Help running lokinet daemon in Docker

[jcalfee]

I would like to try and run lokinet from Docker. I'm in a bit over my head but did make some progress. I would appreciate any feedback!

Early in the experiment, I abandoned trying to run the daemon as non-root.. I did document the error in the comments below incase that is of interest. Also, I hope it works out to run the lokinet-bootstrap inside of a layer; seems like that should be ok.

Looks like the error is related to the docker system bus: Failed to connect to system bus to set DNS: No such file or directory. Because your message mentions DNS I suspect the docker systemctl replacement is not going to work as mentioned here: https://stackoverflow.com/a/63642719/766233 ..

FROM debian:11

ENV DEBIAN_FRONTEND=noninteractive

RUN\
  echo "resolvconf resolvconf/linkify-resolvconf boolean false" | debconf-set-selections &&\
  apt update && apt install -y lsb-release resolvconf curl &&\
  curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg &&\
  echo "deb https://deb.oxen.io $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/oxen.list &&\
  apt update && apt install -y lokinet

#ENV user=user
#RUN groupadd -g 1000 $user
#RUN useradd -s /bin/bash -d /home/$user -m -g 1000 -u 1000 $user
#USER $user
#WORKDIR /home/$user
#ENV HOME /home/$user
#>ERROR: "[ERR] [](54) 2021-12-30 18:00:28.625 GMT [+0.008s] ../llarp/handlers/tun.cpp:915  endpoint:yxenp9pcnirea9pabz7zytij958boikzbmqtq6cuax5gbb3c7h1y.loki failed to set up network interface: cannot set interface name: Operation not permitted"

RUN\
  lokinet -g &&\
  lokinet-bootstrap

CMD lokinet

$ docker run --rm --network=host --cap-add=CAP_NET_ADMIN --cap-add=CAP_NET_BIND_SERVICE --device /dev/net/tun --name lokinet lokinet ... [NFO] lokinet 2021-12-30 17:56:43.981 GMT [+0.001s] ../daemon/lokinet.cpp:238 Using config file: "/var/lib/lokinet/lokinet.ini" [NFO] lokinet 2021-12-30 17:56:43.981 GMT [+0.001s] ../llarp/context.cpp:64 lokinet-0.9.8-deb0.9.8-1~deb11 A Series of Tubes [NFO] lokinet 2021-12-30 17:56:43.981 GMT [+0.001s] ../llarp/context.cpp:65 starting up [NFO] lokinet 2021-12-30 17:56:43.984 GMT [+0.004s] ../llarp/router/router.cpp:1118 Bound RPC server to tcp://127.0.0.1:1190 [NFO] lokinet 2021-12-30 17:56:43.985 GMT [+0.005s] ../llarp/router/router.cpp:657 Loaded 3 bootstrap routers [NFO] lokinet 2021-12-30 17:56:43.985 GMT [+0.005s] ../llarp/router/router.cpp:728 router profiling enabled [NFO] lokinet 2021-12-30 17:56:43.985 GMT [+0.005s] ../llarp/router/router.cpp:731 no profiles file at "/var/lib/lokinet/profiles.dat" skipping [NFO] lokinet 2021-12-30 17:56:43.985 GMT [+0.005s] ../llarp/handlers/tun.cpp:171 endpoint:yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.loki setting to be reachable by default [NFO] lokinet 2021-12-30 17:56:43.986 GMT [+0.006s] ../llarp/handlers/tun.cpp:338 endpoint:yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy.loki skipping loading addr map at "/var/lib/lokinet/addrmap.dat" as it does not currently exist

[WRN] 2021-12-30 17:56:44.005 GMT [+0.025s] ../llarp/router/systemd_resolved.cpp:81 Failed to connect to system bus to set DNS: No such file or directory [WRN] 2021-12-30 17:56:44.232 GMT [+0.252s] ../llarp/path/pathbuilder.cpp:346 endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki has no first hop candidate [WRN] 2021-12-30 17:56:44.232 GMT [+0.252s] ../llarp/service/endpoint.cpp:118 could not publish descriptors for endpoint endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki because we couldn't get enough valid introductions [WRN] 2021-12-30 17:56:44.232 GMT [+0.252s] ../llarp/path/pathbuilder.cpp:346 endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki has no first hop candidate [WRN] 2021-12-30 17:56:44.481 GMT [+0.501s] ../llarp/path/pathbuilder.cpp:346 endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki has no first hop candidate [WRN] 2021-12-30 17:56:44.732 GMT [+0.752s] ../llarp/path/pathbuilder.cpp:346 endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki has no first hop candidate [WRN] 2021-12-30 17:56:45.232 GMT [+1.252s] ../llarp/service/endpoint.cpp:118 could not publish descriptors for endpoint endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki because we couldn't get enough valid introductions [WRN] 2021-12-30 17:56:46.236 GMT [+2.256s] ../llarp/service/endpoint.cpp:617 Cannot publish intro set because we only have 1 paths, but need 2 [WRN] 2021-12-30 17:56:46.236 GMT [+2.256s] ../llarp/service/endpoint.cpp:178 failed to publish intro set for endpoint endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki [WRN] 2021-12-30 17:56:47.735 GMT [+3.755s] ../llarp/path/pathbuilder.cpp:346 endpoint:gcrcmupbmbywoabef6honkky35crb66p371oe5wpsadq5deqaxto.loki has no first hop candidate ...

[majestrate]

we actually provide docker images for lokinet (here), feedback on those would be great.

[jcalfee]

Yes, I saw that. That looks like it is only for building and not running. I'm trying to run it in Docker..

[jcalfee]

wait .. I just saw this:

version: '2'
services:
  lokinet:
    image: registry.oxen.rocks/lokinet-exit:latest
    privileged: true
    tty: true
    tmpfs:
      - /run
      - /tmp
    volumes:
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - /sys/fs/cgroup/systemd
      - data:/data

volumes:
  data:

I'll give that a try now.

[majestrate]

you can replace the registry.oxen.rocks/lokinet-exit:latest image with your own image that is derived from registry.oxen.rocks/lokinet-base and it should work.

[jcalfee]

First I tried the registry.oxen.rocks image.

image: registry.oxen.rocks/lokinet-exit:latest $ docker-compose up

This leads me to believe that docker needs some configuration: https://serverfault.com/questions/1053187/systemd-fails-to-run-in-a-docker-container-when-using-cgroupv2-cgroupns-priva

I tried your suggestion (replace image with my own image) and perhaps muddied the water a bit with the original system buss fail message and an additional error:

Dockerfile above, image: lokinet

[jcalfee]

Sorry, I missed the "derived from registry.oxen.rocks/lokinet-base" part. So I can build using my Docker and deriving from lokinet-base image. I just removed my echo statement adding /etc/apt/sources.list.d/lokinet.list (now a duplicate). It builds. However, it fails in the same way as main image docker-compose/lokinet-exit:latest above:

[majestrate]

ubuntu host?

[jcalfee]

Debian 9 (stretch)

[majestrate]

i do recall ubuntu impish as host is totally non functional. debian bullseye should work

[jcalfee]

Looks like Debian bullseye as a host without any special configuration all works the same as above.

[majestrate]

aka, does not work, right?

[jcalfee]

Correct.. Same errors specifically the DNS error. If I do get this figured out, I will be packaging up the lokinet daemon with a fully open source browser and running everything in the container under x11docker. That way I know I can have this anytime anywhere without being too concerned the security on the host.

[majestrate]

If you are planning on doing something like x11docker then our docker base images are probably not the right thing for you. i would suggest doing your original approach and setting dns via /etc/resolv.conf and ignoring the systemd warnings about dns.

[jcalfee]

Thanks .. Guess this can be closed now but I'll post an update if I can get that working.

[majestrate]

echo 'nameserver 127.3.2.1' > /etc/resolv.conf

this stomps the existing dns settings and makes lokinet own all dns resolution