Cockroach DB 无法创建客户端证书
[英]Cockroach DB failing to create client certificate
问题描述
I have installed Cockroach DB on my Linux (WSL2 Ubuntu 20.04) using the tutorial here .
我已经使用 此处的教程在我的 Linux (WSL2 Ubuntu 20.04) 上安装了 Cockroach DB。
However, when I try to create the client certificate and key pair for the root user in Step 1.4, I am getting the following error:但是,当我尝试在步骤 1.4 中为 root 用户创建客户端证书和密钥对时,我收到以下错误:
W210412 14:47:47.996624 1 security/certificate_loader.go:356 error finding key for certs/node.crt: key file certs/node.key has permissions -rwxrwxrwx, exceeds -rwx------
ERROR: failed to generate client certificate and key: key file certs/node.key has permissions -rwxrwxrwx, exceeds -rwx------ Failed running "cert create-client" Consequently, I am unable to start the cluster in the next step.错误:无法生成客户端证书和密钥:密钥文件 certs/node.key 具有权限 -rwxrwxrwx,超过 -rwx------ 运行“cert create-client”失败因此,我无法在下一步。
1 个解决方案
解决方案1
1 2021-04-12 15:10:29
CockroachDB requires key files to have sane permissions (owner only). CockroachDB 要求密钥文件具有健全的权限(仅限所有者)。 However, the windows subsystem for linux has an odd handling of file permissions (see this WSL doc for more details).但是,linux 的 windows 子系统对文件权限的处理有些奇怪(有关详细信息,请参阅 此 WSL 文档)。
You have two options:你有两个选择:
- figure out how to change file permissions on WSL2, if possible如果可能,弄清楚如何更改 WSL2 上的文件权限
- tell CockroachDB to skip key file permissions告诉 CockroachDB 跳过关键文件权限
The latter is described in the certificates documentation :后者在证书文档中进行了描述:
Keys (files ending in.key) must not have group or world permissions (maximum permissions are 0700, or rwx------).
Using this information, we can change step 1.4 of the tutorial.使用此信息,我们可以更改教程的步骤 1.4。
The default behavior gives the error you encountered:默认行为给出了您遇到的错误:
$ cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key
W210412 15:05:44.419689 1 security/certificate_loader.go:356 error finding key for certs/node.crt: key file certs/node.key has permissions -rwxrwxrwx, exceeds -rwx------
ERROR: failed to generate client certificate and key: key file certs/node.key has permissions -rwxrwxrwx, exceeds -rwx------
Failed running "cert create-client"
Using the COCKROACH_SKIP_KEY_PERMISSION_CHECK=true environment variable, we can get it to ignore the file permissions and proceed:使用COCKROACH_SKIP_KEY_PERMISSION_CHECK=true环境变量,我们可以让它忽略文件权限并继续:
$ COCKROACH_SKIP_KEY_PERMISSION_CHECK=true cockroach cert create-client root --certs-dir=certs --ca-key=my-safe-directory/ca.key
If you do use this work-around, you will need to use it to start the cockroach server as well.如果您确实使用此解决方法,您也需要使用它来启动cockroach服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.