0

我安装了一个流浪插件“vagrant-certificates”并将以下配置添加到我的 ~/.vagrant.d/Vagrantfile

if !['plugin', 'box'].include? ARGV[0]
    unless Vagrant.has_plugin?("vagrant-ca-certificates")
      raise "Missing required plugin 'vagrant-certificates', run `vagrant plugin install vagrant-certificates`\n"
    end
end

config.certificates.enabled = true
config.certificates.certs = Dir.glob('/home/myhomedirectory/.vagrant.d/*.crt')

并且插件不会运行。我认识的其他使用该插件的人在运行 vagrant up 时会得到以下输出:

==> machine: Uploading root certificates to guest instance...
==> machine: -- /var/folders/mb/1pt7p7zd4q736lq4vdq_309w0000gn/T/vagrant-certificates20200122-60457- 
wop57o => /usr/share/ca-certificates/private/BA%20ROOT.crt
==> machine: -- /var/folders/mb/1pt7p7zd4q736lq4vdq_309w0000gn/T/vagrant-certificates20200122-60457- 
3v8nhs => /usr/share/ca-certificates/private/BA%20NPE%20CA-3%281%29.crt
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

但我没有看到与证书相关的输出:

在此处输入图像描述

我收到一个 ssl 错误,表明我需要的证书尚未安装。有人可以帮我调试吗?

编辑:我尝试指定证书的其他方式:

config.certificates.certs = [
  "./certROOT.crt",
  "./certNPE_CA_3.crt"
]

config.certificates.certs = [
  "http://pki.mycorp.org/certs/certROOT.crt",
  "http://pki.mycorp.org/certs/certNPE_CA_3.crt"
]

编辑 2: vagrant up --debug 2>&1 >/dev/null | 的输出 grep -i 证书

 INFO manager:   - vagrant-certificates = [installed: 2.0.0 constraint: > 0]
DEBUG bundler: Current generated plugin dependency list: [<Gem::Dependency type=:runtime name="vagrant-certificates" requirements="= 2.0.0">]
DEBUG bundler: Activating solution set: ["vagrant-certificates-2.0.0"]
DEBUG bundler: Activating gem vagrant-certificates-2.0.0
 INFO manager: Loading plugin `vagrant-certificates` with default require: `vagrant-certificates`
 INFO manager: Registered plugin: vagrant-certificates
DEBUG manager: Successfully loaded plugin `vagrant-certificates`.
 INFO manager:   - vagrant-certificates = [installed: 2.0.0 constraint: > 0]
DEBUG bundler: Current generated plugin dependency list: [<Gem::Dependency type=:runtime name="vagrant-certificates" requirements="= 2.0.0">]
DEBUG bundler: Activating solution set: ["vagrant-certificates-2.0.0"]
DEBUG bundler: Activating gem vagrant-certificates-2.0.0
 INFO manager: Loading plugin `vagrant-certificates` with default require: `vagrant-certificates`
DEBUG manager: Successfully loaded plugin `vagrant-certificates`.
 INFO warden: Calling IN action: #<VagrantPlugins::Certificates::Action::InstallCertificates:0x0000000002eea438>
 INFO warden: Calling OUT action: #<VagrantPlugins::Certificates::Action::InstallCertificates:0x0000000002eea438>
DEBUG subprocess: stdout: fatal: [k8s-master]: FAILED! => {"changed": false, "msg": "Failed to validate the SSL certificate for packages.cloud.google.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended. Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificat

s/cacert.org、/etc/ansible。异常消息是:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:590)。“}信息接口:详细信息:致命:[k8s-master]:失败!=> {“更改”:false,“消息” :“无法验证 packages.cloud.google.com:443 的 SSL 证书。确保您的托管系统安装了有效的 CA 证书。如果您不需要确认服务器身份,则可以使用 validate_certs=False,但这是不安全的,不推荐。为此平台检查的路径:/etc/ssl/certs、/etc/pki/ca-trust/extracted/pem、/etc/pki/tls/certs、/usr/share/ca-certificates/cacert.org、/etc /可靠的。异常消息是:[SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:590)。"}

4

0 回答 0