Open dosilyoun opened 2 years ago
It has 777 instead of 700. Unfortunately chmod can't change these.
What chmod
command did you run? Was it chmod 0700 /home/ansible/.ssh
? I believe the leading zero is required.
Hi @dosilyoun ,
Could you please tell me more about your setup, in particular the version of windows (start -> run -> winver). Also, what version of Docker do you have
On older versions of Windows/Docker, the volume mounts sometimes don't work as expected.
This sounds like what you're seeing as automatically, when the instances start it also attempts to correct any file permissions, if they are incorrect. Also, you're running a chmod but it's having no impact.
Because of this, when SSH is executing it's flagging the keys as a security risk.
Let me know the details above and we'll see what we can do, alternatively I do also have some workarounds that we could try otherwise.
Also, in case you haven't seen, you can run the lab now via Google Cloud Shell. If you're following along on the course it's in this video - https://youtu.be/yT7NjpvhwVM - Instructions start at 08:00
p.s. @domainfun thanks for your help on this, appreciate you stepping in also!
Hi @spurin!
The windows version is 21H1 build 19043.1586 and The docker version is 4.7.1 (77678). If there is any possibility to solve it on my PC, I go for it. Let's make the Google Cloud Shell as a B plan.
Your windows version looks good! Did you have Docker already installed? Could you try running the latest version of Docker Desktop
@spurin This is the newest version. What do you think?
Docker Desktop 4.7.1 (77678) is currently the newest version available.
@spurin Finally I changed the /home/ansible/.ssh to 700 and /home/ansible/.ssh/authorized_keys to 600
Then I run the sshd with debug on ubuntu1: sudo /usr/sbin/sshd -d -p 22
(sudo is needed because without it, the sshd can't find host_keys).
The result is this: ```
debug1: trying public key file /home/ansible/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/ansible/.ssh/authorized_keys': Permission denied
@spurin
Finally I got the ssh working.
Do you have any idea how it can work out-of-box?
Hi @dosilyoun
Great to hear you've got it working. It should work, out of the box. Was you running a prior version of either windows/Docker and then upgraded?
If so, the directory structure would have retained incorrect permissions.
You could test this if you like by stopping the environment, removing/renaming the ansible_home directory and then restarting (it will get recreated).
Let me know if you give this a try 👍
Hi there! I have the same problem. Try to reinstall ansible-lab for 3 times and delete all volumes. The sameresult. Try to use different permissions. @spurin, can you give more details about what exactly needs to be done for each of the hosts?
Hi @Axell87
Sorry to hear you're having this issue, in the interim, the google cloud shell environment will be the best whilst we troubleshoot.
Can you please tell me what version of Docker Desktop you're using and if you're on windows, what version (start/run/winver).
Thanks
One minute! its ok! Thanks @spurin !! I don't know how to use the google cloud shell, so i try to use this in ubuntu1 host Modify the owners on hosts of .ssh and authorized keys to ansible Then set 700 to .ssh folder and 600 to authorized_keys. I do it with root, but nothing heppen as I guess. Rights have not changed. @dosilyoun can you elaborate on what needs to be done?
Docker is: 20.10.17, build 100c701 Windows: 10 Pro 21H2, 19044.1889
my commands are:
root@ubuntu1:/home/ansible# chown -R ansible:ansible /home/ansible/.ssh/
root@ubuntu1:/home/ansible# chmod -R 700 /home/ansible/.ssh/
root@ubuntu1:/home/ansible# chmod -R 600 /home/ansible/.ssh/authorized_keys
As i understand we can't use chmod in WSL: We explicitly do not change Windows ACLs on them today based on chown/chmod. These commands work with full fidelity on the Linux filesystem in the lxss folder.
So, how i can fix it and start lab?
Hi @Axell87
Unfortunately, the issue you're facing is a Docker/WSL issue where the permissions are not working as expected.
It's frustrating as it's one I can't fix as its system specific.
As the permissions are not being honoured, they are stuck as wide open - rwxrwxrwx ... ssh, doesn't like wide open permissions so it's blocking its use.
Alternatively, you can launch the lab for free using Google Cloud Shell. All you need is a google account and it's a one button click to launch. See https://diveinto.com/p/playground
Then, follow the tutorial on the right hand side 👍
Edit: looking at your OS and Docker version it appears to be current. Have you customised your WSL environment in any way? Also, are you running in a WSL terminal or the command prompt?
Hello @spurin ! Thanks for you answers!
I update WSL with latest update files: wsl_update_x64 , enable WSL2, instead of WSL. Enable to use WSL2 in OS.
I usually do that.
I run WSL with ubuntu WSL terminal in Visual Studio Code.
Sorry for language.
@Axell87 can you please share a screenshot of Docker Settings, Resources, WSL Integration
Also, please share the output of
wsl.exe -l -v
@spurin sure!!!
Can you try toggling off Ubuntu WSL 2 support.
In the diveintoansible-lab directory, rename ansible_home to something else (or remove it).
Then, using a standard command prompt, can you cd to the diveintoansible-lab directory and run -
docker-compose down -v docker-compose up
When it's running see if the permissions are as expected
Ok!! i'l try it tommorow and answer!! Thanks a lot!
Hi @Axell87
This may actually be quite simple, where have you checked out the diveintoansible-lab?
If you haven't already, can you check it out to /Users/yourname (whatever your username is) and try it from there.
Thanks
James
@spurin screenshots attached below
Hi @Axell87
Please re-enable the WSL2 option but leave everything else as it is, then
docker-compose rm docker-compose up
It may be better to move this issue to Slack if you have that? You could ping me there. Here's an invite link http://community.diveinto.com
to Slack if you have that? - i don't have but i try to join.
UNIX users directories in a new ansible_home directory - empty!
Hi @Axell87
Are you running the command prompt as an admin user?
The diveintoansible-lab folder needs to be in a standard user account and when running it from the command prompt, this needs to be using a standard command prompt as the same user.
I am the only one user on machine and i am administrator. I run PS in visual studio code, on screens before. Should i run it from CMD (as administrator)?? or i can run it from WSL console? I can do it also without visual studio code. The same commands?
docker-compose rm
docker-compose up
or i can remove disks too with -v
If i have free tile i also try to do the same with Windows 11 OS. May be it will work fine with docker for desktop and ansible.
W11 21H2 (22000.856) - the same result.
Hi @Axell87
If you're able to ping me via email, firstname@surname.com, I'll schedule a video session to troubleshoot this. I suspect it's WSL related still but going back and forth for this on GitHub will be tedious, let's fix and report back afterwards.
I'm using wsl to set up the lab, but I'm facing the similar issue. Unable to change owner, permission. even from the root user, I could not change them.
Hi @basireddym
In the lab setup video I put a warning about using a WSL shell for setup but, I'm not too sure why this is being missed.
From what I've found, there's an issue with the WSL Docker integration and it breaks permissions. Unfortunately it seems that once this is done, the bad permissions will remain until the lab is completely removed and started again, outside of WSL.
Could you please do the following -
Please let me know how you get on.
Checked out master branch
More information: I am on windows :(