unable to sign certificate: must specify a CommonName

Lliketoochao · 2024年2月2日

操作系统信息
物理机，Centos7.6

KubeSphere版本信息
使用 kubekey-v3.0.13 在裸机上离线安装 kubesphere_v3.4.1。

问题是什么

创建 docker registry 时报错如下：

unable to sign certificate: must specify a CommonName
14:59:22 CST failed: [LocalHost]
error: Pipeline[InitRegistryPipeline] execute failed: Module[InitRegistryModule] exec failed: 
failed: [LocalHost] [GenerateRegistryCerts] exec failed after 1 retries: unable to sign certificate: must specify a CommonName

Lliketoochao · 2024年2月2日

安装日志如下：

[root@kuberspher-master1 ~]# 
[root@kuberspher-master1 ~]# ./kk init registry -f config-sample.yaml -a kubesphere_v3.4.1.tar.gz 


 _   __      _          _   __           
| | / /     | |        | | / /           
| |/ / _   _| |__   ___| |/ /  ___ _   _ 
|    \| | | | '_ \ / _ \    \ / _ \ | | |
| |\  \ |_| | |_) |  __/ |\  \  __/ |_| |
\_| \_/\__,_|_.__/ \___\_| \_/\___|\__, |
                                    __/ |
                                   |___/

18:15:06 CST [GreetingsModule] Greetings
18:15:08 CST message: [kubersphere-work3]
Greetings, KubeKey!
18:15:09 CST message: [kubersphere-master3]
Greetings, KubeKey!
18:15:09 CST message: [kubersphere-registry]
Greetings, KubeKey!
18:15:10 CST message: [kubersphere-master2]
Greetings, KubeKey!
18:15:12 CST message: [kubersphere-master1]
Greetings, KubeKey!
18:15:13 CST message: [kubersphere-work2]
Greetings, KubeKey!
18:15:13 CST message: [kubersphere-work1]
Greetings, KubeKey!
18:15:13 CST success: [kubersphere-work3]
18:15:13 CST success: [kubersphere-master3]
18:15:13 CST success: [kubersphere-registry]
18:15:13 CST success: [kubersphere-master2]
18:15:13 CST success: [kubersphere-master1]
18:15:13 CST success: [kubersphere-work2]
18:15:13 CST success: [kubersphere-work1]
18:15:13 CST [UnArchiveArtifactModule] Check the KubeKey artifact md5 value
18:17:36 CST success: [LocalHost]
18:17:36 CST [UnArchiveArtifactModule] UnArchive the KubeKey artifact
18:17:36 CST skipped: [LocalHost]
18:17:36 CST [UnArchiveArtifactModule] Create the KubeKey artifact Md5 file
18:17:36 CST skipped: [LocalHost]
18:17:36 CST [RegistryPackageModule] Download registry package
18:17:36 CST message: [localhost]
downloading amd64 registry 2  ...
18:17:36 CST success: [LocalHost]
18:17:36 CST [ConfigureOSModule] Get OS release
18:17:38 CST success: [kubersphere-work3]
18:17:38 CST success: [kubersphere-registry]
18:17:38 CST success: [kubersphere-work2]
18:17:38 CST success: [kubersphere-master3]
18:17:38 CST success: [kubersphere-master2]
18:17:38 CST success: [kubersphere-work1]
18:17:38 CST success: [kubersphere-master1]
18:17:38 CST [ConfigureOSModule] Prepare to init OS
18:18:00 CST success: [kubersphere-work2]
18:18:00 CST success: [kubersphere-work3]
18:18:00 CST success: [kubersphere-registry]
18:18:00 CST success: [kubersphere-work1]
18:18:00 CST success: [kubersphere-master3]
18:18:00 CST success: [kubersphere-master2]
18:18:00 CST success: [kubersphere-master1]
18:18:00 CST [ConfigureOSModule] Generate init os script
18:18:06 CST success: [kubersphere-work3]
18:18:06 CST success: [kubersphere-work2]
18:18:06 CST success: [kubersphere-registry]
18:18:06 CST success: [kubersphere-master3]
18:18:06 CST success: [kubersphere-master1]
18:18:06 CST success: [kubersphere-work1]
18:18:06 CST success: [kubersphere-master2]
18:18:06 CST [ConfigureOSModule] Exec init os script
18:18:09 CST stdout: [kubersphere-registry]
setenforce: SELinux is disabled
Disabled
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:09 CST stdout: [kubersphere-work2]
setenforce: SELinux is disabled
Disabled
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:09 CST stdout: [kubersphere-work3]
setenforce: SELinux is disabled
Disabled
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:11 CST stdout: [kubersphere-master2]
Permissive
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:11 CST stdout: [kubersphere-work1]
Permissive
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:11 CST stdout: [kubersphere-master3]
Permissive
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:12 CST stdout: [kubersphere-master1]
Permissive
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_local_reserved_ports = 30000-32767
net.core.netdev_max_backlog = 65535
net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.core.somaxconn = 32768
net.ipv4.tcp_max_syn_backlog = 1048576
net.ipv4.neigh.default.gc_thresh1 = 512
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_max_tw_buckets = 1048576
net.ipv4.tcp_max_orphans = 65535
net.ipv4.udp_rmem_min = 131072
net.ipv4.udp_wmem_min = 131072
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.arp_accept = 1
net.ipv4.conf.default.arp_accept = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
vm.max_map_count = 262144
vm.swappiness = 0
vm.overcommit_memory = 0
fs.inotify.max_user_instances = 524288
fs.inotify.max_user_watches = 524288
fs.pipe-max-size = 4194304
fs.aio-max-nr = 262144
kernel.pid_max = 65535
kernel.watchdog_thresh = 5
kernel.hung_task_timeout_secs = 5
18:18:12 CST success: [kubersphere-registry]
18:18:12 CST success: [kubersphere-work2]
18:18:12 CST success: [kubersphere-work3]
18:18:12 CST success: [kubersphere-master2]
18:18:12 CST success: [kubersphere-work1]
18:18:12 CST success: [kubersphere-master3]
18:18:12 CST success: [kubersphere-master1]
18:18:12 CST [ConfigureOSModule] configure the ntp server for each node
18:18:12 CST skipped: [kubersphere-work1]
18:18:12 CST skipped: [kubersphere-master1]
18:18:12 CST skipped: [kubersphere-master3]
18:18:12 CST skipped: [kubersphere-master2]
18:18:12 CST skipped: [kubersphere-registry]
18:18:12 CST skipped: [kubersphere-work2]
18:18:12 CST skipped: [kubersphere-work3]
18:18:12 CST [InitRegistryModule] Fetch registry certs
18:18:13 CST success: [kubersphere-registry]
18:18:13 CST [InitRegistryModule] Generate registry Certs
[certs] Using existing ca certificate authority
18:18:13 CST message: [LocalHost]
unable to sign certificate: must specify a CommonName
18:18:13 CST failed: [LocalHost]
error: Pipeline[InitRegistryPipeline] execute failed: Module[InitRegistryModule] exec failed: 
failed: [LocalHost] [GenerateRegistryCerts] exec failed after 1 retries: unable to sign certificate: must specify a CommonName
[root@kuberspher-master1 ~]#

Lliketoochao · 2024年2月4日

将创建 registry 分部进行，先进行 OS 初始化

将创建 regitry 分部进行，先进行 os 出师表报错

error: Pipeline[InitDependenciesPipeline] execute failed: Module[RepositoryModule] exec failed: 
failed: [kubersphere-work3] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory
failed: [kubersphere-registry] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory
failed: [kubersphere-work2] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory
failed: [kubersphere-master3] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory
failed: [kubersphere-master1] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory
failed: [kubersphere-work1] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory
failed: [kubersphere-master2] [SyncRepositoryISOFile] exec failed after 2 retries: scp /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso to /tmp/kubekey/centos-7-amd64.iso failed: get file stat failed: stat /root/kubekey/repository/amd64/centos/7/centos-7-amd64.iso: no such file or directory

报错信息来看，kk 创建 artifact 时下载 centos-7-amd64.iso 失败; 使用 iso.localPath.path 参数，完成了artifact 的打包。

      iso:
        localPath:
        # url: https://github.com/kubesphere/kubekey/releases/download/v3.0.10/ubuntu-20.04-debs-amd64.iso
        path: /mnt/centos7-rpms-amd64.iso

但是在使用 kk 初始化 os 时，缺报错了。

Lliketoochao · 2024年2月5日

问题已解决

Eexmono · 2024年5月31日

liketoochao 能告诉一下是怎么解决的吗？谢谢