docker-volume-sshfs icon indicating copy to clipboard operation
docker-volume-sshfs copied to clipboard

Published 20 hours ago verified publisher icon vieux

How do debug when password-less mount does not work

Open saadlu opened this issue 6 years ago • 3 comments

Hi,

I am having problem mapping container volume with ssh key. With password it works fine.

So any way to debug what is happening? I have installed the plugin with DEBUG=1

docker: Error response from daemon: error while mounting volume '/var/lib/docker/plugins/9431f8f717678b6c65310fb91fbc134eb0edb2c0351440d8ae638227657e927e/propagated-mount/b985d198195b0d1c1adea1ce6f9db68d': VolumeDriver.Mount: sshfs command execute failed: exit status 1 (read: Connection reset by peer
).
ERRO[0000] error waiting for container: context canceled

Please note sshfs itself works without password from the host machine.

saadlu avatar Jun 05 '18 18:06 saadlu

I'm having the same issue with the current master branch.

To elaborate:

  • ssh works w/o password
  • sshfs works w/o password
  • sshfs docker volume plugin works with password
  • sshfs docker volume plugin fails with "Connection reset by peer" w/o password (tried to specify the key explicitly or use the default one - the result is the same)

Built next based on the following commit: 1e0cd2f - (HEAD -> master, origin/master, origin/HEAD) switch to 1.10 (4 months ago) Victor Vieux

elasti-jeans avatar Aug 29 '18 13:08 elasti-jeans

At the risk of supplying a ME TOO, I'm seeing the same behaviour:

time="2018-09-18T07:38:18Z" level=error msg="time=\"2018-09-18T07:38:18Z\" level=error msg=\"sshfs command execute failed: exit status 1 (read: Connection reset by peer\\n)\"" plugin=59220d566c3baed5e3945b2435bd0db04df16994fd1724256b7df4042dceca21
time="2018-09-18T07:38:18.780214317Z" level=error msg="Handler for POST /v1.36/containers/create returned error: VolumeDriver.Mount: sshfs command execute failed: exit status 1 (read: Connection reset by peer\n)"

I am using Boot2Docker 18.02.0-ce (TCL 8.2.1); HEAD : 99245f4 - Thu Feb 8 17:43:39 UTC 2018 as my host on a VMware Fusion VM on an iMac.

I can ssh with and without password. Paths exist.

$ docker plugin install vieux/sshfs
Plugin "vieux/sshfs" is requesting the following privileges:
 - network: [host]
 - mount: [/var/lib/docker/plugins/]
 - mount: []
 - device: [/dev/fuse]
 - capabilities: [CAP_SYS_ADMIN]
Do you grant the above permissions? [y/N] y
latest: Pulling from vieux/sshfs
52d435ada6a4: Download complete 
Digest: sha256:1d3c3e42c12138da5ef7873b97f7f32cf99fb6edde75fa4f0bcf9ed277855811
Status: Downloaded newer image for vieux/sshfs:latest
Installed plugin vieux/sshfs

$ docker volume create -d vieux/sshfs -o [email protected]:tmp -o IdentityFile=/home/docker/.ssh/onno.pem test-vol
test-vol

$ docker run -it -v test-vol:/home busybox ls /home
/usr/local/bin/docker: Error response from daemon: VolumeDriver.Mount: sshfs command execute failed: exit status 1 (read: Connection reset by peer
).
See '/usr/local/bin/docker run --help'.

$ docker volume inspect test-vol
[
    {
        "CreatedAt": "0001-01-01T00:00:00Z",
        "Driver": "vieux/sshfs:latest",
        "Labels": {},
        "Mountpoint": "/mnt/volumes/0e9fcfedbffb7418d77464c74c73bd7d",
        "Name": "test-vol",
        "Options": {
            "IdentityFile": "/home/docker/.ssh/onno.pem",
            "sshcmd": "[email protected]:tmp"
        },
        "Scope": "local"
    }
]

I've also tried:

  • Enabling DEBUG=1 in the plugin
  • Enabling sshcmd debug options with -o LogLevel=DEBUG
  • Adding the key directory to the plugin installer (both /home/docker/.ssh and /root/.ssh)
  • Using sshcmd options to locate the key
  • putting the ssh-key in /root/.ssh
  • manually creating and adding the ssh key within the docker host

ITmaze avatar Sep 19 '18 08:09 ITmaze

@ITmaze , I have the same problem. I found a reason not to work with -o IdentityFile.

When installing the plugin, sshkey.source is required. README Using an ssh key

$ docker plugin install vieux/sshfs sshkey.source=/home/<user>/.ssh/

Even if it is already installed, you can change it with plugin set command.

$ docker plugin set vieux/sshfs sshkey.source=/home/<user>/.ssh/

Inspect the vieux/sshfs plugin

$ docker inspect vieux/sshfs
...
    "Mounts": [
     ...
        {
            "Description": "",
            "Destination": "/root/.ssh",
            "Name": "sshkey",
            "Options": [
                "rbind"
            ],
            "Settable": [
                "source"
            ],
            "Source": "/home/<user>/.ssh/",
            "Type": "bind"
        }
    ]
...

sshkey.source=/home/<user>/.ssh/ is mounted /root/.ssh inside volume container.

-o IdentityFile path points to the path inside the volume container.

Therefore, the path to IdentityFile should start with /root/.ssh/ inside the volume container.

$ docker volume create -d vieux/sshfs \
-o sshcmd=<user@host:path> \
-o IdentityFile=/root/.ssh/<key> \
<volume name>

ani2life avatar Dec 14 '18 12:12 ani2life