[BUG] crc start fails for non-admin users on Windows

[gorkem]

General information

• OS: Windows
• Hypervisor: KVM / Hyper-V / hyperkit
• Did you run crc setup before starting it (Yes/No)? Yes
• Running CRC on: Laptop

CRC version

# Put `crc version` output here

CRC status

CodeReady Containers version: 1.18.0+bb304aa
OpenShift version: 4.6.1 (embedded in binary)

CRC config

Host Operating System

# Put the output of `systeminfo` in case of Windows

Steps to reproduce

crc start fails if the user does not have admin rights.
It prompts for an admin user to configure the DNS but fails if such credentials can not be provided.

...
INFO Will run as admin: add dns server address to interface vEthernet (Default Switch)
Error running post start: Nameserver 172.17.136.19 not successfully set on interface vEthernet (Default Switch)

[gbraad]

This is a requirement and part of the documentation (and by design; hence the error). There is at the moment no way around this, as adding the DNS entries to the virtual switch needs admin privileges.

We are however looking into an altternative using the hosts file for quitte some timme, though this also needs admin or installer/setup privileges. the workaround could be an admin helper tool, which runs with privileges to perform certain tasks specfic to crc with elevated privileges

Note: I am pretty sure this is a duplicate

[gbraad]

Dup of: #1175 #1256, #1311
Solutions looked into in: #1132, #1537

Closing, as this is a known limitation, documented as 59fcb05 and has been part of the release notes for quite a while.

For CI purposes people disable UAC entirely. From the GUI this can be done as: https://articulate.com/support/article/how-to-turn-user-account-control-on-or-off-in-windows-10 or PowerShell:

PS> Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0

... but we do not promote this as it has implications:

[gorkem]

I actually looked into the docs but looked under Minimum System Requirements. Regardless this has been reported 4 times so far (perhaps more). I am a new wins user and tried crc on wins at version 1.17 for the first time and rage quit due to this error. This needs a better response on CRC, perhaps link to docs on the error and explanation on how to remediate?

When I read #1537 I do not read that it will improve the situation for windows. Will it @guillaumerose ?

[guillaumerose]

#1537 will not help at first. We need to create an admin daemon #1652 and extract all the steps that the admin needs to perform in a powershell script eg:

// Activate Hyper-V
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

// Activate userland network stack communication
$service = New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\GuestCommunicationServices" -Name "00000400-FACB-11E6-BD58-64006A7986D3"
$service.SetValue("ElementName", "gvisor-tap-vsock")

// Run the admin daemon as service
something!

This script should be something we release.

After that, we need to make crc aware of this mode.

[gbraad]

The problem for Hyper-V is that the Default Switch hands out addresses in a range using DHCP, we can't predict or pre-claim an eentry in the hosts-file. This is why we need to get the VM IP, and wwe use that to set using set-dnsclientserveraddress to force the VM to act as a nameserver.

Closing, as this is a known limitation, documented as 59fcb05 and has been part of the release notes for quite a while.

This needs a better response on CRC, perhaps link to docs on the error and explanation on how to remediate?

@robin-owen any idea how to make users more aware of this?