我正在尝试使用vagrant和virtual box创建一个consul集群。 在尝试下载consul时,wget无法建立SSL连接。 以下是来自流浪者的日志。 wget对其他下载工作正常,我验证了领事下载链接也正常工作。 Curl也可以在这个链接上正常工作。但是,奇怪的是如果我在流浪汉提供中使用CURl,它根本就不是下载(没有日志)。 有人可以帮助我解决这个奇怪的问题吗?我尝试升级' wget'太
==> consulredis1: --2017-01-11 02:17:04-- https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip
==> consulredis1: Resolving releases.hashicorp.com (releases.hashicorp.com)...
==> consulredis1: 151.101.65.183
==> consulredis1: ,
==> consulredis1: 151.101.129.183
==> consulredis1: ,
==> consulredis1: 151.101.193.183
==> consulredis1: , ...
==> consulredis1: Connecting to releases.hashicorp.com (releases.hashicorp.com)|151.101.65.183|:443...
==> consulredis1: connected.
==> consulredis1: Unable to establish SSL connection.
这是我的配置脚本
#!/bin/bash
# Step 1 - Get the necessary utilities and install them.
sudo apt-get update
sudo apt-get install -y unzip curl wget
sudo apt-get install -y make gcc build-essential
#apt-get install
# Step 2 - Copy the init script to the /etc/init folder.
cp /vagrant/consul.conf /etc/init/consul.conf
# Step 3 - Get the Consul Zip file and extract it.
cd /usr/local/bin
wget http://download.redis.io/redis-stable.tar.gz
curl -k http://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip
unzip *.zip
rm *.zip
# Step 4 - Make the Consul directory.
sudo mkdir -p /etc/consul.d
sudo chmod a+w /etc/consul.d
sudo mkdir /var/consul
# Step 5 - Copy the server configuration.
cp $1 /etc/consul.d/config.json
# Step 6 - Start Consul
exec consul agent -config-file=/etc/consul.d/config.json
我的Vagrantfile内容
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "hashicorp/precise64"
config.vm.define "consulredis1" do |consulredis1|
config.vm.provision "shell" do |s|
s.path = "provision.sh"
s.args = ["/vagrant/node1/config.json","/vagrant/node1/redis-cluster-1.init.conf","/vagrant/node1/redis-cluster-1.conf"]
end
consulredis1.vm.hostname = "consulredis1"
consulredis1.vm.network "private_network", ip: "172.20.20.10"
end
end
答案 0 :(得分:1)
您需要升级一些库(包括libssl),以便最好包含apt-get dist-upgrade -y)
#!/bin/bash
# Step 1 - Get the necessary utilities and install them.
sudo apt-get update
sudo apt-get install -y unzip curl wget
sudo apt-get install -y make gcc build-essential
sudo apt-get dist-upgrade -y
#apt-get install
# Step 2 - Copy the init script to the /etc/init folder.
cp /vagrant/consul.conf /etc/init/consul.conf
# Step 3 - Get the Consul Zip file and extract it.
cd /usr/local/bin
wget http://download.redis.io/redis-stable.tar.gz -nc -nv
wget http://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip -nc -nv
unzip *.zip
rm *.zip
# Step 4 - Make the Consul directory.
sudo mkdir -p /etc/consul.d
sudo chmod a+w /etc/consul.d
sudo mkdir /var/consul
# Step 5 - Copy the server configuration.
cp $1 /etc/consul.d/config.json
# Step 6 - Start Consul
exec consul agent -config-file=/etc/consul.d/config.json
答案 1 :(得分:1)
“hashicorp / precise64”的分发似乎存在问题。 我只是转而使用“ubuntu / trusty64”并且wget工作正常。
#config.vm.box = "hashicorp/precise64"
config.vm.box = "ubuntu/trusty64"
答案 2 :(得分:1)
看来,Consul的维护者Hashicorp最近将其下载服务器改为仅要求TLS v1.2:
快速(谁正面对releases.hashicorp.com)证实此问题是由Hashicorp端点的更改引起的,该端点最近仅支持TLS v 1.2并删除了对早期版本(1.0和1.1)的支持。不幸的是,我们的Precise容器上的当前cURL和相关库(例如OpenSSL)版本不支持TLS v 1.2。
(注释here,包括来自Hashicorp的人称重)
如本问题其他部分所述,最简单的修复似乎是升级Ubuntu的版本。如果您无法做到,您可以强制wget选择特定的TLS版本(1.2):
wget https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip --secure-protocol=TLSv1_2