主页 / user-151795

Zama Ques's questions

Martin Hope
Zama Ques
Asked: 2020-11-20 02:41:56 +0800 CST
  • 0

我正在尝试使用 以下步骤安装veleroGKE ClusterGCP Compute Engine Host

https://github.com/vmware-tanzu/velero-plugin-for-gcp

我正在使用以下命令veleroVM主机安装

 velero install --provider gcp --plugins velero/velero-plugin-for-gcp:v1.1.0 --bucket ${VELEROBUCKET} --secret-file ./credentials-velero

但它失败并出现以下错误

Error installing Velero. Use `kubectl logs deploy/velero -n velero` to check the deploy logs:
Error creating resource ClusterRoleBinding/velero: clusterrolebindings.rbac.authorization.k8s.io is forbidden: 
User "116865650821658545991" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope: requires one of ["container.clusterRoleBindings.create"] permission(s)

为了解决这个错误,我正在尝试这个

  kubectl create clusterrolebinding cluster-admin-binding --clusterrole cluster-admin --user velero

但这也因以下错误而失败

error: failed to create clusterrolebinding: clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "116865650821658545991" cannot create resource "clusterrolebindings" in API group "rbac.authorization.k8s.io" at the cluster scope: requires one of ["container.clusterRoleBindings.create"] permission(s).

上述场景的两个查询

  1. clusterrolebinding创建资源来解决我在安装时看到的错误是否正确velero

  2. 如何识别第二个错误中看到的“116865650821658545991”的相应用户以及需要分配什么角色来创建clusterrolebinding资源?

google-cloud-platform google-kubernetes-engine google-iam
Martin Hope
Zama Ques
Asked: 2020-09-30 15:13:38 +0800 CST
  • 0

我希望了解有关 Google Kubernetes Cluster 备份的信息。我遇到了这个文档,但这似乎更多地是在 GCP Anthos Onpremises GKE Cluster 上。

https://cloud.google.com/anthos/gke/docs/on-prem/archive/1.1/how-to/administration/backing-up

我看到很少有博客谈论 GKE 功能来创建现有 GKE 集群的克隆,但我在 GCP 控制台中找不到任何选项来通过克隆现有 GKE 集群来创建新集群。

https://blog.doit-intl.com/google-kubernetes-engine-cluster-migration-with-velero-4a140b018f32

有人可以确认此克隆功能在 GKE 中是否仍然可用还是已被弃用?

除了克隆 GKE 集群之外,我们还需要备份集群资源和 PersistentVolume。Veloro 似乎是一个有用的工具,它是 GKE 感知的。

https://velero.io/

我正在寻找有关 GKE 集群备份的更多建议,该备份同时处理集群资源和持久卷。Google 关于 GKE 备份的任何建议/最佳做法

backup google-cloud-platform google-kubernetes-engine
Martin Hope
Zama Ques
Asked: 2020-08-19 07:27:07 +0800 CST
  • 0

CLoud functions 部署期间有什么影响?是否function在部署期间变得不可用或trigger在此部署期间任何会失败?

我可以使用GCP Console或使用以下gcloud命令进行部署

gcloud functions deploy HelloWorld --source golang-samples-master/functions/codelabs/gopher --update-labels env=dev,name=automate --trigger-http --runtime go111
google-cloud-platform gcloud
Martin Hope
Zama Ques
Asked: 2020-07-17 08:15:57 +0800 CST
  • 0

当我们改变labels现有的CLoud Run serivcesusing gcloudcommand 时,它会做deployment同样的revision改变

      $gcloud run services update test --update-labels env=prod,test=test1
      ✓ Deploying... Done.                                         
      ✓ Creating Revision...
      ✓ Routing traffic...
      Done.
      Service [test1] revision [test1-00003-wik] has been deployed and is serving 100 percent of traffic at https://test1-ukliefksia-uc.a.run.app

它是否会在仅更改标签而不更改任何代码的情况下导致停机?似乎流量已路由,因此应用程序没有停机时间。请确认

deployment google-cloud-platform gcloud
Martin Hope
Zama Ques
Asked: 2018-05-04 03:23:57 +0800 CST
  • 4

我可以直接Host A ( 10.100.64.112)从 my访问,HomePC 但不能直接访问Host B (172.88.3.31). 要访问Host B,我需要先 ssh 到Host A,然后再到Host B.

要直接访问Host B,我尝试使用本地端口转发和以下命令设置 SSH 隧道Host A

 Host A # ssh  [email protected] -L 4420:172.88.3.31:22

现在我试图验证隧道是否正常工作

 Host A # ssh 10.100.64.112 -p 4420
 [email protected]'s password:

它工作正常,它需要我Host B

但是如果我直接从我的隧道访问HOmePC,它就不起作用

    $  ssh 10.100.64.112 -p 4122
    ssh: connect to host 10.100.64.112 port 4122: Connection refused

在检查时netstat,它显示以下内容

$ sudo netstat -an | grep 4420
tcp        0      0 127.0.0.1:4420              0.0.0.0:*                   LISTEN
tcp        0      0 ::1:4420                    :::*                        LISTEN

请建议让我Host B直接连接。

linux
Martin Hope
Zama Ques
Asked: 2017-06-15 23:15:05 +0800 CST
  • 0

我需要为同一主机编写多个 site.pp 文件。它给了我以下错误

Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Node 'default' is already defined at line 2; cannot redefine at line 2 on node node-002.example.com

例如 :

我的第一次site.pp 

vi hosts-site.pp
default{
  }
 node "node-002.example.com" {
           ## Rules here to update /etc/hosts
         }

NextSite.pp具有相同的节点但不同的操作。

 vi fstab-site.pp
default{
  }
 node "node-002.example.com" {
           ## Rules here to update /etc/fstab
         }

如何达到同样的效果。我们需要为需要维护不同 site.pp 的相同节点编写多个操作

puppet
Martin Hope
Zama Ques
Asked: 2017-04-20 23:12:45 +0800 CST
  • -1

Pupppetserver全新安装后服务未出现。它显示以下错误

 Exception in thread "main" java.lang.ClassNotFoundException: java.nio.file.Files, compiling:(puppetlabs/puppetserver/certificate_authority.clj:1:1)
    at clojure.lang.Compiler.load(Compiler.java:7391)
    at clojure.lang.RT.loadResourceScript(RT.java:372)
......
......
    at clojure.main.main(main.java:37)
 Caused by: java.lang.ClassNotFoundException: java.nio.file.Files

系统有2G内存。我将内存设置从 2G 更改为 1G ,但服务仍然没有出现。

  JAVA_ARGS="-Xms1g -Xmx1g -XX:MaxPermSize=256m"

  $ cat /etc/redhat-release
  CentOS release 6.7 (Final)

  $ rpm -q puppetserver
   puppetserver-2.7.2-1.el6.noarch

请建议。

puppet
Martin Hope
Zama Ques
Asked: 2017-04-17 21:22:40 +0800 CST
  • 1

我正在尝试创建多个目录,然后将文件复制到每个目录。为此,我创建了以下资源

$dirs=myapp

$appdirs = [  "/data/tomcat/$dirs/conf", "/data/tomcat/$dirs/config" ]


 file { $appdirs:
 ensure => "directory",
 owner => "root",
 group => "root",
}

file { "Copy Directory":
path => "/data/tomcat/$dirs/conf",
ensure => "present",
recurse => "true",
source => "puppet:///modules/tomcat8/conf/"
 }
}

但是我得到了已经定义的错误,如下所示

 Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: 
 Evaluation Error: Error while evaluating a Resource Statement, Cannot alias File[Copy Directory] to
 ["/data/tomcat/jacplus8/conf"] at /etc/puppetlabs/code/environments/production/manifests/classes/app.pp:20; 
 resource ["File", "/data/tomcat/jacplus8/conf"] already declared at /etc/puppetlabs/code/environments/production
 /manifests/classes/app.pp:14 at /etc/puppetlabs/code/environments/production/manifests/classes/app.pp:20:1
 on node Node-003.example.com

在使用第一个资源文件 { $appdirs:} 创建文件后,我需要使用第二个资源文件 {"Copy Directory":} 将文件复制到目标目录,但是尽管资源名称不同,但它给了我已经定义的错误。我正在寻找解决方法,以便我可以创建目录,然后在其中复制文件。

puppet
Martin Hope
Zama Ques
Asked: 2017-04-13 23:13:36 +0800 CST
  • 1

我正在尝试使用以下清单创建多个目录

class app {
$dirs = app8
$appdirs = ['/data/tomcat/app8/conf', '/data/tomcat/app8/config', '/data/tomcat/app8/libs', '/data/tomcat/app8/deploy', '/data/tomcat   /app8/webapps', '/data/tomcat/app8/temp', '/data/tomcat/app8/work']
file { "/data/tomcat/$dirs":
      path => "/data/tomcat/$dirs",
      ensure => directory,
      owner => root,
      group => root,
    }
file { "$appdirs":
  path => '$appdirs',
  ensure => directory,
  owner  => root,
  group  => root,
  mode   =>  0644,
  }
}

但是当我执行它失败并出现以下错误

 # puppet agent --verbose --no-daemonize --onetime
 Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for node-003.wiley.com
Error: Failed to apply catalog: Parameter path failed on File[[/data/tomcat/app8/conf, /data/tomcat/app8/config, /data/tomcat/app8/libs, /data/tomcat/app8/deploy, /data/tomcat/app8/webapps, /data/tomcat/app8/temp, /data/tomcat/app8/work]]: File paths must be fully qualified, not '$appdirs' at /etc/puppetlabs/code/environments/production/manifests/classes/app.pp:15

请建议如何解决问题

puppet
Martin Hope
Zama Ques
Asked: 2016-07-18 22:07:12 +0800 CST
  • 1

我们正在迁移到更高版本的 puppet。

新版本:

# puppet --version
4.5.2

现有版本:

#puppet-3.8.7

我们现有的site.pp如下:

#A default site.pp to do a quick test run
import "../classes/*"
import "../nodes/*"
   file { 'testfile':
       path => '/home/test/testfile',
       ensure => present,
       mode => 0755,
       content => "A test file to check a different manifestdir" ,
      }
 Exec { path => ["/bin" , "/sbini/", "/usr/bin" , "/usr/sbin/"]  }

现在由于我们正在迁移到Puppet 4,我认为下面的导入功能包含多个 pp 文件将在这里不起作用Puppet 4

import "../classes/*"
import "../nodes/*"

如果我没记错的话,我可以将 classes 和 nodes 目录下的所有清单复制到下面的清单目录

/apps/puppetlabs/code/environments/production/manifests/site.pp

请建议如何将清单更新到 Puppet 的更高版本或没有兼容性问题?

puppet rhel6 puppet-agent
Martin Hope
Zama Ques
Asked: 2016-07-01 02:23:57 +0800 CST
  • 1

我的 Puppet 服务器环境设置如下

[master]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /data/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /data/puppetlabs/code

#  puppet master --configprint manifest
/data/puppetlabs/code/environments/production/manifests

在代理上如下

server = jw-host
environment = production

但是 --configprint 在代理节点上显示不同的位置

# puppet master --configprint manifest
/etc/puppetlabs/code/environments/production/manifests

它没有更改为 /data,因为我的清单没有得到应用。

版本如下

 # puppetserver  --version
  puppetserver version: 2.4.0
 # puppet  --version
  4.5.2

这里有什么问题?

puppet puppetmaster puppet-agent
Martin Hope
Zama Ques
Asked: 2016-06-23 01:44:47 +0800 CST
  • 1

我们使用共享的 Puppet Server 来管理 QA 和 DEV 环境。Puppet Server 使用的默认配置是生产环境

# puppet master --configprint all | grep production

environment = production
manifest = /data/puppetlabs/code/environments/production/manifests
modulepath = /data/puppetlabs/code/environments/production/modules:/data/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules

我想启用另外两个环境 DEV 和 QA。为此,我将复制上述目录并分别重命名为 Puppet Server 上的环境qadevelopment启用哪些配置项以启用puppet.confPuppet Server 中的新环境。如果我像上面的示例那样创建多个条目,它将起作用。请建议。

puppet puppetmaster
Martin Hope
Zama Ques
Asked: 2016-06-22 02:34:19 +0800 CST
  • 1

我使用四个节点进行了 Puppet/MCollective 设置。

  # mco ping
  Node-010.test.com                   time=107.58 ms
  Node-003.test.com                   time=110.68 ms
  Node-009.test.com                   time=114.42 ms
  Node-002.test.com                   time=116.49 ms

#mco puppet runonce 工作正常,但没有应用清单。

  # mco puppet runonce
  * [ ============================================================> ] 4 / 4
  Finished processing 4 / 4 hosts in 151.61 ms

我的清单配置如下:

   # puppet master --configprint manifest
   /etc/puppetlabs/code/environments/production/manifests

我的 Site.pp 如下

  # cat /etc/puppetlabs/code/environments/production/manifests/site.pp
node default {
}
node 'Node-002.test.com'{
file {"/tmp/helloworld.txt":
      ensure => file,
      owner  => 'root',
      group  => 'root',
      mode   => '0644',
      content =>" Hi ",
   }
  }

Site.pp 没有得到应用。

从日志文件看,它似乎正在从缓存中读取并申请不存在规则的节点。

  ` # tail -f /var/log/puppetlabs/puppetserver/puppetserver.log
2016-06-21 20:21:06,355 INFO  [qtp1367105977-65] [puppet-server] Puppet    Compiled catalog for Node-009.test.com in environment qa in 0.04 seconds
2016-06-21 20:21:08,223 INFO  [qtp1367105977-65] [puppet-server] Puppet Caching node for Node-002.test.com
2016-06-21 20:21:08,618 INFO  [qtp1367105977-69] [puppet-server] Puppet Caching node for Node-002.test.com

我是否遇到了一些错误或缺少一些配置项?

puppet puppetmaster mcollective
Martin Hope
Zama Ques
Asked: 2016-03-18 04:01:56 +0800 CST
  • 1

我使用user资源在下面编写了以下代码片段puppet来创建unix用户。

   node 'node2.example.com','node3.example.com'{
  user {
  'askar':
  ensure  => 'present',
  managehome => 'true',
  comment => 'man Home',
  home    => '/home/askar',
  shell   => '/bin/bash',
  expiry  => '2016-03-22',
  password => '$1$cs1j/t.D$4Q2Ocr0pulyNTUx/',
  password_min_age => '30',
  password_max_age => '60',
 }
exec {
'chage':
    path => '/usr/bin/',
    command => 'chage -d 0 askar',
  } 
}

它对我来说很好,但对我来说,我需要创建 10 到 20 个用户。我如何重用上面的代码片段来创建 10 个用户。我是新手puppet,所以指针会有很大帮助。

puppet