ceph-container icon indicating copy to clipboard operation
ceph-container copied to clipboard
verified publisher icon ceph

ceph uses normal users for ssh connections

Open DouBiquickrun opened this issue 2 years ago • 1 comments

My server is not allowed to remotely connect with the root user, so I use the option --ssh-user for my ubuntu user. However, I encountered such problems when I was cephadm bootstrap. I can ensure that my ubuntu user has the no-passwd sudo permission and ssh connection permission, here is my command: cephadm bootstrap --ssh-user ubuntu --mon-ip 192.168.1.91

  • Bug Report root@master01:~/kubernetes_cluster_v1.4# cephadm --image 192.168.1.91:5001/ceph:v17 bootstrap --ssh-user ubuntu --mon-ip 192.168.1.91 --config /tmp/temp/ ceph/initial-ceph.conf Verifying ssh connectivity ... Adding key to ubuntu@localhost authorized_keys... Verifying podman|docker is present... Verifying lvm2 is present... Verifying time synchronization is in place... Unit chrony.service is enabled and running Repeating the final host check... podman (/usr/bin/podman) version 3.4.4 is present systemctl is present lvcreate is present Unit chrony.service is enabled and running Host looks OK Cluster fsid: f6d40f8f-1654-11ee-893c-1f722227a74d Verifying IP 192.168.1.91 port 3300 ... Verifying IP 192.168.1.91 port 6789 ... Mon IP 192.168.1.91 is in CIDR network 192.168.1.0/24 Mon IP 192.168.1.91 is in CIDR network 192.168.1.0/24 Internal network (--cluster-network) has not been provided, OSD replication will default to the public_network Pulling container image 192.168.1.91:5001/ceph:v17... Ceph version: ceph version 17.2.5 (98318ae89f1a893a6ded3a640405cdbb33e08757) quincy (stable) Extracting ceph user uid/gid from container image... Creating initial keys... Creating initial monmap... Creating mon... Waiting for mon to start... Waiting for mon... mon is available Assimilating anything we can from ceph.conf... Generating new minimal ceph.conf... Restarting the monitor... Setting mon public_network to 192.168.1.0/24 Wrote config to /etc/ceph/ceph.conf Wrote keyring to /etc/ceph/ceph.client.admin.keyring Creating mgr... Verifying port 9283 ... Waiting for mgr to start... Waiting for mgr... mgr not available, waiting (1/15)... mgr not available, waiting (2/15)... mgr not available, waiting (3/15)... mgr is available Enabling cephadm module... Waiting for the mgr to restart... Waiting for mgr epoch 5... mgr epoch 5 is available Setting orchestrator backend to cephadm... Generating ssh key... Wrote public SSH key to /etc/ceph/ceph.pub Adding key to ubuntu@localhost authorized_keys... Adding host master01... Non-zero exit code 22 from /usr/bin/podman run --rm --ipc=host --stop-signal=SIGTERM --net=host --entrypoint /usr/bin/ceph --init -e CONTAINER_IMAGE=192. 168.1.91:5001/ceph:v17 -e NODE_NAME=master01 -e CEPH_USE_RANDOM_NONCE=1 -v /var/log/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d:/var/log/ceph:z -v /tmp/cep h-tmp5jhlt23e:/etc/ceph/ceph.client.admin.keyring:z -v /tmp/ceph-tmpmhyhhmfx:/etc/ceph/ceph.conf:z 192.168.1.91:5001/ceph:v17 orch host add master01 192. 168.1.91 /usr/bin/ceph: stderr Error EINVAL: check-host failed: /usr/bin/ceph: stderr Unable to write master01:/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a959 4423cc105cafd9b4e: scp: /tmp/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a9594423cc105cafd9b4e.n ew: Permission denied ERROR: Failed to add host : Failed command: /usr/bin/podman run --rm --ipc=host --stop-signal=SIGTERM --net=host --entrypoint /usr/bin/ceph --i nit -e CONTAINER_IMAGE=192.168.1.91:5001/ceph:v17 -e NODE_NAME=master01 -e CEPH_USE_RANDOM_NONCE=1 -v /var/log/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d: /var/log/ceph:z -v /tmp/ceph-tmp5jhlt23e:/etc/ceph/ceph.client.admin.keyring:z -v /tmp/ceph-tmpmhyhhmfx:/etc/ceph/ceph.conf:z 192.168.1.91:5001/ceph:v17 orch host add master01 192.168.1.91: Error EINVAL: check-host failed: Unable to write master01:/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a9594423cc105cafd9b4e: scp : /tmp/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a9594423cc105cafd9b4e.new: Permission denied

What you expected to happen: I don't know if the --ssh-user parameter is used correctly, or tell me how to configure the normal account correctly

How to reproduce it (minimal and precise): use -ssh-user

Environment:

  • OS (e.g. from /etc/os-release):Ubuntu 22.04.2
  • Kernel (e.g. uname -a):Linux master01 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
  • Docker version (e.g. docker version):podman version 3.4.4
  • Ceph version (e.g. ceph -v):ceph version 17.2.5 (98318ae89f1a893a6ded3a640405cdbb33e08757) quincy (stable)

DouBiquickrun avatar Jun 29 '23 08:06 DouBiquickrun

You can try:

To add the cephadm SSH key to the host:

ceph cephadm get-pub-key > ~/ceph.pub ssh-copy-id -f -i ~/ceph.pub {user}@{host}

To check that the host is reachable open a new shell with the --no-hosts flag:

cephadm shell --no-hosts

Then run the following:

ceph cephadm get-ssh-config > ssh_config ~/cephadm_private_key chmod 0600 ~/cephadm_private_key ssh -F ssh_config -i ~/cephadm_private_key {user}@{host}

seckin-oter avatar Sep 27 '23 13:09 seckin-oter

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in a week if no further activity occurs. Thank you for your contributions.

github-actions[bot] avatar Apr 10 '24 20:04 github-actions[bot]

This issue has been automatically closed due to inactivity. Please re-open if this still requires investigation.

github-actions[bot] avatar Apr 18 '24 20:04 github-actions[bot]