- config handling

- error handling / env cleanups
- reduced compose files
- misc

compose/docker-compose-emqx.yml

@@ -1,86 +1,17 @@
 version: "3.4"
 
 services:
-  netmaker:
-    container_name: netmaker
-    image: gravitl/netmaker:v0.19.0
-    restart: on-failure
-    volumes:
-      - dnsconfig:/root/config/dnsconfig
-      - sqldata:/root/data
-    environment:
-      BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN/mqtt"
-      BROKER_TYPE: "emqx"
-      EMQX_REST_ENDPOINT: "http://mq:18083"
-      SERVER_NAME: "NETMAKER_BASE_DOMAIN"
-      STUN_LIST: "stun.NETMAKER_BASE_DOMAIN:3478,stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302"
-      SERVER_HOST: "SERVER_PUBLIC_IP"
-      SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"
-      COREDNS_ADDR: "SERVER_PUBLIC_IP"
-      DNS_MODE: "on"
-      SERVER_HTTP_HOST: "api.NETMAKER_BASE_DOMAIN"
-      NETCLIENT_AUTO_UPDATE: "enabled"
-      API_PORT: "8081"
-      MASTER_KEY: "REPLACE_MASTER_KEY"
-      CORS_ALLOWED_ORIGIN: "*"
-      DISPLAY_KEYS: "on"
-      DATABASE: "sqlite"
-      NODE_ID: "netmaker-server-1"
-      SERVER_BROKER_ENDPOINT: "ws://mq:8083/mqtt"
-      STUN_PORT: "3478"      
-      VERBOSITY: "1"
-      MQ_PASSWORD: "REPLACE_MQ_PASSWORD"
-      MQ_USERNAME: "REPLACE_MQ_USERNAME"
-      DEFAULT_PROXY_MODE: "off"
-    ports:
-      - "3478:3478/udp"
-  netmaker-ui:
-    container_name: netmaker-ui
-    image: gravitl/netmaker-ui:v0.19.0
-    depends_on:
-      - netmaker
-    links:
-      - "netmaker:api"
-    restart: always
-    environment:
-      BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN"
-  caddy:
-    image: caddy:2.6.2
-    container_name: caddy
-    restart: unless-stopped
-    volumes:
-      - /root/Caddyfile:/etc/caddy/Caddyfile
-      - /root/certs:/root/certs
-      - caddy_data:/data
-      - caddy_conf:/config
-    ports:
-      - "80:80"
-      - "443:443"
-  coredns:
-    container_name: coredns
-    image: coredns/coredns
-    command: -conf /root/dnsconfig/Corefile
-    depends_on:
-      - netmaker
-    restart: always
-    volumes:
-      - dnsconfig:/root/dnsconfig
   mq:
     container_name: mq
     image: emqx/emqx:5.0.9
     restart: unless-stopped
     environment:
-      EMQX_NAME: "emqx"
-      EMQX_DASHBOARD__DEFAULT_PASSWORD: "REPLACE_MQ_PASSWORD"
-      EMQX_DASHBOARD__DEFAULT_USERNAME: "REPLACE_MQ_USERNAME"
+      - EMQX_NAME: "emqx"
+      - EMQX_DASHBOARD__DEFAULT_PASSWORD=${MQ_PASSWORD}
+      - EMQX_DASHBOARD__DEFAULT_USERNAME=${MQ_USERNAME}
     ports:
       - "1883:1883" # MQTT
       - "8883:8883" # SSL MQTT
       - "8083:8083" # Websockets
       - "18083:18083" # Dashboard/REST_API
-volumes:
-  caddy_data: {}
-  caddy_conf: {}
-  sqldata: {}
-  dnsconfig: {}
-  mosquitto_logs: {}
+

compose/docker-compose.ee.yml

@@ -1,19 +1,29 @@
 version: "3.4"
 
 services:
+
   prometheus:
     container_name: prometheus
     image: gravitl/netmaker-prometheus:latest
     env_file: ./netmaker.env
+    environment:
+      # config-dependant vars
+      - NETMAKER_METRICS_TARGET=netmaker-exporter.${NM_DOMAIN}
     restart: always
     volumes:
       - prometheus_data:/prometheus
     depends_on:
       - netmaker
+
   grafana:
     container_name: grafana
     image: gravitl/netmaker-grafana:latest
     env_file: ./netmaker.env
+    environment:
+      # config-dependant vars
+      # TODO unify with netmaker-exporter
+      - PROMETHEUS_HOST=prometheus.${NM_DOMAIN}
+      - NETMAKER_METRICS_TARGET=netmaker-exporter.${NM_DOMAIN}
     volumes:
       - grafana_data:/var/lib/grafana
     restart: always
@@ -22,13 +32,22 @@ services:
     depends_on:
       - prometheus
       - netmaker
+
   netmaker-exporter:
     container_name: netmaker-exporter
     image: gravitl/netmaker-exporter:latest
     env_file: ./netmaker.env
+    environment:
+      # config-dependant vars
+      # TODO unify with grafana
+      - PROMETHEUS_HOST=https://prometheus.${NM_DOMAIN}
+      # The domain/host IP indicating the mq broker address
+      - BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}
+      - API_PORT=${EXPORTER_API_PORT}
     restart: always
     depends_on:
       - netmaker
+
 volumes:
-  prometheus_data: {}
-  grafana_data: {}
+  prometheus_data: { }
+  grafana_data: { }

compose/docker-compose.reference.yml

@@ -1,122 +0,0 @@
-version: "3.4"
-
-services:
-  netmaker: # The Primary Server for running Netmaker
-    container_name: netmaker
-    image: gravitl/netmaker:REPLACE_SERVER_IMAGE_TAG
-    restart: on-failure
-    volumes: # Volume mounts necessary for sql, coredns, and mqtt
-      - dnsconfig:/root/config/dnsconfig
-      - sqldata:/root/data
-      - shared_certs:/etc/netmaker
-    environment: # Necessary capabilities to set iptables when running in container
-      BROKER_ENDPOINT: "wss://broker.NETMAKER_BASE_DOMAIN" # The domain/host IP indicating the mq broker address
-      SERVER_NAME: "NETMAKER_BASE_DOMAIN" # The base domain of netmaker
-      SERVER_HOST: "SERVER_PUBLIC_IP" # Set to public IP of machine.
-      SERVER_HTTP_HOST: "api.NETMAKER_BASE_DOMAIN" # Overrides SERVER_HOST if set. Useful for making HTTP available via different interfaces/networks.
-      NETCLIENT_AUTO_UPDATE: "enabled" # Enable auto update of netclient ? ENUM:- enabled,disabled | default: enabled
-      SERVER_API_CONN_STRING: "api.NETMAKER_BASE_DOMAIN:443"
-      COREDNS_ADDR: "SERVER_PUBLIC_IP" # Address of the CoreDNS server. Defaults to SERVER_HOST
-      DNS_MODE: "on" # Enables DNS Mode, meaning all nodes will set hosts file for private dns settings.
-      API_PORT: "8081" # The HTTP API port for Netmaker. Used for API calls / communication from front end. If changed, need to change port of BACKEND_URL for netmaker-ui.
-      REST_BACKEND: "on" # Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST). Change to "off" to turn off.
-      DISABLE_REMOTE_IP_CHECK: "off" # If turned "on", Server will not set Host based on remote IP check. This is already overridden if SERVER_HOST is set. Turned "off" by default.
-      TELEMETRY: "on" # Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
-      MASTER_KEY: "REPLACE_MASTER_KEY" # The admin master key for accessing the API. Change this in any production installation.
-      CORS_ALLOWED_ORIGIN: "*" # The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
-      DISPLAY_KEYS: "on" # Show keys permanently in UI (until deleted) as opposed to 1-time display.
-      DATABASE: "sqlite" # Database to use - sqlite, postgres, or rqlite
-      NODE_ID: "netmaker-server-1" # used for HA - identifies this server vs other servers
-      SERVER_BROKER_ENDPOINT: ""ws://mq:1883""  # the address of the mq server. If running from docker compose it will be "mq". Otherwise, need to input address. If using "host networking", it will find and detect the IP of the mq container.
-      MQ_USERNAME: "REPLACE_MQ_USERNAME" # the username to set for MQ access
-      MQ_PASSWORD: "REPLACE_MQ_PASSWORD" # the password to set for MQ access
-      STUN_PORT: "3478" # the reachable port of STUN on the server
-      VERBOSITY: "1" # logging verbosity level - 1, 2, or 3
-      # this section is for OAuth
-      AUTH_PROVIDER: "" # "<azure-ad|github|google|oidc>"
-      CLIENT_ID: "" # "<client id of your oauth provider>"
-      CLIENT_SECRET: "" # "<client secret of your oauth provider>"
-      FRONTEND_URL: "" # "https://dashboard.<netmaker base domain>"
-      AZURE_TENANT: "" # "<only for azure, you may optionally specify the tenant for the OAuth>"
-      OIDC_ISSUER: "" # https://oidc.yourprovider.com - URL of oidc provider
-      DEFAULT_PROXY_MODE: "off" # if ON, all new clients will enable proxy by default if OFF, all new clients will disable proxy by default, if AUTO, stick with the existing logic for NAT detection
-      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN" # domain for your turn server
-      TURN_SERVER_API_HOST: "https://turnapi.NETMAKER_BASE_DOMAIN" # domain of the turn api server
-      TURN_PORT: "3479" #  port to access turn server
-      TURN_USERNAME: "REPLACE_TURN_USERNAME"  # the username to set for turn api access
-      TURN_PASSWORD: "REPLACE_TURN_PASSWORD" #  the password to set for turn api access
-      USE_TURN: "true" #config for using turn, accepts either true/false
-    ports:
-      - "3478:3478/udp" # the stun port
-  netmaker-ui:  # The Netmaker UI Component
-    container_name: netmaker-ui
-    image: gravitl/netmaker-ui:REPLACE_UI_IMAGE_TAG
-    depends_on:
-      - netmaker
-    links:
-      - "netmaker:api"
-    restart: always
-    environment:
-      BACKEND_URL: "https://api.NETMAKER_BASE_DOMAIN" # URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT
-  caddy: # The reverse proxy that manages traffic for Netmaker
-    image: caddy:2.6.2
-    container_name: caddy
-    restart: unless-stopped
-    volumes:
-      - /root/Caddyfile:/etc/caddy/Caddyfile # Config file for Caddy
-      - /root/certs:/root/certs
-      - caddy_data:/data
-      - caddy_conf:/config
-    ports:
-      - "80:80"
-      - "443:443"
-  coredns: # The DNS Server. CoreDNS can be removed unless doing special advanced use cases
-    container_name: coredns
-    image: coredns/coredns
-    command: -conf /root/dnsconfig/Corefile
-    depends_on:
-      - netmaker
-    restart: always
-    volumes:
-      - dnsconfig:/root/dnsconfig
-  mq: # the mqtt broker for netmaker
-    container_name: mq
-    image: eclipse-mosquitto:2.0.15-openssl
-    depends_on:
-      - netmaker
-    restart: unless-stopped
-    command: ["/mosquitto/config/wait.sh"]
-    environment:
-      MQ_PASSWORD: "REPLACE_MQ_PASSWORD" # must be same value as in netmaker env 
-      MQ_USERNAME: "REPLACE_MQ_USERNAME" # must be same value as in netmaker env
-    volumes:
-      - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
-      - /root/wait.sh:/mosquitto/config/wait.sh
-      - mosquitto_logs:/mosquitto/log
-    ports:
-      - "1883:1883"
-      - "8883:8883"
-  turn:
-    container_name: turn
-    image: gravitl/turnserver:v1.0.0
-    network_mode: "host"
-    volumes:
-      - turn_server:/etc/config
-    environment:
-      DEBUG_MODE: "off"
-      VERBOSITY: "1"
-      TURN_PORT: "3479"
-      TURN_API_PORT: "8089"
-      CORS_ALLOWED_ORIGIN: "*"
-      TURN_SERVER_HOST: "turn.NETMAKER_BASE_DOMAIN"
-      USERNAME: "REPLACE_TURN_USERNAME"
-      PASSWORD: "REPLACE_TURN_PASSWORD"
-      USE_TURN: "true"
-volumes:
-  caddy_data: {} # runtime data for caddy
-  caddy_conf: {} # configuration file for Caddy
-  shared_certs: {} # netmaker certs generated for MQ comms - used by nodes/servers
-  sqldata: {} # storage for embedded sqlite
-  dnsconfig: {} # storage for coredns
-  mosquitto_logs: {} # storage for mqtt logs
-  turn_server: {}

compose/docker-compose.yml

@@ -1,6 +1,7 @@
 version: "3.4"
 
 services:
+
   netmaker:
     container_name: netmaker
     image: gravitl/netmaker:$SERVER_IMAGE_TAG
@@ -9,17 +10,39 @@ services:
     volumes:
       - dnsconfig:/root/config/dnsconfig
       - sqldata:/root/data
+    environment:
+      # config-dependant vars
+      - STUN_LIST=stun.${NM_DOMAIN}:${STUN_PORT},stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302
+      # The domain/host IP indicating the mq broker address
+      - BROKER_ENDPOINT=wss://broker.${NM_DOMAIN}
+      # The base domain of netmaker
+      - SERVER_NAME=${NM_DOMAIN}
+      - SERVER_API_CONN_STRING=api.${NM_DOMAIN}:443
+      # Address of the CoreDNS server. Defaults to SERVER_HOST
+      - COREDNS_ADDR=${SERVER_HOST}
+      # Overrides SERVER_HOST if set. Useful for making HTTP available via different interfaces/networks.
+      - SERVER_HTTP_HOST=api.${NM_DOMAIN}
+      # domain for your turn server
+      - TURN_SERVER_HOST=turn.${NM_DOMAIN}
+      # domain of the turn api server
+      - TURN_SERVER_API_HOST=https://turnapi.${NM_DOMAIN}
     ports:
       - "3478:3478/udp"
+
   netmaker-ui:
     container_name: netmaker-ui
     image: gravitl/netmaker-ui:$UI_IMAGE_TAG
     env_file: ./netmaker.env
+    environment:
+      # config-dependant vars
+      # URL where UI will send API requests. Change based on SERVER_HOST, SERVER_HTTP_HOST, and API_PORT
+      BACKEND_URL: "https://api.${NM_DOMAIN}"
     depends_on:
       - netmaker
     links:
       - "netmaker:api"
     restart: always
+
   caddy:
     image: caddy:2.6.2
     container_name: caddy
@@ -35,6 +58,7 @@ services:
     ports:
       - "80:80"
       - "443:443"
+
   coredns:
     container_name: coredns
     image: coredns/coredns
@@ -52,22 +76,32 @@ services:
     depends_on:
       - netmaker
     restart: unless-stopped
-    command: ["/mosquitto/config/wait.sh"]
+    command: [ "/mosquitto/config/wait.sh" ]
     volumes:
       - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
       - ./wait.sh:/mosquitto/config/wait.sh
       - mosquitto_logs:/mosquitto/log
+      - mosquitto_data:/mosquitto/data
+
   turn:
     container_name: turn
     image: gravitl/turnserver:v1.0.0
     env_file: ./netmaker.env
+    environment:
+      # config-dependant vars
+      - USERNAME=${TURN_USERNAME}
+      - PASSWORD=${TURN_PASSWORD}
+      # domain for your turn server
+      - TURN_SERVER_HOST=turn.${NM_DOMAIN}
     network_mode: "host"
     volumes:
       - turn_server:/etc/config
+
 volumes:
-  caddy_data: {}
-  caddy_conf: {}
-  sqldata: {}
-  dnsconfig: {}
-  mosquitto_logs: {}
-  turn_server: {}
+  caddy_data: { } # runtime data for caddy
+  caddy_conf: { } # configuration file for Caddy
+  sqldata: { }
+  dnsconfig: { } # storage for coredns
+  mosquitto_logs: { } # storage for mqtt logs
+  mosquitto_data: { } # storage for mqtt data
+  turn_server: { }

docker/Caddyfile

@@ -41,7 +41,7 @@ https://turn.{$NM_DOMAIN} {
 # TURN API
 https://turnapi.{$NM_DOMAIN} {
 	tls /root/certs/fullchain.pem /root/certs/privkey.pem
-    reverse_proxy http://host.docker.internal:8089
+	reverse_proxy http://host.docker.internal:8089
 }
 
 # MQ

scripts/netmaker.env

@@ -1,56 +1,82 @@
+# Email used for SSL certificates
 NM_EMAIL=
+# The base domain of netmaker
 NM_DOMAIN=
+# Public IP of machine
 SERVER_HOST=
+# The admin master key for accessing the API. Change this in any production installation.
 MASTER_KEY=
+# The username to set for turn api access
 TURN_USERNAME=
+# The password to set for turn api access
 TURN_PASSWORD=
+# The username to set for MQ access
 MQ_USERNAME=
+# The password to set for MQ access
 MQ_PASSWORD=
 INSTALL_TYPE=
 NETMAKER_ACCOUNT_ID=
 LICENSE_KEY=
 SERVER_IMAGE_TAG=
 UI_IMAGE_TAG=
-METRICS_EXPORTER=off
-PROMETHEUS=off
-
-#
-# DO NOT EDIT BELOW
-#
-# Base config for NetMaker
-# depends on:
-# - NM_DOMAIN
-# - SERVER_HOST
-
-BROKER_ENDPOINT="wss://broker.$NM_DOMAIN"
-SERVER_NAME="$NM_DOMAIN"
-STUN_LIST="stun.$NM_DOMAIN:3478,stun1.netmaker.io:3478,stun2.netmaker.io:3478,stun1.l.google.com:19302,stun2.l.google.com:19302"
-SERVER_API_CONN_STRING="api.$NM_DOMAIN:443"
-COREDNS_ADDR="$SERVER_HOST"
+# used for HA - identifies this server vs other servers
+NODE_ID="netmaker-server-1"
+METRICS_EXPORTER="off"
+PROMETHEUS="off"
+# Enables DNS Mode, meaning all nodes will set hosts file for private dns settings
 DNS_MODE="on"
-SERVER_HTTP_HOST="api.$NM_DOMAIN"
+# Enable auto update of netclient ? ENUM:- enabled,disabled | default=enabled
 NETCLIENT_AUTO_UPDATE="enabled"
+# The HTTP API port for Netmaker. Used for API calls / communication from front end.
+# If changed, need to change port of BACKEND_URL for netmaker-ui.
 API_PORT="8081"
+EXPORTER_API_PORT="8085"
+# The "allowed origin" for API requests. Change to restrict where API requests can come from with comma-separated
+# URLs. ex:- https://dashboard.netmaker.domain1.com,https://dashboard.netmaker.domain2.com
 CORS_ALLOWED_ORIGIN="*"
+# Show keys permanently in UI (until deleted) as opposed to 1-time display.
 DISPLAY_KEYS="on"
+# Database to use - sqlite, postgres, or rqlite
 DATABASE="sqlite"
-NODE_ID="netmaker-server-1"
+# The address of the mq server. If running from docker compose it will be "mq". Otherwise, need to input address.
+# If using "host networking", it will find and detect the IP of the mq container.
 SERVER_BROKER_ENDPOINT="ws://mq:1883"
+# The reachable port of STUN on the server
 STUN_PORT="3478"
+# Logging verbosity level - 1, 2, or 3
 VERBOSITY="1"
+# If ON, all new clients will enable proxy by default
+# If OFF, all new clients will disable proxy by default
+# If AUTO, stick with the existing logic for NAT detection
 DEFAULT_PROXY_MODE="off"
-TURN_SERVER_HOST="turn.$NM_DOMAIN"
-TURN_SERVER_API_HOST="https://turnapi.$NM_DOMAIN"
+# Port to access turn server
 TURN_PORT="3479"
+# Config for using turn, accepts either true/false
 USE_TURN="true"
 DEBUG_MODE="off"
 TURN_API_PORT="8089"
-BACKEND_URL="https://api.$NM_DOMAIN"
-NETMAKER_METRICS_TARGET="netmaker-exporter.$NM_DOMAIN"
-# TODO temp for turn
-USERNAME=$TURN_USERNAME
-# TODO temp for turn
-PASSWORD=$TURN_PASSWORD
-# EE
-#PROMETHEUS_HOST=https://prometheus.$NM_DOMAIN
-PROMETHEUS_HOST="prometheus.$NM_DOMAIN"
+# Enables the REST backend (API running on API_PORT at SERVER_HTTP_HOST).
+# Change to "off" to turn off.
+REST_BACKEND="on"
+# If turned "on", Server will not set Host based on remote IP check.
+# This is already overridden if SERVER_HOST is set. Turned "off" by default.
+DISABLE_REMOTE_IP_CHECK="off"
+# Whether or not to send telemetry data to help improve Netmaker. Switch to "off" to opt out of sending telemetry.
+TELEMETRY="on"
+###
+#
+# OAuth section
+#
+###
+# "<azure-ad|github|google|oidc>"
+AUTH_PROVIDER=
+# "<client id of your oauth provider>"
+CLIENT_ID=
+# "<client secret of your oauth provider>"
+CLIENT_SECRET=
+# "https://dashboard.<netmaker base domain>"
+FRONTEND_URL=
+# "<only for azure, you may optionally specify the tenant for the OAuth>"
+AZURE_TENANT=
+# https://oidc.yourprovider.com - URL of oidc provider
+OIDC_ISSUER=

scripts/nm-quick.sh

@@ -148,13 +148,13 @@ set_buildinfo() {
 # install_yq - install yq if not present
 install_yq() {
 	if ! command -v yq &>/dev/null; then
-		wget -O /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.31.1/yq_linux_$(dpkg --print-architecture)
+		wget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.31.1/yq_linux_$(dpkg --print-architecture)
 		chmod +x /usr/bin/yq
 	fi
 	set +e
 	if ! command -v yq &>/dev/null; then
 		set -e
-		wget -O /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.31.1/yq_linux_amd64
+		wget -qO /usr/bin/yq https://github.com/mikefarah/yq/releases/download/v4.31.1/yq_linux_amd64
 		chmod +x /usr/bin/yq
 	fi
 	set -e
@@ -173,24 +173,43 @@ setup_netclient() {
 	set -e
 
 	# TODO arm support
-	wget -O netclient https://github.com/gravitl/netclient/releases/download/$LATEST/netclient-linux-amd64
+	wget -qO netclient https://github.com/gravitl/netclient/releases/download/$LATEST/netclient-linux-amd64
 	chmod +x netclient
 	./netclient install
 	echo "Register token: $TOKEN"
 	netclient register -t $TOKEN
 
-	echo "waiting for client to become available"
-	wait_seconds 10
+	echo "waiting for netclient to become available"
+	local found=false
+	local file=/etc/netclient/nodes.yml
+	for ((a = 1; a <= 90; a++)); do
+		if [ -f "$file" ]; then
+			found=true
+			break
+		fi
+		sleep 1
+	done
+
+	if [ "$found" = false ]; then
+		echo "Error - $file not present"
+		exit 1
+	fi
 }
 
 # configure_netclient - configures server's netclient as a default host and an ingress gateway
 configure_netclient() {
 
 	NODE_ID=$(sudo cat /etc/netclient/nodes.yml | yq -r .netmaker.commonnode.id)
-	# TODO check error
+	if [ "$NODE_ID" = "" ] || [ "$NODE_ID" = "null" ]; then
+		echo "Error obtaining NODE_ID for the new network"
+		exit 1
+	fi
 	echo "register complete. New node ID: $NODE_ID"
 	HOST_ID=$(sudo cat /etc/netclient/netclient.yml | yq -r .host.id)
-	# TODO check error
+	if [ "$HOST_ID" = "" ] || [ "$HOST_ID" = "null" ]; then
+		echo "Error obtaining HOST_ID for the new network"
+		exit 1
+	fi
 	echo "making host a default"
 	echo "Host ID: $HOST_ID"
 	# set as a default host
@@ -205,7 +224,14 @@ configure_netclient() {
 setup_nmctl() {
 
 	# TODO arm support
-	wget -O /usr/bin/nmctl https://github.com/gravitl/netmaker/releases/download/$LATEST/nmctl-linux-amd64
+	local URL="https://github.com/gravitl/netmaker/releases/download/$LATEST/nmctl-linux-amd64"
+	echo "Downloading nmctl..."
+	wget -qO /usr/bin/nmctl "$URL"
+
+	if [ ! -f /usr/bin/nmctl ]; then
+		echo "Error downloading nmctl from '$URL'"
+		exit 1
+	fi
 
 	chmod +x /usr/bin/nmctl
 	echo "using server api.$NETMAKER_BASE_DOMAIN"
@@ -253,14 +279,7 @@ save_config() { (
 	echo "Saving the config to $CONFIG_PATH"
 	touch "$CONFIG_PATH"
 	save_config_item NM_EMAIL "$EMAIL"
-	save_config_item NM_DOMAIN "$NM_DOMAIN"
-	save_config_item SERVER_HOST "$SERVER_HOST"
-	save_config_item MASTER_KEY "$MASTER_KEY"
-	save_config_item TURN_USERNAME "$TURN_USERNAME"
-	save_config_item TURN_PASSWORD "$TURN_PASSWORD"
-	save_config_item MQ_USERNAME "$MQ_USERNAME"
-	save_config_item MQ_PASSWORD "$MQ_PASSWORD"
-	save_config_item INSTALL_TYPE "$INSTALL_TYPE"
+	save_config_item NM_DOMAIN "$NETMAKER_BASE_DOMAIN"
 	save_config_item UI_IMAGE_TAG "$IMAGE_TAG"
 	# version-specific entries
 	if [ "$INSTALL_TYPE" = "ee" ]; then
@@ -270,23 +289,42 @@ save_config() { (
 		save_config_item PROMETHEUS "on"
 		save_config_item SERVER_IMAGE_TAG "$IMAGE_TAG-ee"
 	else
+		save_config_item METRICS_EXPORTER "off"
+		save_config_item PROMETHEUS "off"
 		save_config_item SERVER_IMAGE_TAG "$IMAGE_TAG"
 	fi
-	# substitute
-	sed -i "s/\$NM_DOMAIN/$NM_DOMAIN/g" "$CONFIG_PATH"
-	sed -i "s/\$SERVER_HOST/$SERVER_HOST/g" "$CONFIG_PATH"
-	# TODO temp
-	sed -i "s/\$TURN_USERNAME/$TURN_USERNAME/g" "$CONFIG_PATH"
-	sed -i "s/\$TURN_PASSWORD/$TURN_PASSWORD/g" "$CONFIG_PATH"
+	# copy entries from the previous config
+	local toCopy=("SERVER_HOST" "MASTER_KEY" "TURN_USERNAME" "MQ_USERNAME" "MQ_PASSWORD"
+		"INSTALL_TYPE" "NODE_ID" "METRICS_EXPORTER" "PROMETHEUS" "DNS_MODE" "NETCLIENT_AUTO_UPDATE" "API_PORT"
+		"CORS_ALLOWED_ORIGIN" "DISPLAY_KEYS" "DATABASE" "SERVER_BROKER_ENDPOINT" "STUN_PORT" "VERBOSITY"
+		"DEFAULT_PROXY_MODE" "TURN_PORT" "USE_TURN" "DEBUG_MODE" "TURN_API_PORT" "REST_BACKEND" "DISABLE_REMOTE_IP_CHECK"
+		"TELEMETRY" "AUTH_PROVIDER" "CLIENT_ID" "CLIENT_SECRET" "FRONTEND_URL" "AZURE_TENANT" "OIDC_ISSUER"
+		"EXPORTER_API_PORT")
+	for name in "${toCopy[@]}"; do
+		save_config_item $name "${!name}"
+	done
+	# preserve debug entries
+	if test -z "$NM_SKIP_BUILD"; then
+		save_config_item NM_SKIP_BUILD "$NM_SKIP_BUILD"
+	fi
+	if test -z "$NM_SKIP_CLONE"; then
+		save_config_item NM_SKIP_CLONE "$NM_SKIP_CLONE"
+	fi
+	if test -z "$NM_SKIP_DEPS"; then
+		save_config_item NM_SKIP_DEPS "$NM_SKIP_DEPS"
+	fi
 ); }
 
 save_config_item() { (
 	local NAME="$1"
 	local VALUE="$2"
+	# echo "NAME $NAME"
+	# echo "VALUE $VALUE"
 	if grep -q "^$NAME=" "$CONFIG_PATH"; then
-		sed -i "s/$NAME=.*/$NAME=$VALUE/" "$CONFIG_PATH"
+		# TODO escape | in the value
+		sed -i "s|$NAME=.*|$NAME='$VALUE'|" "$CONFIG_PATH"
 	else
-		echo "$NAME=$VALUE" >>"$CONFIG_PATH"
+		echo "$NAME=\"$VALUE\"" >>"$CONFIG_PATH"
 	fi
 ); }
 
@@ -327,6 +365,11 @@ local_install_setup() { (
 
 # install_dependencies - install necessary packages to run netmaker
 install_dependencies() {
+
+	if test -n "$NM_SKIP_DEPS"; then
+		return
+	fi
+
 	echo "checking dependencies..."
 
 	OS=$(uname)
@@ -437,10 +480,7 @@ set_install_vars() {
 	fi
 
 	NETMAKER_BASE_DOMAIN=nm.$(echo $IP_ADDR | tr . -).nip.io
-	# TODO dead code?
-	# COREDNS_IP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
 	SERVER_HOST=$IP_ADDR
-	# TODO revert bad merge (Matt)
 	MASTER_KEY=$(
 		tr -dc A-Za-z0-9 </dev/urandom | head -c 30
 		echo ''
@@ -744,22 +784,28 @@ setup_mesh() {
 
 	wait_seconds 5
 
-	echo "Creating netmaker network (10.101.0.0/16)"
+	local networkCount=$(nmctl network list -o json | jq '. | length')
 
-	nmctl network create --name netmaker --ipv4_addr 10.101.0.0/16
+	# add a network if none present
+	if [ "$networkCount" -lt 1 ]; then
+		echo "Creating netmaker network (10.101.0.0/16)"
 
-	wait_seconds 5
+		# TODO causes "Error Status: 400 Response: {"Code":400,"Message":"could not find any records"}"
+		nmctl network create --name netmaker --ipv4_addr 10.101.0.0/16
 
-	echo "Creating netmaker enrollment key"
+		wait_seconds 5
+	fi
+
+	echo "Obtaining a netmaker enrollment key..."
 
 	local tokenJson=$(nmctl enrollment_key create --unlimited --networks netmaker)
 	TOKEN=$(jq -r '.token' <<<${tokenJson})
 	if test -z "$TOKEN"; then
 		echo "Error creating an enrollment key"
 		exit 1
+	else
+		echo "Enrollment key ready"
 	fi
-	# TODO-2 debug
-	echo "TOKEN $TOKEN"
 
 	wait_seconds 3
 
@@ -775,17 +821,28 @@ print_success() {
 	echo "-----------------------------------------------------------------"
 }
 
-stop_docker() {
+cleanup() {
+	# remove the existing netclient's instance from the existing network
+	if command -v nmctl >/dev/null 2>&1; then
+		local node_id=$(netclient list | jq '.[0].node_id' 2>/dev/null)
+		# trim doublequotes
+		node_id="${node_id//\"/}"
+		if test -n "$node_id"; then
+			echo "De-registering the existing netclient..."
+			nmctl node delete netmaker $node_id >/dev/null 2>&1
+		fi
+	fi
+
 	echo "Stopping all containers..."
 	local containers=("mq" "netmaker-ui" "coredns" "turn" "caddy" "netmaker" "netmaker-exporter" "prometheus" "grafana")
 	for name in "${containers[@]}"; do
 		local running=$(docker ps | grep -w "$name")
 		local exists=$(docker ps -a | grep -w "$name")
 		if test -n "$running"; then
-			docker stop "$name"
+			docker stop "$name" 1>/dev/null
 		fi
 		if test -n "$exists"; then
-			docker rm "$name"
+			docker rm "$name" 1>/dev/null
 		fi
 	done
 }
@@ -809,7 +866,9 @@ set -e
 # 6. get user input for variables
 set_install_vars
 
-stop_docker
+set +e
+cleanup
+set -e
 
 # 7. get and set config files, startup docker-compose
 install_netmaker