問題描述:當我們關閉掉openshift容器雲,在下一次通過 openshift start & 命令啓動openshift後,想通過system:admin登錄系統發現openshift提示用戶要輸入密碼,由於system:admin是通過密鑰證書免密登錄系統的,所以此處會出現system:admin無法登錄openshift的問題。
如下圖分別是執行openshift start & 命令在 / 根目錄 而/etc/profile中
KUBECONFIG 、CURL_CA_BUNDLE變量中設置的openshift.local.config 所在的目錄是/home,兩者不一致,導致system:admin免密登錄失敗。
問題解決:通過openshift start & 啓動openshift,執行此命令的所在的目錄要與/etc/profile中KUBECONFIG 、CURL_CA_BUNDLE變量中設置的openshift.local.config 所在的目錄保持一致。
例如,我這裏的openshift.local.config在/home目錄,那麼啓動openshift的命令openshift start &就要在/home目錄執行,如果我在其他目錄執行此命令啓動openshift ,就會出現system:admin賬號無法登陸openshift
export KUBECONFIG=/home/openshift.local.config/master/admin.kubeconfig
export CURL_CA_BUNDLE=/home/openshift.local.config/master/ca.crt
如下圖分別是執行openshift start &命令在 /home目錄 而/etc/profile中
KUBECONFIG 、CURL_CA_BUNDLE變量中設置的openshift.local.config 所在目錄是/home,兩者不一致,所以system:admin免密登錄成功!
附上:我的linux服務器配置的/etc/profile文件內容如下:
if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
for i in /home/profile.d/*.sh /home/profile.d/sh.local ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
export PATH=/home/openshift:$PATH
export KUBECONFIG=/home/openshift.local.config/master/admin.kubeconfig
export CURL_CA_BUNDLE=/home/openshift.local.config/master/ca.crt
sudo chmod +r /home/openshift.local.config/master/admin.kubeconfig