Comments (17)
leoendless
commented on May 28, 2024
salt 会在登录页被请求时,由 node server 生产并写入登录页面和 ctx.session 中,如果使用 login api, 是没有 salt 的。
login 时不传 encrypt 可以跳过密码的混淆,直接传 username,password 即可。
from console.
leowucn
commented on May 28, 2024
我现在看到的情况是login时调用了login api,params对象中有encrypt字段,在随后的decryptPassword函数中,并没有对密码解密,于是params.password就有了加密后的密码,并且把这个加密密码传到了后端。请问这个是预期的吗
from console.
leoendless
commented on May 28, 2024
- 是在本地开发吗?
- 是在登录页面里点击登录的吗?
from console.
leowucn
commented on May 28, 2024
不是,是部署用来测试的,但是多集群部署后一直有问题,先是处理了redis问题,然后登陆页面就一直无法登陆。看了下代码,现在问题定位到代码那里了
from console.
leoendless
commented on May 28, 2024
多 master 集群 ctx.session 和 redis 相关,如果没有读到 session 的值的话,可能和 redis 有关。
redis 实例数量是一个吗
from console.
leowucn
commented on May 28, 2024
3个,pvc也是3个
from console.
leowucn
commented on May 28, 2024
NAME READY STATUS RESTARTS AGE
pod/ks-account-6c6895f8bf-pd5kd 1/1 Running 0 69m
pod/ks-apigateway-86ddd55945-txqmk 1/1 Running 0 31h
pod/ks-apiserver-7946fb66b-2qw7l 1/1 Running 0 31h
pod/ks-apiserver-7946fb66b-s8cnr 1/1 Running 0 31h
pod/ks-apiserver-7946fb66b-vxhvp 1/1 Running 0 31h
pod/ks-console-59d7997c8c-jjbm7 1/1 Running 0 91m
pod/ks-controller-manager-745d8c6dc7-5575l 1/1 Running 0 31h
pod/ks-controller-manager-745d8c6dc7-lh2k2 1/1 Running 0 31h
pod/ks-controller-manager-745d8c6dc7-swb4w 1/1 Running 0 31h
pod/ks-redis-redis-ha-server-0 2/2 Running 0 31h
pod/ks-redis-redis-ha-server-1 2/2 Running 0 31h
pod/ks-redis-redis-ha-server-2 2/2 Running 0 31h
pod/openldap-0 1/1 Running 0 31h
pod/redis-ha-haproxy-7d856799d5-drj9x 1/1 Running 0 31h
pod/redis-ha-haproxy-7d856799d5-nnjxz 1/1 Running 0 31h
pod/redis-ha-haproxy-7d856799d5-vsnkf 1/1 Running 0 31h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ks-account ClusterIP 10.106.40.219 <none> 80/TCP 36h
service/ks-apigateway NodePort 10.96.83.165 <none> 80:31128/TCP 32h
service/ks-apiserver ClusterIP 10.101.87.94 <none> 80/TCP 36h
service/ks-console NodePort 10.103.23.242 <none> 80:30880/TCP 36h
service/ks-redis-redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 36h
service/ks-redis-redis-ha-announce-0 ClusterIP 10.108.67.184 <none> 6379/TCP,26379/TCP 36h
service/ks-redis-redis-ha-announce-1 ClusterIP 10.109.238.81 <none> 6379/TCP,26379/TCP 36h
service/ks-redis-redis-ha-announce-2 ClusterIP 10.104.170.104 <none> 6379/TCP,26379/TCP 36h
service/openldap ClusterIP None <none> 389/TCP 36h
service/redis ClusterIP 10.110.249.3 <none> 6379/TCP 36h
service/redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 36h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ks-account 1/1 1 1 36h
deployment.apps/ks-apigateway 1/1 1 1 36h
deployment.apps/ks-apiserver 3/3 3 3 36h
deployment.apps/ks-console 1/1 1 1 36h
deployment.apps/ks-controller-manager 3/3 3 3 36h
deployment.apps/ks-installer 0/0 0 0 36h
deployment.apps/redis-ha-haproxy 3/3 3 3 36h
NAME DESIRED CURRENT READY AGE
replicaset.apps/ks-account-5566f6ffc7 0 0 0 7h53m
replicaset.apps/ks-account-5b8b7b5698 0 0 0 128m
replicaset.apps/ks-account-5d46cdfb4f 0 0 0 7h41m
replicaset.apps/ks-account-5d6cf96db 0 0 0 4h4m
replicaset.apps/ks-account-678b97b465 0 0 0 139m
replicaset.apps/ks-account-6966bd6f78 0 0 0 5h47m
replicaset.apps/ks-account-6c6895f8bf 1 1 1 69m
replicaset.apps/ks-account-7666947897 0 0 0 135m
replicaset.apps/ks-account-77c8dfc674 0 0 0 28h
replicaset.apps/ks-account-7cf584486f 0 0 0 5h34m
replicaset.apps/ks-account-8f597bcb6 0 0 0 8h
replicaset.apps/ks-apigateway-65b7cdff8d 0 0 0 32h
replicaset.apps/ks-apigateway-86ddd55945 1 1 1 31h
replicaset.apps/ks-apigateway-d6f89b96f 0 0 0 36h
replicaset.apps/ks-apiserver-576954d78d 0 0 0 32h
replicaset.apps/ks-apiserver-5dff5c594d 0 0 0 36h
replicaset.apps/ks-apiserver-7946fb66b 3 3 3 31h
replicaset.apps/ks-console-59d7997c8c 1 1 1 91m
replicaset.apps/ks-console-5c666c644 0 0 0 36h
replicaset.apps/ks-console-5d6696ffd 0 0 0 31h
replicaset.apps/ks-console-646dcfc674 0 0 0 115m
replicaset.apps/ks-console-65c7fbd7f 0 0 0 32h
replicaset.apps/ks-controller-manager-745d8c6dc7 3 3 3 31h
replicaset.apps/ks-controller-manager-779d9c6bbf 0 0 0 36h
replicaset.apps/ks-controller-manager-f7d9f78bd 0 0 0 32h
replicaset.apps/ks-installer-75d9d66745 0 0 0 36h
replicaset.apps/redis-ha-haproxy-7d856799d5 3 3 3 36h
NAME READY AGE
statefulset.apps/ks-redis-redis-ha-server 3/3 36h
statefulset.apps/openldap 1/1 36h
from console.
leowucn
commented on May 28, 2024
现在改的配置里其实是没有用到redis-ha-haproxy的
from console.
leoendless
commented on May 28, 2024
from console.
zheng1
commented on May 28, 2024
你好,这个环境是原先非高可用部署后来修改过去的吗?下面是正常的高可用部署情况下的配置
[root@master1 ~]# kubectl get replicasets.apps -n kubesphere-system
NAME DESIRED CURRENT READY AGE
etcd-5769d4997f 1 1 1 8h
ks-account-789cd8bbd5 3 3 3 8h
ks-apigateway-5664c4b76f 3 3 3 8h
ks-apiserver-75f468d48b 3 3 3 8h
ks-console-78bddc5bfb 3 3 3 8h
ks-controller-manager-d4788677 3 3 3 8h
ks-installer-7d9fb945c7 1 1 1 8h
minio-845b7bd867 1 1 1 8h
mysql-66df969d 1 1 1 8h
redis-ha-haproxy-ffb8d889d 3 3 3 8h
[root@master1 ~]# kubectl get deployments.apps -n kubesphere-system
NAME READY UP-TO-DATE AVAILABLE AGE
etcd 1/1 1 1 8h
ks-account 3/3 3 3 8h
ks-apigateway 3/3 3 3 8h
ks-apiserver 3/3 3 3 8h
ks-console 3/3 3 3 8h
ks-controller-manager 3/3 3 3 8h
ks-installer 1/1 1 1 8h
minio 1/1 1 1 8h
mysql 1/1 1 1 8h
redis-ha-haproxy 3/3 3 3 8h其中 ks-account/ks-apigateway/ks-console 的replica应该为3,但是在你的环境中并不是
from console.
leowucn
commented on May 28, 2024
@zheng1 这个集群是多master集群,部署时默认就是高可用部署了。replica只是我为了方便看日志才修改为了1。等我重新部署下,再给你看看
from console.
leowucn
commented on May 28, 2024
@zheng1 @zryfish 刚重新部署完Kubesphere
ks-apigateway无法工作是因为redis服务不能正常工作。
NAME READY STATUS RESTARTS AGE
pod/ks-account-845d86f776-cq5qk 1/1 Running 0 36s
pod/ks-account-845d86f776-ljkhf 1/1 Running 0 36s
pod/ks-account-845d86f776-wssvs 1/1 Running 0 36s
pod/ks-apigateway-d6f89b96f-6f4xj 0/1 CrashLoopBackOff 2 43s
pod/ks-apigateway-d6f89b96f-dr6sq 0/1 CrashLoopBackOff 2 43s
pod/ks-apigateway-d6f89b96f-hp2nv 0/1 CrashLoopBackOff 2 43s
pod/ks-apiserver-5dff5c594d-7v8q9 1/1 Running 0 39s
pod/ks-apiserver-5dff5c594d-wh688 1/1 Running 0 39s
pod/ks-apiserver-5dff5c594d-wlbct 1/1 Running 0 39s
pod/ks-console-5c666c644-f9rgn 1/1 Running 0 29s
pod/ks-console-5c666c644-q64v8 1/1 Running 0 29s
pod/ks-console-5c666c644-sflj7 1/1 Running 0 29s
pod/ks-controller-manager-779d9c6bbf-c4qx9 1/1 Running 0 35s
pod/ks-controller-manager-779d9c6bbf-r7l7x 1/1 Running 0 35s
pod/ks-controller-manager-779d9c6bbf-rpcdw 1/1 Running 0 35s
pod/ks-installer-75d9d66745-5p9qt 1/1 Running 0 4m6s
pod/openldap-0 1/1 Running 0 94s
pod/openldap-1 1/1 Running 0 48s
pod/redis-ha-haproxy-7d856799d5-59n8n 1/1 Running 0 102s
pod/redis-ha-haproxy-7d856799d5-c6jdc 1/1 Running 0 102s
pod/redis-ha-haproxy-7d856799d5-xs84m 1/1 Running 0 102s
pod/redis-ha-server-0 0/2 Init:Error 4 102s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ks-account ClusterIP 10.102.66.75 <none> 80/TCP 36s
service/ks-apigateway ClusterIP 10.96.249.159 <none> 80/TCP 43s
service/ks-apiserver ClusterIP 10.106.194.127 <none> 80/TCP 38s
service/ks-console NodePort 10.97.33.152 <none> 80:30880/TCP 25s
service/openldap ClusterIP None <none> 389/TCP 94s
service/redis ClusterIP 10.98.2.157 <none> 6379/TCP 102s
service/redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 102s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ks-account 3/3 3 3 36s
deployment.apps/ks-apigateway 0/3 3 0 43s
deployment.apps/ks-apiserver 3/3 3 3 39s
deployment.apps/ks-console 3/3 3 3 29s
deployment.apps/ks-controller-manager 3/3 3 3 35s
deployment.apps/ks-installer 1/1 1 1 4m7s
deployment.apps/redis-ha-haproxy 3/3 3 3 102s
NAME DESIRED CURRENT READY AGE
replicaset.apps/ks-account-845d86f776 3 3 3 36s
replicaset.apps/ks-apigateway-d6f89b96f 3 3 0 43s
replicaset.apps/ks-apiserver-5dff5c594d 3 3 3 39s
replicaset.apps/ks-console-5c666c644 3 3 3 29s
replicaset.apps/ks-controller-manager-779d9c6bbf 3 3 3 35s
replicaset.apps/ks-installer-75d9d66745 1 1 1 4m7s
replicaset.apps/redis-ha-haproxy-7d856799d5 3 3 3 102s
NAME READY AGE
statefulset.apps/openldap 2/2 94s
statefulset.apps/redis-ha-server 0/3 102s
redis-ha-server-0的初始化容器有报错,日志如下:
# klog -f pod/redis-ha-server-0 -c config-init
Could not connect to Redis at redis-ha:26379: Name does not resolve
Initializing config..
/readonly-config/init.sh: line 84: Could not resolve the announce ip for this pod: not found
看起来是redis-ha服务不通。
# kg pod --show-labels | grep redis
redis-ha-haproxy-7d856799d5-59n8n 1/1 Running 0 2m19s app=redis-ha-haproxy,pod-template-hash=7d856799d5,release=ks-redis
redis-ha-haproxy-7d856799d5-c6jdc 1/1 Running 0 2m19s app=redis-ha-haproxy,pod-template-hash=7d856799d5,release=ks-redis
redis-ha-haproxy-7d856799d5-xs84m 1/1 Running 0 2m19s app=redis-ha-haproxy,pod-template-hash=7d856799d5,release=ks-redis
redis-ha-server-0 0/2 Init:CrashLoopBackOff 4 2m19s app=redis-ha,controller-revision-hash=redis-ha-server-8665778747,release=ks-redis,statefulset.kubernetes.io/pod-name=redis-ha-server-0
# kg svc redis-ha -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2020-03-01T02:54:51Z"
labels:
app: redis-ha
chart: redis-ha-3.9.0
heritage: Tiller
release: ks-redis
name: redis-ha
namespace: kubesphere-system
resourceVersion: "576954"
selfLink: /api/v1/namespaces/kubesphere-system/services/redis-ha
uid: 7596c5f9-9a84-489f-a986-b97da836b26d
spec:
clusterIP: None
ports:
- name: server
port: 6379
protocol: TCP
targetPort: redis
- name: sentinel
port: 26379
protocol: TCP
targetPort: sentinel
selector:
app: redis-ha
release: ks-redis
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
观察pod标签和svc selector,redis-ha服务能匹配到的pod只有redis-ha-server-0,但是redis-ha-server-0的初始化容器启动时就需要redis-ha服务可以访问,但是没有pod处于就绪状态,因为还在初始化容器步骤,这样就形成了死循环。
我之前给社区提出了这个issue,但是他们认为是dns有问题,我测试了一下当前命名空间的openldap服务
# kubectl run -i --rm --tty debug --image=busybox --restart=Never -- sh
If you don't see a command prompt, try pressing enter.
/ #
/ # ping openldap
PING openldap (10.244.0.3): 56 data bytes
64 bytes from 10.244.0.3: seq=0 ttl=62 time=0.335 ms
^C
--- openldap ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.335/0.335/0.335 ms
/ # telnet openldap 389
Connected to openldap
^C
这就说明dns没有问题。
from console.
leowucn
commented on May 28, 2024
from console.
wansir
commented on May 28, 2024
可以对照这个 values.yaml 重新部署一下 redis,我看一些 service 都没有了。 或者直接使用单副本的redis,确保 redis.kubesphere-system.svc:6379 可以访问到redis
helm upgrade --install ks-redis ./redis-ha custom-values-redis.yaml --set fullnameOverride=redis-ha --namespace kubesphere-system
https://github.com/kubesphere/ks-installer/tree/master/roles/common/files/redis-ha
from console.
leowucn
commented on May 28, 2024
@wansir 我没用过Playbook,你发的那条命令是需要我在ks-installer/tree/master/roles/common/files目录下执行吗
在那个目录下执行结果如下:
# helm upgrade --install ks-redis ./redis-ha custom-values-redis.yaml --set fullnameOverride=redis-ha --namespace kubesphere-system
Error: This command needs 2 arguments: release name, chart path
from console.
leowucn
commented on May 28, 2024
@wansir 这个issue最开始部署的那个kubesphere是我修改了redis yaml配置后成功运行起来的,但是遇到了最前面无法登陆的问题
from console.
leowucn
commented on May 28, 2024
这个问题是我部署的nfs版本有问题,我最初部署的是nfs 2.2.2版本,部署Kubesphere一直有问题,升级到2.3.0再部署kubespehre就可以了。@wansir @zheng1 @leoendless
from console.
Related Issues (20)
- The new resource doesn't show if not refreshing the page.
- The "0" in the front of pvc autosizer input can not be deleted.. HOT 3
- 【BUG】在最新3.4版本中,所有容器组列表关于CPU和内存的图表都不见了。 HOT 5
- 【BUG】3.4版本中,日志接收器Router没有页面,显示空白。
- When creating a routing configuration rule, it cannot be successfully created when entering the routing rule path. HOT 3
- The API version not matched when set notification channel HOT 4
- Inconsistent style for panel in Network Isolation
- The Log Receivers page is blank HOT 1
- Storage Class translation mistakes
- The maximum value of the slider conflicts with the input value.
- 在3.2+版本中发现一个中文别字
- 构建console报错 HOT 2
- Will it open source the UI component library? HOT 1
- Devops项目中创建代码仓库窗口异常关闭
- Development Environment on Docker - "UnauthorizedError: Not Login" Error HOT 13
- typo: Maybe it should be "globalroles"
- 请问vscode国际化插件应该怎么配置
- Proposal: Make namespaced CRDs visiable under specific project
- error An unexpected error occurred: "https://registry.npm.taobao.org/react-input-autosize/download/react-input-autosize-3.0.0.tgz: certificate has expired" HOT 2
- Add Language Support for Korean HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from console.