024-10-24T22:53:41+01:00 INFO [peer: Di/FE4rutCP4Qs1r4/rbAU2lThnzpy+l3lODD4ywRXI=] client/internal/peer/conn.go:436: created new wgProxy for relay connection: 127.0.0.1:1
2024-10-24T22:53:41+01:00 INFO [peer: Di/FE4rutCP4Qs1r4/rbAU2lThnzpy+l3lODD4ywRXI=] client/internal/peer/conn.go:465: start to communicate with peer via relay
2024-10-24T22:53:44+01:00 INFO [peer: Di/FE4rutCP4Qs1r4/rbAU2lThnzpy+l3lODD4ywRXI=] client/internal/peer/guard/guard.go:84: start reconnect loop...

key is already revoked

lfarkas commented 2 weeks ago

first one is reported upstream: https://github.com/netbirdio/netbird/issues/2290 second is just a warning 3th are can't working on homeassistant, but in this case netbird normally will not like to try to connect outside by hostname