In advance thank you for your help.
I use ansible into my CI gitlab and I need to restart a linux service witout become root.
When I run my playbook, I use a local user for my deploiement "deploy" and this user can send many commands like:
sudo systemctl status my_application
sudo systemctl start my_application
sudo systemctl stop my_application
sudo systemctl restart my_application
However, the problem that we found is when I use the following code as "handler"
---
# handlers file for my application
- name: "Restart application"
systemd:
name: "{{ app_name }}"
enabled: yes
daemon-reload: yes
state: restarted
become: true
In fact, when you specify "become: true" under the task, ansible try to run "sudo -s" in order to become root... but in my case I don't want to be root, I only want to run a command with sudo ...
RUNNING HANDLER [app01 : Restart application] ********************
fatal: [XXXXXXXX]: FAILED! => {"msg": "Missing sudo password"}
But my user "deploy" is authorized into sudoers configuration to send the following commands without password:
sudo systemctl status my_application
sudo systemctl start my_application
sudo systemctl stop my_application
sudo systemctl restart my_application
My goal is to use the ansible module "systemd" and I cannot use "shell" to solve my issue.
I hope that my explanation is clear ...
Thanks,
Related
I have a bash script that is running on an ec2 instance.It is running periodically,now the issue is that whenever in the script i run
sudo service docker start
it runs but after that when i run docker ps it gives me this error
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
Now while i have run the command in the script to provide permissions to run docker without sudo but whenever i restart it it seems to rewrite all the configurations.
echo "Installing Docker..."
sudo yum install -y docker
#sudo groupadd docker
#sudo usermod -aG docker ${USER}
tries=3
interval=15s
while [ $tries -gt 0 ]
do
#sudo yum reinstall -y docker
#sudo service docker start
sudo groupadd docker
sudo chmod 777 /var/run/docker.sock
sudo usermod -aG docker ${USER}
sudo service docker start
sudo chkconfig docker on
docker --version
sudo service docker restart
#sudo service docker start
docker info && break
let "tries--" && sleep $interval
done
docker info || exit
It gives me this error
Stopping docker: [60G[[0;32m OK [0;39m]
Starting docker: .[60G[[0;32m OK [0;39m]
Client:
Context: default
Debug Mode: false
Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info
is there any way to run docker without sudo even after running the restart command. Keep in mind that i cannot remove the restart command
You can try this instead
sudo chmod 666 /var/run/docker.sock
I have a Linux Virtual Machine on Azure. On this machine I installed Docker. At the startup, I want to run a Docker container. For that, I created a startup_script.sh in the tmp folder with this content
sudo docker run -d -p 8787:8787 -e USER=rstudio
-e PASSWORD=mypassword myacr.azurecr.io/mycontainer
then I run this command
chmod u+x /tmp/startup_script.sh
Then, under etc/systemd/system I created a service
[Unit]
Description=Run script at startup after network becomes reachable
After=default.target
[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/tmp/startup_script.sh
TimeoutStartSec=0
[Install]
WantedBy=default.target
Then, run
systemctl daemon-reload
systemctl enable run-at-startup.service
When I restart the machine, the Docker container is not running.
Docker recommends that you use its restart policies, and avoid using process managers like systemctl to start containers (https://docs.docker.com/config/containers/start-containers-automatically/).
First, you need to make sure that Docker Daemon (i.e. Docker service) start on boot.
On Debian and Ubuntu, the Docker service is configured to start on boot by default. To automatically start Docker and Containerd on boot for other distros, use the commands below:
sudo systemctl enable docker.service
sudo systemctl enable containerd.service
If you're on Windows, make sure that you ticked Start Docker Desktop when you log in in Docker Desktop settings.
Then, for each container you want to start on boot, you need to use the --restart flag when running the container, e.g.:
sudo docker run --restart always -d -p 8787:8787 -e USER=rstudio
-e PASSWORD=mypassword myacr.azurecr.io/mycontainer
I'm ubuntu user. I use the following docker image, tensorflow/tensorflow:nightly-gpu
If I try to run this command
$ docker run -it --rm --gpus all tensorflow/tensorflow:nightly-gpu bash
There's permission denied error.
docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: Running hook #0:: error running hook: exit status 1, stdout: , stderr: nvidia-container-cli: mount error: open failed: /sys/fs/cgroup/devices/user.slice/devices.allow: permission denied: unknown.
Of course, I can run this command if I am using sudo, but I want to use gpu without sudo.
Is there any good solution? Any leads, please?
As your problem seems to be only when running "--gpu".
Add/update these two sections of /etc/nvidia-container-runtime/config.toml
[nvidia-container-cli]
no-cgroups = true
[nvidia-container-runtime]
debug = "/tmp/nvidia-container-runtime.log"
Source: https://github.com/containers/podman/issues/3659#issuecomment-543912380
If you can't use docker without sudo at all
If you are running in a Linux environment, you need to create a user for docker so you won't need to use sudo every time. Below are the steps to create:
$ sudo groupadd docker
$ sudo usermod -aG docker $USER
$ newgrp docker
Source: https://docs.docker.com/engine/install/linux-postinstall/
I have this error when I try to stop a container with sudo docker stop pg:
Error response from daemon: cannot stop container: pg: Cannot kill container 9cead43f288336d418e91105d5c9a4e0858794c96ebd167e5e92784d8ed1eab2: unknown error after kill: docker-runc did not terminate sucessfully: container_linux.go:393: signaling init process caused "permission denied"
When we run docker-compose up -d then everything works fine but when we run docker-compose down or docker-compose restart then we got permission denied error.
It seems that apparmor it's blocking the access, you can try stop it and try again to stop the container:
sudo systemctl stop apparmor && systemctl disable apparmor
sudo docker stop pg
And then run it again with the flag:
--security-opt apparmor=unconfined
I have installed Docker on Ubuntu 16.04 server, using the manual on this page: https://docs.docker.com/cs-engine/1.13/, so, using these steps:
curl -fsSL 'https://sks-keyservers.net/pks/lookup?op=get&search=0xee6d536cf7dc86e2d7d56f59a178ac6c6238f52e' | sudo apt-key add -
sudo add-apt-repository "deb https://packages.docker.com/1.13/apt/repo/ \
ubuntu-$(lsb_release -cs) \
main"
sudo apt-get update
sudo apt-get -y install docker-engine
I have installed it on two servers and I need them to see each other, I needed to let Docker daemon listen on port 2375 (probably doesn't matter, but using this manual: https://github.com/yeasy/cello/blob/master/docs/deployment.md)
So I created the conf file:
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo vim /etc/systemd/system/docker.service.d/override.conf
Added this to the override.conf:
[Service]
DOCKER_OPTS="$DOCKER_OPTS -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --api-cors-header='*' --default-ulimit=nofile=8192:16384 --default-ulimit=nproc=8192:16384"
EnvironmentFile=-/etc/default/docker
ExecStart=
ExecStart=/usr/bin/dockerd -H fd:// $DOCKER_OPTS
Then:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker.service
Tested the connection between servers like this:
$ docker -H 10.101.35.61:2375 version
The response:
Client:
Version: 1.13.1-cs4
API version: 1.27
Go version: go1.7.5
Git commit: e46aec0
Built: Mon May 22 18:46:40 2017
OS/Arch: linux/amd64
Cannot connect to the Docker daemon at tcp://10.101.35.61:2375. Is the docker daemon running?
Tried restarting the server, same problem. Tried to run with sudo. Tried adding the user to group docker:
sudo usermod -aG docker $USER
Didn't help. I have disabled firewall on both servers. When I check the ports open on the server with sudo lsof -i, I can't see anything listening to port 2375 - I am guessing Docker should be listening to it?
Try the config file in this location, create it if it does not exist:
/etc/docker/daemon.json
Put this and restart the docker service:
{"hosts": ["tcp://0.0.0.0:2375", "unix:///var/run/docker.sock"]}
You can add more configs, documented here.