Unable to install via docker-compose

remy · December 22, 2022, 12:43pm

Hi,

I am trying to install firezone via docker-compose or Oracle Linux 9 which is Red Hat Enterprise Linux release 9.1 (Plow), it dose not come with docker rather podman and podman-docker.

docker-compose up -d

ERROR: The Compose file ‘./docker-compose.yml’ is invalid because:
networks.firezone-network value ‘enable_ipv6’ does not match any of the regexes: ‘^x-’
networks.firezone-network.ipam.config value Additional properties are not allowed (‘gateway’ was unexpected)

docker-compose.yml

networks:
  firezone-network:
    enable_ipv6: true
    driver: bridge
    ipam:
      config:
        - subnet: 172.25.0.0/16
        - subnet: 2001:3990:3990::/64
          gateway: 2001:3990:3990::1

remy · December 22, 2022, 1:55pm

manage to complete the setup with below change

networks:
  firezone-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.25.0.0/16
        - subnet: 2001:3990:3990::/64

podman network inspect firezone_firezone-network

[
     {
          "name": "firezone_firezone-network",
          "id": "5bb5011e71cb4571c998ea50394a872d986174ff8fbd12a9a451de43701b7ad9",
          "driver": "bridge",
          "network_interface": "podman1",
          "created": "2022-12-22T13:23:09.519772945Z",
          "subnets": [
               {
                    "subnet": "172.25.0.0/16",
                    "gateway": "172.25.0.1"
               },
               {
                    "subnet": "2001:3990:3990::/64",
                    "gateway": "2001:3990:3990::1"
               }
          ],
          "ipv6_enabled": true,
          "internal": false,
          "dns_enabled": true,
          "labels": {
               "com.docker.compose.network": "firezone-network",
               "com.docker.compose.project": "firezone",
               "com.docker.compose.version": "2.14.2"
          },
          "options": {
               "isolate": "true"
          },
          "ipam_options": {
               "driver": "host-local"
          }
     }
]

jamil · December 22, 2022, 2:03pm

Thanks for the report. We haven’t investigated Podman support, but I’m glad you got it working. We have this issue open tracking Podman support: Podman Support · Issue #1105 · firezone/firezone · GitHub

Are IPv6 tunneling and masquerading working for you?

remy · December 22, 2022, 2:15pm

@jamil , I did not check IPv6 as it not required for my setup but I have 2 question

In my old setup (Omnibus) I have this

default[‘firezone’][‘wireguard’][‘ipv4’][‘network’] = ‘10.3.0.0/16’
/opt/firezone/embedded/sbin/nft delete chain inet firezone postrouting

How to get the above working in the new setup.

remy · December 22, 2022, 3:38pm

I was able to change the by setting the environment variables mentioned here

WIREGUARD_IPV4_ADDRESS=10.4.0.1
WIREGUARD_IPV4_MASQUERADE=false
WIREGUARD_IPV4_NETWORK=10.4.0.0/16
WIREGUARD_IPV6_ENABLED=false

Lawes · December 24, 2022, 3:40am

since such a long time nobody asking about podman, so I haven’t update to public about the change for a while.

yes Redhat/Fedora using podman and I like it rather than docker, here I keep update firezone_script with
podman command.

should you interest in podman (not docker-compose/podman-compose) with native pod support, you can try the script in the link at:
https://drive.google.com/file/d/1AuUAdOr2wejgBk9HjujuoF_meTwGTsoH/view?usp=share_link

the script support up to 0.6.13 , and, I have also put command env in the script, hence you can change the variable in the script during deployment.

Cheers,
Lawes