Rancher证书到期致使平台无法浏览故障解决

1、修改系统时间,停止时间滚动更新。

关闭ntp同步,防止时间自动更新回来

timedatectl set-ntp false

修改节点时间

timedatectl set-time '2020-07-01 00:00:00'

2、重启容器。

#获取容器ID

rancher_server_id=`docker ps -a|grep -v CONTAINER|awk '{print $1}'`

#重启容器

docker restart ${rancher_server_id}

#进入容器内部,查看证书到期时间,并删除证书(已完成容器自签正式强制更新事宜)

root@ahhx-yf-192-168-220-132 \~\]# docker exec -ti ${rancher_server_id} bash root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/ data/ server/ root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/ data/ server/ root@[75af45caffba:/var/lib/rancher#](http://75af45caffba/var/lib/rancher "75af45caffba:/var/lib/rancher#") cd k3s/server/ root@[75af45caffba:/var/lib/rancher/k3s/server#](http://75af45caffba/var/lib/rancher/k3s/server "75af45caffba:/var/lib/rancher/k3s/server#") ls cred manifests node-token static tls root@[75af45caffba:/var/lib/rancher/k3s/server#](http://75af45caffba/var/lib/rancher/k3s/server "75af45caffba:/var/lib/rancher/k3s/server#") cd tls/ root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") ls client-admin.crt client-ca.crt client-kube-apiserver.crt client-kubelet.key request-header-ca.key serving-kube-apiserver.crt client-admin.key client-ca.key client-kube-apiserver.key client-scheduler.crt server-ca.crt serving-kube-apiserver.key client-auth-proxy.crt client-controller.crt client-kube-proxy.crt client-scheduler.key server-ca.key serving-kubelet.key client-auth-proxy.key client-controller.key client-kube-proxy.key request-header-ca.crt service.key temporary-certs root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") pwd /var/lib/rancher/k3s/server/tls root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") for i in \`ls /var/lib/rancher/k3s/server/tls/\*.crt\`; do echo $i; openssl x509 -enddate -noout -in $i; done /var/lib/rancher/k3s/server/tls/client-admin.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-auth-proxy.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/client-controller.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-kube-apiserver.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-kube-proxy.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/client-scheduler.crt notAfter=Mar 31 13:33:19 2022 GMT /var/lib/rancher/k3s/server/tls/request-header-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/server-ca.crt notAfter=Mar 29 13:33:19 2031 GMT /var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt notAfter=Mar 31 13:33:19 2022 GMT root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") **rm -rf \*.crt** root@[75af45caffba:/var/lib/rancher/k3s/server/tls#](http://75af45caffba/var/lib/rancher/k3s/server/tls "75af45caffba:/var/lib/rancher/k3s/server/tls#") exit exit ![](https://i-blog.csdnimg.cn/direct/ceb04e0294774bb18ec0347c31a24ada.png) #再次重启容器 docker restart ${rancher_server_id} #再次进入容器内部,观察证书是否已经更新到期时间及查看平台是否能正常访问。 #注意:如上教程仅仅适用于Rancher版本\>=2.3.x #Rancher版本\<=2.2,证书存储位置在:/var/lib/rancher/management-state/tls/ 下,操作方法一致。

相关推荐
Karoku0661 个月前
【CI/CD】Jenkinsfile管理+参数化构建+邮件通知以及Jenkins + SonarQube 代码审查
运维·ci/cd·容器·kubernetes·jenkins·rancher
菠萝炒饭pineapple-boss2 个月前
自有证书的rancher集群使用rke部署k8s集群异常
linux·运维·服务器·rancher
A ?Charis2 个月前
第八章-SUSE- Rancher-容器高可用与容灾测试-Longhorn(容灾卷跨集群测试)
rancher
A ?Charis2 个月前
第七章-SUSE- Rancher-容器高可用与容灾测试-Rancher拉起的集群(容灾测试)
rancher
A ?Charis2 个月前
记录一次-Rancher通过UI-Create Custom- RKE2的BUG
bug·rancher
A ?Charis2 个月前
第六章-SUSE- Rancher-容器高可用与容灾测试-RKE2-数据库(Mysql-异地备份还原方式容灾)
rancher
A ?Charis2 个月前
第五章-SUSE- Rancher-容器高可用与容灾测试-Rancher-back up(容灾测试)
rancher
A ?Charis2 个月前
第四章-SUSE- Rancher-容器高可用与容灾测试-RKE2(容灾测试)
rancher
郝开2 个月前
Windows系统中Docker可视化工具对比分析,Docker Desktop,Portainer,Rancher
docker·容器·rancher·docker desktop·portainer