Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

➕ Dockerfile.arm to support arm 32bit #988

Closed
wants to merge 54 commits into from
Closed

➕ Dockerfile.arm to support arm 32bit #988

wants to merge 54 commits into from

Conversation

jeankhawand
Copy link

  • had to build it on my AllWinner H2 SoC which is running arm 32bit
  • it is working with no issues
  • it took some time to build dependencies – would be nice to have it accessible from docker registry cause it will require some effort when new version of cloudflared is out to rebuild....

@jeankhawand jeankhawand mentioned this pull request Jun 10, 2023
Open
@jeankhawand
Copy link
Author 

2023-06-10T15:47:41Z INF Starting tunnel tunnelID=REDACTED 
2023-06-10T15:47:41Z INF Version 31d3670d
2023-06-10T15:47:41Z INF GOOS: linux, GOVersion: go1.19.10, GoArch: arm
2023-06-10T15:47:41Z INF Settings: map[no-autoupdate:true token:*****]
2023-06-10T15:47:41Z INF Generated Connector ID: REDACTED 
2023-06-10T15:47:41Z INF Initial protocol quic
2023-06-10T15:47:42Z INF ICMP proxy will use 172.18.0.2 as source for IPv4
2023-06-10T15:47:42Z INF ICMP proxy will use :: as source for IPv6
2023-06-10T15:47:42Z INF Starting metrics server on 127.0.0.1:35601/metrics
2023-06-10T15:47:42Z INF Registered tunnel connection connIndex=0 connection=REDACTED event=0 ip=198.41.192.7 location=CDG protocol=quic

@sudarshan-reddy
Copy link
Contributor

Thanks for this work @jeankhawand . I'm going to have to test this against our internal CI (since that's what builds the docker images) and get back to you.

@sudarshan-reddy sudarshan-reddy self-assigned this Aug 21, 2023
@jeankhawand
Copy link
Author

closes #987

@ahlixinjie
Copy link

waiting for this to be merged, so my mikrotik device can use it😢

@TylerMitton
Copy link

@sudarshan-reddy , do you expect this will be merged? thankful to you and @jeankhawand for your work on this.

@maijs
Copy link

maijs commented Oct 17, 2023
edited
Loading

You can build an arm image on a Mac Silicon and transfer the image to an arm-based Mikrotik router with the following stpeps:

  1. Run docker buildx ls and check if your computer can build linux/arm/v7 platform images.
  2. Checkout the branch of the PR: git clone -b feature/support-armhf https://github.com/jeankhawand/cloudflared.git
  3. Change the directory: cd cloudflared
  4. Build an image: docker buildx build --platform linux/arm/v7 . -t MYNAME/cloudflared (change MYNAME to your username)
  5. Make sure the that image has been built: docker image ls
  6. Save the image on the disk: docker image save -o docker_cloudflared_arm IMAGE_ID
  7. Copy the image file to the Mikrotik device.

@maijs
Copy link

maijs commented Oct 17, 2023

I tested the PR and can confirm that it works. Looking forward to see it merged.

@maijs
Copy link

maijs commented Oct 17, 2023

@jeankhawand Could you please make two changes to the PR?

  1. Rebase the feature branch against the current cloudflare:master branch.
  2. Update the golang version in the Dockerfile.arm file to FROM golang:1.20.6 as builder to match the current Dockerfile.* in upstream repo?

jcsf and others added 17 commits October 22, 2023 15:09
@jcsf @jeankhawand
TUN-7463: Add default ingress rule if no ingress rules are provided w…
f4ce7c6 
…hen updating the configuration
@joliveirinha @jeankhawand
TUN-7471: Fixes cloudflared not closing the quic stream on unregister…
1128660 
… UDP session

This code was leaking streams because it wasn't closing the quic stream
after unregistering from the edge.
@jcsf @jeankhawand
Release 2023.6.0
f124bdd
@joliveirinha @jeankhawand
TUN-7468: Increase the limit of incoming streams
33d56be
@DevinCarr @jeankhawand
TUN-7477: Add UDP/TCP session metrics
136f232 
New gauge metrics are exposed in the prometheus endpoint to
capture the current and total TCP and UDP sessions that
cloudflared has proxied.
@sudarshan-reddy @jeankhawand
TUN-7480: Added a timeout for unregisterUDP.
c6b4bac 
I deliberately kept this as an unregistertimeout because that was the
intent. In the future we could change this to a UDPConnConfig if we want
to pass multiple values here.

The idea of this PR is simply to add a configurable unregister UDP
timeout.
@sudarshan-reddy @jeankhawand
Release 2023.6.1
7550e0c
@GreenStage @jeankhawand
AUTH-5328 Pass cloudflared_token_check param when running cloudflared…
b0ce64a 
… access login
@jcsf @jeankhawand
TUN-6011: Remove docker networks from ICMP Proxy test
a929dcc
@DevinCarr @jeankhawand
TUN-7543: Add --debug-stream flag to cloudflared access ssh
4fd284d 
Allows for debugging the payloads that are sent in client mode to
the ssh server. Required to be run with --log-directory to capture
logging output. Additionally has maximum limit that is provided with
the flag that will only capture the first N number of reads plus
writes through the WebSocket stream. These reads/writes are not directly
captured at the packet boundary so some reconstruction from the
log messages will be required.

Added User-Agent for all out-going cloudflared access
tcp requests in client mode.
Added check to not run terminal logging in cloudflared access tcp
client mode to not obstruct the stdin and stdout.
@DevinCarr @jeankhawand
TUN-7549: Add metrics route to management service
6c0dd59
@DevinCarr @jeankhawand
TUN-7551: Complete removal of raven-go to sentry-go
a1419a7 
Removes the final usage of raven-go and removes the dependency.
@DevinCarr @jeankhawand
TUN-7550: Add pprof endpoint to management service
1b9f55a
@joliveirinha @jeankhawand
TUN-7545: Add support for full bidirectionally streaming with close s…
286addc 
…ignal propagation
@sudarshan-reddy @jeankhawand
TUN-7558: Flush on Writes for StreamBasedOriginProxy
4f79a2b 
In the streambased origin proxy flow (example ssh over access), there is
a chance when we do not flush on http.ResponseWriter writes. This PR
guarantees that the response writer passed to proxy stream has a flusher
embedded after writes. This means we write much more often back to the
ResponseWriter and are not waiting. Note, this is only something we do
when proxyHTTP-ing to a StreamBasedOriginProxy because we do not want to
have situations where we are not sending information that is needed by
the other side (eyeball).
@DevinCarr @jeankhawand
TUN-7553: Add flag to enable management diagnostic services
092a664 
With the new flag --management-diagnostics (an opt-in flag)
cloudflared's will be able to report additional diagnostic information
over the management.argotunnel.com request path.
Additions include the /metrics prometheus endpoint; which is already
bound to a local port via --metrics.
/debug/pprof/(goroutine|heap) are also provided to allow for remotely
retrieving heap information from a running cloudflared connector.
@DevinCarr @jeankhawand
TUN-7564: Support cf-trace-id for cloudflared access
5e459fd
DevinCarr and others added 21 commits October 22, 2023 15:09
@DevinCarr @jeankhawand
Release 2023.7.2
431cc05
@joliveirinha @jeankhawand
TUN-7624: Fix flaky TestBackoffGracePeriod test in cloudflared
96966b6
@DevinCarr @jeankhawand
TUN-7628: Correct Host parsing for Access
d8ff56c 
Will no longer provide full hostname with path from provided
`--hostname` flag for cloudflared access to the Host header field.
This addresses certain issues caught from a security fix in go
1.19.11 and 1.20.6 in the net/http URL parsing.
@DevinCarr @jeankhawand
Release 2023.7.3
9931188
@DevinCarr @jeankhawand
TUN-7584: Bump go 1.20.6
3f501a6 
Pins all docker and cfsetup builds to a specific go patch version.
Also ran go fix on repo.
@chungthuang @jeankhawand
Release 2023.8.0
3636e99
@sudarshan-reddy @jeankhawand
TUN-7718: Update R2 Token to no longer encode secret
cd3bd18 
This is simply because we no longer use the legacy R2 secret that needed
this encoding.
@chungthuang @jeankhawand
Release 2023.8.1
f556d9c
@chungthuang @jeankhawand
TUN-7707: Use X25519Kyber768Draft00 curve when post-quantum feature i…
279e080 
…s enabled
@chungthuang @jeankhawand
TUN-7700: Implement feature selector to determine if connections will…
76c8ff9 
… prefer post quantum cryptography
@chungthuang @jeankhawand
Release 2023.8.2
f941b71
@joliveirinha @jeankhawand
TUN-7756: Clarify that QUIC is mandatory to support ICMP proxying
dcfc831
@joliveirinha @jeankhawand
TUN-7776: Remove warp-routing flag from cloudflared
68bec88
@joliveirinha @jeankhawand
TUN-7787: Refactor cloudflared to use new route endpoints based on ro…
f2a2926 
…ute IDs

This commits makes sure that cloudflared starts using the new API
endpoints for managing routes.

Additionally, the delete route operation still allows deleting by CIDR
and VNet but it is being marked as deprecated in favor of specifying the
route ID.

The goal of this change is to make it simpler for the user to delete
routes without specifying Vnet.
@jcsf @jeankhawand
TUN-7813: Improve tunnel delete command to use cascade delete
5b5859d 
## Summary
Previously the force flag in the tunnel delete command was only explicitly deleting the
connections of a tunnel. Therefore, we are changing it to use the cascade query parameter
supported by the API. That parameter will delegate to the server the deletion of the tunnel
dependencies implicitly instead of the client doing it explicitly. This means that not only
the connections will get deleted, but also the tunnel routes, ensuring that no dependencies
are left without a non-deleted tunnel.
@joliveirinha @jeankhawand
TUN-7787: cloudflared only list ip routes targeted for cfd_tunnel
535796f
@jcsf @jeankhawand
TUN-7824: Fix usage of systemctl status to detect which services are …
26cb17c 
…installed

## Summary
To determine which services were installed, cloudflared, was using the command
`systemctl status` this command gives an error if the service is installed
but isn't running, which makes the `uninstall services` command report wrongly
the services not installed. Therefore, this commit adapts it to use the
`systemctl list-units` command combined with a grep to find which services are
installed and need to be removed.
@joliveirinha @jeankhawand
CUSTESC-33731: Make rule match test report rule in 0-index base
e655540 
This changes guarantees that the coommand to report rule matches when
testing local config reports the rule number using the 0-based indexing.
This is to be consistent with the 0-based indexing on the log lines when
proxying requests.
@DevinCarr @jeankhawand
TUN-7864: Document cloudflared versions support
03fb047
@jeankhawand
bump go to 1.20.6
9126cf8
@jeankhawand
Merge branch 'master' into feature/support-armhf
d9de248
@farnos85
Copy link

farnos85 commented Nov 8, 2023

You can build an arm image on a Mac Silicon and transfer the image to an arm-based Mikrotik router with the following stpeps:

  1. Run docker buildx ls and check if your computer can build linux/arm/v7 platform images.
  2. Checkout the branch of the PR: git clone -b feature/support-armhf https://github.com/jeankhawand/cloudflared.git
  3. Change the directory: cd cloudflared
  4. Build an image: docker buildx build --platform linux/arm/v7 . -t MYNAME/cloudflared (change MYNAME to your username)
  5. Make sure the that image has been built: docker image ls
  6. Save the image on the disk: docker image save -o docker_cloudflared_arm IMAGE_ID
  7. Copy the image file to the Mikrotik device.

I tried this procedure on my mikrotik router with arm architecture, but I had this error "execve: Exec format error"

@maijs
Copy link

maijs commented Nov 8, 2023

@farnos85 On which Mikrotik router are you trying to create a container?

@farnos85
Copy link

farnos85 commented Nov 8, 2023

@farnos85 On which Mikrotik router are you trying to create a container?

https://mikrotik.com/product/hap_ac3

@cldparisi
Copy link

follow it

@maijs
Copy link

maijs commented Nov 14, 2023

@farnos85 On which Mikrotik router are you trying to create a container?

https://mikrotik.com/product/hap_ac3

@farnos85 The result of the steps I described was tested on a HAP AC2, which also has an arm 32bit processor. Need more testing from other people I suppose.

@farnos85
Copy link

@farnos85 On which Mikrotik router are you trying to create a container?

https://mikrotik.com/product/hap_ac3

@farnos85 The result of the steps I described was tested on a HAP AC2, which also has an arm 32bit processor. Need more testing from other people I suppose.

UPDATE:
image built on Raspberry PI 4 with Linux raspberrypi 6.1.21-v8+ --> execve: Exec format error
image built on GCP VM with Ubuntu 20.04.6 LTS (GNU/Linux 5.15.0-1042-gcp x86_64) --> works correctly

@joliveirinha
Copy link
Contributor

We are not looking to support this platform at this time.
We may re-evaluate this in the future, and in that case, this would need to be done with proper context of our internal pipelines.

We appreciate your contribution and interest. thanks

@maijs maijs mentioned this pull request Jan 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sudarshan-reddy sudarshan-reddy Awaiting requested review from sudarshan-reddy

Assignees

@sudarshan-reddy sudarshan-reddy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.