Channels
academy
amazon
arm
azure
cabpr
chinese
ci-cd
danish
deutsch
developer
elemental
epinio
espanol
events
extensions
fleet
français
gcp
general
harvester
harvester-dev
hobbyfarm
hypper
japanese
k3d
k3os
k3s
k3s-contributor
kim
kubernetes
kubewarden
lima
logging
longhorn-dev
longhorn-storage
masterclass
mesos
mexico
nederlands
neuvector-security
office-hours
one-point-x
onlinemeetup
onlinetraining
opni
os
ozt
phillydotnet
portugues
rancher-desktop
rancher-extensions
rancher-setup
rancher-wrangler
random
rfed_ara
rio
rke
rke2
russian
s3gw
service-mesh
storage
submariner
supermicro-sixsq
swarm
terraform-controller
terraform-provider-rancher2
terraform-provider-rke
theranchcast
training-0110
training-0124
training-0131
training-0207
training-0214
training-1220
ukranian
v16-v21-migration
vsphere
windows
Title
b
broad-train-31975
11/14/2022, 8:08 PMI’ve noticed an unexpected behavior related to Administrative Access:
1. At some point, RD stopped asking for sudo password
2. I opened Preferences and *un*checked the “Allow Rancher Desktop to acquire administrative credentials (sudo access)
3. RD restarted (VM and k3s)
4. I opened Preferences again and checked the “Allow Rancher Desktop to acquire administrative credentials (sudo access)
5. RD restarted (VM and k3s), but never asked for sudo password
It happened before, and I’m not sure what is my current configuration. @fast-garage-66093
macOS Monterey, RD 1.6.2
f
fast-garage-66093
11/14/2022, 8:18 PMIt will only ask you for the password when it needs it. It is used for different purposes: for vmnet to get a routable IP address, and for creating the
/var/run/docker.sockFor vmnet access it creates the file
/etc/sudoers.d/zzzzz-rancher-desktop-limaSo when you re-enable admin access (with an otherwise unchanged configuration), it will find that the sudoers file is still valid and will just use it again
Similar with
/var/run/docker.sockYou could argue that the sudoers file should be deleted when you disable admin access. But we are planning to move away from using sudo completely and use a privileged helper process instead in the future, so we are unlikely to change anything until we have implemented the helper process.
b
broad-train-31975
11/14/2022, 8:28 PMThank you for the explanation, @fast-garage-66093! It actually proves that my system works as expected.
@fast-garage-66093 you might still consider removing docker socket and sudoers file in case of Factory Reset, for a consistent experience. I just did a factory reset and it didn’t ask me anything.
If I were to take it to extreme, I’d treat Factory Reset as a fresh install. Just a suggestion/opinion, no hard feelings either way 🙂
f
fast-garage-66093
11/16/2022, 9:39 PMI do want to remove the sudoers file once we don't use it anymore at all. I'm not convinced removing the socket helps with anything, but once we have the privileged helper it should be simple enough to do on shutdown of the app
b
broad-train-31975
11/16/2022, 9:40 PMOh, I’m glad I checked - the Factory Reset set my CPUs to 2, dropping from 18. But left RAM unchanged, I think; 6GB. If you compute these numbers, from OS resources, I have 10 cores/20 threads and 128GB RAM in this box. Hope this helps
f
fast-garage-66093
11/16/2022, 9:40 PMIt left the RAM at 6 because that is the default 😄
b
broad-train-31975
11/16/2022, 9:41 PMonce we have the privileged helper…Ah, yes indeed, you’ll only ask for root permission once for that helper, and won’t need them anymore.
RAM at 6 because that is the defaultfair enough, so we get defaults after factory reset. Consistent experience 🙂
f
fast-garage-66093
11/16/2022, 9:43 PMThat is the idea of factory-reset: all custom settings are discarded; the configuration is like a fresh install
b
broad-train-31975
11/16/2022, 9:43 PMRight, that’s how I understand it. Red font helps, too
f
fast-garage-66093
11/16/2022, 9:44 PMI just argued again this morning that the factory reset should not by default delete cached Kubernetes images because they are not custom settings; just additional content that is downloaded at a later time. Deleting it doesn't reset anything because it will just be replaced again with identical content when needed
b
broad-train-31975
11/16/2022, 9:50 PMI agree with that; it helps to save bandwidth and does not test patience of those users with slow or intermittent Internet connections. The content is identical to the level of enforcement; in my co people started using Nexus development Docker repos that allow redeployment, for production, thus version/tag meant nothing because the content could and did change. Worst experience I ever had.
But of course we trust GCR to not change the content without changing tags, or else the whole world will be broken :)
f
fast-garage-66093
11/16/2022, 9:57 PMWell, it is the package owner you have to trust... You can use sha256 checksums instead of tags in your image names, if you want to be sure
b
broad-train-31975
11/16/2022, 9:59 PMOf course, we do that in some cases. Tags can be moved, checksums, good luck with that