2.1版 openldap组件启动失败

ljk963

参考官方文档Multi-Node 模式在本地VMware中在线安装KubeSphere 2.1版本后 openldap 组件启动失败,导致控制台不能登录.
操作系统环境为 CentOS 7.7, 已全部关闭防火墙.

kubectl -n kubesphere-system get pods -o wide


kubectl -n kubesphere-system describe pod openldap-0 
Name:           openldap-0
Namespace:      kubesphere-system
Priority:       0
Node:           master/192.168.31.20
Start Time:     Wed, 13 Nov 2019 05:32:43 +0800
Labels:         app.kubernetes.io/instance=ks-openldap
                app.kubernetes.io/name=openldap-ha
                controller-revision-hash=openldap-5b89576789
                statefulset.kubernetes.io/pod-name=openldap-0
Annotations:    <none>
Status:         Running
IP:             10.233.70.4
Controlled By:  StatefulSet/openldap
Containers:
  openldap-ha:
    Container ID:  docker://eaef0d89f4ffbf82e8852d989c47211d5ace7d21e2f7f49ae960935ca392eae2
    Image:         osixia/openldap:1.3.0
    Image ID:      docker-pullable://osixia/openldap@sha256:cb3f5fea3c3203acddc3e6b8a70642a0f994d89be3ec5f0e50621b2a9ea17a83
    Port:          389/TCP
    Host Port:     0/TCP
    Args:
      --copy-service
      --loglevel=warning
    State:          Waiting
      Reason:       CrashLoopBackOff
    Last State:     Terminated
      Reason:       Error
      Exit Code:    1
      Started:      Wed, 13 Nov 2019 12:33:15 +0800
      Finished:     Wed, 13 Nov 2019 12:33:15 +0800
    Ready:          False
    Restart Count:  87
    Liveness:       tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
    Readiness:      tcp-socket :389 delay=30s timeout=1s period=15s #success=1 #failure=3
    Environment:
      LDAP_ORGANISATION:               kubesphere
      LDAP_DOMAIN:                     kubesphere.io
      LDAP_CONFIG_PASSWORD:            admin
      LDAP_ADMIN_PASSWORD:             admin
      LDAP_REPLICATION:                false
      LDAP_TLS:                        false
      LDAP_REMOVE_CONFIG_AFTER_SETUP:  true
      MY_POD_NAME:                     openldap-0 (v1:metadata.name)
      HOSTNAME:                        $(MY_POD_NAME).openldap
    Mounts:
      /etc/ldap/slapd.d from openldap-pvc (rw,path="ldap-config")
      /var/lib/ldap from openldap-pvc (rw,path="ldap-data")
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-svlbw (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             False 
  ContainersReady   False 
  PodScheduled      True 
Volumes:
  openldap-pvc:
    Type:       PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
    ClaimName:  openldap-pvc-openldap-0
    ReadOnly:   false
  default-token-svlbw:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-svlbw
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     CriticalAddonsOnly
                 node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason   Age                   From             Message
  ----     ------   ----                  ----             -------
  Normal   Pulled   30m (x83 over 7h5m)   kubelet, master  Container image "osixia/openldap:1.3.0" already present on machine
  Warning  BackOff  2s (x2039 over 7h5m)  kubelet, master  Back-off restarting failed container

hongming

ljk963 可以将 ldap 启动命令中 –loglevel=warning 改为–loglevel=debug 看看具体的错误是什么，另外问一下，用的什么存储类型呢

ljk963

hongming 存储是NFS

ljk963

hongming 日志改为debug
Start OpenLDAP... Waiting for OpenLDAP to start... 5dcbbbf0 @(#) $OpenLDAP: slapd (Jul 30 2019 16:24:19) $ Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> 5dcbbbf0 daemon: bind(8) failed errno=99 (Cannot assign requested address) 5dcbbbf0 mdb_db_open: database "dc=kubesphere,dc=io" cannot be opened: Input/output error (5). Restore from backup! 5dcbbbf0 backend_startup_one (type=mdb, suffix="dc=kubesphere,dc=io"): bi_db_open failed! (5) 5dcbbbf0 slapd stopped.

hongming

看错应该是读写权限的问题，可以把volume换成emptyDir验证一下

Cauchy

可以把nfs服务端的配置修改下试试 *(rw,insecure,sync,no_subtree_check,no_root_squash)

maomaoispan

Cauchy 这个起作用👍