From 35d0cd7701d00a51660d253bcc8b9f093eb0bb9f Mon Sep 17 00:00:00 2001 From: Andrew Dryga Date: Thu, 28 Mar 2024 11:59:09 -0600 Subject: [PATCH] chore(portal): Update Gateways deploy UI (#4352) Closes #4019 Screenshot 2024-03-27 at 14 53 30 Screenshot 2024-03-27 at 14 53 32 --- .../apps/web/lib/web/live/sites/new_token.ex | 160 ++++++------------ .../test/web/live/sites/new_token_test.exs | 6 +- 2 files changed, 55 insertions(+), 111 deletions(-) diff --git a/elixir/apps/web/lib/web/live/sites/new_token.ex b/elixir/apps/web/lib/web/live/sites/new_token.ex index 92f737d28..5ebbdc5ad 100644 --- a/elixir/apps/web/lib/web/live/sites/new_token.ex +++ b/elixir/apps/web/lib/web/live/sites/new_token.ex @@ -125,6 +125,49 @@ defmodule Web.Sites.NewToken do >enable IPv6 in the Docker daemon.

+ <:tab + id="binary-instructions" + label="Manually" + phx_click="tab_selected" + selected={@selected_tab == "binary-instructions"} + > +

+ <.link + href="https://www.github.com/firezone/firezone/releases?utm_source=deploy_gateway" + target="_blank" + class={link_style()} + > + Download the latest binary + + from GitHub releases to your server and make sure the following environment variables are set: +

+ + <.code_block + id="code-sample-binary1" + class="w-full text-xs whitespace-pre-line" + phx-no-format + phx-update="ignore" + ><%= manual_command(@env) %> + +

+ See + <.link + href="https://www.firezone.dev/kb/deploy/gateways#environment_variables" + target="_blank" + class={link_style()} + > + the Gateway docs + + for a full list of environment variables. +

+ +

+ Important: + You'll need to make sure that the iptables + and ip6tables + commands are available on your system. +

+
@@ -164,10 +207,8 @@ defmodule Web.Sites.NewToken do end [ - {"FIREZONE_ID", Ecto.UUID.generate()}, {"FIREZONE_TOKEN", encoded_token}, - api_url_override, - {"RUST_LOG", "info"} + api_url_override ] |> Enum.reject(&is_nil/1) end @@ -199,113 +240,14 @@ defmodule Web.Sites.NewToken do defp systemd_command(env) do """ - ( install_firezone() { + #{Enum.map_join(env, " \\\n", fn {key, value} -> "#{key}=\"#{value}\"" end)} \\ + bash <(curl -fsSL https://raw.githubusercontent.com/firezone/firezone/main/scripts/gateway-systemd-install.sh) + """ + end - # Create firezone user and group - sudo groupadd -f firezone - id -u firezone > /dev/null 2>&1 || sudo useradd -r -g firezone -s /sbin/nologin firezone - - # Create systemd unit file - cat << EOF | sudo tee /etc/systemd/system/firezone-gateway.service - [Unit] - Description=Firezone Gateway - After=network.target - Documentation=https://www.firezone.dev/kb - - [Service] - Type=simple - #{Enum.map_join(env, "\n", fn {key, value} -> "Environment=\"#{key}=#{value}\"" end)} - ExecStartPre=/usr/local/bin/firezone-gateway-init - ExecStart=/usr/bin/sudo \\\\ - --preserve-env=FIREZONE_NAME,FIREZONE_ID,FIREZONE_TOKEN,FIREZONE_API_URL,RUST_LOG \\\\ - -u firezone \\\\ - -g firezone \\\\ - /usr/local/bin/firezone-gateway - TimeoutStartSec=3s - TimeoutStopSec=15s - Restart=always - RestartSec=7 - - [Install] - WantedBy=multi-user.target - EOF - - # Create ExecStartPre script - cat << EOF | sudo tee /usr/local/bin/firezone-gateway-init - #!/bin/sh - - set -ue - - # Download latest version of the gateway if it doesn't already exist - if [ ! -e /usr/local/bin/firezone-gateway ]; then - echo "/usr/local/bin/firezone-gateway not found. Downloading latest version..." - FIREZONE_VERSION=\\$(curl -Ls \\\\ - -H "Accept: application/vnd.github+json" \\\\ - -H "X-GitHub-Api-Version: 2022-11-28" \\\\ - "https://api.github.com/repos/firezone/firezone/releases/latest" | grep '"tag_name":' | sed 's/.*"tag_name": "\\([^"]*\\).*/\\1/' - ) - [ "\\$FIREZONE_VERSION" = "" ] && echo "[Error] Cannot fetch latest version. Rate-limited by GitHub?" && exit 1 - echo "Downloading Firezone Gateway version \\$FIREZONE_VERSION" - arch=\\$(uname -m) - case \\$arch in - aarch64) - bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-arm64" - ;; - armv7l) - bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-arm" - ;; - x86_64) - bin_url="https://github.com/firezone/firezone/releases/download/\\$FIREZONE_VERSION/gateway-x64" - ;; - *) - echo "Unsupported architecture" - exit 1 - esac - curl -Ls \\$bin_url -o /usr/local/bin/firezone-gateway - else - echo "/usr/local/bin/firezone-gateway found. Skipping download." - fi - - # Set proper capabilities and permissions on each start - chgrp firezone /usr/local/bin/firezone-gateway - chmod 0750 /usr/local/bin/firezone-gateway - setcap 'cap_net_admin+eip' /usr/local/bin/firezone-gateway - mkdir -p /var/lib/firezone - chown firezone:firezone /var/lib/firezone - chmod 0775 /var/lib/firezone - - # Enable masquerading for ethernet and wireless interfaces - iptables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -i tun-firezone -j ACCEPT - iptables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || iptables -A FORWARD -o tun-firezone -j ACCEPT - iptables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o e+ -j MASQUERADE - iptables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || iptables -t nat -A POSTROUTING -o w+ -j MASQUERADE - ip6tables -C FORWARD -i tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -i tun-firezone -j ACCEPT - ip6tables -C FORWARD -o tun-firezone -j ACCEPT > /dev/null 2>&1 || ip6tables -A FORWARD -o tun-firezone -j ACCEPT - ip6tables -t nat -C POSTROUTING -o e+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o e+ -j MASQUERADE - ip6tables -t nat -C POSTROUTING -o w+ -j MASQUERADE > /dev/null 2>&1 || ip6tables -t nat -A POSTROUTING -o w+ -j MASQUERADE - - # Enable packet forwarding - sysctl -w net.ipv4.ip_forward=1 - sysctl -w net.ipv4.conf.all.src_valid_mark=1 - sysctl -w net.ipv6.conf.all.disable_ipv6=0 - sysctl -w net.ipv6.conf.all.forwarding=1 - sysctl -w net.ipv6.conf.default.forwarding=1 - EOF - - # Make ExecStartPre script executable - sudo chmod +x /usr/local/bin/firezone-gateway-init - - # Reload systemd - sudo systemctl daemon-reload - - # Enable the service to start on boot - sudo systemctl enable firezone-gateway - - # Start the service - sudo systemctl start firezone-gateway - - } - install_firezone ) + defp manual_command(env) do + """ + #{Enum.map_join(env, "\n", fn {key, value} -> "#{key}=#{value}" end)}) """ end diff --git a/elixir/apps/web/test/web/live/sites/new_token_test.exs b/elixir/apps/web/test/web/live/sites/new_token_test.exs index 5de1d4c22..05d75f3a2 100644 --- a/elixir/apps/web/test/web/live/sites/new_token_test.exs +++ b/elixir/apps/web/test/web/live/sites/new_token_test.exs @@ -31,8 +31,10 @@ defmodule Web.Live.Sites.NewTokenTest do assert html =~ "docker run" assert html =~ "Waiting for connection..." - assert Regex.run(~r/FIREZONE_ID=([^& ]+)/, html) |> List.last() - token = Regex.run(~r/FIREZONE_TOKEN=([^& ]+)/, html) |> List.last() |> String.trim(""") + token = + Regex.run(~r/FIREZONE_TOKEN=([^&\n ]+)/, html) + |> List.last() + |> String.trim(""") :ok = Domain.Gateways.subscribe_to_gateways_presence_in_group(group) context = Fixtures.Auth.build_context(type: :gateway_group)