5-4 ETCD集群 rejected connection
来源:5-4 部署etcd集群
yl_testimooc3804939
2022-12-02
按照您这章的步骤,我回顾了一下,启动ETCD集群,测试集群状态
[root@node-1 ~]# ETCDCTL_API=3 etcdctl member list \
> --endpoints=https://127.0.0.1:2379 \
> --cacert=/etc/etcd/ca.pem \
> --cert=/etc/etcd/kubernetes.pem \
> --key=/etc/etcd/kubernetes-key.pem
17699d00ab051ce0, started, node-3, https://172.16.1.23:2380, https://172.16.1.23:2379, false
30f1ad6e6bfae91e, started, node-1, https://172.16.1.21:2380, https://172.16.1.21:2379, false
bf0f7b27e53ff62b, started, node-2, https://172.16.1.22:2380, https://172.16.1.22:2379, false
[root@node-1 ~]# netstat -lntup|grep 2379
tcp 0 0 172.16.1.21:2379 0.0.0.0:* LISTEN 1874/etcd
tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 1874/etcd
[root@node-1 ~]# netstat -lntup|grep 2380
tcp 0 0 172.16.1.21:2380 0.0.0.0:* LISTEN 1874/etcd
然而我发现,下述操作报错了
[root@node-1 ~]# journalctl -f -u etcd
Dec 02 01:40:49 node-1 etcd[1874]:
rejected connection from "127.0.0.1:52376"
(error "tls: first record does not look like a TLS handshake", ServerName "")
[root@node-1 ~]# systemctl status etcd -l
Dec 02 01:48:09 node-1 etcd[1874]:
rejected connection from "172.16.1.23:41544"
(error "tls: first record does not look like a TLS handshake", ServerName "")
Dec 02 02:25:20 node-1 etcd[1874]:
rejected connection from "127.0.0.1:55064"
(error "tls: first record does not look like a TLS handshake", ServerName "")
问题一:172.16.1.23并没有41544这个端口,为啥还要访问?这个功能是干啥的?
问题二:这个异常如何解决?
(error "tls: first record does not look like a TLS handshake", ServerName "")
我搜了一下课程回答内容和其他网站,发现有证书问题,但并不是我的异常描述。
然后我模糊的测试了一下ETCDCTL命令
直接执行get依然报错,
[root@node-1 ~]# etcdctl get /test
{"level":"warn","ts":"2022-12-02T02:26:23.574+0800","caller":"clientv3/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"endpoint://client-5cabab7f-c9d1-4aed-b3cf-4710af6cacf8/127.0.0.1:2379","attempt":0,"error":
"rpc error: code = DeadlineExceeded desc = latest balancer error:
all SubConns are in TransientFailure, latest connection error: connection closed"}
问题三:下述异常和问题三有没有关联?
但是,当我手工加入证书路径之后,就能正常的get和set了
[root@node-1 ~]# etcdctl --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem put /test zhangsan
OK
[root@node-1 ~]# etcdctl --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem get /test
/test
zhangsan
[root@node-1 ~]# etcdctl member list --write-out=table --cacert=/etc/etcd/ca.pem --cert=/etc/etcd/kubernetes.pem --key=/etc/etcd/kubernetes-key.pem
+------------------+---------+--------+--------------------------+--------------------------+------------+
| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |
+------------------+---------+--------+--------------------------+--------------------------+------------+
| 17699d00ab051ce0 | started | node-3 | https://172.16.1.23:2380 | https://172.16.1.23:2379 | false |
| 30f1ad6e6bfae91e | started | node-1 | https://172.16.1.21:2380 | https://172.16.1.21:2379 | false |
| bf0f7b27e53ff62b | started | node-2 | https://172.16.1.22:2380 | https://172.16.1.22:2379 | false |
+------------------+---------+--------+--------------------------+--------------------------+------------+
问题四:
下述异常和问题三中不手工加证书执行时出现异常,对后续集群和课程有没有影响?
(error "tls: first record does not look like a TLS handshake", ServerName "")
谢谢老师。
写回答
1回答
-
刘果国
2022-12-02
集群应该没问题,可以继续。这些问题是个深入学习的机会,多多了解原理自然就解开了
00
相似问题