-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v3.3.0-rc.0 endpoint health --cluster with auth requires password input twice #9094
Comments
what's the etcd version? |
etcdctl version: 3.3.0 |
|
$ /usr/local/etcd/etcd --version $ ETCDCTL_API=3 /usr/local/etcd/etcdctl version |
Other issue about restore: $ rm -rf /data/etcd/intranet-test.* log:
Configuration: /usr/local/etcd/conf/etcd.conf
|
@lyddragon Thanks. Is there any easy way to reproduce that panic locally? |
$ ETCDCTL_API=3 /usr/local/etcd/etcdctl --user root --endpoints 192.168.0.83:2379 snapshot save /tmp/83.snapshot.db $ systemctl stop etcd configuration:/usr/local/etcd/conf/etcd.confhttps://github.com/coreos/etcd/blob/master/etcd.conf.yml.sample
systemd configuration:
|
Use snapshot restore member, Why not rejoin the cluster?sudo -u etcd ETCDCTL_API=3 /usr/local/etcd/etcdctl snapshot restore /tmp/83.snapshot.db --name node3 --initial-cluster node1=http://192.168.0.81:2380,node2=http://192.168.0.82:2380,node3=http://192.168.0.83:2380 --initial-cluster-token wpbch1bi7yebkdWWfoemlqxyjbwrqt --initial-advertise-peer-urls=http://192.168.0.83:2380 --data-dir /data/etcd/intranet-test.data |
new member can't join to clusteruse snapshot to restore node1、node2、node3on node1$ ETCDCTL_API=3 /usr/local/etcd/etcdctl --user 'root:111111' get 0 'z' on node1、node2、node3$ systemctl stop etcd on node1$ sudo -u etcd ETCDCTL_API=3 /usr/local/etcd/etcdctl snapshot restore /tmp/s.db --name node1 --initial-cluster node1=http://192.168.0.81:2380,node2=http://192.168.0.82:2380,node3=http://192.168.0.83:2380 --initial-cluster-token wpbch1bi7yebkdWWfoemlqxyjbwrqt --initial-advertise-peer-urls=http://192.168.0.81:2380 --data-dir /data/etcd/intranet-test.data on node2$ sudo -u etcd ETCDCTL_API=3 /usr/local/etcd/etcdctl snapshot restore /tmp/s.db --name node2 --initial-cluster node1=http://192.168.0.81:2380,node2=http://192.168.0.82:2380,node3=http://192.168.0.83:2380 --initial-cluster-token wpbch1bi7yebkdWWfoemlqxyjbwrqt --initial-advertise-peer-urls=http://192.168.0.82:2380 --data-dir /data/etcd/intranet-test.data on node3$ sudo -u etcd ETCDCTL_API=3 /usr/local/etcd/etcdctl snapshot restore /tmp/s.db --name node3 --initial-cluster node1=http://192.168.0.81:2380,node2=http://192.168.0.82:2380,node3=http://192.168.0.83:2380 --initial-cluster-token wpbch1bi7yebkdWWfoemlqxyjbwrqt --initial-advertise-peer-urls=http://192.168.0.83:2380 --data-dir /data/etcd/intranet-test.data on node1$ ETCDCTL_API=3 /usr/local/etcd/etcdctl member add node4 --peer-urls='http://192.168.0.80:2380' on node4$ cat /usr/local/etcd/conf/etcd.conf but no data$ ETCDCTL_API=3 /usr/local/etcd/etcdctl --user 'root:111111' get 0 'z' or$ cat /usr/local/etcd/conf/etcd.conf start failed$ systemctl start etcd |
-cluster with auth requires password input twice$ ETCDCTL_API=3 /usr/local/etcd/etcdctl --user root endpoint health |
FWIW I can reproduce with v3.3.0-rc.0 and v3.3.0-rc.1 going to explore a bit. |
But if I pass the password directly |
Current etcdctl endpoint health --cluster asks password twice if auth is enabled. This is because the command creates two client instances: one for the purpose of checking endpoint health and another for getting cluster members with MemberList(). The latter client doesn't need to be authenticated because MemberList() is a public RPC. This commit makes the client with no authed one. Fix etcd-io#9094
@lyddragon thanks for reporting the problem. I created a PR for fixing this here: #9136 could you try it? |
Current etcdctl endpoint health --cluster asks password twice if auth is enabled. This is because the command creates two client instances: one for the purpose of checking endpoint health and another for getting cluster members with MemberList(). The latter client doesn't need to be authenticated because MemberList() is a public RPC. This commit makes the client with no authed one. Fix #9094
$ /usr/local/etcd/etcdctl --user root endpoint health --cluster
Password:
Password:
http://192.168.0.82:2379 is healthy: successfully committed proposal: took = 2.133151ms
http://192.168.0.81:2379 is healthy: successfully committed proposal: took = 2.089219ms
http://192.168.0.83:2379 is healthy: successfully committed proposal: took = 2.37011ms
$ /usr/local/etcd/etcdctl --user root endpoint health
Password:
127.0.0.1:2379 is healthy: successfully committed proposal: took = 2.230373ms
The text was updated successfully, but these errors were encountered: