How do you guys provide your developers with Rebooting ability on their Ubuntus?
Posted by Good_Panic1986@reddit | linuxadmin | View on Reddit | 13 comments
Our users ubuntu machines have either been configured on MAAS in the server room or are on VM in the vSphere. From time to time they need their ubuntu machines get rebooted due to so many dangling dockers eating their CPU and they have to submit a ticket so we do it for them from the server side.
I wanted to see how other teams are handling this and how we can provide our users the reboot availability on their own?
SuperQue@reddit
Ahh, XY Problems.
UsedToLikeThisStuff@reddit
Yeah, why not write a script that kills off all the containers and restarts the dockerd, and give sudo rights to just run that?
SuperQue@reddit
Kubernetes has entered the chat
Resource_account@reddit
If they’re not that many containers on the host I would even suggest a simple podman quadlet setup. Create free .container files, generate the equivalent unit files and set them to run at the user level. Let systemd handle the rest
whetu@reddit
Make sure their users are in the
dockergroup and train them with how to use docker properly?And add a cronjob that routinely runs some cleanup tasks? Like this:
lightmatter501@reddit
Granting docker group perms = granting root perms. If they already have root I’m guessing they wouldn’t need help rebooting.
I agree on no blind reboots, just write a script which force stops all running containers and prunes the environment and use sudo to let them run it.
whetu@reddit
Yeah, unfortunately docker's security position is fucking atrocious. I recently invested too much time ansibling it to be selinux-on, rootless, and subject to firewalld without its bullshit iptables bypass. I shudder to think how much worse it would be with ufw and apparmor under Ubuntu. Really, I would much rather have our dev team grow up and switch to podman.
One-liner :)
IridescentKoala@reddit
Why do they need to reboot? Just launch another one.
michaelpaoli@reddit
sudo, ssh with forced command, many possibilities. Can also build into it whatever logging or controls you want, e.g. make them supply a reason, require some additional person to approve it ... whatever. But yeah, if it's that regular, may make lots of sense to automate it.
Sylogz@reddit
all devs are able to take/rollback/remove snapshots and reboot/shutdown/startup VMs in vsphere.
rootkode@reddit
sudoers if they’re able to access the Ubuntu machines but aren’t admins. vSphere user permissions if they need to manage the VM from from the host side of things.
peroyhav@reddit
This
dhsjabsbsjkans@reddit
sudo of polkit.