Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

spin provision using sudo password fails #138

Closed
lucagrueninger opened this issue Dec 10, 2024 · 4 comments
Closed

spin provision using sudo password fails #138

lucagrueninger opened this issue Dec 10, 2024 · 4 comments
Assignees
@jaydrogers
Labels
🧐 Bug: Needs Confirmation Something isn't working, but needs to be confirmed by a team member.

Comments

@lucagrueninger
Copy link

Current Behavior

After configuring the .spin.yml file with "use_passwordless_sudo: false" and adding the password: in the users array I try to run spin provision.

First, an input "BECOME password: " pops up - I press enter without entering anything.
It then proceeds to run through until "TASK [Gathering Facts]" and fails with error:
"fatal: [server01.myserver.com]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: myusername@server01.myserver.com: Permission denied (publickey,password).", "unreachable": true}
"

Expected Behavior

I guess it should try to connect using root@server01.myserver.com as the user with myusername does not exist yet?

Steps To Reproduce

  1. configure .spin.yml
  2. spin provision

Environment

Spin Version: 
v3.0.0-beta2 [beta] (User Installed)

Operating System Version: 
ProductName:            macOS
ProductVersion:         14.6.1
BuildVersion:           23G93

Docker Info: 
WARNING: daemon is not using the default seccomp profile
Client:
 Version:    27.3.1
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.17.1-desktop.1
    Path:     /Users/myusername/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.7-desktop.1
    Path:     /Users/myusername/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.37
    Path:     /Users/myusername/.docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Alpha) (Docker Inc.)
    Version:  v0.0.15
    Path:     /Users/myusername/.docker/cli-plugins/docker-desktop
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /Users/myusername/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.27
    Path:     /Users/myusername/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /Users/myusername/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.3.0
    Path:     /Users/myusername/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/myusername/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.14.0
    Path:     /Users/myusername/.docker/cli-plugins/docker-scout

Server:
 Containers: 16
  Running: 3
  Paused: 0
  Stopped: 13
 Images: 20
 Server Version: 27.3.1
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 472731909fa34bd7bc9c087e4c27943f9835f111
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.10.11-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 10
 Total Memory: 7.654GiB
 Name: docker-desktop
 ID: 32cecef7-8648-4a6a-ba9f-9443e1588cf5
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/myusername/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Anything else?

No response
@jaydrogers jaydrogers added the 🧐 Bug: Needs Confirmation Something isn't working, but needs to be confirmed by a team member. label Dec 10, 2024
@jaydrogers jaydrogers self-assigned this Dec 10, 2024
@jaydrogers jaydrogers moved this to Backlog in Spin v3.0 Dec 10, 2024
@lucagrueninger
Copy link
Author

Something I just noticed, a task prior to this throws a warning, don't know if this is related.

TASK [Create servers] ************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]
[WARNING]: Could not match supplied host pattern, ignoring: newly_created_servers

@jaydrogers
Copy link
Member

@lucagrueninger: To confirm, this is a brand new server that you want to provision, correct?

Does this do anything different?

spin provision -u root

You might get the "BECOME PASSWORD" prompt, but I wonder if you can press enter through that?

@lucagrueninger
Copy link
Author

@jaydrogers correct, it is a fresh server.
running it with "-u root" does fix it, the "BECOME password:" prompt also doesn't appear that way.
The command runs through and I was able to ssh using the myusername where I was then prompted to change the password.

jaydrogers added a commit that referenced this issue Dec 10, 2024
@jaydrogers
Add notes on spin provison (#138)
fa2f10f
@jaydrogers
Copy link
Member

It was a documentation issue, thanks for pointing this out.

I updated the docs to be clearer 👍

fa2f10f

@github-project-automation github-project-automation bot moved this from Backlog to Done in Spin v3.0 Dec 10, 2024
jaydrogers added a commit that referenced this issue Dec 19, 2024
@jaydrogers @danpastori
Spin v3 Release (#131)
dd05687 
* Added .spin.yml to gitignore

* Remove encryption

* Shellcheck fixes

* Shellcheck improvments

* Improved error message

* Shellcheck improvements

* Cleaned up Ansible variable retrieval and prompts

* Allow force upgrade of collection

* Set inventory

* Added force flag to prune

* Set remote user and target

* Added Spin maintain and restructured provision

* Revert collection name

* Added cursor rules

* Regoranized and centralized functions

* Restructured Ansible functionality

* Reorganized file

* A-z function names

* Restructured to support smooth upgrades from Spin v2

* Reset temporary collection source

* Added other projects

* Added extra space

* Added other projects

* Added Spin Hub

* Fixed laravel basic link

* Improved Ansible vault support

* Initial docs update

* Fix 404 links

* Fix responsive images

* Set latest pre-release track only

* Fix date command

* Revert install behavior

* Fix quotes

* Added notes

* Add 'Get Help' documentation page

* Add documentation for testing new releases of Spin

* Added environments to spin provision and maintain

* Added help notes

* Added canonical URLs

* Refactor validation logic in project setup

- Moved CI folder creation logic into the validate_project_setup function.
- Added validate_spin_yml function to check for the existence of .spin.yml.
- Updated action_maintain and action_provision to call validate_spin_yml for improved validation flow.

* Added canonical URLs to documentation files for improved SEO and accessibility.

* Added "gh" documentation

* Added comparison table

* Reorganized the "Automated Deployments with GitHub Actions" section in the deployment strategy documentation for clarity and consistency. The content was moved to improve the flow of information, ensuring users can easily access deployment guides.

* Enhance troubleshooting documentation for service management in Docker

- Added guidelines for diagnosing connection issues between services, including checks for environment variables and service passwords.
- Included instructions for stopping services, removing volumes, configurations, and networks using Docker commands.
- Added a section on pruning unused resources to free up disk space.

These updates aim to provide clearer guidance for users managing Docker services and troubleshooting common issues.

* Added maintenance image

* Remove canonical

* Added explanation of spin maintain

* Added firewall notes

* Update volume mount path in run_gh function from /workdir to /app for improved clarity in Docker configuration

* Add notes on spin provison (#138)

* Fix example

* Update "Use Any Host" documentation to clarify Spin's compatibility with various hosting environments and link to server requirements

* Improve argument parsing. Fixes #136

* Documentation UX updates (#139)

* Keeps the active page in view on the navigation

* Installed hotkeys for FF support fixes #107

* Fix typo in comment

* Set authorized keys for deployment (if set)

* Support deployments without dockerfiles (Ref #118)

* Fix array

* Fix doc titles

* Remove unnecessary blank line in NPM/Yarn installation documentation

* Enhance deploy script to allow customizable Docker registry image. Default to 'registry:2' if not specified. This improves flexibility for deployments.

* Fix Docker command in troubleshooting documentation to ensure 'sudo' is used consistently for executing commands in containers.

* Added Spin v2 to v3 migration guide

* Enhance deploy script: add cleanup for unused Docker images, update image tagging to use timestamp, and improve variable naming for clarity.

* Refactor Ansible vault password validation in functions.sh to improve error handling and user feedback. The script now checks if the variable file is encrypted before validating the password, and provides clearer error messages for invalid passwords.

* Refactor deploy script to improve variable naming for SSH user and port. Updated variables from 'ssh_user' and 'ssh_port' to 'SPIN_SSH_USER' and 'SPIN_SSH_PORT' for better clarity and consistency.

* Changed docker builds from localhost for 127.0.0.1 so it matches Docker's insecure registry defaults without requiring https

* Enhance Spin debugging capabilities: added SPIN_DEBUG environment variable to enable debug logs in the spin script. Updated documentation to include instructions for using SPIN_DEBUG for troubleshooting and added examples for Docker health check failures.

* Fix path references to Ansible vault when running with Docker

* Refactor Ansible vault argument handling to support local and Docker runs. The `set_ansible_vault_args` function now accepts a `run_type` parameter, allowing for different vault password file paths based on the execution context. This improves flexibility and clarity in vault management.

* Ready for v3 stable 🥳

---------

Co-authored-by: Dan Pastori <dan@521dimensions.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jaydrogers jaydrogers

Labels
🧐 Bug: Needs Confirmation Something isn't working, but needs to be confirmed by a team member.
Projects
Spin v3.0
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jaydrogers @lucagrueninger