oofnikj / docker-openwrt Goto Github PK
View Code? Open in Web Editor NEWOpenWrt running in Docker
License: GNU General Public License v2.0
OpenWrt running in Docker
License: GNU General Public License v2.0
I am trying to use the run.sh script on Alpine linux (which uses busybox). I ran into 2 issues with the run.sh script:
I fixed (1) by manually splitting the $LAN_PARENT, and (2) by using 'docker wait'. I haven't found a good solution for (3) yet. using trap _cleanup EXIT INT TERM
doesn't seem to work either. Even if I end up installing bash, the fix for (2) is still needed though.
diff --git a/run.sh b/run.sh
index a09bf3a..88c06f3 100755
--- a/run.sh
+++ b/run.sh
@@ -172,9 +172,10 @@ _prepare_network() {
LAN_IFACE=br-${LAN_ID:0:12}
# test if $LAN_PARENT is a VLAN of $WAN_PARENT, create it if it doesn't exist and add it to the bridge
- local lan_array=(${LAN_PARENT//./ })
- if [[ ${lan_array[0]} = $WAN_PARENT ]] && ! ip link show $LAN_PARENT >/dev/null 2>&1 ; then
- sudo ip link add link ${lan_array[0]} name $LAN_PARENT type vlan id ${lan_array[1]}
+ local lan_parent_iface=$(echo $LAN_PARENT | cut -d. -f1)
+ local lan_parent_vlan=$(echo $LAN_PARENT | cut -d. -f2)
+ if [[ ${lan_parent_iface} = $WAN_PARENT ]] && ! ip link show $LAN_PARENT >/dev/null 2>&1 ; then
+ sudo ip link add link ${lan_parent_iface} name $LAN_PARENT type vlan id ${lan_parent_vlan}
fi
sudo ip link set $LAN_PARENT master $LAN_IFACE
;;
@@ -220,4 +221,4 @@ main() {
main
trap "_cleanup" EXIT
-tail --pid=$pid -f /dev/null
+docker wait $CONTAINER
Hi, I'm maintaining the official images over at openwrt/docker and maybe we can do some collaboration. Instead of building and packing your own rootfs you could e.g. use openwrtorg/rootfs:x86
. I haven't checked all scripts but maybe we can also "upstream" some of your features to the official images.
Best
Hello,
While palying with the code I stucked into unsquashfs (sudo apt-get install squashfs-tools) in build.sh that doesn't have the
-no-progress -quiet -offset options, it just states:
SYNTAX: unsquashfs [options] filesystem [directories or files to extract]
-v[ersion] print version, licence and copyright information
-d[est] <pathname> unsquash to <pathname>, default "squashfs-root"
-n[o-progress] don't display the progress bar
-no[-xattrs] don't extract xattrs in file system
-x[attrs] extract xattrs in file system (default)
-u[ser-xattrs] only extract user xattrs in file system.
Enables extracting xattrs
-p[rocessors] <number> use <number> processors. By default will use
number of processors available
-i[nfo] print files as they are unsquashed
-li[nfo] print files as they are unsquashed with file
attributes (like ls -l output)
-l[s] list filesystem, but don't unsquash
-ll[s] list filesystem with file attributes (like
ls -l output), but don't unsquash
-nl[s] list filesystem with file attributes (like
ls -n output), but don't unsquash
-f[orce] if file already exists then overwrite
-s[tat] display filesystem superblock information
-fstime display filesystem superblock time
-e[f] <extract file> list of directories or files to extract.
One per line
-da[ta-queue] <size> Set data queue to <size> Mbytes. Default 256
Mbytes
-fr[ag-queue] <size> Set fragment queue to <size> Mbytes. Default
256 Mbytes
-r[egex] treat extract names as POSIX regular expressions
rather than use the default shell wildcard
expansion (globbing)
Decompressors available:
gzip
lzma
lzo
lz4
xz
zstd
unsquashfs -v
unsquashfs version 4.3 (2014/05/12)
copyright (C) 2014 Phillip Lougher <[email protected]>
I'm on debian vm with lsb_release -a
Linux test 4.19.0-17-amd64 #1 SMP Debian 4.19.194-1 (2021-06-10) x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Tried searching 'bout unsquashfs but couldn't find any related issue except that there is a newer package called squashfs-tools-ng not available to me yet.
Could you please let me know what version / package you have?
Thank you
I am running a Raspberry, but I cannot use IPv6. What do I need to modify in your script (in particular macvlan) in order to make use of IPv6?
step to reproduce
on a 32bit arm (raspberry pi 2) : docker pull openwrtorg/rootfs:armvirt-32-openwrt-21.02
trying to run it : docker run openwrtorg/rootfs:armvirt-32-openwrt-21.02
error message : WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested
checking on docker hub , the tags armvirt-32-openwrt-* have an OS/ARCH : linux/amd64
Hello,
I have a question. I use a "guest Wifi" to secure my home net from "smart home IP camera". My main router does not allow connecting to the "guest wifi" from home net.
I use a rpi 4 under Docker.
But for Live stream, i want to connect to the camera in subnet.
So my idea was, to activate the wlan (in the docker container of the openwrt) with a connection to "guest wifi"
an configure routing/Firewall between the subnets.
I have no idea how to start....
On default running in an container using mcvlan ip, I get an HXR timeout error on showing interface....
Any idea how I can achive my work ?
Thank you
Regards
Hi!
Could you update the docker hub images to 21.02? This newest veresion has been released for some time.
Would be really nice to test with ur pre build images based on that version.
Thanks!
Hello
I am a bit lost.
I have already a running openwrt router so I am not interested by the openwrt part of this repo but the grafana part... yet it is in the same repo so I wonder if I can only use grafana part and how to install it.
I guess that influxdb and grafana are part of the container so what IP adress should I put in the .env file...
Well as you understand, I don't understand :)
I am running openwrt 21.02.5 and followed the steps documented in the grafana-influxdb section but i saw no data
# export INFLUXDB_ADDRESS=192.168.16.4
# uci batch <<EOF
set luci_statistics.influxdb=collectd_network_server
set luci_statistics.influxdb.port='25826'
set luci_statistics.influxdb.host="${INFLUXDB_ADDRESS}"
EOF
# uci commit
# /etc/init.d/luci_statistics restart
I investigated a bit and I had to add the following snippet to /tmp/collectd.conf and restart it before the data started appearing on the grafana dashboard
LoadPlugin network
<Plugin network>
Server "192.168.16.4" "25826"
CacheFlush 86400
Forward false
</Plugin>
I have the following packages installed
root@openwrt:/etc/config# opkg list-installed | grep collectd
collectd - 5.12.0-10
collectd-mod-cpu - 5.12.0-10
collectd-mod-dns - 5.12.0-10
collectd-mod-interface - 5.12.0-10
collectd-mod-iwinfo - 5.12.0-10
collectd-mod-load - 5.12.0-10
collectd-mod-logfile - 5.12.0-10
collectd-mod-memory - 5.12.0-10
collectd-mod-network - 5.12.0-10
collectd-mod-openvpn - 5.12.0-10
collectd-mod-ping - 5.12.0-10
collectd-mod-rrdtool - 5.12.0-10
collectd-mod-thermal - 5.12.0-10
collectd-mod-uptime - 5.12.0-10
collectd-mod-wireless - 5.12.0-10
root@openwrt:/etc/config# opkg list-installed | grep luci-app-statistics
luci-app-statistics - git-22.115.68435-0473e99
Zerotier (Installed by opkg) fail to join networks when running on Dockerized OpenWRT.
Thanks for the great project.
As I tried to build using make build-rpi, i faced this error
pi@raspberrypi ~/docker-openwrt> make build-rpi RPI_SOURCE_IMG=openwrt-bcm27xx-bcm2711-rpi-4-squashfs-factory.img
./build-rpi.sh openwrt-bcm27xx-bcm2711-rpi-4-squashfs-factory.img
* mounting image
./build-rpi.sh: line 18: sfdisk: command not found
./build-rpi.sh: line 21: 512 * : syntax error: operand expected (error token is "* ")
* building Docker image
Sending build context to Docker daemon 1.583kB
Step 1/7 : FROM scratch
--->
Step 2/7 : COPY . .
---> Using cache
---> 038182f6fc5f
Step 3/7 : ARG ROOT_PW
---> Using cache
---> 7d5abb2bb6fa
Step 4/7 : RUN echo -e "${ROOT_PW}\n${ROOT_PW}" | passwd
---> Running in 75dc8fe1eebc
OCI runtime create failed: container_linux.go:349: starting container process caused "exec: \"/bin/sh\": stat /bin/sh: no such file or directory": unknown
* cleaning up
umount: ./tmp.Du5nc6jCkJ: not mounted.
make: *** [Makefile:15: build-rpi] Error 32
While trying to skip that issue by running either in sudo or sudo -s, I ended up facing this -
root@raspberrypi /h/p/docker-openwrt# make build-rpi RPI_SOURCE_IMG=openwrt-bcm27xx-bcm2711-rpi-4-squashfs-factory.img
./build-rpi.sh openwrt-bcm27xx-bcm2711-rpi-4-squashfs-factory.img
* mounting image
mount: /home/pi/docker-openwrt/tmp.k46Z6c0N7d: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
* cleaning up
umount: ./tmp.k46Z6c0N7d: not mounted.
make: *** [Makefile:15: build-rpi] Error 32
Is this error related somewhat related to snapshot builds or not related to it?
Hi,
As I understand, older version used macvlan
by default?
I See some changes regarding that put in in e49358c
The default configuration is now bridge
mode; When I was on an older version everything seemed fine,
but on newer versions when running make run
causes the pi to be permanently inaccessible (even after power cycle).
I don't have a proper pi backup, nor console access, so I need to start with blank sd each experiment :(
Can the change from macvlan to bridge cause such issues?
Should I switch to macvlan?
HI Runing latest Rasspbery lite OS on RPi4 2GB.
I have configured the file openwrt.conf with ARCH=armvirt-32
When I start "make build" I get this error:
./build.sh
./build.sh: 29: ./build.sh: [[: not found
./build.sh: 34: ./build.sh: [[: not found
./build.sh: 37: ./build.sh: [[: not found
./build.sh: 40: ./build.sh: [[: not found
Unsupported architecture!
./build.sh: 71: ./build.sh: [[: not found
make: *** [Makefile:7: build] Error 1
Also when I do to this:
docker pull oofnik/openwrt:19.07.5-armvirt-32
docker run oofnik/openwrt:19.07.5-armvirt-32
I get also message:
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested
RTNETLINK answers: Operation not permitted
RTNETLINK answers: Operation not permitted
Press the [f] key and hit [enter] to enter failsafe mode
Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
Failed to send flush request: Operation not permitted
RTNETLINK answers: Operation not permitted
Any advice here?
Thank you.
I've manage to create the container and make it run, but I can't figure out how to make portainer to consider openwrt.conf.
I tried with ENV, but my parameters are simply ignored.
I'm getting this log error in the container (run under portainer) on rpi4B.
ni idea how to fix this.
Any help?
When building with make build
I get several Failed to connect to ubus
:
Failed to connect to ubus
Collected errors:
* check_data_file_clashes: Package openwrt-keyring wants to install file /etc/opkg/keys/f94b9dd6febac963
But that file is already provided by package * base-files
The image builds however.
I'm on Debian 11.
I know docker offers some complex networking options and docker-compose offers a lot of functionality that could be useful to manager this by the docker daemon rather the systemd service file offered here. Unfortunately, I do not know docker or docker-compose well enough create such a complex setup. This would also make it easier to keep persistent data (such as configs) across upgrades.
My particular use case would have something like this:
openwrt-wan: DHCP address from the standard docker bridge network (this is provided by docker, so no config necessary here)
openwrt-lan: This would be a static IP that does need to be configured by a network block in docker-compose.yml
The docker-compose management approach would create and tear down the networks as necessary
This may be a helpful starting point: https://runnable.com/docker/docker-compose-networking
Hi @oofnikj
thanks for you work, I'm trying to use my RPI4 a router with connected phone with hotspot via usb.
running make run
starts everything without errors, but logs in container indicating that wlan0/phy0 device is down and not able to start it. Can you help me to identify what's possible root cause or what's missing?
Logs from container:
Tue Jan 10 13:08:20 2023 daemon.notice netifd: radio0 (1208): WARNING: Variable 'phy0' does not exist or is not an array/object
Tue Jan 10 13:08:20 2023 daemon.err odhcp6c[1286]: Failed to send RS (Address not available)
Tue Jan 10 13:08:20 2023 daemon.notice netifd: wan (1287): udhcpc: broadcasting discover
Tue Jan 10 13:08:21 2023 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->DISABLED
Tue Jan 10 13:08:20 2023 daemon.notice netifd: wan (1287): udhcpc: started, v1.35.0
Tue Jan 10 13:08:20 2023 daemon.notice netifd: radio0 (1208): command failed: No error information (-524)
Tue Jan 10 13:08:20 2023 daemon.notice netifd: radio0 (1208): command failed: I/O error (-5)
Tue Jan 10 13:08:20 2023 user.err : jail: failed to clone/fork: Operation not permitted
Tue Jan 10 13:08:20 2023 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Tue Jan 10 13:08:21 2023 daemon.err hostapd: Driver does not support configured HT capability [SHORT-GI-40]
Tue Jan 10 13:08:20 2023 daemon.notice netifd: radio0 (1208): WARNING: Variable 'wlan' does not exist or is not an array/object
Tue Jan 10 13:08:21 2023 daemon.notice hostapd: wlan0: AP-DISABLED
Tue Jan 10 13:08:21 2023 daemon.err hostapd: wlan0: Unable to setup interface.
Tue Jan 10 13:08:21 2023 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Tue Jan 10 13:08:21 2023 daemon.info procd: - init complete -
Tue Jan 10 13:08:21 2023 daemon.err odhcp6c[1286]: Failed to send SOLICIT message to ff02::1:2 (Address not available)
Tue Jan 10 13:08:21 2023 daemon.err hostapd: rmdir[ctrl_interface=/var/run/hostapd]: Permission denied
Tue Jan 10 13:08:21 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Tue Jan 10 13:08:21 2023 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started
Tue Jan 10 13:08:21 2023 daemon.notice netifd: radio0 (1208): Command failed: ubus call hostapd config_add {"iface":"wlan0", "config":"/var/run/hostapd-phy0.conf"} (Invalid argument)
Tue Jan 10 13:08:21 2023 daemon.notice netifd: radio0 (1208): Usage: ubus [<options>] <command> [arguments...]
Tue Jan 10 13:08:21 2023 daemon.notice netifd: radio0 (1208): Options:
Tue Jan 10 13:08:21 2023 daemon.notice netifd: radio0 (1208): Device setup failed: HOSTAPD_START_FAILED
Tue Jan 10 13:08:21 2023 daemon.notice netifd: Wireless device 'radio0' set retry=0
Tue Jan 10 13:08:21 2023 daemon.crit netifd: Wireless device 'radio0' setup failed, retry=0
Tue Jan 10 13:08:21 2023 daemon.notice netifd: Wireless device 'radio0' is now down
Tue Jan 10 13:08:22 2023 daemon.err odhcp6c[1286]: Failed to send SOLICIT message to ff02::1:2 (Address not available)
Tue Jan 10 13:08:24 2023 daemon.notice netifd: wan (1287): udhcpc: broadcasting select for 192.168.1.233, server 192.168.1.1
Tue Jan 10 13:08:23 2023 daemon.notice netifd: wan (1287): udhcpc: broadcasting discover
Tue Jan 10 13:08:24 2023 daemon.notice netifd: Interface 'wan' is now up
Tue Jan 10 13:08:24 2023 daemon.notice netifd: wan (1287): udhcpc: lease of 192.168.1.233 obtained from 192.168.1.1, lease time 43200
Tue Jan 10 13:08:24 2023 user.notice firewall: Reloading firewall due to ifup of wan (eth1)
Error from system:
ieee80211 phy0: bremf_ap_add_uif: Registering netdeuice failed
eee80211 phy0: bremf_cfg80211_add_iface: add iface wland type 3 failed: err=-52
@oofnikj
I have a computer with two physical Ethernet ports and I am using the example configuration pretty much as is and dedicating one physical port to wan and the other to lan
While I experiment with docker-openwrt, My wan port is connected to my home Ethernet and pulling a DHCP ip address of 192.168.155.204
On the lan side I have 192.168.16.[1,2,3,4] representing the Ubuntu host, openwrt container, grafana container and influxdb container
I enabled port forwarding of 22 and 3000 for ssh and grafana respectively using the luci gui.
I am able to ping the wan side 192.168.155.204 and access the ssh port 22 from a laptop connected to my main home router on my 192.168.155.x network but access to port 3000 hangs with no response on the wan side. It works fine on the lan side
Any idea what I am doing wrong? Is this because I am trying to access the wan side from a natted ip.and it'll fare better if the wan side was a public ip?
Setting LAN_DRIVER=macvlan
in openwrt.conf
makes upstream hosts, including the one hosting the OpenWrt container, invisible to Wi-Fi clients.
Setting proxy_arp_wifi
on the LAN interface inside the OpenWrt container allows ARP packets through, e.g.,
sudo ip netns exec openwrt_1 ip l set eth0 type bridge_slave proxy_arp_wifi on
Monitoring with tcpdump
confirms the packets are arriving at the host macvlan
interface, but they don't get delivered:
$ sudo tcpdump -i macvlan0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on macvlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:03:03.993648 IP 192.168.18.185 > 192.168.18.249: ICMP echo request, id 85, seq 28, length 64
19:03:03.993764 IP 192.168.18.249 > 192.168.18.185: ICMP echo reply, id 85, seq 28, length 64
19:03:03.995644 IP 192.168.18.185 > 192.168.18.249: ICMP echo request, id 85, seq 29, length 64
19:03:03.995702 IP 192.168.18.249 > 192.168.18.185: ICMP echo reply, id 85, seq 29, length 64
19:03:05.004644 IP 192.168.18.185 > 192.168.18.249: ICMP echo request, id 85, seq 30, length 64
19:03:05.004762 IP 192.168.18.249 > 192.168.18.185: ICMP echo reply, id 85, seq 30, length 64
This doesn't affect wired clients, so I suspect it has something to do with 802.11 spec not playing nice with macvlan
.
Possible workaround might be to always create the bridge, and add an option to change the namespace of the LAN parent interface after bringing up the container if specified. Need to investigate.
How do i add multiple WAN eth0 and eth1 and eth3 without breaking the system.
Hi
Nice dashboard.
There is no way to display the traffic per local ip? instead (or in addition to) of showing per interface...to display and track down which local device is using most of the traffic
Hi,
My personal holy grail is to make openwrt as a router+fw, where I can place different docker containers behind and configure routes and fw via openwrt. I wouldn't like for the containers to be exposed to the "default" docker/compose stack,rather be as sort of "virtual" interface that the open wrt would see it as a real one hence can route and fw each independently.
in your make run script your doing all sort of magic in the networking that works awesome!
how do you think I could go around and combine similar functionality of the make run script, with more containers, running as a docker-compose suite that would tie the interfaces the way described above? (+also allow raw
wifi access as make run
does now)
I get a device without wifi, so I just comment all wifi stuffs
when I do " make run", I got
"""
Could not find config file.
Usage: run.sh [/path/to/openwrt.conf]
"""
I have installed OpenWrt in Docker on Ubuntu, it's working fine and as expected. I have used the default configuration with one macvlan interface for WAN and a bridge for LAN. My Ubuntu host can be reached with 192.168.1.1
, while OpenWrt has the IP 192.168.1.2
. Now I want to run other containers using the standard bridge interface (i.e. docker0
) and I have observed the following behavior:
192.168.1.1:8123
)192.168.1.1:8883
)ping 8.8.8.8
or ping google.com
work)ping 192.168.1.233
does not work)Is this expected behavior? How do I fix it?
Hi,
Good work on the container. It is very appropriate. It would be great to see how I can reconfigure with out interfaces so that I can run this as a container. Example:
$ docker run -it -name openwrt --network="host" --privileged openwrt_1:latest
We could add --volume ${PWD}:/etc/
to mount additional configuration as needed.
I run Open vSwitch as a container and it would be great to use OpenWRT similarly.
Any pointers to simplify configuration that you have to make it work like I requested would be great.
Thanks
@oofnikj
You have done some amazing work. Thanks for this project
In your monitoring example, I notice that you are using network: openwrt-lan for the influxdb and grafana docker
Now, I tried defining a firewall rule in docker-openwrt to bar grafana from icmp to a specific ip address on the internet just to test if we can bring remaining dockers under docker-openwrt firewall control and the answer is it did not work
I am using bridge as the default networking driver for LAN
Any alternative driver or ideas that you can suggest where the open firewall can be made to apply to all the other containers too?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.