search

kasmtech / workspaces-issues

18 stars 4 forks source link

[Bug] - Create image from session - VNC server already running #637

Open Avalancs opened 5 hours ago

Avalancs commented 5 hours ago

Existing Resources

Describe the bug When creating an image from a session (with root user) and using that image in a newly created workspace (as non-root user and persistent profile) the container does not start up because of vnc:

Warning: kasm:1 is taken because of /tmp/.X1-lock
Remove this file if there is no X server kasm:1
A VNC server is already running as :1

Attached log file: vncissue.log

To Reproduce Steps to reproduce the behavior:

  1. Create a new workspace from kasmweb/ubuntu-noble-desktop:1.16.0 image called "Mysession" and change the following settings changed: 
    Friendly Name: Mysession
Docker Image: kasmweb/ubuntu-noble-desktop:1.16.0
Docker Run Config Override:
{
"hostname": "kasm",
"user": "root"
}
  2. Start new Workspace of Mysession, install and remove some programs, install sudo in the terminal
  3. Leave the session through the control panel
  4. Go to Admin > Admin > Sessions and "Create Image" with name "mysession:latest", without any repository set
  5. Go back to Workspaces and start "Snapshot of Mysession" > this should work
  6. Go to Admin > Workspaces > Workspaces and Add Workspace "Mysession2" with the following settings changed: 
    Friendly Name: Mysession2
Persistent Profile Path: /data/kasm_profiles/mysession2/{user_id}
Docker Image: mysession:latest
Docker Run Config Override:
{
"hostname": "kasm",
"environment": {
"KASM_DEBUG": 1
}
}
  7. Go to Workspaces and start Mysession2
  8. It will not start up, export logs from machine with docker logs (containername) >& vncissue.log

Expected behavior When the container starts up as non-root it will clear out vnc files from previous run

Workspaces Version Version 1.16

Workspaces Installation Method Single Server, all docker containers in a single KVM

Client Browser (please complete the following information):

Workspace Server Information (please provide the output of the following commands):

Server: Containers: 11 Running: 10 Paused: 0 Stopped: 1 Images: 25 Server Version: 27.3.1 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Using metacopy: false Native Overlay Diff: true userxattr: true Logging Driver: json-file Cgroup Driver: systemd Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan kasmweb/sidecar:1.0 macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog Swarm: inactive Runtimes: runc io.containerd.runc.v2 Default Runtime: runc Init Binary: docker-init containerd version: 7f7fdf5fed64eb6a7caf99b3e12efcf9d60e311c runc version: v1.1.14-0-g2c9f560 init version: de40ad0 Security Options: seccomp Profile: builtin cgroupns Kernel Version: 6.8.4-2-pve Operating System: Debian GNU/Linux 12 (bookworm) OSType: linux Architecture: x86_64 CPUs: 30 Total Memory: 29.3GiB Name: ***** ID: 87fc8f6c-b1c0-4745-aa37-087b2e886b28 Docker Root Dir: /var/lib/docker Debug Mode: false Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

 - `sudo docker ps | grep kasm`

5be0ed59eae7 kasmweb/proxy:1.16.0 "/docker-entrypoint.…" 46 hours ago Up 44 hours 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp kasm_proxy 2f88ff8e19c0 kasmweb/agent:1.16.0 "/bin/sh -c '/usr/bi…" 46 hours ago Up 44 hours (healthy) 4444/tcp kasm_agent 2310b962d2bc kasmweb/rdp-https-gateway:1.16.0 "/opt/rdpgw/rdpgw" 46 hours ago Up 44 hours (healthy) kasm_rdp_https_gateway 48d5c5411126 kasmweb/share:1.16.0 "/bin/sh -c '/usr/bi…" 46 hours ago Up 44 hours (healthy) 8182/tcp kasm_share aba2b8411c69 redis:5-alpine "docker-entrypoint.s…" 46 hours ago Up 44 hours 6379/tcp kasm_redis 6709900fe0b5 kasmweb/manager:1.16.0 "/usr/bin/startup.sh…" 46 hours ago Up 44 hours (healthy) 8181/tcp kasm_manager 1c61b719c148 kasmweb/kasm-guac:1.16.0 "/dockerentrypoint.sh" 46 hours ago Up 44 hours (healthy) kasm_guac e02b5eeca03d kasmweb/rdp-gateway:1.16.0 "/start.sh" 46 hours ago Up 44 hours (healthy) 0.0.0.0:3389->3389/tcp, :::3389->3389/tcp kasm_rdp_gateway c361c95474f7 kasmweb/api:1.16.0 "/bin/sh -c '/usr/bi…" 2 days ago Up 44 hours (healthy) 8080/tcp kasm_api e9c006e4120f postgres:14-alpine "docker-entrypoint.s…" 2 days ago Up 44 hours (healthy) 5432/tcp kasm_db


**Additional context**
I wanted to create an image with all the developer tools for my colleagues in a single ubuntu noble image. 

1. First I tried customization using https://kasmweb.com/docs/latest/how_to/building_images.html but the image did not start up. I checked and we did not have libseccomp high enough version.
2. We re-installed the server with a more fresh version of Debian, but I did not have enough time to re-test the image creation and upload the image, so I thought I could create the image using the session -> create image feature.

I thought I could start up the noble desktop image as root, do all the changes I need while installing sudo, then create a new workspace where by default you are not root and your folders are persisted. I know this might not be a supported use-case, originally I tried to customize the image with Dockerfile but that did not start up correctly either. I will test that again when I have the time and open a separate issue if it still does not work
Avalancs commented 5 hours ago

Update: Running Mysession2 Workspace with the root user seems to make it work.

Docker Run Config Override:
{
  "hostname": "kasm",
  "user": "root",
  "environment": {
    "KASM_DEBUG": 1
  }
}

So it looks like once you have used a Workspace as root you cannot go back to being a regular user. I did forgot to mention that I did chown -R kasm-user:kasm-user $HOME before saving the session to an image, so it should not be the home directory's access rights (especially since I mounted a brand new home directory when I started up Mysession2)