- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我需要能够通过 Ansible 剧本在我的容器内执行一些 shell 脚本。 Ansible play 在我的集群中的另一个容器中运行。集群在 RedHat OpenShift 4.3 中。
我正在使用 community.kubernetes 中的 k8s_exec 来执行此操作:
- name: k8s_exec Execute {{ script }} {{ script_args }} command in pod {{ the_pod }}
k8s_exec:
namespace: "{{ meta.name }}"
pod: "{{ the_pod }}"
command: "{{ script }} {{ script_args }}"
register: call_result
when: the_pod is defined
- name: The result of running {{ script }} {{ script_args }} in {{ the_pod }}
debug:
var: call_result
但我得到以下信息:
--------------------------- Ansible Task StdOut -------------------------------
TASK [The result of running /elm/server/containerState.sh setup in ibmjazz-jts-854b4dd7bc-ptdgw] ********************************
[0;32mok: [localhost] => { [0m
[0;32m "call_result": { [0m
[0;32m "changed": false, [0m
[0;32m "exception": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 254, in websocket_call\n client = WSClient(configuration, get_websocket_url(url), headers)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 77, in __init__\n self.sock.connect(url, header=header)\n File \"/usr/local/lib/python3.6/site-packages/websocket/_core.py\", line 226, in connect\n self.handshake_response = handshake(self.sock, *addrs, **options)\n File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 80, in handshake\n status, resp = _get_resp_headers(sock)\n File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 165, in _get_resp_headers\n raise WebSocketBadStatusException(\"Handshake status %d %s\", status, status_message, resp_headers)\nwebsocket._exceptions.WebSocketBadStatusException: Handshake status 403 Forbidden\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 102, in <module>\n _ansiballz_main()\n File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.community.kubernetes.plugins.modules.k8s_exec', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 148, in <module>\n File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 135, in main\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 36, in stream\n return func(*args, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 835, in connect_get_namespaced_pod_exec\n (data) = self.connect_get_namespaced_pod_exec_with_http_info(name, namespace, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 935, in connect_get_namespaced_pod_exec_with_http_info\n collection_formats=collection_formats)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 344, in call_api\n _return_http_data_only, collection_formats, _preload_content, _request_timeout)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 178, in __call_api\n _request_timeout=_request_timeout)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 31, in _intercept_request_call\n return ws_client.websocket_call(config, *args, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 260, in websocket_call\n raise ApiException(status=0, reason=str(e))\nkubernetes.client.rest.ApiException: (0)\nReason: Handshake status 403 Forbidden\n\n", [0m
[0;32m "failed": true, [0m
[0;32m "module_stderr": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 254, in websocket_call\n client = WSClient(configuration, get_websocket_url(url), headers)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 77, in __init__\n self.sock.connect(url, header=header)\n File \"/usr/local/lib/python3.6/site-packages/websocket/_core.py\", line 226, in connect\n self.handshake_response = handshake(self.sock, *addrs, **options)\n File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 80, in handshake\n status, resp = _get_resp_headers(sock)\n File \"/usr/local/lib/python3.6/site-packages/websocket/_handshake.py\", line 165, in _get_resp_headers\n raise WebSocketBadStatusException(\"Handshake status %d %s\", status, status_message, resp_headers)\nwebsocket._exceptions.WebSocketBadStatusException: Handshake status 403 Forbidden\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 102, in <module>\n _ansiballz_main()\n File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 94, in _ansiballz_main\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\n File \"/opt/ansible/.ansible/tmp/ansible-tmp-1591037058.988166-154830146809790/AnsiballZ_k8s_exec.py\", line 40, in invoke_module\n runpy.run_module(mod_name='ansible_collections.community.kubernetes.plugins.modules.k8s_exec', init_globals=None, run_name='__main__', alter_sys=True)\n File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module\n return _run_module_code(code, init_globals, run_name, mod_spec)\n File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\n mod_name, mod_spec, pkg_name, script_name)\n File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code\n exec(code, run_globals)\n File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 148, in <module>\n File \"/tmp/ansible_k8s_exec_payload_0wco0o8m/ansible_k8s_exec_payload.zip/ansible_collections/community/kubernetes/plugins/modules/k8s_exec.py\", line 135, in main\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 36, in stream\n return func(*args, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 835, in connect_get_namespaced_pod_exec\n (data) = self.connect_get_namespaced_pod_exec_with_http_info(name, namespace, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/apis/core_v1_api.py\", line 935, in connect_get_namespaced_pod_exec_with_http_info\n collection_formats=collection_formats)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 344, in call_api\n _return_http_data_only, collection_formats, _preload_content, _request_timeout)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/client/api_client.py\", line 178, in __call_api\n _request_timeout=_request_timeout)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/stream.py\", line 31, in _intercept_request_call\n return ws_client.websocket_call(config, *args, **kwargs)\n File \"/usr/local/lib/python3.6/site-packages/kubernetes/stream/ws_client.py\", line 260, in websocket_call\n raise ApiException(status=0, reason=str(e))\nkubernetes.client.rest.ApiException: (0)\nReason: Handshake status 403 Forbidden\n\n", [0m
[0;32m "module_stdout": "", [0m
[0;32m "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", [0m
[0;32m "rc": 1 [0m
[0;32m } [0m
[0;32m} [0m
[0;32m [
该角色拥有 pods/exec 的所有正确权限(动词:创建、获取)。我添加了第二个明确的 apiGroups 权限 block ;最初它只是第一个。不过没有任何区别。
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: my-operator
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
- pods/exec
- pods/log
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
我错过了什么?
提前致谢
亚历克斯
最佳答案
我发现了问题,{{ meta.name }}
的值有错字。
关于kubernetes - 从 Ansible 剧本运行 k8s_exec 导致握手状态 403 Forbidden 错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62160435/
我一直收到这个“禁止您无权访问此服务器上的/。此外,在尝试使用 ErrorDocument 处理请求时遇到 403 禁止错误。”当尝试访问我的网站时,错误仍然存在,但没有安装 WordPress
我对Kibana创建的“新用户”有问题(使用用户“ flex ”)。这是我做的顺序。 我正在使用ELK for 7.5.1版本 首先,我通过添加elasticsearch.yml 来启用xpack.s
我只是在Elasticsearch 7.1.0中设置了xpack 如下在elasticsearch.yml中: xpack.security.enabled: true discovery.type:
我刚刚在新安装的 ES 堆栈上设置了身份验证。 我跟着: https://www.elastic.co/guide/en/elastic-stack-overview/current/get-star
我尝试在我的 Spring Boot 应用程序上配置 OpenFeign,我使用 pokeapi 进行测试。 我编写了这段代码: @FeignClient(value = "pokeapi", url
我正在使用strapi,我在调用api时收到错误403 Forbidden,例如http://localhost:1337/data 我已经调用了所有的 API,结果是相同的 403 错误 我也用 p
当我尝试将图片上传到“汽车”对象时,我被拒绝访问 S3。但是自从我添加了 S3 以来,assets 文件夹中的站点图像显示得很好。我得到的具体错误是这样的: 2015-02-17T14:40:48.4
当我尝试在管理员授权后添加新帖子时看到此响应。 我有基于 Spring Boot 安全性的基本授权: @Configuration @EnableWebSecurity public class Se
我有一个响应式(Reactive)(Spring WebFlux)Web 应用程序,其中很少有 protected 资源的 REST API。(Oauth2)。要手动访问它们,我需要获取具有客户端凭据
可以看到的错误是 client.GetKeyStats 函数返回的 403 Forbidden。 基于源代码无需认证。 源代码:https://github.com/timpalpant/go-iex
堆栈跟踪 Exception in thread "main" com.amazonaws.services.s3.model.AmazonS3Exception: Forbidden (Servic
几天前,当我尝试将文件推送到我的 S3Bucket 时收到此异常。更早的一切似乎都能正常工作,我确信我这边没有代码更改。 com.amazonaws.services.s3.model.AmazonS
当用户尝试访问他们无权访问的资源时,我的服务器会返回 403 禁止错误。除了 header 之外,服务器还会写入一条描述错误的小消息。 在 Firefox 中,错误消息显示得很好,用户知道发生了什么。
我支持一个 java 应用程序,它有一个搜索栏,可以匹配关键字并从缓存中获取结果。 该应用程序在 Tomcat 中运行,并且还有一个 Apache Web 服务器。 搜索 aaa' 时出现问题,特殊字
我正在将网站从一台托管服务器移动到另一台托管服务器。我已经上传了文件。我正在使用表单例份验证。基本上,我要搬到 GoDaddy。 我可以直接访问登录表单:www.mysite.com/login.as
我创建了一个 Azure KeyVault,我希望我的应用服务能够访问它。据我所知,我的 App Service 的主体应该有权访问 KeyVault,但在尝试从中检索时,我总是收到以下错误。无论我是
我尝试通过应用上的 URLRequest 将 multipart/form-data 发送到 Cloud Functions for Firebase。为了测试我的云函数和应用程序是否已连接,我创建了
这是后端 SiteController.php 访问规则。当我浏览此 url site.com/backend/web/site/login 时。它显示禁止 (#403)。 return [
使用 java 访问 Google PubSub、Dataflow 和 BigQuery 的 Spring boot 应用程序。该应用程序是使用 maven 构建的,并将 jar 文件复制到 Goog
我在 Kubernetes* 的仪表板站点上到处都是“被禁止”(见图) 重现: 通过站点创建 Google Kubernetes 集群,而不是通过 shell。 选择 Kubernetes 版本 1.
我是一名优秀的程序员,十分优秀!