Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vmnet.sock: connect: permission when using --network-address #854

Open
1 of 5 tasks
marc0777 opened this issue Nov 13, 2023 · 9 comments
Open
1 of 5 tasks

vmnet.sock: connect: permission when using --network-address #854

marc0777 opened this issue Nov 13, 2023 · 9 comments
Labels
not yet reproduced The issue reported is not yet experienced by someone else

Comments

@marc0777
Copy link

Description

Even when using --network-address the VM doesn't get assigned an IP address, making the containers not accessible from outside.

Version

Colima Version: 0.6.0
Lima Version: 0.18.0
Qemu Version: 8.1.2

Operating System

  • macOS Intel <= 12 (Monterrey)
  • macOS Intel >= 13 (Ventura)
  • macOS M1 <= 12 (Monterrey)
  • macOS M1 >= 13 (Ventura)
  • Linux

Output of colima status

INFO[0000] colima is running using QEMU
INFO[0000] arch: aarch64
INFO[0000] runtime: docker
INFO[0000] mountType: sshfs
INFO[0000] socket: unix:https:///Users/mfincato/.colima/default/docker.sock

Reproduction Steps

  1. colima start --network-address
  2. No address is being assigned to Colima

Expected behaviour

Colima should assign an IP address to the VM, to allow external access. Instead the log shows:

INFO[0000] starting colima                              
INFO[0000] runtime: docker                              
INFO[0001] preparing network ...                         context=vm
WARN[0017] error starting vmnet: error at 'preparing network': vmnet socket file error: dial unix /Users/mfincato/.colima/default/daemon/vmnet.sock: connect: permission denied  context=vm
INFO[0017] creating and starting ...                     context=vm
INFO[0045] provisioning ...                              context=docker
INFO[0045] starting ...                                  context=docker
INFO[0046] done

Additional context

I've already completely tried uninstalling, deleting all files, and reinstalling Colima and all its dependencies.
@abiosoft
Copy link
Owner

Can you try removing the following generated files and try again?

colima delete # delete
sudo rm -rf /opt/colima /etc/sudoers.d/colima # delete network files
colima start # start again

@abiosoft abiosoft added the not yet reproduced The issue reported is not yet experienced by someone else label Nov 13, 2023
@marc0777
Copy link
Author

I've deleted those files (again) but still no luck, if I start with colima start --network-address I get the same output I posted before, and no IP address.

@abiosoft
Copy link
Owner

Can you share the permission of the directory and the socket file?

stat /Users/mfincato/.colima/default/daemon
stat /Users/mfincato/.colima/default/daemon/vmnet.sock

@marc0777
Copy link
Author 

16777229 2528443 drwxr-xr-x 5 mfincato Users 0 160 "Nov 13 10:52:39 2023" "Nov 13 10:53:42 2023" "Nov 13 10:53:42 2023" "Nov 13 10:52:39 2023" 4096 0 0 /Users/mfincato/.colima/default/daemon
16777229 2528683 srwxrwx--- 1 root staff 0 0 "Nov 13 10:53:42 2023" "Nov 13 10:53:42 2023" "Nov 13 10:53:42 2023" "Nov 13 10:53:42 2023" 4096 0 0 /Users/mfincato/.colima/default/daemon/vmnet.sock

I had also tried chmod 777 on vmnet.sock, but it didn't change the result.

@slobodator
Copy link

slobodator commented Nov 14, 2023
edited
Loading

Hi,
I have the similar issue and I know its cause, not sure how widespread it is.
TL; DR. At the corporate environment there is CyberARK installed that prevents using sudo without password.

Steps to reproduce.
Colima version (doesn't matter)

❯ colima version
colima version 0.6.2
git commit: 22d7e5fbc86d5b8e3b27065a762800bc7960a0ff

Trying to create a profile with an adress

❯ colima start --memory 2 --disk 8 --arch x86_64  --very-verbose  --network-address x86-test
...
WARN[0016] error starting network: error at 'preparing network': error running [/opt/homebrew/bin/colima daemon status x86-test], output: "time=\"2023-11-14T13:24:24+01:00\" level=fatal msg=\"pid file not found: stat /Users/andriy.slobodyanyk/.colima/x86-test/daemon/daemon.pid: no such file or directory\"", err: "exit status 1"  context=vm
INFO[0016] creating and starting ...                     context=vm
WARN[0016] error setting up reachable IP address: vmnet socket file not found: stat /Users/andriy.slobodyanyk/.colima/x86-test/daemon/vmnet.sock: no such file or directory
TRAC[0016] cmd ["limactl" "start" "--tty=false" "/var/folders/c4/qn97_hmx7wg8brt5xmwbp18r0000gq/T/colima-x86-test.yaml"]

There is no address at the end

❯ colima list
PROFILE     STATUS     ARCH       CPUS    MEMORY    DISK     RUNTIME    ADDRESS
x86-test    Running    x86_64     2       2GiB      8GiB     docker

The cause is at the

less ~/.colima/x86-test/daemon/daemon.log
time="2023-11-14T13:24:08+01:00" level=trace msg="cmd int [\"sudo\" \"/opt/colima/bin/socket_vmnet\" \"--vmnet-mode\" \"shared\" \"--socket-group\" \"staff\" \"--vmnet-gateway\" \"192.168.106.1\" \"--vmnet-dhcp-end\" \"192.168.106.254\" \"--pidfile\" \"/opt/colima/run/vmnet-x86-test.pid\" \"/Users/andriy.slobodyanyk/.colima/x86-test/daemon/vmnet.sock\"]"
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required

It is not happening at my private M1.

The cause is CyberARK. I asked the support to tweak it somehow but have no hope about it.
I am not kidding, I am oblidged to enter my password each time using sudo. And

❯ sudo visudo
Password:
visudo: /etc/sudoers: Operation not permitted

So, there is no network address for me unfortunately. But I made a workaround, will provide it at the next comment if required.

@osjoholm
Copy link

I'm facing a similar issue. Please share your workaround.

@s33dunda
Copy link

s33dunda commented Mar 7, 2024

Same issue here.. perhaps the sudoers file needs a tweek

@slobodator
Copy link

slobodator commented Mar 12, 2024
edited
Loading

@osjoholm @s33dunda
So, as I expected the corporate support didn't make me an exception for CyberARK but I made a simple workaround.
What did I need a network address for? To let an app (which runs at the m1 colima profile) to connect oracle (which runs at the x86 one. The address is written at the container name form i.e. oracle:1521 as my x86-64 colleagues simply run all together. I achived that in a different way. There are two colima profiles without network addresses assigned

❯ colima list
PROFILE    STATUS     ARCH       CPUS    MEMORY    DISK     RUNTIME    ADDRESS
m1         Running    aarch64    2       6GiB      20GiB    docker
x86        Running    x86_64     2       2GiB      8GiB     docker

Oracle is launched with a regular -p 1521:1521 port exposion to let me connect it from the host machine as localhost:1521.

Then I add an entry to the host machine /etc/hosts
192.168.5.2 oracle
The IP is colima fixed, still it could be obtained by

❯ docker exec -it oracle getent hosts host.docker.internal
192.168.5.2     host.docker.internal

And that's basically it. The trick is that the connective is done though the host machine. The app resolves oracle, gets its IP and connects though the exposed port.

It worked for me a while but broke after some update, so I filed another issue #895
It forced me to downgrade to

❯ colima --version
colima version v0.5.6

Still, everything works as a charm

@norrs
Copy link

norrs commented Mar 13, 2024

Let us know if #458 (comment) might be the issue here?

@jandubois jandubois mentioned this issue Mar 13, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
not yet reproduced The issue reported is not yet experienced by someone else
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@abiosoft @norrs @s33dunda @marc0777 @slobodator @osjoholm