我正在尝试使用 cloud-init 将 k8s.io apt 包源添加到虚拟机,但文档执行 302 重定向,但 gpg 不喜欢这样。
云初始化配置.yml:
apt:
sources:
docker:
keyid: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
keyserver: 'https://download.docker.com/linux/ubuntu/gpg'
source: 'deb [signed-by=$KEY_FILE] https://download.docker.com/linux/ubuntu mantic stable'
kubernetes:
keyid: 'DE15B14486CD377B9E876E1A234654DA9A296436'
keyserver: 'https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key'
source: 'deb [signed-by=$KEY_FILE] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /'
conf: |
APT {
Get {
Assume-Yes 'true';
Fix-Broken 'true';
}
}
VM 的错误/var/log/cloud-init-output.log:
2023-12-10 18:29:02,444 - gpg.py[ERROR]: Failed to obtain gpg key DE15B14486CD377B9E876E1A234654DA9A296436
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/cloudinit/gpg.py", line 101, in recv_key
naplen = next(sleeps)
^^^^^^^^^^^^
StopIteration
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/cloudinit/gpg.py", line 130, in getkeybyid
recv_key(keyid, keyserver=keyserver)
File "/usr/lib/python3/dist-packages/cloudinit/gpg.py", line 109, in recv_key
raise ValueError(
ValueError: Failed to import key 'DE15B14486CD377B9E876E1A234654DA9A296436' from keyserver 'https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key' after 3 tries: Unexpected error while running command.
Command: ['gpg', '--no-tty', '--keyserver=https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key', '--recv-keys', 'DE15B14486CD377B9E876E1A234654DA9A296436']
Exit code: 2
Reason: -
Stdout:
Stderr: gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: keyserver receive failed: No data
2023-12-10 18:29:02,465 - gpg.py[WARNING]: Failed delete key "DE15B14486CD377B9E876E1A234654DA9A296436": Unexpected error while running command.
Command: ['gpg', '--batch', '--yes', '--delete-keys', 'DE15B14486CD377B9E876E1A234654DA9A296436']
Exit code: 2
Reason: -
Stdout:
Stderr: gpg: key "DE15B14486CD377B9E876E1A234654DA9A296436" not found: Not found
gpg: DE15B14486CD377B9E876E1A234654DA9A296436: delete key failed: Not found
2023-12-10 18:29:02,466 - util.py[WARNING]: Running module apt_configure (<module 'cloudinit.config.cc_apt_configure' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_apt_configure.py'>) failed
Cloud-init v. 23.3.1-0ubuntu2 running 'modules:final' at Sun, 10 Dec 2023 18:29:02 +0000. Up 23.60 seconds.
Cloud-init v. 23.3.1-0ubuntu2 finished at Sun, 10 Dec 2023 18:29:02 +0000. Datasource DataSourceNoCloud [seed=/dev/sr0][dsmode=net]. Up 23.74 seconds
$ curl https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
URL
https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key
重定向至:
https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.28/deb/Release.key
现在,我可以将位置更改keyserver为重定向的 URL,但这可能会改变。有没有办法告诉 gpg 使用额外的 cloud-init 配置来遵循重定向?
答案1
从 cloud-init 配置中的 URL 重定向keyserver可能会导致 gpg 失败并阻止添加 Kubernetes apt 源。将 URL 更改为重定向可能会暂时起作用,但这并不理想,因为重定向目标将来可能会发生变化,从而破坏您的设置。
以下是您可以考虑处理重定向和添加 Kubernetes apt 源的一些选项。
选项 1:直接使用重定向的 URL:
更新 cloud-init 配置以使用重定向 URL (https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.28/deb/Release.key) 作为密钥服务器。
这个解决方案很简单,避免依赖 gpg 跟踪重定向,但它依赖于重定向在未来保持稳定。
选项 2:配置 gpg 以遵循重定向:
gpg 没有内置选项来自动遵循重定向,但您可以使用脚本或包装器来解决它。
一种方法是编写一个简短的脚本,动态检索重定向的 URL,然后使用更新的 URL 调用 gpg。
或者,考虑使用类似的工具
wget从重定向 URL 下载密钥文件,然后使用选项将其传递给 gpg--import。
希望这些信息能帮助您找到处理重定向的解决方案并成功地将 Kubernetes apt 源添加到您的 cloud-init 配置中。