search

truenas / charts

TrueNAS SCALE Apps Catalogs & Charts
BSD 3-Clause "New" or "Revised" License
301 stars 290 forks source link

Zerotier does not have persistent storage. #2571

Closed sync-by-unito[bot] closed 3 months ago

sync-by-unito[bot] commented 3 months ago

Hey,

I tried using zerotier, but unfortunately it doesn’t save anything to persistent storage, so every restart of the container is leading to a clean instance of zerotier. Which leads to unauthorized devices in zerotier and a unusable app.

thanks

┆Attachments: IMG_0478.jpeg

stavros-k commented 3 months ago

Hello, can you please provide information on what needs to be persisted? I've re-checked zerotier docs for containers and I dont see any mentions for persisting data.

Thanks

sync-by-unito[bot] commented 3 months ago

➤ Marek commented:

Hi,

Every Docker I found suggests a persistent storage path when starting:

  1. Example Source:

https://github.com/zyclonite/zerotier-docker ( https://github.com/zyclonite/zerotier-docker|smart-link )

docker run --name zerotier-one --device=/dev/net/tun --net=host \ --cap-add=NET_ADMIN --cap-add=SYS_ADMIN \ -v /var/lib/zerotier-one:/var/lib/zerotier-one zyclonite/zerotierIt also mounts /var/lib/zerotier-one to /var/lib/zerotier-one inside the container, allowing your service container to persist its state across restarts of the container itself. If you don't do this it'll generate a new identity every time. You can put the actual data somewhere other than /var/lib/zerotier-one if you want.

  1. On every other system it’s also using persistent storage.

https://docs.zerotier.com/config/ ( https://docs.zerotier.com/config/|smart-link )

That’s why I think it’s useful to have a secured connection which is not losing all its settings.

Greetings

Marek

sync-by-unito[bot] commented 3 months ago

➤ Stavros Kois commented:

Hello,

We are using the official Zerotier container, on their docs they don’t mention anything regarding data persistence in the container. Tho this is not an issue, we can add persistence if its needed. But I really want to understand why official docs do not mention it, there’s gotta be a reason.

That being said, I’ve looked in official container entrypoint, and if you provide the values for identity etc, it will create those files with the values you provided. instead of generating new ones. https://github.com/zerotier/ZeroTierOne/blob/e32fecd16deeab0df65e4aad15ef3e096e35c5a9/entrypoint.sh.release#L23-L31 ( https://github.com/zerotier/ZeroTierOne/blob/e32fecd16deeab0df65e4aad15ef3e096e35c5a9/entrypoint.sh.release#L23-L31|smart-link )

More info about the fields here https://github.com/zerotier/ZeroTierOne/blob/e32fecd16deeab0df65e4aad15ef3e096e35c5a9/README.docker.md#environment-variables ( https://github.com/zerotier/ZeroTierOne/blob/e32fecd16deeab0df65e4aad15ef3e096e35c5a9/README.docker.md#environment-variables|smart-link )

Thanks

sync-by-unito[bot] commented 3 months ago

➤ Marek commented:

Hi,

Opened an issue on GitHub: https://github.com/zerotier/ZeroTierOne/issues/2310 ( https://github.com/zerotier/ZeroTierOne/issues/2310|smart-link )

Greetings

Marek

sync-by-unito[bot] commented 3 months ago

➤ Marek commented:

Hi again,

as far as I found out , I just need this section to have persistent data, coz there is also no way with ix to set the path while starting the container (like line 3 below).

Would be nice if you could add it 😉

!IMG_0478.jpeg|width=614,height=357,alt="IMG_0478.jpeg"!

To your point why they did not add it I can just assume, that it’s not necessary coz u can use the argument (line 3) when starting the container with regular docker instances.

docker run --name zerotier-one --device=/dev/net/tun --net=host \ --cap-add=NET_ADMIN --cap-add=SYS_ADMIN \ -v /var/lib/zerotier-one:/var/lib/zerotier-one zerotier/zerotierThx 😊

stavros-k commented 3 months ago

Hello, from what I can see in the issue on the ZeroTier repo, first suggest was to use the environment variables.

In TrueNAS you can use this fields image

You can use the zerotier-idtool to create the files, and copy the contents (not the host paths) in the fields above.

That being said, If you think what I said above does not work, please let me know and I'll go ahead and add the storage section.

sync-by-unito[bot] commented 3 months ago

➤ Marek commented:

Hi,

U are right, u can use the tool, but to be honest… if u are not used to shell it’s pretty hard. In terms of „zero to less config vpn“ it would be pretty nice to implement the storage section and maybe add the description that the path has to be set if u want to have the settings saved.

If I could ask for another helpful field it would be to set a MAC address so my and every other router doesn’t get spammed by a new mac every time the container starts.

Greeting from a user that is not used to shell ☺️

Marek

sync-by-unito[bot] commented 3 months ago

➤ Stavros Kois commented:

Hello, MAC address cannot be set on kubernetes pods.

I’ll add the ability to add “additional storage”, but cannot add a “dedicated” field for it (with prepdefined container path), as this can break existing installs that use the field(s).

sync-by-unito[bot] commented 3 months ago

➤ Marek commented:

U are awesome ☺️ thx 🙏