Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WARN Invalid server identity value for xxx from xxx #5253

Closed
1019822077 opened this issue Mar 31, 2021 · 7 comments · Fixed by #5309
Closed

WARN Invalid server identity value for xxx from xxx #5253

1019822077 opened this issue Mar 31, 2021 · 7 comments · Fixed by #5309
Labels
contribution welcome kind/bug Category issues or prs related to bug.

Comments

@1019822077
Copy link

Describe the bug
我安装nacos1.4.1集群后,并添加了如下参数:
After I installed the nacos1.4.1 cluster, I added the following parameters:

nacos.core.auth.enabled=true
nacos.core.auth.enable.userAgentAuthWhite=false
nacos.core.auth.server.identity.key=xing
nacos.core.auth.server.identity.value=xing

然后,在没有任务其他条件干扰的情况下,直接去看日志core-auth.log,发现一直在报:
Then, without interference from other conditions of the task, I went directly to the log core-auth.log and found that it has been reporting:

2021-03-30 00:33:23,532 WARN Invalid server identity value for xing from 172.18.0.4
2021-03-30 00:33:24,652 WARN Invalid server identity value for xing from 172.18.0.3
2021-03-30 00:33:27,542 WARN Invalid server identity value for xing from 172.18.0.4
2021-03-30 00:33:28,662 WARN Invalid server identity value for xing from 172.18.0.3
2021-03-30 00:33:31,551 WARN Invalid server identity value for xing from 172.18.0.4
2021-03-30 00:33:32,671 WARN Invalid server identity value for xing from 172.18.0.3

大家有人遇过吗?
Has anyone encountered this problem?
@KomachiSion
Copy link
Collaborator

应该是集群配置的identity不一致导致的。

@1019822077
Copy link
Author

应该是集群配置的identity不一致导致的。

我用的官方的:https://github.com/nacos-group/nacos-docker/tree/1.4.1 和官网的k8s都试过,只要是我上面的参数,都是报一样的错,同时我进行容器内部查看,都是我配置好的xing,说明集群中的参数都是一致的,应该是官网的bug。服务器之前的认证当关掉UA白名单的时候,就卡住了,就会报这个错。
[root@nacos3 nacos]# echo $NACOS_AUTH_IDENTITY_KEY
xing
[root@nacos3 nacos]# echo $NACOS_AUTH_IDENTITY_VALUE
xing

@1019822077
Copy link
Author

1019822077 commented Apr 1, 2021
edited
Loading

如果参数是:nacos.core.auth.enable.userAgentAuthWhite=true,服务器通讯一切正常,见日志:
172.19.0.3 - - [01/Apr/2021:16:41:10 +0800] "POST /nacos/v1/core/cluster/report HTTP/1.1" 200 52 3
172.19.0.4 - - [01/Apr/2021:16:41:12 +0800] "POST /nacos/v1/core/cluster/report HTTP/1.1" 200 52 2
172.19.0.3 - - [01/Apr/2021:16:41:14 +0800] "POST /nacos/v1/core/cluster/report HTTP/1.1" 200 52 3
172.19.0.4 - - [01/Apr/2021:16:41:16 +0800] "POST /nacos/v1/core/cluster/report HTTP/1.1" 200 52 3
172.19.0.3 - - [01/Apr/2021:16:41:18 +0800] "POST /nacos/v1/core/cluster/report HTTP/1.1" 200 52 3

如果参数是:nacos.core.auth.enable.userAgentAuthWhite=false ,就会报
2021-03-30 00:33:23,532 WARN Invalid server identity value for xing from 172.18.0.4
2021-03-30 00:33:24,652 WARN Invalid server identity value for xing from 172.18.0.3
2021-03-30 00:33:27,542 WARN Invalid server identity value for xing from 172.18.0.4
两次的数据只有是否开启UA白名单不同,其他都一样
nacos.core.auth.enabled=true
nacos.core.auth.enable.userAgentAuthWhite=false
nacos.core.auth.server.identity.key=xing
nacos.core.auth.server.identity.value=xing

如果不信,大家可以试试,官方的docker与k8s我都试过,是一样的效果。估计是上次的漏洞补了开关功能,但是忽略掉了服务器之前的认证的方式

vi env/nacos-hostname.env
NACOS_AUTH_ENABLE=true
NACOS_AUTH_USER_AGENT_AUTH_WHITE_ENABLE=false
NACOS_AUTH_IDENTITY_KEY=xing
NACOS_AUTH_IDENTITY_VALUE=xing
TOMCAT_ACCESSLOG_ENABLED=true
NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789
NACOS_AUTH_TOKEN_EXPIRE_SECONDS=18000
NACOS_AUTH_CACHE_ENABLE=false

进入nacos1的容器内,执行下面的就可以看到
tail -f logs/core-auth.log
2021-04-06 15:00:43,067 WARN Invalid server identity value for xing from 172.19.0.3
2021-04-06 15:00:45,472 WARN Invalid server identity value for xing from 172.19.0.5

根据日志分析:
应该是这行代码只有白名单的header,但是没有自定义的header的逻辑。
asyncRestTemplate.post(url, Header.newInstance().addParam(Constants.NACOS_SERVER_HEADER, VersionUtils.version),

@KomachiSion
Copy link
Collaborator

看了下 的确这里漏掉了。

@KomachiSion
Copy link
Collaborator

com.alibaba.nacos.core.cluster.ServerMemberManager

line 509。

@KomachiSion KomachiSion added kind/bug Category issues or prs related to bug. contribution welcome and removed status/need feedback labels Apr 8, 2021
@cutiechi
Copy link
Contributor

cutiechi commented Apr 8, 2021

@i will solve it@

@cutiechi cutiechi mentioned this issue Apr 8, 2021
Merged
5 tasks
@1019822077
Copy link
Author

非常感谢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
contribution welcome kind/bug Category issues or prs related to bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ISSUE#5253] Fix missing identity header error
3 participants
@cutiechi @KomachiSion @1019822077