Update the docker image of funkwhale solution to support ssh access

[Mahmoud-Emad]

The current funkwhale solution doesn't run sshd, which causes the user access

Related issues

• 🐞 [Bug]: can not access funkwhale vm while the solution is already working tfgrid-sdk-ts#2580

[PeterNashaat]

• I can't find any docs or files about funkwhale to update it in tf-images repo ?!

[Mahmoud-Emad]

I've searched about it in the 'tf-images' repo but I can't find it, we may need to implement the image?

[PeterNashaat]

• Getting error when starting it with caddy
  
• Switching to nginx
  0316b87

[PeterNashaat]

• Added funkwhale flist deployment files https://github.com/threefoldtech/tf-images/tree/funkwhale/tfgrid3/funkwhale
• Testing

[PeterNashaat]

• Flist created https://hub.grid.tf/petep.3bot/funkwhale1.4.0.flist
• Code pushed 71aeb91
• Getting this nginx error

[-] nginx: ------------ [start] ------------
[-] nginx: nginx: [emerg] cannot load certificate "/etc/letsencrypt/live/test.funkwhale.ourworld.tf/fullchain.pem": BIO_new_file() failed (SSL: error:80000002:system library::No such file or directory:calling fopen(/etc/letsencrypt/live/test.funkwhale.ourworld.tf/fullchain.pem, r) error:10000080:BIO routines::no such file)

[PeterNashaat]

• New flist https://hub.grid.tf/petep.3bot/funkwhale1.4.0.flist
• Getting error ERR_TOO_MANY_REDIRECTS

- nginx logs

[-] nginx: ------------ [start] ------------
[-] nginx: nginx: [warn] conflicting server name "test2.funkwhale.ourworld.tf" on [::]:443, ignored
[-] nginx: nginx: [warn] conflicting server name "test2.funkwhale.ourworld.tf" on 0.0.0.0:443, ignored

[-] nginx: ------------ [start] ------------
[-] nginx: nginx: [warn] conflicting server name "test2.funkwhale.ourworld.tf" on 0.0.0.0:80, ignored

• Certbot worked fine and new certificate generated

[+] funkwhale: Account registered.
[+] funkwhale: Requesting a certificate for test2.funkwhale.ourworld.tf
[+] funkwhale:
[+] funkwhale: Successfully received certificate.
[+] funkwhale: Certificate is saved at: /etc/letsencrypt/live/test2.funkwhale.ourworld.tf/fullchain.pem
[+] funkwhale: Key is saved at:         /etc/letsencrypt/live/test2.funkwhale.ourworld.tf/privkey.pem
[+] funkwhale: This certificate expires on 2025-01-14.
[+] funkwhale: These files will be updated when the certificate renews.
[+] funkwhale: Certbot has set up a scheduled task to automatically renew this certificate in the background.
[+] funkwhale:
[+] funkwhale: Deploying certificate
[+] funkwhale: Successfully deployed certificate for test2.funkwhale.ourworld.tf to /etc/nginx/sites-enabled/funkwhale.conf
[+] funkwhale: Congratulations! You have successfully enabled HTTPS on https://test2.funkwhale.ourworld.tf
[+] funkwhale:
[+] funkwhale: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
[+] funkwhale: If you like Certbot, please consider supporting our work by:
[+] funkwhale:  * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
[+] funkwhale:  * Donating to EFF:                    https://eff.org/donate-le
[+] funkwhale: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

[PeterNashaat]

• There is a recurring dockerd and containerd log message it's not affecting the setup.

[-] dockerd: time="2024-10-17T07:59:37.372313763Z" level=warning msg="Failed to delete conntrack state for 172.18.0.4: invalid argument"
[-] dockerd: time="2024-10-17T07:59:37.549269772Z" level=warning msg="Failed to delete conntrack state for 172.18.0.5: invalid argument"
[-] dockerd: time="2024-10-17T07:59:37.622006058Z" level=warning msg="Failed to delete conntrack state for 172.18.0.6: invalid argument"
[-] containerd: time="2024-10-17T07:59:37.765969163Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
[-] containerd: time="2024-10-17T07:59:37.771513111Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
[-] containerd: time="2024-10-17T07:59:37.771646315Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
[-] containerd: time="2024-10-17T07:59:37.774834934Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
[-] containerd: time="2024-10-17T07:59:37.892503547Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
[-] containerd: time="2024-10-17T07:59:37.893323862Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
[-] containerd: time="2024-10-17T07:59:37.893358164Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
[-] containerd: time="2024-10-17T07:59:37.894581997Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
[-] containerd: time="2024-10-17T07:59:37.954317449Z" level=info msg="loading plugin \"io.containerd.event.v1.publisher\"..." runtime=io.containerd.runc.v2 type=io.containerd.event.v1
[-] containerd: time="2024-10-17T07:59:37.955578950Z" level=info msg="loading plugin \"io.containerd.internal.v1.shutdown\"..." runtime=io.containerd.runc.v2 type=io.containerd.internal.v1
[-] containerd: time="2024-10-17T07:59:37.955605422Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.task\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1
[-] containerd: time="2024-10-17T07:59:37.956137636Z" level=info msg="loading plugin \"io.containerd.ttrpc.v1.pause\"..." runtime=io.containerd.runc.v2 type=io.containerd.ttrpc.v1

[PeterNashaat]

• @maxux Could you please promote this flist https://hub.grid.tf/petep.3bot/threefolddev-funkwhale-1.4.0.flist

[maxux]

Promoted: https://hub.grid.tf/tf-official-apps/funkwhale-1.4.0.flist.md

[maayarosama]

As Mentioned in this comment, I tried using the new flist to deploy a funwhale instance but it gives me bad gateway and I can't access it ssh

[PeterNashaat]

can i get access to the vm to investigate ?

[PeterNashaat]

@maayarosama here is how it should be use https://github.com/threefoldtech/tf-images/tree/development/tfgrid3/funkwhale#environment-variables

[maayarosama]

@maayarosama here is how it should be use https://github.com/threefoldtech/tf-images/tree/development/tfgrid3/funkwhale#environment-variables

After looking at this file, I adjusted the names of the env vars to match with what should be passed to the image. But even if after the adjustment I can't ssh and gives bad gateway

Instance Details

  "version": 0,
  "type": "zmachine",
  "contractId": 185491,
  "nodeId": 168,
  "name": "fwar6p6",
  "created": 1737031860,
  "status": "ok",
  "message": "",
  "flist": "https://hub.grid.tf/tf-official-apps/funkwhale-1.4.0.flist",
  "publicIP": null,
  "myceliumIP": "56c:4b4c:dc0d:2083:ff0f:0:400:2",
  "interfaces": [
    {
      "network": "nwcns9q",
      "ip": "10.20.4.2"
    }
  ],
  "capacity": {
    "cpu": 1,
    "memory": 2048
  },
  "mounts": [
    {
      "name": "diskq19",
      "mountPoint": "/data",
      "size": 53687091200,
      "state": "ok",
      "message": ""
    }
  ],
  "env": {
    "SSH_KEY": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0aFNDX/R2q6m0zGB6BQwR5wWxRitYRxlav7Cn6l9w+lYD9TOfC+fQYqcCGAGRS71wuslHhr1CsE0rF/JH7tnB8Gl1oe2eQrBSL+p6If/fCcFC2iQcx/3VcQZXYOTFJc59OZj2LmS/whFMqlNXBvzdiSk1xkPxMTtEaKvnzaB+/IKUyD61Iq08BeQYRSQvUkm8+xfYhCyT+RPE8cRRzhdSjl3WoNZuck5ReohfZUhg/s/eBvvmwBjWhY+RsTCrCXmD/48Cvqs2nX0Au8gk1p2HT11BjJ/na3cmqcxWkCdK0puKG8K+Ia6XSaDkjznnKBXE7qVjUp98+zngBIj2d3AgbqcxicXciImh44yFEVp518RU924FnYdejoYGG3OI0+5pAaGfqEO9EaPfoOA2DXR90kYaHRB2bDVQjZwt840IhEDBavCSTSVIffUHbmMX8oDU8Rd60oUD3qFpDbDb95Y2b0YcFJSNPKY6cv2u3ZeiMZzN72wPZkJG15/fUqEU+5j3ayp6iUcyPFduGZsZ/rNL1krYYO9jc8p/Tp4uAOOa7p2zCz42GeTL/lm1k4coSpWwPfmot155AciRjbCjKUIT4Im5fsq2e9wpH+XcZH/mIwNr71P8BnYV2cHTDC54qwYmamWPQYIm1cFx8h4WYqDLOwR9rigNh6LLiqERp3iA0Q== [email protected]",
    "Domain": "fw79fwar6p6.gent02.dev.grid.tf",
    "FUNKWHALE_SUPERUSER_EMAIL": "[email protected]",
    "FUNKWHALE_SUPERUSER_NAME": "admin",
    "FUNKWHALE_SUPERUSER_PASSWORD": "UrZoQhGeCNwg"
  },
  "entrypoint": "/init.sh",
  "metadata": "",
  "description": "",
  "rootfs_size": 524288000,
  "corex": false,
  "gpu": [],
  "deploymentName": "fwar6p6",
  "projectName": "funkwhale/fwar6p6",
  "billing": "No Data Available",
  "wireguard": "[Interface]\nAddress = 100.64.20.3/32\nPrivateKey = /7GbXWqh0mJJNmLY96Thi9TXjSwaZgr1hGoFjNcoPzc=\n\n[Peer]\nPublicKey = k0YltnRXf/scGpJV6A6xrP9sINpXxm8AKLwIbdFqNhU=\nAllowedIPs = 10.20.0.0/16, 100.64.20.0/32\nPersistentKeepalive = 25\nEndpoint = 185.206.122.32:20087"
}

[PeterNashaat]

• Will look into it as soon as possible

[PeterNashaat]

• Funkwhale right now is trying to create ssl for that Domain that was passed to it and failing in http challenge
• Plan is to only serve funkwhale with no ssl , will update my filst as soon as possible

[PeterNashaat]

• Modifying the flist new and will build new one with no ssl and make sure all works.

[PeterNashaat]

• Created new flist https://hub.grid.tf/petep.3bot/threefolddev-funkwhale-1.4.0.flist
• Created docs how to use https://github.com/threefoldtech/tf-images/tree/funkwhale/tfgrid3/funkwhale#required-for-basic-functionality
• Tested but with no domain will test again to make sure everything works will
• Flist takes about 6 to 7 mins to be ready following these installation steps if that's not working i can try another way to test if it's faster ?

[hossnys]

@PeterNashaat can we promote this latest flist with latest fixes , so we can give it to dev to update it in solution .vue file , then if any enhancement needed we can do it later .

[maxux]

Can you specify which flist source and which flist destination, it's easier to me to copy paste and avoid confusion or bad promotion :)

[hossnys]

Can you specify which flist source and which flist destination, it's easier to me to copy paste and avoid confusion or bad promotion :)

sure will do , but waiting for @PeterNashaat to put his two cents here and the latest flist he built for that image .

[PeterNashaat]

here is my latest flist https://hub.grid.tf/petep.3bot/threefolddev-funkwhale-1.4.0.flist

[hossnys]

@maxux can we promote this flist https://hub.grid.tf/petep.3bot/threefolddev-funkwhale-1.4.0.flist to https://hub.grid.tf/tf-official-apps/funkwhale-1.4.0.flist

[maxux]

Promoted :)