Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing privilege separation directory: /var/run/sshd #141

Closed
MaxiReglisse opened this Issue Jul 31, 2016 · 3 comments

Comments

Projects
None yet
3 participants
@MaxiReglisse
Copy link

MaxiReglisse commented Jul 31, 2016

hi all !
i am trying to build and run a ssh server in an ansible-container.

ISSUE TYPE
  • Bug Report
container.yml

services:
ssh:
image: debian:jessie
ports:
- "2222:22"
command: ['/usr/bin/dumb-init', '/usr/sbin/sshd', '-D']
dev_overrides:
environment:
- "DEBUG=1"

main.yml
  • hosts: all
    gather_facts: false
    tasks:
    • raw: which python || apt-get update
    • raw: (which python && which aptitude) || apt-get install -y python python-apt aptitude
  • hosts: ssh
    tasks:
OS / ENVIRONMENT

No DOCKER_HOST environment variable found. Assuming UNIX socket at /var/run/docker.sock
{u'Architecture': u'x86_64',
u'BridgeNfIp6tables': True,
u'BridgeNfIptables': True,
u'CPUSet': True,
u'CPUShares': True,
u'ClusterAdvertise': u'',
u'ClusterStore': u'',
u'Containers': 3,
u'ContainersPaused': 0,
u'ContainersRunning': 0,
u'ContainersStopped': 3,
u'CpuCfsPeriod': True,
u'CpuCfsQuota': True,
u'Debug': False,
u'DockerRootDir': u'/var/lib/docker',
u'Driver': u'aufs',
u'DriverStatus': [[u'Root Dir', u'/var/lib/docker/aufs'],
[u'Backing Filesystem', u'extfs'],
[u'Dirs', u'44'],
[u'Dirperm1 Supported', u'true']],
u'ExecutionDriver': u'native-0.2',
u'ExperimentalBuild': False,
u'HttpProxy': u'',
u'HttpsProxy': u'',
u'ID': u'6I6F:BP4H:NAHP:UPRW:FHUZ:6JUX:FGKI:5COP:K3VE:FKQS:LBEB:BHCV',
u'IPv4Forwarding': True,
u'Images': 7,
u'IndexServerAddress': u'https://index.docker.io/v1/',
u'InitPath': u'/usr/lib/docker.io/dockerinit',
u'InitSha1': u'7505135554a0e0425c13d8d8dd0641a7967befe8',
u'KernelVersion': u'4.4.0-31-generic',
u'Labels': None,
u'LoggingDriver': u'json-file',
u'MemTotal': 16719142912,
u'MemoryLimit': True,
u'NCPU': 4,
u'NEventsListener': 0,
u'NFd': 13,
u'NGoroutines': 20,
u'Name': u'ubuntu-HP-ZBook-14',
u'NoProxy': u'',
u'OSType': u'linux',
u'OomKillDisable': True,
u'OperatingSystem': u'Ubuntu 16.04.1 LTS',
u'Plugins': {u'Authorization': None,
u'Network': [u'bridge', u'null', u'host'],
u'Volume': [u'local']},
u'RegistryConfig': {u'IndexConfigs': {u'docker.io': {u'Mirrors': None,
u'Name': u'docker.io',
u'Official': True,
u'Secure': True}},
u'InsecureRegistryCIDRs': [u'127.0.0.0/8'],
u'Mirrors': None},
u'ServerVersion': u'1.10.3',
u'SwapLimit': False,
u'SystemStatus': None,
u'SystemTime': u'2016-07-31T13:31:55.5466929+02:00'}
{u'ApiVersion': u'1.22',
u'Arch': u'amd64',
u'BuildTime': u'Wed, 20 Apr 2016 14:19:16 -0700',
u'GitCommit': u'20f81dd',
u'GoVersion': u'go1.6.1',
u'KernelVersion': u'4.4.0-31-generic',
u'Os': u'linux',
u'Version': u'1.10.3'}

SUMMARY

when i launch "ansible-container run", the result is :
Missing privilege separation directory: /var/run/sshd

STEPS TO REPRODUCE

$ ansible-container run
No DOCKER_HOST environment variable found. Assuming UNIX socket at /var/run/docker.sock
Attaching to ansible_ansible-container_1
Cleaning up Ansible Container builder...
Attaching to ansible_ssh_1
ssh_1 | Missing privilege separation directory: /var/run/sshd
ansible_ssh_1 exited with code 255

EXPECTED RESULTS

a container with a ssh server !

ACTUAL RESULTS

$ ansible-container --debug run
No DOCKER_HOST environment variable found. Assuming UNIX socket at /var/run/docker.sock
Project name is ssh_data
Initialized with params: {'service': [], 'subcommand': 'run', 'engine_args': {'service': [], 'engine_name': 'docker', 'subcommand': 'run', 'engine_args': {...}, 'base_path': '/home/echiarello/ownCloud/IDS_Project/docker/ansible-container/ssh_data', 'production': False, 'kwargs': {'debug': True, 'subcommand': 'run'}, 'debug': True}, 'production': False, 'kwargs': {'debug': True, 'subcommand': 'run'}, 'debug': True}
Using temporary directory /tmp/tmp2EaUpr...
Compose derived from config:
{'ssh': {'environment': ['DEBUG=1'], 'image': 'debian:jessie', 'command': ['/usr/bin/dumb-init', '/usr/sbin/sshd', '-D'], 'ports': ['2222:22']}}
Using temporary directory /tmp/tmpl3Car1...
Compose derived from config:
{'ssh': {'environment': ['DEBUG=1'], 'image': 'debian:jessie', 'command': ['/usr/bin/dumb-init', '/usr/sbin/sshd', '-D'], 'ports': ['2222:22']}}
{'ssh': {'environment': ['DEBUG=1'], 'working_dir': '/', 'command': 'sh -c "while true; do sleep 1; done"', 'user': 'root', 'image': 'debian:jessie', 'ports': ['2222:22']}}
Config YAML is
ssh:
command: sh -c "while true; do sleep 1; done"
environment: [DEBUG=1]
image: debian:jessie
ports: ['2222:22']
user: root
working_dir: /

Rendered Jinja Template:
ansible-container:
image: "ansible/ansible-container-builder:0.1"
command: /usr/local/bin/builder.sh /usr/local/bin/ansible-playbook -i /etc/ansible/ansible-container-inventory.py -c docker --list-hosts main.yml
environment:
- DOCKER_HOST
- COMPOSE_HTTP_TIMEOUT=3000
- DOCKER_API_VERSION=1.22
volumes:

- /home/echiarello/ownCloud/IDS_Project/docker/ansible-container/ssh_data:/ansible-container/:Z

working_dir: /ansible-container/ansible/
stdin_open: true
tty: true
ssh:
command: sh -c "while true; do sleep 1; done"
environment: [DEBUG=1]
image: debian:jessie
ports: ['2222:22']
user: root
working_dir: /

Attaching to ansible_ansible-container_1
Cleaning up Ansible Container builder...
--list-hosts
ansible-container_1 |
ansible-container_1 | playbook: main.yml
ansible-container_1 |
ansible-container_1 | play #1 (all): all TAGS: []
ansible-container_1 | pattern: [u'all']
ansible-container_1 | hosts (1):
ansible-container_1 | ssh
ansible-container_1 |
ansible-container_1 | play #2 (ssh): ssh TAGS: []
ansible-container_1 | pattern: [u'ssh']
ansible-container_1 | hosts (1):
ansible-container_1 | ssh
ansible_ansible-container_1 exited with code 0

Cleaning up temporary directory /tmp/tmpl3Car1...
{'ssh': {'environment': ['DEBUG=1'], 'image': 'ssh_data-ssh:latest', 'command': ['/usr/bin/dumb-init', '/usr/sbin/sshd', '-D'], 'ports': ['2222:22']}}
Config YAML is
ssh:
command: [/usr/bin/dumb-init, /usr/sbin/sshd, -D]
environment: [DEBUG=1]
image: ssh_data-ssh:latest
ports: ['2222:22']

Rendered Jinja Template:
ansible-container:
image: tianon/true
command: /bin/false
ssh:
command: [/usr/bin/dumb-init, /usr/sbin/sshd, -D]
environment: [DEBUG=1]
image: ssh_data-ssh:latest
ports: ['2222:22']

Attaching to ansible_ssh_1
ssh_1 | Missing privilege separation directory: /var/run/sshd
ansible_ssh_1 exited with code 255
Cleaning up temporary directory /tmp/tmp2EaUpr...

Thanks for your help !

Ernest.

@j00bar

This comment has been minimized.

Copy link
Collaborator

j00bar commented Aug 2, 2016

Howdy!

It looks like this is an issue with Debian/Ubuntu when starting sshd outside of their init script:

https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/45234

So I believe that you'll need to create this directory as part of your runtime.

I'm closing for now, but please re-open if you disagree. Thanks!

-jag

@j00bar j00bar closed this Aug 2, 2016

@MaxiReglisse

This comment has been minimized.

Copy link
Author

MaxiReglisse commented Aug 3, 2016

Hi Jag, thanks for your post.
i tried to create the /var/run directory, but without success...
and you can re-open your own issues *if you closed them yourself, says http://stackoverflow.com/questions/21333654/how-to-re-open-an-issue-in-github.
so i opened a new issue.
Ernest.

@Sweetog

This comment has been minimized.

Copy link

Sweetog commented Jul 1, 2017

@MaxiReglisse

//works for sure Debian 8, Jessie
mkdir -p /var/run/sshd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.