我使用的是 CoreOS 493.0.0+2014-11-14-1501。此版本的 CoreOS 使用 OpenSSL OpenSSL 1.0.1j 2014 年 10 月 15 日。当我手动尝试使用update_engine_client -update更新失败时,我在日志中看到以下异常(在journalctl -ru udpate-engine:
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:payload_state.cc(400)] Current URL Index = 0
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:payload_state.cc(257)] Resetting the current URL index (0) to 0 as we only have 1 URL(s)
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:payload_state.cc(97)] Updating payload state for error code: 18 (kActionCodeDownloadPayloadPubKeyVerification
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:ERROR:update_attempter.cc(787)] Update failed.
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:update_attempter.cc(460)] Processing Done.
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:action_processor.cc(73)] ActionProcessor::ActionComplete: finished last action of type DownloadAction
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:action_processor.cc(68)] ActionProcessor::ActionComplete: DownloadAction action failed. Aborting processing.
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:ERROR:download_action.cc(118)] Download of https://update.release.core-os.net/amd64-usr/1068.8.0/update.gz failed
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000f0 : 8a e0 af 10 58 76 f6 c1 dd a5 c5 f3 98 51 05 6e
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000e0 : ae 7f e9 2f a0 a0 ba fb 7c 19 af c6 1a 65 a3 f5
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000d0 : 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000c0 : ff ff ff ff ff ff ff ff ff ff ff ff 00 30 31 30
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000b0 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000a0 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000090 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000080 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000070 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000060 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000050 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000040 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000030 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000020 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000010 : ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000000 : 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(251)] Logging array of length: 256
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:ERROR:delta_performer.cc(861)] Computed Signature:
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000f0 : 6f 1e c4 e8 66 1f 8b 31 db 78 ac 9b 69 04 bd 5a
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000e0 : 3c 4c 71 bf a5 d6 47 86 05 e0 f5 d8 30 98 0b 90
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000d0 : b0 c7 3e 2d 29 23 88 7f 9b 8a e4 a4 de 39 1e 01
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000c0 : 7b 17 de 97 99 d4 89 07 c7 39 10 eb 50 ca 7d 9d
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000b0 : 32 e2 e8 07 ae 07 cf 77 c6 9a 46 6d f3 c9 ac 44
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x000000a0 : 87 01 10 cd 40 ce ce 49 b2 8e bf aa d0 57 06 26
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000090 : 94 4c ce 4c 91 df 4a 8c 37 1a 13 7f c8 7f 5a 72
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000080 : 36 9c 8a b3 20 09 b8 95 ae 10 e9 3e 8b 63 62 e9
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000070 : f4 29 63 42 2a 09 28 dd 3f 8c 5a 0a 4d 68 e2 ee
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000060 : 65 2c ce 16 1b 21 25 03 e2 80 89 c6 76 67 d7 74
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000050 : 40 9f be e9 e9 2b 2c e1 72 11 b9 30 05 2d 08 a8
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000040 : 38 88 23 c3 e1 d6 49 42 05 10 db ca 32 89 f0 ad
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000030 : 8b 16 98 92 7c 2c 11 6a 0a bd 55 97 e6 18 1b 3b
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000020 : 41 7e 2d 3a 16 19 d7 48 1e 98 07 80 17 77 f5 af
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000010 : aa ea 13 e6 f4 c0 d8 de ed 7a 3e 3b 9e 3b 04 f8
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(268)] 0x00000000 : 58 a4 b9 9e 5f 63 27 f3 79 b3 9d 52 54 a5 4b 07
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:utils.cc(251)] Logging array of length: 256
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:ERROR:delta_performer.cc(858)] Public key verification failed, thus update failed. Attached Signature:
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:payload_signer.cc(265)] signature size = 528
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:delta_performer.cc(821)] Verifying delta payload using public key: /usr/share/update_engine/update-payload-ke
Aug 04 09:02:52 coreos update_engine[562]: [0804/090252:INFO:update_attempter.cc(597)] Download status: inactive
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:multi_range_http_fetcher.cc(141)] Done w/ all transfers
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:multi_range_http_fetcher.cc(107)] TransferEnded w/ code 200
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:multi_range_http_fetcher.cc(150)] Received transfer complete.
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:libcurl_http_fetcher.cc(318)] Transfer completed (200), 217528649 bytes downloaded
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:libcurl_http_fetcher.cc(261)] HTTP response code: 200
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:delta_performer.cc(153)] Completed 1017/1017 operations (100%), 217528649/217528649 bytes downloaded (100%),
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:delta_performer.cc(738)] Extracted signature data of size 528 at 217471746
Aug 04 09:02:51 coreos update_engine[562]: [0804/090251:INFO:delta_performer.cc(767)] Skipping hash verification for signature operation 1017
Aug 04 09:02:42 coreos update_engine[562]: [0804/090242:INFO:delta_performer.cc(153)] Completed 903/1017 operations (88%), 200129083/217528649 bytes downloaded (92%), ove
Aug 04 09:02:35 coreos update_engine[562]: [0804/090235:INFO:delta_performer.cc(153)] Completed 782/1017 operations (76%), 182729275/217528649 bytes downloaded (84%), ove
Aug 04 09:02:29 coreos update_engine[562]: [0804/090229:INFO:delta_performer.cc(153)] Completed 684/1017 operations (67%), 160971323/217528649 bytes downloaded (74%), ove
Aug 04 09:02:22 coreos update_engine[562]: [0804/090222:INFO:delta_performer.cc(153)] Completed 611/1017 operations (60%), 131553851/217528649 bytes downloaded (60%), ove
Aug 04 09:02:11 coreos update_engine[562]: [0804/090211:INFO:delta_performer.cc(153)] Completed 509/1017 operations (50%), 112007739/217528649 bytes downloaded (51%), ove
Aug 04 09:02:03 coreos update_engine[562]: [0804/090203:INFO:delta_performer.cc(153)] Completed 416/1017 operations (40%), 87013947/217528649 bytes downloaded (40%), over
Aug 04 09:01:59 coreos update_engine[562]: [0804/090159:INFO:delta_performer.cc(153)] Completed 346/1017 operations (34%), 60193339/217528649 bytes downloaded (27%), over
Aug 04 09:01:53 coreos update_engine[562]: [0804/090153:INFO:delta_performer.cc(153)] Completed 204/1017 operations (20%), 45529659/217528649 bytes downloaded (20%), over
Aug 04 09:01:45 coreos update_engine[562]: [0804/090145:INFO:delta_performer.cc(153)] Completed 96/1017 operations (9%), 26106427/217528649 bytes downloaded (12%), overal
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:delta_performer.cc(404)] Starting to apply update payload operations
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:delta_performer.cc(940)] Verifying source partitions.
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:delta_performer.cc(277)] PartitionInfo new_rootfs_info sha256: Opa16PO0hOn0JqGW7V7sLgqWZE/EC4G40BDF5gM27ds= s
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:delta_performer.cc(153)] Completed 0/? operations, 294/217528649 bytes downloaded (0%), overall progress 0%
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:libcurl_http_fetcher.cc(448)] Setting up timeout source: 1 seconds.
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:libcurl_http_fetcher.cc(185)] Setting up curl options for HTTPS
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:libcurl_http_fetcher.cc(51)] We are connected via Ethernet, Updates allowed: Yes
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:libcurl_http_fetcher.cc(62)] Starting/Resuming transfer
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:multi_range_http_fetcher.cc(57)] starting transfer of range 0+?
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:multi_range_http_fetcher.cc(29)] starting first transfer
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:update_attempter.cc(597)] Download status: active
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:install_plan.cc(52)] InstallPlan: , new_update, url: https://update.release.core-os.net/amd64-usr/1068.8.0/up
Aug 04 09:01:35 coreos update_engine[562]: [0804/090135:INFO:action_processor.cc(82)] ActionProcessor::ActionComplete: finished OmahaRequestAction, starting DownloadActio
Aug 04 09:01:35 coreos update_engine[562]: </response>
因此,我打算在这台机器上手动更新 OpenSSL。我尝试用谷歌搜索,但更新 CoreOS 似乎是唯一的方法。我尝试dnf -y install opensssl按照在 ubuntu 上安装的方式进行安装:如果不存在则安装,否则更新。但是,这台机器上没有安装 dnf。我也尝试过使用 yum,但 yum 也不存在。
如何更新本机上的 openssl?
答案1
与许多其他 Linux 不同,CoreOS 没有包管理器。根文件系统作为一个原子映像提供。用户部署的应用程序通常部署在基于Linux的容器中,例如systemd-nspawn、Docker、rkt、runc等。
updateservicectl是一个用于管理的工具奥马哈提供更新有效负载的服务器。在这种情况下,您已经使用了正确的工具 - update_engine_client。
当某个版本的 CoreOS 启动时,它的更新应该会自动发生(除非它们已被禁用)。从而查看当前的version(不一定)在启动时部署的版本运行命令:
$ cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1576.1.0
VERSION_ID=1576.1.0
BUILD_ID=2017-10-26-0503
PRETTY_NAME="Container Linux by CoreOS 1576.1.0 (Ladybug)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"
最后,您提到您的版本是493.0.0+2014-11-14-1501.通常,它+2014-11-14-1501表示开发版本或从头开始编译的版本。类似的图像可能不会将 GPG 公钥嵌入其中,以从日志中引用的主机接收更新update.release.core-os.net。这给你留下了两个选择:
如果您自己构建映像,请使用 SDK 使用您需要的更新包生成新的更新有效负载,并通过 SDK 中包含的开发 Omaha 服务器为其提供服务。这只是一个cherryPy实用程序,运行起来很简单。
将主机更新为生产映像。通常不应这样做,而应重新部署主机。为此,我们应该识别当前用于服务器的分区
/usr并参考 CoreOS 分区布局来选择不活跃的分割。从那里可以手动下载update.gz文件并将其应用dd到正确的分区。故意不提供明确的复制粘贴说明。如果这没有意义,那么您很可能会破坏操作系统并导致灾难性的数据丢失。
实际上,最好的方法是标记任何正在运行的容器并将它们推送到注册表,备份云配置(由于部署的时代)并重新部署。如果您想最大程度地减少偏差并观察更新过程的发生,您甚至可以从版本开始494.0.0。