consul - 服务器还活着,但客户端没有!“没有安装的密钥可以解密消息”,如何在领事上解决这个问题?
问题描述
一旦我启用encrypt,我所有的领事集群都失败了。这是sudo systemctl consul status:
memberlist:接收失败:没有安装的密钥可以解密
Nov 01 08:49:30 server-1 consul[593217]: 2021-11-01T08:49:30.031+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37442
Nov 01 08:49:58 server-1 consul[593217]: 2021-11-01T08:49:58.992+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.4:41492
Nov 01 08:49:59 server-1 consul[593217]: 2021-11-01T08:49:59.882+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.12:35558
Nov 01 08:50:00 server-1 consul[593217]: 2021-11-01T08:50:00.042+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37460
Nov 01 08:50:29 server-1 consul[593217]: 2021-11-01T08:50:29.004+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.4:41510
Nov 01 08:50:29 server-1 consul[593217]: 2021-11-01T08:50:29.895+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.12:35576
Nov 01 08:50:30 server-1 consul[593217]: 2021-11-01T08:50:30.056+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37478
Nov 01 08:50:59 server-1 consul[593217]: 2021-11-01T08:50:59.018+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.4:41528
Nov 01 08:50:59 server-1 consul[593217]: 2021-11-01T08:50:59.909+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.12:35594
Nov 01 08:51:00 server-1 consul[593217]: 2021-11-01T08:51:00.067+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37496
ACL和TLS被注释掉,我什至在我的所有注释中encrypt,clients但仍然收到上述输出。我该如何解决这个问题?谢谢。
解决方案
encrypt您必须在两种类型的节点上具有完全相同的设置:服务器和客户端。或者,您必须在任何地方禁用加密。您可以参考官方教程在现有集群上逐步启用加密。
UPD: 在所有节点(客户端和服务器)中使用一个密钥的一些有用命令。
从所有节点获取密钥信息
consul keyring -list
生成新密钥
consul keygen
向所有节点广播新密钥
consul keyring -install=<<KEY>>
切换到新密钥
consul keyring -use=<<KEY>>
推荐阅读
- xcode - 如何在运行脚本 Xcode 10 中读取自定义环境变量?
- javascript - 在 Vue 功能组件中使用动态导入
- python - 熊猫没有在列中找到元素
- html - 列计数元素与下一列重叠
- android - 如何获得当前孩子的父母?
- r - 使用 R 中的 ecdf 函数,数据集中的最小值不是第 0 个百分位数
- apache - 通过.htaccess设置子目录而不创建文件夹
- python-3.x - 在 Python 中打印 TXT 中最后出现的单词
- sql-server - SSIS 包步骤中的此 SQL Server OUTPUT 子句效果是什么?
- php - 存储外观获取方法返回文件存在时在路径中找不到文件 - Laravel 5.5