Comments (17)
salt 会在登录页被请求时,由 node server 生产并写入登录页面和 ctx.session 中,如果使用 login api, 是没有 salt 的。
login 时不传 encrypt 可以跳过密码的混淆,直接传 username,password 即可。
from console.
我现在看到的情况是login时调用了login api,params对象中有encrypt字段,在随后的decryptPassword函数中,并没有对密码解密,于是params.password就有了加密后的密码,并且把这个加密密码传到了后端。请问这个是预期的吗
from console.
- 是在本地开发吗?
- 是在登录页面里点击登录的吗?
from console.
不是,是部署用来测试的,但是多集群部署后一直有问题,先是处理了redis问题,然后登陆页面就一直无法登陆。看了下代码,现在问题定位到代码那里了
from console.
多 master 集群 ctx.session 和 redis 相关,如果没有读到 session 的值的话,可能和 redis 有关。
redis 实例数量是一个吗
from console.
3个,pvc也是3个
from console.
NAME READY STATUS RESTARTS AGE
pod/ks-account-6c6895f8bf-pd5kd 1/1 Running 0 69m
pod/ks-apigateway-86ddd55945-txqmk 1/1 Running 0 31h
pod/ks-apiserver-7946fb66b-2qw7l 1/1 Running 0 31h
pod/ks-apiserver-7946fb66b-s8cnr 1/1 Running 0 31h
pod/ks-apiserver-7946fb66b-vxhvp 1/1 Running 0 31h
pod/ks-console-59d7997c8c-jjbm7 1/1 Running 0 91m
pod/ks-controller-manager-745d8c6dc7-5575l 1/1 Running 0 31h
pod/ks-controller-manager-745d8c6dc7-lh2k2 1/1 Running 0 31h
pod/ks-controller-manager-745d8c6dc7-swb4w 1/1 Running 0 31h
pod/ks-redis-redis-ha-server-0 2/2 Running 0 31h
pod/ks-redis-redis-ha-server-1 2/2 Running 0 31h
pod/ks-redis-redis-ha-server-2 2/2 Running 0 31h
pod/openldap-0 1/1 Running 0 31h
pod/redis-ha-haproxy-7d856799d5-drj9x 1/1 Running 0 31h
pod/redis-ha-haproxy-7d856799d5-nnjxz 1/1 Running 0 31h
pod/redis-ha-haproxy-7d856799d5-vsnkf 1/1 Running 0 31h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ks-account ClusterIP 10.106.40.219 <none> 80/TCP 36h
service/ks-apigateway NodePort 10.96.83.165 <none> 80:31128/TCP 32h
service/ks-apiserver ClusterIP 10.101.87.94 <none> 80/TCP 36h
service/ks-console NodePort 10.103.23.242 <none> 80:30880/TCP 36h
service/ks-redis-redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 36h
service/ks-redis-redis-ha-announce-0 ClusterIP 10.108.67.184 <none> 6379/TCP,26379/TCP 36h
service/ks-redis-redis-ha-announce-1 ClusterIP 10.109.238.81 <none> 6379/TCP,26379/TCP 36h
service/ks-redis-redis-ha-announce-2 ClusterIP 10.104.170.104 <none> 6379/TCP,26379/TCP 36h
service/openldap ClusterIP None <none> 389/TCP 36h
service/redis ClusterIP 10.110.249.3 <none> 6379/TCP 36h
service/redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 36h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ks-account 1/1 1 1 36h
deployment.apps/ks-apigateway 1/1 1 1 36h
deployment.apps/ks-apiserver 3/3 3 3 36h
deployment.apps/ks-console 1/1 1 1 36h
deployment.apps/ks-controller-manager 3/3 3 3 36h
deployment.apps/ks-installer 0/0 0 0 36h
deployment.apps/redis-ha-haproxy 3/3 3 3 36h
NAME DESIRED CURRENT READY AGE
replicaset.apps/ks-account-5566f6ffc7 0 0 0 7h53m
replicaset.apps/ks-account-5b8b7b5698 0 0 0 128m
replicaset.apps/ks-account-5d46cdfb4f 0 0 0 7h41m
replicaset.apps/ks-account-5d6cf96db 0 0 0 4h4m
replicaset.apps/ks-account-678b97b465 0 0 0 139m
replicaset.apps/ks-account-6966bd6f78 0 0 0 5h47m
replicaset.apps/ks-account-6c6895f8bf 1 1 1 69m
replicaset.apps/ks-account-7666947897 0 0 0 135m
replicaset.apps/ks-account-77c8dfc674 0 0 0 28h
replicaset.apps/ks-account-7cf584486f 0 0 0 5h34m
replicaset.apps/ks-account-8f597bcb6 0 0 0 8h
replicaset.apps/ks-apigateway-65b7cdff8d 0 0 0 32h
replicaset.apps/ks-apigateway-86ddd55945 1 1 1 31h
replicaset.apps/ks-apigateway-d6f89b96f 0 0 0 36h
replicaset.apps/ks-apiserver-576954d78d 0 0 0 32h
replicaset.apps/ks-apiserver-5dff5c594d 0 0 0 36h
replicaset.apps/ks-apiserver-7946fb66b 3 3 3 31h
replicaset.apps/ks-console-59d7997c8c 1 1 1 91m
replicaset.apps/ks-console-5c666c644 0 0 0 36h
replicaset.apps/ks-console-5d6696ffd 0 0 0 31h
replicaset.apps/ks-console-646dcfc674 0 0 0 115m
replicaset.apps/ks-console-65c7fbd7f 0 0 0 32h
replicaset.apps/ks-controller-manager-745d8c6dc7 3 3 3 31h
replicaset.apps/ks-controller-manager-779d9c6bbf 0 0 0 36h
replicaset.apps/ks-controller-manager-f7d9f78bd 0 0 0 32h
replicaset.apps/ks-installer-75d9d66745 0 0 0 36h
replicaset.apps/redis-ha-haproxy-7d856799d5 3 3 3 36h
NAME READY AGE
statefulset.apps/ks-redis-redis-ha-server 3/3 36h
statefulset.apps/openldap 1/1 36h
from console.
现在改的配置里其实是没有用到redis-ha-haproxy的
from console.
from console.
你好,这个环境是原先非高可用部署后来修改过去的吗?下面是正常的高可用部署情况下的配置
[root@master1 ~]# kubectl get replicasets.apps -n kubesphere-system
NAME DESIRED CURRENT READY AGE
etcd-5769d4997f 1 1 1 8h
ks-account-789cd8bbd5 3 3 3 8h
ks-apigateway-5664c4b76f 3 3 3 8h
ks-apiserver-75f468d48b 3 3 3 8h
ks-console-78bddc5bfb 3 3 3 8h
ks-controller-manager-d4788677 3 3 3 8h
ks-installer-7d9fb945c7 1 1 1 8h
minio-845b7bd867 1 1 1 8h
mysql-66df969d 1 1 1 8h
redis-ha-haproxy-ffb8d889d 3 3 3 8h
[root@master1 ~]# kubectl get deployments.apps -n kubesphere-system
NAME READY UP-TO-DATE AVAILABLE AGE
etcd 1/1 1 1 8h
ks-account 3/3 3 3 8h
ks-apigateway 3/3 3 3 8h
ks-apiserver 3/3 3 3 8h
ks-console 3/3 3 3 8h
ks-controller-manager 3/3 3 3 8h
ks-installer 1/1 1 1 8h
minio 1/1 1 1 8h
mysql 1/1 1 1 8h
redis-ha-haproxy 3/3 3 3 8h
其中 ks-account/ks-apigateway/ks-console
的replica应该为3,但是在你的环境中并不是
from console.
@zheng1 这个集群是多master集群,部署时默认就是高可用部署了。replica只是我为了方便看日志才修改为了1。等我重新部署下,再给你看看
from console.
@zheng1 @zryfish 刚重新部署完Kubesphere
ks-apigateway无法工作是因为redis服务不能正常工作。
NAME READY STATUS RESTARTS AGE
pod/ks-account-845d86f776-cq5qk 1/1 Running 0 36s
pod/ks-account-845d86f776-ljkhf 1/1 Running 0 36s
pod/ks-account-845d86f776-wssvs 1/1 Running 0 36s
pod/ks-apigateway-d6f89b96f-6f4xj 0/1 CrashLoopBackOff 2 43s
pod/ks-apigateway-d6f89b96f-dr6sq 0/1 CrashLoopBackOff 2 43s
pod/ks-apigateway-d6f89b96f-hp2nv 0/1 CrashLoopBackOff 2 43s
pod/ks-apiserver-5dff5c594d-7v8q9 1/1 Running 0 39s
pod/ks-apiserver-5dff5c594d-wh688 1/1 Running 0 39s
pod/ks-apiserver-5dff5c594d-wlbct 1/1 Running 0 39s
pod/ks-console-5c666c644-f9rgn 1/1 Running 0 29s
pod/ks-console-5c666c644-q64v8 1/1 Running 0 29s
pod/ks-console-5c666c644-sflj7 1/1 Running 0 29s
pod/ks-controller-manager-779d9c6bbf-c4qx9 1/1 Running 0 35s
pod/ks-controller-manager-779d9c6bbf-r7l7x 1/1 Running 0 35s
pod/ks-controller-manager-779d9c6bbf-rpcdw 1/1 Running 0 35s
pod/ks-installer-75d9d66745-5p9qt 1/1 Running 0 4m6s
pod/openldap-0 1/1 Running 0 94s
pod/openldap-1 1/1 Running 0 48s
pod/redis-ha-haproxy-7d856799d5-59n8n 1/1 Running 0 102s
pod/redis-ha-haproxy-7d856799d5-c6jdc 1/1 Running 0 102s
pod/redis-ha-haproxy-7d856799d5-xs84m 1/1 Running 0 102s
pod/redis-ha-server-0 0/2 Init:Error 4 102s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/ks-account ClusterIP 10.102.66.75 <none> 80/TCP 36s
service/ks-apigateway ClusterIP 10.96.249.159 <none> 80/TCP 43s
service/ks-apiserver ClusterIP 10.106.194.127 <none> 80/TCP 38s
service/ks-console NodePort 10.97.33.152 <none> 80:30880/TCP 25s
service/openldap ClusterIP None <none> 389/TCP 94s
service/redis ClusterIP 10.98.2.157 <none> 6379/TCP 102s
service/redis-ha ClusterIP None <none> 6379/TCP,26379/TCP 102s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/ks-account 3/3 3 3 36s
deployment.apps/ks-apigateway 0/3 3 0 43s
deployment.apps/ks-apiserver 3/3 3 3 39s
deployment.apps/ks-console 3/3 3 3 29s
deployment.apps/ks-controller-manager 3/3 3 3 35s
deployment.apps/ks-installer 1/1 1 1 4m7s
deployment.apps/redis-ha-haproxy 3/3 3 3 102s
NAME DESIRED CURRENT READY AGE
replicaset.apps/ks-account-845d86f776 3 3 3 36s
replicaset.apps/ks-apigateway-d6f89b96f 3 3 0 43s
replicaset.apps/ks-apiserver-5dff5c594d 3 3 3 39s
replicaset.apps/ks-console-5c666c644 3 3 3 29s
replicaset.apps/ks-controller-manager-779d9c6bbf 3 3 3 35s
replicaset.apps/ks-installer-75d9d66745 1 1 1 4m7s
replicaset.apps/redis-ha-haproxy-7d856799d5 3 3 3 102s
NAME READY AGE
statefulset.apps/openldap 2/2 94s
statefulset.apps/redis-ha-server 0/3 102s
redis-ha-server-0的初始化容器有报错,日志如下:
# klog -f pod/redis-ha-server-0 -c config-init
Could not connect to Redis at redis-ha:26379: Name does not resolve
Initializing config..
/readonly-config/init.sh: line 84: Could not resolve the announce ip for this pod: not found
看起来是redis-ha服务不通。
# kg pod --show-labels | grep redis
redis-ha-haproxy-7d856799d5-59n8n 1/1 Running 0 2m19s app=redis-ha-haproxy,pod-template-hash=7d856799d5,release=ks-redis
redis-ha-haproxy-7d856799d5-c6jdc 1/1 Running 0 2m19s app=redis-ha-haproxy,pod-template-hash=7d856799d5,release=ks-redis
redis-ha-haproxy-7d856799d5-xs84m 1/1 Running 0 2m19s app=redis-ha-haproxy,pod-template-hash=7d856799d5,release=ks-redis
redis-ha-server-0 0/2 Init:CrashLoopBackOff 4 2m19s app=redis-ha,controller-revision-hash=redis-ha-server-8665778747,release=ks-redis,statefulset.kubernetes.io/pod-name=redis-ha-server-0
# kg svc redis-ha -o yaml
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2020-03-01T02:54:51Z"
labels:
app: redis-ha
chart: redis-ha-3.9.0
heritage: Tiller
release: ks-redis
name: redis-ha
namespace: kubesphere-system
resourceVersion: "576954"
selfLink: /api/v1/namespaces/kubesphere-system/services/redis-ha
uid: 7596c5f9-9a84-489f-a986-b97da836b26d
spec:
clusterIP: None
ports:
- name: server
port: 6379
protocol: TCP
targetPort: redis
- name: sentinel
port: 26379
protocol: TCP
targetPort: sentinel
selector:
app: redis-ha
release: ks-redis
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
观察pod标签和svc selector,redis-ha服务能匹配到的pod只有redis-ha-server-0,但是redis-ha-server-0的初始化容器启动时就需要redis-ha服务可以访问,但是没有pod处于就绪状态,因为还在初始化容器步骤,这样就形成了死循环。
我之前给社区提出了这个issue,但是他们认为是dns有问题,我测试了一下当前命名空间的openldap服务
# kubectl run -i --rm --tty debug --image=busybox --restart=Never -- sh
If you don't see a command prompt, try pressing enter.
/ #
/ # ping openldap
PING openldap (10.244.0.3): 56 data bytes
64 bytes from 10.244.0.3: seq=0 ttl=62 time=0.335 ms
^C
--- openldap ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.335/0.335/0.335 ms
/ # telnet openldap 389
Connected to openldap
^C
这就说明dns没有问题。
from console.
from console.
可以对照这个 values.yaml 重新部署一下 redis,我看一些 service 都没有了。 或者直接使用单副本的redis,确保 redis.kubesphere-system.svc:6379 可以访问到redis
helm upgrade --install ks-redis ./redis-ha custom-values-redis.yaml --set fullnameOverride=redis-ha --namespace kubesphere-system
https://github.com/kubesphere/ks-installer/tree/master/roles/common/files/redis-ha
from console.
@wansir 我没用过Playbook,你发的那条命令是需要我在ks-installer/tree/master/roles/common/files
目录下执行吗
在那个目录下执行结果如下:
# helm upgrade --install ks-redis ./redis-ha custom-values-redis.yaml --set fullnameOverride=redis-ha --namespace kubesphere-system
Error: This command needs 2 arguments: release name, chart path
from console.
@wansir 这个issue最开始部署的那个kubesphere是我修改了redis yaml配置后成功运行起来的,但是遇到了最前面无法登陆的问题
from console.
这个问题是我部署的nfs版本有问题,我最初部署的是nfs 2.2.2版本,部署Kubesphere一直有问题,升级到2.3.0再部署kubespehre就可以了。@wansir @zheng1 @leoendless
from console.
Related Issues (20)
- The new resource doesn't show if not refreshing the page.
- The "0" in the front of pvc autosizer input can not be deleted.. HOT 3
- 【BUG】在最新3.4版本中,所有容器组列表关于CPU和内存的图表都不见了。 HOT 5
- 【BUG】3.4版本中,日志接收器Router没有页面,显示空白。
- When creating a routing configuration rule, it cannot be successfully created when entering the routing rule path. HOT 3
- The API version not matched when set notification channel HOT 4
- Inconsistent style for panel in Network Isolation
- The Log Receivers page is blank HOT 1
- Storage Class translation mistakes
- The maximum value of the slider conflicts with the input value.
- 在3.2+版本中发现一个中文别字
- 构建console报错 HOT 2
- Will it open source the UI component library? HOT 1
- Devops项目中创建代码仓库窗口异常关闭
- Development Environment on Docker - "UnauthorizedError: Not Login" Error HOT 13
- typo: Maybe it should be "globalroles"
- 请问vscode国际化插件应该怎么配置
- Proposal: Make namespaced CRDs visiable under specific project
- error An unexpected error occurred: "https://registry.npm.taobao.org/react-input-autosize/download/react-input-autosize-3.0.0.tgz: certificate has expired" HOT 2
- Add Language Support for Korean HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from console.