Hello, I've been working on creating a VM that runs docker for Windows users that need to use VirtualBox for other projects. Debian 9 has been selected as a base, and ansible_local is being used for provisioning. Docker installs fine, but when I go to stand up some containers via Lando <https://docs.devwithlando.io/>, there is a permission denied error with docker:
Got permission denied while trying to connect to the Docker daemon socket > at unix:///var/run/docker.sock: Get > http://%2Fvar%2Frun%2Fdocker.sock/v1.39/info: dial unix > /var/run/docker.sock: connect: permission denied This seems to be caused by the fact that during the provision, the `vagrant` user is not added to the `docker` group. After the provision fails though, using vagrant ssh the `docker` groups is listed in the vagrant user's groups and the same command that failed during provisioning above, works fine. I have added a plugin (vagrant-reload) to restart the server between the install of docker and the use of land in an attempt to refresh the `vagrant` user's permissions, but still, there is no `docker` in the list of the vagrant user's groups. Why is the user permission not being updated on a reload, but is when manually SSHing into the VM with `vagrant ssh`? Below are specific files: Vagrantfile Vagrant.require_version ">= 2.0.0" hostname = "ti-api-testing.test" Vagrant.configure("2") do |config| # Set the name of VM config.vm.define "ti-api-testing" # Networking config.vm.hostname = hostname config.vm.network :private_network, ip: "192.168.115.191" # SSH config.ssh.forward_agent = true # Vagrant Box config.vm.box = "geerlingguy/debian9" # VM Settings config.vm.provider :virtualbox do |v| v.linked_clone = true v.name = hostname v.memory = 2048 v.cpus = 1 v.customize ['modifyvm', :id, '--natdnshostresolver1', 'on'] v.customize ['modifyvm', :id, '--ioapic', 'on'] v.gui = false end # Synced folders options = { type: 'nfs', create: true } config.vm.synced_folder '../', '/code', options # Provision config.vm.provision "ansible_local" do |ansible| ansible.compatibility_mode = '2.0' ansible.playbook = "playbook.yml" ansible.verbose = false ansible.tags = "docker" end # Reload to allow user permissions to update config.vm.provision :reload config.vm.provision "ansible_local" do |ansible| ansible.compatibility_mode = '2.0' ansible.playbook = "playbook.yml" ansible.verbose = false ansible.tags = "lando" end end playbook.yml --- - hosts: all become: yes tags: - docker vars_files: - config.yml tasks: - import_tasks: tasks/docker.yml - hosts: all become: yes tags: - lando vars_files: - config.yml tasks: - import_tasks: tasks/lando.yml docker.yml --- - name: Enable HTTPS for apt apt: name: "{{ packages }}" vars: packages: - apt-transport-https - ca-certificates - gnupg2 - software-properties-common - name: Attach Docker GPG key to apt apt_key: id: 0EBFCD88 file: /vagrant/files/docker.gpg state: present - name: Get distribution info shell: lsb_release -cs register: release - name: Add docker repository to apt apt_repository: repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ release.stdout }} stable" - name: Install Docker apt: name: docker-ce update_cache: yes --- - name: Install Lando apt: deb: /vagrant/files/lando-v3.0.0-rc.1.deb - name: get the username running the deploy become: false local_action: command whoami register: username_on_the_host - debug: var=username_on_the_host - name: get the groups running the deploy become: false local_action: command groups register: groups_on_the_host - debug: var=groups_on_the_host - name: Start Lando become: false command: lando start args: chdir: /code STDOUT $ vagrant up Bringing machine 'ti-api-testing' up with 'virtualbox' provider... ==> ti-api-testing: Cloning VM... ==> ti-api-testing: Matching MAC address for NAT networking... ==> ti-api-testing: Checking if box 'geerlingguy/debian9' is up to date... ==> ti-api-testing: Setting the name of the VM: ti.test ==> ti-api-testing: Clearing any previously set network interfaces... ==> ti-api-testing: Preparing network interfaces based on configuration... ti-api-testing: Adapter 1: nat ti-api-testing: Adapter 2: hostonly ==> ti-api-testing: Forwarding ports... ti-api-testing: 22 (guest) => 2222 (host) (adapter 1) ==> ti-api-testing: Running 'pre-boot' VM customizations... ==> ti-api-testing: Booting VM... ==> ti-api-testing: Waiting for machine to boot. This may take a few minutes... ti-api-testing: SSH address: 127.0.0.1:2222 ti-api-testing: SSH username: vagrant ti-api-testing: SSH auth method: private key ==> ti-api-testing: Machine booted and ready! [ti-api-testing] GuestAdditions 5.2.22 running --- OK. ==> ti-api-testing: Checking for guest additions in VM... ==> ti-api-testing: Setting hostname... ==> ti-api-testing: Configuring and enabling network interfaces... ==> ti-api-testing: Mounting shared folders... ti-api-testing: /code => E:/code/ti-api-testing ti-api-testing: /vagrant => E:/code/ti-api-testing/localDev ==> ti-api-testing: Running provisioner: ansible_local... ti-api-testing: Running ansible-playbook... [WARNING] Ansible is being run in a world writable directory (/vagrant), ignoring it as an ansible.cfg source. For more information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [ti-api-testing] TASK [Enable HTTPS for apt] **************************************************** changed: [ti-api-testing] TASK [Attach Docker GPG key to apt] ******************************************** changed: [ti-api-testing] TASK [Get distribution info] *************************************************** changed: [ti-api-testing] TASK [Add docker repository to apt] ******************************************** changed: [ti-api-testing] TASK [Install Docker] ********************************************************** changed: [ti-api-testing] PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [ti-api-testing] PLAY RECAP ********************************************************************* ti-api-testing : ok=7 changed=5 unreachable=0 failed=0 ==> ti-api-testing: Running provisioner: reload... ==> ti-api-testing: Attempting graceful shutdown of VM... ==> ti-api-testing: Checking if box 'geerlingguy/debian9' is up to date... ==> ti-api-testing: Clearing any previously set forwarded ports... ==> ti-api-testing: Clearing any previously set network interfaces... ==> ti-api-testing: Preparing network interfaces based on configuration... ti-api-testing: Adapter 1: nat ti-api-testing: Adapter 2: hostonly ==> ti-api-testing: Forwarding ports... ti-api-testing: 22 (guest) => 2222 (host) (adapter 1) ==> ti-api-testing: Running 'pre-boot' VM customizations... ==> ti-api-testing: Booting VM... ==> ti-api-testing: Waiting for machine to boot. This may take a few minutes... ti-api-testing: SSH address: 127.0.0.1:2222 ti-api-testing: SSH username: vagrant ti-api-testing: SSH auth method: private key ==> ti-api-testing: Machine booted and ready! [ti-api-testing] GuestAdditions 5.2.22 running --- OK. ==> ti-api-testing: Checking for guest additions in VM... ==> ti-api-testing: Setting hostname... ==> ti-api-testing: Configuring and enabling network interfaces... ==> ti-api-testing: Mounting shared folders... ti-api-testing: /code => E:/code/ti-api-testing ti-api-testing: /vagrant => E:/code/ti-api-testing/localDev ==> ti-api-testing: Machine already provisioned. Run `vagrant provision` or use the `--provision` ==> ti-api-testing: flag to force provisioning. Provisioners marked to run always will still run. ==> ti-api-testing: Running provisioner: ansible_local... ti-api-testing: Running ansible-playbook... [WARNING] Ansible is being run in a world writable directory (/vagrant), ignoring it as an ansible.cfg source. For more information see https://docs.ansible.com/ansible/devel/reference_appendices/config.html#cfg-in-world-writable-dir PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [ti-api-testing] PLAY [all] ********************************************************************* TASK [Gathering Facts] ********************************************************* ok: [ti-api-testing] TASK [Install Lando] *********************************************************** changed: [ti-api-testing] TASK [get the username running the deploy] ************************************* changed: [ti-api-testing -> localhost] TASK [debug] ******************************************************************* ok: [ti-api-testing] => { "username_on_the_host": { "changed": true, "cmd": [ "whoami" ], "delta": "0:00:00.002716", "end": "2018-12-03 18:45:21.817641", "failed": false, "rc": 0, "start": "2018-12-03 18:45:21.814925", "stderr": "", "stderr_lines": [], "stdout": "vagrant", "stdout_lines": [ "vagrant" ] } } TASK [get the groups running the deploy] *************************************** changed: [ti-api-testing -> localhost] TASK [debug] ******************************************************************* ok: [ti-api-testing] => { "groups_on_the_host": { "changed": true, "cmd": [ "groups" ], "delta": "0:00:00.002078", "end": "2018-12-03 18:45:21.972648", "failed": false, "rc": 0, "start": "2018-12-03 18:45:21.970570", "stderr": "", "stderr_lines": [], "stdout": "vagrant cdrom floppy sudo audio dip video plugdev netdev bluetooth", "stdout_lines": [ "vagrant cdrom floppy sudo audio dip video plugdev netdev bluetooth" ] } } TASK [Start Lando] ************************************************************* fatal: [ti-api-testing]: FAILED! => {"changed": true, "cmd": ["lando", "start"], "delta": "0:05:27.664205", "end": "2018-12-03 18:50:49.785852", "msg": "non-zero return code", "rc": 1, "start": "2018-12-03 18:45:22.121647", "stderr": "Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.39/info: dial unix /var/run/docker.sock: connect: permission denied\nGot per[...] to retry, use: --limit @/vagrant/playbook.retry PLAY RECAP ********************************************************************* ti-api-testing : ok=7 changed=3 unreachable=0 failed=1 Ansible failed to complete successfully. Any error output should be visible above. Please fix these errors and try again. As some more context, I have tried: - Creating a `docker` group and adding a new user and tried a `become_user` setting in ansible, but that has an error starting `Failed to set permissions on the temporary files Ansible needs to create when becoming an unprivileged user (rc: 1, err: chown: changing ownership of '/var/tmp/ansible-tmp-1543849956.6-23086055711483/': Operation not permitted` - Using a shell provisioner to run the lando command, but again, still no `docker` group for the `vagrant` user - Using 1 or 2 ansible_local provision directives to see if the SSH would reset - Trying the ansible restart option, but that won't work with ansible_local - Installing ansible on my windows host (not supported by ansible) to try to switch to `ansible` instead of `ansible_local` - Trying a different OS (centos), but had an issue with installing docker (docker yum repo resulted in 404) Thank you for any help you can offer, Phil Preston -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/vagrant/issues IRC: #vagrant on Freenode --- You received this message because you are subscribed to the Google Groups "Vagrant" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/vagrant-up/57bebc63-d041-4fe0-9ce8-a24ae7189eec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
