Pihole install struggles

NethServer Version: 7.9.2009
Module: nethserver-pihole

I have followed the instructions located at pihole [NethServer Wiki] but for some reason docker network ls does not show the new network for pihole and the pihole container does not start automatically either.

With all of the testing I think I have created a bit of a mess with the different networks.

Is someone able to able me unwind the mess and get pihole working?

Maybe I should be asking some fundamental questions first:

1. Am I able to use and control pihole’s Admin Panel whitelists and blacklists and what happens to the databases if the container is destroyed? I assume the whitelists and blacklists are then lost?
2. What are the implications of installing pihole on NethServer outside of docker? I know I would need to tell the script to ignore the OS Check

The data is saved in volumes and/or in the filesystem and even included in NethServer backup. Destroying a container shouldn’t be an issue, it’s part of the update process.

Pihole wants to be DNS server so it conflicts with dnsmasq used in Nethserver.

Thanks @mrmarkuz , so I should be able to use the pihole Admin interface as well without any issues?

Yes and your settings should be saved.

Thanks again - so back to the otiginal issue I raised then no the fundamentals are out of the way.

Need to somehow get the networking working with the pihole Docket Container and get the Container started on boot…

Reconfiguring docker and the firewall is always worth a try to solve issues:

signal-event nethserver-docker-update
signal-event firewall-adjust

Reconfigure pihole:

signal-event nethserver-pihole-update

Which network did you choose? Aqua, Macvlan or aeria?
Did you go through the installation part of the wiki page?

Please share your pihole config:

config show pihole

pihole=configuration
    DNS1=8.8.8.8
    DNS2=8.8.4.4
    PhpMemoryLimit=1024M
    mac=00:60:2f:c9:2c:8d
    password=*********************
    piholeAquaIP=172.28.45.1
    piholeMacVlanIP=192.168.1.8
    piholeNetwork=aeria
    timezone=UTC

If I do a ‘docker ps’ I get the following:

CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS              PORTS                          NAMES
01c94a6af7e4        portainer/portainer-ce   "/portainer -H unix:…"   14 hours ago        Up 3 seconds        8000/tcp, 9000/tcp, 9443/tcp   portainer

I would like to use either aeria or Macvlan - the ultimate goal is for PiHole to be able to see which devices the requests come from.

I think I may have combined a set a commands from the 2 different sets of the installation instructions for the Docker configuration which will not have helped the situation.

Yes, it seems you setup 2 networks. If you like to see the devices, I recommend Macvlan so let’s remove aeria from docker config first:

config setprop docker bridgeAeria ''

Set Macvlan to fit to your network, assuming you already created a network bridge br0:

config setprop docker macVlanGateway 192.168.1.1 macVlanLocalNetwork 192.168.1.0/24 macVlanNetwork 192.168.1.224/27 macVlanNic br0

Apply docker config:

signal-event nethserver-docker-update

Setup IP address for macvlan:

config setprop pihole piholeNetwork macvlan piholeMacVlanIP 192.168.1.234

Apply pihole config:

signal-event nethserver-pihole-update

This is begining to look more promising. So I ran the following commands:

[root@fileserver ~]# config setprop docker bridgeAeria ''
[root@fileserver ~]# config setprop docker macVlanGateway 192.168.1.5 macVlanLocalNetwork 192.168.1.0/24 macVlanNetwork 192.168.1.8/27 macVlanNic br0
[root@fileserver ~]# signal-event nethserver-docker-update
[root@fileserver ~]# config setprop pihole piholeNetwork macvlan piholeMacVlanIP 192.168.1.8

192.168.1.5 is the IP addresss for the br0 interface for Nethserver. 192.168.1.8 is the IP Address I would like PiHole to use.

I then ran the following commands and got the following results:

# docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS                     PORTS                          NAMES
39e31200c6d7        pihole/pihole:latest     "/s6-init"               2 minutes ago       Up 2 minutes (unhealthy)                                  pihole
01c94a6af7e4        portainer/portainer-ce   "/portainer -H unix:…"   17 hours ago        Up 2 minutes               8000/tcp, 9000/tcp, 9443/tcp   portainer

# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
c03309bf4685        aqua                bridge              local
ce9c7fed577c        bridge              bridge              local
c9e48d2d1ea3        host                host                local
0a85a82de6eb        macvlan             macvlan             local
3404ce0406d8        none                null                local

If I now try to go to http://192.168.1.8/, I get Nethserver’s default webpage which is what I sort of expected. If I go to http://192.168.1.8/admin/ to get to the PiHole Admin Page, I get a 404.

Think I am missing something stupidly obvious like the Docker Port configuration?

OK, the container is unhealthy, let’s remove it:

docker rm -f 39e31200c6d7

Reconfigure:

signal-event nethserver-pihole-update

Please try to find out the IP by executing

pihole ip

Usually you don’t need to care about ports, it should be preconfigured.

It took a bit of time, but it did become healthy:

# docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS                   PORTS                          NAMES
7c30d40ebb78        pihole/pihole:latest     "/s6-init"               2 minutes ago       Up 2 minutes (healthy)                                  pihole
01c94a6af7e4        portainer/portainer-ce   "/portainer -H unix:…"   17 hours ago        Up 37 minutes            8000/tcp, 9000/tcp, 9443/tcp   portainer

# pihole ip
# Pihole IP
192.168.1.8

And we have lift off!

It is working now.

Thanks for all of your help @mrmarkuz

thank to my hero @mrmarkuz , just for my infomation, why did you go to macvlan @bwdjames

I use pihole over aqua, I am fully happy, however I can not see which IP is querying the dns, all comes from the server. Maybe it is the answer

According to the documentation, the macvlan gives PiHole visibility of which device is making the DNS queries and that is the part I am interested in.

but the pihole dns cannot be used by the server itself, however I am not sure it is important for you ?

Yeah, I was guessing that the server itself wouldn’t be able to use it and it would have been a super nice to have but I’ll just have to work with the current configuration as is.

Okay - I think I am now officially loosing my marbles…

I have added 25 IP Reservations in the DHCP section in NethServer, but not yet enabled the DHCP in NethServer. (I plan to enable it in the next couple of days when I am ready to switch the equipment over)

Now I cannot get to the PiHole Admin Page. I have even rebooted the server to no avail.

The config is as follows:

[root@fileserver ~]# docker ps
CONTAINER ID        IMAGE                    COMMAND                  CREATED             STATUS                    PORTS                          NAMES
7c30d40ebb78        pihole/pihole:latest     "/s6-init"               4 hours ago         Up 33 seconds (healthy)                                  pihole
01c94a6af7e4        portainer/portainer-ce   "/portainer -H unix:…"   21 hours ago        Up 30 seconds             8000/tcp, 9000/tcp, 9443/tcp   portainer
[root@fileserver ~]# config show pihole
pihole=configuration
    DNS1=8.8.8.8
    DNS2=8.8.4.4
    PhpMemoryLimit=1024M
    mac=00:60:2f:c9:2c:8d
    password=********************
    piholeAquaIP=172.28.45.1
    piholeMacVlanIP=192.168.1.8
    piholeNetwork=macvlan
    timezone=UTC
[root@fileserver ~]# pihole ip
# Pihole IP
192.168.1.8
[root@fileserver ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
c03309bf4685        aqua                bridge              local
e0a93fec7fc8        bridge              bridge              local
c9e48d2d1ea3        host                host                local
0a85a82de6eb        macvlan             macvlan             local
3404ce0406d8        none                null                local

Not sure what I am missing here or which set of logs I should be looking at?

Relevant logs are /var/log/messages and /var/log/docker/docker.log.

You could also check the logs of the container in portainer or by

pihole log

Can you ping 192.168.1.8?

EDIT:

Your macvlan range/subnets/host seem to be correct.
I couldn’t reproduce, after adding DHCP reservations (inside macvlan range and outside) and reboot, pihole is still working.

To compare configs:

[root@testserver2 ~]# config show pihole
pihole=configuration
    DNS1=8.8.8.8
    DNS2=8.8.4.4
    PhpMemoryLimit=512M
    mac=01:23:45:aa:bb:cc
    password=admin
    piholeAquaIP=172.28.45.1
    piholeMacVlanIP=192.168.1.254
    piholeNetwork=macvlan
    timezone=UTC
[root@testserver2 ~]# config show docker
docker=service
    DirectLvmDevice=
    IpAddress=172.28.0.1
    Network=172.28.0.0/16
    bridgeAeria=
    enableRepository=disabled
    macVlanGateway=192.168.1.11
    macVlanLocalNetwork=192.168.1.0/24
    macVlanNetwork=192.168.1.248/29
    macVlanNic=br0
    status=enabled

I could ping it fine. Nothing obvious in the logs.

I deleted the docker container and ran the following command: signal-event nethserver-pihole-update

After that it come back up fine.

I don’t quite get it, so I will be monitoring.

What I did notice was the following:

# config show docker
docker=service
    DirectLvmDevice=
    IpAddress=172.28.0.1
    Network=172.28.0.0/16
    bridgeAeria=
    enableRepository=disabled
    macVlanGateway=192.168.1.5
    macVlanLocalNetwork=192.168.1.0/24
    macVlanNetwork=192.168.1.8/27
    macVlanNic=br0
    status=enabled

I noticed that my macVlanGateway value is incorrect, it should be 192.168.1.11. How do I change this?