Permission error in ScienceBox

pie · April 5, 2020, 3:43pm

Dear SWAN team,

I was looking to deploy a uboxed version of sciencebox on a VM. Everything seems to work, but when I try to log in with one of the default user (user0:test0) I got a:

Error while spawning the user container: Error while fetching server API version: (‘Connection aborted.’, PermissionError(13, ‘Permission denied’))

If I look at the log inside the Jupyterhub container:

cat var/log/jupyterhub/jupyterhub.log 

[E 2020-04-05 17:33:17.015 SWAN swanspawner:492] Error while spawning the user container: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))
Traceback (most recent call last): 
  
...

docker.errors.DockerException: Error while fetching server API version: ('Connection aborted.', PermissionError(13, 'Permission denied'))

...

[E 2020-04-05 17:33:17.136 SWAN spawn_handler:250] Failed to spawn single-user server with form
Traceback (most recent call last):
None: None

And I also got another error If I run TestHost.sh

sudo ./TestHost.sh
Setting up the tests...
Pulling Docker image...

Using default tag: latest
Trying to pull repository gitlab-registry.cern.ch/sciencebox/docker-images/selftest ...
latest: Pulling from gitlab-registry.cern.ch/sciencebox/docker-images/selftest

Digest: sha256:fd295224f98ae105629d8a1094c81de5dca78a2080f31aab9fec11ea1e08df81
Status: Image is up to date for gitlab-registry.cern.ch/sciencebox/docker-images/selftest:latest

Starting the container...
5d1f830d5c80aa69e75856b577ee065297e800681685ad03b2d12b80ce74f052

Running all tests...

Logfile: # docker exec -it selftest less /root/selftest.d/test.log
running test_cernboxeosaccess.sh (container:cernbox)
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Put http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/cernbox/archive?noOverwriteDirNonDir=true&path=%2F: dial unix /var/run/docker.sock: connect: permission denied ERROR running test docker (exit code 1)

I also added the VM user to the docker group but it still present the same error.

Thank you for your patience

etejedor · April 6, 2020, 10:02am

@ebocchi @dalvesde can you give a hand with this?

dalvesde · April 6, 2020, 10:51am

Dear Piero,

I’ve assumed your VM is using Centos7.
I’ve looked online and it looks like there’s a bug with the docker package that is available there. This bug is causing a problem with SELinux permissions which prevents your container from accessing the host docker socket (which is required).

You could just disable SELinux, and then you would see that spawning a session would work. But I do not recommend you do this! You can do it just to check if it works but then re-enable it.
The best option would be to install Docker Community, which should have the fix: https://docs.docker.com/install/linux/docker-ce/centos/

Let me know if this solves your problem.
Cheers,
Diogo