-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Linux 2 - root account is locked. #53
Comments
Hi @steven-cuthill-otm Are you able to run the playbooks with verbose (-vv or -vvv) and check the task execution log? |
Hello, I had the same issue with an Amazon ECS-optimized Amazon Linux 2 AMI. Did you find something? My exlusions are: |
Could not solve the issues so just moved back to aws linux v1 for now until
there is better support for the OS in these playbooks.
On Sat, 16 Feb 2019 at 09:46, OlivierGaillard ***@***.***> wrote:
Hello, I had the same issue with an Amazon ECS-optimized Amazon Linux 2
AMI. Did you find something? My exlusions are:
cis_level_1_exclusions:
- 5.4.4
- 3.4.2
- 3.4.3
- 6.2.13
- 1.1.18
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#53 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AoL4Zn5AJj7N1zKdTCz07TvGvKPeiF5-ks5vN9NegaJpZM4Zp0mN>
.
--
Steven Cuthill
DevOps Manager
steven.cuthill@onthemarket.com
www.onthemarket.com
Download the OnTheMarket.com app...
<https://itunes.apple.com/gb/app/onthemarket.com-property-search/id960416200?mt=8>
<https://play.google.com/store/apps/details?id=com.onthemarket.mobile&hl=en_GB>
Follow us on...
<https://www.facebook.com/Onthemarketcom-1500133890261960/>
<https://twitter.com/OnTheMarketCom>
<https://www.linkedin.com/company/onthemarket>
|
I think I had a very similar issue today. While testing locally using vagrant, the vagrant account got locked. Example
@steven-cuthill-otm, @OlivierGaillard could you please test with 5.4.1.1 through 5.4.1.4 excluded and let us know if the issue still persist. |
@chandanchowdhury I found the problem to be with |
any update on this? |
@nebffa I can't find any reason why creating separate partition would lock root account, may be I am missing something, would be great if you can provide some explanation. |
I am facing this issue, whenever passing the file system name to make it permanent in /etc/fstab |
Is there any more news on this? I'm using "EC2 Image Builder" to build an image, I've enabled the I do not have any individual partitions, nor do I have any account lockout setup.
The Looking at the log, I see (i-031475ad9b57ccb8b.log):
(the Also:
but the most concerning thing is:
For some reason, it can't get an IP address! Not sure how that's possible, it works the first time it boots but not after a reboot (so there shouldn't be a problem with the |
Logfiles from the first (successful) and the second (failed) boot: |
Just an update before I take weekend - it's SOMETHING (!!) to do with the mounts. Not sure which one yet, but commenting out all but the root fs and it rebooted just fine. It also rebooted just fine when adding an additional disk mounted.. I'm thinking it's something with the EFS filesystem:
I'm just going to test without EFS but with one of the |
It seems the Amazon Linux 2 AMI I use as base mounts EFS/NFS mounts to early in the boot process, messing up the rest of it. So the solution was simple, just make sure network mounts is mounted later by adding a Wether that helps anyone else, I don't know but it was the cause of my |
I thinks for Amazon Linux 2, rule 1.1.2 - 1.1.14 cause that. In my case exception that rule make it works |
Having same issue with Amazon Linux 2. Has there been any updates to this? |
How did you solve this? I can't connect on my instance (1/2 Status Checked) and I did try to edit etc/fstab for a consistent mount. I think we have the same problem. Did you create a new instance? |
Did you find a solution? |
Hello,
been doing some testing on AWS linux 2 LTS and come across an issues that is stopping the image from booting. looks like the root account is getting disabled so this is stopping the init process from finishing to the point where we cant connect, so litter hard to get any more logging info. from the 'get sys log' option in EC2 i managed to pull the following :
Cannot open access to console, the root account is locked.
See sulogin(8) man page for more details.
`Press Enter to continue.`
not sure what could be the case, is there any tasks that could be the root case for this ?
for info i have the following exclusions
The text was updated successfully, but these errors were encountered: