C
Coder.com•3y ago
Skerit

Using a template without an explicit `user` breaks the workspace container

When starting the example docker-code-server as-is, I get this chdir - no such file or directory error: 
2022-09-05 10:58:46.515 [WARN]    <./agent/agent.go:170>    (*agent).run.func1    agent script failed ...,
  "error": run:,
               github.com/coder/coder/agent.(*agent).runStartupScript,
                   /home/runner/work/coder/coder/agent/agent.go:375,
             - chdir /home/skerit: no such file or directory,
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] using fake (no-op) tun device,
2022-09-05 10:58:46.518 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] magicsock: starting endpoint update (derp-map-update),
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] using fake (no-op) OS network configurator,
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] using fake (no-op) DNS configurator,
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    dns: using dns.noopManager
2022-09-05 10:58:46.515 [WARN]    <./agent/agent.go:170>    (*agent).run.func1    agent script failed ...,
  "error": run:,
               github.com/coder/coder/agent.(*agent).runStartupScript,
                   /home/runner/work/coder/coder/agent/agent.go:375,
             - chdir /home/skerit: no such file or directory,
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] using fake (no-op) tun device,
2022-09-05 10:58:46.518 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] magicsock: starting endpoint update (derp-map-update),
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] using fake (no-op) OS network configurator,
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    [v1] using fake (no-op) DNS configurator,
2022-09-05 10:58:46.516 [DEBUG]    (tailnet.wgengine)    <./tailnet/conn.go:521>    Logger.func1    dns: using dns.noopManager
I made an issue for it on Github https://github.com/coder/coder/issues/3870 There we found out the HOME environment somehow gets set to the username of user 1000 of the host server: (It's set to /home/skerit when it should be /home/coder) 
[skerit@test1 coder]$ env
HOSTNAME=test1
PWD=/home/coder
HOME=/home/skerit
ENTRYPOINTD=/entrypoint.d
LANG=en_US.UTF-8
CODER_AGENT_TOKEN=xxx
TERM=xterm
USER=coder
SHLVL=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/sbin/env
[skerit@test1 coder]$ env
HOSTNAME=test1
PWD=/home/coder
HOME=/home/skerit
ENTRYPOINTD=/entrypoint.d
LANG=en_US.UTF-8
CODER_AGENT_TOKEN=xxx
TERM=xterm
USER=coder
SHLVL=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/sbin/env
The workaround for this was to add this to the workspace resource: 
resource "docker_container" "workspace" {
  ...
  user = "coder:coder"
}
resource "docker_container" "workspace" {
  ...
  user = "coder:coder"
}
This is on an Arch server, btw 😄
7 Replies
maf
maf•3y ago
Thanks for starting the thread. Could you check if there are any settings in /etc/docker/daemon.json on the Arch machine?
Skerit
Skerit•3y ago
Just my custom dns settings: 
{
    "dns": ["192.168.50.2", "8.8.8.8"]
}
{
    "dns": ["192.168.50.2", "8.8.8.8"]
}
maf
maf•3y ago
Ok, that def. wouldn't mess with anything. I wanted to test if I could reproduce this on Arch, but no go. Worked perfectly when I installed docker and postgresql (pacman -S docker postgresql), initialized the db, started coder server (as root), uploaded the docker-code-server template and created a workspace. The workspace startup had no errors and had HOME=/home/coder. I had also prepared the arch host machine with a user named maf and UID 1000 beforehand. Does your setup diverge from what I described in any way?
maf
maf•3y ago
Docker version info (in Arch Linux) for reference
No description
maf
maf•3y ago
Could you share the output of docker info btw? I honestly have no idea where to start with this so just throwing darts in the dark.
Skerit
Skerit•3y ago
Sure: 
[root@kumulus .janeway]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
  compose: Docker Compose (Docker Inc., 2.10.2)

Server:
 Containers: 6
  Running: 6
  Paused: 0
  Stopped: 0
 Images: 10
 Server Version: 20.10.17
 Storage Driver: btrfs
  Build Version: Btrfs v5.18.1
  Library Version: 102
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6.m
 runc version: 
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.19.6-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 62.72GiB
 Name: kumulus
 ID: ITT7:U7BJ:NJEX:RQQE:CVWL:7HZF:QIL4:HY4T:AA6E:5UEZ:BNVU:RFBW
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
[root@kumulus .janeway]# docker info
Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
  compose: Docker Compose (Docker Inc., 2.10.2)

Server:
 Containers: 6
  Running: 6
  Paused: 0
  Stopped: 0
 Images: 10
 Server Version: 20.10.17
 Storage Driver: btrfs
  Build Version: Btrfs v5.18.1
  Library Version: 102
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 9cd3357b7fd7218e4aec3eae239db1f68a5a6ec6.m
 runc version: 
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.19.6-arch1-1
 Operating System: Arch Linux
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 62.72GiB
 Name: kumulus
 ID: ITT7:U7BJ:NJEX:RQQE:CVWL:7HZF:QIL4:HY4T:AA6E:5UEZ:BNVU:RFBW
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
My coder's postgres server is also a docker container btw, but can't imagine that would be the cause of all of this 🙂 Also on my server, coder is running as coder, not root.
maf
maf•3y ago
Thanks. Both of those differences should be OK, can't imagine them affecting the issue at hand.
Want results from more Discord servers?
Add your server