-
-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix for arm devices #20
Conversation
💵 To receive payouts, sign up on Algora, link your Github account and connect with Stripe/Alipay. |
Only oddity I found is connected clients have no internet. DHCP leases and DNS are good, connectivity check ok within the container but not for clients. @jrcichra perhaps you've observed this? Will give a closer look. |
Hmmm, I'll check this out in a few hours as well. Thanks anyways for checking and verifying! |
hmm it is probably masquerading or NAT rules, i am so bad at this networking stuff |
@NL-TCH of course, I forgot about docker's network isolation 🙈 adding a few iptables rules did the trick.
https://docs.docker.com/network/packet-filtering-firewalls/#docker-on-a-router |
ah cool! |
I think the readme is fine, yes. Users may want to adjust these rules for their setup. |
okay, i'll add them to the readme, but raspap would've never worked without these rules. so imo quite important to document :) |
Yeah this is a necessity. In my testing today there's no internet traffic without those iptables rules. |
|
Basic AP functionality tests pass on RPi OS (64-bit) Lite bullseye. One issue I should have anticipated with WireGuard:
@NL-TCH curious if you also observed this. I used Will repeat for 32-bit armhf bullseye + bookworm next. Looking very promising thus far. |
Hey @billz good one, i didn't catch that one. just my humble opinion :) |
@NL-TCH there is no real upside, IMO. I agree that we should just support the latest. |
If we agree to bump the Debian release version and ensure that container images are pushed to |
My only argument for multiple versions (11 and 12) would be if we find something where having the same Debian release on the host and the container is necessary (e.g some change to But until we find there's a problem running a bookworm container on a bullseye host, we can keep it simple by supporting just the latest (bookworm). |
README.md
Outdated
## Workaround for arm devices | ||
To use this container on arm devices you have to make cgroups writable: | ||
``` | ||
docker run --name raspap -it -d --privileged --network=host --cgroupns host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cap-add SYS_ADMIN jrcichra/raspap-docker |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
as noted by @jrcichra the build pipeline is building an image on ghcr.io/raspap/raspap-docker
, which would be preferable to his docker.io account. tested and confirmed this works
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@NL-TCH can we replace jrcichra/raspap-docker
with ghcr.io/raspap/raspap-docker
?
Resolves #11 |
Hi y'all,
this is an easy fix for ARM devices as issued in #18
There is a current bug in docker cgroups, so a permanent fix is not possible from my side, there is however a workaround.
The workaround is to mount cgroups as host and make them writable. (--cgroupns host) (-v /sys/fs/cgroup:/sys/fs/cgroup:rw )
The readme is updated with an extra section, and no code changes are needed.
Gr. TCH
/claim 18