Error in creating directory

[lifehome]

I find difficulties in using this docker, without having the following error:

pkg/prelude/bootstrap.js:1176
      throw error;
      ^

Error: EACCES: permission denied, mkdir '/opt/key-networks/ztncui/etc/storage'
    at Object.fs.mkdirSync (fs.js:885:18)
    at Function.sync (/snapshot/src/node_modules/mkdirp/index.js:71:13)
    at LocalStorage.parseStorageDirSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:619:20)
    at LocalStorage.initSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:142:14)
    at Object.nodePersist.initSync (/snapshot/src/node_modules/node-persist/src/node-persist.js:37:32)
    at Object.<anonymous> (/snapshot/src/controllers/networkController.js:0:0)
    at Module._compile (pkg/prelude/bootstrap.js:1252:22)
    at Object.Module._extensions..js (module.js:661:10)
    at Module.load (module.js:563:32)
    at tryModuleLoad (module.js:503:12)

The command I tried to start the docker is:

docker run -d \
  -p 127.0.0.1:25001:3000 \
  -v /path/to/config:/opt/key-networks/ztncui/etc \
  -v /path/to/zerotier-one:/var/lib/zerotier-one \
  -e PUID=$(id -u) \
  -e PGID=$(id -g) \
  --cap-add=NET_ADMIN \
  --name ztncui \
  keynetworks/ztncui

I have read #4 and I think it's a similar issue? But I am not sure.
Hopefully someone can give two cents on this issue. :D

[ghost]

#12

[key-networks]

What are your host OS and Docker versions?

[lifehome]

Thanks for the reply! I'm using ArchLinux with the latest Docker version 19.03.8

[key-networks]

Can you try Fedora 32?

[Seji64]

I got the same error (Ubuntu server 20.04) and made my own Docker Image as a workaround / fix. Hope it helps.

https://github.com/Seji64/ztncui-containerized

[key-networks]

Thanks @Seji64 - I need to regenerate the Docker image fairly soon to include another fix, so may use the info you have provided.

[mdPlusPlus]

@Seji64 You mean you took my Dockerfile and added two lines for http listening ;)

https://gist.github.com/mdPlusPlus/0f6285c6402aa4aff4aa4a9e5dfc38c0
https://hub.docker.com/r/mdplusplus/zerotier-network-controller-ui

[key-networks]

Please try version 1.2.5: https://hub.docker.com/r/keynetworks/ztncui

[key-networks]

Thanks @mdPlusPlus for the clues you provided.

[kmahyyg]

Same problem here:

[root@mymachine zerotier]# docker logs ztncui
/usr/sbin/zerotier-one: WARNING: failed to drop privileges (kernel may not support required prctl features), running as root
pkg/prelude/bootstrap.js:1176
      throw error;
      ^

Error: EACCES: permission denied, mkdir '/opt/key-networks/ztncui/etc/storage'
    at Object.fs.mkdirSync (fs.js:885:18)
    at Function.sync (/snapshot/src/node_modules/mkdirp/index.js:72:13)
    at LocalStorage.parseStorageDirSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:619:20)
    at LocalStorage.initSync (/snapshot/src/node_modules/node-persist/src/local-storage.js:142:14)
    at Object.nodePersist.initSync (/snapshot/src/node_modules/node-persist/src/node-persist.js:37:32)
    at Object.<anonymous> (/snapshot/src/controllers/networkController.js:0:0)
    at Module._compile (pkg/prelude/bootstrap.js:1252:22)
    at Object.Module._extensions..js (module.js:661:10)
    at Module.load (module.js:563:32)
    at tryModuleLoad (module.js:503:12)

[kmahyyg]

Note: I use the volume mount like -v /mydata/zt1:/var/lib/zerotier-one and -v /mydata/ztncui/etc:/opt/key-networks/ztncui/etc to run this docker. Since it's most general way that everyone use, you might need to add a little script to fix the permission.

[kmahyyg]

About behaviours

• By the way, use sudo in docker container is not a prefer way for this purpose, use gosu instead.

About file permissions

I added sudo chown -R ztncui:ztncui /opt/key-networks/ztncui at the above of the last line in exec.sh, it works fine.

Another problem again

But another problem exists, since I've mounted /opt/key-networks/ztncui/etc, this folder is empty, so your program will failed to start due to missing SSL cert.

You either should notice user to generate one before you mount, or just check if it exists before you call up your program.

You might say, configure the env var. Yes, I did.

But not working...

I personally recommend https://github.com/jsha/minica for generate a site key and deprecate the big and heavy openssl.

About Docker Image Size

• PURGE CACHE BEFORE YOU SUBMIT IT!
• Use debian:sid-slim if possible. (I prefer Debian personally, -slim one is the minimal base image comparing to normal one)

[kmahyyg]

One more critical thing... You run /usr/sbin/zerotier-one & , which means you are totally not using any supervisor??!!
If somehow the zt1 was accidentally getting OOM-killed or something else, something bad might happen...

[key-networks]

@kmahyyg thanks for all your comments - I'll look into them. What supervisor do you recommend, given that systemd is not available in the container?

[kmahyyg]

Personally, I use s6 from skarnet or supervisord. Someone also loves pm2.

[kmahyyg]

@kmahyyg thanks for all your comments - I'll look into them. What supervisor do you recommend, given that systemd is not available in the container?

I'm not interested in UID/GID conflict issues, so my homemade one doesn't care about this...

After all, I added:

• Argon2 Password Generator (also reads environment variable)
• Supervisord for daemonization
• Certificate generation
• A Simple HTTP File Server for distributing planet file... Since I'm gonna use all self-hosted infra, I don't want any ZT Official server rolling in...

Currently, user only need to use empty folder to start my docker container.

For more details, check: https://github.com/kmahyyg/ztncui-aio

You could also directly pull the image from Docker Hub.

[key-networks]

@kmahyyg - I'm impressed with what you have done! If you don't mind, I'm thinking of cloning your repo, making a few mods, and using it as the basis for generating the keynetworks/ztncui image.

[kmahyyg]

@kmahyyg - I'm impressed with what you have done! If you don't mind, I'm thinking of cloning your repo, making a few mods, and using it as the basis for generating the keynetworks/ztncui image.

Of course. I'm so glad for contributing to open source community. By the way, You have my authorization to re-license your clone to the same license as ztncui (which currently is GPLv3). Thanks for y'all and also your excellent product.

[key-networks]

@kmahyyg - I'm impressed with what you have done! If you don't mind, I'm thinking of cloning your repo, making a few mods, and using it as the basis for generating the keynetworks/ztncui image.

Of course. I'm so glad for contributing to open source community. By the way, You have my authorization to re-license your clone to the same license as ztncui (which currently is GPLv3). Thanks for y'all and also your excellent product.

Many thanks, @kmahyyg !

[key-networks]

Ver 1.2.6 is now available at https://hub.docker.com/r/keynetworks/ztncui based on https://github.com/key-networks/ztncui-aio