netbird/management/README.md

# netbird Management Server
netbird management server will control and synchronize peers configuration within your Netbird account and network.

## Command Options
The CLI accepts the command **management** with the following options:
```shell
start Netbird Management Server

Usage:
  netbird-mgmt management [flags]

Flags:
      --cert-file string            Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect
      --cert-key string             Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect
      --datadir string              server data directory location
  -h, --help                        help for management
      --letsencrypt-domain string   a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS
      --port int                    server port to listen on (default 33073)

Global Flags:
      --config string      Netbird config file location to write new config to (default "/etc/netbird")
      --log-file string    sets Netbird log path. If console is specified the the log will be output to stdout (default "/var/log/netbird/management.log")
      --log-level string    (default "info")
```
## Run Management service (Docker)

You can run service in 2 modes - with TLS or without (not recommended).

### Run with TLS (Let's Encrypt). 
By specifying the **--letsencrypt-domain** the daemon will handle SSL certificate request and configuration.

In the following example ```33073``` is the management service **default** port, and ```443``` will be used as port for Let's Encrypt challenge and HTTP API.
> The server where you are running a container has to have a public IP (for Let's Encrypt certificate challenge).

Replace <YOUR-DOMAIN> with your server's public domain (e.g. mydomain.com or subdomain sub.mydomain.com).

```bash
# create a volume
docker volume create netbird-mgmt
# run the docker container
docker run -d --name netbird-management \
-p 33073:33073  \
-p 443:443  \
-v netbird-mgmt:/var/lib/netbird  \
-v ./config.json:/etc/netbird/config.json  \
netbirdio/management:latest \
--letsencrypt-domain <YOUR-DOMAIN>
```
> An example of config.json can be found here [management.json](../infrastructure_files/management.json.tmpl)

Trigger Let's encrypt certificate generation:
```bash
curl https://<YOUR-DOMAIN>
```

The certificate will be persisted in the ```datadir/letsencrypt/``` folder (e.g. ```/var/lib/netbird/letsencrypt/```) inside the container.

Make sure that the ```datadir``` is mapped to some folder on a host machine. In case you used the volume command, you can run the following to retrieve the Mountpoint:
```shell
docker volume inspect netbird-mgmt
[
    {
        "CreatedAt": "2021-07-25T20:45:28Z",
        "Driver": "local",
        "Labels": {},
        "Mountpoint": "/var/lib/docker/volumes/mgmt/_data",
        "Name": "netbird-mgmt",
        "Options": {},
        "Scope": "local"
    }
]
```
Consequent restarts of the container will pick up previously generated certificate so there is no need to trigger certificate generation with the ```curl``` command on every restart.

### Run without TLS.

```bash
# create a volume
docker volume create netbird-mgmt
# run the docker container
docker run -d --name netbird-management \
-p 33073:33073  \
-v netbird-mgmt:/var/lib/netbird  \
-v ./config.json:/etc/netbird/config.json  \
netbirdio/management:latest
```
### Debug tag
We also publish a docker image with the debug tag which has the log-level set to default, plus it uses the ```gcr.io/distroless/base:debug``` image that can be used with docker exec in order to run some commands in the Management container.
```shell
shell $ docker run -d --name netbird-management-debug \
-p 33073:33073  \
-v netbird-mgmt:/var/lib/netbird  \
-v ./config.json:/etc/netbird/config.json  \
netbirdio/management:debug-latest

shell $ docker exec -ti netbird-management-debug /bin/sh
container-shell $ 
```
## For development purposes:

Install golang gRpc tools:
```bash
#!/bin/bash
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1
```

Generate gRpc code:

```bash
#!/bin/bash
protoc -I proto/ proto/management.proto --go_out=. --go-grpc_out=.
```
Replace Wiretrustee links and naming (#287) * Replace Wiretrustee links and naming * Upper case for Netbrid in README * Replace logo * Dashboard URL to app.netbird.io Co-authored-by: Misha Bragin <bangvalo@gmail.com> 2022-03-26 11:39:27 +01:00			`# netbird Management Server`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`netbird management server will control and synchronize peers configuration within your Netbird account and network.`
chore: use latest golang-grpc libs 2021-07-20 18:09:26 +02:00
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`## Command Options`
			`The CLI accepts the command management with the following options:`
			```shell
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`start Netbird Management Server`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00
			`Usage:`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`netbird-mgmt management [flags]`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00
			`Flags:`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00			`--cert-file string Location of your SSL certificate. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect`
			`--cert-key string Location of your SSL certificate private key. Can be used when you have an existing certificate and don't want a new certificate be generated automatically. If letsencrypt-domain is specified this property has no effect`
			`--datadir string server data directory location`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`-h, --help help for management`
			`--letsencrypt-domain string a domain to issue Let's Encrypt certificate for. Enables TLS using Let's Encrypt. Will fetch and renew certificate, and run the server with TLS`
			`--port int server port to listen on (default 33073)`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`Global Flags:`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00			`--config string Netbird config file location to write new config to (default "/etc/netbird")`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`--log-file string sets Netbird log path. If console is specified the the log will be output to stdout (default "/var/log/netbird/management.log")`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00			`--log-level string (default "info")`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			```
docs: add management service docs 2021-07-22 12:32:04 +02:00			`## Run Management service (Docker)`

			`You can run service in 2 modes - with TLS or without (not recommended).`

			`### Run with TLS (Let's Encrypt).`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`By specifying the --letsencrypt-domain the daemon will handle SSL certificate request and configuration.`
docs: add management service docs 2021-07-22 12:32:04 +02:00
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			In the following example ```33073``` is the management service default port, and ```443``` will be used as port for Let's Encrypt challenge and HTTP API.
			`> The server where you are running a container has to have a public IP (for Let's Encrypt certificate challenge).`
docs: add management service docs 2021-07-22 12:32:04 +02:00
			`Replace <YOUR-DOMAIN> with your server's public domain (e.g. mydomain.com or subdomain sub.mydomain.com).`

			```bash
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`# create a volume`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`docker volume create netbird-mgmt`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`# run the docker container`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`docker run -d --name netbird-management \`
docs: add management service docs 2021-07-22 12:32:04 +02:00			`-p 33073:33073 \`
			`-p 443:443 \`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`-v netbird-mgmt:/var/lib/netbird \`
			`-v ./config.json:/etc/netbird/config.json \`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00			`netbirdio/management:latest \`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`--letsencrypt-domain <YOUR-DOMAIN>`
docs: add management service docs 2021-07-22 12:32:04 +02:00			```
Link account id with the external user store (#184) * get account id from access token claim * use GetOrCreateAccountByUser and add test * correct account id claim * remove unused account * Idp manager interface * auth0 idp manager * use if instead of switch case * remove unnecessary lock * NewAuth0Manager * move idpmanager to its own package * update metadata when accountId is not supplied * update tests with idpmanager field * format * new idp manager and config support * validate if we fetch the interface before converting to string * split getJWTToken * improve tests * proper json fields and handle defer body close * fix ci lint notes * documentation and proper defer position * UpdateUserAppMetadata tests * update documentation * ManagerCredentials interface * Marshal and Unmarshal functions * fix tests * ManagerHelper and ManagerHTTPClient * further tests with mocking * rename package and custom http client * sync local packages * remove idp suffix 2022-01-24 11:21:30 +01:00			`> An example of config.json can be found here [management.json](../infrastructure_files/management.json.tmpl)`
docs: add management service docs 2021-07-22 12:32:04 +02:00
			`Trigger Let's encrypt certificate generation:`
			```bash
			`curl https://<YOUR-DOMAIN>`
			```

Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			The certificate will be persisted in the ```datadir/letsencrypt/``` folder (e.g. ```/var/lib/netbird/letsencrypt/```) inside the container.
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00
			Make sure that the ```datadir``` is mapped to some folder on a host machine. In case you used the volume command, you can run the following to retrieve the Mountpoint:
			```shell
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`docker volume inspect netbird-mgmt`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`[`
			`{`
			`"CreatedAt": "2021-07-25T20:45:28Z",`
			`"Driver": "local",`
			`"Labels": {},`
			`"Mountpoint": "/var/lib/docker/volumes/mgmt/_data",`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`"Name": "netbird-mgmt",`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`"Options": {},`
			`"Scope": "local"`
			`}`
			`]`
docs: add management service docs 2021-07-22 12:32:04 +02:00			```
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			Consequent restarts of the container will pick up previously generated certificate so there is no need to trigger certificate generation with the ```curl``` command on every restart.
docs: add management service docs 2021-07-22 12:32:04 +02:00
			`### Run without TLS.`

			```bash
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`# create a volume`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`docker volume create netbird-mgmt`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`# run the docker container`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`docker run -d --name netbird-management \`
docs: add management service docs 2021-07-22 12:32:04 +02:00			`-p 33073:33073 \`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`-v netbird-mgmt:/var/lib/netbird \`
			`-v ./config.json:/etc/netbird/config.json \`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00			`netbirdio/management:latest`
docs: add management service docs 2021-07-22 12:32:04 +02:00			```
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`### Debug tag`
			We also publish a docker image with the debug tag which has the log-level set to default, plus it uses the ```gcr.io/distroless/base:debug``` image that can be used with docker exec in order to run some commands in the Management container.
			```shell
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`shell $ docker run -d --name netbird-management-debug \`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`-p 33073:33073 \`
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`-v netbird-mgmt:/var/lib/netbird \`
			`-v ./config.json:/etc/netbird/config.json \`
Rebrand client cli (#320) 2022-05-22 18:53:47 +02:00			`netbirdio/management:debug-latest`
docs: add management service docs 2021-07-22 12:32:04 +02:00
Rename management from Wiretrustee to Netbird (#311) Rename documentation and goreleaser build names Added a migration function for when the old path exists and the new one doesn't updated the configure.sh to generate the docker-compose with a new path only if no pre-existing volume with old name exists 2022-05-13 14:11:21 +02:00			`shell $ docker exec -ti netbird-management-debug /bin/sh`
Mgmt docker and document (#72) * debug image and use wiretrustee/management repository * Update documentation and docker-compose to include management * improve documentation and add debug image build * update docker-compose section with management service notes. * fix broken doc link 2021-07-31 10:29:49 +02:00			`container-shell $`
Peer configuration management (#69) * feature: add config properties to the SyncResponse of the management gRpc service * fix: lint errors * chore: modify management protocol according to the review notes * fix: management proto fields sequence * feature: add proper peer configuration to be synced * chore: minor changes * feature: finalize peer config management * fix: lint errors * feature: add management server config file * refactor: extract hosts-config to a separate file * refactor: review notes applied to correct file_store usage * refactor: extract management service configuration to a file * refactor: simplify management config 2021-07-30 17:46:38 +02:00			```
docs: add management service docs 2021-07-22 12:32:04 +02:00			`## For development purposes:`

chore: use latest golang-grpc libs 2021-07-20 18:09:26 +02:00			`Install golang gRpc tools:`
			```bash
			`#!/bin/bash`
			`go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26`
			`go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.1`
			```

docs: add management service docs 2021-07-22 12:32:04 +02:00			`Generate gRpc code:`
chore: use latest golang-grpc libs 2021-07-20 18:09:26 +02:00
			```bash
			`#!/bin/bash`
			`protoc -I proto/ proto/management.proto --go_out=. --go-grpc_out=.`
			```
docs: add management service docs 2021-07-22 12:32:04 +02:00