https://netmaker.org logo
Join Discord
Powered by
I'm installing the netmaker binary and I'm stuck o...
# install
f
I'm installing the netmaker binary and I'm stuck on the last thing. The instructions say to copy root.pem,server.pem,server.key from /etc/netmaker to /etc/mosquitto/certs . The problem is that those certificates are not there because caddy generates them automatically. So where can I find them ? Will it help if I generate them with certbot ?
b
netmaker will generate them (they are not normal ssl certs) ... run netclient and stop it; the certs wiil have been generated
also to be clear , what version are you trying to install (and from your question, confirm you are trying to install on baremetal)
f
How to find out the version please because I'm not sure now ? And yes I'm installing bare metal.
b
did you download the binary or build from source
f
yes but I tried multiple versions due to glibc not found eror
b
so where did you get the binary and/or source?
f
github release
b
the version == release
f
UI v. : 0.17.1 BINARY v. :0.17.0
b
netmaker v0.17.0 no longer uses certs for mosquitto so there is no need to copy those certs... however it is likely that your configuration is incorrect for that version of netmaker... the docs state that copying those files are only for version earlier than v0.16.1
f
sorry my bad
b
NP
you do have to start netmaker; stop it and copy the dynamic-security.json to /etc/mosquitto/data
f
yes I have copied it
And for what reason netclient join -t (token) gave my eror 502 bad gateway on Friday but the connected device still shows in ui ?
Thank you for any help.
b
Not sure about your last error/question
f
I tried to connect different devices and netclient shows eror 502 bad gateway but in (netmaker) ui it shows them as healthy.
What could be the problem ?
b
looks like an error from caddy
f
This isn't good? Site: api.my.domain
b
there is no route to api.my.domain try https://api.my.domain/api/users/adm/hasadmin which should return true or false depending if an admin has been defined
f
true
b
looks good
try adding a device while watching the caddy logs 
journalctl -fu caddy
and netmaker logs 
journalctl -fu netmaker
f
ok
> Mar 04 14:57:12 athena caddy[162401]: {"level":"error","ts":1677938232.4291704,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8081: connect: connection refused","request":{"remote_ip":"188.123.102.179","remote_port":"52444","proto":"HTTP/2.0","method":"OPTIONS","host":"api.roran60.online","uri":"/api/nodes","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br"],"Access-Control-Request-Method":["GET"],"Access-Control-Request-Headers":["authorization"],"Referer":["https://dashboard.roran60.online/"],"Origin":["https://dashboard.roran60.online"],"Sec-Fetch-Dest":["empty"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"],"Te":["trailers"],"Sec-Fetch-Site":["same-site"],"Sec-Fetch-Mode":["cors"],"Accept-Language":["en-US,en;q=0.5"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"api.roran60.online"}},"duration":0.000395334,"status":502,"err_id":"uak6wy943","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"} > Mar 04 16:04:23 athena caddy[162401]: {"level":"error","ts":1677942263.79557,"logger":"http.log.error","msg":"EOF","request":{"remote_ip":"188.123.102.179","remote_port":"52402","proto":"HTTP/2.0","method":"POST","host":"api.roran60.online:443","uri":"/api/nodes/test1","headers":{"User-Agent":["Go-http-client/2.0"],"Content-Type":["application/json"],"Authorization":[],"Requestfrom":["node"],"Content-Length":["1690"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"api.roran60.online"}},"duration":9.598097054,"status":502,"err_id":"ju59ftgp1","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
b
so based on your netmaker logs, you have a configuration problem with mosquitto/netmaker ... you need to fix that also, are you trying to connect to the api using your browser? Except in a couple of instances that will not work.... the api speaks json not html and most endpoints require an authorization header to be set which you cannot do in browser
f
I connect via netclient on linux pc and raspberry pi .
b
then why am i seeing Firefox as the user agent in caddy logs?
f
¯\_(ツ)_/¯
ok i'll send the full log to private message
maybe I copied it wrong
/var/log/mosquitto
1677953043: New connection from 127.0.0.1:37956 on port 1883. 1677953043: Client disconnected due to protocol error.
b
misconfiguration
f
and where are the logs from netmaker ?
b
what env/config vars are you passing to netmaker
journalctl -u netmaker
confirms you have a misconfiguration .... the mosquitto logs are netmaker trying to connect and failing as indicated in netmaker logs
f
wait
it shows no error here
b
probably just didn't let it run long enough.... there is a reasonably lengthy timeout before the mq connection attempt fails
f
/etc/netmaker/netmaker.yml server: server: "broker.roran60.online" apiport: "8081" apiconn: "api.roran60.online:443" masterkey: " -------" mqhost: "127.0.0.1" mqport: "8883" mqadminpassword: "------"
should i delete mq admin pass... ?
b
no
f
ok
aaaaa I got my stupid certs in there
delete ?
b
server should be server_name you are missing: server_host server_api_conn_string server_http_host client_mode mq_server_port verbosity ===== set to 4
f
in /etc/netmaker/netmaker.yml ?
b
yes
the missing mq_server_port is why netmaker cannot connect to mosquitto
f
Please could you show me the complete config because I can't find it on github .
b
just look at the docker-compose.yml file on github and translate the netmaker ENV vars to config vars
f
because this is in docs :
server: server: "broker." apiport: "8081" apiconn: "api.:443" masterkey: "" mqhost: "127.0.0.1" mqport: "8883" mqadminpassword: ""
b
docker-compose-reference.yml is annotated with additional comments on what the vars should be
docs are incorrect
f
ah ok
is it ok or is there something else missing
b
you need a few more, just a sec
as a minimum, you also need MASTERKEY MQ_HOST MQ_PORT
f
Thanks
Can I change the master key if I already have it set ?
b
yes, you just have to restart netmaker
f
mq host is api.domain ?
b
no
baremetal it should probably be 127.0.0.1
f
ok
I'm going to try this
b
i think that should work
f
Mar 04 21:28:20 athena netmaker[242466]: [netmaker] Fatal: failed to configure MQ: MQ admin password not provided
b
yea, you need that ... missed that
f
?
b
are you sure you are running v0.17.1?
MQ_ADMIN_PASSWORD was added in v0.18.0
v0.18.0 requires a very different config file than v0.17.1
f
There is such a thing as netmaker -version ?
Because I'm not on the pc on which I downloaded it .
b
no, there isn't as most people use docker and the version is defined by the image tag
f
And what actually needs to be changed in the new version of config ?
b
you also have to make changes to mosquitto
f
> root@athena:~# /usr/bin/netmaker > /usr/bin/netmaker: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.32' not found (required by /usr/bin/netmaker) > /usr/bin/netmaker: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.33' not found (required by /usr/bin/netmaker) > /usr/bin/netmaker: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.34' not found (required by /usr/bin/netmaker) > root@athena:~#
b
What ditro is your server running?
f
v0.17.1 release not working
debian
downgrade helps but i tought i know version 😄
b
What is your server ? Ubuntu 20.04 Ubuntu 21.04?
f
debian
b
Or some other flavor
What version of debian
f
Debian 11
b
netmaker is intended to run in docker. To run on bare metal, you will need to run a server with a newer version of libc, or compile the binary yourself
f
uf
And what if I use an older version that worked for me ?
at least temporarily
b
sure
f
i tested 0.17.0 - Fatal: failed to configure MQ: MQ admin password not provided
b
i uploaded a binary v0.17.1 built on ubuntu 20.04 which should have the same version of libc as debian bullseye ... https://fileserver.netmaker.org/transfer/netmaker.oldlibc
f
thank you
I use this version
with the config above it says :
error installing: error creating node Post "https:///api/nodes/test1": http: no Host in request URL
what's wrong there ?
b
Your API endpoint is wrong
apiconn in your config
f
> SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"
> SERVER_API_CONN_STRING: "api.roran60.online:443"
Is that good? because it doesn't work
b
I'll have to look at the code and make sure the variable name is correct. Will be a bit as I am outside with the dog right now
I got distracted by something else -- it should be apiconn in your config file
f
it still shows : error creating node 502 Bad Gateway
Are you sure I got the config right ?
b
add https:// to apiconn
f
error creating node Post "https:///api/nodes/test1": http: no Host in request URL
I'm trying this with another error
apiconn: "api.roran60.online"
error creating node 401 Unauthorized {"Code":401,"Message":"You are unauthorized to access this endpoint."}
b
try regenerating the token
f
with the new token
Copy code
error creating node 502 Bad Gateway
b
that is a caddy error
try joining with username/password
f
ok
b
netclient join -u -s api.roran60.online -n user is the same as user to login to UI ... you will be prompted for password
f
ok
should I return the port to config ?
b
??
f
apiconn: "api.roran60.online:443"
b
I am pretty sure apiconn should be "https://api.roran60.online"
f
ok thanks
I make a new user, assign him a network, I log in via netclient and it throws me this error :
error creating node Post "https://https//api.roran60.online//api/nodes/test1": dial tcp: lookup https on 1.1.1.1:53: no such host
b
you apiconn is incorrect... I guess you do not need the https:// in it
f
ok
b
what changed
f
apiconn
b
that cannot be the only thing that changed
f
plus I changed the dns resolver
managed by vpsadmin (hosting) -) managed mannually -) managed by vpsadmin
I just checked and the old settings are still there restarting
b
i don't know how that would affect anything, but if you do nslookup api.rolan60.online ns1.prg,vpsfree.cz do you get the correct ip?
f
after a reboot it at least starts
¯\_(ツ)_/¯
its good
4 Views
PreviousNext
Powered by