k8s --etcd 叢集檢測異常( could not connect: x509)
阿新 • • 發佈:2021-02-12
etcd叢集單節點檢測正常
[[email protected] etcd]# supervisorctl status
etcd-server-1-12 RUNNING pid 13282, uptime 0:00:42叢集節點檢測報錯如下:
[[email protected] etcd]# ./etcdctl member list client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused ; error #1: client: endpoint http://127.0.0.1:2379 exceeded header timeout
檢視日誌
tail -200f /data/logs/etcd-server/etcd.stdout.log
[[email protected] etcd]# tail -fn 200 /data/logs/etcd-server/etcd.stdout.log 2021-02-11 04:52:56.183391 I | raft: bb9bd2baaebf7d95 received MsgVoteResp from bb9bd2baaebf7d95 at term 748 2021-02-11 04:52:56.183396 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 22cb69b2fd1bb417 at term 748 2021-02-11 04:52:56.183401 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 3c3bd4fd7d7e553e at term 748 2021-02-11 04:52:57.183542 I | raft: bb9bd2baaebf7d95 is starting a new election at term 748 2021-02-11 04:52:57.183562 I | raft: bb9bd2baaebf7d95 became candidate at term 749 2021-02-11 04:52:57.183570 I | raft: bb9bd2baaebf7d95 received MsgVoteResp from bb9bd2baaebf7d95 at term 749 2021-02-11 04:52:57.183576 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 22cb69b2fd1bb417 at term 749 2021-02-11 04:52:57.183580 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 3c3bd4fd7d7e553e at term 749 2021-02-11 04:52:58.184127 I | raft: bb9bd2baaebf7d95 is starting a new election at term 749 2021-02-11 04:52:58.184150 I | raft: bb9bd2baaebf7d95 became candidate at term 750 2021-02-11 04:52:58.184158 I | raft: bb9bd2baaebf7d95 received MsgVoteResp from bb9bd2baaebf7d95 at term 750 2021-02-11 04:52:58.184164 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 22cb69b2fd1bb417 at term 750 2021-02-11 04:52:58.184169 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 3c3bd4fd7d7e553e at term 750 2021-02-11 04:52:59.283896 I | raft: bb9bd2baaebf7d95 is starting a new election at term 750 2021-02-11 04:52:59.283916 I | raft: bb9bd2baaebf7d95 became candidate at term 751 2021-02-11 04:52:59.283925 I | raft: bb9bd2baaebf7d95 received MsgVoteResp from bb9bd2baaebf7d95 at term 751 2021-02-11 04:52:59.283932 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 22cb69b2fd1bb417 at term 751 2021-02-11 04:52:59.283937 I | raft: bb9bd2baaebf7d95 [logterm: 1, index: 3] sent MsgVote request to 3c3bd4fd7d7e553e at term 751 2021-02-11 04:52:59.309009 W | rafthttp: health check for peer 22cb69b2fd1bb417 could not connect: x509: cannot validate certificate for 192.168.1.21 because it doesn't contain any IP SANs (prober "ROUND_TRIPPER_SNAPSHOT") 2021-02-11 04:52:59.309035 W | rafthttp: health check for peer 22cb69b2fd1bb417 could not connect: x509: cannot validate certificate for 192.168.1.21 because it doesn't contain any IP SANs (prober "ROUND_TRIPPER_RAFT_MESSAGE") 2021-02-11 04:52:59.309041 W | rafthttp: health check for peer 3c3bd4fd7d7e553e could not connect: x509: cannot validate certificate for 192.168.1.22 because it doesn't contain any IP SANs (prober "ROUND_TRIPPER_RAFT_MESSAGE") 2021-02-11 04:52:59.309046 W | rafthttp: health check for peer 3c3bd4fd7d7e553e could not connect: x509: cannot validate certificate for 192.168.1.22 because it doesn't contain any IP SANs (prober "ROUND_TRIPPER_SNAPSHOT")
可以看到報錯是could not connect: x509,證書有問題
結決辦法是重新生成etcd-peer證書,再次上傳檔案到對應的目錄下
再次驗證如下
[[email protected] etcd]# ./etcdctl cluster-health member 22cb69b2fd1bb417 is healthy: got healthy result from http://127.0.0.1:2379 member 3c3bd4fd7d7e553e is healthy: got healthy result from http://127.0.0.1:2379 member bb9bd2baaebf7d95 is healthy: got healthy result from http://127.0.0.1:2379 cluster is healthy