我的rancher-v2.5.12 一直重启，请求协助！

ziyou987 · 2023 年2 月 23 日 14:32

Rancher Server 设置

Rancher 版本：v2.5.12
安装选项 (Docker install/Helm Chart): docker
- 如果是 Helm Chart 安装，需要提供 Local 集群的类型（RKE1, RKE2, k3s, EKS, 等）和版本：
在线或离线部署：在线

下游集群信息

Kubernetes 版本:
Cluster Type (Local/Downstream):
- 如果 Downstream，是什么类型的集群?(自定义/导入或为托管等):

用户信息

登录用户的角色是什么？（管理员/集群所有者/集群成员/项目所有者/项目成员/自定义）：
- 如果自定义，自定义权限集：

主机操作系统：

问题描述：

重现步骤：

结果：

预期结果：

截图：

其他上下文信息：

日志

{"log":"2023/02/23 14:31:42 [INFO] Rancher version v2.5.12 (c5f7295f6) is starting\n","stream":"stdout","time":"2023-02-23T14:31:42.616680183Z"}
{"log":"2023/02/23 14:31:42 [INFO] Rancher arguments {ACMEDomains:[] AddLocal:true Embedded:false BindHost: HTTPListenPort:80 HTTPSListenPort:443 K8sMode:auto Debug:false Trace:false NoCACerts:false AuditLogPath:/var/log/auditlog/rancher-api-audit.log AuditLogMaxage:10 AuditLogMaxsize:100 AuditLogMaxbackup:10 AuditLevel:0 Agent:false Features: ClusterRegistry:}\n","stream":"stdout","time":"2023-02-23T14:31:42.616703707Z"}
{"log":"2023/02/23 14:31:42 [INFO] Listening on /tmp/log.sock\n","stream":"stdout","time":"2023-02-23T14:31:42.616716541Z"}
{"log":"2023/02/23 14:31:42 [INFO] Running etcd --data-dir=management-state/etcd --heartbeat-interval=500 --election-timeout=5000\n","stream":"stdout","time":"2023-02-23T14:31:42.617070625Z"}
{"log":"2023-02-23 14:31:42.645567 W | pkg/flags: unrecognized environment variable ETCD_URL_arm64=https://github.com/etcd-io/etcd/releases/download/v3.4.3/etcd-v3.4.3-linux-arm64.tar.gz\n","stream":"stderr","time":"2023-02-23T14:31:42.64566171Z"}
{"log":"2023-02-23 14:31:42.645596 W | pkg/flags: unrecognized environment variable ETCD_URL_amd64=https://github.com/etcd-io/etcd/releases/download/v3.4.3/etcd-v3.4.3-linux-amd64.tar.gz\n","stream":"stderr","time":"2023-02-23T14:31:42.645676228Z"}
{"log":"2023-02-23 14:31:42.645600 W | pkg/flags: unrecognized environment variable ETCD_UNSUPPORTED_ARCH=amd64\n","stream":"stderr","time":"2023-02-23T14:31:42.645687564Z"}
{"log":"2023-02-23 14:31:42.645605 W | pkg/flags: unrecognized environment variable ETCD_URL=ETCD_URL_amd64\n","stream":"stderr","time":"2023-02-23T14:31:42.645691881Z"}
{"log":"[WARNING] Deprecated '--logger=capnslog' flag is set; use '--logger=zap' flag instead\n","stream":"stderr","time":"2023-02-23T14:31:42.645695245Z"}
{"log":"2023-02-23 14:31:42.645640 I | etcdmain: etcd Version: 3.4.3\n","stream":"stderr","time":"2023-02-23T14:31:42.645698483Z"}
{"log":"2023-02-23 14:31:42.645644 I | etcdmain: Git SHA: 3cf2f69b5\n","stream":"stderr","time":"2023-02-23T14:31:42.645702055Z"}
{"log":"2023-02-23 14:31:42.645646 I | etcdmain: Go Version: go1.12.12\n","stream":"stderr","time":"2023-02-23T14:31:42.645705605Z"}
{"log":"2023-02-23 14:31:42.645648 I | etcdmain: Go OS/Arch: linux/amd64\n","stream":"stderr","time":"2023-02-23T14:31:42.645708972Z"}
{"log":"2023-02-23 14:31:42.645651 I | etcdmain: setting maximum number of CPUs to 8, total number of available CPUs is 8\n","stream":"stderr","time":"2023-02-23T14:31:42.645712907Z"}
{"log":"2023-02-23 14:31:42.645690 N | etcdmain: the server is already initialized as member before, starting as etcd member...\n","stream":"stderr","time":"2023-02-23T14:31:42.64572699Z"}
{"log":"[WARNING] Deprecated '--logger=capnslog' flag is set; use '--logger=zap' flag instead\n","stream":"stderr","time":"2023-02-23T14:31:42.645732622Z"}
{"log":"2023-02-23 14:31:42.646099 I | embed: name = default\n","stream":"stderr","time":"2023-02-23T14:31:42.646155126Z"}
{"log":"2023-02-23 14:31:42.646106 I | embed: data dir = management-state/etcd\n","stream":"stderr","time":"2023-02-23T14:31:42.646165979Z"}
{"log":"2023-02-23 14:31:42.646109 I | embed: member dir = management-state/etcd/member\n","stream":"stderr","time":"2023-02-23T14:31:42.646170621Z"}
{"log":"2023-02-23 14:31:42.646111 I | embed: heartbeat = 500ms\n","stream":"stderr","time":"2023-02-23T14:31:42.646174669Z"}
{"log":"2023-02-23 14:31:42.646113 I | embed: election = 5000ms\n","stream":"stderr","time":"2023-02-23T14:31:42.646184719Z"}
{"log":"2023-02-23 14:31:42.646116 I | embed: snapshot count = 100000\n","stream":"stderr","time":"2023-02-23T14:31:42.646188849Z"}
{"log":"2023-02-23 14:31:42.646123 I | embed: advertise client URLs = http://localhost:2379\n","stream":"stderr","time":"2023-02-23T14:31:42.646192744Z"}
{"log":"2023-02-23 14:31:42.646126 I | embed: initial advertise peer URLs = http://localhost:2380\n","stream":"stderr","time":"2023-02-23T14:31:42.646196995Z"}
{"log":"2023-02-23 14:31:42.646129 I | embed: initial cluster = \n","stream":"stderr","time":"2023-02-23T14:31:42.646201233Z"}
{"log":"2023-02-23 14:31:42.654168 I | etcdserver: recovered store from snapshot at index 199802012\n","stream":"stderr","time":"2023-02-23T14:31:42.654227034Z"}
{"log":"2023-02-23 14:31:42.744702 I | mvcc: restore compact to 191313646\n","stream":"stderr","time":"2023-02-23T14:31:42.744891473Z"}
{"log":"2023-02-23 14:31:42.868215 C | etcdserver: read wal error (walpb: crc mismatch) and cannot be repaired\n","stream":"stderr","time":"2023-02-23T14:31:42.868357771Z"}
{"log":"2023/02/23 14:31:42 [FATAL] etcd exited\n","stream":"stdout","time":"2023-02-23T14:31:42.871033845Z"}

ziyou987 · 2023 年2 月 23 日 14:39

docker启动的单机版，已经运行一年半了
启动命令：docker run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 -v /data/rancher:/var/lib/rancher rancher/rancher:v2.5.12
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
57d46003e331 rancher/rancher:v2.5.12 “entrypoint.sh” 12 months ago Restarting (1) 29 seconds ago recursing_robinson

niusmallnan · 2023 年2 月 24 日 02:19

Rancher的docker单机版模式，从来都是只用于短期运行和演示。非要用于长期运行，必然要承担后果。
去论坛里搜一搜Rancher证书过期，如何处理。

ziyou987 · 2023 年2 月 24 日 02:46

真不是证书问题
[root@bigdata-web etcd]# for i in *.crt; do echo $i; openssl x509 -enddate -noout -in $i; done
client.crt
notAfter=Nov 25 10:02:25 2023 GMT
peer-ca.crt
notAfter=Feb 21 06:50:01 2032 GMT
peer-server-client.crt
notAfter=Nov 8 07:14:45 2023 GMT
server-ca.crt
notAfter=Feb 21 06:50:01 2032 GMT
server-client.crt
notAfter=Nov 8 07:14:45 2023 GMT
[root@bigdata-web etcd]# cd …
[root@bigdata-web tls]# for i in *.crt; do echo $i; openssl x509 -enddate -noout -in $i; done
client-admin.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-auth-proxy.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-ca.crt
notAfter=Feb 21 06:50:01 2032 GMT
client-cloud-controller.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-controller.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-k3s-controller.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-kube-apiserver.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-kube-proxy.crt
notAfter=Nov 25 10:02:25 2023 GMT
client-scheduler.crt
notAfter=Nov 25 10:02:25 2023 GMT
request-header-ca.crt
notAfter=Feb 21 06:50:01 2032 GMT
server-ca.crt
notAfter=Feb 21 06:50:01 2032 GMT
serving-kube-apiserver.crt
notAfter=Nov 8 07:14:45 2023 GMT
[root@bigdata-web tls]# pwd
/data/rancher/k3s/server/tls

niusmallnan · 2023 年2 月 24 日 02:57

日志显示etcd似乎出现问题，可以参考：https://gist.github.com/superseb/c8d0188302fdbd0127e52cf6ce93ce94

ziyou987 · 2023 年2 月 24 日 07:24

上游 etcd v3.5.0-v3.5.2 数据丢失问题权威教程

我们最近获悉，etcd 维护人员建议不要将 etcd 3.5 用于生产环境，因为最近发现的一个错误可能会在 etcd 在高负载下被杀死时导致数据丢失。该公告 ( https://groups.google.com/a/kubernetes.io/g/dev/c/B7gJs88XtQc/m/rSgNOzV2BwAJ ) 于 3 月 29 日星期二发布。上游问题（https://github.com/etcd-io/etcd/issues/13766）尚未解决，没有可用的修复程序。 K3s/RKE2 K3s 和 RKE2 的所有 1.22 和 1.23 版本都嵌入了 etcd 3.5。出于这个原因，我们建议用户避免在这些版本上使用嵌入式 etcd 部署新的生产 Kubernetes 集群，直到问题在上游得到修复，并且我们发布了包含该修复的版本。使用默认 sqlite 数据存储或在具有外部 SQL 数据存储的 HA 配置中不影响 K3s。如果您有使用受影响版本的现有 K3s 或 RKE2 集群，您可以采取以下步骤来确保您不会遇到数据丢失：避免向 k3s/rke2 进程和 R…

有点像这个