From 3a1c1f65bc29753fe035d59cc0683a77b5ac9204 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Fri, 8 Dec 2023 12:38:24 -0500 Subject: [PATCH 01/21] WIP Dockerfile --- Makefile | 9 +++++++++ docker/Dockerfile | 14 ++++++++++++++ docker/README.md | 24 ++++++++++++++++++++++++ docker/main.sh | 11 +++++++++++ 4 files changed, 58 insertions(+) create mode 100644 docker/Dockerfile create mode 100644 docker/README.md create mode 100755 docker/main.sh diff --git a/Makefile b/Makefile index 795f42f44..d54703a2d 100644 --- a/Makefile +++ b/Makefile @@ -55,6 +55,9 @@ ALL_OPENBSD = openbsd-amd64 \ ALL_NETBSD = netbsd-amd64 \ netbsd-arm64 +ALL_DOCKER = linux-amd64 \ + linux-arm64 + ALL = $(ALL_LINUX) \ $(ALL_FREEBSD) \ $(ALL_OPENBSD) \ @@ -84,6 +87,8 @@ e2e-bench: e2e all: $(ALL:%=build/%/nebula) $(ALL:%=build/%/nebula-cert) +all-docker: $(ALL_DOCKER:%=docker/%) + release: $(ALL:%=build/nebula-%.tar.gz) release-linux: $(ALL_LINUX:%=build/nebula-%.tar.gz) @@ -156,6 +161,10 @@ build/nebula-%.tar.gz: build/%/nebula build/%/nebula-cert build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe +docker/%: build/%/dnclient + cp -r build release + docker buildx build . -f docker/Dockerfile --platform "$(subst -,/,$*)" --tag "nebula:latest" --tag "nebula:$(BUILD_NUMBER)" + vet: go vet $(VET_FLAGS) -v ./... diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 000000000..b570bc248 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:latest + +ARG TARGETPLATFORM +RUN echo "Building image for $TARGETPLATFORM" + +COPY release/$TARGETPLATFORM/nebula /usr/local/bin/nebula +RUN chmod +x /usr/local/bin/nebula + +COPY docker/main.sh /main.sh +RUN chmod +x /main.sh + +VOLUME ["/config"] + +CMD ["/main.sh"] diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000..5aade5eac --- /dev/null +++ b/docker/README.md @@ -0,0 +1,24 @@ +# NebulaOSS/nebula Docker Image + +## Building + +From the root of the repository, run `make all-docker`. + +## Running + +To run the built image, use the following command: + +``` +docker run \ + --name nebula \ + --network host \ + --cap-add NET_ADMIN \ + --volume ./config:/config \ + --rm \ + NebulaOSS/nebula +``` + +A few notes: + +- The `NET_ADMIN` capability is necessary to create the tun adapter on the host (this is unnecessary if the tun device is disabled.) +- `--volume ./config:/config` should point to a directory that contains your `config.yml` and any other necessary files. diff --git a/docker/main.sh b/docker/main.sh new file mode 100755 index 000000000..ddf90dbd4 --- /dev/null +++ b/docker/main.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -euo pipefail + +# Create the tun device so it doesn't need to be mounted +mkdir -p /dev/net +if [ ! -c /dev/net/tun ]; then + mknod /dev/net/tun c 10 200 + chmod 600 /dev/net/tun +fi + +nebula -config /config/config.yml From 7cabbc8358b6e0f2a2912093469e2cc39697a388 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Fri, 8 Dec 2023 12:43:29 -0500 Subject: [PATCH 02/21] Rough pass at Github release workflow --- .github/workflows/release.yml | 31 +++++++++++++++++++++++++++++++ Makefile | 4 ++-- docker/Dockerfile | 5 ++++- 3 files changed, 37 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ef4e507df..e8bf5f6b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -109,6 +109,37 @@ jobs: name: darwin-latest path: ./release/* + build-docker: + name: Create and Upload Docker Images + # Technically we only need build-linux to succeed, but if any platforms fail we'll + # want to investigate and restart the build + needs: [build-linux, build-darwin, build-windows, build-freebsd] + runs-on: ubuntu-latest + steps: + # Be sure to checkout the code before downloading artifacts, or they will + # be overwritten + - name: Checkout code + uses: actions/checkout@v3 + + - name: Download artifacts + uses: actions/download-artifact@v2 + with: + name: linux-latest + path: ./release/linux/ + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push images + run: | + make DOCKER_BUILD_ARGS="--push" all-docker + release: name: Create and Upload Release needs: [build-linux, build-darwin, build-windows] diff --git a/Makefile b/Makefile index d54703a2d..183370086 100644 --- a/Makefile +++ b/Makefile @@ -161,9 +161,9 @@ build/nebula-%.tar.gz: build/%/nebula build/%/nebula-cert build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe -docker/%: build/%/dnclient +docker/%: build/%/nebula build/%/nebula-cert cp -r build release - docker buildx build . -f docker/Dockerfile --platform "$(subst -,/,$*)" --tag "nebula:latest" --tag "nebula:$(BUILD_NUMBER)" + docker buildx build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --tag "nebula:latest" --tag "nebula:$(BUILD_NUMBER)" vet: go vet $(VET_FLAGS) -v ./... diff --git a/docker/Dockerfile b/docker/Dockerfile index b570bc248..6232a71e4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -4,7 +4,10 @@ ARG TARGETPLATFORM RUN echo "Building image for $TARGETPLATFORM" COPY release/$TARGETPLATFORM/nebula /usr/local/bin/nebula -RUN chmod +x /usr/local/bin/nebula +COPY release/$TARGETPLATFORM/nebula-cert /usr/local/bin/nebula-cert + +RUN chmod +x /usr/local/bin/nebula && \ + chmod +x /usr/local/bin/nebula-cert COPY docker/main.sh /main.sh RUN chmod +x /main.sh From 0f75c3782aeba0986ae1aebbdbb77645776570b5 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Fri, 8 Dec 2023 12:45:34 -0500 Subject: [PATCH 03/21] Lowercase NebulaOSS in Docker Hub org --- docker/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/README.md b/docker/README.md index 5aade5eac..63da5a8ce 100644 --- a/docker/README.md +++ b/docker/README.md @@ -15,7 +15,7 @@ docker run \ --cap-add NET_ADMIN \ --volume ./config:/config \ --rm \ - NebulaOSS/nebula + nebulaoss/nebula ``` A few notes: From 3430b363d285b7d50e4bbcb215a4b1019995582e Mon Sep 17 00:00:00 2001 From: John Maguire Date: Fri, 8 Dec 2023 13:13:10 -0500 Subject: [PATCH 04/21] Fix build paths --- Makefile | 3 +-- docker/Dockerfile | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 183370086..088bc427d 100644 --- a/Makefile +++ b/Makefile @@ -162,8 +162,7 @@ build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe docker/%: build/%/nebula build/%/nebula-cert - cp -r build release - docker buildx build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --tag "nebula:latest" --tag "nebula:$(BUILD_NUMBER)" + docker buildx build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "nebula:latest" --tag "nebula:$(BUILD_NUMBER)" vet: go vet $(VET_FLAGS) -v ./... diff --git a/docker/Dockerfile b/docker/Dockerfile index 6232a71e4..29168e30b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,10 +1,11 @@ FROM alpine:latest ARG TARGETPLATFORM +ARG SOURCEDIR RUN echo "Building image for $TARGETPLATFORM" -COPY release/$TARGETPLATFORM/nebula /usr/local/bin/nebula -COPY release/$TARGETPLATFORM/nebula-cert /usr/local/bin/nebula-cert +COPY $SOURCEDIR/nebula /usr/local/bin/nebula +COPY $SOURCEDIR/nebula-cert /usr/local/bin/nebula-cert RUN chmod +x /usr/local/bin/nebula && \ chmod +x /usr/local/bin/nebula-cert From e7dbe8706c720dc0a7a9eea620ff61acd012d384 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Mon, 8 Jan 2024 17:10:12 -0500 Subject: [PATCH 05/21] Fix todos --- .github/workflows/release.yml | 18 +++++++++++++++--- Makefile | 9 ++++++++- docker/Dockerfile | 5 ++++- docker/main.sh | 2 +- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8bf5f6b2..38cd7c850 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -113,32 +113,44 @@ jobs: name: Create and Upload Docker Images # Technically we only need build-linux to succeed, but if any platforms fail we'll # want to investigate and restart the build - needs: [build-linux, build-darwin, build-windows, build-freebsd] + needs: [build-linux, build-darwin, build-windows] runs-on: ubuntu-latest + env: + HAS_DOCKER_CREDS: ${{ vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} + # XXX It's not possible to write a conditional here, so instead we do it on every step + #if: ${{ env.HAS_DOCKER_CREDS == 'true' }} steps: # Be sure to checkout the code before downloading artifacts, or they will # be overwritten - name: Checkout code + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: actions/checkout@v3 - name: Download artifacts + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: actions/download-artifact@v2 with: name: linux-latest path: ./release/linux/ - name: Login to Docker Hub + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: docker/login-action@v3 with: - username: ${{ secrets.DOCKERHUB_USERNAME }} + username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: docker/setup-buildx-action@v3 - name: Build and push images + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} + env: + DOCKER_IMAGE_REPO: ${{ vars.DOCKER_IMAGE_REPO || 'nebulaoss/nebula' }} + DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} run: | - make DOCKER_BUILD_ARGS="--push" all-docker + make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" DOCKER_IMAGE_REPO="${DOCKER_IMAGE_REPO}" DOCKER_BUILD_ARGS="--push" all-docker release: name: Create and Upload Release diff --git a/Makefile b/Makefile index 088bc427d..06225b904 100644 --- a/Makefile +++ b/Makefile @@ -30,6 +30,13 @@ ifndef BUILD_NUMBER endif endif +ifndef DOCKER_IMAGE_REPO + DOCKER_IMAGE_REPO = nebula +endif +ifndef DOCKER_IMAGE_TAG + DOCKER_IMAGE_TAG = lates +endif + LDFLAGS = -X main.Build=$(BUILD_NUMBER) ALL_LINUX = linux-amd64 \ @@ -162,7 +169,7 @@ build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe docker/%: build/%/nebula build/%/nebula-cert - docker buildx build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "nebula:latest" --tag "nebula:$(BUILD_NUMBER)" + docker buildx build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" vet: go vet $(VET_FLAGS) -v ./... diff --git a/docker/Dockerfile b/docker/Dockerfile index 29168e30b..c20050bf3 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -15,4 +15,7 @@ RUN chmod +x /main.sh VOLUME ["/config"] -CMD ["/main.sh"] +# Run nebula using a wrapper script to setup the tun device +ENTRYPOINT ["/main.sh"] +# Allow users to override the args passed to nebula +CMD ["-config", "/config/config.yml"] diff --git a/docker/main.sh b/docker/main.sh index ddf90dbd4..cc1266d7d 100755 --- a/docker/main.sh +++ b/docker/main.sh @@ -8,4 +8,4 @@ if [ ! -c /dev/net/tun ]; then chmod 600 /dev/net/tun fi -nebula -config /config/config.yml +nebula "$@" From 9a6fba79148f58712fa380e6700b5d5206dee820 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Thu, 15 Feb 2024 13:47:19 -0500 Subject: [PATCH 06/21] Fix DOCKER_IMAGE_TAG default --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 06225b904..6f0e6d95d 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ ifndef DOCKER_IMAGE_REPO DOCKER_IMAGE_REPO = nebula endif ifndef DOCKER_IMAGE_TAG - DOCKER_IMAGE_TAG = lates + DOCKER_IMAGE_TAG = latest endif LDFLAGS = -X main.Build=$(BUILD_NUMBER) From 35bc1c84fd229af53693626b84087c7b8cb4a0a8 Mon Sep 17 00:00:00 2001 From: John Maguire Date: Wed, 1 May 2024 11:49:15 -0400 Subject: [PATCH 07/21] Exec nebula Co-authored-by: Wade Simmons --- docker/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/main.sh b/docker/main.sh index cc1266d7d..e1f6e43d2 100755 --- a/docker/main.sh +++ b/docker/main.sh @@ -8,4 +8,4 @@ if [ ! -c /dev/net/tun ]; then chmod 600 /dev/net/tun fi -nebula "$@" +exec nebula "$@" From a60941d383971a0ba12db2acacd8fd4e64e88767 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Tue, 30 Apr 2024 16:08:09 -0400 Subject: [PATCH 08/21] use a pure Go distroless docker image Remove the need for Alpine and `/bin/sh` in the docker image. Make it pure go by doing the `mknod` in Go. --- Makefile | 9 ++++- cmd/nebula-docker/main.go | 82 +++++++++++++++++++++++++++++++++++++++ docker/Dockerfile | 15 ++----- docker/main.sh | 11 ------ 4 files changed, 93 insertions(+), 24 deletions(-) create mode 100644 cmd/nebula-docker/main.go delete mode 100755 docker/main.sh diff --git a/Makefile b/Makefile index 6f0e6d95d..61ffeece3 100644 --- a/Makefile +++ b/Makefile @@ -156,6 +156,11 @@ build/%/nebula-cert: .FORCE GOARCH=$(word 2, $(subst -, ,$*)) $(GOENV) \ go build $(BUILD_ARGS) -o $@ -ldflags "$(LDFLAGS)" ./cmd/nebula-cert +build/%/nebula-docker: .FORCE + GOOS=$(firstword $(subst -, , $*)) \ + GOARCH=$(word 2, $(subst -, ,$*)) $(GOENV) \ + go build $(BUILD_ARGS) -o $@ -ldflags "$(LDFLAGS)" ./cmd/nebula-docker + build/%/nebula.exe: build/%/nebula mv $< $@ @@ -168,8 +173,8 @@ build/nebula-%.tar.gz: build/%/nebula build/%/nebula-cert build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe -docker/%: build/%/nebula build/%/nebula-cert - docker buildx build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" +docker/%: build/%/nebula-docker build/%/nebula-cert .FORCE + docker build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" vet: go vet $(VET_FLAGS) -v ./... diff --git a/cmd/nebula-docker/main.go b/cmd/nebula-docker/main.go new file mode 100644 index 000000000..1dc0e1b69 --- /dev/null +++ b/cmd/nebula-docker/main.go @@ -0,0 +1,82 @@ +package main + +import ( + "flag" + "fmt" + "os" + + "github.com/sirupsen/logrus" + "github.com/slackhq/nebula" + "github.com/slackhq/nebula/config" + "github.com/slackhq/nebula/util" + "golang.org/x/sys/unix" +) + +// A version string that can be set with +// +// -ldflags "-X main.Build=SOMEVERSION" +// +// at compile-time. +var Build string + +func main() { + configPath := flag.String("config", "", "Path to either a file or directory to load configuration from") + configTest := flag.Bool("test", false, "Test the config and print the end result. Non zero exit indicates a faulty config") + printVersion := flag.Bool("version", false, "Print version") + printUsage := flag.Bool("help", false, "Print command line usage") + + flag.Parse() + + if *printVersion { + fmt.Printf("Version: %s\n", Build) + os.Exit(0) + } + + if *printUsage { + flag.Usage() + os.Exit(0) + } + + if *configPath == "" { + fmt.Println("-config flag must be set") + flag.Usage() + os.Exit(1) + } + + l := logrus.New() + l.Out = os.Stdout + + err := os.MkdirAll("/dev/net", 0755) + if err != nil { + fmt.Printf("failed to mkdir -p /dev/net: %s", err) + os.Exit(1) + } + s, err := os.Stat("/dev/net/tun") + if err != nil || s.Mode().Type() != os.ModeCharDevice { + err = unix.Mknod("/dev/net/tun", unix.S_IFCHR|0600, int(unix.Mkdev(10, 200))) + if err != nil { + fmt.Printf("failed to create /dev/net/tun: %s", err) + os.Exit(1) + } + } + + c := config.NewC(l) + err = c.Load(*configPath) + if err != nil { + fmt.Printf("failed to load config: %s", err) + os.Exit(1) + } + + ctrl, err := nebula.Main(c, *configTest, Build, l, nil) + if err != nil { + util.LogWithContextIfNeeded("Failed to start", err, l) + os.Exit(1) + } + + if !*configTest { + ctrl.Start() + ctrl.ShutdownBlock() + } + + os.Exit(0) +} diff --git a/docker/Dockerfile b/docker/Dockerfile index c20050bf3..98b7f2ba8 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,21 +1,14 @@ -FROM alpine:latest +FROM gcr.io/distroless/static:latest ARG TARGETPLATFORM ARG SOURCEDIR -RUN echo "Building image for $TARGETPLATFORM" -COPY $SOURCEDIR/nebula /usr/local/bin/nebula -COPY $SOURCEDIR/nebula-cert /usr/local/bin/nebula-cert - -RUN chmod +x /usr/local/bin/nebula && \ - chmod +x /usr/local/bin/nebula-cert - -COPY docker/main.sh /main.sh -RUN chmod +x /main.sh +COPY $SOURCEDIR/nebula-docker /nebula +COPY $SOURCEDIR/nebula-cert /nebula-cert VOLUME ["/config"] # Run nebula using a wrapper script to setup the tun device -ENTRYPOINT ["/main.sh"] +ENTRYPOINT ["/nebula"] # Allow users to override the args passed to nebula CMD ["-config", "/config/config.yml"] diff --git a/docker/main.sh b/docker/main.sh deleted file mode 100755 index e1f6e43d2..000000000 --- a/docker/main.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -set -euo pipefail - -# Create the tun device so it doesn't need to be mounted -mkdir -p /dev/net -if [ ! -c /dev/net/tun ]; then - mknod /dev/net/tun c 10 200 - chmod 600 /dev/net/tun -fi - -exec nebula "$@" From f654bb6b1f064c2b243f21f661ecbfb82e5fcf52 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Tue, 30 Apr 2024 16:37:54 -0400 Subject: [PATCH 09/21] just move into overlay/tun_linux --- Makefile | 7 +--- cmd/nebula-docker/main.go | 82 --------------------------------------- docker/Dockerfile | 2 +- overlay/tun_linux.go | 22 ++++++++++- 4 files changed, 23 insertions(+), 90 deletions(-) delete mode 100644 cmd/nebula-docker/main.go diff --git a/Makefile b/Makefile index 61ffeece3..769741938 100644 --- a/Makefile +++ b/Makefile @@ -156,11 +156,6 @@ build/%/nebula-cert: .FORCE GOARCH=$(word 2, $(subst -, ,$*)) $(GOENV) \ go build $(BUILD_ARGS) -o $@ -ldflags "$(LDFLAGS)" ./cmd/nebula-cert -build/%/nebula-docker: .FORCE - GOOS=$(firstword $(subst -, , $*)) \ - GOARCH=$(word 2, $(subst -, ,$*)) $(GOENV) \ - go build $(BUILD_ARGS) -o $@ -ldflags "$(LDFLAGS)" ./cmd/nebula-docker - build/%/nebula.exe: build/%/nebula mv $< $@ @@ -173,7 +168,7 @@ build/nebula-%.tar.gz: build/%/nebula build/%/nebula-cert build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe -docker/%: build/%/nebula-docker build/%/nebula-cert .FORCE +docker/%: build/%/nebula build/%/nebula-cert .FORCE docker build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" vet: diff --git a/cmd/nebula-docker/main.go b/cmd/nebula-docker/main.go deleted file mode 100644 index 1dc0e1b69..000000000 --- a/cmd/nebula-docker/main.go +++ /dev/null @@ -1,82 +0,0 @@ -package main - -import ( - "flag" - "fmt" - "os" - - "github.com/sirupsen/logrus" - "github.com/slackhq/nebula" - "github.com/slackhq/nebula/config" - "github.com/slackhq/nebula/util" - "golang.org/x/sys/unix" -) - -// A version string that can be set with -// -// -ldflags "-X main.Build=SOMEVERSION" -// -// at compile-time. -var Build string - -func main() { - configPath := flag.String("config", "", "Path to either a file or directory to load configuration from") - configTest := flag.Bool("test", false, "Test the config and print the end result. Non zero exit indicates a faulty config") - printVersion := flag.Bool("version", false, "Print version") - printUsage := flag.Bool("help", false, "Print command line usage") - - flag.Parse() - - if *printVersion { - fmt.Printf("Version: %s\n", Build) - os.Exit(0) - } - - if *printUsage { - flag.Usage() - os.Exit(0) - } - - if *configPath == "" { - fmt.Println("-config flag must be set") - flag.Usage() - os.Exit(1) - } - - l := logrus.New() - l.Out = os.Stdout - - err := os.MkdirAll("/dev/net", 0755) - if err != nil { - fmt.Printf("failed to mkdir -p /dev/net: %s", err) - os.Exit(1) - } - s, err := os.Stat("/dev/net/tun") - if err != nil || s.Mode().Type() != os.ModeCharDevice { - err = unix.Mknod("/dev/net/tun", unix.S_IFCHR|0600, int(unix.Mkdev(10, 200))) - if err != nil { - fmt.Printf("failed to create /dev/net/tun: %s", err) - os.Exit(1) - } - } - - c := config.NewC(l) - err = c.Load(*configPath) - if err != nil { - fmt.Printf("failed to load config: %s", err) - os.Exit(1) - } - - ctrl, err := nebula.Main(c, *configTest, Build, l, nil) - if err != nil { - util.LogWithContextIfNeeded("Failed to start", err, l) - os.Exit(1) - } - - if !*configTest { - ctrl.Start() - ctrl.ShutdownBlock() - } - - os.Exit(0) -} diff --git a/docker/Dockerfile b/docker/Dockerfile index 98b7f2ba8..b21d8f7e2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -3,7 +3,7 @@ FROM gcr.io/distroless/static:latest ARG TARGETPLATFORM ARG SOURCEDIR -COPY $SOURCEDIR/nebula-docker /nebula +COPY $SOURCEDIR/nebula /nebula COPY $SOURCEDIR/nebula-cert /nebula-cert VOLUME ["/config"] diff --git a/overlay/tun_linux.go b/overlay/tun_linux.go index a576bf344..59f05e734 100644 --- a/overlay/tun_linux.go +++ b/overlay/tun_linux.go @@ -87,7 +87,27 @@ func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU in func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, txQueueLen int, multiqueue bool, useSystemRoutes bool) (*tun, error) { fd, err := unix.Open("/dev/net/tun", os.O_RDWR, 0) if err != nil { - return nil, err + // If /dev/net/tun doesn't exist, try to create it (would happen in docker) + if os.IsNotExist(err) { + err = os.MkdirAll("/dev/net", 0755) + if err != nil { + return nil, fmt.Errorf("/dev/net/tun doesn't exist, failed to mkdir -p /dev/net: %w", err) + } + s, err := os.Stat("/dev/net/tun") + if err != nil || s.Mode().Type() != os.ModeCharDevice { + err = unix.Mknod("/dev/net/tun", unix.S_IFCHR|0600, int(unix.Mkdev(10, 200))) + if err != nil { + return nil, fmt.Errorf("failed to create /dev/net/tun: %w", err) + } + } + + fd, err = unix.Open("/dev/net/tun", os.O_RDWR, 0) + if err != nil { + return nil, fmt.Errorf("created /dev/net/tun, but still failed: %w", err) + } + } else { + return nil, err + } } var req ifReq From eb47d9aaf0a2eb3175b9b38666a6a622c1cfdef3 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 12:15:01 -0400 Subject: [PATCH 10/21] cleanup --- overlay/tun_linux.go | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/overlay/tun_linux.go b/overlay/tun_linux.go index 59f05e734..a801c155c 100644 --- a/overlay/tun_linux.go +++ b/overlay/tun_linux.go @@ -87,18 +87,15 @@ func newTunFromFd(l *logrus.Logger, deviceFd int, cidr *net.IPNet, defaultMTU in func newTun(l *logrus.Logger, deviceName string, cidr *net.IPNet, defaultMTU int, routes []Route, txQueueLen int, multiqueue bool, useSystemRoutes bool) (*tun, error) { fd, err := unix.Open("/dev/net/tun", os.O_RDWR, 0) if err != nil { - // If /dev/net/tun doesn't exist, try to create it (would happen in docker) + // If /dev/net/tun doesn't exist, try to create it (will happen in docker) if os.IsNotExist(err) { err = os.MkdirAll("/dev/net", 0755) if err != nil { return nil, fmt.Errorf("/dev/net/tun doesn't exist, failed to mkdir -p /dev/net: %w", err) } - s, err := os.Stat("/dev/net/tun") - if err != nil || s.Mode().Type() != os.ModeCharDevice { - err = unix.Mknod("/dev/net/tun", unix.S_IFCHR|0600, int(unix.Mkdev(10, 200))) - if err != nil { - return nil, fmt.Errorf("failed to create /dev/net/tun: %w", err) - } + err = unix.Mknod("/dev/net/tun", unix.S_IFCHR|0600, int(unix.Mkdev(10, 200))) + if err != nil { + return nil, fmt.Errorf("failed to create /dev/net/tun: %w", err) } fd, err = unix.Open("/dev/net/tun", os.O_RDWR, 0) From 9002f25f7d1776a6066e5286fcef58357ea698e0 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 13:56:22 -0400 Subject: [PATCH 11/21] WIP --- .github/workflows/release.yml | 28 ++++++++++++++++------------ docker/Dockerfile | 7 ++----- 2 files changed, 18 insertions(+), 17 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 38cd7c850..e9bdcc33f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,8 @@ jobs: - name: Build run: | - make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd + #make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd + make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" build/nebula-linux-amd64.tar.gz build/nebula-linux-arm64.tar.gz mkdir release mv build/*.tar.gz release @@ -30,6 +31,7 @@ jobs: path: release build-windows: + if: false name: Build Windows runs-on: windows-latest steps: @@ -61,6 +63,7 @@ jobs: path: build build-darwin: + if: false name: Build Universal Darwin env: HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }} @@ -110,49 +113,50 @@ jobs: path: ./release/* build-docker: + if: vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' + name: Create and Upload Docker Images # Technically we only need build-linux to succeed, but if any platforms fail we'll # want to investigate and restart the build - needs: [build-linux, build-darwin, build-windows] + #needs: [build-linux, build-darwin, build-windows] + needs: [build-linux] runs-on: ubuntu-latest - env: - HAS_DOCKER_CREDS: ${{ vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # XXX It's not possible to write a conditional here, so instead we do it on every step #if: ${{ env.HAS_DOCKER_CREDS == 'true' }} steps: # Be sure to checkout the code before downloading artifacts, or they will # be overwritten - name: Checkout code - if: ${{ env.HAS_DOCKER_CREDS == 'true' }} - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Download artifacts - if: ${{ env.HAS_DOCKER_CREDS == 'true' }} - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: name: linux-latest path: ./release/linux/ - name: Login to Docker Hub - if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: docker/login-action@v3 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx - if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: docker/setup-buildx-action@v3 - name: Build and push images - if: ${{ env.HAS_DOCKER_CREDS == 'true' }} env: DOCKER_IMAGE_REPO: ${{ vars.DOCKER_IMAGE_REPO || 'nebulaoss/nebula' }} DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} run: | - make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" DOCKER_IMAGE_REPO="${DOCKER_IMAGE_REPO}" DOCKER_BUILD_ARGS="--push" all-docker + mkdir -p build/linux-{amd64,arm64} + tar -zxvf release/linux/linux-amd64.tar.gz -C build/linux-amd64/ + tar -zxvf release/linux/linux-arm64.tar.gz -C build/linux-arm64/ + docker buildx build --platform linux/amd64,linux/arm64 ${DOCKER_BUILD_TAGS} --push . -f docker/Dockerfile + docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}" release: + if: false name: Create and Upload Release needs: [build-linux, build-darwin, build-windows] runs-on: ubuntu-latest diff --git a/docker/Dockerfile b/docker/Dockerfile index b21d8f7e2..53c82a2f7 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,10 +1,7 @@ FROM gcr.io/distroless/static:latest -ARG TARGETPLATFORM -ARG SOURCEDIR - -COPY $SOURCEDIR/nebula /nebula -COPY $SOURCEDIR/nebula-cert /nebula-cert +COPY build/$TARGETOS-$TARGETARCH/nebula /nebula +COPY build/$TARGETOS-$TARGETARCH/nebula-cert /nebula-cert VOLUME ["/config"] From 4aef92211d3c1cd7a1904e3f62ae8d5b70fc944a Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 13:57:43 -0400 Subject: [PATCH 12/21] fix --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e9bdcc33f..4ebd32b91 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -127,7 +127,7 @@ jobs: # Be sure to checkout the code before downloading artifacts, or they will # be overwritten - name: Checkout code - - uses: actions/checkout@v4 + uses: actions/checkout@v4 - name: Download artifacts uses: actions/download-artifact@v3 From 5eff55cb3ff01091c6d50378bef230740a06ec91 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 14:00:56 -0400 Subject: [PATCH 13/21] fix secrets checks --- .github/workflows/release.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4ebd32b91..a16cbe2cb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -113,38 +113,43 @@ jobs: path: ./release/* build-docker: - if: vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' - name: Create and Upload Docker Images # Technically we only need build-linux to succeed, but if any platforms fail we'll # want to investigate and restart the build #needs: [build-linux, build-darwin, build-windows] needs: [build-linux] runs-on: ubuntu-latest + env: + HAS_DOCKER_CREDS: ${{ vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # XXX It's not possible to write a conditional here, so instead we do it on every step #if: ${{ env.HAS_DOCKER_CREDS == 'true' }} steps: # Be sure to checkout the code before downloading artifacts, or they will # be overwritten - name: Checkout code + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: actions/checkout@v4 - name: Download artifacts + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: actions/download-artifact@v3 with: name: linux-latest path: ./release/linux/ - name: Login to Docker Hub + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: docker/login-action@v3 with: username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Set up Docker Buildx + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} uses: docker/setup-buildx-action@v3 - name: Build and push images + if: ${{ env.HAS_DOCKER_CREDS == 'true' }} env: DOCKER_IMAGE_REPO: ${{ vars.DOCKER_IMAGE_REPO || 'nebulaoss/nebula' }} DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} From 55cb5e16d9dfe93e57b7b260bd6a9d9264a1fff1 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 15:27:55 -0400 Subject: [PATCH 14/21] fix Makefile --- .github/workflows/release.yml | 7 +++---- Makefile | 2 +- docker/Dockerfile | 1 + 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a16cbe2cb..54c15b90a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -135,7 +135,7 @@ jobs: uses: actions/download-artifact@v3 with: name: linux-latest - path: ./release/linux/ + path: artifacts - name: Login to Docker Hub if: ${{ env.HAS_DOCKER_CREDS == 'true' }} @@ -155,9 +155,8 @@ jobs: DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} run: | mkdir -p build/linux-{amd64,arm64} - tar -zxvf release/linux/linux-amd64.tar.gz -C build/linux-amd64/ - tar -zxvf release/linux/linux-arm64.tar.gz -C build/linux-arm64/ - docker buildx build --platform linux/amd64,linux/arm64 ${DOCKER_BUILD_TAGS} --push . -f docker/Dockerfile + tar -zxvf artifacts/linux-latest/linux-amd64.tar.gz -C build/linux-amd64/ + tar -zxvf artifacts/linux-latest/linux-arm64.tar.gz -C build/linux-arm64/ docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}" release: diff --git a/Makefile b/Makefile index 769741938..585d1eda5 100644 --- a/Makefile +++ b/Makefile @@ -169,7 +169,7 @@ build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe docker/%: build/%/nebula build/%/nebula-cert .FORCE - docker build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --build-arg SOURCEDIR="build/$*" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" + docker build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" vet: go vet $(VET_FLAGS) -v ./... diff --git a/docker/Dockerfile b/docker/Dockerfile index 53c82a2f7..e4d556eb9 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,5 +1,6 @@ FROM gcr.io/distroless/static:latest +ARG TARGETOS TARGETARCH COPY build/$TARGETOS-$TARGETARCH/nebula /nebula COPY build/$TARGETOS-$TARGETARCH/nebula-cert /nebula-cert From 4826241b75497d9b3d680d443ad30b9cda4fc11b Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 15:31:20 -0400 Subject: [PATCH 15/21] fix artifacts --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 54c15b90a..5fc29dfdc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -155,8 +155,9 @@ jobs: DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} run: | mkdir -p build/linux-{amd64,arm64} - tar -zxvf artifacts/linux-latest/linux-amd64.tar.gz -C build/linux-amd64/ - tar -zxvf artifacts/linux-latest/linux-arm64.tar.gz -C build/linux-arm64/ + ls -R artifacts + tar -zxvf artifacts/linux-latest/nebula-linux-amd64.tar.gz -C build/linux-amd64/ + tar -zxvf artifacts/linux-latest/nebula-linux-arm64.tar.gz -C build/linux-arm64/ docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}" release: From b2eec174e7654e1d0438fb4b94e517c9ca194a71 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 15:34:36 -0400 Subject: [PATCH 16/21] last fix hopefully --- .github/workflows/release.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5fc29dfdc..ad272932e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -155,9 +155,8 @@ jobs: DOCKER_IMAGE_TAG: ${{ vars.DOCKER_IMAGE_TAG || 'latest' }} run: | mkdir -p build/linux-{amd64,arm64} - ls -R artifacts - tar -zxvf artifacts/linux-latest/nebula-linux-amd64.tar.gz -C build/linux-amd64/ - tar -zxvf artifacts/linux-latest/nebula-linux-arm64.tar.gz -C build/linux-arm64/ + tar -zxvf artifacts/nebula-linux-amd64.tar.gz -C build/linux-amd64/ + tar -zxvf artifacts/nebula-linux-arm64.tar.gz -C build/linux-arm64/ docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}" release: From b85160b8335786b8fe95b6cc549079923c6fd6c7 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 15:59:14 -0400 Subject: [PATCH 17/21] remove debug stuff --- .github/workflows/release.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ad272932e..6ee49ba0b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,8 +19,7 @@ jobs: - name: Build run: | - #make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd - make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" build/nebula-linux-amd64.tar.gz build/nebula-linux-arm64.tar.gz + make BUILD_NUMBER="${GITHUB_REF#refs/tags/v}" release-linux release-freebsd release-openbsd release-netbsd mkdir release mv build/*.tar.gz release @@ -31,7 +30,6 @@ jobs: path: release build-windows: - if: false name: Build Windows runs-on: windows-latest steps: @@ -63,7 +61,6 @@ jobs: path: build build-darwin: - if: false name: Build Universal Darwin env: HAS_SIGNING_CREDS: ${{ secrets.AC_USERNAME != '' }} @@ -116,8 +113,7 @@ jobs: name: Create and Upload Docker Images # Technically we only need build-linux to succeed, but if any platforms fail we'll # want to investigate and restart the build - #needs: [build-linux, build-darwin, build-windows] - needs: [build-linux] + needs: [build-linux, build-darwin, build-windows] runs-on: ubuntu-latest env: HAS_DOCKER_CREDS: ${{ vars.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} @@ -160,7 +156,6 @@ jobs: docker buildx build . --push -f docker/Dockerfile --platform linux/amd64,linux/arm64 --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:${GITHUB_REF#refs/tags/v}" release: - if: false name: Create and Upload Release needs: [build-linux, build-darwin, build-windows] runs-on: ubuntu-latest From f6e538151b24998aaa3b66d6a76b6357292dd34d Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 16:29:58 -0400 Subject: [PATCH 18/21] use `make docker` --- Makefile | 7 ++----- docker/Dockerfile | 1 - docker/README.md | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 585d1eda5..6981b6218 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,7 @@ ifndef BUILD_NUMBER endif ifndef DOCKER_IMAGE_REPO - DOCKER_IMAGE_REPO = nebula + DOCKER_IMAGE_REPO = nebulaoss/nebula endif ifndef DOCKER_IMAGE_TAG DOCKER_IMAGE_TAG = latest @@ -62,9 +62,6 @@ ALL_OPENBSD = openbsd-amd64 \ ALL_NETBSD = netbsd-amd64 \ netbsd-arm64 -ALL_DOCKER = linux-amd64 \ - linux-arm64 - ALL = $(ALL_LINUX) \ $(ALL_FREEBSD) \ $(ALL_OPENBSD) \ @@ -94,7 +91,7 @@ e2e-bench: e2e all: $(ALL:%=build/%/nebula) $(ALL:%=build/%/nebula-cert) -all-docker: $(ALL_DOCKER:%=docker/%) +docker: docker/linux-$(shell go env GOARCH) release: $(ALL:%=build/nebula-%.tar.gz) diff --git a/docker/Dockerfile b/docker/Dockerfile index e4d556eb9..400e275b4 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -6,7 +6,6 @@ COPY build/$TARGETOS-$TARGETARCH/nebula-cert /nebula-cert VOLUME ["/config"] -# Run nebula using a wrapper script to setup the tun device ENTRYPOINT ["/nebula"] # Allow users to override the args passed to nebula CMD ["-config", "/config/config.yml"] diff --git a/docker/README.md b/docker/README.md index 63da5a8ce..129744fd2 100644 --- a/docker/README.md +++ b/docker/README.md @@ -2,7 +2,7 @@ ## Building -From the root of the repository, run `make all-docker`. +From the root of the repository, run `make docker`. ## Running From e5de9a60e9772d4874ed48969ad2fe7f566432a9 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 16:46:49 -0400 Subject: [PATCH 19/21] Update Makefile Co-authored-by: John Maguire --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index a7d1c53f9..63bbe1330 100644 --- a/Makefile +++ b/Makefile @@ -160,7 +160,7 @@ build/nebula-%.tar.gz: build/%/nebula build/%/nebula-cert build/nebula-%.zip: build/%/nebula.exe build/%/nebula-cert.exe cd build/$* && zip ../nebula-$*.zip nebula.exe nebula-cert.exe -docker/%: build/%/nebula build/%/nebula-cert .FORCE +docker/%: build/%/nebula build/%/nebula-cert docker build . $(DOCKER_BUILD_ARGS) -f docker/Dockerfile --platform "$(subst -,/,$*)" --tag "${DOCKER_IMAGE_REPO}:${DOCKER_IMAGE_TAG}" --tag "${DOCKER_IMAGE_REPO}:$(BUILD_NUMBER)" vet: From 29c7676dfde4487f2249db4e14a8c457c354ab0e Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 16:55:00 -0400 Subject: [PATCH 20/21] Update Makefile --- Makefile | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 63bbe1330..fb9d59afb 100644 --- a/Makefile +++ b/Makefile @@ -22,13 +22,8 @@ ifndef BUILD_NUMBER endif endif -ifndef DOCKER_IMAGE_REPO - DOCKER_IMAGE_REPO = nebulaoss/nebula -endif -ifndef DOCKER_IMAGE_TAG - DOCKER_IMAGE_TAG = latest -endif - +DOCKER_IMAGE_REPO ?= nebulaoss/nebula +DOCKER_IMAGE_TAG ?= latest LDFLAGS = -X main.Build=$(BUILD_NUMBER) ALL_LINUX = linux-amd64 \ From 17263e029e5379cf09dec84660f126ff494c5ee5 Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Wed, 1 May 2024 16:55:24 -0400 Subject: [PATCH 21/21] cleanup --- Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index fb9d59afb..0d0943f0a 100644 --- a/Makefile +++ b/Makefile @@ -24,6 +24,7 @@ endif DOCKER_IMAGE_REPO ?= nebulaoss/nebula DOCKER_IMAGE_TAG ?= latest + LDFLAGS = -X main.Build=$(BUILD_NUMBER) ALL_LINUX = linux-amd64 \