VxRail：新增使用者vxpsvc_ptagent_op時發生錯誤「passwd： critical error」

• 從vmkernel.log

  022-02-10T01:39:18.862Z warning hostd[2106888] [Originator@6876 sub=UserDirectory opID=03882bde user=root] User lookup failed for 'vxpsvc_ptagent_op'
  2022-02-10T01:39:18.934Z info hostd[2106888] [Originator@6876 sub=Solo.Vmomi opID=03882bde user=root] Throw vmodl.fault.SystemError
  2022-02-10T01:39:18.934Z info hostd[2106888] [Originator@6876 sub=Solo.Vmomi opID=03882bde user=root] Result:
  --> (vmodl.fault.SystemError) {
  --> faultCause = (vmodl.MethodFault) null,
  --> faultMessage = (vmodl.LocalizableMessage) [
  --> (vmodl.LocalizableMessage) {
  --> key = "com.vmware.vim.host.LocalAccountManager.passwdError",
  --> arg = <unset>,
  --> message = <unset>
  --> }
  --> ],
  --> reason = "passwd: Critical error - immediate abort"
  --> msg = ""
  --> }

• 從「錯誤platform_svc.log，由於不符合密碼原則的要求，因此無法新增帳戶vxpsvc_ptagent_op

  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - -------------- VxRail Platform Service -----------------
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Registering "tasks"
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - iDracOpt. timestamp: 1644457139
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Registering "platform"
  2022-02-10T01:38:59Z platform_svc: [Thread-1] INFO - Waiting for iSM ready
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Setting up listener
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Starting endpoints
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Starting network loop
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Start network loop
  2022-02-10T01:38:59Z platform_svc: [MainThread] INFO - Backend started
  2022-02-10T01:39:00Z platform_svc: [Thread-1] INFO - iSM is ready
  2022-02-10T01:39:00Z platform_svc: [Thread-1] INFO - Found service acccount in slot 15
  2022-02-10T01:39:00Z platform_svc: [Thread-1] INFO - Refresh Password
  2022-02-10T01:39:02Z platform_svc: [Thread-1] INFO - Enable the account
  2022-02-10T01:39:02Z platform_svc: [Thread-1] INFO - Setting up the public key for the service account
  2022-02-10T01:39:15Z platform_svc: [Thread-1] INFO - Service account setup successfully
  2022-02-10T01:39:17Z platform_svc: [Thread-1] DEBUG - xpath-enum-context: 1
  2022-02-10T01:39:18Z platform_svc: [Thread-1] INFO - The updateable firmware info collected
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - Command "localcli --formatter=python system account add --id vxpsvc_ptagent_op -p [[r)^c>p%rDu0KT]iF)qR[M`Yllajrx/ -c [[r)^c>p%rDu0KT]iF)qR[M`Yllajrx/" failed with: OUT: b''ERR: b'Errors: \n A general system error occurred: passwd: Critical error - immediate abort\n'
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - Failed initializing EP <platforms.dell.PlatformEndpoint object at 0x7ad87b1860>
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - Traceback (most recent call last):
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - File "/opt/vxrail/bin/endpoints/__init__.py", line 135, in do_init
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - ep.init()
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - File "/opt/vxrail/bin/platforms/dell/__init__.py", line 709, in init
  2022-02-10T01:39:18Z platform_svc: [Thread-1] ERROR - self.esxi_tmp_account_mgr.init_esxi_tmp_account()

• 另一個觀察情況是，受影響的節點在 vCenter Server 中顯示沒有回應/已中斷連線。

可使用 /etc/pam.d/passwd 組態已由使用者或其他應用程式修改。平台服務帳戶密碼 vxpsvc_ptagent_op 不再符合密碼要求，導致使用者新增失敗。 

1. 若要解決此問題，請備份目前的 /etc/pam.d/passwd 檔，並將其恢復為預設值。驗證同一叢集下的其他 ESXi 主機。預設檔案內容為：

   %PAM-1.0
   
   # Change only through host advanced option "Security.PasswordQualityControl".
   password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
   
   # Change only through host advanced option "Security.PasswordHistory".
   password requisite /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
   
   password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
   password required /lib/security/$ISA/pam_deny.so

2. 重新啟動平台服務，以確保沒有進一步的錯誤。

   /etc/init.d/vxrail-pservice restart