From 4f8643095f856306eed493423e640f15183bf433 Mon Sep 17 00:00:00 2001 From: zeus Date: Wed, 1 Dec 2021 15:18:01 +0200 Subject: [PATCH] raspi-docker --- .../modules/ROOT/pages/index-install.adoc | 277 +++--------------- 1 file changed, 45 insertions(+), 232 deletions(-) diff --git a/raspi-docker/modules/ROOT/pages/index-install.adoc b/raspi-docker/modules/ROOT/pages/index-install.adoc index 9349224..f07d952 100644 --- a/raspi-docker/modules/ROOT/pages/index-install.adoc +++ b/raspi-docker/modules/ROOT/pages/index-install.adoc @@ -15,298 +15,111 @@ networkd is a small and lean service to configure network interfaces, designed m * ad-hoc interface with additional USB/WiFi dongle for uplink to internet router -== Install systemd-networkd +== Install prerequisites -=== deinstall classic networking and install it! - -* *sudo su* # if not already done - -*deinstall* [source,sh] ---- -systemctl daemon-reload -systemctl disable --now ifupdown dhcpcd dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog -apt --autoremove purge -f ifupdown dhcpcd dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog -rm -r /etc/network /etc/dhcp - -# setup/enable systemd-resolved and systemd-networkd - -systemctl disable --now avahi-daemon libnss-mdns -apt --autoremove -f purge avahi-daemon -apt install -f libnss-resolve -ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf -apt-mark hold avahi-daemon dhcpcd dhcpcd5 ifupdown isc-dhcp-client isc-dhcp-common libnss-mdns openresolv raspberrypi-net-mods rsyslog -systemctl enable systemd-networkd.service systemd-resolved.service +sudo apt-get install apt-transport-https ca-certificates software-properties-common -y ---- -=== setup wired connection +== Download and install Docker. + +* *sudo su* # if not already done -*wired connection* [source,sh] ---- -cat > /etc/systemd/network/04-wired.network < -Gateway=192.168.1.1 // <2> -DNS=8.8.8.8 1.1.1.1 // <3> -MulticastDNS=yes -EOF +curl -fsSL get.docker.com -o get-docker.sh && sh get-docker.sh +usermod -aG docker pi +curl https://download.docker.com/linux/raspbian/gpg ---- -<1> use your settings -<2> use your settings -<2> use your settings - - -=== Reboot - -NOTE: reboot - -== Config - -=== NSS +== Give the ‘pi’ user the ability to run Docker. -*config nss* [source,sh] ---- -apt --autoremove purge avahi-daemon -apt-mark hold avahi-daemon -apt install -f libnss-resolve - -echo "" -echo "For troubleshooting you may have a look at /etc/nsswitch.conf. It should contain a line like this:" -echo "" -echo "hosts: files resolve [!UNAVAIL=return] dns" -echo "" -echo "" -echo "" -echo "" +sudo usermod -aG docker pi ---- +== Import Docker and swarmlab.io keys -=== DNS - - -*config dns* [source,sh] ---- +curl https://download.docker.com/linux/raspbian/gpg +cat > /root/get-certs-swarmlab <<'EOF' +registry_address=hub.swarmlab.io +registry_port=5443 +mkdir -p /etc/docker/certs.d/$registry_address:$registry_port +openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt -echo "" -echo "Configure DNS stub listener interface" -echo "" - -echo "Here we have to symlink /etc/resolv.conf to the stub listener:" -echo "" -echo " exec4you ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf" -ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf -echo "" +registry_port=5480 +mkdir -p /etc/docker/certs.d/$registry_address:$registry_port +openssl s_client -showcerts -connect $registry_address:$registry_port < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/$registry_address:$registry_port/ca.crt +EOF -echo "Check name resolution" +chmod +x /root/get-certs-swarmlab +/root/get-certs-swarmlab -resolvectl status ---- -== unprotected ad-hoc interface using wpa_supplicant - -Follow *Install systemd-networkd* - -Then come back here. - -TIP: unprotected - -* *sudo su* # if not already done +== Add the Docker Repo. [source,sh] ---- - -cat > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf <> /etc/apt/sources.list ---- -=== Reboot - -NOTE: Reboot - -=== Check +== Update your Pi. [source,sh] ---- - -echo "" -echo "Check with:" -echo "" - -echo "iw dev" -echo "" -echo "iw dev wlan0 link" -echo "" -echo "ip addr" -echo "" -echo "sudo iw dev wlan0 scan | grep -B8 -A3 "IBSS-RPiNet"" -echo "" - -# From another ad hoc connected device you should be able to -echo "From another ad hoc connected device you should be able to" -echo "" -echo "ping -c3 raspberrypi.local" -echo "" +apt-get update +apt-get upgrade ---- -== protected ad-hoc interface using wpa_supplicant -CAUTION: Raspberry Pi does not support encrypted IBSS connections!. You have to use an additional USB WiFi dongle that usually registers an interface wlan1. My setup shows: +== Start the Docker service. - -Follow *Install systemd-networkd* - -Then come back here. - -*check* [source,sh] ---- -iw list | grep -P "Wiphy|RSN-IBSS" +systemctl enable docker.service +systemctl start docker.service ---- -*output* +== Verify that Docker is installed and running. + [source,sh] ---- -Wiphy phy1 - Device supports RSN-IBSS. -Wiphy phy0 +docker info +docker ps ---- - You cannot find this support entry for Wiphy pyh0 that is the on-board WiFi device. -=== Install driver +== Fix "x509: certificate signed by unknown authority" issue -TIP: Example TP-Link -[source,sh] ----- -echo "lsusb" - -echo "" -echo "Example for TP-Link" -echo "" -echo "Bus 001 Device 005: ID 2357:0109 TP-Link TL WN823N RTL8192EU" -echo "" -sudo wget http://downloads.fars-robotics.net/wifi-drivers/install-wifi -O /usr/bin/install-wifi -sudo chmod +x /usr/bin/install-wifi - -echo "" -echo "sudo install-wifi -h" -echo "" -echo "will give details on how to use the script." -echo "" -echo "To download the driver for your current kernel use command" - - -sudo install-wifi - -echo "sudo install-wifi 8192eu" -echo "" -sudo install-wifi 8192eu -echo "" -echo "If you update your kernel version you will need to re-run the script to update the driver version." ----- +* On Error: -=== setup +Get https ://registry.vlabs.uniwa.gr:5080/v2/: x509: certificate -[source,sh] ----- -sudo systemctl disable --now wpa_supplicant@wlan0.service - -echo "sudo -Es # if not already done" -echo "" -cat > /etc/wpa_supplicant/wpa_supplicant-wlan1.conf <