OpenShift M5示例应用程序自签名证书错误

huangapple go评论91阅读模式
英文:

openshift m5 sample-app self-signed certificate errors

问题

我正在尝试按照 https://github.com/openshift/origin/tree/v0.3.3 上的指示,在 CentOS 6.6 上使用 OpenShift 3 v0.3.3 示例应用程序。当我运行以下命令时:

openshift ex policy add-user view anypassword:test-admin

我从 add_user.go:43 处收到了错误信息:

Get https://localhost:8443/osapi/v1beta1/policyBindings/master?namespace=default: x509: certificate signed by unknown authority

我不知道如何解决这个问题,所以我注释掉了 Fatal() 调用。这样允许执行继续进行,并且我可以登录到 Web 管理员控制台。下一步工作正常,但是接下来我遇到了以下错误:

openshift ex registry --create --credentials="${KUBECONFIG}"

产生了错误:

registry.go:145] Can't check for existing docker-registry "docker-registry": Get https://localhost:8443/api/v1beta1/services/docker-registry?namespace=default: x509: certificate signed by unknown authority

在 OpenShift 中有很多 registry.go 文件,我不喜欢在任何情况下都通过这些错误。也许只是需要找到正确的 .pem 文件,以便我可以按照这个过程进行操作:https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/。有人有这方面的经验吗?

谢谢!

英文:

I'm trying to follow the directions for the openshift 3 v0.3.3 sample-app on centos 6.6 as per https://github.com/openshift/origin/tree/v0.3.3 . When i run

openshift ex policy add-user view anypassword:test-admin

i get complaints from add_user.go:43

Get https://localhost:8443/osapi/v1beta1/policyBindings/master?namespace=default: x509: certificate signed by unknown authority

I didn't know how to get around it so i commented out the Fatal() call. This allowed execution to continue and i can login to the web administrator console. The next step worked but then i hit

openshift ex registry --create --credentials="${KUBECONFIG}"

which produces the error

registry.go:145] Can't check for existing docker-registry "docker-registry": Get https://localhost:8443/api/v1beta1/services/docker-registry?namespace=default: x509: certificate signed by unknown authority

There are LOTS of registry.go files in openshift and i don't like kludging through these errors in any case. Perhaps it's just a case of finding the right .pem file so i can follow this procedure: https://www.happyassassin.net/2015/01/14/trusting-additional-cas-in-fedora-rhel-centos-dont-append-to-etcpkitlscertsca-bundle-crt-or-etcpkitlscert-pem/. Does anyone have experience with this?

thanks!

答案1

得分: 1

我遇到了同样的问题,#openshift-dev IRC 上的 taharqa 给出了答案。问题在于指南中的可选步骤 1 必须在 sample 子目录中执行,但步骤 4 假设你在 origin 子目录中。你必须在正确的子目录中执行命令,否则证书位置不正确。

英文:

Had the same problem and taharqa on the #openshift-dev IRC had the answer. The problem is that optional step 1 in the directions has to be executed in the sample subdirectory but step 4 assumes that you are in the origin subdirectory. You have to execute the commands in the correct subdirectory or the certificates aren't located properly.

huangapple
  • 本文由 发表于 2015年2月28日 13:42:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/28778558.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定