How to install nxfilter and pihole with docker

stephdl · December 28, 2020, 7:21am

nethserver-pihole is a module now

capote · November 1, 2021, 6:20pm

Thank you for this Wiki-Article.

I am taking my first steps with Docker and trying to install Pihole.

Iinstalled Docker
activated standard repository
Portainer is accessible via Web-Gui
set up Macvlan
tried to create the container for pihole within my Macvlan

My Qurstion
Where within the Wiki-Article is documented the installation of the pihole scripts?
https://wiki.nethserver.org/doku.php?id=pihole#create_the_container

I can find only steps to…

show the config
change the admin password
set up upstrem DNS Server
check docker pihole is up
in my case
[root@DAHO-Nethserver ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f18aea56d211 portainer/portainer-ce “/portainer -H unix:…” 57 minutes ago Up 24 minutes 8000/tcp, 9000/tcp, 9443/tcp portainer

Between these steps I assume and miss the installation of the pihole scripts.
Within Portainer I also cannot find a pihole container.

This allows only one conclusion: if you follow the instructions, something is missing that is necessary to create the container.
Sincerley, MArko

ps.:
[root@DAHO-Nethserver ~]# config show pihole


pihole=configuration

DNS1=192.168.3.1

DNS2=192.168.3.20

PhpMemoryLimit=512M

mac=00:60:2f:6c:be:19

password=####

piholeAquaIP=172.28.45.1

piholeMacVlanIP=192.168.3.225

piholeNetwork=macvlan

timezone=UTC
[root@DAHO-Nethserver ~]# pihole start

# pihole start Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? Error: failed to start containers: pihole [root@DAHO-Nethserver ~]#

oneitonitram · November 1, 2021, 6:43pm

i think this does it, yum install nethserver-pihole --enablerepo=stephdl

at the begining of the wiki

capote · November 1, 2021, 6:48pm


[root@DAHO-Nethserver ~]# yum install nethserver-pihole --enablerepo=stephdl
Loaded plugins: changelog, fastestmirror, nethserver_events

Loading mirror speeds from cached hostfile


sb-base: u3.nethserver.com

sb-centos-sclo-rh: u3.nethserver.com

sb-centos-sclo-sclo: u3.nethserver.com

sb-epel: u3.nethserver.com

sb-extras: u3.nethserver.com

sb-nethserver-base: u3.nethserver.com

sb-nethserver-updates: u3.nethserver.com

sb-updates: u3.nethserver.com

stephdl: mirror.de-labrusse.fr docker-ce-stable | 3.5 kB 00:00:00 Package nethserver-pihole-1.0.1-1.ns7.noarch already installed and latest version Nothing to do [root@DAHO-Nethserver ~]#

stephdl · November 1, 2021, 6:49pm

signal-event nethserver-pihole-update

then

docker ps

stephdl · November 1, 2021, 6:53pm

I think the easier now is to use aqua and trust it

capote · November 1, 2021, 7:01pm

I rolled back my VM and repeated the installtion.
# yum install nethserver-pihole –enablerepo=stephdl # config setprop docker macVlanGateway 192.168.3.1 macVlanLocalNetwork 192.168.3.0/24 macVlanNetwork 192.168.3.224/27 macVlanNic br0 # signal-event nethserver-docker-update # config setprop pihole piholeNetwork macvlan piholeMacVlanIP 192.168.3.225 # config setprop pihole DNS1 192.168.3.20 DNS2 192.168.3.1 # signal-event nethserver-pihole-update

Now the container exists


[root@DAHO-Nethserver ~]# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 181701480cc3 pihole/pihole:latest “/s6-init” 27 seconds ago Up 7 seconds (health: starting) pihole f18aea56d211 portainer/portainer-ce “/portainer -H unix:…” About an hour ago Up 2 minutes 8000/tcp, 9000/tcp, 9443/tcp portainer
Thank you.

stephdl · November 1, 2021, 7:03pm

from time to time, think to update the container (you will see the warning inside the UI) : pihole upgrade

capote · November 6, 2021, 9:00pm

After some experiences I want to remove pihole and docker. I cannot find any documentation.
Do you have instructions for me?

Sincerely, Marko

stephdl · November 8, 2021, 10:50am

docker rm pihole
docker rm portainer
yum remove nethserver-pihole nethserver-docker docker-ce

capote · November 8, 2021, 6:18pm

I did yum autoremove nethserver-pihole –enablerepo=stephdl before.

Sincerely, Marko

capote · November 8, 2021, 6:22pm

A request because I am unsure…
Is the configured network (Aqua, Aeria, Macvlan) also removed?

stephdl · November 8, 2021, 6:41pm

ip a is your friend

be sure to restart the server eventually

capote · November 8, 2021, 9:37pm

not removed

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether 2a:d0:95:1b:3e:62 brd ff:ff:ff:ff:ff:ff inet6 fe80::28d0:95ff:fe1b:3e62/64 scope link valid_lft forever preferred_lft forever 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 2a:d0:95:1b:3e:62 brd ff:ff:ff:ff:ff:ff inet 192.168.3.20/24 brd 192.168.3.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::28d0:95ff:fe1b:3e62/64 scope link valid_lft forever preferred_lft forever 4: vb-nsdc@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000 link/ether 9e:84:6b:2b:df:25 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::9c84:6bff:fe2b:df25/64 scope link valid_lft forever preferred_lft forever 5: aqua0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:92:db:06:66 brd ff:ff:ff:ff:ff:ff inet 172.28.0.1/16 brd 172.28.255.255 scope global aqua0 valid_lft forever preferred_lft forever inet6 fe80::42:92ff:fedb:666/64 scope link valid_lft forever preferred_lft forever 6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:65:65:66:2a brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 8: vetheb0870f@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master aqua0 state UP group default link/ether fa:1d:7b:44:03:e3 brd ff:ff:ff:ff:ff:ff link-netnsid 1 inet6 fe80::f81d:7bff:fe44:3e3/64 scope link valid_lft forever preferred_lft forever 10: macvlan0@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 32:22:a6:8c:25:51 brd ff:ff:ff:ff:ff:ff inet 192.168.3.224/27 scope global macvlan0 valid_lft forever preferred_lft forever inet6 fe80::3022:a6ff:fe8c:2551/64 scope link valid_lft forever preferred_lft forever [root@DAHO-Nethserver ~]#

stephdl · November 9, 2021, 7:55am

github.com

stephdl/nethserver-docker/blob/master/root/etc/e-smith/events/actions/nethserver-docker-create-network#L50

    
      
          HasNetwork=$(docker network ls -f name=aqua -q)
          if [[ $? != 0 ]]; then
              exit 1
          fi
          
          
if [[ -n ${HasNetwork} ]]; then
              exit 0
          fi
          
          
echo "[NOTICE] Creating the aqua Docker network..."
          docker network create \
              --subnet=${Network} \
              --gateway=${IpAddress} \
              --opt com.docker.network.bridge.name=aqua0 \
              aqua

github.com

NethServer/nethserver-docker/blob/master/root/etc/e-smith/events/actions/nethserver-docker-macvlan-creation#L81

    
      
          if [[ $isBridge != 'bridge' ]];then
              echo "The nic is not a bridge, macvlan cannot be created"
              exit 0
          fi
          
          
if [[ ${bridgeAeria} == ${macVlanNic} ]]; then
              echo "[NOTICE] The macvlan and aeria network cannot share the same bridge"
              exit 0
          fi
          
          
/usr/bin/docker network create --driver=macvlan --gateway=${macVlanGateway} --subnet=${macVlanLocalNetwork} -o parent=${macVlanNic} macvlan

I assume you can live with or if you want to remove docker0, aqua and macvlan like you can see docker created them, I assume that docker can delete them

capote · November 9, 2021, 4:26pm

I removed docker and learned the danger of yum autoremove…


Package                        Arch   Version                     Repository              Size
Removing:

docker-ce x86_64 3:20.10.10-3.el7 @docker-ce-stable 96 M nethserver-docker noarch 1.0.13-1.ns7 @nethforge 58 k Removing for dependencies: certbot noarch 1.11.0-2.el7 @sb-epel 104 k container-selinux noarch 2:2.119.2-1.911c772.el7_8 @sb-extras 41 k containerd.io x86_64 1.4.11-3.1.el7 @docker-ce-stable 108 M dante x86_64 0.5.1-1.ns7 @sb-nethserver-updates 91 M docker-ce-cli x86_64 1:20.10.10-3.el7 @docker-ce-stable 139 M docker-ce-rootless-extras x86_64 20.10.10-3.el7 @docker-ce-stable 20 M docker-scan-plugin x86_64 0.9.0-3.el7 @docker-ce-stable 13 M fuse-overlayfs x86_64 0.7.2-6.el7_8 @sb-extras 116 k fuse3-libs x86_64 3.6.1-4.el7 @sb-extras 270 k libcgroup x86_64 0.41-21.el7 @nethserver 134 k nethserver-backup-config noarch 2.5.2-1.ns7 @sb-nethserver-updates 127 k nethserver-backup-data noarch 1.7.6-1.ns7 @nethserver-updates 169 k nethserver-base noarch 3.9.0-1.ns7 @sb-nethserver-updates 675 k nethserver-cgp noarch 2.4.1-1.ns7 @sb-nethserver-updates 567 k nethserver-cockpit noarch 1.10.6-1.ns7 @sb-nethserver-updates 3.0 M nethserver-collectd noarch 3.1.1-1.ns7 @nethserver 39 k nethserver-dante noarch 1.0.6-1.ns7 @sb-nethserver-updates 1.9 M nethserver-dc x86_64 1.8.2-1.ns7 @sb-nethserver-updates 15 M nethserver-dnsmasq noarch 1.7.2-1.ns7 @nethserver 93 k nethserver-dokuwiki noarch 1.3.3-1.ns7.sdl @stephdl 345 k nethserver-duc noarch 1.7.0-1.ns7 @nethserver 212 k nethserver-firewall-base noarch 3.17.2-1.ns7 @sb-nethserver-updates 332 k nethserver-firewall-base-ui noarch 3.17.2-1.ns7 @sb-nethserver-updates 9.1 M nethserver-hosts noarch 1.2.2-1.ns7 @nethserver 65 k nethserver-httpd noarch 3.12.2-1.ns7 @sb-nethserver-updates 5.6 M nethserver-httpd-admin noarch 2.7.0-1.ns7 @nethserver-base 5.2 M nethserver-httpd-admin-service noarch 2.7.0-1.ns7 @nethserver-base 7.6 k nethserver-httpd-virtualhosts noarch 3.12.2-1.ns7 @sb-nethserver-updates 100 k nethserver-lsm noarch 1.2.4-1.ns7 @nethserver-updates 38 k nethserver-mail-smarthost noarch 2.31.4-1.ns7 @sb-nethserver-updates 78 k nethserver-net-snmp noarch 1.1.0-1.ns7 @nethserver-base 37 k nethserver-netdata noarch 2.0.2-1.ns7 @sb-nethserver-updates 38 k nethserver-ntopng noarch 3.1.2-1.ns7 @nethserver-updates 3.6 M nethserver-ntp noarch 1.1.3-1.ns7 @nethserver 54 k nethserver-openssh noarch 1.8.0-1.ns7 @nethserver 51 k nethserver-phonehome noarch 1.4.0-1.ns7 @nethserver 41 k nethserver-php noarch 1.3.0-1.ns7 @nethserver 35 k nethserver-postgresql noarch 1.1.0-1.ns7 @nethserver-base 38 k nethserver-restore-data noarch 2.0.7-1.ns7 @sb-nethserver-updates 2.9 M nethserver-smartd noarch 1.1.0-1.ns7 @nethserver 34 k nethserver-sssd noarch 1.7.1-1.ns7 @nethserver-updates 318 k nethserver-subscription noarch 3.6.8-1.ns7 @nethserver-updates 88 k nethserver-subscription-ui noarch 3.6.8-1.ns7 @nethserver-updates 59 k nethserver-vsftpd noarch 1.1.1-1.ns7 @nethserver-base 53 k nethserver-zabbix noarch 0.0.1-10.ns7 @mrmarkuz 6.3 M policycoreutils-python x86_64 2.5-34.el7 @nethserver 1.2 M slirp4netns x86_64 0.4.3-4.el7_8 @sb-extras 169 k

Fortunately I was able to cancel.

yum remove... does the job.

The networks still exist… a reboot helps and the networks are gone.