无法连接:x509:证书由未知授权机构签名(名称为“ ROUND_TRIPPER_RAFT_MESSAGE”)

时间:2019-08-24 06:04:40

标签: etcd

当我使用此命令启动etcd集群时:

/usr/local/bin/etcd \
  --name infra1 \
  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  --peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --initial-advertise-peer-urls https://172.19.104.231:2380 \
  --listen-peer-urls https://172.19.104.231:2380 \
  --listen-client-urls https://127.0.0.1:2379 \
  --advertise-client-urls https://172.19.104.231:2379 \
  --initial-cluster-token etcd-cluster \
  --initial-cluster infra1=https://172.19.104.231:2380,infra2=https://172.19.104.230:2380,infra3=https://172.19.150.82:2380 \
  --initial-cluster-state new \
  --data-dir=/var/lib/etcd

引发此错误:

2019-08-24 13:54:51.679786 I | etcdmain: etcd Version: 3.3.13
2019-08-24 13:54:51.679855 I | etcdmain: Git SHA: 98d3084
2019-08-24 13:54:51.679863 I | etcdmain: Go Version: go1.10.8
2019-08-24 13:54:51.679876 I | etcdmain: Go OS/Arch: linux/amd64
2019-08-24 13:54:51.679885 I | etcdmain: setting maximum number of CPUs to 4, total number of available CPUs is 4
2019-08-24 13:54:51.679941 N | etcdmain: the server is already initialized as member before, starting as etcd member...
2019-08-24 13:54:51.679991 I | embed: peerTLS: cert = /etc/kubernetes/ssl/kubernetes.pem, key = /etc/kubernetes/ssl/kubernetes-key.pem, ca = , trusted-ca = /etc/kubernetes/ssl/ca.pem, client-cert-auth = false, crl-file =
2019-08-24 13:54:51.680678 I | embed: listening for peers on https://172.19.104.231:2380
2019-08-24 13:54:51.680720 I | embed: listening for client requests on 127.0.0.1:2379
2019-08-24 13:54:51.681649 I | etcdserver: name = infra1
2019-08-24 13:54:51.681658 I | etcdserver: data dir = /var/lib/etcd
2019-08-24 13:54:51.681662 I | etcdserver: member dir = /var/lib/etcd/member
2019-08-24 13:54:51.681666 I | etcdserver: heartbeat = 100ms
2019-08-24 13:54:51.681670 I | etcdserver: election = 1000ms
2019-08-24 13:54:51.681673 I | etcdserver: snapshot count = 100000
2019-08-24 13:54:51.681682 I | etcdserver: advertise client URLs = https://172.19.104.231:2379
2019-08-24 13:54:51.683700 I | etcdserver: restarting member 696a771758a889c4 in cluster 52162d7b86a0617a at commit index 28
2019-08-24 13:54:51.683822 I | raft: 696a771758a889c4 became follower at term 2375
2019-08-24 13:54:51.683864 I | raft: newRaft 696a771758a889c4 [peers: [], term: 2375, commit: 28, applied: 0, lastindex: 28, lastterm: 2375]
2019-08-24 13:54:51.686074 W | auth: simple token is not cryptographically signed
2019-08-24 13:54:51.688698 I | etcdserver: starting server... [version: 3.3.13, cluster version: to_be_decided]
2019-08-24 13:54:51.691780 I | embed: ClientTLS: cert = /etc/kubernetes/ssl/kubernetes.pem, key = /etc/kubernetes/ssl/kubernetes-key.pem, ca = , trusted-ca = /etc/kubernetes/ssl/ca.pem, client-cert-auth = false, crl-file =
2019-08-24 13:54:51.692342 I | etcdserver/membership: added member 55a782166ce91d01 [https://172.19.150.82:2380] to cluster 52162d7b86a0617a
2019-08-24 13:54:51.692377 I | rafthttp: starting peer 55a782166ce91d01...
2019-08-24 13:54:51.692427 I | rafthttp: started HTTP pipelining with peer 55a782166ce91d01
2019-08-24 13:54:51.693974 I | rafthttp: started streaming with peer 55a782166ce91d01 (writer)
2019-08-24 13:54:51.696019 I | rafthttp: started streaming with peer 55a782166ce91d01 (writer)
2019-08-24 13:54:51.698191 I | rafthttp: started peer 55a782166ce91d01
2019-08-24 13:54:51.698238 I | rafthttp: added peer 55a782166ce91d01
2019-08-24 13:54:51.698441 I | etcdserver/membership: added member 67bca27e43a8258a [https://172.19.104.230:2380] to cluster 52162d7b86a0617a
2019-08-24 13:54:51.698472 I | rafthttp: starting peer 67bca27e43a8258a...
2019-08-24 13:54:51.698478 I | rafthttp: started streaming with peer 55a782166ce91d01 (stream MsgApp v2 reader)
2019-08-24 13:54:51.698540 I | rafthttp: started streaming with peer 55a782166ce91d01 (stream Message reader)
2019-08-24 13:54:51.698722 I | rafthttp: started HTTP pipelining with peer 67bca27e43a8258a
2019-08-24 13:54:51.700171 I | rafthttp: started streaming with peer 67bca27e43a8258a (writer)
2019-08-24 13:54:51.702023 I | rafthttp: started streaming with peer 67bca27e43a8258a (writer)
2019-08-24 13:54:51.703174 I | rafthttp: started peer 67bca27e43a8258a
2019-08-24 13:54:51.703199 I | rafthttp: added peer 67bca27e43a8258a
2019-08-24 13:54:51.703353 I | rafthttp: started streaming with peer 67bca27e43a8258a (stream Message reader)
2019-08-24 13:54:51.703390 I | etcdserver/membership: added member 696a771758a889c4 [https://172.19.104.231:2380] to cluster 52162d7b86a0617a
2019-08-24 13:54:51.703557 N | etcdserver/membership: set the initial cluster version to 3.0
2019-08-24 13:54:51.703592 I | etcdserver/api: enabled capabilities for version 3.0
2019-08-24 13:54:51.703689 I | rafthttp: started streaming with peer 67bca27e43a8258a (stream MsgApp v2 reader)
2019-08-24 13:54:51.703801 N | etcdserver/membership: updated the cluster version from 3.0 to 3.3
2019-08-24 13:54:51.703890 I | etcdserver/api: enabled capabilities for version 3.3
2019-08-24 13:54:51.703989 I | rafthttp: peer 55a782166ce91d01 became active
2019-08-24 13:54:51.704006 I | rafthttp: established a TCP streaming connection with peer 55a782166ce91d01 (stream Message writer)
2019-08-24 13:54:51.704949 I | rafthttp: established a TCP streaming connection with peer 55a782166ce91d01 (stream MsgApp v2 writer)
2019-08-24 13:54:51.705466 E | rafthttp: failed to dial 55a782166ce91d01 on stream Message (x509: certificate signed by unknown authority)
2019-08-24 13:54:51.705487 I | rafthttp: peer 55a782166ce91d01 became inactive (message send to peer failed)
2019-08-24 13:54:52.888849 I | raft: 696a771758a889c4 [term: 2375] received a MsgVote message with higher term from 55a782166ce91d01 [term: 2379]
2019-08-24 13:54:52.888887 I | raft: 696a771758a889c4 became follower at term 2379
2019-08-24 13:54:52.888898 I | raft: 696a771758a889c4 [logterm: 2375, index: 28, vote: 0] cast MsgVote for 55a782166ce91d01 [logterm: 2375, index: 28] at term 2379
2019-08-24 13:54:52.891881 I | raft: raft.node: 696a771758a889c4 elected leader 55a782166ce91d01 at term 2379
2019-08-24 13:54:52.897439 I | embed: ready to serve client requests
2019-08-24 13:54:52.897589 E | etcdmain: forgot to set Type=notify in systemd service file?
2019-08-24 13:54:52.897604 I | etcdserver: published {Name:infra1 ClientURLs:[https://172.19.104.231:2379]} to cluster 52162d7b86a0617a
2019-08-24 13:54:52.899157 I | embed: serving client requests on 127.0.0.1:2379
2019-08-24 13:54:56.698634 W | rafthttp: health check for peer 55a782166ce91d01 could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_SNAPSHOT")
2019-08-24 13:54:56.698674 W | rafthttp: health check for peer 55a782166ce91d01 could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_RAFT_MESSAGE")
2019-08-24 13:54:56.703923 W | rafthttp: health check for peer 67bca27e43a8258a could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_SNAPSHOT")
2019-08-24 13:54:56.705086 W | rafthttp: health check for peer 67bca27e43a8258a could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_RAFT_MESSAGE")
2019-08-24 13:55:01.698814 W | rafthttp: health check for peer 55a782166ce91d01 could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_RAFT_MESSAGE")
2019-08-24 13:55:01.698865 W | rafthttp: health check for peer 55a782166ce91d01 could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_SNAPSHOT")
2019-08-24 13:55:01.704073 W | rafthttp: health check for peer 67bca27e43a8258a could not connect: x509: certificate signed by unknown authority (prober "ROUND_TRIPPER_SNAPSHOT")

这是我的kubernetes证书配置:

{
    "CN": "kubernetes",
    "hosts": [
      "127.0.0.1",
      "172.19.104.230",
      "172.19.150.82",
      "172.19.104.231"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "BeiJing",
            "L": "BeiJing",
            "O": "k8s",
            "OU": "System"
        }
    ]
}

我的配置哪里出问题了?

0 个答案:

没有答案