BurgerGames/NetBirdMSP-Appliance
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(updater): add :z flag to docker volumes for SELinux

Browse Source
This commit is contained in:
Sascha Lustenberger
2026-02-22 15:33:42 +01:00
parent 6bc11d4c5e
commit 525b056b91
6 changed files with 45 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/services/update_service.py
View File

@@ -301,8 +301,8 @@ def trigger_update(config: Any, db_path: str) -> dict:
helper_cmd = [
"docker", "run", "-d",
"--name", "msp-updater",
"-v", "/var/run/docker.sock:/var/run/docker.sock",
"-v", f"{host_source_dir}:{host_source_dir}:ro",
"-v", "/var/run/docker.sock:/var/run/docker.sock:z",
"-v", f"{host_source_dir}:{host_source_dir}:ro,z",
*env_flags,
own_image,
"sh", "-c",

17
containers.txt
View File

@@ -1,8 +1,9 @@
msp-updater Exited (2) 11 seconds ago netbirdmsp-appliance-netbird-msp-appliance:latest 15 seconds ago
netbird-msp-appliance Up 6 minutes (healthy) 07c60529cf9f 6 minutes ago
netbird-kunde1-caddy Up 2 hours caddy:2-alpine 3 hours ago
netbird-kunde1-signal Up 2 hours netbirdio/signal:latest 3 hours ago
netbird-kunde1-dashboard Up 2 hours netbirdio/dashboard:latest 3 hours ago
netbird-kunde1-relay Up 2 hours netbirdio/relay:latest 3 hours ago
netbird-kunde1-management Up 2 hours netbirdio/management:latest 3 hours ago
docker-socket-proxy Up 2 hours tecnativa/docker-socket-proxy:latest 3 days ago
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6ac6e489f490 netbirdmsp-appliance-netbird-msp-appliance:latest "sh -c 'sleep 3 && d…" About a minute ago Exited (1) About a minute ago msp-updater
45635ac38499 669dad48d4d2 "uvicorn app.main:ap…" 8 minutes ago Up 8 minutes (healthy) 0.0.0.0:8000->8000/tcp, [::]:8000->8000/tcp netbird-msp-appliance
878efa979680 caddy:2-alpine "caddy run --config …" 3 hours ago Up 2 hours 443/tcp, 2019/tcp, 443/udp, 0.0.0.0:9001->80/tcp, [::]:9001->80/tcp netbird-kunde1-caddy
564c613f112a netbirdio/signal:latest "/go/bin/netbird-sig…" 3 hours ago Up 2 hours netbird-kunde1-signal
a98852970815 netbirdio/dashboard:latest "/usr/bin/supervisor…" 3 hours ago Up 2 hours 80/tcp, 443/tcp netbird-kunde1-dashboard
11e100e21d81 netbirdio/relay:latest "/go/bin/netbird-rel…" 3 hours ago Up 2 hours 0.0.0.0:3478->3478/udp, [::]:3478->3478/udp netbird-kunde1-relay
aeae96bf691e netbirdio/management:latest "/go/bin/netbird-mgm…" 3 hours ago Up 2 hours netbird-kunde1-management
9cdda4d58e36 tecnativa/docker-socket-proxy:latest "docker-entrypoint.s…" 3 days ago Up 2 hours 2375/tcp docker-socket-proxy

70
logs.txt
View File

@@ -1,40 +1,30 @@
INFO: Application startup complete.
INFO: Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
INFO: 127.0.0.1:60204 - "GET /api/health HTTP/1.1" 200 OK
INFO: 127.0.0.1:37702 - "GET /api/health HTTP/1.1" 200 OK
INFO: 127.0.0.1:34872 - "GET /api/health HTTP/1.1" 200 OK
INFO: 127.0.0.1:49808 - "GET /api/health HTTP/1.1" 200 OK
2026-02-22 14:16:10,300 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:16:10,306 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:53698 - "GET /api/settings/version HTTP/1.1" 200 OK
2026-02-22 14:16:13,790 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:16:13,796 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:53698 - "GET /api/settings/version HTTP/1.1" 200 OK
INFO: 127.0.0.1:55164 - "GET /api/health HTTP/1.1" 200 OK
INFO: 172.18.0.1:55590 - "GET / HTTP/1.1" 200 OK
INFO: 172.18.0.1:55590 - "GET /js/app.js HTTP/1.1" 304 Not Modified
INFO: 172.18.0.1:55590 - "GET /lang/en.json HTTP/1.1" 304 Not Modified
INFO: 172.18.0.1:55590 - "GET /lang/de.json HTTP/1.1" 304 Not Modified
INFO: 172.18.0.1:55590 - "GET /favicon.ico HTTP/1.1" 404 Not Found
INFO: 172.18.0.1:55590 - "GET /api/settings/branding HTTP/1.1" 200 OK
INFO: 172.18.0.1:55590 - "GET /api/auth/azure/config HTTP/1.1" 200 OK
INFO: 172.18.0.1:55590 - "GET /api/auth/me HTTP/1.1" 200 OK
INFO: 172.18.0.1:55590 - "GET /api/monitoring/status HTTP/1.1" 200 OK
INFO: 172.18.0.1:55588 - "GET /api/customers?page=1&per_page=25 HTTP/1.1" 200 OK
INFO: 172.18.0.1:37544 - "GET /api/settings/system HTTP/1.1" 200 OK
INFO: 172.18.0.1:37544 - "GET /api/auth/mfa/status HTTP/1.1" 200 OK
2026-02-22 14:16:58,896 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:16:58,906 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:37552 - "GET /api/settings/version HTTP/1.1" 200 OK
INFO: 127.0.0.1:57972 - "GET /api/health HTTP/1.1" 200 OK
INFO: 127.0.0.1:59030 - "GET /api/health HTTP/1.1" 200 OK
2026-02-22 14:17:44,793 [INFO] app.services.update_service: Database backed up to /app/backups/netbird_msp_20260222_141744.db
2026-02-22 14:17:45,142 [INFO] app.services.update_service: git pull succeeded: Already up to date.
2026-02-22 14:17:45,160 [INFO] app.services.update_service: Rebuilding with GIT_TAG=alpha-1.5 GIT_COMMIT=94d0b98 GIT_BRANCH=unstable
2026-02-22 14:17:45,160 [INFO] app.services.update_service: Phase A: building new image …
2026-02-22 14:20:39,486 [INFO] app.services.update_service: Phase A complete — image built successfully.
2026-02-22 14:20:39,507 [INFO] app.services.update_service: Host source directory: /home/sascha/NetBirdMSP-Appliance
2026-02-22 14:20:40,068 [INFO] app.services.update_service: Phase B: updater container started — this container will restart in ~5s.
2026-02-22 14:20:40,069 [INFO] app.routers.settings: Update triggered by admin.
INFO: 172.18.0.1:51826 - "POST /api/settings/update HTTP/1.1" 200 OK
INFO: 127.0.0.1:36054 - "GET /api/health HTTP/1.1" 200 OK
INFO: 172.18.0.1:54920 - "GET /api/customers?page=1&per_page=25 HTTP/1.1" 200 OK
INFO: 172.18.0.1:38426 - "GET /api/settings/system HTTP/1.1" 200 OK
INFO: 172.18.0.1:38426 - "GET /api/auth/mfa/status HTTP/1.1" 200 OK
2026-02-22 14:26:24,600 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:26:24,610 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:53830 - "GET /api/settings/version HTTP/1.1" 200 OK
INFO: 127.0.0.1:46712 - "GET /api/health HTTP/1.1" 200 OK
2026-02-22 14:26:51,522 [INFO] app.services.update_service: Database backed up to /app/backups/netbird_msp_20260222_142651.db
2026-02-22 14:26:51,823 [INFO] app.services.update_service: git pull succeeded: Already up to date.
2026-02-22 14:26:51,846 [INFO] app.services.update_service: Rebuilding with GIT_TAG=alpha-1.6 GIT_COMMIT=6bc11d4 GIT_BRANCH=unstable
2026-02-22 14:26:51,847 [INFO] app.services.update_service: Phase A: building new image …
2026-02-22 14:29:45,287 [INFO] app.services.update_service: Phase A complete — image built successfully.
2026-02-22 14:29:45,305 [INFO] app.services.update_service: Host source directory: /home/sascha/NetBirdMSP-Appliance
2026-02-22 14:29:46,017 [INFO] app.services.update_service: Phase B: updater container started — this container will restart in ~5s.
2026-02-22 14:29:46,017 [INFO] app.routers.settings: Update triggered by admin.
INFO: 127.0.0.1:34660 - "GET /api/health HTTP/1.1" 200 OK
INFO: 172.18.0.1:41348 - "GET /api/monitoring/status HTTP/1.1" 200 OK
INFO: 172.18.0.1:41362 - "GET /api/customers?page=1&per_page=25 HTTP/1.1" 200 OK
2026-02-22 14:29:46,083 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:29:46,090 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:41362 - "GET /api/settings/system HTTP/1.1" 200 OK
INFO: 172.18.0.1:41362 - "GET /api/auth/mfa/status HTTP/1.1" 200 OK
2026-02-22 14:29:51,064 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:29:51,071 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:41362 - "GET /api/settings/version HTTP/1.1" 200 OK
INFO: 127.0.0.1:39688 - "GET /api/health HTTP/1.1" 200 OK
2026-02-22 14:30:21,600 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/branches/unstable "HTTP/1.1 200 OK"
2026-02-22 14:30:21,606 [INFO] httpx: HTTP Request: GET https://git.0x26.ch/api/v1/repos/BurgerGames/NetBirdMSP-Appliance/tags?limit=1 "HTTP/1.1 200 OK"
INFO: 172.18.0.1:34698 - "GET /api/settings/version HTTP/1.1" 200 OK
INFO: 127.0.0.1:48454 - "GET /api/health HTTP/1.1" 200 OK

0
network.txt Normal file
View File

6
out.txt
View File

@@ -1,4 +1,4 @@
[unstable 94d0b98] alpha-1.5: trigger update
[unstable 6bc11d4] alpha-1.6: test final update
remote:
remote: Create a new pull request for 'unstable':
remote: https://git.0x26.ch/BurgerGames/NetBirdMSP-Appliance/pulls/new/unstable
@@ -6,5 +6,5 @@ remote:
remote: .. Processing 2 references
remote: Processed 2 references in total
To https://git.0x26.ch/BurgerGames/NetBirdMSP-Appliance.git
2780b06..94d0b98 unstable -> unstable
* [new tag] alpha-1.5 -> alpha-1.5
e0aa51b..6bc11d4 unstable -> unstable
* [new tag] alpha-1.6 -> alpha-1.6

2
update_helper.txt
View File

@@ -1 +1 @@
sh: 1: cannot create /home/sascha/NetBirdMSP-Appliance/app/backups/updater.log: Directory nonexistent
unable to get image 'netbirdmsp-appliance-netbird-msp-appliance': permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.51/images/netbirdmsp-appliance-netbird-msp-appliance/json": dial unix /var/run/docker.sock: connect: permission denied