#client
Title
# client
a
average-helicopter-96869
06/02/2022, 7:32 PMerror broker port is blank - upgrading from 0.14.1 to 0.14.2
wondering if i missed a step on the upgrade? I updated my netmaker & ui docker images to v0.14.2
all my 0.14.1 clients were still happy
so then i upgraded one netclient to 0.14.2
that one could not check in...
giving an error
Copy code
netclient[59819]: [netclient] 2022-06-02 14:25:12 error publishing ping, mq setup error error: broker port is blankj
jolly-london-20127
06/02/2022, 7:33 PMit should fallback and retrieve the port if you give it a few minutes
b
bored-island-21407
06/02/2022, 7:33 PMyou may have to wait for a couple of minutes for the client to do a pull
a
average-helicopter-96869
06/02/2022, 7:33 PMi noticed that the
/etc/netmaker/config/netconfig-main Copy code
server:
corednsaddr: ""
apihost: ""
apiport: ""
clientmode: ""
dnsmode: ""
version: v0.14.2
mqport: ""
server: broker.netmaker.MYDOMAINb
bored-island-21407
06/02/2022, 7:33 PMor you could do a manual pull
a
average-helicopter-96869
06/02/2022, 7:34 PMhmm... ok, i'll try another node to verify that ...
i worked around on this node my manually setting the port
hmmm
Copy code
# netclient pull -v
[netclient] 2022-06-02 19:41:46 No network selected. Running Pull for all networks.
[netclient] 2022-06-02 19:41:46 Error pulling network config for network: family
Post "https:///api/nodes/adm/family/authenticate": http: no Host in request URL
[netclient] 2022-06-02 19:41:46 Error pulling network config for network: main
Post "https:///api/nodes/adm/main/authenticate": http: no Host in request URL
[netclient] 2022-06-02 19:41:46 register at https:///api/server/register
[netclient] 2022-06-02 19:41:47 restarting netclient.service
[netclient] 2022-06-02 19:41:48 reset network and peer configsand my systemd logs for the netclient unit:
Copy code
Jun 02 19:43:53 tunnel netclient[143179]: [netclient] 2022-06-02 19:43:53 initializing network main
Jun 02 19:43:53 tunnel netclient[143179]: [netclient] 2022-06-02 19:43:53 netclient daemon started for server: broker.netmaker.MYDOMAIN
Jun 02 19:43:53 tunnel netclient[143179]: 2022/06/02 19:43:53 could not read client cert/key tls: private key does not match public keyb
bored-island-21407
06/02/2022, 7:48 PMinteresing that your certs/key got out of sync... bute force way to recover ... on sever delete files in /root/certs and restart docker containers
a
average-helicopter-96869
06/02/2022, 7:48 PMbtw, i can totally work around this... just trying to highlight the issue and see if there are "best practice" steps for the upgrade and/or the move from port 8883 to 443
j
jolly-london-20127
06/02/2022, 7:48 PM@bored-island-21407 I wonder if the change I made to retrieving the broker address resets the whole server section of the config. That would explain it
but I dont think I did that...
b
bored-island-21407
06/02/2022, 7:49 PMno ...
a
average-helicopter-96869
06/02/2022, 7:49 PM@jolly-london-20127 that sounds promising,... because here's a node that's still on 14.1
Copy code
server:
corednsaddr: ""
accesskey: SOMESTUFF
server: broker.netmaker.MYDOMAIN
api: api.netmaker.MYDOMAIN:443b
bored-island-21407
06/02/2022, 7:50 PMwhen i was testing the upgrade scenario prior to release this am ... i did the same steps .. it took awhile but the node eventually recovered
a
average-helicopter-96869
06/02/2022, 7:52 PMi'm going to downgrade aclient and try to reproduce this
j
jolly-london-20127
06/02/2022, 7:58 PMit may be an issue of doing too much to it before it has a chance to recover automatically
when you attempt to reproduce, please try leaving the client for ~5min to see if it's able to reset its configs automatically
a
average-helicopter-96869
06/02/2022, 8:03 PMwill do.... I'm keeping one node in known good state from 14.1 another in my broken state on 14.2 and reverting a broken one to 14.1
the revert was successful, though i had to manually put back the
server: api:netclient pullb
bored-island-21407
06/02/2022, 8:10 PMwhat os are your nodes running?
a
average-helicopter-96869
06/02/2022, 8:11 PMso to recap the steps here...
My docker-compose was on 0.14.1 and thus did not have an MQ_PORT set...
1) upgrade docker-compose netmaker/ui to 0.14.2 (do NOT setup mqtt over traefik, just using bare 8883 port, still, no MQ_PORT)
2) (linux node) systemctl stop netclient
3) (linux node) wget https://github.com/gravitl/netmaker/releases/download/v0.14.2/netclient to /sbin/netclient , chmod 755 /sbin/netclient
4) (linux node) systemctl retart netclient; journalctl -f -u netclient
now i'm watching
most are linux (ubuntu 22.04 servers and one fedora desktop) ... plus one windows machine, but i've only been troubleshooting on linux because its easier for me
b
bored-island-21407
06/02/2022, 8:13 PM🥂 you did see my avatar, right
a
average-helicopter-96869
06/02/2022, 8:13 PMyes 🙂 i was ashamed to tell you about the windows box
ok, i don't think this will recover
pasting logs and config to show why
b
bored-island-21407
06/02/2022, 8:15 PMdid you add an MQ_PORT in the env for netmaker
a
average-helicopter-96869
06/02/2022, 8:15 PMno
b
bored-island-21407
06/02/2022, 8:16 PMbut it should default to 8883 if it isn't set
a
average-helicopter-96869
06/02/2022, 8:16 PMthat's what i figured... i'm effectively trying to do what was in the announcment
> If you'd like to keep your existing Caddy proxy, you can just update the images to 0.14.2 and run as-is (with port 8883).
Copy code
Jun 02 15:10:50 MYNODE systemd[1]: Started netclient.service - Netclient Daemon.
Jun 02 15:10:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:10:50 initializing network family
Jun 02 15:10:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:10:50 started daemon for server broker.netmaker.MYDOMAIN
Jun 02 15:10:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:10:50 netclient daemon started for server: broker.netmaker.MYDOMAIN
Jun 02 15:11:20 MYNODE netclient[71487]: [netclient] 2022-06-02 15:11:20 unable to connect to broker, retrying ...
Jun 02 15:11:20 MYNODE netclient[71487]: [netclient] 2022-06-02 15:11:20 unable to connect to broker error: broker port is blank
Jun 02 15:11:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:11:50 local port has changed from 42624 to 41916
Jun 02 15:12:20 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:20 unable to connect to broker, retrying ...
Jun 02 15:12:20 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:20 could not publish local port change
Jun 02 15:12:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:50 unable to connect to broker, retrying ...
Jun 02 15:12:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:50 error publishing ping, mq setup error error: broker port is blank
Jun 02 15:12:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:50 running pull on family to reconnect
Jun 02 15:12:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:50 could not run pull on family, error: Post "https:///api/nodes/adm/family/authenticate": http: no Host in request URL
Jun 02 15:12:50 MYNODE netclient[71487]: [netclient] 2022-06-02 15:12:50 checkin for family completei'm not sure where, but sometime in that period... my
netconfig-family Copy code
server:
corednsaddr: ""
accesskey: ""
server: broker.netmaker.MYDOMAIN
api: api.netmaker.MYDOMAIN:443to...
Copy code
server:
corednsaddr: ""
apihost: ""
apiport: ""
clientmode: ""
dnsmode: ""
version: ""
mqport: ""
server: broker.netmaker.MYDOMAINwhich is why there's no api hostname to pull from
so pulls fail
i'm going to try setting
MQ_PORT: "8883"same results
b
bored-island-21407
06/02/2022, 8:39 PMhmmm , well that is a scenario I didn't test ... i did all my testing with traefik rather than caddy but i am a bit baffled as to the root cause of the issue
a
average-helicopter-96869
06/02/2022, 8:40 PMyeah, i don't think it's a traefik/caddy related issue
it seems to be related to the model change of the config file for netclient 14.1 vs 14.2
and in my case ... it's traefik -> traefik, 14.1 -> 14.2 , but not even changing the MQ port
and i can confirm, if i wipe out the /etc/netclient/config/* for my node, and manually delete it from netmaker-ui
i can cleaning join a 14.2 netclient
that's why i think it really seems to be a problem in the client config upgrade
b
bored-island-21407
06/02/2022, 8:45 PMyour compose files has SERVER_API_CONN_STRING?
a
average-helicopter-96869
06/02/2022, 8:45 PMyep
Copy code
environment:
SERVER_NAME: "broker.${NM_BASE_DOMAIN}"
SERVER_HOST: "${NM_PUBLIC_IP}"
SERVER_API_CONN_STRING: "api.${NM_BASE_DOMAIN}:443"
COREDNS_ADDR: "${NM_PUBLIC_IP}"
DNS_MODE: "on"
SERVER_HTTP_HOST: "api.${NM_BASE_DOMAIN}"
API_PORT: "8081"
CLIENT_MODE: "on"
MASTER_KEY: "${NM_MASTER_KEY}"
CORS_ALLOWED_ORIGIN: "*"
DISPLAY_KEYS: "on"
DATABASE: "sqlite"
NODE_ID: "netmaker-server-1"
MQ_HOST: "mq"
#MQ_PORT: "443"
HOST_NETWORK: "off"
VERBOSITY: "1"
MANAGE_IPTABLES: "on"
PORT_FORWARD_SERVICES: "dns"b
bored-island-21407
06/02/2022, 8:47 PMI am trying to determine where the api is getting set to blank
a
average-helicopter-96869
06/02/2022, 8:48 PMthis is my netclient config on the clean 14.2 install
Copy code
server:
corednsaddr: MYIP
apihost: api.netmaker.MYDOMAIN:443
apiport: "8081"
clientmode: ""
dnsmode: "on"
version: v0.14.2
mqport: "8883"
server: broker.netmaker.MYDOMAINok, i have a workaround at least
b
bored-island-21407
06/02/2022, 8:52 PMok i have a 14.1 client connected to a server running the test build (aka 14.2)
I am going to update the client
a
average-helicopter-96869
06/02/2022, 8:52 PMmanually add
Copy code
apihost: api.netmaker.MYDOMAIN:443
apiport: "8081"servernetclient pull -v(i'm not sure if apiport was needed)
i'll confirm
b
bored-island-21407
06/02/2022, 8:54 PMit should not be
a
average-helicopter-96869
06/02/2022, 8:54 PMyeah, i didn't think so
yeah, 0.14.1 expected
server: api: HOSTNAME_OF_NETMAKER:443server: apihost: HOSTNAME_OF_NETMAKER:443so that's why that bit is broken...
maybe
i'm guessing
b
bored-island-21407
06/02/2022, 9:00 PMyes I remember that being changed but i thought we had a recover in place
a
average-helicopter-96869
06/02/2022, 9:01 PMok, well, good luck... i gotta get back to my actual job 😉
if i can help test something specific, let me know
b
bored-island-21407
06/02/2022, 9:04 PMwill do ... thanks a bunch for helping with this ( and for the traefik stuff)
a
average-helicopter-96869
06/02/2022, 9:08 PMmy pleasure
f
few-airline-95046
06/02/2022, 10:08 PMI tried adding apihost: api.netmaker.MYDOMAIN:443 to the netconfig- file, and the pull on the client worked, but the status still shows error...saw in the docker logs mq "sslv3 alert bad certificate" so I tried wiping the certificates in /root/certs/ on the server and restarted...but now I get no new certs at all in there? 🤔
b
bored-island-21407
06/02/2022, 10:11 PMRestart the netmaker container
f
few-airline-95046
06/02/2022, 10:11 PMI did
b
bored-island-21407
06/02/2022, 10:12 PMNetmaker will gen certs on startup if they are missing
f
few-airline-95046
06/02/2022, 10:12 PMOk, but they're not in the /root/certs folder :/
Hmm, I saved my old docker-compose.yml before changing to the docker-compose.traefik.yml.
In the old the mq volumes look like
Copy code
volumes:
- /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
- /root/certs/:/mosquitto/certs/
- mosquitto_data:/mosquitto/data
- mosquitto_logs:/mosquitto/log Copy code
volumes:
- /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
- mosquitto_data:/mosquitto/data
- mosquitto_logs:/mosquitto/log
- shared_certs:/mosquitto/certsis that relevant?
b
bored-island-21407
06/02/2022, 10:17 PMIn that case you need to delete them from the shared certs docker volume
f
few-airline-95046
06/02/2022, 10:23 PMThanks, looks like that solved it.. But why was the volume for certs changed? 😄
b
bored-island-21407
06/02/2022, 10:29 PMIt was a community submitted PR
f
few-airline-95046
06/02/2022, 10:30 PMAh. the certs are maybe less prone to be accidently deleted that way.
Time to sleep, will continue to fiddle with this tomorrow 😄
a
average-helicopter-96869
06/03/2022, 3:42 AMthe docker-compose yaml files provided are really intended to be a guide, not a production solution...
specifically related to the volume definitions...
Copy code
volumes:
traefik_certs: {}
shared_certs: {}
sqldata: {}
dnsconfig: {}
mosquitto_data: {}
mosquitto_logs: {}at least, that's my opinion 😉
with that default config, the volumes are assigned to some location as specified by the docker daemon configuration... which, if your systems is linux with stock configs, usually means it's buried somewhere under
/var/lib/dockeri really like this method for standalone servers like the small virtual machine where i run netmaker...
https://docs.docker.com/storage/bind-mounts/#use-a-bind-mount-with-compose
you can see how i've used that in my personal repo (which has not yet been updated to 14.2) https://github.com/bsherman/netmaker-traefik/blob/main/docker-compose.yml#L140
anyway, i also should apologize... I was responsible for the change of
/root/certsshared_certs:docker-compose.traefik.ymlj
jolly-london-20127
06/03/2022, 1:26 PM@few-airline-95046 @average-helicopter-96869 we think we've narrowed down the issue. Did you upgrade the clients before upgrading the server?
f
few-airline-95046
06/03/2022, 1:28 PMOne node might have been updated before, but not the second one that i tried later yesterday night
j
jolly-london-20127
06/03/2022, 1:39 PMcan you share your docker-compose (before and after)? would help with recreating the issue
f
few-airline-95046
06/03/2022, 1:51 PMI can do it in a couple of hours probably
@jolly-london-20127, I see that you've released new binaries, so you don't need the docker-compose files any more? 😄
Hmm, updated to the latest netclient binary, but still seeing
Copy code
root@Cradle:/boot/config/netclient# netclient pull --vvv --daemon off
[netclient] 2022-06-03 23:08:54 No network selected. Running Pull for all networks.
[netclient] 2022-06-03 23:08:54 Error pulling network config for network: xxx
Post "https:///api/nodes/adm/xxx/authenticate": http: no Host in request URL
[netclient] 2022-06-03 23:08:54 register at https:///api/server/register
[netclient] 2022-06-03 23:08:55 restarting netclient.service
[netclient] 2022-06-03 23:08:56 error running command: systemctl restart netclient.service
[netclient] 2022-06-03 23:08:56
[netclient] 2022-06-03 23:08:56 reset network and peer configsAnd then when trying to run netclient in deamon mode (no systemd on that machine) I get
Copy code
root@Cradle:/boot/config/netclient# netclient daemon
[netclient] 2022-06-03 23:11:55 initializing network xxx
[netclient] 2022-06-03 23:11:55 started daemon for server broker.netmaker.xxx.se
[netclient] 2022-06-03 23:11:55 netclient daemon started for server: broker.netmaker.xxx.se
2022/06/03 23:11:55 could not read client cert/key tls: private key does not match public keyj
jolly-london-20127
06/03/2022, 9:17 PMIf you already had that issue, updating will not solve it. Once the api address is missing you need to add manually
f
few-airline-95046
06/03/2022, 9:28 PMAlright, but I have already modified /etc/netclient/config/netconfig-mydomain to have apihost set to my proper api url
a
average-helicopter-96869
06/04/2022, 4:45 PMin my case, I'd updated the server to 0.14.2 first, let things settle... and all my clients were working on 0.14.1.... then experienced the problem when updating a client to 0.14.2
my docker compose was literally:
https://github.com/bsherman/netmaker-traefik/blob/main/docker-compose.yml
and then upgraded by changing 0.14.1 to .2
also, apologies for my delay, i was in airports all day yesterday... travelling so not very accessible for a few days.
j
jolly-london-20127
06/07/2022, 8:06 PMno worries, we put a hotfix in the release which should solve this issue