From b38061480e110c7ec2e4b4a6003c6ed745c8e4b9 Mon Sep 17 00:00:00 2001 From: tt2468 Date: Tue, 18 Oct 2022 22:56:42 -0700 Subject: [PATCH 01/63] Add missing line ending in ingress postUp command Adds a missing line ending in the postUp masquerade command. This missing line is sneaky, and only seems to pose an issue when both ingress and egress modes are enabled. --- logic/gateway.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic/gateway.go b/logic/gateway.go index 19014183..8efa387e 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -322,7 +322,7 @@ func firewallNFTCommandsCreateIngress(networkInterface string) (string, string) postUp += "nft add rule ip filter FORWARD oifname " + networkInterface + " counter accept ; " postUp += "nft add table nat ; " postUp += "nft add chain nat postrouting ; " - postUp += "nft add rule ip nat postrouting oifname " + networkInterface + " counter masquerade" + postUp += "nft add rule ip nat postrouting oifname " + networkInterface + " counter masquerade ; " // doesn't remove potentially empty tables or chains postDown := "nft flush table filter ; " From 141c0a9b96d94bf19cd452fe73a2b5f14e8374e0 Mon Sep 17 00:00:00 2001 From: Yassine Messaoudi Date: Wed, 19 Oct 2022 14:44:40 +0100 Subject: [PATCH 02/63] fix #1603 [GUI] add search bar - Add search bar for networks view. - Used levenchtein distance to get search suggestions. --- netclient/gui/gui.go | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/netclient/gui/gui.go b/netclient/gui/gui.go index 43ebfd49..4db728bc 100644 --- a/netclient/gui/gui.go +++ b/netclient/gui/gui.go @@ -10,6 +10,8 @@ import ( "fyne.io/fyne/v2/container" "fyne.io/fyne/v2/theme" "fyne.io/fyne/v2/widget" + "github.com/agnivade/levenshtein" + "github.com/gravitl/netmaker/logger" "github.com/gravitl/netmaker/netclient/functions" "github.com/gravitl/netmaker/netclient/gui/components" @@ -48,15 +50,48 @@ func Run(networks []string) error { views.SetView(views.NetDetails, netDetailsViews) window.SetFixedSize(false) + searchBar := widget.NewEntry() + searchBar.PlaceHolder = "Search a Network ..." + searchBar.TextStyle = fyne.TextStyle{ + Italic: true, + } + searchBar.OnChanged = func(text string) { + if text == "" { + networkView = container.NewVScroll(views.GetNetworksView(networks)) + networkView.SetMinSize(fyne.NewSize(400, 300)) + views.RefreshComponent(views.Networks, networkView) + views.ShowView(views.Networks) + return + } + + opts := []string{} + for _, n := range networks { + r := levenshtein.ComputeDistance(text, n) + if r <= 2 { + opts = append(opts, n) + } + } + + // fmt.Println(opts) + networkView = container.NewVScroll(views.GetNetworksView(opts)) + networkView.SetMinSize(fyne.NewSize(400, 300)) + views.RefreshComponent(views.Networks, networkView) + views.ShowView(views.Networks) + opts = nil + } + toolbar := container.NewCenter(widget.NewToolbar( components.NewToolbarLabelButton("Networks", theme.HomeIcon(), func() { + searchBar.Show() views.ShowView(views.Networks) views.ClearNotification() }, components.Blue_color), components.NewToolbarLabelButton("Join new", theme.ContentAddIcon(), func() { + searchBar.Hide() views.ShowView(views.Join) }, components.Gravitl_color), components.NewToolbarLabelButton("Uninstall", theme.ErrorIcon(), func() { + searchBar.Hide() confirmView := views.GetConfirmation("Confirm Netclient uninstall?", func() { views.ShowView(views.Networks) }, func() { @@ -96,8 +131,9 @@ func Run(networks []string) error { views.CurrentContent = container.NewVBox() views.CurrentContent.Add(container.NewGridWithRows( - 1, + 2, toolbar, + searchBar, )) views.CurrentContent.Add(views.GetView(views.Networks)) views.CurrentContent.Add(views.GetView(views.NetDetails)) From 57cd5eaa360a325249612088e09f7f650fd286c4 Mon Sep 17 00:00:00 2001 From: Yassine Messaoudi Date: Wed, 19 Oct 2022 14:45:38 +0100 Subject: [PATCH 03/63] update go.mod and go.sum --- go.mod | 1 + go.sum | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/go.mod b/go.mod index 97bd1fd4..50e27cf6 100644 --- a/go.mod +++ b/go.mod @@ -40,6 +40,7 @@ require ( ) require ( + github.com/agnivade/levenshtein v1.1.1 github.com/coreos/go-oidc/v3 v3.4.0 github.com/gorilla/websocket v1.5.0 golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e diff --git a/go.sum b/go.sum index 435272e3..b9b4e108 100644 --- a/go.sum +++ b/go.sum @@ -73,8 +73,12 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= +github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= +github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= @@ -118,6 +122,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= +github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= From f31d16d6199f8f6c50549b7c58102f3b3f9a8835 Mon Sep 17 00:00:00 2001 From: Petr Velan Date: Wed, 19 Oct 2022 17:09:32 +0200 Subject: [PATCH 04/63] Fixed default postgres user name to match docs Changed default SQL user from posgres to postgres --- servercfg/sqlconf.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/servercfg/sqlconf.go b/servercfg/sqlconf.go index 91dc4736..e74a5a8c 100644 --- a/servercfg/sqlconf.go +++ b/servercfg/sqlconf.go @@ -36,7 +36,7 @@ func GetSQLPort() int32 { return port } func GetSQLUser() string { - user := "posgres" + user := "postgres" if os.Getenv("SQL_USER") != "" { user = os.Getenv("SQL_USER") } else if config.Config.SQL.Username != "" { From df04e4c28a08fcdda4a8fa8af7608c08855e1cbf Mon Sep 17 00:00:00 2001 From: shanker JJ Date: Sun, 23 Oct 2022 16:36:16 +0900 Subject: [PATCH 05/63] Adding support for OpenWrt-mips arch --- netclient/bin-maker.sh | 2 +- scripts/netclient-install.sh | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/netclient/bin-maker.sh b/netclient/bin-maker.sh index 10988606..d86c4fee 100755 --- a/netclient/bin-maker.sh +++ b/netclient/bin-maker.sh @@ -20,7 +20,7 @@ function build build $_goarch $_goose 5 && build $_goarch $_goose 6 && build $_goarch $_goose 7 else echo $_out - GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out + if [ "$_goarch" == "mips" ]; then GOMIPS=softfloat; fi; GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out fi } diff --git a/scripts/netclient-install.sh b/scripts/netclient-install.sh index e49c5515..91992ce0 100755 --- a/scripts/netclient-install.sh +++ b/scripts/netclient-install.sh @@ -148,8 +148,11 @@ case $(uname | tr A-Z a-z) in arm*) dist=netclient-$CPU_ARCH ;; - mipsle) + mipsle) dist=netclient-mipsle + ;; + mips*) + dist=netclient-$CPU_ARCH ;; *) fatal "$CPU_ARCH : cpu architecture not supported" @@ -240,6 +243,8 @@ if [ "${OS}" = "OpenWRT" ] || [ "${OS}" = "TurrisOS" ]; then else wget $curl_opts -O netclient.service.tmp https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/openwrt-daemon.sh fi + elif [ "${OS}" = "OpenWRT" ] && [ "$CPU_ARCH" = "mips" ]; then + wget $curl_opts -O netclient.service.tmp https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/openwrt-daemon.sh else cat << 'END_OF_FILE' > ./netclient.service.tmp #!/bin/sh /etc/rc.common @@ -292,5 +297,4 @@ END_OF_FILE /etc/init.d/netclient start else rm -f netclient -fi - +fi \ No newline at end of file From 6c76a2bfcf2c8f4bad42116ddfdf3a148dd14520 Mon Sep 17 00:00:00 2001 From: shanker JJ Date: Mon, 24 Oct 2022 11:10:32 +0900 Subject: [PATCH 06/63] Adding support in workflow to uploade mips binary in release --- .github/workflows/buildandrelease.yml | 42 +++++++++++++++++++++++++++ netclient/bin-maker.sh | 6 +++- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/.github/workflows/buildandrelease.yml b/.github/workflows/buildandrelease.yml index 9b9b4fc2..eb4a3ac0 100644 --- a/.github/workflows/buildandrelease.yml +++ b/.github/workflows/buildandrelease.yml @@ -306,6 +306,48 @@ jobs: prerelease: true asset_name: netclient-mipsle + netclient-mips: + runs-on: ubuntu-latest + needs: version + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Set Variables + run: | + TAG=${{needs.version.outputs.tag}} + VERSION=${{needs.version.outputs.version}} + echo "NETMAKER_VERSION=${TAG}" >> $GITHUB_ENV + echo "PACKAGE_VERSION=${VERSION}" >> $GITHUB_ENV + - name: Setup go + uses: actions/setup-go@v2 + with: + go-version: 1.18 + - name: Build + run: | + cd netclient + env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mips/netclient main.go + env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mips-upx/netclient main.go && upx build/netclient-mips-upx/netclient + + - name: Upload mips to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mips/netclient + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mips + + - name: Upload upx compressed version of mips to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mips-upx/netclient + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mips-upx + netclient-freebsd: runs-on: ubuntu-latest needs: version diff --git a/netclient/bin-maker.sh b/netclient/bin-maker.sh index d86c4fee..00f59e3b 100755 --- a/netclient/bin-maker.sh +++ b/netclient/bin-maker.sh @@ -20,7 +20,11 @@ function build build $_goarch $_goose 5 && build $_goarch $_goose 6 && build $_goarch $_goose 7 else echo $_out - if [ "$_goarch" == "mips" ]; then GOMIPS=softfloat; fi; GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out + if [ "$_goarch" == "mips" ]; then + GOARM=$_goarm GOMIPS=softfloat GOARCH=mipsle GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out + else + GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out + fi fi } From 6acdedb211de612846bd7a367afd4f242115d1a3 Mon Sep 17 00:00:00 2001 From: shanker JJ Date: Tue, 25 Oct 2022 06:35:19 +0900 Subject: [PATCH 07/63] Adding comment in bin-maker.sh --- netclient/bin-maker.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/netclient/bin-maker.sh b/netclient/bin-maker.sh index 00f59e3b..05808fa4 100755 --- a/netclient/bin-maker.sh +++ b/netclient/bin-maker.sh @@ -21,6 +21,7 @@ function build else echo $_out if [ "$_goarch" == "mips" ]; then + # If the binary created through `GOMIPS=softfloat GOARCH=mipsle` is not compatible with your hardware, try changing these variables and creating a binary file compatible with your hardware. GOARM=$_goarm GOMIPS=softfloat GOARCH=mipsle GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out else GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out From 5238287426d9ff707deec29ab80d72acac546f00 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Tue, 25 Oct 2022 19:24:40 +0000 Subject: [PATCH 08/63] only split postup/postdown on freebsd --- netclient/wireguard/common.go | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/netclient/wireguard/common.go b/netclient/wireguard/common.go index d952aed0..8992f121 100644 --- a/netclient/wireguard/common.go +++ b/netclient/wireguard/common.go @@ -462,21 +462,29 @@ func UpdateWgInterface(file, privateKey, nameserver string, node models.Node) er //} //need to split postup/postdown because ini lib adds a quotes which breaks freebsd if node.PostUp != "" { - parts := strings.Split(node.PostUp, " ; ") - for i, part := range parts { - if i == 0 { - wireguard.Section(section_interface).Key("PostUp").SetValue(part) + if node.OS == "freebsd" { + parts := strings.Split(node.PostUp, " ; ") + for i, part := range parts { + if i == 0 { + wireguard.Section(section_interface).Key("PostUp").SetValue(part) + } + wireguard.Section(section_interface).Key("PostUp").AddShadow(part) } - wireguard.Section(section_interface).Key("PostUp").AddShadow(part) + } else { + wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostUp) } } if node.PostDown != "" { - parts := strings.Split(node.PostDown, " ; ") - for i, part := range parts { - if i == 0 { - wireguard.Section(section_interface).Key("PostDown").SetValue(part) + if node.OS == "freebsd" { + parts := strings.Split(node.PostDown, " ; ") + for i, part := range parts { + if i == 0 { + wireguard.Section(section_interface).Key("PostDown").SetValue(part) + } + wireguard.Section(section_interface).Key("PostDown").AddShadow(part) } - wireguard.Section(section_interface).Key("PostDown").AddShadow(part) + } else { + wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostDown) } } if node.MTU != 0 { From c384e9dc4d95b7d70cd5787604b27df765d1f9d8 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Wed, 26 Oct 2022 10:23:22 -0400 Subject: [PATCH 09/63] don't skip peer if endpoint is the same and can not set endpoint to localaddress --- logic/peers.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/logic/peers.go b/logic/peers.go index 61eeb38b..552fd3bc 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -111,9 +111,6 @@ func GetPeerUpdate(node *models.Node) (models.PeerUpdate, error) { if peer.LocalListenPort != 0 { peer.ListenPort = peer.LocalListenPort } - } else { - continue - } } // set address if setEndpoint is true From 344fb80dc3514e4f63ae246a35934f98649282ab Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Wed, 26 Oct 2022 10:32:34 -0400 Subject: [PATCH 10/63] fix finger problem (missing } --- logic/peers.go | 1 + 1 file changed, 1 insertion(+) diff --git a/logic/peers.go b/logic/peers.go index 552fd3bc..ccc797e2 100644 --- a/logic/peers.go +++ b/logic/peers.go @@ -111,6 +111,7 @@ func GetPeerUpdate(node *models.Node) (models.PeerUpdate, error) { if peer.LocalListenPort != 0 { peer.ListenPort = peer.LocalListenPort } + } } // set address if setEndpoint is true From e3801644722fe24b1aec7ce8bcb33e9628bd1ca4 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Fri, 28 Oct 2022 10:51:10 -0400 Subject: [PATCH 11/63] fix cp/paste error --- netclient/wireguard/common.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netclient/wireguard/common.go b/netclient/wireguard/common.go index 8992f121..be1ff16e 100644 --- a/netclient/wireguard/common.go +++ b/netclient/wireguard/common.go @@ -484,7 +484,7 @@ func UpdateWgInterface(file, privateKey, nameserver string, node models.Node) er wireguard.Section(section_interface).Key("PostDown").AddShadow(part) } } else { - wireguard.Section(section_interface).Key("PostUp").SetValue(node.PostDown) + wireguard.Section(section_interface).Key("PostDown").SetValue(node.PostDown) } } if node.MTU != 0 { From 9b05f234455e779f42444d39e9f5bfc567175c01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 23:23:34 +0000 Subject: [PATCH 12/63] Bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.15 to 1.14.16. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.15...v1.14.16) --- updated-dependencies: - dependency-name: github.com/mattn/go-sqlite3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 85e07b86..db1641e6 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 github.com/lib/pq v1.10.7 - github.com/mattn/go-sqlite3 v1.14.15 + github.com/mattn/go-sqlite3 v1.14.16 github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.0 diff --git a/go.sum b/go.sum index b673cacb..b31df6c1 100644 --- a/go.sum +++ b/go.sum @@ -338,8 +338,8 @@ github.com/magiconair/properties v1.8.5/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPK github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-runewidth v0.0.10 h1:CoZ3S2P7pvtP45xOtBw+/mDL2z0RKI576gSkzRRpdGg= -github.com/mattn/go-sqlite3 v1.14.15 h1:vfoHhTN1af61xCRSWzFIWzx2YskyMTwHLrExkBOjvxI= -github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= +github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= +github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/mcuadros/go-version v0.0.0-20190830083331-035f6764e8d2/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo= github.com/mdlayher/genetlink v1.2.0 h1:4yrIkRV5Wfk1WfpWTcoOlGmsWgQj3OtQN9ZsbrE+XtU= github.com/mdlayher/genetlink v1.2.0/go.mod h1:ra5LDov2KrUCZJiAtEvXXZBxGMInICMXIwshlJ+qRxQ= From 8c5d6644c94f16f72626feba12aab92bafc4daf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 23:23:38 +0000 Subject: [PATCH 13/63] Bump github.com/eclipse/paho.mqtt.golang from 1.4.1 to 1.4.2 Bumps [github.com/eclipse/paho.mqtt.golang](https://github.com/eclipse/paho.mqtt.golang) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/eclipse/paho.mqtt.golang/releases) - [Commits](https://github.com/eclipse/paho.mqtt.golang/compare/v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/eclipse/paho.mqtt.golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 85e07b86..271132d9 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/gravitl/netmaker go 1.18 require ( - github.com/eclipse/paho.mqtt.golang v1.4.1 + github.com/eclipse/paho.mqtt.golang v1.4.2 github.com/go-playground/validator/v10 v10.11.1 github.com/golang-jwt/jwt/v4 v4.4.2 github.com/google/uuid v1.3.0 diff --git a/go.sum b/go.sum index b673cacb..8273ad39 100644 --- a/go.sum +++ b/go.sum @@ -126,8 +126,8 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/eclipse/paho.mqtt.golang v1.4.1 h1:tUSpviiL5G3P9SZZJPC4ZULZJsxQKXxfENpMvdbAXAI= -github.com/eclipse/paho.mqtt.golang v1.4.1/go.mod h1:JGt0RsEwEX+Xa/agj90YJ9d9DH2b7upDZMK9HRbFvCA= +github.com/eclipse/paho.mqtt.golang v1.4.2 h1:66wOzfUHSSI1zamx7jR6yMEI5EuHnT1G6rNA5PM12m4= +github.com/eclipse/paho.mqtt.golang v1.4.2/go.mod h1:JGt0RsEwEX+Xa/agj90YJ9d9DH2b7upDZMK9HRbFvCA= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= From 92d29fef283bc5c6615a2e1b5edc614eca40426c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Oct 2022 23:23:43 +0000 Subject: [PATCH 14/63] Bump github.com/urfave/cli/v2 from 2.20.2 to 2.23.0 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.20.2 to 2.23.0. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.20.2...v2.23.0) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 85e07b86..516930db 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.0 github.com/txn2/txeh v1.3.0 - github.com/urfave/cli/v2 v2.20.2 + github.com/urfave/cli/v2 v2.23.0 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 diff --git a/go.sum b/go.sum index b673cacb..fa4f7832 100644 --- a/go.sum +++ b/go.sum @@ -453,8 +453,8 @@ github.com/txn2/txeh v1.3.0/go.mod h1:O7M6gUTPeMF+vsa4c4Ipx3JDkOYrruB1Wry8QRsMcw github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.4.0/go.mod h1:NX9W0zmTvedE5oDoOMs2RTC8RvdK98NTYZE5LbaEYPg= -github.com/urfave/cli/v2 v2.20.2 h1:dKA0LUjznZpwmmbrc0pOgcLTEilnHeM8Av9Yng77gHM= -github.com/urfave/cli/v2 v2.20.2/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= +github.com/urfave/cli/v2 v2.23.0 h1:pkly7gKIeYv3olPAeNajNpLjeJrmTPYCoZWaV+2VfvE= +github.com/urfave/cli/v2 v2.23.0/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= From 3c2bc3e683c7c2a8d55f8bb5918dc46aad2decc8 Mon Sep 17 00:00:00 2001 From: Alex Feiszli <31018251+afeiszli@users.noreply.github.com> Date: Wed, 2 Nov 2022 09:10:50 -0400 Subject: [PATCH 15/63] Update SECURITY.md --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 0c58e047..2ff2e248 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -9,4 +9,4 @@ However, there is no official bug bounty program up yet for the Netmaker project ## Reporting a Vulnerability -Please report security issues to `info@gravitl.com` +Please report security issues to `info@netmaker.io` From 1d7631d04909b53666986ae83f4093e355c55a00 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Nov 2022 14:26:25 +0000 Subject: [PATCH 16/63] Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.0 to 1.8.1. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.0...v1.8.1) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 6166c26a..83fe2007 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/mattn/go-sqlite3 v1.14.16 github.com/rqlite/gorqlite v0.0.0-20210514125552-08ff1e76b22f github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e - github.com/stretchr/testify v1.8.0 + github.com/stretchr/testify v1.8.1 github.com/txn2/txeh v1.3.0 github.com/urfave/cli/v2 v2.23.0 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd diff --git a/go.sum b/go.sum index e069dc3a..5ed27946 100644 --- a/go.sum +++ b/go.sum @@ -441,6 +441,7 @@ github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 h1:m59mIOBO4kfcNCE github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9/go.mod h1:mvWM0+15UqyrFKqdRjY6LuAVJR0HOVhJlEgZ5JWtSWU= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -449,8 +450,9 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tevino/abool v1.2.0 h1:heAkClL8H6w+mK5md9dzsuohKeXHUpY7Vw0ZCKW+huA= github.com/tevino/abool v1.2.0/go.mod h1:qc66Pna1RiIsPa7O4Egxxs9OqkuxDX55zznh9K07Tzg= From 14ff21a3a8f5750428a6f61dc255933380e24ae1 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Fri, 4 Nov 2022 14:25:01 -0400 Subject: [PATCH 17/63] updated script --- scripts/nm-quick-interactive.sh | 406 +++++++++++++++++--------------- 1 file changed, 221 insertions(+), 185 deletions(-) diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index e1258462..f9a18ee2 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -1,7 +1,5 @@ #!/bin/bash -set -e - cat << "EOF" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -19,59 +17,209 @@ cat << "EOF" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - EOF +wait_seconds() {( + for ((a=1; a <= $1; a++)) + do + echo ". . ." + sleep 1 + done +)} + +confirm() {( + while true; do + read -p 'Does everything look right? [y/n]: ' yn + case $yn in + [Yy]* ) override="true"; break;; + [Nn]* ) echo "exiting..."; exit;; + * ) echo "Please answer yes or no.";; + esac + done +)} + +if [ $(id -u) -ne 0 ]; then + echo "This script must be run as root" + exit 1 +fi + +echo "checking dependencies..." + +OS=$(uname) + +if [ -f /etc/debian_version ]; then + dependencies="wireguard wireguard-tools jq docker.io docker-compose" + update_cmd='apt update' + install_cmd='apt-get install -y' +elif [ -f /etc/alpine-release ]; then + dependencies="wireguard jq docker.io docker-compose" + update_cmd='apk update' + install_cmd='apk --update add' +elif [ -f /etc/centos-release ]; then + dependencies="wireguard jq docker.io docker-compose" + update_cmd='yum update' + install_cmd='yum install -y' +elif [ -f /etc/fedora-release ]; then + dependencies="wireguard jq docker.io docker-compose" + update_cmd='dnf update' + install_cmd='dnf install -y' +elif [ -f /etc/redhat-release ]; then + dependencies="wireguard jq docker.io docker-compose" + update_cmd='yum update' + install_cmd='yum install -y' +elif [ -f /etc/arch-release ]; then + dependecies="wireguard-tools jq docker.io docker-compose" + update_cmd='pacman -Sy' + install_cmd='pacman -S --noconfirm' +elif [ "${OS}" = "FreeBSD" ]; then + dependencies="wireguard wget jq docker.io docker-compose" + update_cmd='pkg update' + install_cmd='pkg install -y' +elif [ -f /etc/turris-version ]; then + dependencies="wireguard-tools bash jq docker.io docker-compose" + OS="TurrisOS" + update_cmd='opkg update' + install_cmd='opkg install' +elif [ -f /etc/openwrt_release ]; then + dependencies="wireguard-tools bash jq docker.io docker-compose" + OS="OpenWRT" + update_cmd='opkg update' + install_cmd='opkg install' +else + install_cmd='' +fi + +if [ -z "${install_cmd}" ]; then + echo "OS unsupported for automatic dependency install" + exit 1 +fi + +set -- $dependencies +while [ -n "$1" ]; do + if [ "${OS}" = "FreeBSD" ]; then + is_installed=$(pkg check -d $1 | grep "Checking" | grep "done") + if [ "$is_installed" != "" ]; then + echo " " $1 is installed + else + echo " " $1 is not installed. Attempting install. + ${install_cmd} $1 + sleep 5 + is_installed=$(pkg check -d $1 | grep "Checking" | grep "done") + if [ "$is_installed" != "" ]; then + echo " " $1 is installed + elif [ -x "$(command -v $1)" ]; then + echo " " $1 is installed + else + echo " " FAILED TO INSTALL $1 + echo " " This may break functionality. + fi + fi + else + if [ "${OS}" = "OpenWRT" ] || [ "${OS}" = "TurrisOS" ]; then + is_installed=$(opkg list-installed $1 | grep $1) + else + is_installed=$(dpkg-query -W --showformat='${Status}\n' $1 | grep "install ok installed") + fi + if [ "${is_installed}" != "" ]; then + echo " " $1 is installed + else + echo " " $1 is not installed. Attempting install. + ${install_cmd} $1 + sleep 5 + if [ "${OS}" = "OpenWRT" ] || [ "${OS}" = "TurrisOS" ]; then + is_installed=$(opkg list-installed $1 | grep $1) + else + is_installed=$(dpkg-query -W --showformat='${Status}\n' $1 | grep "install ok installed") + fi + if [ "${is_installed}" != "" ]; then + echo " " $1 is installed + elif [ -x "$(command -v $1)" ]; then + echo " " $1 is installed + else + echo " " FAILED TO INSTALL $1 + echo " " This may break functionality. + fi + fi + fi + shift +done + +echo "-----------------------------------------------------" +echo "dependency check complete" +echo "-----------------------------------------------------" + +wait_seconds 3 + +set -e + NETMAKER_BASE_DOMAIN=nm.$(curl -s ifconfig.me | tr . -).nip.io COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p') SERVER_PUBLIC_IP=$(curl -s ifconfig.me) MASTER_KEY=$(tr -dc A-Za-z0-9 = 0 )) || continue - break -done +echo "-----------------------------------------------------" +echo "The following subdomains will be used:" +echo " dashboard.$NETMAKER_BASE_DOMAIN" +echo " api.$NETMAKER_BASE_DOMAIN" +echo " broker.$NETMAKER_BASE_DOMAIN" +echo " prometheus.$NETMAKER_BASE_DOMAIN" +echo " netmaker-exporter.$NETMAKER_BASE_DOMAIN" +echo " grafana.$NETMAKER_BASE_DOMAIN" +echo "-----------------------------------------------------" + +if [[ "$DOMAIN_TYPE" == "custom" ]]; then + echo "is DNS configured correctly with records pointing to $SERVER_PUBLIC_IP?" + confirm fi -if [ -n "$num_clients" ]; then - NUM_CLIENTS=$num_clients -fi +wait_seconds 1 + +echo "-----------------------------------------------------" +echo "Provide Details for EE installation:" +echo " 1. Log into https://dashboard.license.netmaker.io" +echo " 2. Copy License Key Value: https://dashboard.license.netmaker.io/license-keys" +echo " 3. Retrieve Account ID: https://dashboard.license.netmaker.io/user" +echo " 4. note email address" +echo "-----------------------------------------------------" +unset LICENSE_KEY +while [ -z "$LICENSE_KEY" ]; do + read -p "License Key: " LICENSE_KEY +done +unset ACCOUNT_ID +while [ -z ${ACCOUNT_ID} ]; do + read -p "Account ID: " ACCOUNT_ID +done +unset EMAIL +while [ -z ${EMAIL} ]; do + read -p "Email Address: " EMAIL +done + +wait_seconds 2 echo "-----------------------------------------------------------------" echo " SETUP ARGUMENTS" @@ -79,41 +227,24 @@ echo "-----------------------------------------------------------------" echo " domain: $NETMAKER_BASE_DOMAIN" echo " email: $EMAIL" echo " public ip: $SERVER_PUBLIC_IP" -echo " setup mesh?: $MESH_SETUP" -echo " setup vpn?: $VPN_SETUP" -if [ "${VPN_SETUP}" == "true" ]; then -echo " # clients: $NUM_CLIENTS" -fi +echo " license: $LICENSE_KEY" +echo " account id: $ACCOUNT_ID" -while true; do - read -p 'Does everything look right? [y/n]: ' yn - case $yn in - [Yy]* ) override="true"; break;; - [Nn]* ) echo "exiting..."; exit;; - * ) echo "Please answer yes or no.";; - esac -done +echo "-----------------------------------------------------------------" +echo "Confirm Settings for Installation" +echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" + +confirm -echo "Beginning installation in 5 seconds..." +echo "-----------------------------------------------------------------" +echo "Beginning installation..." +echo "-----------------------------------------------------------------" -sleep 5 - -if [ -f "/root/docker-compose.yml" ]; then - echo "Using existing docker compose" -else - echo "Pulling docker compose" - wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml -fi - - -if [ -f "/root/mosquitto.conf" ]; then - echo "Using existing mosquitto config" -else - echo "Pulling mosquitto config" - wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf -fi +wait_seconds 3 +echo "Pulling config files..." +wget -O docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/develop/docker/wait.sh && chmod +x wait.sh mkdir -p /etc/netmaker @@ -123,6 +254,9 @@ sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml +sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml +sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml +sed -i "s/YOUR_ACCOUNT_ID/$ACCOUNT_ID/g" /root/docker-compose.yml echo "Starting containers..." @@ -157,140 +291,42 @@ done setup_mesh() {( set -e -sleep 5 + +wait_seconds 5 + echo "Creating netmaker network (10.101.0.0/16)" curl -s -o /dev/null -d '{"addressrange":"10.101.0.0/16","netid":"netmaker"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks -sleep 5 +wait_seconds 5 echo "Creating netmaker access key" curlresponse=$(curl -s -d '{"uses":99999,"name":"netmaker-key"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks/netmaker/keys) ACCESS_TOKEN=$(jq -r '.accessstring' <<< ${curlresponse}) -sleep 5 +wait_seconds 3 echo "Configuring netmaker server as ingress gateway" -curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker) -SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) + +while [ -z "$SERVER_ID" ]; do + echo "waiting for server node to become available" + wait_seconds 2 + curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker) + SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) +done curl -o /dev/null -s -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/netmaker/$SERVER_ID/createingress -sleep 5 )} -mesh_connect_logs() { -sleep 5 -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -echo "DEFAULT NETWORK CLIENT INSTALL INSTRUCTIONS:" -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -sleep 5 -echo "For Linux and Mac clients, install with the following command:" -echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" -echo "curl -sfL https://raw.githubusercontent.com/gravitl/netmaker/develop/scripts/netclient-install.sh | sudo KEY=$VPN_ACCESS_TOKEN sh -" -sleep 5 -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -echo "For Windows clients, perform the following from powershell, as administrator:" -echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" -echo "1. Make sure WireGuardNT is installed - https://download.wireguard.com/windows-client/wireguard-installer.exe" -echo "2. Download netclient.exe - wget https://github.com/gravitl/netmaker/releases/download/latest/netclient.exe" -echo "3. Install Netclient - powershell.exe .\\netclient.exe join -t $VPN_ACCESS_TOKEN" -echo "4. Whitelist C:\ProgramData\Netclient in Windows Defender" -sleep 5 -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -echo "For Android and iOS clients, perform the following steps:" -echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" -echo "1. Log into UI at dashboard.$NETMAKER_BASE_DOMAIN" -echo "2. Navigate to \"EXTERNAL CLIENTS\" tab" -echo "3. Select the gateway and create clients" -echo "4. Scan the QR Code from WireGuard app in iOS or Android" -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -sleep 5 -} - -setup_vpn() {( set -e - -echo "Creating vpn network (10.201.0.0/16)" - -sleep 5 -curl -s -o /dev/null -d '{"addressrange":"10.201.0.0/16","netid":"vpn","defaultextclientdns":"8.8.8.8"}' -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/networks - -sleep 5 - -echo "Configuring netmaker server as vpn inlet..." - -curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn) -SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) - -curl -s -o /dev/null -X POST -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/createingress - -echo "Waiting 10 seconds for server to apply configuration..." - -sleep 10 - - -echo "Configuring netmaker server vpn gateway..." - -[ -z "$GATEWAY_IFACE" ] && GATEWAY_IFACE=$(ip -4 route ls | grep default | grep -Po '(?<=dev )(\S+)') - -echo "Gateway iface: $GATEWAY_IFACE" - -curlresponse=$(curl -s -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn) -SERVER_ID=$(jq -r '.[0].id' <<< ${curlresponse}) - -EGRESS_JSON=$( jq -n \ - --arg gw "$GATEWAY_IFACE" \ - '{ranges: ["0.0.0.0/0","::/0"], interface: $gw}' ) - -echo "Egress json: $EGRESS_JSON" -curl -s -o /dev/null -X POST -d "$EGRESS_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/nodes/vpn/$SERVER_ID/creategateway - -echo "Creating client configs..." - -for ((a=1; a <= $NUM_CLIENTS; a++)) -do - CLIENT_JSON=$( jq -n \ - --arg clientid "vpnclient-$a" \ - '{clientid: $clientid}' ) - - curl -s -o /dev/null -d "$CLIENT_JSON" -H "Authorization: Bearer $MASTER_KEY" -H 'Content-Type: application/json' https://api.${NETMAKER_BASE_DOMAIN}/api/extclients/vpn/$SERVER_ID -done -sleep 5 -)} - -vpn_connect_logs() { -sleep 5 -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -echo "VPN GATEWAY CLIENT INSTALL INSTRUCTIONS:" -echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" -echo "1. log into dashboard.$NETMAKER_BASE_DOMAIN" -echo "2. Navigate to \"EXTERNAL CLIENTS\" tab" -echo "3. Download or scan a client config (vpnclient-x) to the appropriate device" -echo "4. Follow the steps for your system to configure WireGuard on the appropriate device" -echo "5. Create and delete clients as necessary. Changes to netmaker server settings require regenerating ext clients." -echo "-----------------------------------------------------------------" -echo "-----------------------------------------------------------------" -sleep 5 -} - set +e test_connection -if [ "${MESH_SETUP}" != "false" ]; then - setup_mesh -fi +wait_seconds 3 -if [ "${VPN_SETUP}" == "true" ]; then - setup_vpn -fi +setup_mesh echo "-----------------------------------------------------------------" echo "-----------------------------------------------------------------" From 3639338faa0744af340f350017e1ffd0e00b98d2 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Fri, 4 Nov 2022 14:50:54 -0400 Subject: [PATCH 18/63] updated version to v0.16.3 --- .github/ISSUE_TEMPLATE/bug-report.yml | 1 + README.md | 2 +- compose/docker-compose.ee.yml | 4 ++-- compose/docker-compose.reference.yml | 4 ++-- compose/docker-compose.yml | 4 ++-- controllers/docs.go | 2 +- k8s/client/netclient-daemonset.yaml | 2 +- k8s/client/netclient.yaml | 2 +- k8s/server/netmaker-server.yaml | 2 +- k8s/server/netmaker-ui.yaml | 2 +- netclient/netclient.exe.manifest.xml | 2 +- netclient/versioninfo.json | 6 +++--- swagger.yaml | 2 +- 13 files changed, 18 insertions(+), 17 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 67aa5d93..47868b91 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -31,6 +31,7 @@ body: label: Version description: What version are you running? options: + - v0.16.3 - v0.16.2 - v0.16.1 - v0.16.0 diff --git a/README.md b/README.md index 9624df1b..e247bda7 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@

- + diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index ece6e38c..8cde21c3 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.16.2-ee + image: gravitl/netmaker:v0.16.3-ee cap_add: - NET_ADMIN - NET_RAW @@ -55,7 +55,7 @@ services: - traefik.http.services.netmaker-api.loadbalancer.server.port=8081 netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.2 + image: gravitl/netmaker-ui:v0.16.3 depends_on: - netmaker links: diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index 17438cac..716908e3 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: # The Primary Server for running Netmaker container_name: netmaker - image: gravitl/netmaker:v0.16.2 + image: gravitl/netmaker:v0.16.3 cap_add: - NET_ADMIN - NET_RAW @@ -62,7 +62,7 @@ services: - traefik.http.services.netmaker-api.loadbalancer.server.port=8081 netmaker-ui: # The Netmaker UI Component container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.2 + image: gravitl/netmaker-ui:v0.16.3 depends_on: - netmaker links: diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 04c14749..6c9ecdeb 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.16.2 + image: gravitl/netmaker:v0.16.3 cap_add: - NET_ADMIN - NET_RAW @@ -52,7 +52,7 @@ services: - traefik.http.services.netmaker-api.loadbalancer.server.port=8081 netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.2 + image: gravitl/netmaker-ui:v0.16.3 depends_on: - netmaker links: diff --git a/controllers/docs.go b/controllers/docs.go index 427d4ace..a030cb6f 100644 --- a/controllers/docs.go +++ b/controllers/docs.go @@ -10,7 +10,7 @@ // // Schemes: https // BasePath: / -// Version: 0.16.2 +// Version: 0.16.3 // Host: netmaker.io // // Consumes: diff --git a/k8s/client/netclient-daemonset.yaml b/k8s/client/netclient-daemonset.yaml index b345e054..f90997ab 100644 --- a/k8s/client/netclient-daemonset.yaml +++ b/k8s/client/netclient-daemonset.yaml @@ -16,7 +16,7 @@ spec: hostNetwork: true containers: - name: netclient - image: gravitl/netclient:v0.16.2 + image: gravitl/netclient:v0.16.3 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/client/netclient.yaml b/k8s/client/netclient.yaml index a8097ad2..20c5217a 100644 --- a/k8s/client/netclient.yaml +++ b/k8s/client/netclient.yaml @@ -28,7 +28,7 @@ spec: # - "" containers: - name: netclient - image: gravitl/netclient:v0.16.2 + image: gravitl/netclient:v0.16.3 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/server/netmaker-server.yaml b/k8s/server/netmaker-server.yaml index f4820f3b..6ec14d96 100644 --- a/k8s/server/netmaker-server.yaml +++ b/k8s/server/netmaker-server.yaml @@ -83,7 +83,7 @@ spec: value: "Kubernetes" - name: VERBOSITY value: "3" - image: gravitl/netmaker:v0.16.2 + image: gravitl/netmaker:v0.16.3 imagePullPolicy: Always name: netmaker ports: diff --git a/k8s/server/netmaker-ui.yaml b/k8s/server/netmaker-ui.yaml index 5f80bb63..15355d66 100644 --- a/k8s/server/netmaker-ui.yaml +++ b/k8s/server/netmaker-ui.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.2 + image: gravitl/netmaker-ui:v0.16.3 ports: - containerPort: 443 env: diff --git a/netclient/netclient.exe.manifest.xml b/netclient/netclient.exe.manifest.xml index e23ebdd4..61fb25ad 100644 --- a/netclient/netclient.exe.manifest.xml +++ b/netclient/netclient.exe.manifest.xml @@ -1,7 +1,7 @@ ” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes//authenticate endpoint, as documented below. title: Netmaker - version: 0.16.2 + version: 0.16.3 paths: /api/dns: get: From a23ff58033344528ff9735b7527047b9b60b3b59 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Fri, 4 Nov 2022 17:10:00 -0400 Subject: [PATCH 19/63] interactive installer --- scripts/nm-quick-interactive.sh | 102 +++++++++++++++++++++++--------- 1 file changed, 75 insertions(+), 27 deletions(-) diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index f9a18ee2..7842a3f3 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -17,6 +17,37 @@ cat << "EOF" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - EOF +if [ -z "$1" ]; then + echo "-----------------------------------------------------" + echo "Would you like to install Netmaker Community Edition (CE), or Netmaker Enterprise Edition (EE)?" + echo "EE will require you to create an account at https://dashboard.license.netmaker.io" + echo "-----------------------------------------------------" + select install_option in "Community Edition" "Enterprise Edition"; do + case $REPLY in + 1) + echo "installing Netmaker CE" + INSTALL_TYPE="ce" + break + ;; + 2) + echo "installing Netmaker EE" + INSTALL_TYPE="ee" + break + ;; + *) echo "invalid option $REPLY";; + esac + done +elif [ "$1" = "ce" ]; then + echo "installing Netmaker CE" + INSTALL_TYPE="ce" +elif [ "$1" = "ee" ]; then + echo "installing Netmaker EE" + INSTALL_TYPE="ee" +else + echo "install type invalid (options: 'ce, ee')" + exit 1 +fi + wait_seconds() {( for ((a=1; a <= $1; a++)) do @@ -187,36 +218,45 @@ echo "The following subdomains will be used:" echo " dashboard.$NETMAKER_BASE_DOMAIN" echo " api.$NETMAKER_BASE_DOMAIN" echo " broker.$NETMAKER_BASE_DOMAIN" -echo " prometheus.$NETMAKER_BASE_DOMAIN" -echo " netmaker-exporter.$NETMAKER_BASE_DOMAIN" -echo " grafana.$NETMAKER_BASE_DOMAIN" + +if [ "$INSTALL_TYPE" = "ee" ]; then + echo " prometheus.$NETMAKER_BASE_DOMAIN" + echo " netmaker-exporter.$NETMAKER_BASE_DOMAIN" + echo " grafana.$NETMAKER_BASE_DOMAIN" +fi + echo "-----------------------------------------------------" if [[ "$DOMAIN_TYPE" == "custom" ]]; then - echo "is DNS configured correctly with records pointing to $SERVER_PUBLIC_IP?" + echo "before continuing, confirm DNS is configured correctly, with records pointing to $SERVER_PUBLIC_IP" confirm fi wait_seconds 1 -echo "-----------------------------------------------------" -echo "Provide Details for EE installation:" -echo " 1. Log into https://dashboard.license.netmaker.io" -echo " 2. Copy License Key Value: https://dashboard.license.netmaker.io/license-keys" -echo " 3. Retrieve Account ID: https://dashboard.license.netmaker.io/user" -echo " 4. note email address" -echo "-----------------------------------------------------" -unset LICENSE_KEY -while [ -z "$LICENSE_KEY" ]; do - read -p "License Key: " LICENSE_KEY -done -unset ACCOUNT_ID -while [ -z ${ACCOUNT_ID} ]; do - read -p "Account ID: " ACCOUNT_ID -done +if [ "$INSTALL_TYPE" = "ee" ]; then + + echo "-----------------------------------------------------" + echo "Provide Details for EE installation:" + echo " 1. Log into https://dashboard.license.netmaker.io" + echo " 2. Copy License Key Value: https://dashboard.license.netmaker.io/license-keys" + echo " 3. Retrieve Account ID: https://dashboard.license.netmaker.io/user" + echo " 4. note email address" + echo "-----------------------------------------------------" + unset LICENSE_KEY + while [ -z "$LICENSE_KEY" ]; do + read -p "License Key: " LICENSE_KEY + done + unset ACCOUNT_ID + while [ -z ${ACCOUNT_ID} ]; do + read -p "Account ID: " ACCOUNT_ID + done + +fi + unset EMAIL while [ -z ${EMAIL} ]; do - read -p "Email Address: " EMAIL + read -p "Email Address (for LetsEncrypt): " EMAIL done wait_seconds 2 @@ -227,9 +267,10 @@ echo "-----------------------------------------------------------------" echo " domain: $NETMAKER_BASE_DOMAIN" echo " email: $EMAIL" echo " public ip: $SERVER_PUBLIC_IP" -echo " license: $LICENSE_KEY" -echo " account id: $ACCOUNT_ID" - +if [ "$INSTALL_TYPE" = "ee" ]; then + echo " license: $LICENSE_KEY" + echo " account id: $ACCOUNT_ID" +fi echo "-----------------------------------------------------------------" echo "Confirm Settings for Installation" echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -" @@ -244,7 +285,13 @@ echo "-----------------------------------------------------------------" wait_seconds 3 echo "Pulling config files..." -wget -O docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/develop/docker/wait.sh && chmod +x wait.sh + +COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml" +if [ "$INSTALL_TYPE" = "ee" ]; then + COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml" +fi + +wget -O docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/develop/docker/wait.sh && chmod +x wait.sh mkdir -p /etc/netmaker @@ -255,9 +302,10 @@ sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml -sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml -sed -i "s/YOUR_ACCOUNT_ID/$ACCOUNT_ID/g" /root/docker-compose.yml - +if [ "$INSTALL_TYPE" = "ee" ]; then + sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml + sed -i "s/YOUR_ACCOUNT_ID/$ACCOUNT_ID/g" /root/docker-compose.yml +fi echo "Starting containers..." docker-compose -f /root/docker-compose.yml up -d From 1d53a74b5abd7acb07063514ea896036f194fe1b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Nov 2022 23:13:15 +0000 Subject: [PATCH 20/63] Bump github.com/urfave/cli/v2 from 2.23.0 to 2.23.4 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.23.0 to 2.23.4. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.23.0...v2.23.4) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 83fe2007..c77a7918 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.1 github.com/txn2/txeh v1.3.0 - github.com/urfave/cli/v2 v2.23.0 + github.com/urfave/cli/v2 v2.23.4 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 diff --git a/go.sum b/go.sum index 5ed27946..5c23c40f 100644 --- a/go.sum +++ b/go.sum @@ -461,8 +461,8 @@ github.com/txn2/txeh v1.3.0/go.mod h1:O7M6gUTPeMF+vsa4c4Ipx3JDkOYrruB1Wry8QRsMcw github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.4.0/go.mod h1:NX9W0zmTvedE5oDoOMs2RTC8RvdK98NTYZE5LbaEYPg= -github.com/urfave/cli/v2 v2.23.0 h1:pkly7gKIeYv3olPAeNajNpLjeJrmTPYCoZWaV+2VfvE= -github.com/urfave/cli/v2 v2.23.0/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= +github.com/urfave/cli/v2 v2.23.4 h1:gcaHwki8kGX6lfp2zz7irxu7eZkcIl1Xapt6XW0Ynqc= +github.com/urfave/cli/v2 v2.23.4/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= From f236686beb8c127259c4835ce15f4b7ffbf8f79c Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Wed, 9 Nov 2022 14:35:26 -0500 Subject: [PATCH 21/63] moved ee check out of ce --- logic/security.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic/security.go b/logic/security.go index 2f013804..e373d722 100644 --- a/logic/security.go +++ b/logic/security.go @@ -162,7 +162,7 @@ func UserPermissions(reqAdmin bool, netname string, token string) ([]string, str if len(netname) > 0 && (!authenticateNetworkUser(netname, userNetworks) || len(userNetworks) == 0) { return nil, username, Unauthorized_Err } - if !pro.IsUserNetAdmin(netname, username) { + if isEE && !pro.IsUserNetAdmin(netname, username) { return nil, "", Unauthorized_Err } return userNetworks, username, nil From 9c13b90d75e42396333878558eab43ba906114f1 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Wed, 9 Nov 2022 20:04:13 +0530 Subject: [PATCH 22/63] change mosquitto protocol from mqtts to wss --- compose/docker-compose.ee.yml | 8 ++++---- compose/docker-compose.reference.yml | 10 +++++----- compose/docker-compose.yml | 8 ++++---- docker/mosquitto.conf | 1 + netclient/functions/daemon.go | 4 ++-- servercfg/serverconf.go | 2 +- 6 files changed, 17 insertions(+), 16 deletions(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 8cde21c3..50899045 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -125,10 +125,10 @@ services: - "8883" labels: - traefik.enable=true - - traefik.tcp.routers.mqtt.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.tcp.routers.mqtt.tls.certresolver=http - - traefik.tcp.services.mqtt.loadbalancer.server.port=8883 - - traefik.tcp.routers.mqtt.entrypoints=websecure + - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) + - traefik.http.routers.mqtt_websocket.entrypoints=websocket + - traefik.http.routers.mqtt_websocket.tls.certresolver=http + - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 prometheus: container_name: prometheus image: gravitl/netmaker-prometheus:latest diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index 716908e3..419a8f5c 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -129,11 +129,11 @@ services: - "8883" labels: - traefik.enable=true - - traefik.tcp.routers.mqtts.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.tcp.routers.mqtts.tls.passthrough=true - - traefik.tcp.services.mqtts-svc.loadbalancer.server.port=8883 - - traefik.tcp.routers.mqtts.service=mqtts-svc - - traefik.tcp.routers.mqtts.entrypoints=websecure + - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) + - traefik.http.routers.mqtt_websocket.entrypoints=websocket + - traefik.http.routers.mqtt_websocket.tls.passthrough=true + - traefik.http.services.mqtts-svc.loadbalancer.server.port=8883 + - traefik.http.routers.mqtt_websocket.service=mqtts-svc volumes: traefik_certs: {} # ssl certificates - auto generated shared_certs: {} # netmaker certs generated for MQ comms - used by nodes/servers diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 6c9ecdeb..93d00eb1 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -122,10 +122,10 @@ services: - "8883" labels: - traefik.enable=true - - traefik.tcp.routers.mqtt.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.tcp.routers.mqtt.tls.certresolver=http - - traefik.tcp.services.mqtt.loadbalancer.server.port=8883 - - traefik.tcp.routers.mqtt.entrypoints=websecure + - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) + - traefik.http.routers.mqtt_websocket.entrypoints=websocket + - traefik.http.routers.mqtt_websocket.tls.certresolver=http + - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 volumes: traefik_certs: {} sqldata: {} diff --git a/docker/mosquitto.conf b/docker/mosquitto.conf index 299f632f..e7b92103 100644 --- a/docker/mosquitto.conf +++ b/docker/mosquitto.conf @@ -1,5 +1,6 @@ per_listener_settings false listener 8883 +protocol websockets allow_anonymous false listener 1883 diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go index 12b3ddbe..6b493506 100644 --- a/netclient/functions/daemon.go +++ b/netclient/functions/daemon.go @@ -212,7 +212,7 @@ func setupMQTTSingleton(cfg *config.ClientConfig) error { if err != nil { return fmt.Errorf("could not read secrets file %w", err) } - opts.AddBroker("mqtts://" + server + ":" + port) + opts.AddBroker("wss://" + server + ":" + port) opts.SetUsername(cfg.Node.ID) opts.SetPassword(string(pass)) mqclient = mqtt.NewClient(opts) @@ -239,7 +239,7 @@ func setupMQTT(cfg *config.ClientConfig) error { if err != nil { return fmt.Errorf("could not read secrets file %w", err) } - opts.AddBroker(fmt.Sprintf("mqtts://%s:%s", server, port)) + opts.AddBroker(fmt.Sprintf("wss://%s:%s", server, port)) opts.SetUsername(cfg.Node.ID) opts.SetPassword(string(pass)) opts.SetClientID(ncutils.MakeRandomString(23)) diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 0006ce3c..58d8b601 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -235,7 +235,7 @@ func GetMessageQueueEndpoint() (string, bool) { } else if config.Config.Server.MQHOST != "" { host = config.Config.Server.MQHOST } - secure := strings.Contains(host, "mqtts") || strings.Contains(host, "ssl") + secure := strings.Contains(host, "wss") || strings.Contains(host, "ssl") return host + ":" + GetMQServerPort(), secure } From 0d8b5ff94a08228dc0c685be8035a3d4f79962f4 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Thu, 10 Nov 2022 12:04:37 +0530 Subject: [PATCH 23/63] use websockets on port 1883 --- docker/mosquitto.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/docker/mosquitto.conf b/docker/mosquitto.conf index e7b92103..19597b80 100644 --- a/docker/mosquitto.conf +++ b/docker/mosquitto.conf @@ -4,6 +4,7 @@ protocol websockets allow_anonymous false listener 1883 +protocol websockets allow_anonymous false plugin /usr/lib/mosquitto_dynamic_security.so From 244436e3a25afa820d4533140923c96c44fdcf33 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Thu, 10 Nov 2022 12:07:49 +0530 Subject: [PATCH 24/63] change entrypoint to websecure --- compose/docker-compose.ee.yml | 2 +- compose/docker-compose.reference.yml | 2 +- compose/docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 50899045..4a4a84ea 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -126,7 +126,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.mqtt_websocket.entrypoints=websocket + - traefik.http.routers.mqtt_websocket.entrypoints=websecure - traefik.http.routers.mqtt_websocket.tls.certresolver=http - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 prometheus: diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index 419a8f5c..a04e8c23 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -130,7 +130,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.mqtt_websocket.entrypoints=websocket + - traefik.http.routers.mqtt_websocket.entrypoints=websecure - traefik.http.routers.mqtt_websocket.tls.passthrough=true - traefik.http.services.mqtts-svc.loadbalancer.server.port=8883 - traefik.http.routers.mqtt_websocket.service=mqtts-svc diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 93d00eb1..e51780bd 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -123,7 +123,7 @@ services: labels: - traefik.enable=true - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.mqtt_websocket.entrypoints=websocket + - traefik.http.routers.mqtt_websocket.entrypoints=websecure - traefik.http.routers.mqtt_websocket.tls.certresolver=http - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 volumes: From bdb221e32d7c937b871e20f6b3594d64dc90310a Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Thu, 10 Nov 2022 16:59:15 +0530 Subject: [PATCH 25/63] change HostSNI to Host --- compose/docker-compose.ee.yml | 2 +- compose/docker-compose.reference.yml | 2 +- compose/docker-compose.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 4a4a84ea..3e6937c6 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -125,7 +125,7 @@ services: - "8883" labels: - traefik.enable=true - - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) + - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`) - traefik.http.routers.mqtt_websocket.entrypoints=websecure - traefik.http.routers.mqtt_websocket.tls.certresolver=http - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index a04e8c23..0008c9e1 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -129,7 +129,7 @@ services: - "8883" labels: - traefik.enable=true - - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) + - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`) - traefik.http.routers.mqtt_websocket.entrypoints=websecure - traefik.http.routers.mqtt_websocket.tls.passthrough=true - traefik.http.services.mqtts-svc.loadbalancer.server.port=8883 diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index e51780bd..b37ece9b 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -122,7 +122,7 @@ services: - "8883" labels: - traefik.enable=true - - traefik.http.routers.mqtt_websocket.rule=HostSNI(`broker.NETMAKER_BASE_DOMAIN`) + - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`) - traefik.http.routers.mqtt_websocket.entrypoints=websecure - traefik.http.routers.mqtt_websocket.tls.certresolver=http - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 From 5384ff14e2317360fa38ee63cef5ba0809b1f85f Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Thu, 10 Nov 2022 18:45:14 +0530 Subject: [PATCH 26/63] update server connection --- servercfg/serverconf.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/servercfg/serverconf.go b/servercfg/serverconf.go index 58d8b601..aa78fb85 100644 --- a/servercfg/serverconf.go +++ b/servercfg/serverconf.go @@ -236,6 +236,11 @@ func GetMessageQueueEndpoint() (string, bool) { host = config.Config.Server.MQHOST } secure := strings.Contains(host, "wss") || strings.Contains(host, "ssl") + if secure { + host = "wss://" + host + } else { + host = "ws://" + host + } return host + ":" + GetMQServerPort(), secure } From eb2e9958b738254cc912c0bff614375bd97eeb46 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Thu, 10 Nov 2022 10:52:44 -0500 Subject: [PATCH 27/63] add ee build to docker-publish workflow and ... updated actions to latest versions --- .github/workflows/buildandrelease.yml | 16 ++-- .github/workflows/docker-builder.yml | 6 +- .github/workflows/publish-docker.yml | 94 +++++++++---------- .../publish-netclient-docker-userspace.yml | 8 +- .../workflows/publish-netclient-docker.yml | 8 +- .github/workflows/purgeGHCR.yml | 2 +- .github/workflows/test.yml | 10 +- 7 files changed, 69 insertions(+), 75 deletions(-) diff --git a/.github/workflows/buildandrelease.yml b/.github/workflows/buildandrelease.yml index eb4a3ac0..89724d50 100644 --- a/.github/workflows/buildandrelease.yml +++ b/.github/workflows/buildandrelease.yml @@ -53,7 +53,7 @@ jobs: echo "NETMAKER_VERSION=${TAG}" >> $GITHUB_ENV echo "PACKAGE_VERSION=${VERSION}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup go uses: actions/setup-go@v2 with: @@ -76,7 +76,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} @@ -180,7 +180,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} @@ -280,7 +280,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} @@ -311,7 +311,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} @@ -353,7 +353,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} @@ -428,7 +428,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} @@ -480,7 +480,7 @@ jobs: needs: version steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set Variables run: | TAG=${{needs.version.outputs.tag}} diff --git a/.github/workflows/docker-builder.yml b/.github/workflows/docker-builder.yml index 90677b59..c5164a63 100644 --- a/.github/workflows/docker-builder.yml +++ b/.github/workflows/docker-builder.yml @@ -10,11 +10,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: SetUp Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to Dockerhub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 21b7986c..55da5bde 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -26,70 +26,64 @@ jobs: echo "TAG=${TAG}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Build x86 and export to Docker - uses: docker/build-push-action@v2 - with: - context: . - load: true - platforms: linux/amd64 - tags: ${{ env.TAG }} - build-args: version=${{ env.TAG }} - - - name: Test x86 - run: | - docker run --rm ${{ env.TAG }}& - sleep 10 - kill %1 - - - name: Build arm64 and export to Docker - uses: docker/build-push-action@v2 - with: - context: . - load: true - platforms: linux/arm64 - tags: ${{ env.TAG }} - build-args: version=${{ env.TAG }} - - - name: Test arm64 - run: | - docker run --rm ${{ env.TAG }}& - sleep 10 - kill %1 - - - name: Build armv7l and export to Docker - uses: docker/build-push-action@v2 - with: - context: . - load: true - platforms: linux/arm/v7 - tags: ${{ env.TAG }} - build-args: version=${{ env.TAG }} - - - name: Test armv7l - run: | - docker run --rm ${{ env.TAG }}& - sleep 10 - kill %1 - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . platforms: linux/amd64, linux/arm64, linux/arm/v7 push: true tags: ${{ github.repository }}:${{ env.TAG }}, ${{ github.repository }}:latest build-args: version=${{ env.TAG }} + + docker-ee: + runs-on: ubuntu-latest + steps: + - + name: Set tag + run: | + if [[ -n "${{ github.event.inputs.tag }}" ]]; then + TAG=${{ github.event.inputs.tag }} + elif [[ "${{ github.ref_name }}" == 'master' ]]; then + TAG="latest" + else + TAG="${{ github.ref_name }}" + fi + echo "TAG=${TAG}" >> $GITHUB_ENV + - + name: Checkout + uses: actions/checkout@v3 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - + name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Build and push + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64, linux/arm64, linux/arm/v7 + push: true + tags: ${{ github.repository }}:${{ env.TAG }}-ee + build-args: version=${{ env.TAG }}, tags="-tags=ee" diff --git a/.github/workflows/publish-netclient-docker-userspace.yml b/.github/workflows/publish-netclient-docker-userspace.yml index eef20ea6..b0dc7c4b 100644 --- a/.github/workflows/publish-netclient-docker-userspace.yml +++ b/.github/workflows/publish-netclient-docker-userspace.yml @@ -26,16 +26,16 @@ jobs: echo "TAG=${TAG}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/publish-netclient-docker.yml b/.github/workflows/publish-netclient-docker.yml index 02f7edcb..5dbd0319 100644 --- a/.github/workflows/publish-netclient-docker.yml +++ b/.github/workflows/publish-netclient-docker.yml @@ -26,16 +26,16 @@ jobs: echo "TAG=${TAG}" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} diff --git a/.github/workflows/purgeGHCR.yml b/.github/workflows/purgeGHCR.yml index 590a858f..09edb8ba 100644 --- a/.github/workflows/purgeGHCR.yml +++ b/.github/workflows/purgeGHCR.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Prune Netmaker uses: vlaurin/action-ghcr-prune@main with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f3c75861..4685294b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go uses: actions/setup-go@v2 with: @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go uses: actions/setup-go@v2 with: @@ -40,7 +40,7 @@ jobs: runs-on: macos-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go uses: actions/setup-go@v2 with: @@ -52,7 +52,7 @@ jobs: runs-on: windows-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go uses: actions/setup-go@v2 with: @@ -72,7 +72,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Setup Go uses: actions/setup-go@v2 with: From ea854a6b98fdd09b65e1fcc95005d58d8835dc32 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Thu, 10 Nov 2022 14:54:53 -0500 Subject: [PATCH 28/63] fixed admin issue and potential panics --- controllers/ext_client.go | 2 +- controllers/network.go | 2 +- logic/auth.go | 3 +++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/controllers/ext_client.go b/controllers/ext_client.go index 3ac9a05f..9ca316c7 100644 --- a/controllers/ext_client.go +++ b/controllers/ext_client.go @@ -101,7 +101,7 @@ func getAllExtClients(w http.ResponseWriter, r *http.Request) { } clients := []models.ExtClient{} var err error - if networksSlice[0] == logic.ALL_NETWORK_ACCESS { + if len(networksSlice) > 0 && networksSlice[0] == logic.ALL_NETWORK_ACCESS { clients, err = functions.GetAllExtClients() if err != nil && !database.IsEmptyRecord(err) { logger.Log(0, "failed to get all extclients: ", err.Error()) diff --git a/controllers/network.go b/controllers/network.go index a91b5164..8121ef8f 100644 --- a/controllers/network.go +++ b/controllers/network.go @@ -57,7 +57,7 @@ func getNetworks(w http.ResponseWriter, r *http.Request) { } allnetworks := []models.Network{} var err error - if networksSlice[0] == logic.ALL_NETWORK_ACCESS { + if len(networksSlice) > 0 && networksSlice[0] == logic.ALL_NETWORK_ACCESS { allnetworks, err = logic.GetNetworks() if err != nil && !database.IsEmptyRecord(err) { logger.Log(0, r.Header.Get("user"), "failed to fetch networks: ", err.Error()) diff --git a/logic/auth.go b/logic/auth.go index 371833e9..e6a24608 100644 --- a/logic/auth.go +++ b/logic/auth.go @@ -282,6 +282,9 @@ func UpdateUser(userchange models.User, user models.User) (models.User, error) { user.Password = userchange.Password } + if userchange.IsAdmin != user.IsAdmin { + user.IsAdmin = userchange.IsAdmin + } err := ValidateUser(user) if err != nil { From 9701521680526d5c397351b3797e976f4da75611 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Thu, 10 Nov 2022 15:04:14 -0500 Subject: [PATCH 29/63] updated traefix and moquitto images in compose files added docker and github actions to dependabot --- .github/dependabot.yml | 12 ++++++++++++ compose/docker-compose.ee.yml | 4 ++-- compose/docker-compose.reference.yml | 4 ++-- compose/docker-compose.yml | 4 ++-- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7c70f02c..b52b304f 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,3 +16,15 @@ updates: schedule: interval: "weekly" target-branch: "develop" + # Enable version updates for GitHubActions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + target-branch: "develop" + # Enable version updates for docker images + - package-ecosystem: "docker" + directory: "/" + schedule: + interval: "weekly" + target-branch: "develop" diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 3e6937c6..fc8bf8fb 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -88,7 +88,7 @@ services: volumes: - dnsconfig:/root/dnsconfig traefik: - image: traefik:v2.6 + image: traefik:v2.9 container_name: traefik command: - "--certificatesresolvers.http.acme.email=YOUR_EMAIL" @@ -109,7 +109,7 @@ services: - "443:443" mq: container_name: mq - image: eclipse-mosquitto:2.0.11-openssl + image: eclipse-mosquitto:2.0.15-openssl depends_on: - netmaker restart: unless-stopped diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index 0008c9e1..aaf793cb 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -95,7 +95,7 @@ services: volumes: - dnsconfig:/root/dnsconfig traefik: # the default proxy - can be replaced with caddy or nginx, but requires careful configuration - image: traefik:v2.6 + image: traefik:v2.9 container_name: traefik command: - "--certificatesresolvers.http.acme.email=YOUR_EMAIL" @@ -116,7 +116,7 @@ services: - "443:443" mq: # the MQTT broker for netmaker container_name: mq - image: eclipse-mosquitto:2.0.11-openssl + image: eclipse-mosquitto:2.0.15-openssl depends_on: - netmaker restart: unless-stopped diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index b37ece9b..2fe91030 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -85,7 +85,7 @@ services: volumes: - dnsconfig:/root/dnsconfig traefik: - image: traefik:v2.6 + image: traefik:v2.9 container_name: traefik command: - "--certificatesresolvers.http.acme.email=YOUR_EMAIL" @@ -106,7 +106,7 @@ services: - "443:443" mq: container_name: mq - image: eclipse-mosquitto:2.0.11-openssl + image: eclipse-mosquitto:2.0.15-openssl depends_on: - netmaker restart: unless-stopped From e97566f069582383c6774a4350a230fcd335c974 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Thu, 10 Nov 2022 16:06:03 -0500 Subject: [PATCH 30/63] update to go 1.19 docker files need to be updated as go-builder is built on golang:1.19-alpine3.16 so base image for netmaker/netclient needs to be updated to apline3.16 as well --- .github/workflows/buildandrelease.yml | 16 ++++++++-------- .github/workflows/test.yml | 10 +++++----- Dockerfile | 2 +- docker/Dockerfile-go-builder | 2 +- docker/Dockerfile-netclient-doks | 2 +- docker/Dockerfile-netclient-doks-uspace | 2 +- docker/Dockerfile-netclient-multiarch | 2 +- docker/Dockerfile-netclient-multiarch-userspace | 2 +- go.mod | 2 +- 9 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/buildandrelease.yml b/.github/workflows/buildandrelease.yml index 89724d50..3251b5a5 100644 --- a/.github/workflows/buildandrelease.yml +++ b/.github/workflows/buildandrelease.yml @@ -57,7 +57,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags="-X 'main.version=${NETMAKER_VERSION}'" -o build/netmaker main.go @@ -86,7 +86,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build cli run: | @@ -190,7 +190,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | cd netclient @@ -290,7 +290,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | cd netclient @@ -321,7 +321,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | cd netclient @@ -363,7 +363,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | cd netclient @@ -438,7 +438,7 @@ jobs: - name: Setup go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | cd netclient @@ -491,7 +491,7 @@ jobs: - name: Setup go uses: actions/setup-go@v3 with: - go-version: 1.18 + go-version: 1.19 - name: Mysys2 setup uses: msys2/setup-msys2@v2 with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 4685294b..7e258420 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,7 +13,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build main.go @@ -31,7 +31,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build run: | sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev @@ -44,7 +44,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Build mac run: | env CGO_ENABLED=1 GOOS=darwin GOARCH=amd64 go build -tags=gui main.go @@ -56,7 +56,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: Mysys2 setup uses: msys2/setup-msys2@v2 with: @@ -76,7 +76,7 @@ jobs: - name: Setup Go uses: actions/setup-go@v2 with: - go-version: 1.18 + go-version: 1.19 - name: run tests run: | sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev diff --git a/Dockerfile b/Dockerfile index d45080aa..faaa8a9f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ ENV GO111MODULE=auto RUN apk add git RUN GOOS=linux CGO_ENABLED=1 go build ${tags} -ldflags="-s -X 'main.version=${version}'" . # RUN go build -tags=ee . -o netmaker main.go -FROM alpine:3.15.2 +FROM alpine:3.16.2 # add a c lib RUN apk add gcompat iptables wireguard-tools diff --git a/docker/Dockerfile-go-builder b/docker/Dockerfile-go-builder index f98268e1..a9604eaf 100644 --- a/docker/Dockerfile-go-builder +++ b/docker/Dockerfile-go-builder @@ -1,4 +1,4 @@ -FROM golang:1.18.0-alpine3.15 +FROM golang:1.19-alpine3.16 ARG version RUN apk add build-base WORKDIR /app diff --git a/docker/Dockerfile-netclient-doks b/docker/Dockerfile-netclient-doks index f01ca7d8..bc9e238b 100644 --- a/docker/Dockerfile-netclient-doks +++ b/docker/Dockerfile-netclient-doks @@ -3,7 +3,7 @@ FROM debian:buster as builder RUN apt update -y && apt install -y wget bash gcc musl-dev openssl golang git build-essential libmnl-dev iptables -RUN wget -O go.tgz https://go.dev/dl/go1.18.linux-amd64.tar.gz +RUN wget -O go.tgz https://go.dev/dl/go1.19.linux-amd64.tar.gz RUN tar -C /usr/local -xzf go.tgz diff --git a/docker/Dockerfile-netclient-doks-uspace b/docker/Dockerfile-netclient-doks-uspace index ddfea0ff..0d1d5bea 100644 --- a/docker/Dockerfile-netclient-doks-uspace +++ b/docker/Dockerfile-netclient-doks-uspace @@ -3,7 +3,7 @@ FROM debian:buster as builder RUN apt update -y && apt install -y wget bash gcc musl-dev openssl golang git build-essential libmnl-dev iptables -RUN wget -O go.tgz https://go.dev/dl/go1.18.linux-amd64.tar.gz +RUN wget -O go.tgz https://go.dev/dl/go1.19.linux-amd64.tar.gz RUN tar -C /usr/local -xzf go.tgz diff --git a/docker/Dockerfile-netclient-multiarch b/docker/Dockerfile-netclient-multiarch index f2455a2f..e168d8cb 100644 --- a/docker/Dockerfile-netclient-multiarch +++ b/docker/Dockerfile-netclient-multiarch @@ -9,7 +9,7 @@ ENV GO111MODULE=auto RUN GOOS=linux CGO_ENABLED=0 /usr/local/go/bin/go build -ldflags="-X 'main.version=${version}'" -o netclient-app netclient/main.go -FROM alpine:3.15.2 +FROM alpine:3.16.2 WORKDIR /root/ diff --git a/docker/Dockerfile-netclient-multiarch-userspace b/docker/Dockerfile-netclient-multiarch-userspace index e26c988d..c4e5bfd5 100644 --- a/docker/Dockerfile-netclient-multiarch-userspace +++ b/docker/Dockerfile-netclient-multiarch-userspace @@ -24,7 +24,7 @@ RUN git clone https://git.zx2c4.com/wireguard-tools && \ make && \ make install -FROM alpine:3.13.6 +FROM alpine:3.16.2 WORKDIR /root/ diff --git a/go.mod b/go.mod index c77a7918..6b3c4b59 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/gravitl/netmaker -go 1.18 +go 1.19 require ( github.com/eclipse/paho.mqtt.golang v1.4.2 From ae6151443e5b1075a7eecda8fd7234881f1778e4 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Fri, 11 Nov 2022 11:28:45 -0500 Subject: [PATCH 31/63] correct connect trigger endpoint --- ee/license.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ee/license.go b/ee/license.go index eb614cb2..e7afb1fe 100644 --- a/ee/license.go +++ b/ee/license.go @@ -8,7 +8,7 @@ import ( "crypto/rand" "encoding/json" "fmt" - "io/ioutil" + "io" "math" "net/http" @@ -200,7 +200,7 @@ func validateLicenseKey(encryptedData []byte, publicKey *[32]byte) ([]byte, erro return nil, fmt.Errorf("could not validate license") } // if you received a 200 cache the response locally - body, err = ioutil.ReadAll(validateResponse.Body) + body, err = io.Copy(validateResponse.Body) if err != nil { return nil, err } From a4bcce9cfc7b5e7e21fda38de7098cab499e6156 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Fri, 11 Nov 2022 11:38:35 -0500 Subject: [PATCH 32/63] remove deprecated io/ioutil --- ee/license.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ee/license.go b/ee/license.go index e7afb1fe..8341c6d1 100644 --- a/ee/license.go +++ b/ee/license.go @@ -200,7 +200,7 @@ func validateLicenseKey(encryptedData []byte, publicKey *[32]byte) ([]byte, erro return nil, fmt.Errorf("could not validate license") } // if you received a 200 cache the response locally - body, err = io.Copy(validateResponse.Body) + body, err = io.ReadAll(validateResponse.Body) if err != nil { return nil, err } From a9cc5ab2ac7bd87ebde44f5b09e6b67164b0dc56 Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Mon, 14 Nov 2022 08:56:12 -0500 Subject: [PATCH 33/63] update github actions version missed in earlier PR --- .github/workflows/docker-builder.yml | 2 +- .github/workflows/publish-docker.yml | 6 +++--- .github/workflows/publish-netclient-docker-userspace.yml | 2 +- .github/workflows/publish-netclient-docker.yml | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/docker-builder.yml b/.github/workflows/docker-builder.yml index c5164a63..1377e609 100644 --- a/.github/workflows/docker-builder.yml +++ b/.github/workflows/docker-builder.yml @@ -19,7 +19,7 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push to docker hub - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . push: true diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index 55da5bde..d5f3b2d5 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -56,7 +56,7 @@ jobs: name: Set tag run: | if [[ -n "${{ github.event.inputs.tag }}" ]]; then - TAG=${{ github.event.inputs.tag }} + docker/build-push-action@v3.tag }} elif [[ "${{ github.ref_name }}" == 'master' ]]; then TAG="latest" else @@ -71,7 +71,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/build-push-action@v3v2 - name: Login to DockerHub uses: docker/login-action@v2 @@ -86,4 +86,4 @@ jobs: platforms: linux/amd64, linux/arm64, linux/arm/v7 push: true tags: ${{ github.repository }}:${{ env.TAG }}-ee - build-args: version=${{ env.TAG }}, tags="-tags=ee" + buildocker/build-push-action@v3 }}, tags="-tags=ee" diff --git a/.github/workflows/publish-netclient-docker-userspace.yml b/.github/workflows/publish-netclient-docker-userspace.yml index b0dc7c4b..2c6f7a38 100644 --- a/.github/workflows/publish-netclient-docker-userspace.yml +++ b/.github/workflows/publish-netclient-docker-userspace.yml @@ -41,7 +41,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . platforms: linux/amd64 diff --git a/.github/workflows/publish-netclient-docker.yml b/.github/workflows/publish-netclient-docker.yml index 5dbd0319..1e416c11 100644 --- a/.github/workflows/publish-netclient-docker.yml +++ b/.github/workflows/publish-netclient-docker.yml @@ -41,7 +41,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build x86 and export to Docker - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . load: true @@ -57,7 +57,7 @@ jobs: kill %1 - name: Build arm64 and export to Docker - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . load: true @@ -73,7 +73,7 @@ jobs: kill %1 - name: Build armv7l and export to Docker - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . load: true @@ -89,7 +89,7 @@ jobs: kill %1 - name: Build and push - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: context: . platforms: linux/amd64, linux/arm64, linux/arm/v7 From 3b38b9d45715cbf540e4b9787f7e9164fb95203e Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Mon, 14 Nov 2022 14:15:14 -0500 Subject: [PATCH 34/63] address review comments --- .github/workflows/publish-docker.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-docker.yml b/.github/workflows/publish-docker.yml index d5f3b2d5..cc1e8a6a 100644 --- a/.github/workflows/publish-docker.yml +++ b/.github/workflows/publish-docker.yml @@ -71,7 +71,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/build-push-action@v3v2 + uses: docker/build-push-action@v3 - name: Login to DockerHub uses: docker/login-action@v2 @@ -86,4 +86,4 @@ jobs: platforms: linux/amd64, linux/arm64, linux/arm/v7 push: true tags: ${{ github.repository }}:${{ env.TAG }}-ee - buildocker/build-push-action@v3 }}, tags="-tags=ee" + build-args: version=${{ env.TAG }}, tags="-tags=ee" From a79058536e15575675dae98d50dc9b30a7ed7b64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Nov 2022 15:25:35 +0000 Subject: [PATCH 35/63] Bump github.com/urfave/cli/v2 from 2.23.4 to 2.23.5 Bumps [github.com/urfave/cli/v2](https://github.com/urfave/cli) from 2.23.4 to 2.23.5. - [Release notes](https://github.com/urfave/cli/releases) - [Changelog](https://github.com/urfave/cli/blob/main/docs/CHANGELOG.md) - [Commits](https://github.com/urfave/cli/compare/v2.23.4...v2.23.5) --- updated-dependencies: - dependency-name: github.com/urfave/cli/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6b3c4b59..93157ca1 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e github.com/stretchr/testify v1.8.1 github.com/txn2/txeh v1.3.0 - github.com/urfave/cli/v2 v2.23.4 + github.com/urfave/cli/v2 v2.23.5 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b // indirect golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094 diff --git a/go.sum b/go.sum index 5c23c40f..89f5900e 100644 --- a/go.sum +++ b/go.sum @@ -461,8 +461,8 @@ github.com/txn2/txeh v1.3.0/go.mod h1:O7M6gUTPeMF+vsa4c4Ipx3JDkOYrruB1Wry8QRsMcw github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.22.5/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.4.0/go.mod h1:NX9W0zmTvedE5oDoOMs2RTC8RvdK98NTYZE5LbaEYPg= -github.com/urfave/cli/v2 v2.23.4 h1:gcaHwki8kGX6lfp2zz7irxu7eZkcIl1Xapt6XW0Ynqc= -github.com/urfave/cli/v2 v2.23.4/go.mod h1:1CNUng3PtjQMtRzJO4FMXBQvkGtuYRxxiR9xMa7jMwI= +github.com/urfave/cli/v2 v2.23.5 h1:xbrU7tAYviSpqeR3X4nEFWUdB/uDZ6DE+HxmRU7Xtyw= +github.com/urfave/cli/v2 v2.23.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU= github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8= From 218d9ec430af73fdaf932ad891cc01d7c0f293fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Nov 2022 15:25:47 +0000 Subject: [PATCH 36/63] Bump fyne.io/fyne/v2 from 2.2.3 to 2.2.4 Bumps [fyne.io/fyne/v2](https://github.com/fyne-io/fyne) from 2.2.3 to 2.2.4. - [Release notes](https://github.com/fyne-io/fyne/releases) - [Changelog](https://github.com/fyne-io/fyne/blob/master/CHANGELOG.md) - [Commits](https://github.com/fyne-io/fyne/compare/v2.2.3...v2.2.4) --- updated-dependencies: - dependency-name: fyne.io/fyne/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6b3c4b59..bf940947 100644 --- a/go.mod +++ b/go.mod @@ -30,7 +30,7 @@ require ( require ( filippo.io/edwards25519 v1.0.0 - fyne.io/fyne/v2 v2.2.3 + fyne.io/fyne/v2 v2.2.4 github.com/c-robinson/iplib v1.0.3 github.com/cloverstd/tcping v0.1.1 github.com/go-ping/ping v1.1.0 diff --git a/go.sum b/go.sum index 5c23c40f..6a9fa990 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek= filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= -fyne.io/fyne/v2 v2.2.3 h1:Umi3vVVW8XnWWPJmMkhIWQOMU/jxB1OqpWVUmjhODD0= -fyne.io/fyne/v2 v2.2.3/go.mod h1:MBoGuHzLLSXdQOWFAwWhIhYTEMp33zqtGCReSWhaQTA= +fyne.io/fyne/v2 v2.2.4 h1:izyiDUjJYAB7B/MST7M9GDs+mQ0CwDgRZTiVJZQoEe4= +fyne.io/fyne/v2 v2.2.4/go.mod h1:MBoGuHzLLSXdQOWFAwWhIhYTEMp33zqtGCReSWhaQTA= fyne.io/systray v1.10.1-0.20220621085403-9a2652634e93 h1:V2IC9t0Zj9Ur6qDbfhUuzVmIvXKFyxZXRJyigUvovs4= fyne.io/systray v1.10.1-0.20220621085403-9a2652634e93/go.mod h1:oM2AQqGJ1AMo4nNqZFYU8xYygSBZkW2hmdJ7n4yjedE= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= From f42c784e648e0e3de602ac67a7286b84e63833f2 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Wed, 16 Nov 2022 18:10:09 +0530 Subject: [PATCH 37/63] fix ipv6 addressing bug --- logic/networks.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/logic/networks.go b/logic/networks.go index e55e1e49..e2676e4a 100644 --- a/logic/networks.go +++ b/logic/networks.go @@ -267,14 +267,16 @@ func UniqueAddress6(networkName string, reverse bool) (string, error) { return "666", err } net6 := iplib.Net6FromStr(network.AddressRange6) - newAddrs := net6.FirstAddress() + newAddrs, err := net6.NextIP(net6.FirstAddress()) if reverse { - newAddrs = net6.LastAddress() + newAddrs, err = net6.PreviousIP(net6.LastAddress()) + } + if err != nil { + return "", err } for { - if IsIPUnique(networkName, newAddrs.String(), database.NODES_TABLE_NAME, true) && IsIPUnique(networkName, newAddrs.String(), database.EXT_CLIENT_TABLE_NAME, true) { return newAddrs.String(), nil From 1905f7061b80d199162461134ff24205af6685cd Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Wed, 16 Nov 2022 19:11:45 +0530 Subject: [PATCH 38/63] update ipv6 test --- controllers/network_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/controllers/network_test.go b/controllers/network_test.go index 03b11759..e7cd2754 100644 --- a/controllers/network_test.go +++ b/controllers/network_test.go @@ -309,7 +309,7 @@ func TestIpv6Network(t *testing.T) { nodeErr := logic.CreateNode(&node1) t.Run("Test node on network IPv6", func(t *testing.T) { assert.Nil(t, nodeErr) - assert.Equal(t, "fde6:be04:fa5e:d076::", node1.Address6) + assert.Equal(t, "fde6:be04:fa5e:d076::1", node1.Address6) }) } From 966412e7c02551741323628c39f8a9475cf3ab0d Mon Sep 17 00:00:00 2001 From: "kayos@tcp.direct" Date: Sat, 19 Nov 2022 01:52:08 -0800 Subject: [PATCH 39/63] Fix #1750 --- main.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.go b/main.go index 3c15101a..50304d56 100644 --- a/main.go +++ b/main.go @@ -67,7 +67,7 @@ func initialize() { // Client Mode Prereq Check } if err = database.InitializeDatabase(); err != nil { - logger.FatalLog("Error connecting to database") + logger.FatalLog("Error connecting to database: ", err.Error()) } logger.Log(0, "database successfully connected") if err = logic.AddServerIDIfNotPresent(); err != nil { From 954537d2b3a8e9564936428f1e968615b7e38aac Mon Sep 17 00:00:00 2001 From: shanker JJ Date: Mon, 21 Nov 2022 22:35:15 +0900 Subject: [PATCH 40/63] Support for MIPs arch --- .github/workflows/buildandrelease.yml | 65 ++++++++++++++++++++++++--- netclient/bin-maker.sh | 13 +++--- scripts/netclient-install.sh | 11 ++++- 3 files changed, 75 insertions(+), 14 deletions(-) diff --git a/.github/workflows/buildandrelease.yml b/.github/workflows/buildandrelease.yml index 3251b5a5..7d323d33 100644 --- a/.github/workflows/buildandrelease.yml +++ b/.github/workflows/buildandrelease.yml @@ -294,18 +294,49 @@ jobs: - name: Build run: | cd netclient - env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mipsle/netclient main.go && upx build/netclient-mipsle/netclient + env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mipsle/netclient-mipsle main.go && upx -o build/netclient-mipsle/netclient-mipsle-upx build/netclient-mipsle/netclient-mipsle + env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mipsle/netclient-mipsle-softfloat main.go && upx -o build/netclient-mipsle/netclient-mipsle-softfloat-upx build/netclient-mipsle/netclient-mipsle-softfloat - name: Upload mipsle to Release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} - file: netclient/build/netclient-mipsle/netclient + file: netclient/build/netclient-mipsle/netclient-mipsle tag: ${{ env.NETMAKER_VERSION }} overwrite: true prerelease: true asset_name: netclient-mipsle + - name: Upload mipsle-upx to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mipsle/netclient-mipsle-upx + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mipsle-upx + + - name: Upload mipsle-softfloat to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mipsle/netclient-mipsle-softfloat + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mipsle-softfloat + + - name: Upload mipsle-softfloat-upx to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mipsle/netclient-mipsle-softfloat-upx + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mipsle-softfloat-upx + netclient-mips: runs-on: ubuntu-latest needs: version @@ -325,29 +356,49 @@ jobs: - name: Build run: | cd netclient - env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mips/netclient main.go - env CGO_ENABLED=0 GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mips-upx/netclient main.go && upx build/netclient-mips-upx/netclient + env CGO_ENABLED=0 GOOS=linux GOARCH=mips go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mips/netclient-mips main.go && upx -o build/netclient-mips/netclient-mips-upx build/netclient-mips/netclient-mips + env CGO_ENABLED=0 GOOS=linux GOARCH=mips GOMIPS=softfloat go build -ldflags "-s -w -X 'main.version=$NETMAKER_VERSION'" -o build/netclient-mips/netclient-mips-softfloat main.go && upx -o build/netclient-mips/netclient-mips-softfloat-upx build/netclient-mips/netclient-mips-softfloat - name: Upload mips to Release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} - file: netclient/build/netclient-mips/netclient + file: netclient/build/netclient-mips/netclient-mips tag: ${{ env.NETMAKER_VERSION }} overwrite: true prerelease: true asset_name: netclient-mips - - name: Upload upx compressed version of mips to Release + - name: Upload mips-upx to Release uses: svenstaro/upload-release-action@v2 with: repo_token: ${{ secrets.GITHUB_TOKEN }} - file: netclient/build/netclient-mips-upx/netclient + file: netclient/build/netclient-mips/netclient-mips-upx tag: ${{ env.NETMAKER_VERSION }} overwrite: true prerelease: true asset_name: netclient-mips-upx + - name: Upload netclient-mips-softfloat to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mips/netclient-mips-softfloat + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mips-softfloat + + - name: Upload netclient-mips-softfloat-upx to Release + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_TOKEN }} + file: netclient/build/netclient-mips/netclient-mips-softfloat-upx + tag: ${{ env.NETMAKER_VERSION }} + overwrite: true + prerelease: true + asset_name: netclient-mips-softfloat-upx + netclient-freebsd: runs-on: ubuntu-latest needs: version diff --git a/netclient/bin-maker.sh b/netclient/bin-maker.sh index 05808fa4..e686d7ba 100755 --- a/netclient/bin-maker.sh +++ b/netclient/bin-maker.sh @@ -19,11 +19,15 @@ function build if [ "$_goarch" == "arm" ] && [ "$_goarm" == "" ]; then build $_goarch $_goose 5 && build $_goarch $_goose 6 && build $_goarch $_goose 7 else - echo $_out - if [ "$_goarch" == "mips" ]; then - # If the binary created through `GOMIPS=softfloat GOARCH=mipsle` is not compatible with your hardware, try changing these variables and creating a binary file compatible with your hardware. - GOARM=$_goarm GOMIPS=softfloat GOARCH=mipsle GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out + + if [[ $_goarch == mips* ]]; then + #At present GOMIPS64 based binaries are not generated through this script, more details about GOMIPS environment variables in https://go.dev/doc/asm#mips . + echo $_out-softfloat + GOARM=$_goarm GOMIPS=softfloat GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out-softfloat + echo $_out + GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out else + echo $_out GOARM=$_goarm GOARCH=$_goarch GOOS=$_goose GOHOSTARCH=$__HOST_ARCH CGO_ENABLED=0 go build -ldflags="-X 'main.version=$VERSION'" -o $_out fi fi @@ -36,4 +40,3 @@ for arch in ${__freebsd[*]}; do build "$arch" "freebsd"; done for arch in ${__darwin[*]}; do build "$arch" "darwin"; done for arch in ${__windows[*]}; do build "$arch" "windows"; done - diff --git a/scripts/netclient-install.sh b/scripts/netclient-install.sh index 91992ce0..3df02c7b 100755 --- a/scripts/netclient-install.sh +++ b/scripts/netclient-install.sh @@ -151,8 +151,15 @@ case $(uname | tr A-Z a-z) in mipsle) dist=netclient-mipsle ;; - mips*) - dist=netclient-$CPU_ARCH + mips) + #If binary in the below condition is not compatible with your hardware, retry with other netclient-mips* binaries. + if [[ `printf '\0\1' | hexdump -e '/2 "%04x"'` -eq 0100 ]]; then + #Little Endian, tested and confirmed in GL-MT1300 OS "OpenWrt 19.07.8" + dist=netclient-mipsle-softfloat + else + #Big Endian, tested and confirmed in DSL-2750U OS "OpenWrt 22.03.2" + dist=netclient-mips-softfloat + fi ;; *) fatal "$CPU_ARCH : cpu architecture not supported" From fa087401b30a7c4e05f73a2ff8b546d3ae1de4b9 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Tue, 22 Nov 2022 23:45:31 +0530 Subject: [PATCH 41/63] move user-groups and network-users to enterprise controllers --- controllers/controller.go | 2 -- {controllers => ee/ee_controllers}/networkusers.go | 4 ++-- {controllers => ee/ee_controllers}/usergroups.go | 4 ++-- ee/initialize.go | 7 ++++++- 4 files changed, 10 insertions(+), 7 deletions(-) rename {controllers => ee/ee_controllers}/networkusers.go (99%) rename {controllers => ee/ee_controllers}/usergroups.go (97%) diff --git a/controllers/controller.go b/controllers/controller.go index 1350e37d..de3f3d77 100644 --- a/controllers/controller.go +++ b/controllers/controller.go @@ -27,8 +27,6 @@ var HttpHandlers = []interface{}{ extClientHandlers, ipHandlers, loggerHandlers, - userGroupsHandlers, - networkUsersHandlers, } // HandleRESTRequests - handles the rest requests diff --git a/controllers/networkusers.go b/ee/ee_controllers/networkusers.go similarity index 99% rename from controllers/networkusers.go rename to ee/ee_controllers/networkusers.go index d2307e26..dcf6c8a6 100644 --- a/controllers/networkusers.go +++ b/ee/ee_controllers/networkusers.go @@ -1,4 +1,4 @@ -package controller +package ee_controllers import ( "encoding/json" @@ -14,7 +14,7 @@ import ( "github.com/gravitl/netmaker/models/promodels" ) -func networkUsersHandlers(r *mux.Router) { +func NetworkUsersHandlers(r *mux.Router) { r.HandleFunc("/api/networkusers", logic.SecurityCheck(true, http.HandlerFunc(getAllNetworkUsers))).Methods("GET") r.HandleFunc("/api/networkusers/{network}", logic.SecurityCheck(true, http.HandlerFunc(getNetworkUsers))).Methods("GET") r.HandleFunc("/api/networkusers/{network}/{networkuser}", logic.SecurityCheck(true, http.HandlerFunc(getNetworkUser))).Methods("GET") diff --git a/controllers/usergroups.go b/ee/ee_controllers/usergroups.go similarity index 97% rename from controllers/usergroups.go rename to ee/ee_controllers/usergroups.go index 4ade6f29..5c99f001 100644 --- a/controllers/usergroups.go +++ b/ee/ee_controllers/usergroups.go @@ -1,4 +1,4 @@ -package controller +package ee_controllers import ( "encoding/json" @@ -13,7 +13,7 @@ import ( "github.com/gravitl/netmaker/models/promodels" ) -func userGroupsHandlers(r *mux.Router) { +func UserGroupsHandlers(r *mux.Router) { r.HandleFunc("/api/usergroups", logic.SecurityCheck(true, http.HandlerFunc(getUserGroups))).Methods("GET") r.HandleFunc("/api/usergroups/{usergroup}", logic.SecurityCheck(true, http.HandlerFunc(createUserGroup))).Methods("POST") r.HandleFunc("/api/usergroups/{usergroup}", logic.SecurityCheck(true, http.HandlerFunc(deleteUserGroup))).Methods("DELETE") diff --git a/ee/initialize.go b/ee/initialize.go index 558f3715..bc25b3ae 100644 --- a/ee/initialize.go +++ b/ee/initialize.go @@ -17,7 +17,12 @@ import ( func InitEE() { setIsEnterprise() models.SetLogo(retrieveEELogo()) - controller.HttpHandlers = append(controller.HttpHandlers, ee_controllers.MetricHandlers) + controller.HttpHandlers = append( + controller.HttpHandlers, + ee_controllers.MetricHandlers, + ee_controllers.NetworkUsersHandlers, + ee_controllers.UserGroupsHandlers, + ) logic.EnterpriseCheckFuncs = append(logic.EnterpriseCheckFuncs, func() { // == License Handling == ValidateLicense() From 58130c59f1d4163dce8a91cecbc535e0f77d4cda Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 12:16:50 -0500 Subject: [PATCH 42/63] updating compose, installers --- compose/docker-compose.yml | 67 +++++++-------------------------- docker/Caddyfile | 5 +++ docker/mosquitto.conf | 2 +- scripts/nm-quick-interactive.sh | 27 +++++++------ scripts/nm-quick.sh | 4 +- 5 files changed, 38 insertions(+), 67 deletions(-) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 2fe91030..3e493230 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.16.3 + image: gravitl/netmaker:v0.17.0 cap_add: - NET_ADMIN - NET_RAW @@ -42,17 +42,9 @@ services: MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD" ports: - "51821-51830:51821-51830/udp" - expose: - - "8081" - labels: - - traefik.enable=true - - traefik.http.routers.netmaker-api.entrypoints=websecure - - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.netmaker-api.service=netmaker-api - - traefik.http.services.netmaker-api.loadbalancer.server.port=8081 netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.3 + image: gravitl/netmaker-ui:v0.17.0 depends_on: - netmaker links: @@ -60,21 +52,15 @@ services: restart: always environment: BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN" - expose: - - "80" - labels: - - traefik.enable=true - - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN - - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000 - - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true - - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN - - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none - - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name - - traefik.http.routers.netmaker-ui.entrypoints=websecure - - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker - - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.netmaker-ui.service=netmaker-ui - - traefik.http.services.netmaker-ui.loadbalancer.server.port=80 + caddy: + image: caddy:2.6.2 + container_name: caddy + restart: unless-stopped + network_mode: host + volumes: + - /root/Caddyfile:/etc/caddy/Caddyfile + - caddy_data:/data + - caddy_conf:/config coredns: container_name: coredns image: coredns/coredns @@ -84,26 +70,6 @@ services: restart: always volumes: - dnsconfig:/root/dnsconfig - traefik: - image: traefik:v2.9 - container_name: traefik - command: - - "--certificatesresolvers.http.acme.email=YOUR_EMAIL" - - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json" - - "--certificatesresolvers.http.acme.tlschallenge=true" - - "--entrypoints.websecure.address=:443" - - "--entrypoints.websecure.http.tls=true" - - "--entrypoints.websecure.http.tls.certResolver=http" - - "--log.level=INFO" - - "--providers.docker=true" - - "--providers.docker.exposedByDefault=false" - - "--serverstransport.insecureskipverify=true" - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - traefik_certs:/letsencrypt - ports: - - "443:443" mq: container_name: mq image: eclipse-mosquitto:2.0.15-openssl @@ -118,14 +84,9 @@ services: - /root/wait.sh:/mosquitto/config/wait.sh - mosquitto_data:/mosquitto/data - mosquitto_logs:/mosquitto/log - expose: - - "8883" - labels: - - traefik.enable=true - - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.mqtt_websocket.entrypoints=websecure - - traefik.http.routers.mqtt_websocket.tls.certresolver=http - - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 + ports: + - "1883:1883" + - "8883:8883" volumes: traefik_certs: {} sqldata: {} diff --git a/docker/Caddyfile b/docker/Caddyfile index 98e74b87..a5b09f1d 100644 --- a/docker/Caddyfile +++ b/docker/Caddyfile @@ -28,3 +28,8 @@ https://dashboard.NETMAKER_BASE_DOMAIN { https://api.NETMAKER_BASE_DOMAIN { reverse_proxy http://netmaker:8081 } + +# MQ +wss://broker.NETMAKER_BASE_DOMAIN { + reverse_proxy ws://mq:8883 +} diff --git a/docker/mosquitto.conf b/docker/mosquitto.conf index 19597b80..ab7386b0 100644 --- a/docker/mosquitto.conf +++ b/docker/mosquitto.conf @@ -1,7 +1,7 @@ per_listener_settings false listener 8883 protocol websockets -allow_anonymous false +allow_anonymous true listener 1883 protocol websockets diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index 7842a3f3..395adc90 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -17,6 +17,11 @@ cat << "EOF" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - EOF +if [ $(id -u) -ne 0 ]; then + echo "This script must be run as root" + exit 1 +fi + if [ -z "$1" ]; then echo "-----------------------------------------------------" echo "Would you like to install Netmaker Community Edition (CE), or Netmaker Enterprise Edition (EE)?" @@ -61,17 +66,12 @@ confirm() {( read -p 'Does everything look right? [y/n]: ' yn case $yn in [Yy]* ) override="true"; break;; - [Nn]* ) echo "exiting..."; exit;; + [Nn]* ) echo "exiting..."; exit 1;; * ) echo "Please answer yes or no.";; esac done )} -if [ $(id -u) -ne 0 ]; then - echo "This script must be run as root" - exit 1 -fi - echo "checking dependencies..." OS=$(uname) @@ -124,6 +124,9 @@ if [ -z "${install_cmd}" ]; then fi set -- $dependencies + +${update_cmd} + while [ -n "$1" ]; do if [ "${OS}" = "FreeBSD" ]; then is_installed=$(pkg check -d $1 | grep "Checking" | grep "done") @@ -291,16 +294,16 @@ if [ "$INSTALL_TYPE" = "ee" ]; then COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml" fi -wget -O docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/develop/docker/wait.sh && chmod +x wait.sh +wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh && chmod +x /root/wait.sh mkdir -p /etc/netmaker -echo "Setting docker-compose..." +echo "Setting docker-compose and Caddyfile..." -sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml +sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml -sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml +sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml if [ "$INSTALL_TYPE" = "ee" ]; then sed -i "s~YOUR_LICENSE_KEY~$LICENSE_KEY~g" /root/docker-compose.yml @@ -314,13 +317,13 @@ sleep 2 test_connection() { -echo "Testing Traefik setup (please be patient, this may take 1-2 minutes)" +echo "Testing Caddy setup (please be patient, this may take 1-2 minutes)" for i in 1 2 3 4 5 6 do curlresponse=$(curl -vIs https://api.${NETMAKER_BASE_DOMAIN} 2>&1) if [[ "$i" == 6 ]]; then - echo " Traefik is having an issue setting up certificates, please investigate (docker logs traefik)" + echo " Caddy is having an issue setting up certificates, please investigate (docker logs caddy)" echo " Exiting..." exit 1 elif [[ "$curlresponse" == *"failed to verify the legitimacy of the server"* ]]; then diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh index d08afe2d..7ee33a66 100755 --- a/scripts/nm-quick.sh +++ b/scripts/nm-quick.sh @@ -128,6 +128,7 @@ sleep 5 echo "setting mosquitto.conf..." wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf +wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh chmod +x /root/wait.sh echo "setting docker-compose..." @@ -136,10 +137,11 @@ mkdir -p /etc/netmaker wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml +sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml sed -i "s/COREDNS_IP/$COREDNS_IP/g" /root/docker-compose.yml sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml -sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/docker-compose.yml +sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_ADMIN_PASSWORD/g" /root/docker-compose.yml echo "starting containers..." From a9fefb16ad49ba5652a6de34d3032145d8fcda6e Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 12:22:02 -0500 Subject: [PATCH 43/63] changing routes for test --- compose/docker-compose.yml | 4 ++-- scripts/nm-quick-interactive.sh | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 3e493230..65f1a043 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.17.0 + image: gravitl/netmaker:testing cap_add: - NET_ADMIN - NET_RAW @@ -44,7 +44,7 @@ services: - "51821-51830:51821-51830/udp" netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.17.0 + image: gravitl/netmaker-ui:testing depends_on: - netmaker links: diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index 395adc90..010eddd3 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -289,12 +289,12 @@ wait_seconds 3 echo "Pulling config files..." -COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml" +COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.yml" if [ "$INSTALL_TYPE" = "ee" ]; then - COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml" + COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.ee.yml" fi -wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh && chmod +x /root/wait.sh +wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf && wget -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh && chmod +x /root/wait.sh mkdir -p /etc/netmaker From 26c1e48d39cba694431764d6c1ac7e7b49529909 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 12:22:39 -0500 Subject: [PATCH 44/63] changing routes for test --- scripts/nm-quick.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh index 7ee33a66..0f8ed0da 100755 --- a/scripts/nm-quick.sh +++ b/scripts/nm-quick.sh @@ -127,15 +127,15 @@ sleep 5 echo "setting mosquitto.conf..." -wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf -wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile -wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh +wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf +wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile +wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh chmod +x /root/wait.sh echo "setting docker-compose..." mkdir -p /etc/netmaker -wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml +wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.yml sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml From 45db48052213ced16285e5c7a45e76712043f167 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 12:30:23 -0500 Subject: [PATCH 45/63] adding vols for caddy --- compose/docker-compose.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 65f1a043..f9cf9944 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -88,8 +88,9 @@ services: - "1883:1883" - "8883:8883" volumes: - traefik_certs: {} + caddy_data: {} + caddy_conf: {} sqldata: {} dnsconfig: {} mosquitto_data: {} - mosquitto_logs: {} + mosquitto_logs: {} \ No newline at end of file From a7af7ff6ebb3a066a62bcff5843870f1c55b1085 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 13:03:07 -0500 Subject: [PATCH 46/63] adding fixes --- compose/docker-compose.yml | 4 +++- scripts/nm-quick-interactive.sh | 12 ++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index f9cf9944..52f5161b 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -56,11 +56,13 @@ services: image: caddy:2.6.2 container_name: caddy restart: unless-stopped - network_mode: host volumes: - /root/Caddyfile:/etc/caddy/Caddyfile - caddy_data:/data - caddy_conf:/config + ports: + - "80:80" + - "443:443" coredns: container_name: coredns image: coredns/coredns diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index 010eddd3..a76f6c68 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -257,10 +257,13 @@ if [ "$INSTALL_TYPE" = "ee" ]; then fi -unset EMAIL -while [ -z ${EMAIL} ]; do - read -p "Email Address (for LetsEncrypt): " EMAIL -done +unset GET_EMAIL +unset RAND_EMAIL +RAND_EMAIL="$(echo $RANDOM | md5sum | head -c 16)@email.com" +read -p "Email Address for Domain Registration (click 'enter' to use $RAND_EMAIL): " GET_EMAIL +if [ -n "$GET_EMAIL" ]; then + EMAIL=$RAND_EMAIL +fi wait_seconds 2 @@ -302,6 +305,7 @@ echo "Setting docker-compose and Caddyfile..." sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile +sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml sed -i "s/REPLACE_MASTER_KEY/$MASTER_KEY/g" /root/docker-compose.yml sed -i "s/YOUR_EMAIL/$EMAIL/g" /root/Caddyfile sed -i "s/REPLACE_MQ_ADMIN_PASSWORD/$MQ_PASSWORD/g" /root/docker-compose.yml From 13ea0054bd375e2a76a414758811ec8d6b08b618 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 13:23:32 -0500 Subject: [PATCH 47/63] updating node checker --- scripts/nm-quick-interactive.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index a76f6c68..9f94e22e 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -189,7 +189,6 @@ COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p') SERVER_PUBLIC_IP=$(curl -s ifconfig.me) MASTER_KEY=$(tr -dc A-Za-z0-9 Date: Mon, 28 Nov 2022 13:34:19 -0500 Subject: [PATCH 48/63] add multiarch --- .github/workflows/publish-netclient-docker-userspace.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-netclient-docker-userspace.yml b/.github/workflows/publish-netclient-docker-userspace.yml index 2c6f7a38..73957ee2 100644 --- a/.github/workflows/publish-netclient-docker-userspace.yml +++ b/.github/workflows/publish-netclient-docker-userspace.yml @@ -32,7 +32,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 - name: Login to DockerHub uses: docker/login-action@v2 @@ -44,7 +44,7 @@ jobs: uses: docker/build-push-action@v3 with: context: . - platforms: linux/amd64 + platforms: linux/amd64, linux/arm64, linux/arm/v7 file: ./docker/Dockerfile-netclient-multiarch-userspace push: true tags: gravitl/netclient-go:${{ env.TAG }}, gravitl/netclient-userspace:latest From 4ea5dc34405e86a30764c2019eca0db933fdfe38 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 13:42:26 -0500 Subject: [PATCH 49/63] adding EE --- compose/docker-compose.ee.yml | 94 ++++++--------------------------- docker/Caddyfile-EE | 50 ++++++++++++++++++ scripts/nm-quick-interactive.sh | 11 ++-- 3 files changed, 75 insertions(+), 80 deletions(-) create mode 100644 docker/Caddyfile-EE diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index fc8bf8fb..42660b1e 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:v0.16.3-ee + image: gravitl/netmaker:testing-ee cap_add: - NET_ADMIN - NET_RAW @@ -45,14 +45,6 @@ services: MQ_ADMIN_PASSWORD: "REPLACE_MQ_ADMIN_PASSWORD" ports: - "51821-51830:51821-51830/udp" - expose: - - "8081" - labels: - - traefik.enable=true - - traefik.http.routers.netmaker-api.entrypoints=websecure - - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.netmaker-api.service=netmaker-api - - traefik.http.services.netmaker-api.loadbalancer.server.port=8081 netmaker-ui: container_name: netmaker-ui image: gravitl/netmaker-ui:v0.16.3 @@ -63,21 +55,17 @@ services: restart: always environment: BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN" - expose: - - "80" - labels: - - traefik.enable=true - - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN - - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000 - - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true - - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN - - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none - - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name - - traefik.http.routers.netmaker-ui.entrypoints=websecure - - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker - - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.netmaker-ui.service=netmaker-ui - - traefik.http.services.netmaker-ui.loadbalancer.server.port=80 + caddy: + image: caddy:2.6.2 + container_name: caddy + restart: unless-stopped + volumes: + - /root/Caddyfile:/etc/caddy/Caddyfile + - caddy_data:/data + - caddy_conf:/config + ports: + - "80:80" + - "443:443" coredns: container_name: coredns image: coredns/coredns @@ -87,26 +75,6 @@ services: restart: always volumes: - dnsconfig:/root/dnsconfig - traefik: - image: traefik:v2.9 - container_name: traefik - command: - - "--certificatesresolvers.http.acme.email=YOUR_EMAIL" - - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json" - - "--certificatesresolvers.http.acme.tlschallenge=true" - - "--entrypoints.websecure.address=:443" - - "--entrypoints.websecure.http.tls=true" - - "--entrypoints.websecure.http.tls.certResolver=http" - - "--log.level=INFO" - - "--providers.docker=true" - - "--providers.docker.exposedByDefault=false" - - "--serverstransport.insecureskipverify=true" - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - traefik_certs:/letsencrypt - ports: - - "443:443" mq: container_name: mq image: eclipse-mosquitto:2.0.15-openssl @@ -121,50 +89,29 @@ services: - /root/wait.sh:/mosquitto/config/wait.sh - mosquitto_data:/mosquitto/data - mosquitto_logs:/mosquitto/log - expose: - - "8883" - labels: - - traefik.enable=true - - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.mqtt_websocket.entrypoints=websecure - - traefik.http.routers.mqtt_websocket.tls.certresolver=http - - traefik.http.services.mqtt_websocket.loadbalancer.server.port=8883 + ports: + - "1883:1883" + - "8883:8883" prometheus: container_name: prometheus image: gravitl/netmaker-prometheus:latest environment: NETMAKER_METRICS_TARGET: "netmaker-exporter.NETMAKER_BASE_DOMAIN" LICENSE_KEY: "YOUR_LICENSE_KEY" - labels: - - traefik.enable=true - - traefik.http.routers.prometheus.entrypoints=websecure - - traefik.http.routers.prometheus.rule=Host(`prometheus.NETMAKER_BASE_DOMAIN`) - - traefik.http.services.prometheus.loadbalancer.server.port=9090 - - traefik.http.routers.prometheus.service=prometheus restart: always volumes: - prometheus_data:/prometheus depends_on: - netmaker - ports: - - 9090:9090 grafana: container_name: grafana image: gravitl/netmaker-grafana:latest - labels: - - traefik.enable=true - - traefik.http.routers.grafana.entrypoints=websecure - - traefik.http.routers.grafana.rule=Host(`grafana.NETMAKER_BASE_DOMAIN`) - - traefik.http.services.grafana.loadbalancer.server.port=3000 - - traefik.http.routers.grafana.service=grafana environment: PROMETHEUS_HOST: "prometheus.NETMAKER_BASE_DOMAIN" NETMAKER_METRICS_TARGET: "netmaker-exporter.NETMAKER_BASE_DOMAIN" LICENSE_KEY: "YOUR_LICENSE_KEY" volumes: - grafana_data:/var/lib/grafana - ports: - - 3000:3000 restart: always links: - prometheus @@ -174,12 +121,6 @@ services: netmaker-exporter: container_name: netmaker-exporter image: gravitl/netmaker-exporter:latest - labels: - - traefik.enable=true - - traefik.http.routers.netmaker-exporter.entrypoints=websecure - - traefik.http.routers.netmaker-exporter.rule=Host(`netmaker-exporter.NETMAKER_BASE_DOMAIN`) - - traefik.http.services.netmaker-exporter.loadbalancer.server.port=8085 - - traefik.http.routers.netmaker-exporter.service=netmaker-exporter restart: always depends_on: - netmaker @@ -192,10 +133,9 @@ services: API_PORT: "8085" LICENSE_KEY: "YOUR_LICENSE_KEY" PROMETHEUS_HOST: https://prometheus.NETMAKER_BASE_DOMAIN - expose: - - "8085" volumes: - traefik_certs: {} + caddy_data: {} + caddy_conf: {} sqldata: {} dnsconfig: {} mosquitto_data: {} diff --git a/docker/Caddyfile-EE b/docker/Caddyfile-EE new file mode 100644 index 00000000..6555977e --- /dev/null +++ b/docker/Caddyfile-EE @@ -0,0 +1,50 @@ +{ + # LetsEncrypt account + email YOUR_EMAIL +} + +# Dashboard +https://dashboard.NETMAKER_BASE_DOMAIN { + # Apply basic security headers + header { + # Enable cross origin access to *.NETMAKER_BASE_DOMAIN + Access-Control-Allow-Origin *.NETMAKER_BASE_DOMAIN + # Enable HTTP Strict Transport Security (HSTS) + Strict-Transport-Security "max-age=31536000;" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection) + X-Frame-Options "SAMEORIGIN" + # Prevent search engines from indexing + X-Robots-Tag "none" + # Remove the server name + -Server + } + + reverse_proxy http://netmaker-ui +} + +# Netmaker Exporter +https://netmaker-exporter.NETMAKER_BASE_DOMAIN { + reverse_proxy http://netmaker-exporter:8085 +} + +# Prometheus +https://prometheus.NETMAKER_BASE_DOMAIN { + reverse_proxy http://prometheus:9090 +} + +# Grafana +https://grafana.NETMAKER_BASE_DOMAIN { + reverse_proxy http://grafana:3000 +} + +# API +https://api.NETMAKER_BASE_DOMAIN { + reverse_proxy http://netmaker:8081 +} + +# MQ +wss://broker.NETMAKER_BASE_DOMAIN { + reverse_proxy ws://mq:8883 +} diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index 9f94e22e..271f175b 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -260,8 +260,11 @@ unset GET_EMAIL unset RAND_EMAIL RAND_EMAIL="$(echo $RANDOM | md5sum | head -c 16)@email.com" read -p "Email Address for Domain Registration (click 'enter' to use $RAND_EMAIL): " GET_EMAIL -if [ -n "$GET_EMAIL" ]; then - EMAIL=$RAND_EMAIL +if [ -z "$GET_EMAIL" ]; then + echo "using rand email" + EMAIL="$RAND_EMAIL" +else + EMAIL="$GET_EMAIL" fi wait_seconds 2 @@ -292,11 +295,13 @@ wait_seconds 3 echo "Pulling config files..." COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.yml" +CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile" if [ "$INSTALL_TYPE" = "ee" ]; then COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.ee.yml" + CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile-EE" fi -wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf && wget -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh && chmod +x /root/wait.sh +wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh && chmod +x /root/wait.sh mkdir -p /etc/netmaker From 95f25f2793ee9271f33c70e8aba87ec31eac4cf5 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 13:46:03 -0500 Subject: [PATCH 50/63] adding EE --- compose/docker-compose.ee.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 42660b1e..9e36da20 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -47,7 +47,7 @@ services: - "51821-51830:51821-51830/udp" netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.3 + image: gravitl/netmaker-ui:testing depends_on: - netmaker links: From b2cda3e469f3706f1c65f43e5281ecd1025c7a19 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Mon, 28 Nov 2022 13:56:04 -0500 Subject: [PATCH 51/63] update apt prior to pulling packages --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7e258420..9f6f2606 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -34,6 +34,7 @@ jobs: go-version: 1.19 - name: Build run: | + sudo apt-get update sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev env CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -tags=gui main.go mac-gui: @@ -79,7 +80,6 @@ jobs: go-version: 1.19 - name: run tests run: | - sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev go test -p 1 ./... -v go install honnef.co/go/tools/cmd/staticcheck@latest { ~/go/bin/staticcheck -tags=ee ./... ; } From e0d647dd4abcc25c964cb5bd63a34c703f26bc0f Mon Sep 17 00:00:00 2001 From: afeiszli Date: Mon, 28 Nov 2022 13:57:36 -0500 Subject: [PATCH 52/63] updated readme --- README.md | 12 +++-- compose/docker-compose.ee.yml | 4 +- compose/docker-compose.reference.yml | 73 +++++++--------------------- scripts/nm-quick-interactive.sh | 10 ++-- scripts/nm-quick.sh | 8 +-- 5 files changed, 37 insertions(+), 70 deletions(-) diff --git a/README.md b/README.md index e247bda7..515b3df8 100644 --- a/README.md +++ b/README.md @@ -52,10 +52,14 @@ (For production-grade installations, visit the [Install Docs](https://netmaker.readthedocs.io/en/master/install.html).) -1. Get a cloud VM with Ubuntu 20.04 and a public IP. -2. Open ports 443 and 51821-51830/udp on the VM firewall and in cloud security settings. -3. Run the script: `wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | sudo bash` -3.a. (with custom domain + email): `wget -qO - https://raw.githubusercontent.com/gravitl/netmaker/master/scripts/nm-quick.sh | sudo bash -s -- -d mynetmaker.domain.com -e example@email.com` +1. Get a cloud VM with Ubuntu 22.04 and a public IP. +2. Open ports 443, 80, and 51821-51830/udp on the VM firewall and in cloud security settings. +3. (optional) Prepare DNS - Set a wildcard subdomain in your DNS for Netmaker, e.g. *.netmaker.example.com +4. Run the script: + +`sudo wget -qO /root/nm-quick-interactive.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/scripts/nm-quick-interactive.sh && sudo chmod +x /root/nm-quick-interactive.sh && sudo /root/nm-quick-interactive.sh` + +This script gives you the option to deploy the Community or Enterprise version of Netmaker. If deploying Enterprise, you get a free account with a 50 node limit by default. It also gives you the option to use your own domain (recommended) or an auto-generated domain.

diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 9e36da20..5e0ae3ed 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:testing-ee + image: gravitl/netmaker:0.17.0-ee cap_add: - NET_ADMIN - NET_RAW @@ -47,7 +47,7 @@ services: - "51821-51830:51821-51830/udp" netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:testing + image: gravitl/netmaker-ui:0.17.0 depends_on: - netmaker links: diff --git a/compose/docker-compose.reference.yml b/compose/docker-compose.reference.yml index aaf793cb..0093446c 100644 --- a/compose/docker-compose.reference.yml +++ b/compose/docker-compose.reference.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: # The Primary Server for running Netmaker container_name: netmaker - image: gravitl/netmaker:v0.16.3 + image: gravitl/netmaker:v0.17.0 cap_add: - NET_ADMIN - NET_RAW @@ -52,17 +52,9 @@ services: OIDC_ISSUER: "" # https://oidc.yourprovider.com - URL of oidc provider ports: - "51821-51830:51821-51830/udp" # wireguard ports - expose: - - "8081" # api port - labels: # only for use with traefik proxy (default) - - traefik.enable=true - - traefik.http.routers.netmaker-api.entrypoints=websecure - - traefik.http.routers.netmaker-api.rule=Host(`api.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.netmaker-api.service=netmaker-api - - traefik.http.services.netmaker-api.loadbalancer.server.port=8081 netmaker-ui: # The Netmaker UI Component container_name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.3 + image: gravitl/netmaker-ui:v0.17.0 depends_on: - netmaker links: @@ -70,21 +62,17 @@ services: restart: always environment: BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN" # URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT - expose: - - "80" - labels: - - traefik.enable=true - - traefik.http.middlewares.nmui-security.headers.accessControlAllowOriginList=*.NETMAKER_BASE_DOMAIN - - traefik.http.middlewares.nmui-security.headers.stsSeconds=31536000 - - traefik.http.middlewares.nmui-security.headers.browserXssFilter=true - - traefik.http.middlewares.nmui-security.headers.customFrameOptionsValue=SAMEORIGIN - - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.X-Robots-Tag=none - - traefik.http.middlewares.nmui-security.headers.customResponseHeaders.Server= # Remove the server name - - traefik.http.routers.netmaker-ui.entrypoints=websecure - - traefik.http.routers.netmaker-ui.middlewares=nmui-security@docker - - traefik.http.routers.netmaker-ui.rule=Host(`dashboard.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.netmaker-ui.service=netmaker-ui - - traefik.http.services.netmaker-ui.loadbalancer.server.port=80 + caddy: # The reverse proxy that manages traffic for Netmaker + image: caddy:2.6.2 + container_name: caddy + restart: unless-stopped + volumes: + - /root/Caddyfile:/etc/caddy/Caddyfile # Config file for Caddy + - caddy_data:/data + - caddy_conf:/config + ports: + - "80:80" + - "443:443" coredns: # The DNS Server. CoreDNS can be removed unless doing special advanced use cases container_name: coredns image: coredns/coredns @@ -94,26 +82,6 @@ services: restart: always volumes: - dnsconfig:/root/dnsconfig - traefik: # the default proxy - can be replaced with caddy or nginx, but requires careful configuration - image: traefik:v2.9 - container_name: traefik - command: - - "--certificatesresolvers.http.acme.email=YOUR_EMAIL" - - "--certificatesresolvers.http.acme.storage=/letsencrypt/acme.json" - - "--certificatesresolvers.http.acme.tlschallenge=true" - - "--entrypoints.websecure.address=:443" - - "--entrypoints.websecure.http.tls=true" - - "--entrypoints.websecure.http.tls.certResolver=http" - - "--log.level=INFO" - - "--providers.docker=true" - - "--providers.docker.exposedByDefault=false" - - "--serverstransport.insecureskipverify=true" - restart: always - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - - traefik_certs:/letsencrypt - ports: - - "443:443" mq: # the MQTT broker for netmaker container_name: mq image: eclipse-mosquitto:2.0.15-openssl @@ -125,17 +93,12 @@ services: - mosquitto_data:/mosquitto/data - mosquitto_logs:/mosquitto/log - shared_certs:/mosquitto/certs - expose: - - "8883" - labels: - - traefik.enable=true - - traefik.http.routers.mqtt_websocket.rule=Host(`broker.NETMAKER_BASE_DOMAIN`) - - traefik.http.routers.mqtt_websocket.entrypoints=websecure - - traefik.http.routers.mqtt_websocket.tls.passthrough=true - - traefik.http.services.mqtts-svc.loadbalancer.server.port=8883 - - traefik.http.routers.mqtt_websocket.service=mqtts-svc + ports: + - "1883:1883" + - "8883:8883" volumes: - traefik_certs: {} # ssl certificates - auto generated + caddy_data: {} # runtime data for caddy + caddy_conf: {} # configuration file for Caddy shared_certs: {} # netmaker certs generated for MQ comms - used by nodes/servers sqldata: {} # storage for embedded sqlite dnsconfig: {} # storage for coredns diff --git a/scripts/nm-quick-interactive.sh b/scripts/nm-quick-interactive.sh index 271f175b..4f942683 100644 --- a/scripts/nm-quick-interactive.sh +++ b/scripts/nm-quick-interactive.sh @@ -294,14 +294,14 @@ wait_seconds 3 echo "Pulling config files..." -COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.yml" -CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile" +COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml" +CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile" if [ "$INSTALL_TYPE" = "ee" ]; then - COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.ee.yml" - CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile-EE" + COMPOSE_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.ee.yml" + CADDY_URL="https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile-EE" fi -wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh && chmod +x /root/wait.sh +wget -O /root/docker-compose.yml $COMPOSE_URL && wget -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf && wget -O /root/Caddyfile $CADDY_URL && wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh && chmod +x /root/wait.sh mkdir -p /etc/netmaker diff --git a/scripts/nm-quick.sh b/scripts/nm-quick.sh index 0f8ed0da..7ee33a66 100755 --- a/scripts/nm-quick.sh +++ b/scripts/nm-quick.sh @@ -127,15 +127,15 @@ sleep 5 echo "setting mosquitto.conf..." -wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/mosquitto.conf -wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/Caddyfile -wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/docker/wait.sh +wget -q -O /root/mosquitto.conf https://raw.githubusercontent.com/gravitl/netmaker/master/docker/mosquitto.conf +wget -q -O /root/Caddyfile https://raw.githubusercontent.com/gravitl/netmaker/master/docker/Caddyfile +wget -q -O /root/wait.sh https://raw.githubusercontent.com/gravitl/netmaker/master/docker/wait.sh chmod +x /root/wait.sh echo "setting docker-compose..." mkdir -p /etc/netmaker -wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/test_v0.17.0_compose/compose/docker-compose.yml +wget -q -O /root/docker-compose.yml https://raw.githubusercontent.com/gravitl/netmaker/master/compose/docker-compose.yml sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/docker-compose.yml sed -i "s/NETMAKER_BASE_DOMAIN/$NETMAKER_BASE_DOMAIN/g" /root/Caddyfile sed -i "s/SERVER_PUBLIC_IP/$SERVER_PUBLIC_IP/g" /root/docker-compose.yml From e57ed27dbeb9dffd46166a5cf42c9e5de0c8f62f Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Mon, 28 Nov 2022 14:13:58 -0500 Subject: [PATCH 53/63] tests require gui libs --- .github/workflows/test.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9f6f2606..5929493f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -80,9 +80,11 @@ jobs: go-version: 1.19 - name: run tests run: | - go test -p 1 ./... -v - go install honnef.co/go/tools/cmd/staticcheck@latest - { ~/go/bin/staticcheck -tags=ee ./... ; } + apt update + sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev + go test -p 1 ./... -v + go install honnef.co/go/tools/cmd/staticcheck@latest + { ~/go/bin/staticcheck -tags=ee ./... ; } env: DATABASE: sqlite CLIENT_MODE: "off" From 50a1c3a018e2b68537c59538e4c5d20d2b985a2a Mon Sep 17 00:00:00 2001 From: "Matthew R. Kasun" Date: Tue, 29 Nov 2022 09:42:46 -0500 Subject: [PATCH 54/63] changed verbosity for zombie checking log message --- logic/zombie.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/logic/zombie.go b/logic/zombie.go index f5c0d31d..af647d1e 100644 --- a/logic/zombie.go +++ b/logic/zombie.go @@ -63,7 +63,7 @@ func ManageZombies(ctx context.Context) { logger.Log(3, "no zombies found") } case <-time.After(time.Second * ZOMBIE_TIMEOUT): - logger.Log(0, "checking for zombie nodes") + logger.Log(3, "checking for zombie nodes") if len(zombies) > 0 { for i := len(zombies) - 1; i >= 0; i-- { node, err := GetNodeByID(zombies[i]) From 9b6d9c36f8c2a271222f16f0b2977455843c9349 Mon Sep 17 00:00:00 2001 From: afeiszli Date: Tue, 29 Nov 2022 11:31:19 -0500 Subject: [PATCH 55/63] allow anon --> false --- docker/mosquitto.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/mosquitto.conf b/docker/mosquitto.conf index ab7386b0..19597b80 100644 --- a/docker/mosquitto.conf +++ b/docker/mosquitto.conf @@ -1,7 +1,7 @@ per_listener_settings false listener 8883 protocol websockets -allow_anonymous true +allow_anonymous false listener 1883 protocol websockets From 3e465ff0e0451a2115123df6c7651b19968a9f9b Mon Sep 17 00:00:00 2001 From: afeiszli Date: Tue, 29 Nov 2022 11:33:30 -0500 Subject: [PATCH 56/63] image version --- compose/docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 52f5161b..9529d567 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:testing + image: gravitl/netmaker:v0.17.0 cap_add: - NET_ADMIN - NET_RAW @@ -44,7 +44,7 @@ services: - "51821-51830:51821-51830/udp" netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:testing + image: gravitl/netmaker-ui:v0.17.0 depends_on: - netmaker links: From 5689ef54408244510914f99da29d13bb17377f91 Mon Sep 17 00:00:00 2001 From: 0xdcarns Date: Tue, 29 Nov 2022 11:48:40 -0500 Subject: [PATCH 57/63] updated versions to v0.17.0 where apllicable --- .github/ISSUE_TEMPLATE/bug-report.yml | 1 + README.md | 2 +- k8s/client/netclient-daemonset.yaml | 2 +- k8s/client/netclient.yaml | 2 +- k8s/server/netmaker-server.yaml | 2 +- k8s/server/netmaker-ui.yaml | 2 +- netclient/netclient.exe.manifest.xml | 2 +- netclient/versioninfo.json | 10 +++++----- 8 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 47868b91..0033fc1e 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -31,6 +31,7 @@ body: label: Version description: What version are you running? options: + - v0.17.0 - v0.16.3 - v0.16.2 - v0.16.1 diff --git a/README.md b/README.md index 515b3df8..acb278f0 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@

- + diff --git a/k8s/client/netclient-daemonset.yaml b/k8s/client/netclient-daemonset.yaml index f90997ab..14f9ffa5 100644 --- a/k8s/client/netclient-daemonset.yaml +++ b/k8s/client/netclient-daemonset.yaml @@ -16,7 +16,7 @@ spec: hostNetwork: true containers: - name: netclient - image: gravitl/netclient:v0.16.3 + image: gravitl/netclient:v0.17.0 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/client/netclient.yaml b/k8s/client/netclient.yaml index 20c5217a..ca6bd0c4 100644 --- a/k8s/client/netclient.yaml +++ b/k8s/client/netclient.yaml @@ -28,7 +28,7 @@ spec: # - "" containers: - name: netclient - image: gravitl/netclient:v0.16.3 + image: gravitl/netclient:v0.17.0 env: - name: TOKEN value: "TOKEN_VALUE" diff --git a/k8s/server/netmaker-server.yaml b/k8s/server/netmaker-server.yaml index 6ec14d96..43853cd9 100644 --- a/k8s/server/netmaker-server.yaml +++ b/k8s/server/netmaker-server.yaml @@ -83,7 +83,7 @@ spec: value: "Kubernetes" - name: VERBOSITY value: "3" - image: gravitl/netmaker:v0.16.3 + image: gravitl/netmaker:v0.17.0 imagePullPolicy: Always name: netmaker ports: diff --git a/k8s/server/netmaker-ui.yaml b/k8s/server/netmaker-ui.yaml index 15355d66..4d5944e6 100644 --- a/k8s/server/netmaker-ui.yaml +++ b/k8s/server/netmaker-ui.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: netmaker-ui - image: gravitl/netmaker-ui:v0.16.3 + image: gravitl/netmaker-ui:v0.17.0 ports: - containerPort: 443 env: diff --git a/netclient/netclient.exe.manifest.xml b/netclient/netclient.exe.manifest.xml index 61fb25ad..0db144e5 100644 --- a/netclient/netclient.exe.manifest.xml +++ b/netclient/netclient.exe.manifest.xml @@ -1,7 +1,7 @@ Date: Tue, 29 Nov 2022 12:05:56 -0500 Subject: [PATCH 58/63] swagger version udpate --- controllers/docs.go | 2 +- swagger.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/docs.go b/controllers/docs.go index a030cb6f..da798787 100644 --- a/controllers/docs.go +++ b/controllers/docs.go @@ -10,7 +10,7 @@ // // Schemes: https // BasePath: / -// Version: 0.16.3 +// Version: 0.17.0 // Host: netmaker.io // // Consumes: diff --git a/swagger.yaml b/swagger.yaml index f719d472..a096ea19 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -746,7 +746,7 @@ info: API calls must be authenticated via a header of the format -H “Authorization: Bearer ” There are two methods to obtain YOUR_SECRET_KEY: 1. Using the masterkey. By default, this value is “secret key,” but you should change this on your instance and keep it secure. This value can be set via env var at startup or in a config file (config/environments/< env >.yaml). See the [Netmaker](https://docs.netmaker.org/index.html) documentation for more details. 2. Using a JWT received for a node. This can be retrieved by calling the /api/nodes//authenticate endpoint, as documented below. title: Netmaker - version: 0.16.3 + version: 0.17.0 paths: /api/dns: get: From fb84ddc6f15da3ac145bef31967d1f62d7df4da9 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Wed, 30 Nov 2022 16:00:35 +0530 Subject: [PATCH 59/63] remove unused endpoints --- controllers/network.go | 51 ------------------------------------------ controllers/node.go | 33 --------------------------- swagger.yaml | 29 ------------------------ 3 files changed, 113 deletions(-) diff --git a/controllers/network.go b/controllers/network.go index 8121ef8f..608afb70 100644 --- a/controllers/network.go +++ b/controllers/network.go @@ -22,7 +22,6 @@ func networkHandlers(r *mux.Router) { r.HandleFunc("/api/networks", logic.SecurityCheck(true, checkFreeTierLimits(networks_l, http.HandlerFunc(createNetwork)))).Methods("POST") r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(false, http.HandlerFunc(getNetwork))).Methods("GET") r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(false, http.HandlerFunc(updateNetwork))).Methods("PUT") - r.HandleFunc("/api/networks/{networkname}/nodelimit", logic.SecurityCheck(true, http.HandlerFunc(updateNetworkNodeLimit))).Methods("PUT") r.HandleFunc("/api/networks/{networkname}", logic.SecurityCheck(true, http.HandlerFunc(deleteNetwork))).Methods("DELETE") r.HandleFunc("/api/networks/{networkname}/keyupdate", logic.SecurityCheck(true, http.HandlerFunc(keyUpdate))).Methods("POST") r.HandleFunc("/api/networks/{networkname}/keys", logic.SecurityCheck(false, http.HandlerFunc(createAccessKey))).Methods("POST") @@ -278,56 +277,6 @@ func updateNetwork(w http.ResponseWriter, r *http.Request) { json.NewEncoder(w).Encode(newNetwork) } -// swagger:route PUT /api/networks/{networkname}/nodelimit networks updateNetworkNodeLimit -// -// Update a network's node limit. -// -// Schemes: https -// -// Security: -// oauth -// -// Responses: -// 200: networkBodyResponse -func updateNetworkNodeLimit(w http.ResponseWriter, r *http.Request) { - w.Header().Set("Content-Type", "application/json") - var params = mux.Vars(r) - var network models.Network - netname := params["networkname"] - network, err := logic.GetParentNetwork(netname) - if err != nil { - logger.Log(0, r.Header.Get("user"), - fmt.Sprintf("failed to get network [%s] nodes: %v", - network.NetID, err.Error())) - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) - return - } - - var networkChange models.Network - - err = json.NewDecoder(r.Body).Decode(&networkChange) - if err != nil { - logger.Log(0, r.Header.Get("user"), "error decoding request body: ", - err.Error()) - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) - return - } - if networkChange.NodeLimit != 0 { - network.NodeLimit = networkChange.NodeLimit - data, err := json.Marshal(&network) - if err != nil { - logger.Log(0, r.Header.Get("user"), - "error marshalling resp: ", err.Error()) - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "badrequest")) - return - } - database.Insert(network.NetID, string(data), database.NETWORKS_TABLE_NAME) - logger.Log(1, r.Header.Get("user"), "updated network node limit on", netname) - } - w.WriteHeader(http.StatusOK) - json.NewEncoder(w).Encode(network) -} - // swagger:route PUT /api/networks/{networkname}/acls networks updateNetworkACL // // Update a network ACL (Access Control List). diff --git a/controllers/node.go b/controllers/node.go index 95245f93..8cd13dfe 100644 --- a/controllers/node.go +++ b/controllers/node.go @@ -33,7 +33,6 @@ func nodeHandlers(r *mux.Router) { r.HandleFunc("/api/nodes/{network}/{nodeid}/deleteingress", logic.SecurityCheck(false, http.HandlerFunc(deleteIngressGateway))).Methods("DELETE") r.HandleFunc("/api/nodes/{network}/{nodeid}/approve", authorize(false, true, "user", http.HandlerFunc(uncordonNode))).Methods("POST") r.HandleFunc("/api/nodes/{network}", nodeauth(checkFreeTierLimits(node_l, http.HandlerFunc(createNode)))).Methods("POST") - r.HandleFunc("/api/nodes/adm/{network}/lastmodified", authorize(false, true, "network", http.HandlerFunc(getLastModified))).Methods("GET") r.HandleFunc("/api/nodes/adm/{network}/authenticate", authenticate).Methods("POST") } @@ -493,38 +492,6 @@ func getNode(w http.ResponseWriter, r *http.Request) { json.NewEncoder(w).Encode(response) } -// swagger:route GET /api/nodes/adm/{network}/lastmodified nodes getLastModified -// -// Get the time that a network of nodes was last modified. -// -// Schemes: https -// -// Security: -// oauth -// -// Responses: -// 200: nodeLastModifiedResponse -// TODO: This needs to be refactored -// Potential way to do this: On UpdateNode, set a new field for "LastModified" -// If we go with the existing way, we need to at least set network.NodesLastModified on UpdateNode -func getLastModified(w http.ResponseWriter, r *http.Request) { - // set header. - w.Header().Set("Content-Type", "application/json") - - var params = mux.Vars(r) - networkName := params["network"] - network, err := logic.GetNetwork(networkName) - if err != nil { - logger.Log(0, r.Header.Get("user"), - fmt.Sprintf("error fetching network [%s] info: %v", networkName, err)) - logic.ReturnErrorResponse(w, r, logic.FormatError(err, "internal")) - return - } - logger.Log(2, r.Header.Get("user"), "called last modified") - w.WriteHeader(http.StatusOK) - json.NewEncoder(w).Encode(network.NodesLastModified) -} - // swagger:route POST /api/nodes/{network} nodes createNode // // Create a node on a network. diff --git a/swagger.yaml b/swagger.yaml index a096ea19..cf3dff3b 100644 --- a/swagger.yaml +++ b/swagger.yaml @@ -1272,24 +1272,6 @@ paths: summary: Update keys for a network. tags: - networks - /api/networks/{networkname}/nodelimit: - put: - operationId: updateNetworkNodeLimit - parameters: - - description: Network Name - in: path - name: networkname - required: true - type: string - x-go-name: NetworkName - responses: - "200": - $ref: '#/responses/networkBodyResponse' - schemes: - - https - summary: Update a network's node limit. - tags: - - networks /api/nodes: get: operationId: getAllNodes @@ -1602,17 +1584,6 @@ paths: summary: Authenticate to make further API calls related to a network. tags: - nodes - /api/nodes/adm/{network}/lastmodified: - get: - operationId: getLastModified - responses: - "200": - $ref: '#/responses/nodeLastModifiedResponse' - schemes: - - https - summary: Get the time that a network of nodes was last modified. - tags: - - nodes /api/oauth/login: get: operationId: HandleAuthLogin From 3b7968483dd21394295308965893cbec23f099e6 Mon Sep 17 00:00:00 2001 From: Anish Mukherjee Date: Wed, 30 Nov 2022 16:32:44 +0530 Subject: [PATCH 60/63] use sudo apt update in workflow --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5929493f..b0b4fff0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -80,7 +80,7 @@ jobs: go-version: 1.19 - name: run tests run: | - apt update + sudo apt update sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev go test -p 1 ./... -v go install honnef.co/go/tools/cmd/staticcheck@latest From 3f46f5392f64cfc48f699d71bda7cf4a2c7d94a6 Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Wed, 30 Nov 2022 08:08:42 -0500 Subject: [PATCH 61/63] revert setup-buildx-version --- .github/workflows/publish-netclient-docker-userspace.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-netclient-docker-userspace.yml b/.github/workflows/publish-netclient-docker-userspace.yml index 73957ee2..0d6bc95b 100644 --- a/.github/workflows/publish-netclient-docker-userspace.yml +++ b/.github/workflows/publish-netclient-docker-userspace.yml @@ -32,7 +32,7 @@ jobs: uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v2 - name: Login to DockerHub uses: docker/login-action@v2 From 3a936e573a1e797fbd5fdd4369cb51e76065068d Mon Sep 17 00:00:00 2001 From: Matthew R Kasun Date: Wed, 30 Nov 2022 08:15:26 -0500 Subject: [PATCH 62/63] add apt update --- .github/workflows/buildandrelease.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/buildandrelease.yml b/.github/workflows/buildandrelease.yml index 7d323d33..62bd782a 100644 --- a/.github/workflows/buildandrelease.yml +++ b/.github/workflows/buildandrelease.yml @@ -106,6 +106,7 @@ jobs: - name: build gui run: | + sudo apt-get update sudo apt-get install -y gcc libgl1-mesa-dev xorg-dev go build -tags=gui -ldflags="-X 'main.version=${NETMAKER_VERSION}'" -o build/netclient-gui . From 00ee6af39cb7a21ee16924c5a3bc8a7cdc618bfd Mon Sep 17 00:00:00 2001 From: afeiszli Date: Wed, 30 Nov 2022 13:15:59 -0500 Subject: [PATCH 63/63] adding 'v' to docker images in ee --- compose/docker-compose.ee.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/compose/docker-compose.ee.yml b/compose/docker-compose.ee.yml index 5e0ae3ed..f93253b5 100644 --- a/compose/docker-compose.ee.yml +++ b/compose/docker-compose.ee.yml @@ -3,7 +3,7 @@ version: "3.4" services: netmaker: container_name: netmaker - image: gravitl/netmaker:0.17.0-ee + image: gravitl/netmaker:v0.17.0-ee cap_add: - NET_ADMIN - NET_RAW @@ -47,7 +47,7 @@ services: - "51821-51830:51821-51830/udp" netmaker-ui: container_name: netmaker-ui - image: gravitl/netmaker-ui:0.17.0 + image: gravitl/netmaker-ui:v0.17.0 depends_on: - netmaker links: