|
|
[WRN] CEPHADM_REFRESH_FAILED: failed to probe daemons or devices9 F! p. A5 Z5 m! K% D+ |% ^. P
host private-registry.example.com `cephadm ceph-volume` failed: cephadm exited with an error code: 1, stderr:Non-zero exit code 125 from /bin/podman run --rm --ipc=host --net=host --entrypoint stat --init -e CONTAINER_IMAGE=ceph5-2-1-registry.example.com:5000/rhceph/rhceph-5-rhel8@sha256:d42c0d99ddeaa001570dce4eb90b71699e0401fe449966b935f669ffad22bd01 -e NODE_NAME=private-registry.example.com -e CEPH_USE_RANDOM_NONCE=1 ceph5-2-1-registry.example.com:5000/rhceph/rhceph-5-rhel8@sha256:d42c0d99ddeaa001570dce4eb90b71699e0401fe449966b935f669ffad22bd01 -c %u %g /var/lib/ceph
/ H, K/ M; V0 @% ostat: stderr Trying to pull ceph5-2-1-registry.example.com:5000/rhceph/rhceph-5-rhel8@sha256:d42c0d99ddeaa001570dce4eb90b71699e0401fe449966b935f669ffad22bd01...
6 a( _/ p5 P- astat: stderr Error: initializing source docker://ceph5-2-1-registry.example.com:5000/rhceph/rhceph-5-rhel8@sha256:d42c0d99ddeaa001570dce4eb90b71699e0401fe449966b935f669ffad22bd01: reading manifest sha256:d42c0d99ddeaa001570dce4eb90b71699e0401fe449966b935f669ffad22bd01 in ceph5-2-1-registry.example.com:5000/rhceph/rhceph-5-rhel8: unauthorized: authentication required
2 r0 P) U1 l+ \How to eliminate this warning?3 E) W8 S- L( W: V( w% f
Resolution! t: H5 M, g9 [$ Q9 c" j& h
Login to the cephadm shell on the lead monitor node.
; R2 H" U6 f- f e) [
. b$ d- n e+ j/ y4 D6 @Raw
2 K3 \1 k; X" t9 S. F# cephadm shell
5 C) A, l, x) [. w9 l: c* ALog in manually to the custom registry on all the new hosts simultaneously:3 [+ V5 x1 d( I9 Y2 \) X
5 ?$ U9 f9 h; W. H
Raw
5 d7 a! A" i, D; q1 i# ceph cephadm registry-login --registry-url <CUSTOM_REGISTRY_NAME> --registry_username <REGISTRY_USERNAME> --registry_password <PASSWORD>0 n4 y8 S! `% N
Executing the aforementioned command will produce a podman-auth.json file in the /etc/ceph directory that contains the custom registry's authentication details.
5 z" B; q- s/ e: E- A$ n( `# K6 i
4 ?8 Z! X$ w% ?9 J! sWait 3-5 minutes to see if the daemon starts up.6 \, @8 L. E- s; k) s7 [1 T
5 o0 s$ [) y' }) w( y1 d" N
Raw
& C$ G4 w/ T5 K+ N1 _# watch ceph orch ls
, x) t3 T6 B' ]" dOPTIONAL: Restart the daemon if it is still not in running state.
9 m$ I7 b4 J% W, V5 v1 x+ @9 L5 b. _5 Z9 l) X
Raw* E! X+ U7 v" A8 M
# ceph orch restart <DAEMON_NAME>
: P9 c3 u) x& i4 L. l4 l; `4 ?SPECIAL CASE:
7 c8 m7 y3 J p1 B# DFor daemons like node-exporter, prometheus, alertmanager, grafana:; L% K7 U, U* T& |9 C5 y
_- W$ |6 x- t5 P5 u
After logging into the custom registry, use the ceph config command to configure the custom container images:
% w* q% N. e U; p; Q1 |
' q0 O5 P9 M+ n. L2 J. m2 d) tRaw
' }5 Q! ^+ ?/ T2 U. O1 t# ceph config set mgr mgr/cephadm/OPTION_NAME CUSTOM_REGISTRY_NAME/CONTAINER_NAME. F/ L$ V8 E8 I+ v- ^5 _
Use the following options for OPTION_NAME:
8 f8 x# e( ]4 a% Q! f- h$ d7 [3 w
Raw
$ Q8 G: O$ @8 `" J0 H) V6 Vcontainer_image_prometheus7 F" q/ C1 D2 ]! @5 _) T' u: b; {
container_image_grafana9 b. U, n8 L$ [2 \9 g( A
container_image_alertmanager1 g. B; B8 ]# `# w
container_image_node_exporter
a& `# ?8 @' d+ N) Z/ p. \Redeploy each daemon:6 Y8 j, P4 G7 U/ }- K# I1 v
$ k* l; d* o0 y" H' h. PRaw; i8 a8 a. i: Z$ I2 Y% B
# ceph orch redeploy DAEMON_NAME, s1 d: |( [2 O L6 O8 Q/ b) e
Root Cause
$ j$ i/ y9 d3 V6 v- [- `6 g6 f4 Z4 zWhile adding ceph daemons on newly added hosts, cephadm is not able to determine the custom registry credentials under podman-auth.json file under the /etc/ceph directory or the file itself is missing.
" [+ \% D. s: D/ v* b% M, c5 N* P, c8 N( }: A# m7 ^# x
Behind the scene, when we run this command it actually only logs in the host where the command is run. As a result, when cephadm attempts to pull the image on other hosts it still fails due to not logged in on the other hosts.7 _; D! Y; i. j ~- e3 c; L' A
/ U, d) L T5 N8 z% s5 L
For this, instead of running the command on the host itself, use the ceph cephadm registry-login command from inside the cephadm shell and it should log in all the hosts in the cluster.
$ C4 @3 z* ?% R# x/ E" m c# t
# o3 c L4 M' i7 t k" L, g; zDiagnostic Steps. \9 z: R$ r9 C% H& U0 o8 p
Check if the podman-auth.json file is present under /etc/ceph/ on each node.
% ?/ j# _ ^3 s% l6 c, p
' y( z% h) T" g% GRaw
8 ]# D3 b9 w6 V, q& k; ?' d- N! K# ls -l /etc/ceph/$ ~7 S. ~( q" A# h
Verify the daemon status:
& D' v B* L+ o, J' [" ^) R
m2 E7 A: d) e _Raw, y' a# n. X( g9 [% B& G
# ceph orch ls
1 `$ c3 I3 ~8 y' v# ceph orch ps2 E+ k1 `# l3 Z M) z
+ z4 E% F$ D, D6 o% D/ f$ S4 W
|
|
发表于 2025-4-9 17:00:42