Git Product home page Git Product logo

Comments (11)

chihyuwu avatar chihyuwu commented on August 30, 2024

Hi, Could you provide the detailed logs from CSI? And what's your DSM version?

from synology-csi.

elct9620 avatar elct9620 commented on August 30, 2024

The DSM version:
DSM 7.0.1-42218

The logs from CSI controller:

I1003 12:55:15.781452       1 connection.go:182] GRPC call: /csi.v1.Identity/GetPluginCapabilities
I1003 12:55:15.781455       1 connection.go:183] GRPC request: {}
I1003 12:55:15.782326       1 connection.go:185] GRPC response: {"capabilities":[{"Type":{"Service":{"type":1}}}]}
I1003 12:55:15.782873       1 connection.go:186] GRPC error: <nil>
I1003 12:55:15.782880       1 connection.go:182] GRPC call: /csi.v1.Controller/ControllerGetCapabilities
I1003 12:55:15.782883       1 connection.go:183] GRPC request: {}
I1003 12:55:15.783695       1 connection.go:185] GRPC response: {"capabilities":[{"Type":{"Rpc":{"type":1}}},{"Type":{"Rpc":{"type":3}}},{"Type":{"Rpc":{"type":9}}},{"Type":{"Rpc":{"type":5}}},{"Type":{"Rpc":{"type":6}}},{"Type":{"Rpc":{"type":7}}},{"Type":{"Rpc":{"type":4}}}]}
I1003 12:55:15.786350       1 connection.go:186] GRPC error: <nil>
2021-10-03T12:55:14Z [INFO] [synok8scsiplugin/main.go:51] CSI Options = {NotUsed, unix:///var/lib/csi/sockets/pluginproxy/csi.sock, /etc/synology/client-info.yml}
2021-10-03T12:55:15Z [ERROR] [synok8scsiplugin/main.go:65] Failed to add DSM: 172.31.1.175, error: Failed to login to DSM: [172.31.1.175]. err: DSM Api error. Error code:403
2021-10-03T12:55:15Z [INFO] [driver/driver.go:78] New driver created: name=csi.san.synology.com, nodeID=NotUsed, version=1.0.0, endpoint=unix:///var/lib/csi/sockets/pluginproxy/csi.sock
2021-10-03T12:55:15Z [INFO] [driver/grpc.go:110] Listening for connections on address: &net.UnixAddr{Name:"//var/lib/csi/sockets/pluginproxy/csi.sock", Net:"unix"}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:104] GRPC call: /csi.v1.Identity/Probe
2021-10-03T12:55:15Z [INFO] [driver/utils.go:105] GRPC request: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:110] GRPC response: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:104] GRPC call: /csi.v1.Identity/GetPluginInfo
2021-10-03T12:55:15Z [INFO] [driver/utils.go:105] GRPC request: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:110] GRPC response: {"name":"csi.san.synology.com","vendor_version":"1.0.0"}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:104] GRPC call: /csi.v1.Identity/GetPluginCapabilities
2021-10-03T12:55:15Z [INFO] [driver/utils.go:105] GRPC request: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:110] GRPC response: {"capabilities":[{"Type":{"Service":{"type":1}}}]}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:104] GRPC call: /csi.v1.Controller/ControllerGetCapabilities
2021-10-03T12:55:15Z [INFO] [driver/utils.go:105] GRPC request: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:110] GRPC response: {"capabilities":[{"Type":{"Rpc":{"type":1}}},{"Type":{"Rpc":{"type":3}}},{"Type":{"Rpc":{"type":9}}},{"Type":{"Rpc":{"type":5}}},{"Type":{"Rpc":{"type":6}}},{"Type":{"Rpc":{"type":7}}},{"Type":{"Rpc":{"type":4}}}]}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:104] GRPC call: /csi.v1.Identity/Probe
2021-10-03T12:55:15Z [INFO] [driver/utils.go:105] GRPC request: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:110] GRPC response: {}
2021-10-03T12:55:15Z [INFO] [driver/utils.go:104] GRPC call: /csi.v1.Identity/GetPluginInfo
2021-10-03T12:55:15Z [INFO] [driver/utils.go:105] GRPC request: {}

from synology-csi.

chihyuwu avatar chihyuwu commented on August 30, 2024

2021-10-03T12:55:15Z [ERROR] [synok8scsiplugin/main.go:65] Failed to add DSM: 172.31.1.175, error: Failed to login to DSM: [172.31.1.175]. err: DSM Api error. Error code:403

It seems like you have enabled 2-Factor Authentication for your accounts, but the Synology CSI doesn't support 2FA for now. So when the CSI tried to log in to DSM with these accounts, it got the "403" error.

You can create a new account in the admin group, and specifically disable 2FA for it (Control Panel > Security > Account > 2-Factor Authentication).

from synology-csi.

elct9620 avatar elct9620 commented on August 30, 2024

@chihyuwu I had tried to create another account without 2FA but I got 402 instead of 403 error. And the others message are same.

from synology-csi.

chihyuwu avatar chihyuwu commented on August 30, 2024

402 could be caused by several reasons, so we need more info for investigation.

  1. Are there any error logs in /var/log/auth.log on the DSM? (use SSH login to DSM and check)
  2. Update the version of API and build the synocli tool, which can help to reproduce the Login API:
    a. cd synology-csi
    b. edit pkg/dsm/webapi/dsmwebapi.go, changing the version from 3 to 6

    synology-csi/pkg/dsm/webapi/dsmwebapi.go

    Line 168 in dc05a79

    params.Add("version", "3")

    c. make synocli
    d. ./bin/synocli dsm login <dsm ip> <username> <password>
    e. check returned messages

from synology-csi.

elct9620 avatar elct9620 commented on August 30, 2024

@chihyuwu I found some error which is new account for CSI /var/log/auth.log

2021-09-30T21:10:48+08:00 AotokiNAS synoscimprofile[27917]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:10:48+08:00 AotokiNAS synoscimprofile[27917]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:10:48+08:00 AotokiNAS synoscimprofile[27917]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:11:56+08:00 AotokiNAS synoscimprofile[6906]: SYSTEM:      Last message '../..//include/conve' repeated 14 times, suppressed by syslog-ng on AotokiNAS
2021-09-30T21:11:56+08:00 AotokiNAS synoscgi_SYNO.API.Auth_3_login[29275]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:11:59+08:00 AotokiNAS synoscgi_SYNO.API.Auth_3_login[29271]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:15:29+08:00 AotokiNAS synoscgi_SYNO.API.Auth_3_login[1150]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:15:30+08:00 AotokiNAS synoscgi_SYNO.API.Auth_3_login[1289]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:17:19+08:00 AotokiNAS synoscgi_SYNO.API.Auth_3_login[3148]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:17:23+08:00 AotokiNAS synoscgi_SYNO.API.Auth_3_login[3145]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:20:58+08:00 AotokiNAS synoscimprofile[8199]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:20:58+08:00 AotokiNAS synoscimprofile[8199]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:20:58+08:00 AotokiNAS synoscimprofile[8199]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:21:52+08:00 AotokiNAS synoscimprofile[6906]: SYSTEM:      Last message '../..//include/conve' repeated 22 times, suppressed by syslog-ng on AotokiNAS
2021-09-30T21:21:51+08:00 AotokiNAS synoscimprofile[10010]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:21:51+08:00 AotokiNAS synoscimprofile[10010]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:21:51+08:00 AotokiNAS synoscimprofile[10010]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:22:19+08:00 AotokiNAS synoscimprofile[6906]: SYSTEM:      Last message '../..//include/conve' repeated 14 times, suppressed by syslog-ng on AotokiNAS
2021-09-30T21:22:18+08:00 AotokiNAS synoscgi_SYNO.API.Auth_7_login[10808]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:22:29+08:00 AotokiNAS synoscgi_SYNO.API.Auth_6_reset[11052]: pam_unix(webui:account): expired password for user k8s (root enforced)
2021-09-30T21:31:41+08:00 AotokiNAS synoscimprofile[22591]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:31:41+08:00 AotokiNAS synoscimprofile[22591]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]
2021-09-30T21:31:41+08:00 AotokiNAS synoscimprofile[22591]: ../..//include/converter/../dao/BaseDao.h:21 ERROR: setresuid(-1, 0, -1) [Operation not permitted]

I am not sure the expired password for user k8s is related to change the password or not, but after I change it the CSI still get 402 error.

from synology-csi.

chihyuwu avatar chihyuwu commented on August 30, 2024

Yes, expired password for user k8s means you have to change the password after you created it.

Try to sign out of admin account, use "k8s" itself as username to login DSM and change the password, instead of changing it by admin.
After following the guide to change the password, make sure the status of user "k8s" turned from "Password change required" to "Normal". (Control Panel > User & Group > User)
Then use the new password in client-info.yml to reinstall the CSI again.

from synology-csi.

elct9620 avatar elct9620 commented on August 30, 2024

@chihyuwu After fixed the expired password, I still get errors and cannot create any persistent volume.

from synology-csi.

chihyuwu avatar chihyuwu commented on August 30, 2024

Hi,

  1. Did you reinstalled the CSI?
  2. Could you provide the error logs from CSI?

from synology-csi.

elct9620 avatar elct9620 commented on August 30, 2024

Yeah, I always create a new K8S cluster via K0S and install a new CSI on it.
The errors are the same as I provided, the only difference is the status code.

I will create a new one and test it again and provided the logs.

from synology-csi.

elct9620 avatar elct9620 commented on August 30, 2024

@chihyuwu

I find the error is caused by my security config to force enable 2FA for all admin users.
After I disable it the PVC is correctly created.

from synology-csi.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.