Initial install - Used Script

B-C · November 17, 2022, 2:01am

Got it all running and started some basic setup and testing…
Debian 11 - Docker Compose 2 installed - I hope
5.10.0-19-amd64

After it rebooted

getting nodedown error on startup… however not sure how to restart after its installed.

looking at just staring over and reloading the container - not that major of a setup…
but what exactly does the community think happened there?

Enter the administrator email you’d like to use for logging into this Firezone instance: vpn@superdom.com
Enter the desired installation directory (/root/.firezone):
Enter the external URL that will be used to access this instance. (hxxps://vpn): hxxps://vpn.superdom.com
Would you like to enable automatic SSL cert provisioning? Requires a valid DNS record and port 80 to be reachable. (Y/n): y
Could we email you to ask for product feedback? Firezone depends heavily on input from users like you to steer development. (Y/n): n
Firezone collects crash and performance logs to help us improve the product. Would you like to disable this? (N/y): n
Press to install or Ctrl-C to abort.
[+] Running 1/1
⠿ Container firezone-postgres-1 Started 0.8s
Waiting for DB to boot…
firezone-postgres-1 |
firezone-postgres-1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
firezone-postgres-1 |
firezone-postgres-1 | 2022-11-16 01:07:15.965 UTC [1] LOG: starting PostgreSQL 15.0 (Debian 15.0-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
firezone-postgres-1 | 2022-11-16 01:07:15.966 UTC [1] LOG: listening on IPv4 address “0.0.0.0”, port 5432
firezone-postgres-1 | 2022-11-16 01:07:15.966 UTC [1] LOG: listening on IPv6 address “::”, port 5432
firezone-postgres-1 | 2022-11-16 01:07:15.967 UTC [1] LOG: listening on Unix socket “/var/run/postgresql/.s.PGSQL.5432”
firezone-postgres-1 | 2022-11-16 01:07:15.973 UTC [26] LOG: database system was shut down at 2022-11-16 01:07:15 UTC
firezone-postgres-1 | 2022-11-16 01:07:15.980 UTC [1] LOG: database system is ready to accept connections
Resetting DB password…
ALTER ROLE
[+] Running 3/3
⠿ Container firezone-caddy-1 Running 0.0s
⠿ Container firezone-postgres-1 Running 0.0s
⠿ Container firezone-firezone-1 Started 0.5s
Waiting for app to boot before creating admin…
–rpc-eval : RPC failed with reason :nodedown

docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
481b1cf20fab postgres:15 “docker-entrypoint.s…” 25 hours ago Up 25 hours 5432/tcp firezone-postgres-1
0ec58c423c3b caddy:2 “/bin/sh -c 'cat <<E…” 25 hours ago Up 25 hours firezone-caddy-1

Deleted all containers
and verified removed

installed to /opt/vpn/

Press to install or Ctrl-C to abort.
[+] Running 1/1
⠿ Container firezone-postgres-1 Started 0.5s
Waiting for DB to boot…
firezone-postgres-1 |
firezone-postgres-1 | PostgreSQL Database directory appears to contain a database; Skipping initialization
firezone-postgres-1 |
firezone-postgres-1 | 2022-11-17 01:59:45.834 UTC [1] LOG: starting PostgreSQL 15.0 (Debian 15.0-1.pgdg110+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
firezone-postgres-1 | 2022-11-17 01:59:45.835 UTC [1] LOG: listening on IPv4 address “0.0.0.0”, port 5432
firezone-postgres-1 | 2022-11-17 01:59:45.835 UTC [1] LOG: listening on IPv6 address “::”, port 5432
firezone-postgres-1 | 2022-11-17 01:59:45.836 UTC [1] LOG: listening on Unix socket “/var/run/postgresql/.s.PGSQL.5432”
firezone-postgres-1 | 2022-11-17 01:59:45.844 UTC [27] LOG: database system was shut down at 2022-11-17 01:56:33 UTC
firezone-postgres-1 | 2022-11-17 01:59:45.852 UTC [1] LOG: database system is ready to accept connections
Resetting DB password…
ALTER ROLE
[+] Running 3/3
⠿ Container firezone-caddy-1 Started 0.4s
⠿ Container firezone-postgres-1 Running 0.0s
⠿ Container firezone-firezone-1 Started 0.8s
Waiting for app to boot before creating admin…
–rpc-eval : RPC failed with reason :nodedown

Same thing… I’m missing something…

jamil · November 17, 2022, 2:01pm

Could you post the logs of the firezone container?

B-C · November 17, 2022, 9:02pm

trying to see where I should grab that run…
expect the container is crashing but not sure where that command

got it
docker container logs

02:00:11.164 [info] Migrations already up
02:00:12.862 [info] Running FzHttpWeb.Endpoint with cowboy 2.9.0 at 0.0.0.0:13000 (http)
02:00:12.865 [info] Access FzHttpWeb.Endpoint at https://vpn.superdom.com
02:00:13.391 [notice] Application fz_vpn exited: FzVpn.Application.start(:normal, []) returned an error: shutdown: failed to start child: FzVpn.Server
    ** (EXIT) an exception was raised:
        ** (ErlangError) Erlang error: "Could not decode field :peers on %NifDeviceConfig{}"
            (wireguardex 0.3.5) Wireguardex.set_device(%Wireguardex.DeviceConfig{public_key: nil, private_key: nil, fwmark: nil, listen_port: nil, peers: [%Wireguardex.PeerConfig{public_key: "G0Tl6bxAfZImQY6h78ZXHBVQi6xuB55UfBIdXkS++U8=", preshared_key: :error, endpoint: nil, persistent_keepalive_interval: nil, allowed_ips: ["10.3.2.2/32", "fd00::3:2:2/128"]}, %Wireguardex.PeerConfig{public_key: "OYdWfeoBDEI18yigTelNjlsFdZbTCIA3ZJMnLCTPLyI=", preshared_key: :error, endpoint: nil, persistent_keepalive_interval: nil, allowed_ips: ["10.3.2.3/32", "fd00::3:2:3/128"]}], replace_peers: false}, "wg-firezone")
            (fz_vpn 0.6.7) lib/fz_vpn/interface.ex:42: FzVpn.Interface.set/3
            (fz_vpn 0.6.7) lib/fz_vpn/server.ex:76: FzVpn.Server.update_changed_peers/2
            (stdlib 4.1.1) gen_server.erl:851: :gen_server.init_it/2
            (stdlib 4.1.1) gen_server.erl:814: :gen_server.init_it/6
            (stdlib 4.1.1) proc_lib.erl:240: :proc_lib.init_p_do_apply/3
{"Kernel pid terminated",application_controller,"{application_start_failure,fz_vpn,{{shutdown,{failed_to_start_child,'Elixir.FzVpn.Server',{<<\"Could not decode field :peers on %NifDeviceConfig{}\">>,[{'Elixir.Wireguardex',set_device,[#{'__struct__' => 'Elixir.Wireguardex.DeviceConfig',fwmark => nil,listen_port => nil,peers => [#{'__struct__' => 'Elixir.Wireguardex.PeerConfig',allowed_ips => [<<\"10.3.2.2/32\">>,<<\"fd00::3:2:2/128\">>],endpoint => nil,persistent_keepalive_interval => nil,preshared_key => error,public_key => <<\"G0Tl6bxAfZImQY6h78ZXHBVQi6xuB55UfBIdXkS++U8=\">>},#{'__struct__' => 'Elixir.Wireguardex.PeerConfig',allowed_ips => [<<\"10.3.2.3/32\">>,<<\"fd00::3:2:3/128\">>],endpoint => nil,persistent_keepalive_interval => nil,preshared_key => error,public_key => <<\"OYdWfeoBDEI18yigTelNjlsFdZbTCIA3ZJMnLCTPLyI=\">>}],private_key => nil,public_key => nil,replace_peers => false},<<\"wg-firezone\">>],[]},{'Elixir.FzVpn.Interface',set,3,[{file,\"lib/fz_vpn/interface.ex\"},{line,42}]},{'Elixir.FzVpn.Server',update_changed_peers,2,[{file,\"lib/fz_vpn/server.ex\"},{line,76}]},{gen_server,init_it,2,[{file,\"gen_server.erl\"},{line,851}]},{gen_server,init_it,6,[{file,\"gen_server.erl\"},{line,814}]},{proc_lib,init_p_do_apply,3,[{file,\"proc_lib.erl\"},{line,240}]}]}}},{'Elixir.FzVpn.Application',start,[normal,[]]}}}"}
Kernel pid terminated (application_controller) ({application_start_failure,fz_vpn,{{shutdown,{failed_to_start_child,'Elixir.FzVpn.Server',{<<"Could not decode field :peers on %NifDeviceConfig{}">>,[{'Elixir.Wireguardex',set_device,[#{'__struct__' => 'Elixir.Wireguardex.DeviceConfig',fwmark => nil,listen_port => nil,peers => [#{'__struct__' => 'Elixir.Wireguardex.PeerConfig',allowed_ips => [<<"10.3.2.2/32">>,<<"fd00::3:2:2/128">>],endpoint => nil,persistent_keepalive_interval => nil,preshared_key => error,public_key => <<"G0Tl6bxAfZImQY6h78ZXHBVQi6xuB55UfBIdXkS++U8=">>},#{'__struct__' => 'Elixir.Wireguardex.PeerConfig',allowed_ips => [<<"10.3.2.3/32">>,<<"fd00::3:2:3/128">>],endpoint => nil,persistent_keepalive_interval => nil,preshared_key => error,public_key => <<"OYdWfeoBDEI18yigTelNjlsFdZbTCIA3ZJMnLCTPLyI=">>}],private_key => nil,public_key => nil,replace_peers => false},<<"wg-firezone">>],[]},{'Elixir.FzVpn.Interface',set,3,[{file,"lib/fz_vpn/interface.ex"},{line,42}]},{'Elixir.FzVpn.Server',update_chang

Crash dump is being written to: erl_crash.dump…done

trying again without ssl - same thing nodedown

jamil · November 18, 2022, 12:08am

Your DATABASE_ENCRYPTION_KEY env var is missing or incorrect. Did you upgrade from an existing install? See File and Directory Locations | Firezone

You’ll need the old env var, or you’ll need to remove the old db and start fresh.

B-C · November 18, 2022, 8:05am

nope this was a fresh install from a week ago…

reading through now - not major I can restart …

odd though - same thing happened when I deleted all containers and started fresh as well…
but didn’t delete some of the directories / images

will do that and see how it goes (and read provided notes - thx!)

B-C · November 18, 2022, 9:18am

Ok - wiped docker out and reloaded all to get that cleaned up…
tried wiping images and containers but the db in docker default directory was missing (deleted the dir)

Back up and running clean install - configured rules and re-setup device…

restarted VM with Docker on it
Debian 11 VM

app didn’t restart correctly…

docker ps -a
CONTAINER ID   IMAGE               COMMAND                  CREATED          STATUS                     PORTS     NAMES
5cbb6925a9b7   firezone/firezone   "/app/bin/server"        17 minutes ago   Exited (0) 2 minutes ago             firezone-firezone-1
b44964c6323f   postgres:15         "docker-entrypoint.s…"   17 minutes ago   Exited (0) 2 minutes ago             firezone-postgres-1
a5a9de4eabea   caddy:2             "/bin/sh -c 'cat <<E…"   17 minutes ago   Up About a minute                    firezone-caddy-1

manually started postgres-1 (know it needs to be up before firezone)
docker start b44964c6323f
waited about 30 seconds
manually started firezone
docker start 5cbb6925a9b7

So next question is how to order the start correctly so they startup in order and wait?

jamil · November 18, 2022, 2:05pm

The docker- compose.yml in ~/.firezone handles this for you. Better to use docker compose for managing Firezone vs plain docker.

cd $HOME/.firezone
docker compose up -d