单容器rancher证书过期解决
2.2版本的rancher证书过期,docker会频繁重启报错:08:51:46.160121 I | http: TLS handshake error from 127.0.0.1:33140: remote error: tls: bad certificateE0814 08:51:46.1602126 reflector.go:134] k8s.io/client-go/informer
·
2.2版本的rancher证书过期,docker会频繁重启报错:
08:51:46.160121 I | http: TLS handshake error from 127.0.0.1:33140: remote error: tls: bad certificate
E0814 08:51:46.160212 6 reflector.go:134] k8s.io/client-go/informers/factory.go:127: Failed to list *v1.ReplicationController: Get https://localhost:6443/api/v1/replicationcontrollers?limit=500&resourceVersion=0: x509: certificate has expired or is not yet valid
解决方法如下:
关闭时间自动同步,将时间调整到稍早一些、还能正常使用的日期
# 关闭ntp同步,防止时间自动更新回来
timedatectl set-ntp false
# 修改节点时间
timedatectl set-time '2020-07-01 00:00:00'
通过docker ps|grep rancher命令,获得rancher的容器id,如xxx:
rancher_server_id=xxx
docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.crt /var/lib/rancher/management-state/tls/localhost.crt-bak
docker exec -ti ${rancher_server_id} mv /var/lib/rancher/management-state/tls/localhost.key /var/lib/rancher/management-state/tls/localhost.key-bak
docker restart ${rancher_server_id}
重新开启时间同步,并同步到正常的日期,并重启rancher的容器:
timedatectl set-ntp yes //开启时间动态更新
ntpdate ntp3.aliyun.com
docker restart ${rancher_server_id}
重启后,就能看到rancher恢复正常了
更多推荐
已为社区贡献12条内容
所有评论(0)