Merge branch 'main' into cmyers_wazuh-int

cmyers-mieweb · web-flow · commit 6efe068f279c · 2026-03-23T12:26:15.000-07:00
diff --git a/create-a-container/bin/create-container.js b/create-a-container/bin/create-container.js
@@ -251,7 +251,7 @@ async function main() {
         cores: 4,
         features: 'nesting=1,keyctl=1,fuse=1',
         memory: 4096,
-        net0: 'name=eth0,ip=dhcp,bridge=vmbr0,host-managed=1',
+        net0: `name=eth0,ip=dhcp,bridge=${node.networkBridge}`,
         searchdomain: site.internalDomain,
         swap: 0,
         onboot: 1,
@@ -301,7 +301,7 @@ async function main() {
         cores: 4,
         features: 'nesting=1,keyctl=1,fuse=1',
         memory: 4096,
-        net0: 'name=eth0,ip=dhcp,bridge=vmbr0',
+        net0: `name=eth0,ip=dhcp,bridge=${node.networkBridge}`,
         searchdomain: site.internalDomain,
         swap: 0,
         onboot: 1,
@@ -351,6 +351,16 @@ async function main() {
     // Use user entrypoint if specified, otherwise keep default
     const finalEntrypoint = container.entrypoint || defaultEntrypoint;
     
+    // OCI images that aren't system containers (entrypoint != /sbin/init) need
+    // host-managed networking since they lack their own DHCP/networking stack
+    if (isDocker && finalEntrypoint !== '/sbin/init') {
+      const net0 = defaultConfig['net0'] || `name=eth0,ip=dhcp,bridge=${node.networkBridge}`;
+      console.log('Non-init container detected, enabling host-managed networking');
+      await client.updateLxcConfig(node.name, vmid, {
+        net0: `${net0},host-managed=1`
+      });
+    }
+    
     // Build config to apply
     const envConfig = {};
     if (finalEntrypoint) {
diff --git a/create-a-container/migrations/20260319000000-add-node-network-bridge.js b/create-a-container/migrations/20260319000000-add-node-network-bridge.js
@@ -0,0 +1,17 @@
+'use strict';
+
+/** @type {import('sequelize-cli').Migration} */
+module.exports = {
+  async up(queryInterface, Sequelize) {
+    await queryInterface.addColumn('Nodes', 'networkBridge', {
+      type: Sequelize.STRING(255),
+      allowNull: false,
+      defaultValue: 'vmbr0',
+      after: 'volumeStorage'
+    });
+  },
+
+  async down(queryInterface) {
+    await queryInterface.removeColumn('Nodes', 'networkBridge');
+  }
+};
diff --git a/create-a-container/models/node.js b/create-a-container/models/node.js
@@ -90,6 +90,11 @@ module.exports = (sequelize, DataTypes) => {
       type: DataTypes.STRING(255),
       allowNull: false,
       defaultValue: 'local-lvm'
+    },
+    networkBridge: {
+      type: DataTypes.STRING(255),
+      allowNull: false,
+      defaultValue: 'vmbr0'
     }
   }, {
     sequelize,
diff --git a/create-a-container/models/site.js b/create-a-container/models/site.js
@@ -22,6 +22,27 @@ module.exports = (sequelize, DataTypes) => {
         as: 'externalDomains'
       });
     }
+
+    /**
+     * Returns all external domains sorted so that domains whose default site is
+     * this site appear first (in id order), followed by all other domains (also
+     * in id order).
+     * @returns {Promise<Array>} Sorted array of ExternalDomain instances
+     */
+    async getSortedExternalDomains() {
+      const { ExternalDomain } = sequelize.models;
+      const all = await ExternalDomain.findAll({ order: [['id', 'ASC']] });
+      const defaults = [];
+      const others = [];
+      for (const domain of all) {
+        if (domain.siteId === this.id) {
+          defaults.push(domain);
+        } else {
+          others.push(domain);
+        }
+      }
+      return [...defaults, ...others];
+    }
   }
   Site.init({
     name: DataTypes.STRING,
diff --git a/create-a-container/routers/containers.js b/create-a-container/routers/containers.js
@@ -111,10 +111,8 @@ router.get('/new', requireAuth, async (req, res) => {
     return res.redirect('/sites');
   }
   
-  // Get all external domains (global)
-  const externalDomains = await ExternalDomain.findAll({
-    order: [['name', 'ASC']]
-  });
+  // Get all external domains: default domains for this site first (by id), then others (by id)
+  const externalDomains = await site.getSortedExternalDomains();
 
   if (isApi) {
     return res.json({
@@ -243,7 +241,8 @@ router.get('/:id/edit', requireAuth, async (req, res) => {
     return res.redirect(`/sites/${siteId}/containers`);
   }
 
-  const externalDomains = await ExternalDomain.findAll({ order: [['name', 'ASC']] });
+  // Get all external domains: default domains for this site first (by id), then others (by id)
+  const externalDomains = await site.getSortedExternalDomains();
 
   return res.render('containers/form', { 
     site,
diff --git a/create-a-container/routers/nodes.js b/create-a-container/routers/nodes.js
@@ -117,7 +117,7 @@ router.post('/', async (req, res) => {
       return res.redirect('/sites');
     }
 
-    const { name, ipv4Address, apiUrl, tokenId, secret, tlsVerify, imageStorage, volumeStorage } = req.body;
+    const { name, ipv4Address, apiUrl, tokenId, secret, tlsVerify, imageStorage, volumeStorage, networkBridge } = req.body;
     
     await Node.create({
       name,
@@ -128,6 +128,7 @@ router.post('/', async (req, res) => {
       tlsVerify: tlsVerify === '' || tlsVerify === null ? null : tlsVerify === 'true',
       imageStorage: imageStorage || 'local',
       volumeStorage: volumeStorage || 'local-lvm',
+      networkBridge: networkBridge || 'vmbr0',
       siteId
     });
 
@@ -215,6 +216,7 @@ router.post('/import', async (req, res) => {
         tlsVerify: tlsVerify === '' || tlsVerify === null ? null : tlsVerify === 'true',
         imageStorage,
         volumeStorage,
+        networkBridge: 'vmbr0',
         siteId
       };
     }));
@@ -265,7 +267,7 @@ router.put('/:id', async (req, res) => {
       return res.redirect(`/sites/${siteId}/nodes`);
     }
 
-    const { name, ipv4Address, apiUrl, tokenId, secret, tlsVerify, imageStorage, volumeStorage } = req.body;
+    const { name, ipv4Address, apiUrl, tokenId, secret, tlsVerify, imageStorage, volumeStorage, networkBridge } = req.body;
     
     const updateData = {
       name,
@@ -274,7 +276,8 @@ router.put('/:id', async (req, res) => {
       tokenId: tokenId || null,
       tlsVerify: tlsVerify === '' || tlsVerify === null ? null : tlsVerify === 'true',
       imageStorage: imageStorage || 'local',
-      volumeStorage: volumeStorage || 'local-lvm'
+      volumeStorage: volumeStorage || 'local-lvm',
+      networkBridge: networkBridge || 'vmbr0'
     };
 
     // Only update secret if a new value was provided
diff --git a/create-a-container/views/nodes/form.ejs b/create-a-container/views/nodes/form.ejs
@@ -130,6 +130,19 @@
         <div class="form-text">Storage for container root filesystems</div>
       </div>
 
+      <div class="mb-3">
+        <label for="networkBridge" class="form-label">Network Bridge</label>
+        <input 
+          type="text" 
+          class="form-control" 
+          id="networkBridge" 
+          name="networkBridge" 
+          value="<%= node && node.networkBridge ? node.networkBridge : 'vmbr0' %>"
+          placeholder="e.g., vmbr0"
+        >
+        <div class="form-text">Proxmox network bridge used when creating containers</div>
+      </div>
+
       <div class="d-flex justify-content-between">
         <a href="/sites/<%= site.id %>/nodes" class="btn btn-secondary" aria-label="Cancel and return to nodes list">Cancel</a>
         <button type="submit" class="btn btn-primary">
diff --git a/mie-opensource-landing/docs/developers/database-schema.md b/mie-opensource-landing/docs/developers/database-schema.md
@@ -47,6 +47,7 @@ erDiagram
         boolean disableTlsVerification
         string imageStorage "default: local"
         string volumeStorage "default: local-lvm"
+        string networkBridge "default: vmbr0"
         int siteId FK
     }
 
@@ -173,7 +174,7 @@ erDiagram
 Top-level organizational unit. Has many Nodes. Has many ExternalDomains (as default site). `externalIp` is the public IP used as the target for Cloudflare DNS A records when cross-site HTTP services are created.
 
 ### Node
-Proxmox VE server within a site. `name` must match Proxmox hostname (unique). `imageStorage` defaults to `'local'` (CT templates). `volumeStorage` defaults to `'local-lvm'` (container rootfs). Belongs to Site, has many Containers.
+Proxmox VE server within a site. `name` must match Proxmox hostname (unique). `imageStorage` defaults to `'local'` (CT templates). `volumeStorage` defaults to `'local-lvm'` (container rootfs). `networkBridge` defaults to `'vmbr0'` (Proxmox bridge used in container net0 config). Belongs to Site, has many Containers.
 
 ### Container
 LXC container on a Proxmox node. Unique composite index on `(nodeId, containerId)`. `hostname`, `macAddress`, `ipv4Address` globally unique. Belongs to Node and optionally to a Job.
