登陆账户密码错误
[root@master ]# kubectl -n kubesphere-system logs -l app=ks-account
I0803 06:06:08.267726 1 im.go:448] auth failed jinchen@163.com LDAP Result Code 49 “Invalid Credentials”:
I0803 06:06:18.960533 1 im.go:448] auth failed jinchen@163.com LDAP Result Code 49 “Invalid Credentials”:
I0803 06:39:25.252572 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
I0803 06:39:45.084842 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
I0803 06:44:23.884000 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
I0803 06:44:55.792378 1 im.go:448] auth failed jinchen@163.com LDAP Result Code 49 “Invalid Credentials”:
I0803 06:48:36.156788 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
I0803 06:50:52.789203 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
I0803 06:52:42.712353 1 im.go:448] auth failed fuchangjie LDAP Result Code 49 “Invalid Credentials”:
I0803 07:18:44.050448 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:

[root@master ]# kubectl -n kubesphere-system logs -l app=ks-apigateway
2020/08/03 07:18:44 Unauthorized,no token found
E0803 07:18:44.148206 1 authenticate.go:170] signature is invalid
10.233.70.173 03/Aug/2020:07:18:44 +0000 GET /kapis/iam.kubesphere.io/v1alpha2/users/admin HTTP/1.1 401 17 0ms
2020/08/03 07:18:44 Unauthorized,signature is invalid
E0803 07:18:44.148524 1 authenticate.go:170] signature is invalid
2020/08/03 07:18:44 Unauthorized,signature is invalid
10.233.70.173 03/Aug/2020:07:18:44 +0000 GET /kapis/tenant.kubesphere.io/v1alpha2/workspaces HTTP/1.1 401 17 0ms
10.233.70.173 03/Aug/2020:07:18:44 +0000 GET /kapis/v1alpha1/configz HTTP/1.1 200 245 4ms
2020/08/03 07:18:44 Unauthorized,no token found
10.233.70.173 03/Aug/2020:07:18:44 +0000 GET /kapis/iam.kubesphere.io/v1alpha2/oauth/configs HTTP/1.1 401 17 0ms

api- gateway 和 accout 的secret设置是一样的,现在这问题怎么破,只能重新安装吗

[root@master ]# kubectl exec -n kubesphere-system ks-apigateway-64fc668896-r78cp env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ks-apigateway-64fc668896-r78cp
JWT_SECRET=BvDXH1wSu8clZWON8wQ2TlsmUzcmFKwiSYUtHpPPXLwNqO4h9LVM00bLzNPmED5M5MCNL6gadJrxh5Yjklrw4ckx6ko9HJ6f1uw

[root@master ]# kubectl exec -n kubesphere-system ks-account-676658dc59-r9crk env
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
HOSTNAME=ks-account-676658dc59-r9crk
KUBECTL_IMAGE=192.168.5.64:5000/astrolabe/kubectl:v1.0.0
JWT_SECRET=BvDXH1wSu8clZWON8wQ2TlsmUzcmFKwiSYUtHpPPXLwNqO4h9LVM00bLzNPmED5M5MCNL6gadJrxh5Yjklrw4ckx6ko9HJ6f1uw

貌似问题就在jwt 认证这里,怎么破。。。

  • huanggze 回复了此帖
  • hongming 行了。。。定位到了问题。。。自信满满的觉得前端没问题,console镜像被莫名其妙的换了,多谢多谢,找了半天问题,原来是console 有问题。。。。

    huanggze 我现在是密码没问题ldap里边能看到,pod运行状态正确,jwt_secret 环境变量设置一致

    jinchen
    I0803 07:18:44.050448 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
    这行错误是因为密码输错了
    E0803 07:18:44.148524 1 authenticate.go:170] signature is invalid
    这行错误是因为 secret 不一致,需要重新登录

    如果你自己修改过 secret 的话,需要重启一下 ks-apigatewayks-account

    kubectl -n kubesphere-system rollout restart deploy ks-apigateway ks-account

      hongming 我进入容器更改了默认密码,仍然不行

      / # packet='PUT /kapis/iam.kubesphere.io/v1alpha2/users/admin HTTP/1.1\r\nHost: ks-account.kubesphere-system.svc:9090\r\nUser-Agent: curl/7.54.0\r\nAccept: /\r\nContent-Type: application/json\r\
      nContent-Length: 105\r\n\r\n{“username”: “admin”,“email”:“admin@kubesphere.io”,“cluster_role”: “cluster-admin”,“password”:“P@88w0rd”}'; echo -ne $packet | nc ks-account.kubesphere-system.svc 80
      HTTP/1.1 200 OK
      Content-Type: application/json
      Date: Mon, 03 Aug 2020 08:45:54 GMT
      Content-Length: 287

      {
      “username”: “admin”,
      “email”: “admin@kubesphere.io”,
      “lang”: “zh”,
      “description”: “Administrator account that was always created by default.”,
      “create_time”: “2020-07-13T15:42:19Z”,
      “avatar_url”: "",
      “last_login_time”: “2020-08-03T02:38:12Z”,
      “status”: 0,
      “cluster_role”: ""
      }/ #

      现在定位不到为什么会用户密码认证失败

      今天早晨集群node1节点出现notready的状态,导致很多Pod 状态pending,然后mysql 和ldap都是pending,我将node1重启后,所有pod恢复正常,但是就出现了目前的无法登陆的情况,密码已经修改成默认了,jwt_secret没有改过,确认一致了,但是仍然无法解决,我并不想重新重装-,-

        hongming 容器里执行

        curl --location --request POST 'http://ks-apigateway.kubespehre.io/kapis/iam.kubesphere.io/v1alpha2/login' \
        --header 'Content-Type: application/json' \
        --data-raw '{
        	"username":"admin",
        	"password":"P@88w0rd"
        }'

        看看能不能正常登录,排除一下外部干扰因素,另外 ks-account 修改过配置吗

          hongming 对的

          [root@master ]# kubectl -n kubesphere-system logs -l app=ks-account
          W0803 08:31:54.098681 1 client_config.go:549] Neither –kubeconfig nor –master was specified. Using the inClusterConfig. This might not work.
          I0803 08:31:54.722202 1 server.go:113] Server listening on 0.0.0.0:9090
          I0803 08:32:19.799461 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
          I0803 08:45:10.456723 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:
          I0803 08:45:30.511364 1 im.go:448] auth failed admin LDAP Result Code 49 “Invalid Credentials”:

          而且,今天上午还登陆成功过,node1节点是中午午休出现的问题

          hongming accout配置的话改了登陆试错limit次数,我觉得这个应该不会影响吧。。。。然后容器内部的/bin/sh那么小,curl都没有,我从外部试试

          hongming 看样子好像是console有问题。。。。
          我在master节点获取到了acces_token

          curl -X POST http://192.168.5.64:30881/kapis/iam.kubesphere.io/v1alpha2/login -H ‘Content-Type: application/json’ -d ‘{“username”:“admin”,“password”:“P@88w0rd”}’
          {
          “access_token”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImFkbWluQGt1YmVzcGhlcmUuaW8iLCJpYXQiOjE1OTY0NDUyOTksInVzZXJuYW1lIjoiYWRtaW4ifQ.ZYfgHNc3l9hWa9T9GJTYKQ5_8xLHJZghiYqTljVTe3s”
          }

          [root@master ]# curl -X POST http://192.168.5.64:30881/kapis/iam.kubesphere.io/v1alpha2/login -H ‘Content-Type: application/json’ -d ‘{“username”:“jinchen”,“password”:“Jl920529″}’
          {
          “access_token”: “eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImppbmNoZW5AMTYzLmNvbSIsImlhdCI6MTU5NjQ0NTY2OSwidXNlcm5hbWUiOiJqaW5jaGVuIn0.tQ7vYU6wqB4vi-K19yHidIEmqFxcEfOz8Q-dNwH0ouM”
          }

          两个账户都可以获取到

          hongming 行了。。。定位到了问题。。。自信满满的觉得前端没问题,console镜像被莫名其妙的换了,多谢多谢,找了半天问题,原来是console 有问题。。。。

          • zyl 回复了此帖
            3 个月 后

            jinchen 大佬, 问题是怎么解决的啊,我也遇到了同样问题,我是关掉了kubesphere-logging-system 功能后,ks-account,ks-apigateway,ks-console 这3个容器重启了, 然后ldap里的用户就登不了?

              1 个月 后
              4 年 后