kubekey icon indicating copy to clipboard operation
kubekey copied to clipboard
verified publisher icon kubesphere

麒麟信安系统使用kk初始化系统报Failed to exec command: sudo -E /bin/bash -c "echo 'Greetings, KubeKey!'" sudo: Permission denied

Open UINWZ opened this issue 4 weeks ago • 5 comments

What is version of KubeKey has the issue?

{Major:"3", Minor:"1", GitVersion:"v3.1.11-dirty", GitCommit:"f9d473060ec34cd8ffe5a87f2eceb1dead397f5c", GitTreeState:"dirty", BuildDate:"2025-08-18T17:06:14Z", GoVersion:"go1.23.2", Compiler:"gc", Platform:"linux/arm64"}

What is your os environment?

KylinSec-PG-3.3-6C-aarch64

KubeKey config file

apiVersion: kubekey.kubesphere.io/v1alpha2
kind: Manifest
metadata:
  name: config
spec:
  arches:
  - arm64
  operatingSystems:
  - arch: arm64
    type: linux
    id: KylinSec
    version: "3.3"
    osImage: KylinSec-PG-3.3-6C
    repository:
      iso:
        localPath: "/data/kubekey/KylinSec-PG-3.3-6C-aarch64.iso"
        url:
  kubernetesDistributions:
  - type: kubernetes
    version: v1.28.8
  components:
    helm: 
      version: v3.18.5
    cni: 
      version: v1.2.0
    etcd: 
      version: v3.5.13
    containerRuntimes:
    - type: docker
      version: 24.0.9
    - type: containerd
      version: 1.7.13
    calicoctl:
      version: v3.27.4
    crictl: 
      version: v1.29.0
    docker-registry:
      version: "2"
    harbor:
      version: v2.10.1
    docker-compose:
      version: v2.26.1
  images:
  - registry.cn-beijing.aliyuncs.com/kubesphereio/pause:3.9
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-apiserver:v1.28.8
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controller-manager:v1.28.8
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-scheduler:v1.28.8
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-proxy:v1.28.8
  - registry.cn-beijing.aliyuncs.com/kubesphereio/coredns:1.9.3
  - registry.cn-beijing.aliyuncs.com/kubesphereio/k8s-dns-node-cache:1.22.20
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-controllers:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/cni:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/node:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/pod2daemon-flexvol:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/typha:v3.27.4
  - registry.cn-beijing.aliyuncs.com/kubesphereio/flannel:v0.21.3
  - registry.cn-beijing.aliyuncs.com/kubesphereio/flannel-cni-plugin:v1.1.2
  - registry.cn-beijing.aliyuncs.com/kubesphereio/cilium:v1.15.3
  - registry.cn-beijing.aliyuncs.com/kubesphereio/operator-generic:v1.15.3
    # - registry.cn-beijing.aliyuncs.com/kubesphereio/hybridnet:v0.8.6
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-ovn:v1.10.10
  - registry.cn-beijing.aliyuncs.com/kubesphereio/multus-cni:v3.8
  - registry.cn-beijing.aliyuncs.com/kubesphereio/provisioner-localpv:3.3.0
  - registry.cn-beijing.aliyuncs.com/kubesphereio/linux-utils:3.3.0
  - registry.cn-beijing.aliyuncs.com/kubesphereio/haproxy:2.9.6-alpine
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kube-vip:v0.7.2
  - registry.cn-beijing.aliyuncs.com/kubesphereio/kata-deploy:stable
  - registry.cn-beijing.aliyuncs.com/kubesphereio/node-feature-discovery:v0.10.0
  registry:
    auths: {}

A clear and concise description of what happend.

麒麟信安系统使用kk初始化系统报Failed to exec command: sudo -E /bin/bash -c "echo 'Greetings, KubeKey!'" sudo: Permission denied

Relevant log output

Additional information

No response

UINWZ avatar Nov 28 '25 07:11 UINWZ

可能是config-sample.yaml里面配置的账号不是sudo权限的账号。可以用以下命令验证一下:

ssh -t [email protected] "sudo -E /bin/bash -c \"echo 'Greetings, KubeKey!'\""

redscholar avatar Dec 01 '25 08:12 redscholar

可能是config-sample.yaml里面配置的账号不是sudo权限的账号。可以用以下命令验证一下:

ssh -t [email protected] "sudo -E /bin/bash -c "echo 'Greetings, KubeKey!'""

感觉工具内建要求sudo权限的范围太大 内建所有的操作都依赖 native/root角色 这样kk操作的这台机器localhost必须配置密码或免密sudo

mumuhhh avatar Dec 02 '25 01:12 mumuhhh

执行用的是root用户,而且是sudo免密的 尝试了同内核版本的open Euler也是可以正常使用kk的

UINWZ avatar Dec 04 '25 01:12 UINWZ

可能是config-sample.yaml里面配置的账号不是sudo权限的账号。可以用以下命令验证一下:

ssh -t [email protected] "sudo -E /bin/bash -c "echo 'Greetings, KubeKey!'""

@UINWZ 这个命令的执行结果是啥

redscholar avatar Dec 05 '25 09:12 redscholar

可能是config-sample.yaml里面配置的账号不是sudo权限的账号。可以用以下命令验证一下: ssh -t [email protected] "sudo -E /bin/bash -c "echo 'Greetings, KubeKey!'""

感觉工具内建要求sudo权限的范围太大 内建所有的操作都依赖 native/root角色 这样kk操作的这台机器localhost必须配置密码或免密sudo

安装k8s时,需要修改内核参数,就需要sudo权限。 后续可以把sudo改成配置项,以满足一些普通任务的执行。

redscholar avatar Dec 05 '25 09:12 redscholar

@redscholar 报错如标题,Failed to exec command: sudo -E /bin/bash -c "echo 'Greetings, KubeKey!'" sudo: Permission denied

UINWZ avatar Dec 15 '25 07:12 UINWZ

@UINWZ 你这问题是root用户被限制使用sudo权限,这貌似是安全增强需要改/etc/sudoers

mumuhhh avatar Dec 15 '25 07:12 mumuhhh

root的权限是root ALL=(ALL) ALL,从这个权限上看没什么问题,不知道是不是因为其他的安全设置影响

Mr-Mu @.***> 于2025年12月15日周一 15:36写道:

mumuhhh left a comment (kubesphere/kubekey#2876) https://github.com/kubesphere/kubekey/issues/2876#issuecomment-3654115688

@UINWZ https://github.com/UINWZ 你这问题是root用户被限制使用sudo权限,这貌似是安全增强需要改/etc/sudoers

— Reply to this email directly, view it on GitHub https://github.com/kubesphere/kubekey/issues/2876#issuecomment-3654115688, or unsubscribe https://github.com/notifications/unsubscribe-auth/AETJWPS6IMJT2BAMHJPDVGT4BZQJDAVCNFSM6AAAAACNOFNK2SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMNJUGEYTKNRYHA . You are receiving this because you were mentioned.Message ID: @.***>

UINWZ avatar Dec 15 '25 08:12 UINWZ