SUSE Edge Image Builder 介紹與實作

# SUSE Edge Image Builder 介紹與實作 <style> .indent-title-1{ margin-left: 1em; } .indent-title-2{ margin-left: 2em; } .indent-title-3{ margin-left: 3em; } </style> ## Preface <div class="indent-title-1"> 本篇文章會主要會介紹與實作 SUSE Edge Image Builder 是什麼，有哪些功能...等可以透過點擊以下目錄，選擇想看的內容，跳轉至特定章節 :::warning :::spoiler {state="open"} 目錄 [TOC] ::: </div> ## 甚麼是 Edge Image Builder (EIB)? SUSE Edge 是專為解決在 edge 部署 infrastructure (基礎架構) 和 cloud-native applications (雲原生應用程式) 的獨特挑戰，而設計、緊密整合且經過全面驗證的端對端解決方案。它的重點目標在於提供一個高度彈性、可擴充性高且安全的平台，涵蓋 : 1. initial deployment image building (生成 Customized, Ready-to-Boot (CRB) disk images) * 好處是即使是在完全封閉的網路的情況下，也能啟動機器。 * 實際到環境艱困(高溫、高海拔...等)的案場部屬機器的工程師不需擁有很深厚的技術底子。 * 省去技術人員現場巡視的需要，但同時也要力求一致性和標準化。 3. node provisioning and onboarding (節點佈建與上架) 4. application deployment, observability, and complete lifecycle operations (應用程式部署、可觀測性以及完整生命週期作業)。 EIB 可以供所有三種 SUSE Edge 最小的自訂功能，例如 : * 預先在 disk image 中設定使用者、網路或時區...等，全面的設定。 * 預先設定多節點的 Kubernetes 叢集、部署客戶的 workloads (an application running on Kubernetes)。 * 透過 Rancher/Elemental 和 SUSE Manager 註冊至集中管理平台。 # 建立 Customized, Ready-to-Boot Disk Images EIB（Image Builder）設計是用於在 Container 中運行的。因此，需要某種形式的 container build tool 和 runtime 環境，例如 **Podman**。 ## 0. 實作目標 OS 在第一次開機後自動安裝和設定好 SL Micro 6.0 + RKE2 v1.31.3 (ALL in One) + Rancher Prime v2.10.1，讓你阿公拿到隨身碟後也會裝。 ## 1. 要使用 EIB 建立 CRB Disk Image，需要三樣東西： 1. 用於作為建立 CRB Disk Image 的 SLE Micro ISO 檔 2. 描述要建立 CRB Disk Image 檔的定義檔 3. 一個包含基礎 SLE Micro ISO 檔的目錄，該目錄還應包含將被納入已建立映像檔中的其他自定義檔案 4. 對於需要 RPM resolution 的 image，要建立它至少需要 4GB RAM（建議 8GB） ## 2. 先決條件 1. 一台 x86_64 實體主機或虛擬主機，作業系統是 SLES 15 SP6, openSUSE Leap 15.6 或 openSUSE Tumbleweed 2. 在建立 EIB image 之前，請確定您的系統上已安裝 `gpgme`、`device-mapper` 和 `libbtrfs` 的開發標頭和函式庫： ```! $ sudo zypper install -y gpgme-devel device-mapper-devel libbtrfs-devel ``` 2. An available container runtime (e.g. Podman) 3. SLE Micro 6.0 SelfInstall ISO 映像的下載點，可在[此](https://www.suse.com/download/sle-micro/)找到 > 實際驗下來，用 SLE Micro 5.5 去裝，會遇到 OS 在開機的時候會無法按照我們自定義的網路來設定，只會變成 DHCP，並跳出以下錯誤訊息 : > ``` > Nov 01 15:35:08 localhost systemd[1]: Condition check resulted in Start network if needed being skipped. > Nov 01 15:35:13 localhost systemd[1]: dev-combustion-config.device: Job dev-combustion-config.device/start timed out. > Nov 01 15:35:13 localhost systemd[1]: Timed out waiting for device /dev/combustion/config. > Nov 01 15:35:13 localhost systemd[1]: dev-combustion-config.device: Job dev-combustion-config.device/start failed with result 'timeout'. > Nov 01 15:35:13 localhost systemd[1]: Starting Combustion (preparations)... > Nov 01 15:35:13 localhost kernel: ISO 9660 Extensions: RRIP_1991A > Nov 01 15:35:13 localhost systemd[1]: run-combustion-mount.mount: Deactivated successfully. > Nov 01 15:35:13 localhost combustion[643]: ./nmc: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by ./nmc) > Nov 01 15:35:13 localhost combustion[643]: ./nmc: /lib64/libc.so.6: version `GLIBC_2.33' not found (required by ./nmc) > Nov 01 15:35:13 localhost combustion[643]: ./nmc: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by ./nmc) > ``` > 另外，`eib-embedded-registry.service` 也會噴類似的錯誤訊息，還是乖乖用 SL Micro 6.0 的 ISO 來做吧 ## 3. 下載 EIB Container Image ```! $ sudo podman pull registry.suse.com/edge/3.2/edge-image-builder:1.1.0 ``` ## 4. 建立 CRB Disk Image 設定目錄由於 EIB 在 Container 內運行，我們需要從主機掛載一個設定目錄，以便可以指定所需的設定，並且在構建過程中 EIB 可以訪問所需的設定文件和 supporting artifacts。此目錄必須遵循特定的結構，我們假設這個目錄位於您的主目錄中，並命名為 `eib`，讓我們來創建它： ```! $ export CONFIG_DIR=$HOME/eib && \ mkdir -p $CONFIG_DIR/base-images ``` 在前一步中，我們創建了一個 `base-images` 目錄，用來存放 SL Micro 6.0 的 input ISO，現在我們要確保已下載的 ISO 被複製到設定目錄中： ```! $ cp /path/to/downloads/SL-Micro.x86_64-6.0-Default-SelfInstall-GM2.install.iso $CONFIG_DIR/base-images/slemicro.iso ``` 在 EIB 執行期間，原始的基本映像不會被修改；新的自訂版本會在 EIB config 目錄的根目錄中，以所需的組態建立。此時的設定目錄應該如下所示： ``` $ tree $CONFIG_DIR /home/rancher/eib └── base-images 1 directory, 0 files ``` ## 5. 建立描述 CRB Disk Image 的定義檔 ### 5.1. 設定 Operating System 完整欄位說明，請參考此[連結](https://github.com/suse-edge/edge-image-builder/blob/main/docs/building-images.md#operating-system) #### 5.1.1. 設定 OS Users 使用 OpenSSL 建立單向加密密碼： ``` $ openssl passwd -6 rancher ``` 執行結果應與以下類似 : ``` $6$C7vQ3j959WZ68/N3$torcva.LV2/O9LiwNGHHDNG0Ia0Wsd8UktcePEUAvqKV.tgtaNYYoOp5vnCFaCdaptzMtsGnxI4tKiKA035Bg/ ``` #### 5.1.2. 編輯定義檔 ```! $ cat << 'EOF' > $CONFIG_DIR/iso-definition.yaml apiVersion: 1.1 image: imageType: iso arch: x86_64 baseImage: slemicro.iso outputImageName: eib-image.iso operatingSystem: isoConfiguration: installDevice: /dev/sda time: timezone: Asia/Taipei ntp: forceWait: true servers: - time.google.com keymap: tw users: - username: root encryptedPassword: $6$C7vQ3j959WZ68/N3$torcva.LV2/O9LiwNGHHDNG0Ia0Wsd8UktcePEUAvqKV.tgtaNYYoOp5vnCFaCdaptzMtsGnxI4tKiKA035Bg/ - username: rancher uid: 1000 encryptedPassword: $6$C7vQ3j959WZ68/N3$torcva.LV2/O9LiwNGHHDNG0Ia0Wsd8UktcePEUAvqKV.tgtaNYYoOp5vnCFaCdaptzMtsGnxI4tKiKA035Bg/ sshKeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCX4Vytl/3CYePyJKt3Qdxj1TnKzhEcP7t5Da/wJRnIFco+mD5mUmfErmm9huLUdrKurp9NxHLszakjuqUjGv5TZUnMDQCFPORrw7KSpWvIL8jIRUgsjHpz2YMntcOmX4qQn3APgMZ685gIc/NKO1aI8XYNSCdCbTHjvC0DX+4IjGKzYmPdgxdOX7Qrun8VuCj38o6Qzp3nLf843IhhfEo9+1+0eJ1+Mr8SLhzqkzEpsL8OilOKr3Tu+cdehZjNhwMyj1VQ5AzLjj+f6nfb9LGu1i8tlTXO+QwRv4FDK/vFyCPc2kluYxO7wHlZswusAUz+WOpMB/bPc0WFt5xkO/FLvajp+ySxsEBacYPe1Us7n0L3JxrFTEnevfRgV+WDA26kh/wkRz3rmTD8U9GwKos3AygHC+wOhIxGyA27aGlTtNU2+EjnwiI5cyq3WEn6AOaYiWTTqxJz3QlzXM1pKyL2+YRSue2cnIGK13aEU770cWdlPLtmTJC26W8CF8D+4a0= antony@WIN-0V12RTGNMRF createHomeDir: true primaryGroup: users secondaryGroups: - rancher groups: - name: users gid: 1000 - name: rancher gid: 1001 systemd: disable: - transactional-update.timer - rebootmgr enable: - cockpit.socket EOF ``` ### 5.2. 設定 Kubernetes cluster 和 Rancher #### 5.2.1. 編輯 RKE2 叢集設定檔 ``` $ mkdir -p $CONFIG_DIR/kubernetes/config && \ cat << EOF > $CONFIG_DIR/kubernetes/config/server.yaml write-kubeconfig-mode: "0644" tls-san: - "antony-rancher.example.com" node-label: - "app=rancher" node-name: - "admin-rancher" token: my-shared-secret cluster-cidr: 10.244.0.0/16 service-cidr: 10.96.0.0/16 egress-selector-mode: disabled kubelet-arg: - "container-log-max-files=3" - "container-log-max-size=10Mi" kube-controller-manager-arg: - "node-cidr-mask-size=25" etcd-extra-env: TZ=Asia/Taipei kube-apiserver-extra-env: TZ=Asia/Taipei kube-controller-manager-extra-env: TZ=Asia/Taipei kube-proxy-extra-env: TZ=Asia/Taipei kube-scheduler-extra-env: TZ=Asia/Taipei cloud-controller-manager-extra-env: TZ=Asia/Taipei disable-cloud-controller: true disable-kube-proxy: true disable: - rke2-canal - rke2-kube-proxy cni: - "multus" - "cilium" selinux: true EOF ``` #### 5.2.2. 編輯定義檔 ```! $ cat << 'EOF' >> $CONFIG_DIR/iso-definition.yaml kubernetes: version: v1.31.3+rke2r1 network: apiVIP: 192.168.11.10 manifests: urls: - https://github.com/cert-manager/cert-manager/releases/download/v1.16.2/cert-manager.yaml - http://192.168.11.11:8080/config/rancher-namespace.yaml - http://192.168.11.11:8080/config/rke2-cilium-config.yaml - http://192.168.11.11:8080/config/rke2-coredns-config.yaml - http://192.168.11.11:8080/config/rke2-ingress-nginx-config.yaml helm: charts: - name: rancher version: 2.10.1 repositoryName: rancher-prime valuesFile: rancher-values.yaml targetNamespace: cattle-system createNamespace: true installationNamespace: cattle-system repositories: - name: rancher-prime url: https://charts.rancher.com/server-charts/prime embeddedArtifactRegistry: images: - name: registry.rancher.com/rancher/backup-restore-operator:v6.0.0 - name: registry.rancher.com/rancher/calico-cni:v3.29.0-rancher1 - name: registry.rancher.com/rancher/cis-operator:v1.3.4 - name: registry.rancher.com/rancher/flannel-cni:v1.4.1-rancher1 - name: registry.rancher.com/rancher/fleet-agent:v0.11.2 - name: registry.rancher.com/rancher/fleet:v0.11.2 - name: registry.rancher.com/rancher/hardened-addon-resizer:1.8.20-build20241001 - name: registry.rancher.com/rancher/hardened-calico:v3.29.0-build20241104 - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.8.11-build20241014 - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.6.0-build20241022 - name: registry.rancher.com/rancher/hardened-coredns:v1.11.3-build20241018 - name: registry.rancher.com/rancher/hardened-dns-node-cache:1.23.1-build20241008 - name: registry.rancher.com/rancher/hardened-etcd:v3.5.16-k3s1-build20241106 - name: registry.rancher.com/rancher/hardened-flannel:v0.26.1-build20241107 - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.7.1-build20241008 - name: registry.rancher.com/rancher/hardened-kubernetes:v1.31.3-rke2r1-build20241121 - name: registry.rancher.com/rancher/hardened-multus-cni:v4.1.3-build20241028 - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.6-build20240822 - name: registry.rancher.com/rancher/hardened-whereabouts:v0.8.0-build20241011 - name: registry.rancher.com/rancher/helm-project-operator:v0.2.1 - name: registry.rancher.com/rancher/k3s-upgrade:v1.31.3-k3s1 - name: registry.rancher.com/rancher/klipper-helm:v0.9.3-build20241008 - name: registry.rancher.com/rancher/klipper-lb:v0.4.9 - name: registry.rancher.com/rancher/kube-api-auth:v0.2.3 - name: registry.rancher.com/rancher/kubectl:v1.31.1 - name: registry.rancher.com/rancher/local-path-provisioner:v0.0.30 - name: registry.rancher.com/rancher/machine:v0.15.0-rancher124 - name: registry.rancher.com/rancher/mirrored-cluster-api-controller:v1.8.3 - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.10.5-hardened4 - name: registry.rancher.com/rancher/prometheus-federator:v0.4.3 - name: registry.rancher.com/rancher/pushprox-client:v0.1.4-rancher2-client - name: registry.rancher.com/rancher/pushprox-proxy:v0.1.4-rancher2-proxy - name: registry.rancher.com/rancher/rancher-agent:v2.10.1 - name: registry.rancher.com/rancher/rancher-csp-adapter:v5.0.1 - name: registry.rancher.com/rancher/rancher-webhook:v0.6.2 - name: registry.rancher.com/rancher/rancher:v2.10.1 - name: registry.rancher.com/rancher/rke-tools:v0.1.105 - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.31.0-build20240910 - name: registry.rancher.com/rancher/rke2-runtime:v1.31.3-rke2r1 - name: registry.rancher.com/rancher/rke2-upgrade:v1.31.3-rke2r1 - name: registry.rancher.com/rancher/security-scan:v0.5.2 - name: registry.rancher.com/rancher/shell:v0.3.0 - name: registry.rancher.com/rancher/system-agent-installer-k3s:v1.31.3-k3s1 - name: registry.rancher.com/rancher/system-agent-installer-rke2:v1.31.3-rke2r1 - name: registry.rancher.com/rancher/system-agent:v0.3.11-suc - name: registry.rancher.com/rancher/system-upgrade-controller:v0.14.2 - name: registry.rancher.com/rancher/ui-plugin-catalog:3.2.0 EOF ``` #### 5.2.3. 建立 Rancher Helm values 檔: ``` $ mkdir -p $CONFIG_DIR/kubernetes/helm/values/ && \ cat << EOF > $CONFIG_DIR/kubernetes/helm/values/rancher-values.yaml hostname: antony-rancher.example.com replicas: 1 bootstrapPassword: "rancheradmin" systemDefaultRegistry: registry.rancher.com useBundledSystemChart: true EOF ``` #### 5.2.4. 設定 rancher namespace: ``` $ mkdir -p ~/config/ && \ cat << EOF > ~/config/rancher-namespace.yaml apiVersion: v1 kind: Namespace metadata: name: cattle-system EOF ``` #### 5.2.4. 設定 rke2-nginx controller: ``` $ mkdir -p ~/config/ && \ cat << EOF > ~/config/rke2-ingress-nginx-config.yaml apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-ingress-nginx namespace: kube-system spec: valuesContent: |- controller: enableAnnotationValidations: "true" ingressClassResource: default: "true" EOF ``` #### 5.2.5. 設定 cilium: ``` $ mkdir -p ~/config/ && \ cat << EOF > ~/config/rke2-cilium-config.yaml --- apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-cilium namespace: kube-system spec: valuesContent: |- operator: replicas: 1 podAnnotations: container.apparmor.security.beta.kubernetes.io/cilium-agent: "unconfined" container.apparmor.security.beta.kubernetes.io/clean-cilium-state: "unconfined" container.apparmor.security.beta.kubernetes.io/mount-cgroup: "unconfined" container.apparmor.security.beta.kubernetes.io/apply-sysctl-overwrites: "unconfined" kubeProxyReplacement: "true" k8sServiceHost: 127.0.0.1 k8sServicePort: 6443 EOF ``` #### 5.2.6. 設定 CoreDNS: 在 CoreDNS 中新增 Rancher A Record ``` $ mkdir -p ~/config/ && \ cat << EOF > ~/config/rke2-coredns-config.yaml apiVersion: helm.cattle.io/v1 kind: HelmChartConfig metadata: name: rke2-coredns namespace: kube-system spec: valuesContent: |- servers: - zones: - zone: . port: 53 # If serviceType is nodePort you can specify nodePort here # nodePort: 30053 # hostPort: 53 plugins: - name: errors # Serves a /health endpoint on :8080, required for livenessProbe - name: health configBlock: |- lameduck 5s # Serves a /ready endpoint on :8181, required for readinessProbe - name: ready # Required to query kubernetes API for data - name: kubernetes parameters: cluster.local in-addr.arpa ip6.arpa configBlock: |- pods insecure fallthrough in-addr.arpa ip6.arpa ttl 30 # Serves a /metrics endpoint on :9153, required for serviceMonitor - name: prometheus parameters: 0.0.0.0:9153 - name: forward parameters: . /etc/resolv.conf - name: cache parameters: 30 - name: loop - name: reload - name: loadbalance - name: hosts configBlock: |- 192.168.11.12 antony-rancher.example.com fallthrough EOF ``` #### 5.2.7. 建立 Web Service ```bash! $ sudo podman run -d -p 8080:80 \ --name web \ -v $HOME/config:/usr/share/nginx/html/config \ -v $HOME/eib:/usr/share/nginx/html/eib/ \ docker.io/library/nginx:stable ``` ## 6. 設定網路 ``` $ mkdir -p $CONFIG_DIR/network/ && \ cat << EOF > $CONFIG_DIR/network/admin-rancher.yaml interfaces: - name: eth0 type: ethernet state: up mac-address: 00:50:56:2A:50:DA ipv4: address: - ip: 192.168.11.12 prefix-length: 24 enabled: true ipv6: dhcp: true enabled: true routes: config: - destination: 0.0.0.0/0 next-hop-interface: eth0 next-hop-address: 192.168.11.254 dns-resolver: config: server: - 192.168.11.11 EOF ``` > VM 的 MAC Address 要先確定。最後的目錄結構 : ``` $ tree $CONFIG_DIR ~/config /home/rancher/eib ├── base-images │ └── slemicro.iso ├── iso-definition.yaml ├── kubernetes │ ├── config │ │ └── server.yaml │ └── helm │ └── values │ └── rancher-values.yaml └── network └── admin-rancher.yaml /home/rancher/config ├── rancher-namespace.yaml ├── rke2-cilium-config.yaml ├── rke2-coredns-config.yaml └── rke2-ingress-nginx-config.yaml 8 directories, 11 files ``` ## 7. Building the CRB Disk Image 現在我們已經有了 base iso image 和 image definition 供 EIB 使用，讓我們繼續建立 ISO。為此，我們只需使用 podman 以「建立」指令呼叫 EIB container，並指定定義檔案： ``` $ sudo podman run --rm -it --privileged \ -v $CONFIG_DIR:/eib \ registry.suse.com/edge/3.2/edge-image-builder:1.1.0 \ build --definition-file iso-definition.yaml ``` 執行結果 : ``` Setting up Podman API listener... Downloading file: dl-manifest-1.yaml 100% |████████████████████████████| (948/948 kB, 3.6 MB/s) Pulling selected Helm charts... 100% |███████████████████████████████████████| (4/4, 29 it/min) Generating image customization components... Identifier ................... [SUCCESS] Custom Files ................. [SKIPPED] Time ......................... [SUCCESS] Network ...................... [SUCCESS] Groups ....................... [SUCCESS] Users ........................ [SUCCESS] Proxy ........................ [SKIPPED] WARNING: Running EIB with disabled GPG validation is intended for development purposes only Resolving package dependencies... Rpm .......................... [SUCCESS] Os Files ..................... [SKIPPED] Systemd ...................... [SUCCESS] Fips ......................... [SKIPPED] Elemental .................... [SKIPPED] Suma ......................... [SKIPPED] Populating Embedded Artifact Registry... 100% |█████████████████████████| (54/54, 14 it/min) Embedded Artifact Registry ... [SUCCESS] Keymap ....................... [SUCCESS] Configuring Kubernetes component... The Kubernetes CNI is not explicitly set, defaulting to 'cilium'. Downloading file: rke2_installer.sh Downloading file: rke2-images-core.linux-amd64.tar.zst 100% |████████| (639/639 MB, 9.4 MB/s) Downloading file: rke2-images-cilium.linux-amd64.tar.zst 100% |██████| (397/397 MB, 6.5 MB/s) Downloading file: rke2.linux-amd64.tar.gz 100% |██████████████████████████| (35/35 MB, 51 MB/s) Downloading file: sha256sum-amd64.txt 100% |███████████████████████████| (4.3/4.3 kB, 962 kB/s) Kubernetes ................... [SUCCESS] Certificates ................. [SKIPPED] Cleanup ...................... [SKIPPED] Building ISO image... Kernel Params ................ [SKIPPED] Build complete, the image can be found at: eib-image.iso ``` 檢視以客製化後的 ISO ``` $ ls -lh eib/eib-image.iso ``` 結果如下 : ``` -rw-r--r--. 1 root root 6.7G Nov 1 15:54 eib/eib-image.iso ``` > 大小約將近 7 Gb ## 8. 設定 VM 透過 CRB Disk Image 開機以下使用 Proxmox 8.3.2 虛擬化平台作範例 : 1. 確認 MAC Address 與前面步驟 6 設定的時候一樣 ![image](https://hackmd.io/_uploads/BkaAj-zZJe.png) 2. 確認透過 ISO 開機 ![image](https://hackmd.io/_uploads/SySB2Zzb1e.png) 3. 將 VM 開機 ![image](https://hackmd.io/_uploads/rytY2bMZyx.png) 4. SSH 連進去檢查 ``` $ ssh rancher@192.168.11.12 ``` 5. 設定 kubeconfig ``` $ sudo cp /var/lib/rancher/rke2/bin/* /usr/local/bin/ && \ sudo cp /opt/rke2/bin/* /usr/local/bin/ && \ mkdir -p $HOME/.kube && \ sudo cp /etc/rancher/rke2/rke2.yaml $HOME/.kube/config && \ sudo chown $(id -u):$(id -g) $HOME/.kube/config && \ sudo /usr/local/bin/crictl config \ --set runtime-endpoint=unix:///run/k3s/containerd/containerd.sock ``` 6. 檢查 K8s node 狀態 ``` $ kubectl get nodes ``` 執行結果 : ``` NAME STATUS ROLES AGE VERSION admin-rancher Ready control-plane,etcd,master 41s v1.31.3+rke2r1 ``` 7. 檢查 K8s 叢集中所有 pod 的狀態 ``` $ kubectl get pods -A ``` 執行結果 : ``` NAMESPACE NAME READY STATUS RESTARTS AGE cattle-system helm-install-rancher-7nk5s 0/1 Completed 1 86s cattle-system rancher-99d599967-m88zq 0/1 Terminating 0 52s cattle-system rancher-99d599967-t9gl2 1/1 Running 0 33s cert-manager cert-manager-74b56b6655-fdghl 1/1 Running 0 87s cert-manager cert-manager-cainjector-55d94dc4cc-9g72h 1/1 Running 0 87s cert-manager cert-manager-webhook-564f647c66-v7cgz 1/1 Running 0 87s endpoint-copier-operator endpoint-copier-operator-6b89f6b796-7n7rf 1/1 Running 0 48s endpoint-copier-operator endpoint-copier-operator-6b89f6b796-pdztw 1/1 Running 0 48s kube-system cilium-dlq46 1/1 Running 0 69s kube-system cilium-operator-567b49cc89-q9glr 1/1 Running 0 69s kube-system etcd-admin-rancher 1/1 Running 0 64s kube-system helm-install-endpoint-copier-operator-t2k6v 0/1 Completed 0 87s kube-system helm-install-metallb-6pv84 0/1 Completed 0 87s kube-system helm-install-rke2-cilium-c44q6 0/1 Completed 0 87s kube-system helm-install-rke2-coredns-9hpnp 0/1 Completed 0 87s kube-system helm-install-rke2-ingress-nginx-5pbtm 0/1 Completed 0 86s kube-system helm-install-rke2-metrics-server-j27rh 0/1 Completed 0 84s kube-system helm-install-rke2-multus-4mpcl 0/1 Completed 0 84s kube-system helm-install-rke2-snapshot-controller-42xpb 0/1 Completed 0 83s kube-system helm-install-rke2-snapshot-controller-crd-lm2r8 0/1 Completed 0 83s kube-system helm-install-rke2-snapshot-validation-webhook-jw9w4 0/1 Completed 0 83s kube-system kube-apiserver-admin-rancher 1/1 Running 0 77s kube-system kube-controller-manager-admin-rancher 1/1 Running 0 82s kube-system kube-scheduler-admin-rancher 1/1 Running 0 82s kube-system rke2-coredns-rke2-coredns-84fb6cf48c-n5scx 1/1 Running 0 70s kube-system rke2-coredns-rke2-coredns-autoscaler-78db5d674-2hmms 1/1 Running 0 70s kube-system rke2-ingress-nginx-controller-xsj9k 1/1 Running 0 31s kube-system rke2-metrics-server-7c85d458bd-rz4xn 1/1 Running 0 49s kube-system rke2-multus-wskqv 1/1 Running 2 (64s ago) 68s kube-system rke2-snapshot-controller-65bc6fbd57-s6gjn 1/1 Running 0 45s kube-system rke2-snapshot-validation-webhook-859c7896df-xgxzm 1/1 Running 0 48s metallb-system metallb-controller-666dfd5f45-zb5sz 1/1 Running 0 48s metallb-system metallb-speaker-kdwzm 1/1 Running 0 48s ``` ## 9. 故障排除 ### 在 OS 安裝階段出現問題 ### 在開機引導畫面加入參數 #### 若是 GRUB 畫面（常見於 EFI 系統）： 1. 用鍵盤選擇 `Install SL Micro` 開機選項，不要馬上按 Enter。 ![image](https://hackmd.io/_uploads/r1X5Nncbge.png) 3. 按下 `e` 進入編輯模式。 4. 找到以 `linux` 開頭的那一行。 5. 在行尾加上： ``` systemd.log_level=debug systemd.debug_shell=1 rd.debug ``` ![image](https://hackmd.io/_uploads/ry0q4hq-gl.png) 6. 按下 `Ctrl + x` 或 `F10` 開始以 debug 模式開機。 #### 參數說明： | 參數 | 作用說明 | | ------------------------- | ------------------------------------------- | | `systemd.log_level=debug` | 讓 systemd 顯示更多 debug 訊息 | | `systemd.debug_shell=1` | 在 TTY 9 開啟 root shell（可用 `Ctrl+Alt+F9` 切過去） | | `rd.debug` | 開啟 Dracut（initramfs）開機階段的詳細除錯輸出 |