由于 302 重定向,Cloud Init 无法从 k8s.io 创建 Apt 源

由于 302 重定向,Cloud Init 无法从 k8s.io 创建 Apt 源

我正在尝试使用 cloud-init 将 k8s.io apt 包源添加到虚拟机,但文档执行 302 重定向,但 gpg 不喜欢这样。

云初始化配置.yml:

    apt:
      sources:
        docker:
          keyid: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
          keyserver: 'https://download.docker.com/linux/ubuntu/gpg'
          source: 'deb [signed-by=$KEY_FILE] https://download.docker.com/linux/ubuntu mantic stable'
        kubernetes:
          keyid: 'DE15B14486CD377B9E876E1A234654DA9A296436'
          keyserver: 'https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key'
          source: 'deb [signed-by=$KEY_FILE] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /'
      conf: |
        APT {
            Get {
                Assume-Yes 'true';
                Fix-Broken 'true';
            }
        }

VM 的错误/var/log/cloud-init-output.log

2023-12-10 18:29:02,444 - gpg.py[ERROR]: Failed to obtain gpg key DE15B14486CD377B9E876E1A234654DA9A296436
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/gpg.py", line 101, in recv_key
    naplen = next(sleeps)
             ^^^^^^^^^^^^
StopIteration

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/cloudinit/gpg.py", line 130, in getkeybyid
    recv_key(keyid, keyserver=keyserver)
  File "/usr/lib/python3/dist-packages/cloudinit/gpg.py", line 109, in recv_key
    raise ValueError(
ValueError: Failed to import key 'DE15B14486CD377B9E876E1A234654DA9A296436' from keyserver 'https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key' after 3 tries: Unexpected error while running command.
Command: ['gpg', '--no-tty', '--keyserver=https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key', '--recv-keys', 'DE15B14486CD377B9E876E1A234654DA9A296436']
Exit code: 2
Reason: -
Stdout: 
Stderr: gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
        gpg: keyserver receive failed: No data
2023-12-10 18:29:02,465 - gpg.py[WARNING]: Failed delete key "DE15B14486CD377B9E876E1A234654DA9A296436": Unexpected error while running command.
Command: ['gpg', '--batch', '--yes', '--delete-keys', 'DE15B14486CD377B9E876E1A234654DA9A296436']
Exit code: 2
Reason: -
Stdout: 
Stderr: gpg: key "DE15B14486CD377B9E876E1A234654DA9A296436" not found: Not found
        gpg: DE15B14486CD377B9E876E1A234654DA9A296436: delete key failed: Not found
2023-12-10 18:29:02,466 - util.py[WARNING]: Running module apt_configure (<module 'cloudinit.config.cc_apt_configure' from '/usr/lib/python3/dist-packages/cloudinit/config/cc_apt_configure.py'>) failed
Cloud-init v. 23.3.1-0ubuntu2 running 'modules:final' at Sun, 10 Dec 2023 18:29:02 +0000. Up 23.60 seconds.
Cloud-init v. 23.3.1-0ubuntu2 finished at Sun, 10 Dec 2023 18:29:02 +0000. Datasource DataSourceNoCloud [seed=/dev/sr0][dsmode=net].  Up 23.74 seconds

$ curl https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

URL

https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key

重定向至:

https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.28/deb/Release.key

现在,我可以将位置更改keyserver为重定向的 URL,但这可能会改变。有没有办法告诉 gpg 使用额外的 cloud-init 配置来遵循重定向?

答案1

从 cloud-init 配置中的 URL 重定向keyserver可能会导致 gpg 失败并阻止添加 Kubernetes apt 源。将 URL 更改为重定向可能会暂时起作用,但这并不理想,因为重定向目标将来可能会发生变化,从而破坏您的设置。

以下是您可以考虑处理重定向和添加 Kubernetes apt 源的一些选项。

选项 1:直接使用重定向的 URL:

选项 2:配置 gpg 以遵循重定向:

  • gpg 没有内置选项来自动遵循重定向,但您可以使用脚本或包装器来解决它。

  • 一种方法是编写一个简短的脚本,动态检索重定向的 URL,然后使用更新的 URL 调用 gpg。

  • 或者,考虑使用类似的工具wget从重定向 URL 下载密钥文件,然后使用选项将其传递给 gpg --import

希望这些信息能帮助您找到处理重定向的解决方案并成功地将 Kubernetes apt 源添加到您的 cloud-init 配置中。

相关内容