Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

minikube driver check should not call sudo, if sudo fails #11973

Closed
bigon opened this issue Jul 14, 2021 · 14 comments
Closed

minikube driver check should not call sudo, if sudo fails #11973

bigon opened this issue Jul 14, 2021 · 14 comments
Assignees
@djplt
Labels
area/storage storage bugs co/podman-driver podman driver issues good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@bigon
Copy link

bigon commented Jul 14, 2021

Steps to reproduce the issue:

  1. minikube start (without --driver)

Full output of minikube logs command:

😄  minikube v1.22.0 on Debian 11.0
✨  Automatically selected the docker driver. Other choices: kvm2, ssh
👍  Starting control plane node minikube in cluster minikube
[...]

It seems that minikube stills calls podman executable (and sudo) even if it tells that it uses docker. I see logs/mails coming from sudo telling me that minikube tried to run podman executable without providing a password

Messages like:

edoras.bigon.be : Jul 14 09:36:54 : bigon : a password is required ; TTY=pts/2 ; PWD=/home/bigon/bin ; USER=root ; COMMAND=/usr/bin/podman version --format {{.Version}}
edoras.bigon.be : Jul 14 10:05:28 : bigon : a password is required ; TTY=pts/2 ; PWD=/home/bigon ; USER=root ; COMMAND=/usr/bin/podman ps -a --filter label=name.minikube.sigs.k8s.io=minikube --format {{.Names}}
edoras.bigon.be : Jul 14 10:05:28 : bigon : a password is required ; TTY=pts/2 ; PWD=/home/bigon ; USER=root ; COMMAND=/usr/bin/podman volume ls --filter label=name.minikube.sigs.k8s.io=minikube --format {{.Name}}
edoras.bigon.be : Jul 14 10:05:28 : bigon : a password is required ; TTY=pts/2 ; PWD=/home/bigon ; USER=root ; COMMAND=/usr/bin/podman network ls --filter=label=created_by.minikube.sigs.k8s.io --format {{.Name}}
[...]
@spowelljr spowelljr added co/podman-driver podman driver issues kind/support Categorizes issue or PR as a support question. labels Jul 14, 2021
@afbjorklund
Copy link
Collaborator

I think this is the driver auto-detection in action... You can select the docker driver explicitly, to avoid it...

It assumes that if podman is installed, that it has also been setup for passwordless sudo (sudo -n podman)

Similarly it assumes that if docker is installed, that the user has been added to the root-equivalent group (no sudo)

There is no particular reason why podman couldn't use a group or docker use sudo, other than "historic reasons".

@afbjorklund
Copy link
Collaborator

afbjorklund commented Jul 16, 2021
edited
Loading

I suppose we could try parsing the output of sudo -l, before trying to invoke sudo -k -n podman.

  1. Check for podman
  2. Check for sudo
  3. Check for podman in sudo -l
  4. Check for sudo -k -n podman
  5. Validate podman (server) version

There are a few corner cases like ALL and groups and such, but other than that it should be listed.

On Linux there is no client/server, so there is only one version. It could be validated earlier there.

$ podman version
Version:      3.2.2
API Version:  3.2.2
Go Version:   go1.15.2
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64
$ podman-remote version
Client:
Version:      3.2.2
API Version:  3.2.2
Go Version:   go1.15.2
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

Server:
Version:      3.2.2
API Version:  3.2.2
Go Version:   go1.15.2
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

On Win and Mac the podman-remote client binary is renamed, to be called podman instead.

EDIT: Never mind, still need to call "sudo podman version" for the full output (not rootless).

Supposedly we could use "podman --version" as an alternative Linux shortcut, if desired

@medyagh
Copy link
Member

medyagh commented Sep 15, 2021
edited
Loading

@bigon the reason minikube is calling podman, it is because when you don't specify the driver with --driver flag, minikube will check all installed tools on your system and automatically select best driver (most healthy one)

I am curious, does this mnikube calls to podman cause any harm or annoyance to the user experience?

@medyagh
Copy link
Member

medyagh commented Sep 15, 2021

/triage needs-information
/kind support

@k8s-ci-robot k8s-ci-robot added the triage/needs-information Indicates an issue needs more information in order to work on it. label Sep 15, 2021
@bigon
Copy link
Author

bigon commented Sep 15, 2021

The main problem is that it calls sudo, it immediately fails and and sudo failures generate a mail

@medyagh
Copy link
Member

medyagh commented Oct 27, 2021

@bigon I see ! I agree we should do better job, if we can NOT execute sudo, we should skip it
as @afbjorklund mentioned in this comment, I agree

#11973 (comment)

this is a good first issue

@medyagh medyagh added area/storage storage bugs good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. and removed kind/support Categorizes issue or PR as a support question. triage/needs-information Indicates an issue needs more information in order to work on it. labels Oct 27, 2021
@medyagh medyagh changed the title Starting minikube calls podman (and sudo) even if the output says that detected driver is docker minikube driver check should not call sudo, if sudo fails Oct 27, 2021
@medyagh medyagh added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Oct 27, 2021
@clintonyeb
Copy link

@medyagh I would like to pick this up as a good first issue. Could you please give me some pointers? I am looking at driver/driver.go which seems to be responsible for selecting the best driver to run with.

@djplt
Copy link

djplt commented Nov 28, 2021

@clintonyeb just wanted to check if you were still working on this issue or if I'm okay to pick this up?

@djplt
Copy link

djplt commented Dec 1, 2021

/assign

@djplt djplt mentioned this issue Dec 1, 2021
Closed
@klaases
Copy link
Contributor

klaases commented Jan 12, 2022

Hi @djplt, @medyagh left a comment on your PR, once we merge the PR we can close this issue. Thanks!

@spowelljr spowelljr added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Feb 23, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 24, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jun 23, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@djplt djplt

Labels
area/storage storage bugs co/podman-driver podman driver issues good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. kind/bug Categorizes issue or PR as related to a bug. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Run podman as USER then as sudo in driver check djplt/minikube
9 participants
@bigon @medyagh @afbjorklund @clintonyeb @k8s-ci-robot @spowelljr @k8s-triage-robot @djplt @klaases