Closed mmrezaie closed 10 months ago
The current version of the package requires you to run the commands as the root user.
The upcoming build (being tested now) will introduce an incus
group, similar to the lxd
group, allowing for select users to directly interact with incus.
Oh, I see. Thanks. I will follow the development to see if I can contribute further down the line.
This has been resolved, the current version of the package will create an incus
group and any member of that group can directly talk to incus without needing root privileges.
I still have this issue with 0.1 release:
user@desktop ~ $ incus list --debug
DEBUG [2023-10-09T07:16:36+02:00] Connecting to a local Incus over a Unix socket
DEBUG [2023-10-09T07:16:36+02:00] Sending request to Incus etag= method=GET url="http://unix.socket/1.0?project=user-1000"
Error: Get "http://unix.socket/1.0?project=user-1000": read unix @->/var/lib/incus/unix.socket.user: read: connection reset by peer
Yes, incus
group exist, but it seems something still wrong:
user@desktop ~ $ id
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),115(lpadmin),136(sambashare),138(incus),999(lxd)
And socket is using incus group:
user@desktop ~ $ ls -lAh /var/lib/incus/unix.socket.user
srw-rw---- 1 root incus 0 oct 9 01:46 /var/lib/incus/unix.socket.user
user@desktop ~ $ ls -lAhn /var/lib/incus/unix.socket.user
srw-rw---- 1 0 138 0 oct 9 01:46 /var/lib/incus/unix.socket.user
I had rebooted after adding myself to incus
group.
Everything works as expected as root:
user@desktop ~ $ sudo incus list --debug
DEBUG [2023-10-09T07:18:47+02:00] Connecting to a local Incus over a Unix socket
DEBUG [2023-10-09T07:18:47+02:00] Sending request to Incus etag= method=GET url="http://unix.socket/1.0"
DEBUG [2023-10-09T07:18:47+02:00] Got response struct from Incus
DEBUG [2023-10-09T07:18:47+02:00]
{
"config": {
"images.auto_update_interval": "0"
},
...
More precise version: 0.1-202310070833-ubuntu22.04
Can you show sudo journalctl -n 300
?
Note that the incus group is for restricted access to Incus, if you intended for your user to have access to Incus similar to what you get as root, it's the incus-admin group that you want instead.
@stgraber sure:
Oh, there are certificate error.
oct 09 10:10:41 desktop incus-user[11416]: time="2023-10-09T10:10:41+07:00" level=info msg="Starting up the server"
oct 09 10:10:41 desktop incus-user[11416]: time="2023-10-09T10:10:41+07:00" level=error msg="Failed to load TLS connection settings: Unable to open client certificate: open /var/lib/incus/users/1000/client.crt:>
окт 09 10:11:16 desktop systemd[1]: incus-user.service: Deactivated successfully.
And this directory is empty:
sudo ls -lAh /var/lib/incus/users/1000/
total 0
But there are certificate and key here:
sudo ls -lAh /var/lib/incus/users/var/lib/incus/users/1000/
total 8,0K
-rw-r--r-- 1 root root 696 oct 9 06:46 client.crt
-rw------- 1 root root 288 oct 9 06:46 client.key
Ah, thanks, that should be an easy fix.
https://github.com/lxc/incus/pull/140 will take care of that one
I am getting this error after the installation of incus:
running command
incus list --debug
DEBUG [2023-09-15T07:21:25Z] Connecting to a local Incus over a Unix socket DEBUG [2023-09-15T07:21:25Z] Sending request to Incus etag= method=GET url="http://unix.socket/1.0" Error: Get "http://unix.socket/1.0": dial unix /var/lib/incus/unix.socket: connect: permission denied