堆栈内存溢出
  繁体   English   中英

etcdctl 抛出错误:超出上下文截止日期错误

[英]etcdctl throws Error: context deadline exceeded error

 原文  2018-12-06 07:33:56       amazon-web-services/ kubernetes/ coreos/ etcd/ etcd3

问题描述

我正在尝试使用 coreos cloud-config 在 AWS 上创建一个单节点 etcd 集群。 我创建了一个值为etcd.uday.com的 Route53 记录集,它有一个指向 ec2 实例的 ELB 的别名。 etcd 运行成功,但是当我运行 etcd member list 命令时,出现以下错误

ETCDCTL_API=3 etcdctl member list \
--endpoints=https://etcd.udayvishwakarma.com:2379 \
--cacert=./ca.pem \
--cert=etcd-client.pem \
--key=etcd-client-key.pem

Error: context deadline exceeded

但是,当--insecure-skip-tls-verify标志添加到etcdctl member list命令时,它会列出成员。 我已经使用以下配置使用cfssl生成了证书

json文件

{
"CN": "Root CA",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "UK",
      "L": "London",
      "O": "Kubernetes",
      "OU": "CA"
    }
  ],
  "ca": {
    "expiry": "87658h"
  }
}

配置文件

 {
  "signing": {
    "default": {
      "expiry": "2190h"
    },
    "profiles": {
      "client": {
        "expiry": "8760h",
        "usages": [
          "signing",
          "key encipherment",
          "client auth"
        ]
      },
      "server": {
        "expiry": "8760h",
        "usages": [
          "signing",
          "key encipherment",
          "server auth"
        ]
      },
      "peer": {
        "expiry": "8760h",
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ]
      },
      "ca": {
        "usages": [
          "signing",
          "digital signature",
          "cert sign",
          "crl sign"
        ],
        "expiry": "26280h",
        "is_ca": true
      }
    }
  }
}

etcd-member.json

 {
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "hosts":[
    "etcd.uday.com"
  ],
  "names": [
    {
      "O": "Kubernetes"
    }
  ]
}

etcd-client.json

 {
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "hosts":[
    "etcd.uday.com"
  ],
  "names": [
    {
      "O": "Kubernetes"
    }
  ]
}



     cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -hostname="etcd.uday.com" \
          -config=ca-config.json -profile=peer \
etcd-member.json | cfssljson -bare etcd-member

    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -hostname="etcd.uday.com" \
    -config=ca-config.json -profile=client\
 etcd-client.json | cfssljson -bare etcd-client

我的 etcd-member.service systemd 单元 cloudconfig 如下

    units:
  - name: etcd-member.service
    drop-ins:
    - name: aws-etcd-cluster.conf
      content: |
        [Service]
        Environment=ETCD_USER=etcd
        Environment=ETCD_NAME=%H
        Environment=ETCD_IMAGE_TAG=v3.1.12
        Environment=ETCD_SSL_DIR=/etc/etcd/ssl

        Environment=ETCD_CA_FILE=/etc/ssl/certs/ca.pem
        Environment=ETCD_CERT_FILE=/etc/ssl/certs/etcd-client.pem
        Environment=ETCD_KEY_FILE=/etc/ssl/certs/etcd-client-key.pem
        Environment=ETCD_CLIENT_CERT_AUTH=true
        Environment=ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/ca.pem
        Environment=ETCD_PEER_CA_FILE=/etc/ssl/certs/ca.pem
        Environment=ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd-member.pem
        Environment=ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd-member-key.pem
        Environment=ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/ca.pem


        Environment=ETCD_INITIAL_CLUSTER_STATE=new
        Environment=ETCD_INITIAL_CLUSTER=%H=https://%H:2380
        Environment=ETCD_DATA_DIR=/var/lib/etcd3
        Environment=ETCD_LISTEN_CLIENT_URLS=https://%H:2379,https://127.0.0.1:2379
        Environment=ETCD_ADVERTISE_CLIENT_URLS=https://%H:2379
        Environment=ETCD_LISTEN_PEER_URLS=https://%H:2380
        Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=https://%H:2380
        PermissionsStartOnly=true
        Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
        ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
        ExecStartPre=/usr/bin/sed -i 's/^ETCDCTL_ENDPOINT.*$/ETCDCTL_ENDPOINT=https:\/\/%H:2379/' /etc/environment
        ExecStartPre=/usr/bin/mkdir -p /var/lib/etcd3
        ExecStartPre=/usr/bin/chown -R etcd:etcd /var/lib/etcd3
        ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
    enable: true
    command: start

证书生成错误还是我错过了什么?

3 个解决方案

解决方案1
 1  2019-06-26 07:45:50

证书是为etcd.uday.com生成的。 您正在尝试使用etcd.udayvishwakarma.com进行连接,而证书对etcd.uday.com有效。 将 etcdctl 上的端点从etcdctl etcd.udayvishwakarma.cometcd.uday.com

解决方案2
 0  2019-12-23 06:29:09

我今天遇到了同样的问题,可能这对你现在没有用,但它对将来遇到同样问题的任何人都有用。 我想你可能失踪了

etcd.udayvishwakarma.com

从你的证书

--cert=etcd-client.pem

要验证 etcd.udayvishwakarma.com 是否存在于您的证书中,您可以运行:

openssl x509 -in etcd-client.pem -text

您应该能够在 X509v3 Subject Alternative Name 下看到它。 如果不这样做,您可能需要重新创建证书并添加该 DNS 名称。

解决方案3
 0  2021-06-01 13:20:47

当我运行.\etcdctl.exe put key value 时,我收到此错误

 Error: context deadline exceeded

在运行etcdctl.exe ,您应该先运行etcd.exe 就我而言,它正在工作。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 错误:使用 firebase 云函数时已超过期限 Firebase 云函数部署错误 - 超出配额 使用 Context 和 Firestore 预呈现 NextJS 时出错 将 spark dataframe 写入云存储会引发错误 Python 模块 googletrans 抛出“超过 url:/ 的最大重试次数”错误 处理 Python 中的 Firebase 'Max retries exceeded with url' 错误 部署 twilio 反应插件抛出错误:未找到请求的资源/配置 MongoDB Compass 抛出授权错误,但应用程序内控制台有效 在 BigQuery SQL 中,如何跟踪资源使用情况以避免“查询执行期间超出资源”错误 调用 GetDeployment 操作时发生错误 (ThrottlingException)(达到最大重试次数:4):超出速率
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM