TrueNas Scale App, static IP

[Deicist]

Hi All,

I'm 90% sure this is me being dense, but I can't seem to get a container stood up with a static IP.

If I set the external interface to DHCP, it works fine.

If I put something in the static IP field though, the UI requires a static route to be set. Which I don't (think I?) want to do.

help?

 

[Deicist]

Additionally, I'm struggling to launch a 'privileged' container. Is this possible with the current UI?

 

[Deicist]

ah ha, answered my own question (by digging about in the generated k8s templates:

You need to enter '0.0.0.0/0' as the destination and the ip of your gateway as a static route before it will let you use a static ip for the container.

Still trying to find a way to launch a priviliged pod / container though....

 

[tprelog]

Still trying to find a way to launch a priviliged pod / container though....

I spent a while on this myself. I don't think you can do that from the UI at this point.

 

[Deicist]

I spent a while on this myself. I don't think you can do that from the UI at this point.

You cannot. I'm currently digging into the Helm templates that get created under ix-applications on the app pool to see if I can add something in there.

 

[tprelog]

digging into the Helm templates that get created under ix-applications on the app pool to see if I can add something in there

I'll save you some time, it doesn't work like that.

If you need something quick for testing, just use docker-compose or helm on the CLI

If you want something that shows up in the TrueNAS UI, you'll need to make app and still install it from the command line. However this will at least show up as an installed app. Still you will not be able to edit your app in the UI because that portion is still hard coded UI. That is why even if you edit one of the existing questions.yaml, you don not see the effects in the UI.

Can I ask what you are trying to install?

 

[Deicist]

If you want something that shows up in the TrueNAS UI, you'll need to make app and still install it from the command line. However this will at least show up as an installed app. Still you will not be able to edit your app in the UI because that portion is still hard coded UI. That is why even if you edit one of the existing questions.yaml, you don not see the effects in the UI.

Can I ask what you are trying to install?

Trying to setup a few different apps that have packaged VPN clients, so they need to be able access networking devices.

My thinking is that the values for launching the pods / containers must be stored somewhere (either on the filesystem or in a DB?) otherwise all the apps would be lost when you reboot, I'm just trying to figure out where that is.

Edit: I just realised there might be some confusion here, I'm using 'App' to refer to pods (containers?) launched using the 'launch docker' button in the UI *not* the pre-packaged apps, I know those ones have hard coded bits in the UI. What I want to do is launch a generic docker image from the UI and have it appear in the running applications bit of the UI, then make that container privileged through some hackery (since it can't be done from the UI as yet)

 

[tprelog]

make that container privileged through some hackery

Well if you put it that way... I have some hackery you can try.

(I'm trying to learn about making my own scale app, so I just realized this might be possible)

This -- should, maybe, might -- work.

Instead of try to edit the existing container, edit the generic ix-app so it will create the container with privileged already enabled

You could try adding the following to the bottom of ix-applications/catalogs/github_com_truenas_charts_git/charts/ix-chart/2012.0.0/templates/_containers.tpl

Code:

{{/*
Container Security Context
*/}}
{{- define "containerSecurityContext" }}
securityContext:
  privileged: true
{{- end }}

I think, now you can create a new container and it will be privileged: true.

Probably best to remove that entry when your through.

 

[Deicist]

OKay, that didn't work. Added that to that file, span up a simple 'hello world' container and..... no security context.

I can see why it *should* work, but it doesn't appear to.

Also, interestingly, I managed to mess up my truenas install so reformatted my OS drive and re-installed. When I loaded up my fresh new install and imported my pool my previous applications came back. So clearly the charts used to create the pods etc are in that pool somewhere.

edit: ah, rancher uses a sqllite db, which is stored in the pool you select for your apps. So it persists as long as the pool is intact. However, that doesn't help me at all :D

 

[tprelog]

I thought I saw somewhere... Doesn't Rancher have some sort a dashboard that can be enabled? Maybe you can do that and edit the container from there? - Otherwise I'm out of guesses. I had other ideas I tried myself, but none of them worked.

I will say though, after a few days I managed to hack my own app together, and it does run with privileged: true. In my case I'm lucky to only need privilege and a USB mounted with some env variables. I managed just enough to get by.

I used helm create [app_name] to create a chart to start from. You may notice, files that get created are very similar to those of the sample SCALE apps. -- I only needed to edit template/deployment.yaml to enable privilege and add my mount points. There is still not a working configuration UI, so to get things working now, I set all the defaults to what I needed.

You have to include a questions.yaml but it does not need much at this point. I copied one of the existing, and deleted everything from it, except for the image settings. (I left just enough to have something). Everything else is set in values.yaml. Keep in mind, you're going to have to install this using the CLI. -- The trick is that you need to reboot SCALE after you add your app (also if make any changes to questions.yaml you'll need to reboot for them to take effect - maybe there is a command to refresh, but I haven't figured it out.) I recommend you make your own directory in ix-applications/catalogs/github_com_truenas_charts_git/ - The name you give this directory will be the name of the "train" to use when installing your app.

 

[Kieeps]

ah ha, answered my own question (by digging about in the generated k8s templates:

You need to enter '0.0.0.0/0' as the destination and the ip of your gateway as a static route before it will let you use a static ip for the container.

Still trying to find a way to launch a priviliged pod / container though....

how did you manage that? this was the first thing i was gonna try when i saw this but the drop-down only allows for 1-32 cidr :(

 

[Deicist]

how did you manage that? this was the first thing i was gonna try when i saw this but the drop-down only allows for 1-32 cidr :(

Just type '0.0.0.0/0' in the destination box, when you tab to the next box it will change to '0.0.0.0' and the cidr drop-down goes blank. Just a bug in the UI I assume.