cloudpods
cloudpods copied to clipboard
yunionio
[求助/Help] 请问ocboot.sh在buildash容器里面找不到用户该怎么解决
现在我的机器是安装了openEuler 24.03 LTS-SP1,安装系统的时候没有且不想给root用户设置密码,我直接用在wheel组下的用户执行./ocboot.sh run.py light-virt会报以下错误:
[mine@podhost-m1 ocboot-master-v3.11.10-1]$ ./ocboot.sh run.py light-virt
Using buildah pull registry.cn-beijing.aliyuncs.com/yunionio/ocboot:v4-k3s.4
Trying to pull registry.cn-beijing.aliyuncs.com/yunionio/ocboot:v4-k3s.4...
Getting image source signatures
Copying blob 587596dbe2c8 done |
Copying blob 7c07a6b9feda done |
Copying blob 1207c741d8c9 done |
Copying blob a172135a88f6 done |
Copying config 4d25e7ebdf done |
Writing manifest to image destination
buildah-ocboot
buildah version: 1.34.1
Error: determining run uid: user: unknown user error looking up user "mine"
root用户执行了之后,到执行run.py、upgrade的时候只能检测到root用户,且run.py执行过免密登录设置后,再执行upgrade的时候ansible没法免密登录,会报以下错误:
[mine@podhost-m1 ocboot-master-v3.11.10-1]$ sudo ./ocboot.sh upgrade 192.168.12.17 3.11.10 --user mine
95c0c045fce4 * 4d25e7ebdfd0 registry.cn-beijing.aliyuncs.... buildah-ocboot
95c0c045fce4cadcbe2680fb0a202a482a9a5cc8218276611231a915bc6127d7
Using buildah pull registry.cn-beijing.aliyuncs.com/yunionio/ocboot:v4-k3s.4
buildah-ocboot
buildah version: 1.34.1
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf''
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl -n onecloud get onecloudclusters default -o json'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl -n onecloud get onecloudclusters default -o json''
k3s kubectl -n onecloud get onecloudclusters default -o json
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf''
k3s kubectl get nodes -o json
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl get nodes -o json'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl get nodes -o json''
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf''
ansible-playbook -e @./oc_vars.yml -i /tmp/test-hosts.ini /ocboot/onecloud/upgrade-cluster.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Unhandled error in Python interpreter discovery for host podhost-m1:
Failed to connect to the host via ssh: Authorized users only. All activities
may be monitored and reported. [email protected]: Permission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: [podhost-m1]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"192.168.12.17\". Make sure this host can be reached over ssh: \nAuthorized users only. All activities may be monitored and reported.\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}
PLAY RECAP *********************************************************************
podhost-m1 : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
现在cloudpods装在openEuler 24.03 LTS-SP1之后重启,开机的时候systemd会卡在挂载根目录上的任务上,我先重装一下系统
现在cloudpods装在openEuler 24.03 LTS-SP1之后重启,开机的时候systemd会卡在挂载根目录上的任务上,我先重装一下系统
@viscropst 这个问题最近遇到过,根分区不要用 lvm ,用普通的 sda2 ext4 试试
不太行,我甚至先执行了一遍run.py
[mine@weed-podhost ocboot-master-v3.11.10-1]$ sudo ls -al /root/.ssh
总计 8
drwx------. 2 root root 29 5月26日 15:23 .
dr-xr-x---. 5 root root 4096 5月26日 15:46 ..
-rw-r--r--. 1 root root 399 5月27日 11:03 authorized_keys
[mine@weed-podhost ocboot-master-v3.11.10-1]$ sudo ./ocboot.sh run.py virt
c1c323bf54f1 * 4d25e7ebdfd0 registry.cn-beijing.aliyuncs.... buildah-ocboot
c1c323bf54f116c88e8e7558440e1ba27536ae4581f229b54f766ec40f8769a0
Using buildah pull registry.cn-beijing.aliyuncs.com/yunionio/ocboot:v4-k3s.4
buildah-ocboot
buildah version: 1.34.1
choose local ip address: 192.168.12.17
loading path:
reuse conf: /ocboot/config-allinone-current.yml
cmd: ssh -o 'StrictHostKeyChecking=no' -o 'PasswordAuthentication=no' [email protected] uptime
Warning: Permanently added '192.168.12.17' (ED25519) to the list of known hosts.
Authorized users only. All activities may be monitored and reported.
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:jdpx9svhAsakRZzLAVXub3oNU9AfodmjHi80hXDaYks root@766591c85950
The key's randomart image is:
+---[RSA 3072]----+
| .+.o.. o ..|
| =. * *. |
| o o.E * =.|
| =+o o + o|
| =S =. * |
| .o++ o= + |
| .... =* . |
| .=.oo |
| .o+ |
+----[SHA256]-----+
We are going to run the following command to enable passwordless SSH login:
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Press any key to continue and then input mine's password to 192.168.12.17
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
expr: warning: '^ERROR: ': using '^' as the first character
of a basic regular expression is not portable; it is ignored
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized users only. All activities may be monitored and reported.
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
Authorized users only. All activities may be monitored and reported.
weed-podhost
/airgap_assets/k3s already exists, skip download.
/airgap_assets/k3s-arm64 already exists, skip download.
/airgap_assets/k3s-airgap-images-arm64.tar.zst already exists, skip download.
/airgap_assets/k3s-airgap-images-amd64.tar.zst already exists, skip download.
vars: {'onecloud_version': 'v3.11.10', 'onecloud_major_version': 'v3_11', 'extra_packages': [], 'k3s_version': 'v1.28.5+k3s1', 'airgap_dir': '/airgap_assets', 'token': 'mytoken@yunionio', 'env_k8s_or_k3s': 'k3s', 'yunion_qemu_package': 'yunion-qemu-4.2.0', 'is_controller_node': 'true'}
ansible-playbook -e @./oc_vars.yml -i ./host_inventory.yml ./onecloud/install-cluster.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
^Csubprocess exited on killed
subprocess exited with status 1
Error: exit status 1
[mine@weed-podhost ocboot-master-v3.11.10-1]$ sudo ls -al /root/.ssh
总计 24
drwx------. 2 root root 103 5月27日 14:38 .
dr-xr-x---. 5 root root 4096 5月26日 15:46 ..
-rw-r--r--. 1 root root 399 5月27日 11:03 authorized_keys
-rw------- 1 root root 2602 5月27日 14:38 id_rsa
-rw-r--r-- 1 root root 571 5月27日 14:38 id_rsa.pub
-rw------- 1 root root 662 5月27日 14:38 known_hosts
-rw-r--r-- 1 root root 95 5月27日 14:38 known_hosts.old
[mine@weed-podhost ocboot-master-v3.11.10-1]$ sudo ./ocboot.sh upgrade --user mine 192.168.12.17 v3.11.10
766591c85950 * 4d25e7ebdfd0 registry.cn-beijing.aliyuncs.... buildah-ocboot
766591c85950a5e9394abc8e8f5a1963cee6ca6556b52f06a970a32cc7323d32
Using buildah pull registry.cn-beijing.aliyuncs.com/yunionio/ocboot:v4-k3s.4
buildah-ocboot
buildah version: 1.34.1
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf''
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl -n onecloud get onecloudclusters default -o json'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl -n onecloud get onecloudclusters default -o json''
k3s kubectl -n onecloud get onecloudclusters default -o json
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf''
k3s kubectl get nodes -o json
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl get nodes -o json'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; k3s kubectl get nodes -o json''
INFO:lib.ssh:exec_command: bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf'
ssh -p 22 -o LogLevel=error -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ForwardX11=no -i /root/.ssh/id_rsa [email protected] 'bash -c '[ -s /etc/kubernetes/admin.conf ] && export KUBECONFIG=/etc/kubernetes/admin.conf || :; ls -alh /etc/kubernetes/kubelet.conf''
ansible-playbook -e @./oc_vars.yml -i /tmp/test-hosts.ini /ocboot/onecloud/upgrade-cluster.yml
PLAY [all] *********************************************************************
TASK [Gathering Facts] *********************************************************
[WARNING]: Unhandled error in Python interpreter discovery for host weed-
podhost: Failed to connect to the host via ssh: Authorized users only. All
activities may be monitored and reported. [email protected]: Permission denied
(publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: [weed-podhost]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"192.168.12.17\". Make sure this host can be reached over ssh: \nAuthorized users only. All activities may be monitored and reported.\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}
PLAY RECAP *********************************************************************
weed-podhost : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
找到原因了,是buildah挂载的问题
[mine@weed-podhost ~]$ sudo buildah run --isolation chroot --user root -t --net=host -v "$HOME/.ssh:$HOME/.ssh" -v "$(pwd):/ocboot" "buildah-ocboot" /bin/sh
/ocboot # cat ~/.ssh/id_rsa
id_rsa id_rsa.pub
/ocboot # cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6lFmR9HMmS/7TWaJN/vCQfTF4ZQNlLoq2BOMSBSGhXasBdsd27G4xdL4H2392DCxLLVq3sPCwKTHezBSVgCdQ6srW3cb0r5asonompcaDhqduzcpfpiWRhm0RZJAjEJ/9aSrZ36glLfVZ4M8dJqWnRFiahPwR8ZikjM6YDS0HTHcAwPbhLSy9M8xZAmMXof6w2TLhcSgRvOo9karqQ9rjcOILFXTheIxEumujtzdj/BFkivTcGSKaZXpIXAOPZqLl0B+YkR7nrpnkmFnK+VtaW22DsL2tD5mSzBA50jKHHhHl4R6hWg/1pR2QWns5JwopgwNmaWs/+zBQ4fkX+gNIy9YPEq2zAB/tOMnCHOy1V6AUpzm1MRfNmZWwQ3HGvfkTo0JtJ+DMPXzo6LVV/ZtTeHn+heKWsnm/OOsflGxi336D1pjljeVCM/pNwYkY2+s0MPIRluVSKn90P4QdjrUpFUiaFqWweIjIxRdhw4eCNVuzjDpR0IwI/XxkS/8R+2E= root@9ab6cb6aaa8c
/ocboot # exit
[mine@weed-podhost ~]$ sudo buildah run --isolation chroot --user root -t --net=host -v "$HOME/.ssh:/root/.ssh" -v "$(pwd):/ocboot" "buildah-ocboot" /bin/sh
/ocboot # cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzWNRlJuxpCbDE1E03YiVwBpq7UWv88dcxmc9WuMqV4hXt8jw4RC8bEJi+kgFmtwnjtfNuUoY9TrXg07Gvqaw88hBxg4vfAsq3Ynb+mynPj79vdBu6Z8IGNpRM0k/SFIyMX0akEhuuBflS6iqBuB567Jl72t2kHOAe+LkfPjclYBoMkimBNhJOtwJLb+fk/lrWt6/3HPAWA1weKiAhPkPTrykssJCXI1YFkMfZQ150rldWhEIqymq8q/5bBa/fOiZC5gi4khavRuMYybvjQI6UqrbRFoJlqN006nq/+1u2ilGvkD1u3lBxE19OA0d5Xlc2S6gy28g7cQWorhevRUK3kpHn9kqV5TzGz+parLaapiwcHCFQ6oXnVsijUaD0ePFkuyeENujRZqOren5IokwHRtq8HM7TpqF+KJK7BO2L7RxMOLhbMNwLRyScQyJlbQBzc3oDrOolo5wOHaQ+te8YF6H6viKcyQAQD+7cNw9lqRcSPuKgTYr/DNvtOsSA4VDuKDzIOIYAs5lgqXwYh2NLIuQ/eU9BYwKFY3I3+Uz3BsNayQjO0/EkTqmDbKmBXi1nqYZMFBFJXCT9vHoA2sVXxPCHFSg0H91nkUxa5t5bE7S19kVCFyRPKvTctcgYFyLW/YeIP191x5VQsH9tATljq2tcvrdAJN3JEfBlYZDfqw== [email protected]
/ocboot # exit
[mine@weed-podhost ~]$ sudo buildah run --isolation chroot --user root -t --net=host -v "/root/.ssh:/root/.ssh" -v "$(pwd):/ocboot" "buildah-ocboot" /bin/sh
/ocboot # cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFp+4TmaMJAid8kOr1RBdrM6J9DCxWTxoSEynJ0zzzJSG2IQ5gFXCiN/Ztv/KokvlcITh2WVgQM8d5LdQEjRzAxdZk+IoGgCYniQF+RZpHzWB9UjHc/0X/SW6Ye4/IOupZw3hY7NB5wLKa40ZKwH53ay7P91b29wo26lRYkCQBwiYjyIg9FiL0BHkP28Rn+nVZ6iQIIQmuMMm6swg0ABCL9aJAt7fuHtBUOHKKAZm2Mjz9hsQv5vWhiCXfit00dILTgWCyp0ezkULb+BPu0jES1ys5xuE7mGn7fq1trJZwWKqEn0mEHItElI2T1xZFdbd3yN8pZSZHgt+SHS+CjdiiPhhQZiqCDdS8rPe1XXbKugY8bEknwgCCJD4RqONp6q8Bu7XSbwO2tbGUtCZfCIRQDTnflHSym/VLE36Jyh9jTBc6XK+tZbWJWnUA6M9tctX7ndA1thCQsMonSXxvJidscrs/rY+dgWdPHNjzhAe5hsgyECzgtgnKO8HmkW6S5sM= [email protected]
/ocboot # exit
找到了解决方案,用sudo执行buildah,然后把/etc/passwd,/etc/group,和HOME环境变量映射给容器就解决了
# ocboot.sh
sudo buildah run --isolation chroot --user $(id -u):$(id -g) \
-t "${buildah_extra_args[@]}" \
--net=host \
-e "HOME=$HOME" \
-v "$(mktemp -d):$HOME/.ansible" \
-v "$HOME/.ssh:$HOME/.ssh" \
-v "$HOME/.kube:$HOME/.kube" \
-v "/etc/passwd:/etc/passwd:ro" \
-v "/etc/group:/etc/group:ro" \
-v "$(pwd):$ROOT_DIR" \
-v "$(pwd)/airgap_assets/k3s-install.sh:/airgap_assets/k3s-install.sh:ro" \
"$CONTAINER_NAME" $CMD $origin_args $cmd_extra_args