Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

两台higress使用同一nacos做配置中心 其中一台不能登录 #732

Closed
1 task
maco6096 opened this issue Dec 22, 2023 · 11 comments
Closed
1 task

两台higress使用同一nacos做配置中心 其中一台不能登录 #732

maco6096 opened this issue Dec 22, 2023 · 11 comments

Comments

@maco6096
Copy link

If you are reporting any crash or any potential security issue, do not
open an issue in this repo. Please report the issue via ASRC(Alibaba Security Response Center) where the issue will be triaged appropriately.

  • I have searched the issues of this repository and believe that this is not a duplicate.

Ⅰ. Issue Description

安装了两台higress, 使用同一个nacos做配置中心,一台能正产使用, 其中一台一直提示初始化密码

Ⅱ. Describe what happened

If there is an exception, please attach the exception trace:

2023-12-22 02:33:04.572 ERROR 7 --- [io-8080-exec-10] c.a.h.c.aop.ApiStandardizationAspect     : IllegalStateException occurs when calling com.alibaba.higress.console.controller.SystemController.initialize

java.lang.IllegalStateException: Admin user is already initialized.
        at com.alibaba.higress.console.service.SessionServiceImpl.initializeAdmin(SessionServiceImpl.java:100) ~[classes!/:0.0.1-SNAPSHOT]
        at com.alibaba.higress.console.controller.SystemController.initialize(SystemController.java:86) ~[classes!/:0.0.1-SNAPSHOT]

Ⅲ. Describe what you expected to happen

两台higress做主备,使用同一个nacos做配置中心, 使用同一份配置

Ⅳ. How to reproduce it (as minimally and precisely as possible)

  1. curl -fsSL https://higress.io/standalone/get-higress.sh
  2. 手动下载higress-v1.3.1.tar.gz, 并解压为higress
  3. 手动下载各组件镜像,上传私服harbor
  4. 修改higress里的镜像地址
  5. 执行install -a -c nacos://xxx:8848 --nacos-username=nacos --nacos-password=nacos
  6. 都安装成功

Ⅴ. Anything else we need to know?

Ⅵ. Environment:

  • Higress version:
  • OS : redhat7.9
  • Others: nacos2.3
@CH3CHO
Copy link
Collaborator

CH3CHO commented Dec 23, 2023
edited
Loading

我的理解是你先完成了两台服务器的安装,然后登录 Console 进行的用户初始化,对吗?

这里你可以请求一下那台不能正常工作的 Console:http://ip:8080/system/config 看看会返回什么。

  • 如果响应里包含 "system.initialized": true,那么它不应该提示你需要初始化密码。可以换用浏览器的无痕模式试一下看是不是缓存。
  • 如果响应里不包含 "system.initialized": true,或者值是 false,那这个就有点问题了,因为前面反馈说 nacos 里是有这个配置的。

另外,这里还有一点需要注意的。Higress Console 用户名密码是保存在 Secret 里的。而为了保证 Secret 中敏感数据的安全(比如 HTTPS 证书),nacos 里的 Secret 是加密存储的。默认安装的时候,安装脚本会随机生成一个加密密钥。如果两台机器分别使用不同的密钥,后续运行是会有问题的。所以在安装的时候是需要通过指定相同的密钥,或者直接把第一台机器的整个安装目录复制到新的机器上直接启动(不需要再次安装)。

image

@maco6096
Copy link
Author

试了一下复制整个包到另一台机器, 还是提示初始化,日志如下:

2023-12-25 07:56:26.949 ERROR 7 --- [nio-8080-exec-8] c.a.h.c.aop.ApiStandardizationAspect : BusinessException occurs when calling com.alibaba.higress.console.controller.SystemController.initialize

com.alibaba.higress.sdk.exception.BusinessException: Unable to load secret from K8s.
at com.alibaba.higress.console.service.SessionServiceImpl.initializeAdmin(SessionServiceImpl.java:106) ~[classes!/:0.0.1-SNAPSHOT]
at com.alibaba.higress.console.controller.SystemController.initialize(SystemController.java:86) ~[classes!/:0.0.1-SNAPSHOT]

@CH3CHO
Copy link
Collaborator

CH3CHO commented Dec 25, 2023

检查一下两个包目录下面的 compose/volumes/api/nacos.key 文件,看内容是否一致。也看一下 API Server 容器的日志,看是什么错误。

@maco6096
Copy link
Author

nacos.key是一样的, 是连接不到nacos, api日志:
/usr/local/go/src/net/http/server.go:2122: get config from remote nacos server fail, and is not allowed to read local file, err:ConfigQueryRequest is limited

@CH3CHO
Copy link
Collaborator

CH3CHO commented Dec 25, 2023

检查nacos服务端的9848端口是否能够连接

@maco6096
Copy link
Author

不是8848吗? 9848被占用了

@CH3CHO
Copy link
Collaborator

CH3CHO commented Dec 25, 2023

Nacos 2.x 还需要使用 9848 端口。

https://nacos.io/zh-cn/docs/v2/upgrading/2.0.0-compatibility.html
image

@maco6096
Copy link
Author

可以连接telnet 服务端9848也不行

@CH3CHO
Copy link
Collaborator

CH3CHO commented Jan 5, 2024

9848 端口对应的是 nacos 的 9848 吗?现在有什么新的日志吗?

@maco6096
Copy link
Author

2024-01-15 06:21:44.433 ERROR 7 --- [nio-8080-exec-4] c.a.h.c.aop.ApiStandardizationAspect : BusinessException occurs when calling com.alibaba.higress.console.controller.SystemController.initialize

com.alibaba.higress.sdk.exception.BusinessException: Unable to load secret from K8s.
at com.alibaba.higress.console.service.SessionServiceImpl.initializeAdmin(SessionServiceImpl.java:106) ~[classes!/:0.0.1-SNAPSHOT]
at com.alibaba.higress.console.controller.SystemController.initialize(SystemController.java:86) ~[classes!/:0.0.1-SNAPSHOT]
at com.alibaba.higress.console.controller.SystemController$$FastClassBySpringCGLIB$$ba04bcb2.invoke() ~[classes!/:0.0.1-SNAPSHOT]
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218) ~[spring-core-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:779) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.validation.beanvalidation.MethodValidationInterceptor.invoke(MethodValidationInterceptor.java:123) ~[spring-context-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:750) ~[spring-aop-5.3.9.jar!/:5.3.9]
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:89) ~[spring-aop-5.3.9.jar!/:5.3.9]
at com.alibaba.higress.console.aop.ApiStandardizationAspect.intercept(ApiStandardizationAspect.java:78) ~[classes!/:0.0.1-SNAPSHOT]
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:577) ~[na:na]

@maco6096
Copy link
Author

重新安装了, 使用同一个key是可以的

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CH3CHO @maco6096