Open infnada opened 5 years ago
Is this for the core
user or the other one? Is there a previous version of Container Linux where this was working properly?
This is for every user. Have 4 new users + core
user and none of them can login. I'm new to CoreOs never tried it before.
If you're just starting with Container Linux, please use a Container Linux Config rather than a cloud-config. coreos-cloudinit is long deprecated and has unfixable race conditions. It seems likely that you're seeing one of them here.
Can i just delete /var/lib/coreos-install/user_data
, copy the new ignition.json
somewhere and reboot the VM?
At this point you should start with a new VM. Ignition only runs on the first boot, and anyway coreos-cloudinit has already made a bunch of changes to your system.
Exact same issue:
{
"ignition": {
"config": {},
"timeouts": {},
"version": "2.1.0"
},
"networkd": {
"units": [
{
"contents": "[Match]\nName=ens192\n\n[Network]\nAddress=xxxxxx/24\nGateway=xxxxx\nDNS=xxxxx",
"name": "static.network"
}
]
},
"passwd": {
"users": [
{
"groups": [
"sudo",
"docker"
],
"name": "core",
"passwordHash": "xxxxx",
"sshAuthorizedKeys": [
"ssh-rsa xxxxxxx"
]
},
{
"groups": [
"sudo",
"docker"
],
"name": "xxxx",
"sshAuthorizedKeys": [
"ssh-rsa xxxxx"
]
},
{
"groups": [
"sudo",
"docker"
],
"name": "xxx",
"sshAuthorizedKeys": [
"ssh-rsa xxxxx"
]
},
{
"groups": [
"sudo",
"docker"
],
"name": "xxxx",
"sshAuthorizedKeys": [
"ssh-rsa xxxx"
]
},
{
"groups": [
"sudo",
"docker"
],
"name": "xxxx",
"sshAuthorizedKeys": [
"ssh-rsa xxxxxx"
]
}
]
},
"storage": {
"files": [
{
"filesystem": "root",
"group": {},
"path": "/etc/coreos/update.conf",
"user": {},
"contents": {
"source": "data:,GROUP%3Dstable%0AREBOOT_STRATEGY%3D%22off%22%0ASERVER%3Dhttps%3A%2F%2Fpublic.update.core-os.net%2Fv1%2Fupdate%2F%0A",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/etc/hostname",
"user": {},
"contents": {
"source": "data:,xxxxx%0A",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/etc/resolv.conf",
"user": {},
"contents": {
"source": "data:,nameserver%09xxxxx%0Anameserver%09xxxx%0A",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/etc/sysctl.conf",
"user": {},
"contents": {
"source": "data:,vm.max_map_count=262144%0A",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/etc/vfile.conf",
"user": {},
"contents": {
"source": "data:,%7B%22MaxLogAgeDays%22%3A28%2C%22MaxLogFiles%22%3A10%2C%22MaxLogSizeMb%22%3A10%2C%22LogPath%22%3A%22%2Fvar%2Flog%2Fvfile%2Elog%22%7D%0A",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/etc/vsphere-storage-for-docker.conf",
"user": {},
"contents": {
"source": "data:,%7B%22MaxLogAgeDays%22%3A28%2C%22MaxLogFiles%22%3A10%2C%22MaxLogSizeMb%22%3A10%2C%22LogPath%22%3A%22%2Fvar%2Flog%2Fvsphere%2Dstorage%2Dfor%2Ddocker%2Elog%22%7D%0A",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {},
"path": "/etc/security/limits.conf",
"user": {},
"contents": {
"source": "data:,%2A%09hard%09memlock%09unlimited%0A%2A%09soft%09memlock%09unlimited%0A",
"verification": {}
},
"mode": 420
}
]
},
"systemd": {
"units": [
{
"enable": true,
"dropins": [
{
"contents": "[Service]\nLimitMEMLOCK=infinity",
"name": "10-memlock.conf"
}
],
"name": "docker.service"
},
{
"contents": "[Unit]\nDescription=Set Max Map Count\n\n[Service]\nType=oneshot\nExecStart=/usr/sbin/sysctl -w vm.max_map_count=16777216\n\n[Install]\nWantedBy=multi-user.target",
"enable": true,
"name": "runsysctl.service"
},
{
"contents": "[Unit]\nDescription=Install vsphere plugin\nAfter=docker.service\nRequires=docker.service\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/docker plugin ls | grep -q 'vsphere' && echo \"matched\" || /usr/bin/docker plugin install --alias vsphere vmware/vsphere-storage-for-docker:latest --grant-all-permissions \"VDVS_SOCKET_GID=233\"\nExecStart=/usr/bin/docker plugin ls | grep -q 'vfile' && echo \"matched\" || /usr/bin/docker plugin install --alias vfile vmware/vfile:latest VFILE_TIMEOUT_IN_SECOND=90 \"VDVS_SOCKET_GID=233\" --grant-all-permissions\n\n[Install]\nWantedBy=multi-user.target",
"enable": true,
"name": "runcmd.service"
}
]
}
}
Issue Report
Bug
On node restart I'm able to login using SSH key but not after 2/3 minutes. I've got 4 SSH keys and non of them works with the error (putty):
The key is in
~/.ssh/authorized_keys
&~/.ssh/authorized_keys.d/coreos-cloudinit
Container Linux Version
Environment
VMware ESXi, 6.5.0, 5310538 Default VM options.
Configured with:
coreos-install -d /dev/sda -c ci.yml -o vmware_raw
Expected Behavior
Be able to login with SSH using some of cloud-config provided keys
Actual Behavior
Can't login after 2/3 minutes of node restart.
Reproduction Steps
Restart
Instant login -> OK
Wait 2/3 minutes -> Login fail
Restart
Wait 2/3 minutes -> Login fail