dstack icon indicating copy to clipboard operation
dstack copied to clipboard
verified publisher icon dstackai

[Bug] On-prem fleets require `sudo` access

Open peterschmidt85 opened this issue 1 year ago • 2 comments

Steps to reproduce:

  1. Set up a host where the user requires a password for sudo
  2. Invoke dstack pool add-ssh

Actual behavior:

The server logs:

{"message": "Try to connect to [email protected]:22 with key SHA256:wIVG0/gEoe+KQfvoCUH7GEZqG6mvtLSirjqqkyqiPTo", "logger": "dstack._internal.core.backends.remote.provisioning", "timestamp": "2024-07-01 23:07:45,550", "level": "DEBUG"}
{"message": "Connected to dex 10.15.105.45", "logger": "dstack._internal.server.background.tasks.process_instances", "timestamp": "2024-07-01 23:07:46,238", "level": "INFO"}
{"message": "deploy_instance raise an error: The command 'run_pre_start_commands' didn't work. stdout: , stderr: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper\nsudo: a password is required", "logger": "dstack._internal.server.background.tasks.process_instances", "timestamp": "2024-07-01 23:07:46,823", "level": "DEBUG"}
{"message": "Provisioning the instance 'hungry-rat' could not be completed because of the error: Deploy instance raise an error The command 'run_pre_start_commands' didn't work. stdout: , stderr: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper\nsudo: a password is required", "logger": "dstack._internal.server.background.tasks.process_instances", "timestamp": "2024-07-01 23:07:46,824", "level": "WARNING"}

Notes:

Currently, dstack pool add-ssh requires sudo access (e.g. because it needs access to systemd to create/update the dstack-shim service).

Workaround:

  1. Create a user that doesn't require password for sudo and use with dstack pool add-ssh
  2. Configure the existing user not to ask the password for sudo (example)

Also, ensure the user is in the sudo group

peterschmidt85 avatar Jul 02 '24 08:07 peterschmidt85

The problem takes place when using a sudo user that is configured to ask for a password. Usually this doesn't happen on cloud instances because cloud-init by default sets up ubuntu user with no password sudo.

An alternative workaround to using root is to configure a non-root sudo user without password.

r4victor avatar Jul 02 '24 11:07 r4victor

This issue is stale because it has been open for 30 days with no activity.

peterschmidt85 avatar Aug 02 '24 01:08 peterschmidt85

Perhaps we could handle the error and show it on the CLI side

peterschmidt85 avatar Nov 02 '24 20:11 peterschmidt85

This issue is stale because it has been open for 30 days with no activity.

github-actions[bot] avatar Feb 12 '25 01:02 github-actions[bot]

This issue was closed because it has been inactive for 14 days since being marked as stale. Please reopen the issue if it is still relevant.

github-actions[bot] avatar Feb 26 '25 01:02 github-actions[bot]