Appearance
Triage steps for gateway fix:
- Use nano to edit the
/etc/enclave-gateway/meta.jsonfile and set thenetworkStackkey value tosystemd-networkd. One you change that you should be able to configure the static IP address of the gateway using the gateway configuration UI from the LAN port.
The full file should look like:
json
{
"type": "fr201",
"os": "armbian",
"version": "24.5.3",
"networkStack": "systemd-networkd"
}- If that doesn't work manually alter the end of the netplan file found at
/etc/netplan/10-bridge-wan-lan.yamlto use a static address space and not DHCP. You'll want to restart the gateway after making these changes.
The changes look like so in the bridge section of the netplan config:
yaml
...rest of config
bridges:
br0:
dhcp4: false
dhcp6: false
addresses: [<static-ipv4-address>/<static-subnet-mask>]
routes:
- to: default
via: <route-gateway-ipv4-address>
nameservers:
addresses: [<nameserver-ipv4-address>]
interfaces:
- wan0
- lan0For example if you want to set a static IP on an enclave gateway to be 192.168.2.3 with a subnet of /24 , a route gateway of 192.168.1.255 and a nameserver of 1.1.1.1 it would look like:
yaml
...rest of config
bridges:
br0:
dhcp4: false
dhcp6: false
addresses: [192.168.2.3/24]
routes:
- to: default
via: 192.168.1.255
nameservers:
addresses: [1.1.1.1]
interfaces:
- wan0
- lan0Fix ingress traefik for downloads.enclave.sidechannel.com: Update the labels in the docker-compose.yml file for the emc service to look like so:
labels:
# optional traefik labels, if using traefik as your reverse proxy
- "traefik.enable=true"
- "traefik.http.routers.emc.rule=Host(`${EMC_ROOT_DOMAIN_NAME}`)"
- "traefik.http.routers.emc.entrypoints=web"
- "traefik.http.services.emc.loadbalancer.server.port=3000"
- "traefik.http.routers.emc-downloads.rule=Host(`downloads.enclave.sidechannel.com`)"
- "traefik.http.routers.emc-downloads.entrypoints=web"
- "traefik.http.services.emc-downloads.loadbalancer.server.port=3000"
- "traefik.docker.network=enclave-web"Do this:
#!/bin/bash
EMC_URL="http://emc.localhost"
PLUGINS="auth:1.7.1,ca:1.0.1,discovery:1.2.0,firewall:1.0.2,gateway:1.5.1,heartbeat:1.13.3,inventory:1.7.1,logs:1.5.1,nebula:1.6.0-enclave.1,netstat:1.1.1,networking:1.8.5,osquery:5.8.2-enclave.2,updater:1.2.2"
# change this to arm64 for the gateways
ARCH="amd64"
# split the plugins by comma
IFS=',' read -r -a PLUGINS_ARRAY <<< "$PLUGINS"
echo "Downloading plugins from ${EMC_URL}"
# loop through the plugins
for PLUGIN in "${PLUGINS_ARRAY[@]}"
do
# split the plugin by colon
IFS=':' read -r -a PLUGIN_ARRAY <<< "$PLUGIN"
PLUGIN_NAME=${PLUGIN_ARRAY[0]}
PLUGIN_VERSION=${PLUGIN_ARRAY[1]}
echo "Downloading plugin ${PLUGIN_NAME} version ${PLUGIN_VERSION}"
# download the plugin from the EMC_URL/static/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}/enclave_${PLUGIN_NAME}_${PLUGIN_VERSION}_linux_${ARCH}.tar.gz
# and stick them under /usr/lib/enclave/cache/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}/enclave_${PLUGIN_NAME}_${PLUGIN_VERSION}_linux_${ARCH}.tar.gz
mkdir -p /usr/lib/enclave/cache/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}
wget -O /usr/lib/enclave/cache/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}/enclave-${PLUGIN_NAME}_${PLUGIN_VERSION}_linux_${ARCH}.tar.gz ${EMC_URL}/static/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}/enclave-${PLUGIN_NAME}_${PLUGIN_VERSION}_linux_${ARCH}.tar.gz
# if the download fails, exit
if [ $? -ne 0 ]; then
echo "Failed to download plugin ${PLUGIN_NAME} version ${PLUGIN_VERSION}"
exit 1
fi
echo "Extracting plugin ${PLUGIN_NAME} version ${PLUGIN_VERSION}"
# extract tar file
tar -xzf /usr/lib/enclave/cache/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}/enclave-${PLUGIN_NAME}_${PLUGIN_VERSION}_linux_${ARCH}.tar.gz -C /usr/lib/enclave/cache/plugins/${PLUGIN_NAME}/${PLUGIN_VERSION}
done