etcdctl 抛出错误:超出上下文期限错误
Posted
技术标签:
【中文标题】etcdctl 抛出错误:超出上下文期限错误【英文标题】:etcdctl throws Error: context deadline exceeded error 【发布时间】:2019-05-07 20:43:53 【问题描述】:我正在尝试使用 coreos cloud-config 在 AWS 上创建一个单节点 etcd 集群。我创建了一个值为 etcd.uday.com 的 Route53 记录集,它具有指向 ec2 实例的 ELB 的别名。 Etcd 运行成功,但是当我运行 etcd member list 命令时出现以下错误
ETCDCTL_API=3 etcdctl member list \
--endpoints=https://etcd.udayvishwakarma.com:2379 \
--cacert=./ca.pem \
--cert=etcd-client.pem \
--key=etcd-client-key.pem
Error: context deadline exceeded
但是,当--insecure-skip-tls-verify 标志添加到etcdctl member list 命令时,它会列出成员。我已经使用cfssl 使用下面的配置生成了证书
ca.json
"CN": "Root CA",
"key":
"algo": "rsa",
"size": 2048
,
"names": [
"C": "UK",
"L": "London",
"O": "Kubernetes",
"OU": "CA"
],
"ca":
"expiry": "87658h"
ca.config
"signing":
"default":
"expiry": "2190h"
,
"profiles":
"client":
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
,
"server":
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
,
"peer":
"expiry": "8760h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
,
"ca":
"usages": [
"signing",
"digital signature",
"cert sign",
"crl sign"
],
"expiry": "26280h",
"is_ca": true
etcd-member.json
"CN": "etcd",
"key":
"algo": "rsa",
"size": 2048
,
"hosts":[
"etcd.uday.com"
],
"names": [
"O": "Kubernetes"
]
etcd-client.json
"CN": "etcd",
"key":
"algo": "rsa",
"size": 2048
,
"hosts":[
"etcd.uday.com"
],
"names": [
"O": "Kubernetes"
]
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -hostname="etcd.uday.com" \
-config=ca-config.json -profile=peer \
etcd-member.json | cfssljson -bare etcd-member
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -hostname="etcd.uday.com" \
-config=ca-config.json -profile=client\
etcd-client.json | cfssljson -bare etcd-client
我的 etcd-member.service systemd 单元 cloudconfig 如下
units:
- name: etcd-member.service
drop-ins:
- name: aws-etcd-cluster.conf
content: |
[Service]
Environment=ETCD_USER=etcd
Environment=ETCD_NAME=%H
Environment=ETCD_IMAGE_TAG=v3.1.12
Environment=ETCD_SSL_DIR=/etc/etcd/ssl
Environment=ETCD_CA_FILE=/etc/ssl/certs/ca.pem
Environment=ETCD_CERT_FILE=/etc/ssl/certs/etcd-client.pem
Environment=ETCD_KEY_FILE=/etc/ssl/certs/etcd-client-key.pem
Environment=ETCD_CLIENT_CERT_AUTH=true
Environment=ETCD_TRUSTED_CA_FILE=/etc/ssl/certs/ca.pem
Environment=ETCD_PEER_CA_FILE=/etc/ssl/certs/ca.pem
Environment=ETCD_PEER_CERT_FILE=/etc/ssl/certs/etcd-member.pem
Environment=ETCD_PEER_KEY_FILE=/etc/ssl/certs/etcd-member-key.pem
Environment=ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/certs/ca.pem
Environment=ETCD_INITIAL_CLUSTER_STATE=new
Environment=ETCD_INITIAL_CLUSTER=%H=https://%H:2380
Environment=ETCD_DATA_DIR=/var/lib/etcd3
Environment=ETCD_LISTEN_CLIENT_URLS=https://%H:2379,https://127.0.0.1:2379
Environment=ETCD_ADVERTISE_CLIENT_URLS=https://%H:2379
Environment=ETCD_LISTEN_PEER_URLS=https://%H:2380
Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=https://%H:2380
PermissionsStartOnly=true
Environment="RKT_RUN_ARGS=--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
ExecStartPre=/usr/bin/sed -i 's/^ETCDCTL_ENDPOINT.*$/ETCDCTL_ENDPOINT=https:\/\/%H:2379/' /etc/environment
ExecStartPre=/usr/bin/mkdir -p /var/lib/etcd3
ExecStartPre=/usr/bin/chown -R etcd:etcd /var/lib/etcd3
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/lib/coreos/etcd-member-wrapper.uuid
enable: true
command: start
是证书生成错误还是我错过了什么?
【问题讨论】:
【参考方案1】:为etcd.uday.com 生成证书。
您正在尝试使用etcd.udayvishwakarma.com 进行连接,而证书对etcd.uday.com 有效。
将etcdctl 上的端点从etcd.udayvishwakarma.com 更改为etcd.uday.com。
【讨论】:
【参考方案2】:我今天遇到了同样的问题,可能现在这对你没有用,但对以后遇到同样问题的任何人都有用。 我想你可能错过了
etcd.udayvishwakarma.com
来自您的证书
--cert=etcd-client.pem
要验证 etcd.udayvishwakarma.com 是否存在于您的证书中,您可以运行:
openssl x509 -in etcd-client.pem -text
您应该能够在 X509v3 主题备用名称下看到它。如果不这样做,您可能需要重新创建添加该 DNS 名称的证书。
【讨论】:
【参考方案3】:当我运行 .\etcdctl.exe 输入键值时,我得到了这个错误
Error: context deadline exceeded
在运行etcdctl.exe 之前,您应该先运行etcd.exe。
就我而言,它正在工作。
【讨论】:
以上是关于etcdctl 抛出错误:超出上下文期限错误的主要内容,如果未能解决你的问题,请参考以下文章
Apollo 服务器:在上下文中抛出错误总是在客户端返回 http 400 错误
将我的服务部署到 azure kubernetes 服务时,总是出现错误“部署 'xxx' 超出其进度期限”
Python GET - 对 Bigquery API 的调用会引发超出期限的错误