codespace
codespace copied to clipboard
tailscale
Daemon does not start automatically
After the codespace is built including the feature (which now is available, thank you), I try the following:
tailscale up --accept-routes
failed to connect to local tailscaled; it doesn't appear to be running (sudo systemctl start tailscaled ?)
However, if I manually enter (copied from tailscaled-entrypoint.sh):
sudo /usr/local/sbin/tailscaled --statedir=/workspaces/.tailscale/ --socket=/var/run/tailscale/tailscaled.sock --port=41641
I can then use sudo tailscale up --accept-routes (note the sudo; it doesn't work without it)
I suspect that you may be expecting remoteUser to be root (which is not the default for codespaces)?
Hi @shmatt, I didn't have either of these behaviors. I'm using a standard devcontainer 'mcr.microsoft.com/devcontainers/python:3.11' Have you customized your devcontainer? Were there any warnings in the codespace creation.log?
https://docs.github.com/en/codespaces/troubleshooting/github-codespaces-logs
@nikolarobottesla Below is my devcontainer. No warnings in my creation log. The postCreateCommand.sh only installs the android sdk, and can be removed if you are going to test against this.
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/universal
{
"name": "Default Linux Universal",
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
"image": "mcr.microsoft.com/devcontainers/universal:2-linux",
"features": {
"ghcr.io/devcontainers-contrib/features/angular-cli:2": {},
"ghcr.io/devcontainers-contrib/features/ionic-cli:2": {},
"ghcr.io/mikaello/devcontainer-features/kotlinc:1": {},
"ghcr.io/tailscale/codespace/tailscale": {}
},
"containerEnv": {
"ANDROID_SDK_ROOT": "/var/lib/android-sdk"
},
"remoteEnv": {
"PATH": "${containerEnv:PATH}:/var/lib/android-sdk/cmdline-tools/latest/bin:/var/lib/android-sdk/cmdline-tools/tools/bin:/var/lib/android-sdk/platform-tools"
},
"postCreateCommand": "./.devcontainer/postCreateCommand.sh"
}
@nikolarobottesla The behavior described by @shmatt is the one I have with this even simpler environment:
{
"image": "mcr.microsoft.com/devcontainers/universal:linux",
"extensions": [
"dbaeumer.vscode-eslint",
"esbenp.prettier-vscode",
"streetsidesoftware.code-spell-checker"
],
"runArgs": ["--device=/dev/net/tun"],
"features": {
"ghcr.io/tailscale/codespace/tailscale": {},
}
}
The workaround (running the command manually) is indeed working for me as well.
I just realized that “downgrading” to mcr.microsoft.com/devcontainers/javascript-node made the feature to run as expected.
I guess something in the universal image conflicts with Tailscale startup.
Same issue here, even with mcr.microsoft.com/devcontainers/javascript-node as suggested above by @LeoColomb. Maybe something was changed in that image since. Originally tried with mcr.microsoft.com/devcontainers/universal but with that image the devcontainer wouldn't build at all with the ghcr.io/tailscale/codespace/tailscale feature.
I think the problem is in tailscaledentrypoint.sh. It explicitly calls /usr/local/sbin/tailscaled but for me it's at /usr/sbin/tailscaled. Both directories are in $PATH so it can be called simply as tailscaled.
I‘m running into this issue with the base Debian container.
{
"image": "mcr.microsoft.com/devcontainers/base:debian",
"features": {
"ghcr.io/flexwie/devcontainer-features/op:1": {},
"ghcr.io/devcontainers/features/terraform:1": {},
"ghcr.io/devcontainers-contrib/features/tailscale:1": {},
"ghcr.io/devcontainers-contrib/features/digitalocean-cli:1": {}
}
}
Could it be that the client does not have access to /dev/net/tun as described here? This would mean tailscale would have to run in userspace networking mode?
FWIW it works fine for me on:
{
"image": "mcr.microsoft.com/devcontainers/base:ubuntu-22.04",
"features": {
"ghcr.io/tailscale/codespace/tailscale": {},
},
"remoteUser": "root",
"privileged": true,
"securityOpt": [ "seccomp=unconfined" ],
"runArgs": ["--device=/dev/net/tun"]
}
I don't need to call tailscale with sudo.
Obviously that runArgs is for tailscale but tbh I forget why I had to add privileged and the other flags, they might be unrelated.
@mausch setting ˋremoteUserˋ as ˋrootˋ is likely why it works for you. That's often not desirable, nor it is the default.
{ "image": "mcr.microsoft.com/devcontainers/base:ubuntu-22.04", "features": { "ghcr.io/tailscale/codespace/tailscale": {}, }, "remoteUser": "root", "privileged": true, "securityOpt": [ "seccomp=unconfined" ], "runArgs": ["--device=/dev/net/tun"] }
honestly use this config. Tailscale works fine on Ubuntu 22.04 with ghcr.io/devcontainers/features/sshd:1": {}
Just wanna say it's really cool we can install tailscale directly into codespaces and devcontainers but that you may have to start the daemon like this should really be mentioned here: https://tailscale.com/kb/1160/github-codespaces/
I'm running into the same issue, my dev container config is very simple:
// For format details, see https://aka.ms/devcontainer.json. For config options, see the
// README at: https://github.com/devcontainers/templates/tree/main/src/python
{
"name": "Python 3",
// Or use a Dockerfile or Docker Compose file. More info: https://containers.dev/guide/dockerfile
"image": "mcr.microsoft.com/devcontainers/python:1-3.10-bullseye",
"runArgs": [
"--device=/dev/net/tun"
],
"features": {
"ghcr.io/devcontainers-contrib/features/tailscale:1": {}
}
// Features to add to the dev container. More info: https://containers.dev/features.
// "features": {},
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "pip3 install --user -r requirements.txt",
// Configure tool-specific properties.
// "customizations": {},
// Uncomment to connect as root instead. More info: https://aka.ms/dev-containers-non-root.
// "remoteUser": "root"
}
I get the following errors:
$ tailscale up --accept-routes
failed to connect to local tailscaled; it doesn't appear to be running (sudo systemctl start tailscaled ?)
$ sudo /usr/local/sbin/tailscaled --statedir=/workspaces/.tailscale/ --socket=/var/run/tailscale/tailscaled.sock --port=41641
sudo: /usr/local/sbin/tailscaled: command not found
I'm running into the same issue but the workaround posted by the OP isn't even working for me. Here is the output I get when running the command @shmatt suggested to start the daemon:
$ sudo tailscaled --statedir=/workspaces/.tailscale/ --socket=/var/run/tailscale/tails
caled.sock --port=41641
logtail started
Program starting: v1.56.1-t906f85d10-g34ed54c8c, Go 1.21.5: []string{"tailscaled", "--statedir=/workspaces/.tailscale/", "--socket=/var/run/tailscale/tailscaled.sock", "--port=41641"}
LogID: 053c855c3e9a5d74d7e4b4753046fbc01ea5b5e6f042fe2f616043d464ad0a4b
logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil
wgengine.NewUserspaceEngine(tun "tailscale0") ...
Linux kernel version: 6.2.0-1018-azure
is CONFIG_TUN enabled in your kernel? `modprobe tun` failed with:
tun module not loaded nor found on disk
wgengine.NewUserspaceEngine(tun "tailscale0") error: tstun.New("tailscale0"): CreateTUN("tailscale0") failed; /dev/net/tun does not exist
flushing log.
logger closing down
getLocalBackend error: createEngine: tstun.New("tailscale0"): CreateTUN("tailscale0") failed; /dev/net/tun does not exist
Here is my devcontainer.json
// README at: https://github.com/devcontainers/templates/tree/main/src/typescript-node
{
"name": "Node.js & TypeScript",
"image": "mcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye",
"features": {
"ghcr.io/devcontainers-contrib/features/tailscale:1": {}
}
}
@Bargs are you running in a codespace or just a devcontainer like in VSCode. I know I ran into the same issue because the /dev/net/tun device isn't mounted. I added
"mounts": [
{
"source": "/dev/net/tun",
"target": "/dev/net/tun",
"type": "bind"
}
]
to my devcontainer.json and it worked
Actually @Bargs I just checked and the example in the README.md also works in vscode you have to make sure you add
"runArgs": ["--device=/dev/net/tun"] to your devcontainer.json