Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kamal 2: fixing docker user permission automatically on setup? #980

Open
imWildCat opened this issue Sep 26, 2024 · 9 comments · May be fixed by #1095
Open

kamal 2: fixing docker user permission automatically on setup? #980

imWildCat opened this issue Sep 26, 2024 · 9 comments · May be fixed by #1095

Comments

@imWildCat
Copy link

this issue has been existing from kamal 1

  ERROR (SSHKit::Command::Failed): Exception while executing on host 20.64.146.45: docker exit status: 1
docker stdout: Nothing written
docker stderr: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/images/create?fromImage=registry.gitlab.com%2Fcat-studio%2Fdemo_rails8_tailwind_auth%2Fraills-app&tag=aed00caeedff437959b8a1638346d1843680bdaa": dial unix /var/run/docker.sock: connect: permission denied

this is on a fresh setup

we have to run something like

azureuser@rails-8-demos:~$ sudo groupadd docker
sudo usermod -aG docker $USER
groupadd: group 'docker' already exists

if the team is ok with this I can open a PR
@dhh
Copy link
Member

dhh commented Oct 4, 2024

This is when you're using a non-root ssh user? Would be nice if that case didn't require anything special, yeah. Please do explore a PR.

@imWildCat
Copy link
Author

yes. going to draft a PR!

@nikhilbhatt
Copy link

nikhilbhatt commented Oct 6, 2024
edited
Loading

The documentation notes that if we're using a non-root user, we need to manually bootstrap the server (https://kamal-deploy.org/docs/configuration/ssh/).

I looked into codebase, and came up with this pseudo-code approach

kamal/lib/kamal/cli/server.rb

Lines 33 to 35 in e34031f

info "Missing Docker on #{host}. Installing…"
execute *KAMAL.docker.install
else

After line 34

unless KAMAL.config.ssh.user == 'root'
  info "Adding User #{KAMAL.config.ssh.user} to group docker"
  execute *KAMAL.docker.add_group(KAMAL.config.ssh.user)
end

#lib/kamal/commands/docker.rb
def add_group(username)
  shell ["sudo usermod -aG docker #{username}"]
end

@imWildCat
Copy link
Author

@nikhilbhatt thanks! do you want to create this PR?

@nikhilbhatt
Copy link

@imWildCat Please go ahead as you have already opened up the issue and working on it.

@NeilW
Copy link

NeilW commented Oct 8, 2024
edited
Loading

Probably better just to add another command sequence to docker.rb following the pattern of the superuser? method and run that on the servers.

def add_group 
  [ '[ "${EUID:-$(id -u)}" -eq 0 ] || sudo usermod -aG docker "${USER:-$(id -un)}"' ]
end

then add execute *KAMAL.docker.add_group after the install line in server.rb

That's far easier to add to the existing Kamal::Commands::Docker tests than anything conditional.

NeilW added a commit to brightbox/kamal that referenced this issue Oct 10, 2024
@NeilW
Add user to docker group if not superuser
0476ab6 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
NeilW added a commit to brightbox/kamal that referenced this issue Oct 10, 2024
@NeilW
Add user to docker group if not superuser
4f93502 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
@NeilW NeilW linked a pull request Oct 10, 2024 that will close this issue
Open
@NeilW
Copy link

NeilW commented Oct 10, 2024

I hope you'll forgive me for butting in here and opening the PR to fix this.

Comments welcome.

@imWildCat
Copy link
Author

I hope you'll forgive me for butting in here and opening the PR to fix this.

Comments welcome.

No worries at all! I’m too busy recent days. Apologies for the delay!

NeilW added a commit to brightbox/kamal that referenced this issue Oct 11, 2024
@NeilW
Add user to docker group if not superuser
86af751 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
NeilW added a commit to brightbox/kamal that referenced this issue Oct 11, 2024
@NeilW
Add user to docker group if not superuser
61a92dd 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
NeilW added a commit to brightbox/kamal that referenced this issue Oct 11, 2024
@NeilW
Add user to docker group if not superuser
178a9da 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
NeilW added a commit to brightbox/kamal that referenced this issue Oct 12, 2024
@NeilW
Add user to docker group if not superuser
4cc142e 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
@ashish-stargaze
Copy link

+1 -- either having it automated as part of kamal setup or a warning / log message at least would be nice!

NeilW added a commit to brightbox/kamal that referenced this issue Oct 25, 2024
@NeilW
Add user to docker group if not superuser
77311e6 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
NeilW added a commit to brightbox/kamal that referenced this issue Oct 25, 2024
@NeilW
Add user to docker group if not superuser
f165f1d 
This allows docker commands to function with a non-root
ssh user

Fixes: basecamp#980
@AxelTheGerman AxelTheGerman mentioned this issue Nov 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add user to docker group if not superuser brightbox/kamal
5 participants
@dhh @NeilW @imWildCat @nikhilbhatt @ashish-stargaze