我正在使用 MongoDB 企业运营商。 创建了 mongodb opsmanager。
使用 Mongodb CRD 创建 MongoDB 资源。下面给出
apiVersion: mongodb.com/v1
kind: MongoDB
metadata:
name: mongo-dev
namespace: mongodb-workspace
spec:
credentials: my-org-apikey
members: 3
opsManager:
configMapRef:
name: my-org-id
type: ReplicaSet
podSpec:
cpu: '4'
memory: '6G'
version: 5.0.18-ent
security:
tls:
enabled: true
ca: custom-ca
authentication:
enabled: true
modes: ["SCRAM"]
以下是我创建自签名证书所遵循的步骤。
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=*.svc.cluster.local" -days 3650 -reqexts v3_req -extensions v3_ca -out ca.crt
oc 创建秘密 tls ca-key-pair --cert=ca.crt --key=ca.key
oc apply -f cert-manager.yaml
oc apply -f issuesrs.yaml
oc 应用-f 证书.yaml
oc 获取秘密 mongo-dev-0 -o jsonpath='{.data.tls.crt}{.data.tls.key}' | base64 --解码 > mongo-dev-0-pem && \
oc 获取秘密 mongo-dev-1 -o jsonpath='{.data.tls.crt}{.data.tls.key}' | base64 --解码 > mongo-dev-1-pem && \
oc 获取秘密 mongo-dev-2 -o jsonpath='{.data.tls.crt}{.data.tls.key}' | base64 --解码 > mongo-dev-2-pem
oc 创建秘密通用 mongo-dev-cert --from-file=mongo-dev-0-pem --from-file=mongo-dev-1-pem --from-file=mongo-dev-2-pem
cat ca.crt > ca-pem
oc 创建 configmap 自定义 ca --from-file=ca-pem
oc 应用-f mongodb-rs.yaml
mongodb 副本集协调后,我收到类似错误。
代理日志消息给出错误
未能应用操作。结果=: [15:07:48.267]启动mongod时出错:[15:07:48.267] 运行启动命令时出错。 cmd=[Args=[/var/lib/mongodb-mms-automation/mongodb-linux-x86_64-5.0.18-ent/bin/mongod -f /data/automation-mongod.conf]], stip=[args={"net":{"bindIp":"0.0.0.0","port":27017,"tls":{"CAFile":" /mongodb-automation/tls/ca/ca-pem","allowConnectionsWithoutCertificates":true,"certificateKeyFile":"/mongodb-automation/tls/","mode":"preferTLS"}},"replication":{" replSetName":"mongodb-dev"},"storage":{"dbPath":"/data"},"systemLog":{"destination":"file","path":"/var/log/mongodb- mms-automation/mongodb.log"}}[],confPath=/data/automation-mongod.conf,version=5.0.18-ent-796abe56bfdbca6968ff570311bf72d93632825b(企业),isKmipRotateMasterKey=false,useOldConfFile=false]
我检查了 pod 终端日志,它显示了。
sh-4.4$ cat /var/log/mongodb-mms-automation/mongodb.log
{"t":{"$date":"2023-09-06T14:27:24.939+00:00"},"s":"E", “c”:“网络”,“id”:23248,“ctx”:“-”,“msg”:“无法读取证书 文件","attr":{"keyFile":"/mongodb-automation/tls/","error":"错误:0909006C:PEM 例程:get_name:无起始行”}} {"t":{"$date":"2023-09-06T14:27:24.941+00:00"},"s":"F", "c":"CONTROL", "id":20574, "ctx":"-","msg":"全局期间出错 初始化","attr":{"error":{"code":140,"codeName":"InvalidSSLConfiguration","errmsg":"可以 未设置 PEM 密钥文件。"}}}
作为参考,我关注了这个博客 https://developer.ibm.com/tutorials/secure-mongo-db-enterprise-on-red-hat-openshift/#5-Generate-Certificates-and-enable-TLS
任何人都可以帮忙吗
我也遇到同样的错误,找到问题了吗?
谢谢 格奥尔基