smengcl edited a comment on pull request #10: URL: https://github.com/apache/ozone-docker-runner/pull/10#issuecomment-1030642660
The root cause for issue (2) is that centos 8.4's `openssh-server-8.0p1-10.el8.x86_64` package installed by ozone repo's `compose/ozonscripts/Dockerfile` has `pam_nologin.so` listed as required in `/etc/pam.d/sshd`: ```bash [root@d6aa10d75824 /]# cat /etc/pam.d/sshd #%PAM-1.0 auth substack password-auth auth include postlogin account required pam_sepermit.so account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open env_params session required pam_namespace.so session optional pam_keyinit.so force revoke session optional pam_motd.so session include password-auth session include postlogin [root@d6aa10d75824 /]# rpm -q --whatprovides /etc/pam.d/sshd openssh-server-8.0p1-10.el8.x86_64 ``` Therefore, when `/opt/hadoop/sbin/start-ozone.sh` script starts to ssh (as non-root user) into other containers, the ssh server in other containers checks the existence of `/run/nologin`, which should have been removed by some systemd service startup but it hasn't, and eventually rejects ssh login. The solution is to add a line in Ozone repo's `compose/ozonscripts/Dockerfile` to either: 1) Remove `/run/nologin`; or 2) Remote the line `account required pam_nologin.so` from `/etc/pam.d/sshd` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@ozone.apache.org For additional commands, e-mail: issues-h...@ozone.apache.org