ceph uses normal users for ssh connections
DouBiquickrun opened this issue · comments
DouBiquickrun commented
My server is not allowed to remotely connect with the root user, so I use the option --ssh-user for my ubuntu user. However, I encountered such problems when I was cephadm bootstrap. I can ensure that my ubuntu user has the no-passwd sudo permission and ssh connection permission, here is my command: cephadm bootstrap --ssh-user ubuntu --mon-ip 192.168.1.91
- Bug Report
root@master01:~/kubernetes_cluster_v1.4# cephadm --image 192.168.1.91:5001/ceph:v17 bootstrap --ssh-user ubuntu --mon-ip 192.168.1.91 --config /tmp/temp/ ceph/initial-ceph.conf
Verifying ssh connectivity ...
Adding key to ubuntu@localhost authorized_keys...
Verifying podman|docker is present...
Verifying lvm2 is present...
Verifying time synchronization is in place...
Unit chrony.service is enabled and running
Repeating the final host check...
podman (/usr/bin/podman) version 3.4.4 is present
systemctl is present
lvcreate is present
Unit chrony.service is enabled and running
Host looks OK
Cluster fsid: f6d40f8f-1654-11ee-893c-1f722227a74d
Verifying IP 192.168.1.91 port 3300 ...
Verifying IP 192.168.1.91 port 6789 ...
Mon IP192.168.1.91
is in CIDR network192.168.1.0/24
Mon IP192.168.1.91
is in CIDR network192.168.1.0/24
Internal network (--cluster-network) has not been provided, OSD replication will default to the public_network
Pulling container image 192.168.1.91:5001/ceph:v17...
Ceph version: ceph version 17.2.5 (98318ae89f1a893a6ded3a640405cdbb33e08757) quincy (stable)
Extracting ceph user uid/gid from container image...
Creating initial keys...
Creating initial monmap...
Creating mon...
Waiting for mon to start...
Waiting for mon...
mon is available
Assimilating anything we can from ceph.conf...
Generating new minimal ceph.conf...
Restarting the monitor...
Setting mon public_network to 192.168.1.0/24
Wrote config to /etc/ceph/ceph.conf
Wrote keyring to /etc/ceph/ceph.client.admin.keyring
Creating mgr...
Verifying port 9283 ...
Waiting for mgr to start...
Waiting for mgr...
mgr not available, waiting (1/15)...
mgr not available, waiting (2/15)...
mgr not available, waiting (3/15)...
mgr is available
Enabling cephadm module...
Waiting for the mgr to restart...
Waiting for mgr epoch 5...
mgr epoch 5 is available
Setting orchestrator backend to cephadm...
Generating ssh key...
Wrote public SSH key to /etc/ceph/ceph.pub
Adding key to ubuntu@localhost authorized_keys...
Adding host master01...
Non-zero exit code 22 from /usr/bin/podman run --rm --ipc=host --stop-signal=SIGTERM --net=host --entrypoint /usr/bin/ceph --init -e CONTAINER_IMAGE=192. 168.1.91:5001/ceph:v17 -e NODE_NAME=master01 -e CEPH_USE_RANDOM_NONCE=1 -v /var/log/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d:/var/log/ceph:z -v /tmp/cep h-tmp5jhlt23e:/etc/ceph/ceph.client.admin.keyring:z -v /tmp/ceph-tmpmhyhhmfx:/etc/ceph/ceph.conf:z 192.168.1.91:5001/ceph:v17 orch host add master01 192. 168.1.91
/usr/bin/ceph: stderr Error EINVAL: check-host failed:
/usr/bin/ceph: stderr Unable to write master01:/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a959 4423cc105cafd9b4e: scp: /tmp/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a9594423cc105cafd9b4e.n ew: Permission denied
ERROR: Failed to add host : Failed command: /usr/bin/podman run --rm --ipc=host --stop-signal=SIGTERM --net=host --entrypoint /usr/bin/ceph --i nit -e CONTAINER_IMAGE=192.168.1.91:5001/ceph:v17 -e NODE_NAME=master01 -e CEPH_USE_RANDOM_NONCE=1 -v /var/log/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d: /var/log/ceph:z -v /tmp/ceph-tmp5jhlt23e:/etc/ceph/ceph.client.admin.keyring:z -v /tmp/ceph-tmpmhyhhmfx:/etc/ceph/ceph.conf:z 192.168.1.91:5001/ceph:v17 orch host add master01 192.168.1.91: Error EINVAL: check-host failed:
Unable to write master01:/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a9594423cc105cafd9b4e: scp : /tmp/var/lib/ceph/f6d40f8f-1654-11ee-893c-1f722227a74d/cephadm.059bfc99f5cf36ed881f2494b104711faf4cbf5fc86a9594423cc105cafd9b4e.new: Permission denied
What you expected to happen:
I don't know if the --ssh-user parameter is used correctly, or tell me how to configure the normal account correctly
How to reproduce it (minimal and precise):
use -ssh-user
Environment:
- OS (e.g. from /etc/os-release):Ubuntu 22.04.2
- Kernel (e.g.
uname -a
):Linux master01 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux - Docker version (e.g.
docker version
):podman version 3.4.4 - Ceph version (e.g.
ceph -v
):ceph version 17.2.5 (98318ae89f1a893a6ded3a640405cdbb33e08757) quincy (stable)