Using docker-machine-driver-xhyve without sudo privledges

[funkymonkeymonk]

Reposted from Homebrew/legacy-homebrew#48002

I installed via the script in the PR and found that because the docker-machine driver requires sudo, the subsequent VM requires sudo for any docker-machine command run against it.

monkey@host$ docker-machine env xhyve
open /Users/monkey/.docker/machine/machines/xhyve/config.json: permission denied

monkey@host$ docker ps
Could not read CA certificate "/Users/monkey/.docker/machine/machines/xhyve/ca.pem": open /Users/monkey/.docker/machine/machines/xhyve/ca.pem: permission denied

This will create a drastic departure for the workflow of users who are used to running docker commands as non-root. I'm not sure how to best support this workflow.

[zchee]

@funkymonkeymonk Thanks issue.
docker-machine-driver-xhyve already assumes that such pem are made by other drivers.
Currently, does not error handling for this problem. It's my mistake. Sorry.

I'm planning improve.

BTW, Do you know the current state of the improvements?
Just in case, I write.

sudo chown -R monkey:staff /Users/monkey/.docker

[funkymonkeymonk]

BTW, Do you know the current state of the improvements?

I'm sorry I don't understand what this means.

I looked through the /Users/monkey/.docker directory and it looks like the only thing with root:wheel permissions is /Users/monkey/.docker/machine/machines/xhyve directory and lower. I'm not sure if that helps or not. I'm happy to leave my machine in this state if you want any more information instead of running the chown.

[zchee]

@funkymonkeymonk Sorry, I do not understand all.
Could you answer of question for me?

1. Did you created any machine use other drivers before docker-machine-driver-xhyve?
2. Do you have finished making the xhyve machine vm?
3. What are the commands that you create xhyve machine?
4. Could you post results of those commands?
   • ls -la $HOME/.docker
   • ls -la $HOME/.docker/machine
   • ls -la $HOME/.docker/machine/cache
   • ls -la $HOME/.docker/machine/certs
   • ls -la $HOME/.docker/machine/machines/xhyve

[funkymonkeymonk]

1. Yes. I had been using the virtualbox driver and had an active virtualbox machine before creating the xhyve one.
2. Yes. When I run all the commands as I can connect to it.
3. sudo docker-machine create xhyve --driver xhyve --xhyve-experimental-nfs-share

Protoman:Project monkey$ ls -la ~/.docker/
total 0
drwx------   3 monkey  staff   102 Jan 14 11:00 .
drwxr-xr-x+ 30 monkey  staff  1020 Jan 14 12:49 ..
drwx------   5 monkey  staff   170 Jan 14 11:01 machine
Protoman:Project monkey$ ls -la ~/.docker/machine/
total 0
drwx------  5 monkey  staff  170 Jan 14 11:01 .
drwx------  3 monkey  staff  102 Jan 14 11:00 ..
drwx------  3 monkey  staff  102 Jan 14 11:01 cache
drwx------  6 monkey  staff  204 Jan 14 11:00 certs
drwx------  4 monkey  staff  136 Jan 19 10:47 machines
Protoman:Project monkey$ ls -la ~/.docker/machine/
cache/    certs/    machines/
Protoman:Project monkey$ ls -la ~/.docker/machine/cache/
total 61440
drwx------  3 monkey  staff       102 Jan 14 11:01 .
drwx------  5 monkey  staff       170 Jan 14 11:01 ..
-rw-------  1 monkey  staff  31457280 Jan 14 11:01 boot2docker.iso
Protoman:Project monkey$ ls -la ~/.docker/machine/certs/
total 32
drwx------  6 monkey  staff   204 Jan 14 11:00 .
drwx------  5 monkey  staff   170 Jan 14 11:01 ..
-rw-------  1 monkey  staff  1679 Jan 14 11:00 ca-key.pem
-rw-r--r--  1 monkey  staff  1038 Jan 14 11:00 ca.pem
-rw-r--r--  1 monkey  staff  1074 Jan 14 11:00 cert.pem
-rw-------  1 monkey  staff  1679 Jan 14 11:00 key.pem
Protoman:Project monkey$ ls -la ~/.docker/machine/
cache/    certs/    machines/
Protoman:Project monkey$ ls -la ~/.docker/machine/machines/
total 0
drwx------   4 monkey  staff  136 Jan 19 10:47 .
drwx------   5 monkey  staff  170 Jan 14 11:01 ..
drwx------  13 monkey  staff  442 Jan 14 11:16 dev
drwx------  15 root    wheel  510 Jan 19 10:48 xhyve
Protoman:Project monkey$ ls -la ~/.docker/machine/machines/xhyve/
ls: : Permission denied
Protoman:Project monkey$ sudo !!
sudo ls -la ~/.docker/machine/machines/xhyve/
Password:
total 121496
drwx------  15 root    wheel       510 Jan 19 10:48 .
drwx------   4 monkey  staff       136 Jan 19 10:47 ..
-rw-------   1 root    wheel  31457280 Jan 19 10:47 boot2docker.iso
-rw-r--r--   1 root    wheel      1038 Jan 19 10:48 ca.pem
-rw-r--r--   1 root    wheel      1074 Jan 19 10:48 cert.pem
-rw-------   1 root    wheel      2563 Jan 19 10:48 config.json
-rw-------   1 root    wheel      1679 Jan 19 10:48 id_rsa
-rw-------   1 root    wheel       381 Jan 19 10:48 id_rsa.pub
-rw-r--r--   1 root    wheel  27210564 Jan 19 10:47 initrd.img
-rw-------   1 root    wheel      1679 Jan 19 10:48 key.pem
drwxr-xr-x@  6 root    wheel       204 Jan 19 12:49 root-volume.sparsebundle
-rw-------   1 root    wheel      1675 Jan 19 10:48 server-key.pem
-rw-r--r--   1 root    wheel      1119 Jan 19 10:48 server.pem
-rw-r--r--   1 root    wheel   3497664 Jan 19 10:47 vmlinuz64
-rw-r--r--   1 root    wheel         5 Jan 19 10:48 xhyve.pid

[zchee]

@funkymonkeymonk I understand:)

3 sudo docker-machine create xhyve --driver xhyve --xhyve-experimental-nfs-share

docker-machine-xhyve-driver is not required sudo.

docker-machine create xhyve --driver xhyve --xhyve-experimental-nfs-share instead of.

and,

$ sudo chown root:wheel $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve
$ sudo chmod u+s $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve

[funkymonkeymonk]

$ sudo chown root:wheel $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve
$ sudo chmod u+s $(brew --prefix)/opt/docker-machine-driver-xhyve/bin/docker-machine-driver-xhyve

These commands allowed it to work, but were not configured with brew install docker-machine-driver-xhyve. Thanks for leading me to the problem. Is this intended or is that a bug in the brew install script for docker-machine-driver-xhyve?

[zchee]

@funkymonkeymonk 🎉

I planning #64 :)