sst
`sst tunnel install` can't find `sudoers.d`
sudo sst tunnel install --print-logs
time=2024-10-14T22:39:16.190+02:00 level=INFO msg="checking for pulumi" path=/root/.config/sst/bin/pulumi
time=2024-10-14T22:39:17.521+02:00 level=INFO msg="checking for bun" path=/root/.config/sst/bin/bun
time=2024-10-14T22:39:17.523+02:00 level=INFO msg="bun install"
⠋ Updating dependencies...time=2024-10-14T22:39:17.523+02:00 level=INFO msg="bun downloading" url=https://github.com/oven-sh/bun/releases//download/bun-v1.1.29/bun-linux-x64-baseline.zip
time=2024-10-14T22:39:25.484+02:00 level=ERROR msg="exited with error" err="open /etc/sudoers.d/sst-zvictor: no such file or directory"
✕ Unexpected error occurred. Please run with --print-logs or check .sst/log/sst.log if available.
I'm running sst v3.2.16 on NixOS 24.05. This error is most likely related to NixOS's architecture.
Edit: This workaround does not work in NixOS. Please ignore this message.
Workaround:
- Create the file (and the folder, if needed)
/etc/sudoers.d/sst-$USER - Add the content (replace
<path-to-sst>by the returned value ofwhich sst) below:
sst ALL=(ALL) NOPASSWD: <path-to-sst>
- Run
sudo sst tunnel install --print-logsagain.
The steps above will replace the content of /etc/sudoers.d/sst-$USER to something like zvictor ALL=(ALL) NOPASSWD:SETENV: /opt/sst/sst tunnel start *, which I am not sure will work as intended.
In short:
sudo mkdir /etc/sudoers.d/
sudo echo "sst ALL=(ALL) NOPASSWD: $(which sst)" > /etc/sudoers.d/sst-$USER
sudo sst tunnel install
✓ Tunnel installed successfully.
With the workaround above one can run sst tunnel install without errors, but sst tunnel still fails:
sst tunnel --stage production
Tunnel
➜ Forwarding ranges
10.0.4.0/22
10.0.0.0/22
Waiting for connections...
✕ Make sure you have installed the tunnel with `sudo sst tunnel install`
EDIT: Please ignore this message
This issue is not only in NixOS. I am trying to run my setup in a container, so that I can finally deploy my application outside of my dev machine, but the error persists there as well.
Dockerfile
FROM node:lts-bookworm
ARG SST_VERSION
ENV SST_VERSION=${SST_VERSION:-latest}
RUN npm install --global sst@${SST_VERSION}
RUN sst tunnel install --print-logs
CMD ["sst"]
Build Output
...
STEP 5/6: RUN sst tunnel install --print-logs
time=2024-10-31T09:29:58.588Z level=INFO msg="checking for pulumi" path=/root/.config/sst/bin/pulumi
time=2024-10-31T09:29:58.588Z level=INFO msg="pulumi install"
time=2024-10-31T09:29:58.588Z level=INFO msg="pulumi downloading" url=https://github.com/pulumi/pulumi/releases/download/v3.136.1/pulumi-v3.136.1-linux-x64.tar.gz
time=2024-10-31T09:30:25.277Z level=INFO msg="checking for bun" path=/root/.config/sst/bin/bun
time=2024-10-31T09:30:25.278Z level=INFO msg="bun install"
time=2024-10-31T09:30:25.278Z level=INFO msg="bun downloading" url=https://github.com/oven-sh/bun/releases//download/bun-v1.1.30/bun-linux-x64-baseline.zip
time=2024-10-31T09:30:34.212Z level=INFO msg="creating sudoers file" path=/etc/sudoers.d/sst-
time=2024-10-31T09:30:34.212Z level=INFO msg="sudoers entry" entry=" ALL=(ALL) NOPASSWD:SETENV: /opt/sst/sst1 tunnel start *\n"
time=2024-10-31T09:30:34.212Z level=ERROR msg="exited with error" err="open /etc/sudoers.d/sst-: no such file or directory"
✕ Unexpected error occurred. Please run with --print-logs or check .sst/log/sst.log if available.Error: building at STEP "RUN sst tunnel install --print-logs": while running runtime: exit status 1
Edit: Please ignore this message as well
Oh, for Docker I forgot about sudo! This should work as root for the ubuntu container
RUN apt-get update && \
apt-get install -y sudo
...
RUN sudo sst tunnel install --print-logs
time=2024-10-31T09:54:19.699Z level=INFO msg="running visudo" cmd="[visudo -c -f /etc/sudoers.d/sst-root]"
✓ Tunnel installed successfully.--> 628ef3136f6d
No, it's not fixed!
i have moved from NixOS to Ubuntu containers in order to avoid this issue, but still with problems. tunnel install works in the container, but not the tunnel. In NixOS both fail.
I have documented my most recent attempt at https://discord.com/channels/983865673656705025/1300501887216390186/1302026195914985522 and I was planning on elaborating more here later on.
Ah yeah
So we never intended to have the tunnel work inside a container or in CI. Is that what you are trying to do?
I first tried to figure out what sst tunnel does by reading the code, hoping I could patch my NixOS environment to fit sst needs, but I failed on that. Network setups have never been my strongest skill.
I then tried using distrobox to patch the environment more easily, but that also just made things more complicated.
Finally, I tried setting up the tunnels inside docker hoping that I would be able to at least understand better what sst tunnels is trying to do and how it changes the environment.
Even if I don't succeed in properly running the tunnels from the container, I would already be satisfied if I could get a grasp of how it works, and with that understand what to improve in the host environment.
In short: I am using containers just because they are more easily controlled.
Things like podman diff <layerId> show me what was changed in the system with a given command.
The final goal has never been to run sst from the container
For anyone in NixOS wanting to install the tunnel, you need to add this to your config:
security.sudo.extraRules = [
{
users = [ "<your-user>" ];
commands = [
{ command = "/opt/sst/sst1 tunnel start *"; options = [ "NOPASSWD" "SETENV" ]; }
];
}
];
@jayair The PR #5015 contains the snippet above and should allow us to close this issue.
I still can't run the tunnels properly, but I think there are other bug reports covering that.
This issue should remain only about tunnel install and permission errors running sst tunnel start, which are solved by #5015.