From 86d107e363b52818b4539a8293e5c6b2149285b3 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sat, 13 May 2023 06:06:32 +0200 Subject: [PATCH 01/10] dnsmasq --- run/network.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/run/network.sh b/run/network.sh index 2380d8c..24d1c07 100644 --- a/run/network.sh +++ b/run/network.sh @@ -109,6 +109,11 @@ configureNAT () { fi fi + NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0" + + { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || : + (( rc == 0 )) && NET_OPTS="$NET_OPTS,vhost=on,vhostfd=40" + # dnsmasq configuration: DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-range=$VM_NET_IP,$VM_NET_IP --dhcp-host=$VM_NET_MAC,,$VM_NET_IP,$VM_NET_HOST,infinite --dhcp-option=option:netmask,255.255.255.0" @@ -116,11 +121,6 @@ configureNAT () { echo "0 $VM_NET_MAC $VM_NET_IP $VM_NET_HOST 01:${VM_NET_MAC}" > /var/lib/misc/dnsmasq.leases chmod 644 /var/lib/misc/dnsmasq.leases - NET_OPTS="-netdev tap,ifname=${VM_NET_TAP},script=no,downscript=no,id=hostnet0" - - { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || : - (( rc == 0 )) && NET_OPTS="$NET_OPTS,vhost=on,vhostfd=40" - # Build DNS options from container /etc/resolv.conf if [[ "${DEBUG}" == [Yy1]* ]]; then @@ -196,8 +196,7 @@ fi if [[ "${DHCP}" == [Yy1]* ]]; then if [[ "$GATEWAY" == "172."* ]]; then - error "You cannot enable DHCP while the container is " - error "in a bridge network, only on a macvlan network!" && exit 86 + error "You can only enable DHCP while the container is on a macvlan network!" && exit 86 fi # Configuration for DHCP IP From 96271d1e6096a7710397bf974de2f0e1f2704dd3 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sat, 13 May 2023 06:13:56 +0200 Subject: [PATCH 02/10] Configure DNS --- run/network.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/run/network.sh b/run/network.sh index 24d1c07..75c2d3a 100644 --- a/run/network.sh +++ b/run/network.sh @@ -114,6 +114,13 @@ configureNAT () { { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || : (( rc == 0 )) && NET_OPTS="$NET_OPTS,vhost=on,vhostfd=40" + configureDNS + + return 0 +} + +configureDNS () { + # dnsmasq configuration: DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-range=$VM_NET_IP,$VM_NET_IP --dhcp-host=$VM_NET_MAC,,$VM_NET_IP,$VM_NET_HOST,infinite --dhcp-option=option:netmask,255.255.255.0" From 9b13bc46d8a7fe81d1e891a1213695054d00a3a8 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sat, 13 May 2023 06:22:32 +0200 Subject: [PATCH 03/10] Also close socat in NAT mode --- run/network.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/run/network.sh b/run/network.sh index 75c2d3a..7e98633 100644 --- a/run/network.sh +++ b/run/network.sh @@ -172,6 +172,8 @@ configureDNS () { # Configure Network # ###################################### +{ pkill -f server.sh || true; } 2>/dev/null + # Create the necessary file structure for /dev/net/tun if [ ! -c /dev/net/tun ]; then [ ! -d /dev/net ] && mkdir -m 755 /dev/net @@ -210,7 +212,6 @@ if [[ "${DHCP}" == [Yy1]* ]]; then configureDHCP # Display IP on port 80 and 5000 - { pkill -f server.sh || true; } 2>/dev/null /run/server.sh 5000 /run/ip.sh & else From eb0f91ad3b6e979f1f876b03917cf975a1e97296 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sat, 13 May 2023 07:51:53 +0200 Subject: [PATCH 04/10] configureDNS --- run/network.sh | 95 ++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 49 deletions(-) diff --git a/run/network.sh b/run/network.sh index 7e98633..45982b7 100644 --- a/run/network.sh +++ b/run/network.sh @@ -66,6 +66,52 @@ configureDHCP() { return 0 } +configureDNS () { + + # dnsmasq configuration: + DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-range=$VM_NET_IP,$VM_NET_IP --dhcp-host=$VM_NET_MAC,,$VM_NET_IP,$VM_NET_HOST,infinite --dhcp-option=option:netmask,255.255.255.0" + + # Create lease file for faster resolve + echo "0 $VM_NET_MAC $VM_NET_IP $VM_NET_HOST 01:${VM_NET_MAC}" > /var/lib/misc/dnsmasq.leases + chmod 644 /var/lib/misc/dnsmasq.leases + + # Build DNS options from container /etc/resolv.conf + + if [[ "${DEBUG}" == [Yy1]* ]]; then + echo "/etc/resolv.conf:" && echo && cat /etc/resolv.conf && echo + fi + + mapfile -t nameservers < <( { grep '^nameserver' /etc/resolv.conf || true; } | sed 's/\t/ /g' | sed 's/nameserver //' | sed 's/ //g') + searchdomains=$( { grep '^search' /etc/resolv.conf || true; } | sed 's/\t/ /g' | sed 's/search //' | sed 's/#.*//' | sed 's/\s*$//g' | sed 's/ /,/g') + domainname=$(echo "$searchdomains" | awk -F"," '{print $1}') + + for nameserver in "${nameservers[@]}"; do + nameserver=$(echo "$nameserver" | sed 's/#.*//' ) + if ! [[ "$nameserver" =~ .*:.* ]]; then + [[ -z "$DNS_SERVERS" ]] && DNS_SERVERS="$nameserver" || DNS_SERVERS="$DNS_SERVERS,$nameserver" + fi + done + + [[ -z "$DNS_SERVERS" ]] && DNS_SERVERS="1.1.1.1" + + DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:dns-server,$DNS_SERVERS --dhcp-option=option:router,${VM_NET_IP%.*}.1" + + if [ -n "$searchdomains" ] && [ "$searchdomains" != "." ]; then + DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-search,$searchdomains --dhcp-option=option:domain-name,$domainname" + else + [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" + fi + + DNSMASQ_OPTS=$(echo "$DNSMASQ_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//') + + [[ "${DEBUG}" == [Yy1]* ]] && set -x + $DNSMASQ ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} + { set +x; } 2>/dev/null + [[ "${DEBUG}" == [Yy1]* ]] && echo + + return 0 +} + configureNAT () { # Create a bridge with a static IP for the VM guest @@ -119,55 +165,6 @@ configureNAT () { return 0 } -configureDNS () { - - # dnsmasq configuration: - DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-range=$VM_NET_IP,$VM_NET_IP --dhcp-host=$VM_NET_MAC,,$VM_NET_IP,$VM_NET_HOST,infinite --dhcp-option=option:netmask,255.255.255.0" - - # Create lease file for faster resolve - echo "0 $VM_NET_MAC $VM_NET_IP $VM_NET_HOST 01:${VM_NET_MAC}" > /var/lib/misc/dnsmasq.leases - chmod 644 /var/lib/misc/dnsmasq.leases - - # Build DNS options from container /etc/resolv.conf - - if [[ "${DEBUG}" == [Yy1]* ]]; then - echo "/etc/resolv.conf:" && echo && cat /etc/resolv.conf && echo - fi - - mapfile -t nameservers < <( { grep '^nameserver' /etc/resolv.conf || true; } | sed 's/\t/ /g' | sed 's/nameserver //' | sed 's/ //g') - searchdomains=$( { grep '^search' /etc/resolv.conf || true; } | sed 's/\t/ /g' | sed 's/search //' | sed 's/#.*//' | sed 's/\s*$//g' | sed 's/ /,/g') - domainname=$(echo "$searchdomains" | awk -F"," '{print $1}') - - for nameserver in "${nameservers[@]}"; do - nameserver=$(echo "$nameserver" | sed 's/#.*//' ) - if ! [[ "$nameserver" =~ .*:.* ]]; then - [[ -z "$DNS_SERVERS" ]] && DNS_SERVERS="$nameserver" || DNS_SERVERS="$DNS_SERVERS,$nameserver" - fi - done - - [[ -z "$DNS_SERVERS" ]] && DNS_SERVERS="1.1.1.1" - - DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:dns-server,$DNS_SERVERS --dhcp-option=option:router,${VM_NET_IP%.*}.1" - - if [ -n "$searchdomains" ] && [ "$searchdomains" != "." ]; then - DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-search,$searchdomains --dhcp-option=option:domain-name,$domainname" - else - [[ -z $(hostname -d) ]] || DNSMASQ_OPTS="$DNSMASQ_OPTS --dhcp-option=option:domain-name,$(hostname -d)" - fi - - DNSMASQ_OPTS=$(echo "$DNSMASQ_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//') - - [[ "${DEBUG}" == [Yy1]* ]] && set -x - - $DNSMASQ ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} - - { set +x; } 2>/dev/null - - [[ "${DEBUG}" == [Yy1]* ]] && echo - - return 0 -} - # ###################################### # Configure Network # ###################################### From 47f05427d0040dea868f69581cbdd27e9f813953 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sat, 13 May 2023 08:22:44 +0200 Subject: [PATCH 05/10] Spelling --- readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/readme.md b/readme.md index 8039030..f9ab246 100644 --- a/readme.md +++ b/readme.md @@ -110,14 +110,14 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti If you want to assign an individual IP address to the container, you can create a macvlan network as follows: ``` - $ docker network create -d macvlan \ + docker network create -d macvlan \ --subnet=192.168.0.0/24 \ --gateway=192.168.0.1 \ --ip-range=192.168.0.100/28 \ -o parent=eth0 vdsm ``` - Be sure to modify the values to match your local subnet. + Be sure to modify these values to match your local subnet. Once you have created the network, modify the container's configuration in your compose file as follows: @@ -137,13 +137,13 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti An added benefit of this approach is that you won't have to perform any port mapping anymore, since all ports will be exposed by default. - Please note that this IP address won't be accessible from the Docker host due to the design of macvlan, which doesn't permit communication between the two. If this is a concern, there are some workarounds available, but they go beyond the scope of this FAQ. + Please note that this IP address won't be accessible from the Docker host due to the design of macvlan, which doesn't permit communication between the two. If this is a concern, you need to create a second macvlan, but that goes beyond the scope of this FAQ. * ### How can the container acquire an IP address from my router? - After configuring the container for macvlan (see above), it will now be able to join your home network by requesting an IP from your router, just like your other devices. + After configuring the container for macvlan (see above), it is possible for DSM to become part of your home network by requesting an IP from your router, just like your other devices. - To enable this, add the following lines to your compose file: + To enable this feature, add the following lines to your compose file: ``` environment: @@ -169,7 +169,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti * ### What are the differences compared to standard DSM? - There are only three minor differences: the Virtual Machine Manager package is not provided, Surveillance Station doesn't include any free licenses, and logging in to your Synology account is not supported. + There are only two minor differences: the Virtual Machine Manager package is not provided and Surveillance Station doesn't include any free licenses. ## Disclaimer From e4ff902f19dd9258a56ebe9343b0378cf7bb9592 Mon Sep 17 00:00:00 2001 From: Kroese Date: Sat, 13 May 2023 08:53:37 +0200 Subject: [PATCH 06/10] Add reference --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index f9ab246..74eecae 100644 --- a/readme.md +++ b/readme.md @@ -137,7 +137,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti An added benefit of this approach is that you won't have to perform any port mapping anymore, since all ports will be exposed by default. - Please note that this IP address won't be accessible from the Docker host due to the design of macvlan, which doesn't permit communication between the two. If this is a concern, you need to create a second macvlan, but that goes beyond the scope of this FAQ. + Please note that this IP address won't be accessible from the Docker host due to the design of macvlan, which doesn't permit communication between the two. If this is a concern, you need to create a [second macvlan](https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/#host-access) as a workaround. * ### How can the container acquire an IP address from my router? From 4f8bbc2559c1d04240a3f4018ed5667be78b9d44 Mon Sep 17 00:00:00 2001 From: Kroese Date: Mon, 15 May 2023 21:58:33 +0200 Subject: [PATCH 07/10] Yaml --- readme.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/readme.md b/readme.md index 74eecae..d4ecd87 100644 --- a/readme.md +++ b/readme.md @@ -55,7 +55,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti To expand the default size of 16 GB, locate the `DISK_SIZE` setting in your compose file and modify it to your preferred capacity: - ``` + ```yaml environment: DISK_SIZE: "256G" ``` @@ -64,7 +64,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti To change the virtual disk's location from the default docker volume, include the following bind mount in your compose file: - ``` + ```yaml volumes: - /home/user/data:/storage ``` @@ -75,7 +75,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti By default, the entire disk space is reserved in advance. To create a growable disk, that only reserves the space that is actually used, add the following environment variable: - ``` + ```yaml environment: ALLOCATE: "N" ``` @@ -86,7 +86,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti By default, a single core and 512MB of RAM is allocated to the container. To increase this, add the following environment variables: - ``` + ```yaml environment: CPU_CORES: "4" RAM_SIZE: "2048M" @@ -96,7 +96,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti To verify if your system supports KVM, run the following commands: - ``` + ```bash sudo apt install cpu-checker sudo kvm-ok ``` @@ -109,7 +109,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti If you want to assign an individual IP address to the container, you can create a macvlan network as follows: - ``` + ```bash docker network create -d macvlan \ --subnet=192.168.0.0/24 \ --gateway=192.168.0.1 \ @@ -121,7 +121,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti Once you have created the network, modify the container's configuration in your compose file as follows: - ``` + ```yaml networks: vdsm: ipv4_address: 192.168.0.100 @@ -129,7 +129,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti Finally, add the network to the bottom of your compose file: - ``` + ```yaml networks: vdsm: external: true @@ -145,7 +145,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti To enable this feature, add the following lines to your compose file: - ``` + ```yaml environment: DHCP: "Y" devices: @@ -160,7 +160,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti By default version 7.2 will be installed, but if you prefer an older version, you can add its URL to your compose file as follows: - ``` + ```yaml environment: URL: "https://global.synologydownload.com/download/DSM/release/7.1.1/42962-1/DSM_VirtualDSM_42962.pat" ``` From 0eee9eb05ee124ed6d347cf7578297d1d822eeb9 Mon Sep 17 00:00:00 2001 From: Kroese Date: Mon, 15 May 2023 22:23:11 +0200 Subject: [PATCH 08/10] Network configuration --- readme.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/readme.md b/readme.md index d4ecd87..d1a37ab 100644 --- a/readme.md +++ b/readme.md @@ -119,17 +119,16 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti Be sure to modify these values to match your local subnet. - Once you have created the network, modify the container's configuration in your compose file as follows: + Once you have created the network, change your compose file to make it look as follows: ```yaml - networks: - vdsm: - ipv4_address: 192.168.0.100 - ``` - - Finally, add the network to the bottom of your compose file: + services: + dsm: + .... + networks: + vdsm: + ipv4_address: 192.168.0.100 - ```yaml networks: vdsm: external: true @@ -151,7 +150,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti devices: - /dev/vhost-net device_cgroup_rules: - - 'c 510:* rwm' + - 'c 511:* rwm' ``` Please note that the exact `cgroup` rule number may vary depending on your system, but the log output will indicate the correct number in case of an error. From 836f7d1e673628b88e3ff0252782eb1eada14ab6 Mon Sep 17 00:00:00 2001 From: Kroese Date: Mon, 15 May 2023 22:26:56 +0200 Subject: [PATCH 09/10] Compose files --- readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/readme.md b/readme.md index d1a37ab..33500a3 100644 --- a/readme.md +++ b/readme.md @@ -57,7 +57,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ```yaml environment: - DISK_SIZE: "256G" + DISK_SIZE: "256G" ``` * ### How do I change the location of the virtual disk? @@ -66,7 +66,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ```yaml volumes: - - /home/user/data:/storage + - /home/user/data:/storage ``` Replace the example path `/home/user/data` with the desired storage folder. @@ -77,7 +77,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ```yaml environment: - ALLOCATE: "N" + ALLOCATE: "N" ``` Keep in mind that this will not affect any of your existing disks, it only applies to newly created disks. @@ -88,8 +88,8 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ```yaml environment: - CPU_CORES: "4" - RAM_SIZE: "2048M" + CPU_CORES: "4" + RAM_SIZE: "2048M" ``` * ### How do I verify if my system supports KVM? @@ -161,7 +161,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ```yaml environment: - URL: "https://global.synologydownload.com/download/DSM/release/7.1.1/42962-1/DSM_VirtualDSM_42962.pat" + URL: "https://global.synologydownload.com/download/DSM/release/7.1.1/42962-1/DSM_VirtualDSM_42962.pat" ``` With this method, you are able to switch between different versions while keeping your file data. From 7be0bb533eb90c5db773162aafdb7a81a788eba1 Mon Sep 17 00:00:00 2001 From: Kroese Date: Mon, 15 May 2023 22:28:35 +0200 Subject: [PATCH 10/10] Network configuration --- readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/readme.md b/readme.md index 33500a3..e3ba28a 100644 --- a/readme.md +++ b/readme.md @@ -124,6 +124,7 @@ docker run -it --rm -p 5000:5000 --device=/dev/kvm --cap-add NET_ADMIN --stop-ti ```yaml services: dsm: + container_name: dsm .... networks: vdsm: