Need some help to setup for local development

lupin1999 · December 12, 2022, 1:42am

I am trying to setup for local development but couldn’t do that. What I have done are:

1. Install Docker
2. Rename .env_exmaple to .env which looks like this:
# This is a sample .env file. Update and add variables in here as needed, and
# rename to `.env`. These are mostly used in dev and test environments -- prod
# variables are loaded at runtime from the Omnibus package.

# Set the EXTERNAL_URL
EXTERNAL_URL=http://localhost:4000

# Enable local authentication
LOCAL_AUTH_ENABLED=true

# Generated with `jq @json < .oidc_env.json`
# Set AUTH_OIDC to a JSON configuration string to enable
# generic OIDC auth.
#export AUTH_OIDC="{\"google\":{\"discovery_document_uri\":\"https://accounts.google.com/.well-known/openid-configuration\",\"client_id\":\"1032390727302-u0lg90d3i1ive15lv7qgtbkka0hnsmgr.apps.googleusercontent.com\",\"client_secret\":\"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\",\"redirect_uri\":\"https://example.com/session\",\"response_type\":\"code\",\"scope\":\"openid email profile\",\"label\":\"Google\"},\"okta\":{\"discovery_document_uri\":\"https://accounts.google.com/.well-known/openid-configuration\",\"client_id\":\"CLIENT_ID\",\"client_secret\":\"CLIENT_SECRET\",\"redirect_uri\":\"https://example.com/session\",\"response_type\":\"code\",\"scope\":\"openid email profile\",\"label\":\"Okta\"}}"

# Convenient overrides for live testing Firezone in dev
# NFT_PATH=/path/to/nft
EGRESS_INTERFACE=eth0
FZ_WALL_CLI_MODULE=FzWall.CLI.Live

3. Run env $(cat .env | grep -v \# | xargs) mix test
4. Run docker comands
docker compose build
docker compose up -d postgres
docker compose run --rm firezone mix ecto.setup
docker compose up

But I can’t login with default credential firezone@localhost / firezone1234

These two commands don’t respond

docker compose exec client ping 172.28.0.99
docker compose exec client curl -k 172.28.0.99:8443/hello: this should return HELLO text.

In the docker logs I got some of errors and warnings

firezone-caddy-1     | {"level":"info","ts":1670808201.180104,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}                                                               
firezone-caddy-1     | {"level":"warn","ts":1670808201.1813128,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}           
firezone-postgres-1  | 2022-12-12 01:23:21.181 UTC [1] LOG:  database system is ready to accept connections                                                                                                                         
firezone-caddy-1     | {"level":"info","ts":1670808201.1822703,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}  
firezone-caddy-1     | {"level":"info","ts":1670808201.1826,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003b87e0"}                                                             
firezone-caddy-1     | {"level":"info","ts":1670808201.183058,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
firezone-caddy-1     | {"level":"info","ts":1670808201.1830697,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}                                                                               
firezone-caddy-1     | {"level":"info","ts":1670808201.1965253,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}                                       
firezone-caddy-1     | {"level":"info","ts":1670808201.1966274,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}                                                                                                      
firezone-caddy-1     | {"level":"info","ts":1670808201.196697,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Rece
ive-Buffer-Size for details."}                                                                                                                                                                                                      
firezone-caddy-1     | {"level":"info","ts":1670808201.1967385,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}                                                                                
firezone-caddy-1     | {"level":"info","ts":1670808201.196958,"logger":"tls","msg":"finished cleaning storage units"}                                                                                                               
firezone-caddy-1     | {"level":"info","ts":1670808201.1969955,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}                                                                               
firezone-caddy-1     | {"level":"info","ts":1670808201.197018,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}                                                                                
firezone-caddy-1     | {"level":"info","ts":1670808201.197033,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}                                                      
firezone-caddy-1     | {"level":"info","ts":1670808201.1970882,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["localhost"]}                                                                       
firezone-caddy-1     | {"level":"warn","ts":1670808201.1972864,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [localhost]: no OCSP server specified in certificate","identifiers":["localhost"]}                
firezone-caddy-1     | {"level":"info","ts":1670808201.1974475,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}                                                                             
firezone-caddy-1     | {"level":"info","ts":1670808201.1974525,"msg":"serving initial configuration"}

and from keycloak container

firezone-keycloak-1  | 2022-12-12 01:23:22,853 INFO  [org.keycloak.quarkus.runtime.hostname.DefaultHostnameProvider] (main) Hostname settings: Base URL: <unset>, Hostname: <request>, Strict HTTPS: false, Path: <request>, Strict 
BackChannel: false, Admin URL: <unset>, Admin: <request>, Port: -1, Proxied: false                                                                                                                                                  
firezone-keycloak-1  | 2022-12-12 01:23:23,793 WARN  [io.quarkus.agroal.runtime.DataSources] (main) Datasource <default> enables XA but transaction recovery is not enabled. Please enable transaction recovery by setting quarkus.t
ransaction-manager.enable-recovery=true, otherwise data may be lost if the application is terminated abruptly                                                                                                                       
firezone-keycloak-1  | 2022-12-12 01:23:24,165 WARN  [org.infinispan.PERSISTENCE] (keycloak-cache-init) ISPN000554: jboss-marshalling is deprecated and planned for removal                                                         
firezone-keycloak-1  | 2022-12-12 01:23:24,217 WARN  [org.infinispan.CONFIG] (keycloak-cache-init) ISPN000569: Unable to persist Infinispan internal caches as no global state enabled                                              
firezone-keycloak-1  | 2022-12-12 01:23:24,225 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000556: Starting user marshaller 'org.infinispan.jboss.marshalling.core.JBossUserMarshaller'                              
firezone-keycloak-1  | 2022-12-12 01:23:24,363 INFO  [org.infinispan.CONTAINER] (keycloak-cache-init) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.10.Final                                                  
firezone-keycloak-1  | org.h2.message.DbException: Log file error: "/opt/keycloak/data/h2/keycloakdb.trace.db", cause: "org.h2.message.DbException: Error while creating file ""/opt/keycloak/data/h2"" [90062-214]" [90034-214]    
firezone-keycloak-1  | org.h2.message.DbException: Log file error: "/opt/keycloak/data/h2/keycloakdb.trace.db", cause: "org.h2.message.DbException: Error while creating file ""/opt/keycloak/data/h2"" [90062-214]" [90034-214]    
firezone-keycloak-1  |  at org.h2.message.DbException.get(DbException.java:212)                                                                                                                                                     
firezone-keycloak-1  |  at org.h2.message.TraceSystem.logWritingError(TraceSystem.java:294)                                                                                                                                         
firezone-keycloak-1  |  at org.h2.message.TraceSystem.openWriter(TraceSystem.java:315)                                                                                                                                              
firezone-keycloak-1  |  at org.h2.message.TraceSystem.writeFile(TraceSystem.java:263)                                                                                                                                               
firezone-keycloak-1  |  at org.h2.message.TraceSystem.write(TraceSystem.java:247)                                                                                                                                                   
firezone-keycloak-1  |  at org.h2.message.Trace.error(Trace.java:187)                                                                                                                                                               
firezone-keycloak-1  |  at org.h2.engine.Database.<init>(Database.java:395)                                                                                                                                                         
firezone-keycloak-1  |  at org.h2.engine.Engine.openSession(Engine.java:92)                                                                                                                                                         
firezone-keycloak-1  |  at org.h2.engine.Engine.openSession(Engine.java:222)                                                                                                                                                        
firezone-keycloak-1  |  at org.h2.engine.Engine.createSession(Engine.java:201)                                                                                                                                                      
firezone-keycloak-1  |  at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:338)                                                                                                                              
firezone-keycloak-1  |  at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:122)                                                                                                                                               
firezone-keycloak-1  |  at org.h2.jdbcx.JdbcDataSource.getXAConnection(JdbcDataSource.java:322)                                                                                                                                     
firezone-keycloak-1  |  at io.agroal.pool.ConnectionFactory.createConnection(ConnectionFactory.java:232)                                                                                                                            
firezone-keycloak-1  |  at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:535)                                                                                                                         
firezone-keycloak-1  |  at io.agroal.pool.ConnectionPool$CreateConnectionTask.call(ConnectionPool.java:516)                                                                                                                         
firezone-keycloak-1  |  at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)                                                                                                                                       
firezone-keycloak-1  |  at io.agroal.pool.util.PriorityScheduledExecutor.beforeExecute(PriorityScheduledExecutor.java:75)                                                                                                           
firezone-keycloak-1  |  at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1126)                                                                                                                
firezone-keycloak-1  |  at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)                                                                                                                
firezone-keycloak-1  |  at java.base/java.lang.Thread.run(Thread.java:829)                                                                                                                                                          
firezone-keycloak-1  | Caused by: org.h2.jdbc.JdbcSQLNonTransientException: Log file error: "/opt/keycloak/data/h2/keycloakdb.trace.db", cause: "org.h2.message.DbException: Error while creating file ""/opt/keycloak/data/h2"" [90
062-214]" [90034-214]                                                                                                                                                                                                               
firezone-keycloak-1  |  at org.h2.message.DbException.getJdbcSQLException(DbException.java:554)                                                                                                                                     
firezone-keycloak-1  |  at org.h2.message.DbException.getJdbcSQLException(DbException.java:477)                                                                                                                                     
firezone-keycloak-1  |  ... 21 more

jamil · December 13, 2022, 3:09am

Try doing this as well:

docker compose run --rm firezone mix ecto.seed

Then you should be able to login with those default creds. The keycloak service is optional if you want OIDC. The .env file is not required with the docker dev environment — it’s more for setting local env vars for your local shell.

Will update the CONTRIBUTING.md guide with these fixes.