search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.33k stars 520 forks source link

Can not start netbird on IKuai's docker. #1332

Open duanyunlun opened 1 year ago

duanyunlun commented 1 year ago

Describe the problem I setup the docker in IKuai's docker plugin but the netbird's log shows that I may lost some Environment variables, which I don't know what are they. Hope anyone can explain the Environment variables meaning to me:

SYS_ADMIN SYS_RESOURCE NET_ADMIN NET_RAW BPF

Here's the IKuai's docker settings (doc_LAN is the network of docker, not the Host LAN) image

Here's the logs:

2023-11-27T08:50:33Z INFO client/internal/login.go:130: peer has been successfully registered on Management Service
2023-11-27T08:50:33Z INFO client/internal/connect.go:47: starting NetBird client version 0.24.3
2023-11-27T08:50:35Z WARN client/internal/wgproxy/factory_linux.go:15: failed to initialize ebpf proxy, fallback to user space proxy: failed to set memlock rlimit: operation not permitted
2023-11-27T08:50:35Z ERRO client/internal/routemanager/manager.go:42: server router is not supported: couldn't initialize nftables or iptables clients. Using a dummy firewall manager for route rules
2023-11-27T08:50:35Z INFO iface/module_linux.go:76: couldn't access device /dev/net/tun, go error stat /dev/net/tun: no such file or directory, will attempt to load tun module, if running on container add flag --cap-add=NET_ADMIN
......
bcmmbaga commented 1 year ago

Hi @duanyunlun, these are related to Docker runtime privileges and Linux capabilities. SYS_ADMIN, SYS_RESOURCE, NET_ADMIN, and BPF are capability keys that allow additional capabilities to give Docker more privileges. Please refer to the Docker documentation here for a more detailed explanation regarding the use case for each.

Could you please try running the following command to start the Netbird client in Docker

docker run --rm --name PEER_NAME --hostname PEER_NAME --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --cap-add=SYS_RESOURCE -d -e NB_SETUP_KEY=<SETUP KEY> -v netbird-client:/etc/netbird netbirdio/netbird:latest

duanyunlun commented 12 months ago

@bcmmbaga The IKuai's docker can not run custom command, so I think it can not be used as a "Normal" Docker Engine.

mlsmaycon commented 11 months ago

Hello @duanyunlun can you check this page https://bbs.ikuai8.com/forum.php?mod=viewthread&tid=143433&highlight=docker? It seems that there is support for the --cap-add flags in recent version, at least the first comment there states that all docker functionality is there (if my translated is correct).