akoidan
January 13, 2020, 2:43pm
1
I followed the official drone installation for docker and set up the environment I needed.
Now I need to grant a “trusted” settings to one of my repos, and I need admin privileges for that. Unfortunately, running commands like drone user update akoidan --admin will fail, because user akoidan is not an admin user, which I didn’t create in the first case.
Atm I see the only way to archive it: delete the existing docker container and create a new one (because docker doesn’t allow adding env variables to existing containers ), which will lead to completely losing all the data.
So I have 2 questions:
How can I get the admin user by following official drone documentation?
Why there’s no persistent docker volume while creating a drone server?
delete the existing docker container and create a new one […] which will lead to completely losing all the data.
you will not lose any data as long as you mounted the volume as shown in the install instructions (--volume=/var/lib/drone:/data). The host volume ensures the sqlite database is persisted to the host and is not lost when you remove the container.
akoidan
January 13, 2020, 9:07pm
3
Right, my bad, I was checking drone-runner container instead of server one, while creating this post, thinking that there’s no volume
akoidan
January 14, 2020, 10:54am
4
Maybe it’s worth updating drone documentation on the initial setup part with admin envs, like this one . I believe the admin user would be required by every setup at the end of the day.
3 Likes
diazona
December 6, 2020, 10:48am
5
I can imagine that really simple installations might not need an admin user. And if you don’t need it, you might as well not have it to reduce the attack surface (better security).
But if the default configuration doesn’t either create an admin user or allow you to create one later using the CLI or the website, I would definitely expect that to be clearly documented, and right now I don’t think it is. So I agree that it would be a good documentation update.
Kirk
August 2, 2021, 6:36pm
6
Did this ever go anywhere? I have a server up, and am unable to create an admin user, even after killing, rm’ing the docker container and restarting with the param
Was there movement at all to make the initial user an admin automatically?
Kirk
August 2, 2021, 6:45pm
7
and even if I kill and rm the docker container (server), and also remove the volume’s sqllite file, it still logs me in automatically with the user created without admin…is there data somewhere else, such that the access token for github is still available to the new docker container? Or am I missing something else?
I have a server up, and am unable to create an admin user,
I recommend enabling debug logging and providing the logs so you can receive further assistance. The ability to create an admin user works fine when configured properly; instead of trying to find a workaround or changing how the software works, let’s focus on understanding why it isn’t working for you and what needs to be adjusted.
If you like to get hands on with the open source projects that you use, you can audit the code to understand how it works at https://github.com/drone/drone/blob/master/cmd/drone-server/bootstrap/bootstrap.go
You may also consider checking some existing threads on the topic, which may help you further debug any issues you are experiencing http://discuss.harness.io/t/cant-create-an-admin-account/5206
Kirk
August 3, 2021, 3:08pm
9
The post you offered isnt’ the same situation, and I did look for other similar posts and came up empty, hence the post here on the most applicable thread. Of course it’s something that I’m doing wrong, not sure why you thought I was accusing anything else…
Here’s a debug log and api showing that the user doesn’t have admin.
docker run \
--volume=/var/lib/drone:/data \
--env=DRONE_GITHUB_CLIENT_ID=78739691d6d77a035fe8 \
--env=DRONE_GITHUB_CLIENT_SECRET=16b1b648a2d3abeabe79d886890818fe2a9ae06e \
--env=DRONE_RPC_SECRET=<SECRET> \
--env=DRONE_SERVER_HOST=<EXTERNALIP> \
--env=DRONE_LOGS_DEBUG=true \
--env=DRONE_LOGS_TEXT=true \
--env=DRONE_LOGS_PRETTY=true \
--env=DRONE_LOGS_COLOR=true \
--env=DRONE_USER_CREATE=username:kirk-execute,admin:true \
--env=DRONE_SERVER_PROTO=http \
--publish=80:80 \
--publish=443:443 \
--restart=always \
--detach=true \
--name=drone \
drone/drone:2
The API call after the server is up shows the user is not admin.
DEBU[0000] main: license loaded build.limit=5000 expires="0001-01-01 00:00:00 +0000 UTC" kind=trial repo.limit=0 user.limit=0
DEBU[0000] bootstrap: create account admin=true login=kirk-execute machine=false token=
DEBU[0000] bootstrap: updating account admin=true login=kirk-execute machine=false token=
DEBU[0000] bootstrap: account already up-to-date admin=true login=kirk-execute machine=false token=
INFO[0000] starting the http server acme=false host=<externalIP> port=":80" proto=http url="http://<externalIP>"
INFO[0000] starting the cron scheduler interval=30m0s
INFO[0000] starting the zombie build reaper interval=24h0m0s
DEBU[0000] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0000] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0030] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0030] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0040] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0040] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0047] fields.time="2021-08-03T14:58:54Z" latency="71.072µs" method=GET remote="172.16.1.2:59570" request=/ request-id=1wDotVg19ILxggtWzQzz1SwHsO8
DEBU[0047] fields.time="2021-08-03T14:58:54Z" latency="228.362µs" method=GET remote="172.16.1.2:59570" request=/welcome request-id=1wDotScqXxac7vba4MTm1rqiPlR
DEBU[0047] fields.time="2021-08-03T14:58:55Z" latency="679.182µs" method=GET remote="172.16.1.2:59570" request=/static/css/2.ff80f086.chunk.css request-id=1wDotYkM8fP7P6JtBxXuZFZiU7D
DEBU[0047] fields.time="2021-08-03T14:58:55Z" latency="382.396µs" method=GET remote="172.16.1.2:59572" request=/static/css/main.0d2a68ff.chunk.css request-id=1wDotfYQfRPVxnq0H9aLSocH73Q
DEBU[0047] fields.time="2021-08-03T14:58:55Z" latency=2.107282ms method=GET remote="172.16.1.2:59574" request=/static/js/main.550ab504.chunk.js request-id=1wDotgGHT9GcaWiGAgVooFJXWSI
DEBU[0047] fields.time="2021-08-03T14:58:55Z" latency=5.93892ms method=GET remote="172.16.1.2:59570" request=/static/js/2.eccb49e8.chunk.js request-id=1wDotZz9LyhQqCDNHFJJArWav2F
DEBU[0048] api: authentication required request-id=1wDotg68CQOFU5Hq7i3fwG9t3lF
DEBU[0048] api: guest access request-id=1wDotg68CQOFU5Hq7i3fwG9t3lF
DEBU[0048] fields.time="2021-08-03T14:58:55Z" latency="221.58µs" method=GET remote="172.16.1.2:59574" request=/api/user request-id=1wDotg68CQOFU5Hq7i3fwG9t3lF
DEBU[0048] events: stream opened request-id=1wDotbGj7tWXoAiiX4NNuBF6uyr
DEBU[0048] fields.time="2021-08-03T14:58:55Z" latency="204.244µs" method=GET remote="172.16.1.2:59574" request=/D4BA146C9DCC15D1.png request-id=1wDotYmYZD0HdEH0IoV46GbnJ0W
DEBU[0048] fields.time="2021-08-03T14:58:55Z" latency="479.055µs" method=GET remote="172.16.1.2:59574" request=/static/media/Inter-SemiBold.c6588ec1.ttf request-id=1wDotfUUjqG1Fwaz1X8PLfzjCf2
DEBU[0048] fields.time="2021-08-03T14:58:55Z" latency="500.238µs" method=GET remote="172.16.1.2:59574" request=/static/media/Inter-Regular.9cd7588f.ttf request-id=1wDoteN2m3il7CsX6w0s88xuO8T
DEBU[0048] fields.time="2021-08-03T14:58:55Z" latency=2.133479ms method=GET remote="172.16.1.2:59572" request=/static/media/Inter-Medium.18b8c68e.ttf request-id=1wDotdJTePonhMoSWpOgT3BKgu1
DEBU[0048] fields.time="2021-08-03T14:58:55Z" latency="53.378µs" method=GET remote="172.16.1.2:59574" request=/favicon.png request-id=1wDotfMT0r9hej08dlLDLWnmJ8M
DEBU[0051] events: stream error request-id=1wDotbGj7tWXoAiiX4NNuBF6uyr
DEBU[0051] events: stream closed request-id=1wDotbGj7tWXoAiiX4NNuBF6uyr
DEBU[0051] api: guest access request-id=1wDotbGj7tWXoAiiX4NNuBF6uyr
DEBU[0051] fields.time="2021-08-03T14:58:59Z" latency=3.878497354s method=GET remote="172.16.1.2:59570" request=/api/stream request-id=1wDotbGj7tWXoAiiX4NNuBF6uyr
DEBU[0051] fields.time="2021-08-03T14:58:59Z" latency="103.118µs" method=GET remote="172.16.1.2:59574" request=/login request-id=1wDouApBXazABcAm3kAlvG8rCT2
DEBU[0053] attempting authentication login=ksully-execute
DEBU[0053] authentication successful login=ksully-execute
DEBU[0053] fields.time="2021-08-03T14:59:00Z" latency=633.505058ms method=GET remote="172.16.1.2:59574" request="/login?code=f624784a6b58fa6e7fa3&state=4d65822107fcfd52" request-id=1wDou5GjkHtpd4YFeb09zA6XUDH
DEBU[0053] fields.time="2021-08-03T14:59:00Z" latency="308.031µs" method=GET remote="172.16.1.2:59574" request=/ request-id=1wDouDIG2wpblJW4Xb30IXwOxaf
DEBU[0053] fields.time="2021-08-03T14:59:00Z" latency="442.727µs" method=GET remote="172.16.1.2:59572" request=/api/user request-id=1wDouC6Dxw1yM8ToPNB0gZsukl1
DEBU[0053] events: stream opened request-id=1wDouCCaBfUXQVgYm4HSTZT0aNO user.login=ksully-execute
DEBU[0053] fields.time="2021-08-03T14:59:00Z" latency="92.164µs" method=GET remote="172.16.1.2:59572" request=/static/media/logo.76c744d4.svg request-id=1wDouJ9RAADoqV1wp22u93LviqM
DEBU[0053] fields.time="2021-08-03T14:59:00Z" latency="277.258µs" method=GET remote="172.16.1.2:59582" request=/api/user request-id=1wDouDRlBvQLl4r5iSS3nupESWU
DEBU[0053] fields.time="2021-08-03T14:59:00Z" latency=4.487592ms method=GET remote="172.16.1.2:59572" request="/api/user/repos?latest=true" request-id=1wDouCynt7qxX283LBzq7dLoRLS
DEBU[0070] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0070] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0080] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0080] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0110] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0110] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0113] fields.time="2021-08-03T15:00:00Z" latency="492.39µs" method=POST remote="172.16.1.2:59572" request=/api/user/token request-id=1wDp1kxEAwfVYyIdOng1Sm4V38U
DEBU[0113] fields.time="2021-08-03T15:00:00Z" latency="254.951µs" method=GET remote="172.16.1.2:59572" request=/static/media/RobotoMono-Regular.418a8f9f.ttf request-id=1wDp1oBjxgzLxphXpcFcGGM0b2V
DEBU[0120] fields.time="2021-08-03T15:00:07Z" latency="364.707µs" method=GET remote="172.16.1.2:59590" request=/api/user request-id=1wDp2cGfUAVodNi34LMYW8ZGLcT
DEBU[0120] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0120] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0150] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0150] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0160] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0160] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
Kirk
August 3, 2021, 3:10pm
10
here’s the API call using that user, showing that admin is false…
curl -i http://,EXTERNALIP>/api/user \
> -H "Authorization: Bearer <BEARER>"
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate, private, max-age=0
Content-Type: application/json
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Pragma: no-cache
Vary: Origin
X-Accel-Expires: 0
Date: Tue, 03 Aug 2021 15:00:07 GMT
Content-Length: 271
{"id":1,"login":"ksully-execute","email":"<myemail>","machine":false,"admin":false,"active":true,"avatar":"https://avatars.githubusercontent.com/u/54419973?v=4","syncing":false,"synced":1627693395,"created":1627693378,"updated":1627693378,"last_login":1628002740}
And therefore I can’t do any other drone commands via CLI, cause I get 401/403 errors given that the user is not seen as admin
Kirk
August 3, 2021, 3:15pm
11
so trying to add an orgsecret:
drone orgsecret add x 1 2
client error 401: {"message":"Not Found"}
And the log shows:
DEBU[0960] manager: request queue item arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
DEBU[0982] api: organization membership not found request-id=1wDqmz6edUMaEpNb0HKwkEJI1QV user.admin=false user.login=ksully-execute
DEBU[0982] fields.time="2021-08-03T15:14:29Z" latency=269.759622ms method=POST remote="172.16.1.2:40610" request=/api/secrets/x request-id=1wDqmz6edUMaEpNb0HKwkEJI1QV
DEBU[0990] manager: context canceled arch=amd64 kernel= kind=pipeline os=linux type=docker variant=
Can’t reply again (new user), so hoping you’ll see this.
one thing that jumps out is that the usernames don’t match.
I see this in your configuration:
DRONE_USER_CREATE=username:kirk-execute,admin:true
and I see this in your API response:
"login":"ksully-execute"
1 Like
winny63
May 26, 2022, 10:10am
13
I am get the same problem on same way and try to solve it the same:
in the drone docker-compose set env to: DRONE_USER_CREATE=username:vmb, admin=true
kill drone and drone-runner
up drone docker-compose
in Portainer see: DRONE_USER_CREATE username:vmb, admin:true
from api/user get: {“id”:1,“login”:“vmb”,“email”:"@ ",“machine”:false,“admin”:false,…}
brad
May 26, 2022, 6:43pm
14
it needs to be admin:true and make sure there is no space after the comma
-DRONE_USER_CREATE=username:vmb, admin=true
+DRONE_USER_CREATE=username:vmb,admin:true
You should also enable debug logging:
DEBU[0000] bootstrap: create account
DEBU[0000] bootstrap: updating account
You can also audit the code here:https://github.com/harness/drone/blob/master/cmd/drone-server/bootstrap/bootstrap.go
winny63
May 27, 2022, 9:22am
15
Hi!
