samizdapp / skunkworks Goto Github PK

View Code? Open in Web Editor NEW

1.0 1.0 4.0 15.96 MB

Dockerfile 6.47% Shell 93.53%

skunkworks's People

Contributors

Stargazers

Watchers

Forkers

hoggl astew pentateu psymin

skunkworks's Issues

Wireguard container fails to build

When building the wireguard container, as the wireguard-linux-compat module is built I get the errors below:

[Build]   [wireguard] Step 15/28 : RUN make CC=gcc-9 -C kernel_modules_headers M=$(pwd)/wireguard-linux-compat/src -j$(nproc)
[Build]   [wireguard]  ---> Running in 4c88bd190856
[Build]   [wireguard] make: Entering directory '/usr/src/app/kernel_modules_headers'
[Build]   [wireguard]   CC [M]  /usr/src/app/wireguard-linux-compat/src/main.o
[Build]   [wireguard]   CC [M]  /usr/src/app/wireguard-linux-compat/src/noise.o
[Build]   [wireguard]   CC [M]  /usr/src/app/wireguard-linux-compat/src/device.o
[Build]   [wireguard]   CC [M]  /usr/src/app/wireguard-linux-compat/src/peer.o
[Build]   [wireguard] In file included from <command-line>:
[Build]   /usr/src/app/wireguard-linux-compat/src/compat/compat.h:41:2: error: #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]      41 | #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]         |  ^~~~~
[Build]
[Build]   [wireguard] In file included from <command-line>:
[Build]   /usr/src/app/wireguard-linux-compat/src/compat/compat.h:41:2: error: #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]      41 | #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]         |  ^~~~~
[Build]
[Build]   [wireguard] In file included from <command-line>:
[Build]   /usr/src/app/wireguard-linux-compat/src/compat/compat.h:41:2: error: #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]      41 | #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]         |  ^~~~~
[Build]
[Build]   [wireguard] In file included from <command-line>:
[Build]   /usr/src/app/wireguard-linux-compat/src/compat/compat.h:41:2: error: #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]      41 | #error "WireGuard has been merged into Linux >= 5.6 and therefore this compatibility module is no longer required."
[Build]         |  ^~~~~
[Build]
[Build]   [wireguard] make[1]: *** [scripts/Makefile.build:280: /usr/src/app/wireguard-linux-compat/src/main.o] Error 1
[Build]   make[1]: *** Waiting for unfinished jobs....
[Build]
[Build]   [wireguard] make[1]: *** [scripts/Makefile.build:280: /usr/src/app/wireguard-linux-compat/src/noise.o] Error 1
[Build]
[Build]   [wireguard] make[1]: *** [scripts/Makefile.build:280: /usr/src/app/wireguard-linux-compat/src/peer.o] Error 1
[Build]
[Build]   [wireguard] make[1]: *** [scripts/Makefile.build:280: /usr/src/app/wireguard-linux-compat/src/device.o] Error 1
[Build]
[Build]   [wireguard] make: *** [Makefile:1825: /usr/src/app/wireguard-linux-compat/src] Error 2
[Build]
[Build]   [wireguard] make: Leaving directory '/usr/src/app/kernel_modules_headers'

The following line is responsible for the error:

skunkworks/services/wireguard/Dockerfile

Line 35 in b1746bc

 RUN make CC=gcc-9 -C kernel_modules_headers M=$(pwd)/wireguard-linux-compat/src -j$(nproc) 

Not being familiar with wireguard and not yet having gotten balena push ... to succeed, I'm not sure what the correct fix is.

If I comment out the above line, as well as

skunkworks/services/wireguard/Dockerfile

Line 44 in b1746bc

COPY --from=builder /usr/src/app/wireguard-linux-compat/src/wireguard.ko .

and

skunkworks/services/wireguard/install.sh

Line 6 in b1746bc

insmod /wireguard/wireguard.ko || true

then wireguard appears to build, but the service appears to get stuck in a ~20 second restart loop:

[Logs]    [3/24/2022, 7:38:22 PM] Service exited 'wireguard sha256:ff6755ec7867915246b890085d1dd1414e33a4e46618e6ad0518112196d308f6'
[Logs]    [3/24/2022, 7:38:23 PM] Restarting service 'wireguard sha256:ff6755ec7867915246b890085d1dd1414e33a4e46618e6ad0518112196d308f6'
[Logs]    [3/24/2022, 7:38:33 PM] [wireguard] upnpc : miniupnpc library test client, version 2.2.1.
[Logs]    [3/24/2022, 7:38:33 PM] [wireguard]  (c) 2005-2020 Thomas Bernard.
[Logs]    [3/24/2022, 7:38:33 PM] [wireguard] Go to http://miniupnp.free.fr/ or https://miniupnp.tuxfamily.org/
[Logs]    [3/24/2022, 7:38:33 PM] [wireguard] for more information.
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard] List of UPNP devices found on the network :
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  desc: http://10.0.0.48:80/description.xml
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  st: urn:schemas-upnp-org:device:basic:1
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  desc: http://10.0.0.48:80/description.xml
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  st: uuid:2f402f80-da50-11e1-9b23-001788416c46
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  desc: http://10.0.0.48:80/description.xml
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  st: upnp:rootdevice
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  desc: http://10.0.0.1:49152/IGDdevicedesc_brlan0.xml
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]  st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
[Logs]    [3/24/2022, 7:38:36 PM] [wireguard]
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] Found valid IGD : http://10.0.0.1:49152/upnp/control/WANIPConnection0
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] Local LAN ip address : 10.0.0.87
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] ExternalIPAddress = REDACTED
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] AddPortMapping(51819, 51819, 10.0.0.87) failed with code 718 (ConflictInMappingEntry)
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] Warning: `/wireguard/wgone.conf' is world accessible
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] wg-quick: `wgone' is not a WireGuard interface
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] Warning: `/wireguard/wgtwo.conf' is world accessible
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] wg-quick: `wgtwo' is not a WireGuard interface
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] Warning: `/wireguard/wgone.conf' is world accessible
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip link add wgone type wireguard
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] wg setconf wgone /dev/fd/63
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip -4 address add 10.128.0.1/32 dev wgone
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip link set mtu 1420 up dev wgone
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip -4 route add 10.128.0.12/32 dev wgone table wgone
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip -4 route add 10.128.0.10/32 dev wgone table wgone
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip rule add from 10.128.0.1 table wgone prio 1
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] RTNETLINK answers: File exists
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip link delete dev wgone
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] Warning: `/wireguard/wgtwo.conf' is world accessible
[Logs]    [3/24/2022, 7:38:37 PM] [wireguard] [#] ip link add wgtwo type wireguard
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] wg setconf wgtwo /dev/fd/63
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] ip -4 address add 10.128.0.2/32 dev wgtwo
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] ip link set mtu 1420 up dev wgtwo
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] ip -4 route add 10.128.0.12/32 dev wgtwo table wgtwo
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] ip -4 route add 10.128.0.10/32 dev wgtwo table wgtwo
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] ip rule add from 10.128.0.2 table wgtwo prio 2
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] RTNETLINK answers: File exists
[Logs]    [3/24/2022, 7:38:38 PM] [wireguard] [#] ip link delete dev wgtwo
[Logs]    [3/24/2022, 7:38:38 PM] Service exited 'wireguard sha256:ff6755ec7867915246b890085d1dd1414e33a4e46618e6ad0518112196d308f6'
[Logs]    [3/24/2022, 7:38:39 PM] Restarting service 'wireguard sha256:ff6755ec7867915246b890085d1dd1414e33a4e46618e6ad0518112196d308f6'

Device used is raspberry pi 4

Investigate split-horizon DNS with 1 pihole instance

We currently configure two pihole containers, each with it's own dnsmasq bound to each wireguard interface, such that we can support client roaming.

dnsmasq should be up to the task of binding to both interfaces and doing split-horizon internally, which would significantly cleanup our docker-compose.

PiHole: Unable to resolve hostname

When starting pihole1 it errors out saying "Unable to resolve host, name or service not known".
Running nslookup $HOSTNAME works in balneaOS but not in a container with options --privileged, --network host and --dns 127.0.0.1. There it times out.
Is this a firewall issue? I would've thought docker host networking would skip that for local communication.

There's also another issue, dnsmasq is unable to assign to the 10.0.0.0 network configured here:
I assume this is meant to be the wireguard network of 10.128.0.0/31?

skunkworks/docker-compose.yml

Line 57 in b1746bc

# - PIHOLE_ADDRESS=10.0.0.1

PiHole restarts every couple minutes

We have two pihole containers to implement split-horizon DNS, but this bug shows up even with only one.

PiHole container does a shutdown and restart cycle every several minutes. This spams the logs and causes spotty performance. It works fine while it's up.

Error on wesher container bring-up

When I run:

balena push <id>.local

It does the docker-compose stuff mostly as expected, but eventually reaches a looping state where the log for the wesher container periodically (sometimes second sometimes more than a minute) errors and restarts, saying the command /run.sh is not found:

...
[Logs]    [3/20/2022, 6:03:37 PM] Restarting service 'wesher sha256:05487d7e9164e34c342697b1b3f18aa73341326e7db415b44060a8dc95dded53'
[Logs]    [3/20/2022, 6:03:37 PM] Starting service 'wireguard sha256:c459291d6e21dd1337ad26862e6f41c3cf6b5abec45ec28c7afa34ebd412051f'
[Logs]    [3/20/2022, 6:03:37 PM] [wesher] Command not found: /run.sh
[Logs]    [3/20/2022, 6:03:38 PM] Service exited 'wesher sha256:05487d7e9164e34c342697b1b3f18aa73341326e7db415b44060a8dc95dded53'
[Logs]    [3/20/2022, 6:03:40 PM] Restarting service 'wesher sha256:05487d7e9164e34c342697b1b3f18aa73341326e7db415b44060a8dc95dded53'
[Logs]    [3/20/2022, 6:03:39 PM] [wesher] Command not found: /run.sh
[Logs]    [3/20/2022, 6:03:40 PM] Service exited 'wesher sha256:05487d7e9164e34c342697b1b3f18aa73341326e7db415b44060a8dc95dded53'
[Logs]    [3/20/2022, 6:03:42 PM] Restarting service 'wesher sha256:05487d7e9164e34c342697b1b3f18aa73341326e7db415b44060a8dc95dded53'
[Logs]    [3/20/2022, 6:03:42 PM] [wesher] Command not found: /run.sh
[Logs]    [3/20/2022, 6:03:43 PM] Service exited 'wesher sha256:05487d7e9164e34c342697b1b3f18aa73341326e7db415b44060a8dc95dded53'
...

After a lot of digging (I don't have extensive experience with docker or balena) I found that /run.sh was being passed as an argument to the entry point script /usr/bin/entry.sh (set in an ancestor docker image), which was directly generating the error message after testing for the presence of /run.sh using command -v /run.sh.

I managed to get past this issue by adding commands to the wesher image's Dockerfile to chmod a+x each of the three scripts that get copied into the image:

...
COPY run.sh run.sh
COPY hosts_updated.sh .
COPY watch_hosts.sh .
RUN chmod a+x run.sh
RUN chmod a+x hosts_updated.sh
RUN chmod a+x watch_hosts.sh
CMD [ "/run.sh" ]

Don't know whether that's the appropriate fix, but hopefully it helps someone else avoid a lot of debugging.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble