所选语种没有对应资源,请选择:

本站点使用Cookies,继续浏览表示您同意我们使用Cookies。Cookies和隐私政策>

提示

尊敬的用户,您的IE浏览器版本过低,为获取更好的浏览体验,请升级您的IE浏览器。

升级

FusionCloud 6.3.1 故障处理 06

评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
TRM项目创建失败且回滚失败时删除失败数据

TRM项目创建失败且回滚失败时删除失败数据

现象描述

首次创建新项目失败,再次创建仍失败。

可能原因

第一次创建项目时回滚失败。

处理方法

  1. 删除aeskey。

    1. 使用PuTTY,登录om_core1_ip节点。

      默认帐号:paas,默认密码:QAZ2wsx@123!

    2. 查询etcd容器状态。

      kubectl get pod -n manage | grep etcd

      cse-etcd-0                                  1/1       Running   0          2d
      cse-etcd-1                                  1/1       Running   736        2d
      cse-etcd-2                                  1/1       Running   0          2d
      etcd-0                                      1/1       Running   0          3d
      etcd-1                                      1/1       Running   1          3d
      etcd-2                                      1/1       Running   0          1d
      etcd-backup-4104260855-bb2w5                1/1       Running   0          3d
      etcd-backup-4104260855-t609v                1/1       Running   0          3d
    3. 进入1.b中任意一个标红的etcd容器中。以etcd-0为例进行说明。

      kubectl exec -ti etcd-0 -n manage sh

    4. 根据项目名称获取项目aeskey的secret和token的secret。
      说明:

      本方法以项目名称trm-test001为例进行说明,实际操作以环境为准。

      export ETCDCTL_API=3

      ETCDCTL_API=3 /start-etcd --cacert /var/paas/kubernetes/cert/ca.crt --cert /var/paas/kubernetes/cert/tls.crt --key /var/paas/kubernetes/cert/tls.key --endpoints https://etcd-0.etcd.manage.svc.cluster.local:4001,https://etcd-1.etcd.manage.svc.cluster.local:4001,https://etcd-2.etcd.manage.svc.cluster.local:4001 get /registry/secrets/trm-test001 -keys-only

      类似如下回显则为aeskey的secret和token的secret。

      /registry/secrets/trm-test001/aeskey
      /registry/secrets/trm-test001/default-token-k4wsn
    5. 删除对应的aeskey和token的secret,回显为“1”表示删除成功。
      1. 删除aeskey的secret。

        export ETCDCTL_API=3

        ETCDCTL_API=3 /start-etcd --cacert /var/paas/kubernetes/cert/ca.crt --cert /var/paas/kubernetes/cert/tls.crt --key /var/paas/kubernetes/cert/tls.key --endpoints https://etcd-0.etcd.manage.svc.cluster.local:4001,https://etcd-1.etcd.manage.svc.cluster.local:4001,https://etcd-2.etcd.manage.svc.cluster.local:4001 del /registry/secrets/trm-test001/aeskey

      2. 删除token的secret。

        export ETCDCTL_API=3

        ETCDCTL_API=3 /start-etcd --cacert /var/paas/kubernetes/cert/ca.crt --cert /var/paas/kubernetes/cert/tls.crt --key /var/paas/kubernetes/cert/tls.key --endpoints https://etcd-0.etcd.manage.svc.cluster.local:4001,https://etcd-1.etcd.manage.svc.cluster.local:4001,https://etcd-2.etcd.manage.svc.cluster.local:4001 del /registry/secrets/trm-test001/default-token-k4wsn

  2. 使用curl删除namespaces。

    1. 获取passadmin的token。

      curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8' -X POST -d'{"auth": {"identity":{"methods": ["password"],"password":{"user": {"name": "paasadmin","password":"QAZ2wsx@123!","domain": {"name":"op_service"}}}},"scope": {"domain":{"name": "op_service"}}}}' https://$租户管理域登录地址:31943/v3/auth/tokens

      X-Subject-Token: MIIESAYJKoZIhvcNAQcCoIIEOTCCBDUCAQExDTALBglghkgBZQMEAgEwggKWBgkqhkiG9w0BBwGgggKHBIICg3sidG9rZW4iOnsiZXhwaXJlc19hdCI6IjIwMTgtMDctMjVUMDE6NTQ6MzYuMzQ0MDAwWiIsIm1ldGhvZHMiOlsicGFzc3dvcmQiXSwiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI2MDgxNjdiOWI3NDE0NGJlYWY4YjJjN2ZmNTUyMWIyZSJ9LCJyb2xlcyI6W3sibmFtZSI6InRlX2FnZW5jeSIsImlkIjoiOTgyZDBkMmEyNmYwNDYyNmE3MjU5NWZkZjg1NTg5NDYifSx7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI5OTgxNjNjZjdiODE0MDkwYWI4ODkyYmZiYzAzMzVmYyJ9LHsibmFtZSI6Im9wX2NyZWQiLCJpZCI6ImI0OGY0MzYyYWFhZDQyMmU4ZDFkMjk4ZjQ3YzUwNDA1In0seyJuYW1lIjoib3BfYXV0aCIsImlkIjoiMGQ2YzZiYzcwNTM1NDE2NDljMGEzNmQ4ZGExOGNjOTgifSx7Im5hbWUiOiJvcF9yb2xlX3RhZyIsImlkIjoiMWE1NDMxOTgyNDhkNDRkZjkzM2IyNjI2NjEwODJiODYifV0sImlzc3VlZF9hdCI6IjIwMTgtMDctMjRUMDE6NTQ6MzYuMzQ0MDAwWiIsInVzZXIiOnsiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiI2MDgxNjdiOWI3NDE0NGJlYWY4YjJjN2ZmNTUyMWIyZSJ9LCJuYW1lIjoicGFhc2FkbWluIiwiaWQiOiJkYTU3Y2NhNDQ5OWE0ZWU2YjAwODAyYjM3ZDQ4YjAyOCJ9fX0xggGFMIIBgQIBATBcMFcxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVVbnNldDEOMAwGA1UEBwwFVW5zZXQxDjAMBgNVBAoMBVVuc2V0MRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20CAQEwCwYJYIZIAWUDBAIBMA0GCSqGSIb3DQEBAQUABIIBACJrIKzWpwSd4AGaqnHMql-zhjzrMZM4ZXt-BJTROs2Ku9+hmVDKE-HYAKsy03lpCaop6kVt3Um3uMKsR2Vf+yD1E-yUlqKn5x267J0S06wl72e2KDI98-ziCflPjtYXKdm+o5e2bdp3L7q0kxm76dtXNNzCz4ssuJXKg6wAu-N+A7wIVpFtXUGSpySbSsS+boqcKGHxCy+9sfHwJxT9zK2pZeLzX24aSTaGy9g7MFj52UILRx-1CTloIJfBARyo3W+e0BHBajqQpK13fnYiK-mD1P4WNPVibjhH7LshWnv6tL5XKTrPZUlpzMZhS6dxYS-OHWi9vfx044yKosVzMpA=

      回显中如上所示“X-Subject-Token”字段的值即为token。

    2. 将该token值设置为“adminToken”。

      adminToken={2.a中获取到的Token}

    3. 获取创建项目的租户的domain_id

      curl -i -k -H 'Accept:application/json' -H 'Content-Type:application/json;charset=utf8'-H 'X-Auth-token=$token' -X POST -d'{"auth": {"identity":{"methods": ["password"],"password":{"user": {"name": "$租户用户名","password":"$租户密码","domain": {"name":"$租户用户名"}}}},"scope": {"domain":{"name": "租户用户名"}}}}' https://$租户管理域登录地址:31943/v3/auth/tokens

      {"token":{"expires_at":"2018-07-25T02:31:52.689000Z","methods":["password"],"catalog":[],"domain":{"name":"trm_test","id":"57b4d93c36d243b8aa84753be24104d0"},"roles":[{"name":"te_agency","id":"1d105a00e7f64f768a5475269afd044c"},{"name":"te_admin","id":"68d5c9563d7d48b68064f4f6c73cfc72"},{"name":"secu_admin","id":"e697df16689e414a9b119921975dd539"},{"name":"op_gated_approved","id":"0"}],"issued_at":"2018-07-24T02:31:52.689000Z","user":{"domain":{"name":"trm_test","id":"57b4d93c36d243b8aa84753be24104d0"},"name":"trm_test","id":"8405f707ca5b4c5f907262ff1b530518"}}}

      获取回显中租户名对应的id,如上加粗所示。

    4. 将domain_id的值设置为“domainID”。

      domainID={2.c中获取到的Token}

    5. 使用passadmin的token、domain_id以及project_name来获取assumedToken。

      curl -i -k -H "X-Auth-Token:$adminToken" -H 'Content-Type:application/json' -X POST -d '{"auth": {"identity": {"methods": ["hw_assume_role"],"hw_assume_role": {"xrole_name":"op_service","domain_id": "'$domainID'" ,"restrict": ["te_admin"]} },},"scope": {"project":{"name":"trm-test001"}}}' https://$租户管理域登录地址:31943/v3/auth/tokens

      X-Subject-Token: MIIEIgYJKoZIhvcNAQcCoIIEEzCCBA8CAQExDTALBglghkgBZQMEAgEwggJwBgkqhkiG9w0BBwGgggJhBIICXXsidG9rZW4iOnsiZXhwaXJlc19hdCI6IjIwMTgtMDctMjVUMDI6NDk6MDMuNTkxMDAwWiIsIm1ldGhvZHMiOlsiaHdfYXNzdW1lX3JvbGUiXSwiZG9tYWluIjp7Im5hbWUiOiJ0cm1fdGVzdCIsImlkIjoiNTdiNGQ5M2MzNmQyNDNiOGFhODQ3NTNiZTI0MTA0ZDAifSwicm9sZXMiOlt7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiJjZTk3ODYyNGU0NTM0N2MwODc1ZWNmYWY4ZTYyNzQ4NSJ9LHsibmFtZSI6Im9wX2dhdGVkX2FwcHJvdmVkIiwiaWQiOiIwIn1dLCJpc3N1ZWRfYXQiOiIyMDE4LTA3LTI0VDAyOjQ5OjAzLjU5MTAwMFoiLCJ1c2VyIjp7ImRvbWFpbiI6eyJuYW1lIjoidHJtX3Rlc3QiLCJpZCI6IjU3YjRkOTNjMzZkMjQzYjhhYTg0NzUzYmUyNDEwNGQwIn0sIm5hbWUiOiJ0cm1fdGVzdC9vcF9zZXJ2aWNlIiwiaWQiOiI1Y2RjMDBmNmY1Nzk0OWJjYWExMzZiY2MxNGZmMDYwNSJ9LCJhc3N1bWVkX2J5Ijp7InVzZXIiOnsiZG9tYWluIjp7Im5hbWUiOiJvcF9zZXJ2aWNlIiwiaWQiOiJkMGUxMDcxZGZlYjI0ZjQ5OGMxYTFiY2E5ODM5NjYwMCJ9LCJuYW1lIjoicGFhc2FkbWluIiwiaWQiOiJiZGM1OThmNmQ1MWE0ZjNjYjQ3N2NlNDRlNDJiNTkwNSJ9fX19MYIBhTCCAYECAQEwXDBXMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVW5zZXQxDjAMBgNVBAcMBVVuc2V0MQ4wDAYDVQQKDAVVbnNldDEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tAgEBMAsGCWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQBXuZ18cTZfp034iTyfAnQMuajag13dtJBW6cJCsNswXA4tbkmyRS0eG3j4RyXRfNZVi8q6-7x64C1zwEQAU-btCItphki4OedOzM1FBgJOsyY0QTts4aHLij7kgCIIiAgoG-tSyYkCBJGeo30zVUQMIEnBbmIAQCTHhfuMtfsEQ26FVUPgWI30mKhxOnoXjhrSXAOJU5iAebjUI0mKLgS5kgK4jvBKxl5C40hy+s3rd9pnPi-mY4bQTQElEADxNkMUffZz5g6Pn58azuRRtLXi2zNMMkZJWGS8BVEOxBPIWFF+VHuW+r1g2e6cQq9HYTssXlQITPQkuNJReMfHqulG

      回显中如上所示“X-Subject-Token”字段的值即为token。

    6. 将获取到的token设置为“assumedToken”。

      assumedToken={2.e中获取到的Token}

    7. 使用assumedToken和project_name(nameSpace)删除指定nameSpace。

      curl -i -k -H 'Accept:application/json' -H "Authorization:bearer $assumedToken" -X DELETE https://kube-apiserver.manage.svc.cluster.local:5443/api/v1/namespaces/trm-test001

      HTTP/1.1 200 OK

翻译
下载文档
更新时间:2019-08-19

文档编号:EDOC1100043088

浏览量:22385

下载量:453

平均得分:
本文档适用于这些产品

相关版本

相关文档

Share
上一页 下一页