etcd - 错误“远程错误:tls:错误证书”,ServerName“”
问题描述
我是使用此命令启动 etcd(3.3.13) 的成员:
/usr/local/bin/etcd \
--name infra2 \
--cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
--peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls https://172.19.104.230:2380 \
--listen-peer-urls https://172.19.104.230:2380 \
--listen-client-urls http://127.0.0.1:2379 \
--advertise-client-urls https://172.19.104.230:2379 \
--initial-cluster-token etcd-cluster \
--initial-cluster infra1=https://172.19.104.231:2380,infra2=https://172.19.104.230:2380,infra3=https://172.19.150.82:2380 \
--initial-cluster-state new \
--data-dir=/var/lib/etcd
但日志显示此错误:
2019-08-24 13:12:07.981345 I | embed: rejected connection from "172.19.104.231:60474" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.003918 I | embed: rejected connection from "172.19.104.231:60478" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.004242 I | embed: rejected connection from "172.19.104.231:60480" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.045940 E | rafthttp: request cluster ID mismatch (got 52162d7b86a0617a want b125c249de626e35)
2019-08-24 13:12:08.046455 E | rafthttp: request cluster ID mismatch (got 52162d7b86a0617a want b125c249de626e35)
2019-08-24 13:12:08.081290 I | embed: rejected connection from "172.19.104.231:60484" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.101692 I | embed: rejected connection from "172.19.104.231:60489" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.102002 I | embed: rejected connection from "172.19.104.231:60488" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.144928 E | rafthttp: request cluster ID mismatch (got 52162d7b86a0617a want b125c249de626e35)
2019-08-24 13:12:08.145151 E | rafthttp: request cluster ID mismatch (got 52162d7b86a0617a want b125c249de626e35)
2019-08-24 13:12:08.181299 I | embed: rejected connection from "172.19.104.231:60494" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.201722 I | embed: rejected connection from "172.19.104.231:60500" (error "remote error: tls: bad certificate", ServerName "")
2019-08-24 13:12:08.202096 I | embed: rejected connection from "172.19.104.231:60498" (error "remote error: tls: bad certificate", ServerName "")
我从互联网上搜索,发现原因是:应该在生成 CA 证书时在主机配置中提供所有 etcd 节点 ip,但我在 csr.json 中配置了我所有的 etcd 节点 ip,这是我的 csr.json 配置:
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"172.19.104.230",
"172.19.150.82",
"172.19.104.231"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
我应该怎么做才能修复错误?
解决方案
当您运行 cfssl generate 命令时,您应该提供运行 etcd 的主机的 IP:
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=IP1, IP..,IPN \
-profile=kubernetes \
kubernetes-csr.json | cfssljson -bare kubernetes
推荐阅读
- python - 查询访问自定义模型方法 - Django ORM
- amadeus - 在 Amadeus 中,由于“TABLE DOES NOT EXIST”错误导致预订失败
- reactjs - 在“AppointmentOrganizerCommandSurface”上放置 Outlook 加载项按钮
- python - 为什么我收到错误代码失败的错误?
- android-facebook - 在 android 中的 Facebook 上的 ShareLinkContent
- python - 如何使用 pyspark 从 S3 存储桶中的最新文件中获取日期
- r - 如何根据列值更改线条的颜色
- exception - 尝试分析 Twitter 数据集时出现 PySpark 错误
- javascript - 如何在节点 js 中获取图像(JPG、JPEG、PNG)的 EXIF 数据?
- sql - Transforming table of categorical data in SQL Server