主页 / server / 问题

问题[debian-buster](server)

Martin Hope
Golide
Asked: 2022-01-30 07:05:35 +0800 CST
  • 1

当我运行时,kos kubectl get storageclass我注意到它没有被配置,我必须手动添加它。我不太确定确切的程序。[文档][https://docs.k0sproject.io/main/storage/] 说 k0s 安装了 OpenEBS。我不确定如何在配置文件中启用此扩展。

我现有的配置文件只有这个(我假设这应该是默认配置文件。这是正确的吗?):

spec:
  api:
    externalAddress

我已经运行k0s stop然后修改了配置文件如下:

spec:
  api:
    externalAddress
  extensions:
    storage:
      type: openebs_local_storage

在此配置更改之后,我仍然收到相同的错误,他们没有为集群找到存储类。我是否还需要重新安装/安装 k0s,我有点不确定,因为与链接中给出的示例相比,现有的 k0s.yaml 似乎只有很少的配置参数。

编辑:使用文档我已经开始生成一个使用现有默认设置的新 k0s.yaml。原来它覆盖了现有的 k0s.yaml(如上所示):我还对新的 yaml 文件进行了更改以生成此文件:

apiVersion: k0s.k0sproject.io/v1beta1
kind: ClusterConfig
metadata:
  creationTimestamp: null
  name: k0s
spec:
  api:
    address: 10.XXX.XXX.XXX
    k0sApiPort: 9443
    port: 6443
    sans:
    - 10.XX.XX.XXX
    - 172.XX.XX.XXX
    - 10.XX.XX.XXX
    - 10.XX.XX.XXX
    - fe80::XXX:XXX:XXX:XXX
    - fe80::XXX:XXX:XXX:XXX
    - fe80::XXX:XXX:XXX:XXX
    - fe80::XXX:XXX:XXX:XXX
    - fe80::XXX:XXX:XXX:XXX
    - fe80::XXX:XXX:XXX:XXX
    tunneledNetworkingMode: false
  controllerManager: {}
  extensions:
    helm:
      charts: null
      repositories: null
    storage:
      create_default_storage_class: true
      type: openebs_local_storage
  images:
    calico:
      cni:
        image: docker.io/calico/cni
        version: v3.21.2
      kubecontrollers:
        image: docker.io/calico/kube-controllers

在此更改之后,我继续重新安装集群(使用新配置):

k0s install controller -c /etc/k0s/k0s.yaml

但我现在收到一个错误:

Error: failed to install k0s service: failed to install service: Init already exists: /etc/systemd/system/k0scontroller.service
kubernetes debian-buster
Martin Hope
Tom Atix
Asked: 2021-12-08 08:53:41 +0800 CST
  • 0

我的 Debian 10 系统出现随机死机,这迫使我使用电源按钮将其关闭以执行任何操作。在过去的几周里,这些冻结一再发生。

输出uname -a

Linux debian 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux

硬件:Threadripper 2970 WX、32GB G Skill F4-3200C1 RAM、微星 MEG X399 Creation 主板

磁盘:1TB Samsung SSD(家庭磁盘,由 LVM 管理);4TB WD RED(通过 UUID 安装);3x 8TB Seagate Ironwolf(由 LVM 管理)

系统上运行的特殊软件:KVM

我已经尝试过的:

  • 使用反向移植将内核更新到 5.10
  • Memtest86(目前已经运行了 6 个小时,目前没有错误)
  • 检查日志文件(到目前为止还没有帮助我)
  • 安装kdump-tools(在冻结时不触发)
  • CPU 以 100% 压力测试一小时(没有冻结。注意:在冻结期间,CPU 仅在大部分时间以 5% 运行,并且还有大量可用 RAM)。

系统日志:

Dec  4 11:54:12 debian systemd[1]: bacula-director.service: Service RestartSec=1min expired, scheduling restart.
Dec  4 11:54:12 debian systemd[1]: bacula-director.service: Scheduled restart job, restart counter is at 1783.
Dec  4 11:54:12 debian systemd[1]: Stopped Bacula Director Daemon service.
Dec  4 11:54:12 debian systemd[1]: Starting Bacula Director Daemon service...
Dec  4 11:54:42 debian bacula-dir[124998]: bacula-dir: dird.c:1229-0 Could not open Catalog "MyCatalog", database "XXX_DBNAME_XXX".
Dec  4 11:54:42 debian bacula-dir[124998]: bacula-dir: dird.c:1234-0 postgresql.c:332 Unable to connect to PostgreSQL server. Database=XXX_DBNAME_XXX User=XXX_DBUSER_XXX
Dec  4 11:54:42 debian bacula-dir[124998]: Possible causes: SQL server not running; password incorrect; max_connections exceeded.
Dec  4 11:54:42 debian bacula-dir[124998]: 04-Dec 11:54 bacula-dir ERROR TERMINATION
Dec  4 11:54:42 debian bacula-dir[124998]: Please correct configuration file: /etc/bacula/bacula-dir.conf
Dec  4 11:54:42 debian systemd[1]: bacula-director.service: Control process exited, code=exited, status=1/FAILURE
Dec  4 11:54:42 debian systemd[1]: bacula-director.service: Failed with result 'exit-code'.
Dec  4 11:54:42 debian systemd[1]: Failed to start Bacula Director Daemon service.
Dec  4 11:55:01 debian CRON[125097]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Dec  4 11:55:23 debian NetworkManager[1494]: <info>  [1638636923.5313] device (wlp5s0): set-hw-addr: set MAC address to 76:22:F8:22:9D:00 (scanning)
Dec  4 11:55:23 debian kernel: [161004.635913] IPv6: ADDRCONF(NETDEV_UP): wlp5s0: link is not ready
Dec  4 11:55:23 debian NetworkManager[1494]: <info>  [1638636923.6007] device (wlp5s0): supplicant interface state: inactive -> disconnected
Dec  4 11:55:23 debian NetworkManager[1494]: <info>  [1638636923.6058] device (wlp5s0): supplicant interface state: disconnected -> inactive
Dec  4 11:55:23 debian wpa_supplicant[1493]: wlp5s0: Reject scan trigger since one is already pending
Dec  4 11:55:42 debian systemd[1]: bacula-director.service: Service RestartSec=1min expired, scheduling restart.
Dec  4 11:55:42 debian systemd[1]: bacula-director.service: Scheduled restart job, restart counter is at 1784.
Dec  4 11:55:42 debian systemd[1]: Stopped Bacula Director Daemon service.
Dec  4 11:55:42 debian systemd[1]: Starting Bacula Director Daemon service...
Dec  4 11:56:00 debian libvirtd[1750]: internal error: End of file from qemu monitor
Dec  4 11:56:01 debian kernel: [161042.914669] audit: type=1400 audit(1638636961.809:55): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="libvirt-4c626220-3780-4f2f-b2f1-0da779a85f8f" pid=125291 comm="apparmor_parser"
Dec  4 11:56:01 debian avahi-daemon[1487]: Interface macvtap2.IPv6 no longer relevant for mDNS.
Dec  4 11:56:01 debian avahi-daemon[1487]: Leaving mDNS multicast group on interface macvtap2.IPv6 with address fe80::5054:ff:fe7e:8739.
Dec  4 11:56:01 debian avahi-daemon[1487]: Withdrawing address record for fe80::5054:ff:fe7e:8739 on macvtap2.
Dec  4 11:56:08 debian kernel: [161050.046357] audit: type=1400 audit(1638636968.942:56): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125301 comm="apparmor_parser"
Dec  4 11:56:09 debian kernel: [161050.203334] audit: type=1400 audit(1638636969.098:57): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125304 comm="apparmor_parser"
Dec  4 11:56:09 debian kernel: [161050.336065] audit: type=1400 audit(1638636969.230:58): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125307 comm="apparmor_parser"
Dec  4 11:56:09 debian kernel: [161050.485278] audit: type=1400 audit(1638636969.378:59): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125310 comm="apparmor_parser"
Dec  4 11:56:09 debian kernel: [161050.492080] virbr1: port 2(vnet0) entered blocking state
Dec  4 11:56:09 debian kernel: [161050.492081] virbr1: port 2(vnet0) entered disabled state
Dec  4 11:56:09 debian kernel: [161050.492140] device vnet0 entered promiscuous mode
Dec  4 11:56:09 debian kernel: [161050.492304] virbr1: port 2(vnet0) entered blocking state
Dec  4 11:56:09 debian kernel: [161050.492306] virbr1: port 2(vnet0) entered listening state
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.3920] manager: (vnet0): new Tun device (/org/freedesktop/NetworkManager/Devices/20)
Dec  4 11:56:09 debian systemd-udevd[125312]: Using default interface naming scheme 'v240'.
Dec  4 11:56:09 debian systemd-udevd[125312]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4246] device (vnet0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4286] keyfile: add connection /run/NetworkManager/system-connections/vnet0.nmconnection (db2c5b63-ff10-4b2d-8690-c6d5b484cb6d,"vnet0")
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4309] device (vnet0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4318] device (vnet0): Activation: starting connection 'vnet0' (db2c5b63-ff10-4b2d-8690-c6d5b484cb6d)
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4319] device (vnet0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4323] device (vnet0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4325] device (vnet0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4327] device (virbr1): bridge port vnet0 was attached
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4327] device (vnet0): Activation: connection 'vnet0' enslaved, continuing activation
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4329] device (vnet0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4396] device (vnet0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4400] device (vnet0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.4505] device (vnet0): Activation: successful, device activated.
Dec  4 11:56:09 debian dbus-daemon[1491]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.7' (uid=0 pid=1494 comm="/usr/sbin/NetworkManager --no-daemon ")
Dec  4 11:56:09 debian systemd[1]: Starting Network Manager Script Dispatcher Service...
Dec  4 11:56:09 debian dbus-daemon[1491]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Dec  4 11:56:09 debian systemd[1]: Started Network Manager Script Dispatcher Service.
Dec  4 11:56:09 debian nm-dispatcher: req:1 'up' [vnet0]: new request (1 scripts)
Dec  4 11:56:09 debian nm-dispatcher: req:1 'up' [vnet0]: start running ordered scripts...
Dec  4 11:56:09 debian kernel: [161050.633003] audit: type=1400 audit(1638636969.526:60): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125320 comm="apparmor_parser"
Dec  4 11:56:09 debian systemd-udevd[125321]: Using default interface naming scheme 'v240'.
Dec  4 11:56:09 debian kernel: [161050.635853] virbr2: port 2(vnet1) entered blocking state
Dec  4 11:56:09 debian kernel: [161050.635856] virbr2: port 2(vnet1) entered disabled state
Dec  4 11:56:09 debian kernel: [161050.635976] device vnet1 entered promiscuous mode
Dec  4 11:56:09 debian kernel: [161050.636217] virbr2: port 2(vnet1) entered blocking state
Dec  4 11:56:09 debian kernel: [161050.636219] virbr2: port 2(vnet1) entered listening state
Dec  4 11:56:09 debian systemd-udevd[125321]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5352] manager: (vnet1): new Tun device (/org/freedesktop/NetworkManager/Devices/21)
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5510] device (vnet1): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5534] keyfile: add connection /run/NetworkManager/system-connections/vnet1.nmconnection (468ebb82-a253-4d81-a54c-911564d3f4d0,"vnet1")
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5541] device (vnet1): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5549] device (vnet1): Activation: starting connection 'vnet1' (468ebb82-a253-4d81-a54c-911564d3f4d0)
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5550] device (vnet1): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5555] device (vnet1): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5558] device (vnet1): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5559] device (virbr2): bridge port vnet1 was attached
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5560] device (vnet1): Activation: connection 'vnet1' enslaved, continuing activation
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5561] device (vnet1): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5567] device (vnet1): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5570] device (vnet1): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:09 debian NetworkManager[1494]: <info>  [1638636969.5648] device (vnet1): Activation: successful, device activated.
Dec  4 11:56:09 debian nm-dispatcher: req:2 'up' [vnet1]: new request (1 scripts)
Dec  4 11:56:09 debian nm-dispatcher: req:2 'up' [vnet1]: start running ordered scripts...
Dec  4 11:56:09 debian kernel: [161050.792545] audit: type=1400 audit(1638636969.686:61): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125367 comm="apparmor_parser"
Dec  4 11:56:09 debian libvirtd[1750]: Domain id=6 name='Whonix-Gateway' uuid=e9b93fae-7ee0-4096-b496-208aa0be517a is tainted: host-cpu
Dec  4 11:56:10 debian avahi-daemon[1487]: Joining mDNS multicast group on interface vnet0.IPv6 with address fe80::fc54:ff:fe05:b4b9.
Dec  4 11:56:10 debian avahi-daemon[1487]: New relevant interface vnet0.IPv6 for mDNS.
Dec  4 11:56:10 debian avahi-daemon[1487]: Registering new address record for fe80::fc54:ff:fe05:b4b9 on vnet0.*.
Dec  4 11:56:10 debian avahi-daemon[1487]: Joining mDNS multicast group on interface vnet1.IPv6 with address fe80::fc54:ff:fe06:4a00.
Dec  4 11:56:10 debian avahi-daemon[1487]: New relevant interface vnet1.IPv6 for mDNS.
Dec  4 11:56:10 debian avahi-daemon[1487]: Registering new address record for fe80::fc54:ff:fe06:4a00 on vnet1.*.
Dec  4 11:56:11 debian kernel: [161052.517316] virbr1: port 2(vnet0) entered learning state
Dec  4 11:56:11 debian kernel: [161052.645328] virbr2: port 2(vnet1) entered learning state
Dec  4 11:56:12 debian kernel: [161053.267983] audit: type=1400 audit(1638636972.162:62): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-a9008a46-7469-47fc-8bcc-4449ae8f2ee8" pid=125417 comm="apparmor_parser"
Dec  4 11:56:12 debian kernel: [161053.446910] audit: type=1400 audit(1638636972.342:63): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-a9008a46-7469-47fc-8bcc-4449ae8f2ee8" pid=125420 comm="apparmor_parser"
Dec  4 11:56:12 debian bacula-dir[125155]: bacula-dir: dird.c:1229-0 Could not open Catalog "MyCatalog", database "XXX_DBNAME_XXX".
Dec  4 11:56:12 debian bacula-dir[125155]: bacula-dir: dird.c:1234-0 postgresql.c:332 Unable to connect to PostgreSQL server. Database=XXX_DBNAME_XXX User=XXX_DBUSER_XXX
Dec  4 11:56:12 debian bacula-dir[125155]: Possible causes: SQL server not running; password incorrect; max_connections exceeded.
Dec  4 11:56:12 debian bacula-dir[125155]: 04-Dec 11:56 bacula-dir ERROR TERMINATION
Dec  4 11:56:12 debian bacula-dir[125155]: Please correct configuration file: /etc/bacula/bacula-dir.conf
Dec  4 11:56:12 debian systemd[1]: bacula-director.service: Control process exited, code=exited, status=1/FAILURE
Dec  4 11:56:12 debian systemd[1]: bacula-director.service: Failed with result 'exit-code'.
Dec  4 11:56:12 debian systemd[1]: Failed to start Bacula Director Daemon service.
Dec  4 11:56:12 debian kernel: [161053.582800] audit: type=1400 audit(1638636972.478:64): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-a9008a46-7469-47fc-8bcc-4449ae8f2ee8" pid=125423 comm="apparmor_parser"
Dec  4 11:56:12 debian kernel: [161053.721423] audit: type=1400 audit(1638636972.618:65): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-a9008a46-7469-47fc-8bcc-4449ae8f2ee8" pid=125426 comm="apparmor_parser"
Dec  4 11:56:12 debian kernel: [161053.729968] virbr2: port 3(vnet2) entered blocking state
Dec  4 11:56:12 debian kernel: [161053.729971] virbr2: port 3(vnet2) entered disabled state
Dec  4 11:56:12 debian kernel: [161053.730078] device vnet2 entered promiscuous mode
Dec  4 11:56:12 debian kernel: [161053.730368] virbr2: port 3(vnet2) entered blocking state
Dec  4 11:56:12 debian kernel: [161053.730370] virbr2: port 3(vnet2) entered listening state
Dec  4 11:56:12 debian systemd-udevd[125321]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6296] manager: (vnet2): new Tun device (/org/freedesktop/NetworkManager/Devices/22)
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6448] device (vnet2): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6475] keyfile: add connection /run/NetworkManager/system-connections/vnet2.nmconnection (efc91c6d-6f2c-46db-a731-12e0e3dd38b6,"vnet2")
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6484] device (vnet2): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6493] device (vnet2): Activation: starting connection 'vnet2' (efc91c6d-6f2c-46db-a731-12e0e3dd38b6)
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6514] device (vnet2): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6519] device (vnet2): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6522] device (vnet2): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6524] device (virbr2): bridge port vnet2 was attached
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6524] device (vnet2): Activation: connection 'vnet2' enslaved, continuing activation
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6526] device (vnet2): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6531] device (vnet2): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6533] device (vnet2): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
Dec  4 11:56:12 debian NetworkManager[1494]: <info>  [1638636972.6636] device (vnet2): Activation: successful, device activated.
Dec  4 11:56:12 debian nm-dispatcher: req:3 'up' [vnet2]: new request (1 scripts)
Dec  4 11:56:12 debian nm-dispatcher: req:3 'up' [vnet2]: start running ordered scripts...
Dec  4 11:56:12 debian libvirtd[1750]: Domain id=7 name='kaliwhonix' uuid=a9008a46-7469-47fc-8bcc-4449ae8f2ee8 is tainted: host-cpu
Dec  4 11:56:13 debian NetworkManager[1494]: <info>  [1638636973.4320] device (virbr1): carrier: link connected
Dec  4 11:56:13 debian kernel: [161054.533233] virbr1: port 2(vnet0) entered forwarding state
Dec  4 11:56:13 debian kernel: [161054.533235] virbr1: topology change detected, propagating
Dec  4 11:56:13 debian NetworkManager[1494]: <info>  [1638636973.5601] device (virbr2): carrier: link connected
Dec  4 11:56:13 debian kernel: [161054.661230] virbr2: port 2(vnet1) entered forwarding state
Dec  4 11:56:13 debian kernel: [161054.661233] virbr2: topology change detected, propagating
Dec  4 11:56:14 debian avahi-daemon[1487]: Joining mDNS multicast group on interface vnet2.IPv6 with address fe80::fc54:ff:fe55:218.
Dec  4 11:56:14 debian avahi-daemon[1487]: New relevant interface vnet2.IPv6 for mDNS.
Dec  4 11:56:14 debian avahi-daemon[1487]: Registering new address record for fe80::fc54:ff:fe55:218 on vnet2.*.
Dec  4 11:56:14 debian kernel: [161055.749233] virbr2: port 3(vnet2) entered learning state
Dec  4 11:56:16 debian kernel: [161057.765144] virbr2: port 3(vnet2) entered forwarding state
Dec  4 11:56:16 debian kernel: [161057.765146] virbr2: topology change detected, propagating
Dec  4 11:56:22 debian systemd[1]: NetworkManager-dispatcher.service: Succeeded.
Dec  4 11:57:12 debian systemd[1]: bacula-director.service: Service RestartSec=1min expired, scheduling restart.
Dec  4 11:57:12 debian systemd[1]: bacula-director.service: Scheduled restart job, restart counter is at 1785.
Dec  4 11:57:12 debian systemd[1]: Stopped Bacula Director Daemon service.
Dec  4 11:57:12 debian systemd[1]: Starting Bacula Director Daemon service...
Dec  4 11:57:42 debian bacula-dir[125609]: bacula-dir: dird.c:1229-0 Could not open Catalog "MyCatalog", database "XXX_DBNAME_XXX".
Dec  4 11:57:42 debian bacula-dir[125609]: bacula-dir: dird.c:1234-0 postgresql.c:332 Unable to connect to PostgreSQL server. Database=XXX_DBNAME_XXX User=XXX_DBUSER_XXX
Dec  4 11:57:42 debian bacula-dir[125609]: Possible causes: SQL server not running; password incorrect; max_connections exceeded.
Dec  4 11:57:42 debian bacula-dir[125609]: 04-Dec 11:57 bacula-dir ERROR TERMINATION
Dec  4 11:57:42 debian bacula-dir[125609]: Please correct configuration file: /etc/bacula/bacula-dir.conf
Dec  4 11:57:42 debian systemd[1]: bacula-director.service: Control process exited, code=exited, status=1/FAILURE
Dec  4 11:57:42 debian systemd[1]: bacula-director.service: Failed with result 'exit-code'.
Dec  4 11:57:42 debian systemd[1]: Failed to start Bacula Director Daemon service.
Dec  4 11:58:28 debian avahi-daemon[1487]: Interface vnet2.IPv6 no longer relevant for mDNS.
Dec  4 11:58:28 debian avahi-daemon[1487]: Leaving mDNS multicast group on interface vnet2.IPv6 with address fe80::fc54:ff:fe55:218.
Dec  4 11:58:28 debian kernel: [161189.530902] virbr2: port 3(vnet2) entered disabled state
Dec  4 11:58:28 debian kernel: [161189.532432] device vnet2 left promiscuous mode
Dec  4 11:58:28 debian kernel: [161189.532438] virbr2: port 3(vnet2) entered disabled state
Dec  4 11:58:28 debian avahi-daemon[1487]: Withdrawing address record for fe80::fc54:ff:fe55:218 on vnet2.
Dec  4 11:58:28 debian NetworkManager[1494]: <info>  [1638637108.4738] device (vnet2): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Dec  4 11:58:28 debian NetworkManager[1494]: <info>  [1638637108.4739] device (virbr2): bridge port vnet2 was detached
Dec  4 11:58:28 debian NetworkManager[1494]: <info>  [1638637108.4740] device (vnet2): released from master device virbr2
Dec  4 11:58:28 debian dbus-daemon[1491]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.7' (uid=0 pid=1494 comm="/usr/sbin/NetworkManager --no-daemon ")
Dec  4 11:58:28 debian systemd[1]: Starting Network Manager Script Dispatcher Service...
Dec  4 11:58:28 debian dbus-daemon[1491]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Dec  4 11:58:28 debian systemd[1]: Started Network Manager Script Dispatcher Service.
Dec  4 11:58:28 debian nm-dispatcher: req:1 'down' [vnet2]: new request (1 scripts)
Dec  4 11:58:28 debian nm-dispatcher: req:1 'down' [vnet2]: start running ordered scripts...
Dec  4 11:58:28 debian libvirtd[1750]: internal error: End of file from qemu monitor
Dec  4 11:58:28 debian kernel: [161189.955670] kauditd_printk_skb: 1 callbacks suppressed
Dec  4 11:58:28 debian kernel: [161189.955672] audit: type=1400 audit(1638637108.854:67): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="libvirt-a9008a46-7469-47fc-8bcc-4449ae8f2ee8" pid=125761 comm="apparmor_parser"
Dec  4 11:58:33 debian avahi-daemon[1487]: Interface vnet0.IPv6 no longer relevant for mDNS.
Dec  4 11:58:33 debian avahi-daemon[1487]: Leaving mDNS multicast group on interface vnet0.IPv6 with address fe80::fc54:ff:fe05:b4b9.
Dec  4 11:58:33 debian kernel: [161194.626365] virbr1: port 2(vnet0) entered disabled state
Dec  4 11:58:33 debian kernel: [161194.627405] device vnet0 left promiscuous mode
Dec  4 11:58:33 debian kernel: [161194.627410] virbr1: port 2(vnet0) entered disabled state
Dec  4 11:58:33 debian avahi-daemon[1487]: Withdrawing address record for fe80::fc54:ff:fe05:b4b9 on vnet0.
Dec  4 11:58:33 debian NetworkManager[1494]: <info>  [1638637113.5705] device (vnet0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Dec  4 11:58:33 debian NetworkManager[1494]: <info>  [1638637113.5706] device (virbr1): bridge port vnet0 was detached
Dec  4 11:58:33 debian NetworkManager[1494]: <info>  [1638637113.5706] device (vnet0): released from master device virbr1
Dec  4 11:58:33 debian nm-dispatcher: req:2 'down' [vnet0]: new request (1 scripts)
Dec  4 11:58:33 debian nm-dispatcher: req:2 'down' [vnet0]: start running ordered scripts...
Dec  4 11:58:33 debian avahi-daemon[1487]: Interface vnet1.IPv6 no longer relevant for mDNS.
Dec  4 11:58:33 debian avahi-daemon[1487]: Leaving mDNS multicast group on interface vnet1.IPv6 with address fe80::fc54:ff:fe06:4a00.
Dec  4 11:58:33 debian kernel: [161194.709691] virbr2: port 2(vnet1) entered disabled state
Dec  4 11:58:33 debian kernel: [161194.711157] device vnet1 left promiscuous mode
Dec  4 11:58:33 debian kernel: [161194.711160] virbr2: port 2(vnet1) entered disabled state
Dec  4 11:58:33 debian avahi-daemon[1487]: Withdrawing address record for fe80::fc54:ff:fe06:4a00 on vnet1.
Dec  4 11:58:33 debian NetworkManager[1494]: <info>  [1638637113.6504] device (vnet1): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
Dec  4 11:58:33 debian NetworkManager[1494]: <info>  [1638637113.6505] device (virbr2): bridge port vnet1 was detached
Dec  4 11:58:33 debian NetworkManager[1494]: <info>  [1638637113.6506] device (vnet1): released from master device virbr2
Dec  4 11:58:33 debian nm-dispatcher: req:3 'down' [vnet1]: new request (1 scripts)
Dec  4 11:58:33 debian nm-dispatcher: req:3 'down' [vnet1]: start running ordered scripts...
Dec  4 11:58:33 debian libvirtd[1750]: internal error: End of file from qemu monitor
Dec  4 11:58:34 debian kernel: [161195.162429] audit: type=1400 audit(1638637114.062:68): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="libvirt-e9b93fae-7ee0-4096-b496-208aa0be517a" pid=125798 comm="apparmor_parser"
Dec  4 11:58:38 debian kernel: [161200.026312] audit: type=1400 audit(1638637118.926:69): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-bc32a202-4a7e-45ca-a2f3-e55e78ef8998" pid=125805 comm="apparmor_parser"
Dec  4 11:58:39 debian kernel: [161200.177640] audit: type=1400 audit(1638637119.078:70): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-bc32a202-4a7e-45ca-a2f3-e55e78ef8998" pid=125808 comm="apparmor_parser"
Dec  4 11:58:39 debian kernel: [161200.327978] audit: type=1400 audit(1638637119.226:71): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-bc32a202-4a7e-45ca-a2f3-e55e78ef8998" pid=125811 comm="apparmor_parser"
Dec  4 11:58:39 debian kernel: [161200.475333] audit: type=1400 audit(1638637119.374:72): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-bc32a202-4a7e-45ca-a2f3-e55e78ef8998" pid=125814 comm="apparmor_parser"
Dec  4 11:58:39 debian NetworkManager[1494]: <info>  [1638637119.3855] manager: (macvtap2): new Macvlan device (/org/freedesktop/NetworkManager/Devices/23)
Dec  4 11:58:39 debian systemd-udevd[125816]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Dec  4 11:58:39 debian systemd-udevd[125816]: Using default interface naming scheme 'v240'.
Dec  4 11:58:39 debian kernel: [161200.621739] audit: type=1400 audit(1638637119.522:73): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-bc32a202-4a7e-45ca-a2f3-e55e78ef8998" pid=125826 comm="apparmor_parser"
Dec  4 11:58:39 debian NetworkManager[1494]: <info>  [1638637119.6625] device (macvtap2): carrier: link connected
Dec  4 11:58:41 debian avahi-daemon[1487]: Joining mDNS multicast group on interface macvtap2.IPv6 with address fe80::5054:ff:fe7c:a067.
Dec  4 11:58:41 debian avahi-daemon[1487]: New relevant interface macvtap2.IPv6 for mDNS.
Dec  4 11:58:41 debian avahi-daemon[1487]: Registering new address record for fe80::5054:ff:fe7c:a067 on macvtap2.*.
Dec  4 11:58:42 debian systemd[1]: bacula-director.service: Service RestartSec=1min expired, scheduling restart.
Dec  4 11:58:42 debian systemd[1]: bacula-director.service: Scheduled restart job, restart counter is at 1786.
Dec  4 11:58:42 debian systemd[1]: Stopped Bacula Director Daemon service.
Dec  4 11:58:42 debian systemd[1]: Starting Bacula Director Daemon service...
Dec  4 11:58:43 debian systemd[1]: NetworkManager-dispatcher.service: Succeeded.

我还发现:

https://superuser.com/questions/954262/why-do-damaged-hard-drives-freeze-the-entire-system

也许是磁盘造成的?冻结发生在大量磁盘 IO 期间(我正在开发的服务正在写入大量数据)。我订购了一些 PCIe SATA 控制器来尝试将外部磁盘插入与主磁盘不同的控制器中。我还能做些什么来解决这个问题吗?

smartctl -a在磁盘上运行,他们没有指出任何死驱动器。我宁愿假设这些错误只是所有这些 IO 请求中的小故障,如果它没有冻结整个系统,这将不是什么大问题。

我不能一个接一个地拔掉硬件,看看会发生什么(有时这些冻结会在一小时后发生,有时是一天,有时是一周。该服务需要外部磁盘才能正常运行,所以我必须关闭所有东西几周调试。我希望有另一种方法来找出问题所在)。

非常感谢任何帮助。

hard-drive debian kvm-virtualization debian-buster freeze
Martin Hope
user110971
Asked: 2021-10-25 20:35:24 +0800 CST
  • 0

我有一个配置了用户密码登录的 Postfix / Dovecot / MySQL 电子邮件服务器。除了 Dovecot 没有将链 CA 文件发送到客户端之外,一切正常。我有

ssl_cert = </etc/apache2/ssl/apache.crt
ssl_key = </etc/apache2/ssl/apache.key
ssl_ca = </etc/apache2/ssl/apache.pem

在我的 /etc/dovecot/conf.d/10-ssl.conf 中。但是,不会发送 CA 文件。

openssl s_client -connect server.com:143 -starttls imap
CONNECTED(00000003)
depth=0 CN = server.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = server.com
verify error:num=21:unable to verify the first certificate
verify return:1
...

如果我添加ssl_verify_client_cert = yes,一切正常。

openssl s_client -connect server.com:143 -starttls imap
CONNECTED(00000003)
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", OU = http://certs.starfieldtech.com/repository/, CN = Starfield Secure Certificate Authority - G2
verify return:1
depth=0 CN = server.com
verify return:1

我没有使用客户端证书授权。我是否误解了 Dovecot 配置或者这是预期的行为?我应该这样离开吗?

debian dovecot debian-buster
Martin Hope
user371793
Asked: 2021-09-03 09:07:59 +0800 CST
  • 2

问题

如何使用 firewalld 将特权子 1024 端口转发到非特权 1024+ 端口?

原因

我们为什么要这样做?我们希望能够切换网关上的非特权 1050 端口并使用不同的上游邮件服务器。例如,要测试不同的垃圾邮件解决方案,请使用端口 1051 将邮件发送到具有不同垃圾邮件过滤解决方案的不同邮件服务器。

邮件服务器在启动时会自动连接到网关。自动连接只能发生在 1024+ 的非特权端口上。

布局和设置

布局

+--------+         +---------------------+         +----------------+
|  WAN   |         |                1050 | <-      |                |
| Client |         |       Gateway       |    \    |   Mail Server  |
|        |  <--->  | 25                  |      -> | 25             |
+--------+         +---------------------+         +----------------+

设置防火墙

清除防火墙,打开端口,设置端口转发,添加几个服务。

root@gateway:~# firewall-cmd --reload
root@gateway:~# firewall-cmd --zone=public --add-port=25/tcp
root@gateway:~# firewall-cmd --zone=public --add-forward-port=port=25:proto=tcp:toport=1050
root@gateway:~# firewall-cmd --add-service={http,https,smtp}

验证防火墙

确认防火墙设置...

root@gateway:~# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: etho0
  sources: 
  services: dhcpv6-client http https smtp ssh
  ports: 25/tcp
  protocols: 
  masquerade: no
  forward-ports: port=25:proto=tcp:toport=1050:toaddr=
  source-ports: 
  icmp-blocks: 
  rich rules:

这是我们期望在防火墙规则中看到的。

结果

这是我们在网关上远程登录上游邮件服务器时得到的...

root@gateway:~# telnet localhost 1050
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 debian10email.debian10email ESMTP Postfix (Debian/GNU)

这是我们从远程客户端机器上得到的......

client@client123:~$ telnet gateway.example.org 25
Trying <IP_of_gateway>...
Connected to gateway.example.org.
Escape character is '^]'.

我们期望也能看到这220 debian10email.debian10email ESMTP Postfix (Debian/GNU)条线,但没有。

完整性检查...

考试

只是为了确认正确编写了端口转发规则,我们...

  • 在防火墙上打开端口 1025。
  • 端口转发 1025 到 1050
  • 然后检查我们在远程客户端上看到的内容。

调整防火墙

清除防火墙,打开端口,设置端口转发,以及一些服务。

root@gateway:~# firewall-cmd --reload
root@gateway:~# firewall-cmd --zone=public --add-port=1025/tcp
root@gateway:~# firewall-cmd --zone=public --add-forward-port=port=1025:proto=tcp:toport=1050
root@gateway:~# firewall-cmd --add-service={http,https,smtp}

验证防火墙

root@gateway:~# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: etho0
  sources: 
  services: dhcpv6-client http https smtp ssh
  ports: 1025/tcp
  protocols: 
  masquerade: no
  forward-ports: port=1025:proto=tcp:toport=1050:toaddr=
  source-ports: 
  icmp-blocks: 
  rich rules:

结果

client@client123:~$ telnet gateway.example.org 1025
Trying <IP_of_gateway>...
Connected to gateway.example.org.
Escape character is '^]'.
220 debian10email.debian10email ESMTP Postfix (Debian/GNU)

我们有预期的220 debian10email.debian10email ESMTP Postfix (Debian/GNU)线路,所以防火墙按预期进行端口转发。

结论

特权端口和非特权端口之间的转发不同于非特权端口之间的转发。

我们如何在 Debian 10 Buster 上使用 firewalld 将特权子 1024 端口转发到非特权 1024+ 端口?如果某处有答案,请指出。我们一直没能找到它。

port-forwarding firewalld debian-buster
Martin Hope
user371793
Asked: 2021-08-21 13:07:51 +0800 CST
  • 0

如何将到达给定端口的所有流量转发到另一个端口?

定义布局和问题

布局

这是我正在尝试做的布局......

+--------+         +---------------------+         +----------------+
|  WAN   |  <--->  | 6789                |         |                |
| Client |         |       Gateway       |         |      Host      |
|        |         |                4567 |  <--->  |  2345 Service  |
+--------+         +---------------------+         +----------------+

我想透明地将所有到达端口 6789 的流量转发到端口 4567。WAN 上的客户端和主机上的服务应该对网关一无所知。

网关是带有 firewalld 的 Debian 10。

问题

我无法让流量到达网关上的端口 6789 以转发到端口 4567。

目前的设置

步骤 01 - 在防火墙上公开端口并确认端口已打开。

打开网关上的端口

  1. 运行firewall-cmd命令:firewall-cmd --add-port=6789

  2. 检查防火墙状态...

root@gateway:~# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: etho0
  sources: 
  services: dhcpv6-client http https ssh
  ports: 6789/tcp
  protocols: 
  masquerade: yes
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:
  1. 确认端口已打开。
  • 在网关上,启动一个监听器:nc -vvlp 6789 &
  • 确认监听器已启动...
root@gateway:~# netstat -tulnp | grep 6789
tcp        0      0 0.0.0.0:6789              0.0.0.0:*               LISTEN      2274/nc
  • 从客户端,尝试到达网关:
client@client123:~$ nc -vvN gateway.example.org 6789
Connection to gateway.example.org 6789 port [tcp/*] succeeded!

结论:防火墙上的 6789 端口是开放的。

nc通过终止客户端和网关上的进程进行清理。

步骤 02 - 确认网关和主机上的服务之间的连接

root@gateway:~# telnet localhost 4567
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 backendhost.backendhost MyService (Debian/GNU)

结论:网关和主机上的服务之间的隧道是up的。

步骤 03 - 在网关上添加端口转发并检查防火墙状态

root@gateway:~# firewall-cmd --add-forward-port=port=6789:proto=tcp:toport=4567`
root@gateway:~# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: etho0
  sources: 
  services: dhcpv6-client ssh
  ports: 6789/tcp
  protocols: 
  masquerade: no
  forward-ports: port=6789:proto=tcp:toport=4567:toaddr=
  source-ports: 
  icmp-blocks: 
  rich rules:

结论:端口转发在防火墙中。

此时,如果我尝试从客户端远程登录主机,我会得到......

client@client123:~$ telnet gateway.example.org 6789
Trying <IP_of_gateway>...
telnet: Unable to connect to remote host: Connection refused

在这一点上,我想看看我在上面的步骤 02 中看到了什么。

问题

这是我不确定的地方...

当我netstat -tulnp在网关上运行时,它不会显示任何正在侦听端口 6789 的内容。我不希望它出现,因为我没有运行任何侦听端口 6789 的服务。

我需要某种服务来监听 6789 端口吗?如果是这样,是什么?还是我在防火墙设置中遗漏了什么?我需要这里提到的某种透明代理吗?

我不会在这篇文章中加上我在过去几周读过的所有内容的链接,但如果有一篇文章有​​答案,请随时指出。

编辑

回应@AB

主机在防火墙后面运行。当主机启动时,它会使用 SSH 端口转发自动创建到网关的隧道。

这是主机在启动时运行的命令:ssh -N -R 4567:localhost:2345 [email protected]

该隧道已在步骤 02 中确认。虽然我之前没有提到,但客户端在与主机位于同一 LAN 时工作。

我正在努力使到达网关的流量成功传递到主机。网关是“透明的”。安全证书由主机持有,客户端应该认为它直接与主机对话。

我仍在努力学习这些术语,所以如果有更正确的方法来问这个问题,我当然愿意知道它是什么。

port-forwarding firewalld debian-buster
Martin Hope
Patrick Bucher
Asked: 2021-07-29 10:23:05 +0800 CST
  • 1

我在 Debian 10 (Buster) 和 Apache 2.4.38 上运行一个 Web 服务器。我创建了一个acme运行脚本以更新 TLS 证书的特殊用户。

$ cat /etc/passwd | grep ^acme
acme:x:1002:1002::/var/acme:/usr/bin/nologin
$ cat /etc/group | grep ^acme
acme:x:1002:

acme更新证书后,应允许此用户重新加载 Apache 2 配置。所以我将此行添加到我的/etc/sudoersusing 中visudo(8)

%acme   ALL=(root) NOPASSWD: /etc/init.d/apache2 reload

不幸的是,这不起作用:

$ sudo -u acme /etc/init.d/apache2 reload
[....] Reloading apache2 configuration (via systemctl): apache2.serviceFailed to reload apache2.service: Access denied                                                                                                                  
See system logs and 'systemctl status apache2.service' for details.                                                                                                                                                                     
 failed!

我错过了什么吗?

sudo apache2 debian-buster
Martin Hope
Maestro223
Asked: 2021-05-26 01:47:35 +0800 CST
  • 0

我有一个由国际知名托管服务提供商托管的 vps 服务器,奇怪的是,他们似乎无法对自己的系统进行故障排除,令人不安。

有两个具体问题,可能相关也可能不相关。

目前,我有一个 debian 10.5 vps 实例,它有 dhcp ip,(公共/私有 ips 尽管 dhcp 状态永远不会改变

问题:

我需要从 dhcp 切换到静态 ip 才能在我的主机上运行某些包。使用托管服务提供商提供的说明,我将/etc/network/interfaces文件配置如下:

#The loopback network interface
auto lo
iface lo inet loopback

#The primary network interface
auto eth0
iface eth0 inet static
   address XXX.XX.XX.XXX
   netmask 255.255.255.0
   gateway XXX.XX.XX.XXX

但是,重新启动后ip a仍然显示我的主网络接口 eth0,配置为“动态”而不是静态:

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:xx:xx:01:XX:9d brd ff:ff:ff:ff:ff:ff
    inet xxx.xx.xx.xxx/18 brd xxx.xx.xx.xx scope global dynamic eth0   <---shows dynamic
       valid_lft xxxxxxxsec preferred_lft xxxxx4sec

另外我的内容/etc/resolv.conf丢失

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
options timeout:2 attempts:3 rotate single-request-reopen

有没有人知道出了什么问题?谢谢

注意:除了这些问题之外,其他一切似乎都运行良好。

resolv.conf debian-buster static-ip
Martin Hope
Matias V
Asked: 2021-05-19 23:50:34 +0800 CST
  • 3

我正在尝试在工作中的 Debian buster 上使用 rudder-server,webapp 工作正常,但其中一个方向舵服务不起作用,我无法接收来自其他节点的报告:

● rudder-relayd.service - Rudder Relay Daemon
   Loaded: loaded (/usr/lib/systemd/system/rudder-relayd.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2021-05-19 09:21:32 CEST; 1min 28s ago
  Process: 32493 ExecStart=/opt/rudder/bin/rudder-relayd (code=exited, status=226/NAMESPACE)
 Main PID: 32493 (code=exited, status=226/NAMESPACE)

May 19 09:21:32 rudder-v3 systemd[1]: Started Rudder Relay Daemon.
May 19 09:21:32 rudder-v3 systemd[32493]: rudder-relayd.service: Failed to set up mount namespacing: Permission denied
May 19 09:21:32 rudder-v3 systemd[32493]: rudder-relayd.service: Failed at step NAMESPACE spawning /opt/rudder/bin/rudder-relayd: Permission denied
May 19 09:21:32 rudder-v3 systemd[1]: rudder-relayd.service: Main process exited, code=exited, status=226/NAMESPACE
May 19 09:21:32 rudder-v3 systemd[1]: rudder-relayd.service: Failed with result 'exit-code'.

我的 Debian buster 是 Proxmox 服务器上的一个容器(不是无特权的容器),一切都是最新的,我已经更改了服务的配置但没有成功:

# vi /usr/lib/systemd/system/rudder-relayd.service
[Unit]
Description=Rudder Relay Daemon
After=network-online.target

[Service]
PrivateTmp=false
NoNewPrivileges=yes
PrivateDevices=false
ProtectControlGroups=false
ProtectKernelModules=false
ProtectSystem=false
ReadWritePaths=/var/rudder/reports /var/rudder/inventories /var/rudder/shared-files /var/rudder/cfengine-community/state
ExecStart=/opt/rudder/bin/rudder-relayd
ExecReload=/opt/rudder/bin/rudder relay reload
# Do not restart on known errors, which won't get fixed by themselves
RestartPreventExitStatus=2 3
User=rudder-relayd
Group=rudder

[Install]
RequiredBy=rudder-server.service
WantedBy=multi-user.target

当我执行“/opt/rudder/bin/rudder-relayd”时,我没有任何错误:

 INFO relayd: Starting rudder-relayd 6.2.7
 INFO relayd: Read configuration from "/opt/rudder/etc/relayd/"
 INFO relayd::data::node: Parsing nodes list from "/var/rudder/lib/relay/nodeslist.json"
 INFO relayd::api: Starting API on 127.0.0.1:3030
 INFO relayd::input::watch: Starting file watcher on "/var/rudder/reports/incoming"
 INFO relayd: Skipping inventory as it is disabled
 INFO relayd: Server started

目录的权限是:

# ls -al /opt/rudder/bin/
[..]
-rwxr-xr-x  1 root root 8429816 Nov 22  2017 rudder-relayd
[..]

所有其他方向舵服务都可以正常工作,我什至可以使用我的管理员帐户访问方向舵界面。我已经能够接受待处理的节点,但似乎如果 rudder-relayd 服务关闭,我将无法收到合规报告,并且出现以下消息:

Error occured when contacting internal remote-run API to apply classes on Node 'root': (HTTP code 503)

我的测试的简要总结:

  • 更改 rudder-relayd.service 配置,仅添加“ PrivateTmp=false\NoNewPrivileges=yes ”行;
  • 不直接更改服务文件配置,而是使用systemctl edit rudder-relayd.service覆盖它
  • 每次更改此文件后,我都会使用"systemctl daemon-reload" 重新加载守护进程;
  • 在具有相同选项的另一个容器上安装 Rudder(仍然是相同的错误),在非特权容器上安装 rudder(此错误停止但出现其他错误,我不希望这成为解决方案);

谢谢

service proxmox debian-buster rudder relayd
Martin Hope
CH06
Asked: 2021-03-27 00:42:46 +0800 CST
  • 0

操作系统:Debian 10.4 libvirtd 版本:5.0.0

你好!

我需要在 qemu-kvm 中创建一个实例。使用此命令:

virt-install --connect qemu:///system --virt-type kvm --name test01 --ram=2048 --vcpus=2 --disk /opt/test01/test01.img,bus=virtio,size=10 --pxe --boot uefi --noautoconsole --graphics none  --hvm  --network bridge:eth0  --description "Test VM with w2k16" --os-type=windows --debug

但他回来了:

[Fri, 26 Mar 2021 10:26:07 virt-install 1172] DEBUG (cli:253)   File "/usr/share/virt-manager/virt-install", line 955, in <module>
    sys.exit(main())
  File "/usr/share/virt-manager/virt-install", line 949, in main
    start_install(guest, installer, options)
  File "/usr/share/virt-manager/virt-install", line 625, in start_install
    fail(e, do_exit=False)
  File "/usr/share/virt-manager/virtinst/cli.py", line 253, in fail
    logging.debug("".join(traceback.format_stack()))

[Fri, 26 Mar 2021 10:26:07 virt-install 1172] ERROR (cli:254) Unable to add bridge eth0 port vnet0: Operation not supported
[Fri, 26 Mar 2021 10:26:07 virt-install 1172] DEBUG (cli:256) 
Traceback (most recent call last):
  File "/usr/share/virt-manager/virt-install", line 598, in start_install
    transient=options.transient)
  File "/usr/share/virt-manager/virtinst/installer.py", line 419, in start_install
    doboot, transient)
  File "/usr/share/virt-manager/virtinst/installer.py", line 362, in _create_guest
    domain = self.conn.createXML(install_xml or final_xml, 0)
  File "/usr/lib/python3/dist-packages/libvirt.py", line 3732, in createXML
    if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
libvirt.libvirtError: Unable to add bridge eth0 port vnet0: Operation not supported
[Fri, 26 Mar 2021 10:26:07 virt-install 1172] DEBUG (cli:267) Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
  virsh --connect qemu:///system start test01
otherwise, please restart your installation.
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
  virsh --connect qemu:///system start test01
otherwise, please restart your installation.
root@ctng-flc-test01:/opt/test01#   virsh --connect qemu:///system start test01
error: failed to get domain 'test01'

br0 在 Debian 中没问题,他在物理网络中 ping 其他 IP。我可以使用 BR0 IP 建立和接收 ssh 连接。

我不明白什么是父错误:

Domain installation does not appear to have been successful.

或者

ERROR (cli:254) Unable to add bridge eth0 port vnet0: Operation not supported

以及如何解决它们。

再次感谢!

kvm-virtualization libvirt debian-buster virt-install
Martin Hope
DrBeco
Asked: 2021-02-13 15:50:04 +0800 CST
  • -1

我管理的 SSH 服务器将被允许从一组用户登录,除了星期日之外的所有日子。

您将如何优雅地解决这个问题?感谢对评论或创意+和+安全答案的任何输入。

它还应该踢出已登录的用户。并注意任何登录方式,例如密码或 ssh 密钥。

(按建议编辑)

linux login password debian-buster ssh-keys