Skip to content

Instantly share code, notes, and snippets.

Last active May 13, 2022 01:57
What would you like to do?
On Server
1. docker-compose down
2. wget -O /root/mosquitto.conf
3. vi Caddyfile, remove gRPC section
4. MAKE SURE broker.<your netmaker domain> points to this machine.
5. Update docker-compose.yml (two options, CHOOSE ONLY ONE)
a. Mmake changes to existing docker-compose:
- CHANGE to gravitl/netmaker:v0.13.0
- ADD: /root/certs:/etc/netmaker/
- ADD: net.ipv6.conf.all.disable_ipv6=0
- REMOVE "50051:50051"
- CHANGE to gravitl/netmaker-ui:v0.13.0
- CHANGE to eclipse-mosquitto:2.0.11-openssl
# This is IMPORTANT, do not skip
# You need both 1883 AND 8883 exposed on the container (and host firewall if applicable)
- ADD "8883:8883"
- ADD /root/certs/:/mosquitto/certs/
b. Overwrite docker-compose and reset base domain
- write down base domain IP, and master token ex:
- agj834tuq39tqag
- wget -O /root/docker-compose.yml
- sed -i "s/NETMAKER_BASE_DOMAIN/" /root/docker-compose.yml
- sed -i "s/SERVER_PUBLIC_IP/" /root/docker-compose.yml
- sed -i "s/REPLACE_MASTER_KEY/agj834tuq39tqag/g" /root/docker-compose.yml
- sed -i "s/COREDNS_IP/" /root/docker-compose.yml
6. docker-compose up -d
7. confirm working:
- docker logs mq (check to make sure certs are valid)
- docker logs netmaker check to make sure start is successful)
8. download new netclient on all machines:
- ex: sudo rm -f /usr/sbin/netclient && sudo wget -O /usr/sbin/netclient && sudo chmod +x /usr/sbin/netclient
9. Modify all netconfig-<network> files, add the "server:" and "api:" fields, ex:
corednsaddr: ""
accesskey: aegfaet3uag
server: "broker.<your domain>"
api: api.<your domain>:443
10. netclient pull -n (on each network)
11. Remove comms
- netclient leave -n <comms netid>
- if that fails:
- ip link del <comms iface>
- rm -rf /etc/netclient/config/netconfig-<comms netid>
- Log into UI, delete comms nodes, delete comms network
Copy link

If you set MANAGE_IPTABLES="off" the DNS won't work anymore since the main server won't be able to redirect the traffic.

Copy link

afeiszli commented May 3, 2022

If you set MANAGE_IPTABLES="off" the DNS won't work anymore since the main server won't be able to redirect the traffic.

You are correct, and can leave this in. Just be sure to remove "mq" from the PORT_FORWARD_SERVICES list, since we no longer port forward mq traffic.

Copy link

si458 commented May 4, 2022

brilliant guide!
only issue i had was the netclient pull -n myNetwork would hang on first run?
but after CTRL+C and then a second run it worked no prob?
you also DONT need to expose port 1883 on the MQTT as the clients connect to 8883 externally instead
also the latest is now v0.13.1

Copy link

r-bar commented May 13, 2022

Make sure you delete / regenerate any access keys you have from prior to the upgrade. They will contain outdated information and not allow nodes to properly join the network anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment