I did some additional checks on one of my home computers with Fedora 37
. In general, following all the info provided here I managed to start it as a service, however, it was not fully successful as I was receiving “ERROR contact:service ping satellite failed
” and the node was not running correctly.
What I noticed:
When:
podman run --rm -e SETUP="true" \
-e PUID=1000 \
-e PGID=1000 \
--mount type=bind,source="$storjidlocation",destination=/app/identity \
--mount type=bind,source="$datapath",destination=/app/config \
--name $snname docker.io/storjlabs/storagenode:latest
Receiving: Error: storagenode configuration already exists (/app/config)
Solution: Reason seems to be SELinux
, setting it to permissive mode <sudo setenforce 0
> seems to create a new config.yaml
. Otherwise the setup does not work. Also when trying to run the service in SELinux enforced mode
, the node is continuously restarting itself. Of course as per suggestion from the blog I set: sudo loginctl enable-linger $USER
and sudo setsebool -P container_manage_cgroup on
respectively.
When:
podman create \ [14:46:15]
--label "io.containers.autoupdate=registry" \
-p $port:28967/tcp \
-p $port:28967/udp \
-p $dip:$dport:14002 \
-e WALLET="$wallet" \
-e EMAIL="$email" \
-e ADDRESS="$pip:$port" \
-e STORAGE="$ssize" \
-e STORJ_HEALTHCHECK_DETAILS="true" \
-e PUID=$(id -u) \
-e PGID=$(id -g)\
--mount type=bind,source="$storjidlocation",destination=/app/identity \
--mount type=bind,source="$storjconfiglocation",destination=/app/config \
--name $snname storjlabs/storagenode:latest --operator.wallet-features=zksync
Receiving: Error: short name: auto updates require fully-qualified image reference: "storjlabs/storagenode:latest"
Solution: Full name as suggested by @arrogantrabbit: docker.io/storjlabs/storagenode:latest
I also abandoned my attempt to use $(id -u)
and $(id -g)
in favor of hard coded values. Also I abandoned (for a while) my attempt to restrict access to Dashboard to a particular IP with a separate firewall zone. During those tests on Fedora 37 my firewall looked like this:
$ sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s25
sources:
services: cockpit dhcpv6-client iscsi-target mdns mountd nfs rpc-bind ssh
ports: 28967/tcp 28967/udp 14002/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
The other noticeable difference from the code described in the blog by @arrogantrabbit was the use of --mount
instead of -v
, which in general is my preference.