ΠΠ΅ΡΡΠΈΡ ΠΊΠ°Π±ΠΈΠ½Ρ: 251-1 amd64
ΠΠ‘: Ubuntu 20.20 Linux gen8 5.4.0-26-generic #30-Ubuntu SMP Mon Apr 20 16:58:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Π― ΡΡΡΠ°Π½ΠΎΠ²ΠΈΠ» ΠΊΠ°Π±ΠΈΠ½Ρ Π½Π° Gen8 Ρ ΡΠ΅Ρ
ΠΏΠΎΡ, ΠΊΠ°ΠΊ Π±ΡΠ» ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ Π½ΠΎΠ²ΡΠΉ Ubuntu 20.20, ΠΈ Π·Π°ΠΏΡΡΠΊΠ°Π» ΠΊΠ°Π±ΠΈΠ½Ρ Ρ ΠΎΡΠΈΠ±ΠΊΠΎΠΉ SSL. ΠΠΎΡΡΠΎΠΌΡ Ρ ΠΏΠΎΠΏΡΡΠ°Π»ΡΡ ΠΏΠ΅ΡΠ΅ΡΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ ΠΊΠ°Π±ΠΈΠ½Ρ, ΡΡΠΎΠ±Ρ ΠΈΡΠΏΡΠ°Π²ΠΈΡΡ ΡΡΡ ΠΎΡΠΈΠ±ΠΊΡ Π½Π΅Π΄ΠΎΠΏΡΡΡΠΈΠΌΠΎΠ³ΠΎ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ°. ΠΠΎ ΠΏΠΎΡΠ»Π΅ ΡΡΠΎΠ³ΠΎ Ρ Π±ΠΎΠ»ΡΡΠ΅ Π½Π΅ ΠΌΠΎΠ³Ρ Π·Π°ΠΏΡΡΠΊΠ°ΡΡ ΠΊΠ°Π±ΠΈΠ½Ρ Ρ sudo systemctl start cockpit
.
$ sudo systemctl status cockpit
β cockpit.service - Cockpit Web Service
Loaded: loaded (/lib/systemd/system/cockpit.service; static; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-05-21 04:06:34 UTC; 7min ago
TriggeredBy: β cockpit.socket
Docs: man:cockpit-ws(8)
Process: 563960 ExecStartPre=/usr/sbin/remotectl certificate --ensure --user=root --group=cockpit-ws --selinux-type= (code=exited, status=0/SUCCESS)
Process: 563961 ExecStart=/usr/lib/cockpit/cockpit-tls (code=exited, status=1/FAILURE)
Main PID: 563961 (code=exited, status=1/FAILURE)
May 21 04:06:34 gen8 systemd[1]: cockpit.service: Main process exited, code=exited, status=1/FAILURE
May 21 04:06:34 gen8 systemd[1]: cockpit.service: Failed with result 'exit-code'.
May 21 04:06:34 gen8 systemd[1]: Starting Cockpit Web Service...
May 21 04:06:34 gen8 systemd[1]: Started Cockpit Web Service.
May 21 04:06:34 gen8 cockpit-tls[563961]: cockpit-tls: Could not locate server certificate: Error loading certificates from /etc/cockpit/ws-certs.d: Permission denied
May 21 04:06:34 gen8 systemd[1]: cockpit.service: Main process exited, code=exited, status=1/FAILURE
May 21 04:06:34 gen8 systemd[1]: cockpit.service: Failed with result 'exit-code'.
May 21 04:06:34 gen8 systemd[1]: cockpit.service: Start request repeated too quickly.
May 21 04:06:34 gen8 systemd[1]: cockpit.service: Failed with result 'exit-code'.
May 21 04:06:34 gen8 systemd[1]: Failed to start Cockpit Web Service.
$ journalctl -u cockpit
-- Logs begin at Mon 2020-05-04 05:17:32 UTC, end at Thu 2020-05-21 04:24:00 UTC. --
May 15 14:09:28 gen8 systemd[1]: Starting Cockpit Web Service...
May 15 14:09:28 gen8 remotectl[527778]: Generating temporary certificate using: sscg --quiet --lifetime 3650 --key-strength 2048 --cert-key-file /etc/cockpit/ws-certs.d/0-self-signed.cert --cert-file /etc/cockpit/ws-certs.d/0-self-signed>
May 15 14:09:28 gen8 remotectl[527778]: Error generating temporary dummy cert using sscg, falling back to openssl
May 15 14:09:28 gen8 remotectl[527778]: Generating temporary certificate using: openssl req -x509 -days 36500 -newkey rsa:2048 -keyout /etc/cockpit/ws-certs.d/0-self-signed.347AK0.tmp -keyform PEM -nodes -out /etc/cockpit/ws-certs.d/0-se>
May 15 14:09:28 gen8 systemd[1]: Started Cockpit Web Service.
May 15 14:10:58 gen8 systemd[1]: cockpit.service: Succeeded.
May 15 14:19:34 gen8 systemd[1]: Starting Cockpit Web Service...
May 15 14:19:34 gen8 systemd[1]: Started Cockpit Web Service.
May 15 14:19:57 gen8 systemd[1]: Stopping Cockpit Web Service...
May 15 14:19:57 gen8 systemd[1]: cockpit.service: Succeeded.
May 15 14:19:57 gen8 systemd[1]: Stopped Cockpit Web Service.
May 15 14:23:23 gen8 systemd[1]: Starting Cockpit Web Service...
May 15 14:23:23 gen8 systemd[1]: Started Cockpit Web Service.
May 15 14:24:53 gen8 systemd[1]: cockpit.service: Succeeded.
May 15 14:24:56 gen8 systemd[1]: Starting Cockpit Web Service...
May 15 14:24:56 gen8 systemd[1]: Started Cockpit Web Service.
May 15 14:25:15 gen8 cockpit-tls[529527]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:25:46 gen8 cockpit-tls[529527]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:25:46 gen8 cockpit-tls[529527]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:27:16 gen8 systemd[1]: cockpit.service: Succeeded.
May 15 14:38:02 gen8 systemd[1]: Starting Cockpit Web Service...
May 15 14:38:02 gen8 systemd[1]: Started Cockpit Web Service.
May 15 14:38:02 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:38:03 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:38:03 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:38:03 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:38:11 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:38:11 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:38:11 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:39:24 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: Decryption has failed.
May 15 14:39:28 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: Decryption has failed.
May 15 14:39:32 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: Decryption has failed.
May 15 14:39:37 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:39:37 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:40:40 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:40:40 gen8 cockpit-tls[530315]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received.
May 15 14:42:10 gen8 systemd[1]: cockpit.service: Succeeded.
May 20 07:34:15 gen8 systemd[1]: Starting Cockpit Web Service...
May 20 07:34:15 gen8 systemd[1]: Started Cockpit Web Service.
May 20 07:35:53 gen8 systemd[1]: cockpit.service: Succeeded.
May 20 07:40:42 gen8 systemd[1]: Starting Cockpit Web Service...
May 20 07:40:42 gen8 systemd[1]: Started Cockpit Web Service.
May 20 07:42:12 gen8 systemd[1]: cockpit.service: Succeeded.
May 20 07:45:38 gen8 systemd[1]: Starting Cockpit Web Service...
May 20 07:45:38 gen8 systemd[1]: Started Cockpit Web Service.
May 20 07:47:39 gen8 systemd[1]: cockpit.service: Succeeded.
May 20 08:03:05 gen8 systemd[1]: Starting Cockpit Web Service...
May 20 08:03:05 gen8 systemd[1]: Started Cockpit Web Service.
May 20 08:03:12 gen8 cockpit-tls[559075]: cockpit-tls: gnutls_handshake failed: Decryption has failed.
May 20 08:03:42 gen8 cockpit-tls[559075]: cockpit-tls: gnutls_handshake failed: Decryption has failed.
May 20 08:05:12 gen8 systemd[1]: cockpit.service: Succeeded.
May 20 08:09:23 gen8 systemd[1]: Starting Cockpit Web Service...
May 20 08:09:23 gen8 systemd[1]: Started Cockpit Web Service.
May 20 08:10:53 gen8 systemd[1]: cockpit.service: Succeeded.
$ sudo ls -al /etc/cockpit
drwx------ 2 root root 4096 May 21 04:04 ws-certs.d
$ sudo ls -al /etc/cockpit/ws-certs.d
-rw-r----- 1 root cockpit-ws 2853 May 21 04:04 0-self-signed.cert
Π― Π΄ΡΠΌΠ°Ρ, ΡΡΠΎ Ρ ΠΌΠΎΠ΅ΠΉ ΠΏΠ°ΠΏΠΊΠΎΠΉ / etc / cockpit ΡΡΠΎ-ΡΠΎ ΡΡΡΠ°Π½Π½ΠΎ, Π½ΠΎ ΠΏΠΎΠ½ΡΡΠΈΡ Π½Π΅ ΠΈΠΌΠ΅Ρ, ΡΡΠΎ Ρ Π½Π΅ΠΉ Π΄Π΅Π»Π°ΡΡ.
@kxxoling : ΠΠ΅ΡΠ½ΠΎ, ΠΏΠ°ΠΏΠΊΠ° /etc/cockpit/ws-certs.d/ Π΄ΠΎΡΡΡΠΏΠ½Π° ΡΠΎΠ»ΡΠΊΠΎ Π΄Π»Ρ root. ΠΡΠΎ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ 0755. ΠΠ°Ρ Π½Π΅Ρ ΠΊΠ°ΠΊΠΎΠΉ-ΡΠΎ ΠΏΡΠΎΠ±Π»Π΅ΠΌΠΎΠΉ umask - Ρ Π²Π°Ρ ΠΎΡΠ΅Π½Ρ ΡΡΠ³Π°Ρ Π΄Π»Ρ root, Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ 077?
@martinpitt Π― ΠΏΠΎΠΏΡΡΠ°Π»ΡΡ ΡΠΈΡΡΠΎ ΠΏΠ΅ΡΠ΅ΡΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ /etc/cockpit
ΠΏΠ°ΠΏΠΊΠ° machines.d
ΠΏΠΎΠ΄ /etc/cockpit
ΡΡΠ΄ΠΎΠΌ Ρ ws-certs.d
. Π ΡΠ΅ΠΏΠ΅ΡΡ cockpit-ws Π·Π°ΠΏΡΡΠΊΠ°Π΅ΡΡΡ Ρ
ΠΎΡΠΎΡΠΎ, Π·Π° ΠΈΡΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ΠΌ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ https:
$ curl https://localhost:9090
curl: (60) SSL certificate problem: self signed certificate
Π Π°Π·Π²Π΅ 0-self-signed.cert
ΡΠ²Π»ΡΠ΅ΡΡΡ ΡΡΠΈΠ΄ΠΈΡΠ΅ΡΠΊΠΈΠΌ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠΌ CA? ΠΠ»ΠΈ Ρ Π΄ΠΎΠ»ΠΆΠ΅Π½ ΡΠ°ΠΌ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΈΠ²Π°ΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ?
@kxxoling : ΡΠΈΠ½ΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈ ΡΡΠΎ Π΄Π΅ΠΉΡΡΠ²ΠΈΡΠ΅Π»ΡΠ½ΡΠΉ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ, Π½ΠΎ, ΠΊΠ°ΠΊ ΡΠ»Π΅Π΄ΡΠ΅Ρ ΠΈΠ· Π½Π°Π·Π²Π°Π½ΠΈΡ, ΠΎΠ½ ΡΠ°ΠΌΠΎΠΏΠΎΠ΄ΠΏΠΈΡΠ°Π½Π½ΡΠΉ. Π’Π°ΠΊΠΈΠΌ ΠΎΠ±ΡΠ°Π·ΠΎΠΌ, curl (ΠΊΠ°ΠΊ ΠΈ Π²Π°Ρ Π±ΡΠ°ΡΠ·Π΅Ρ) Π½Π΅ ΠΏΡΠΈΠ½ΠΈΠΌΠ°Π΅Ρ Π΅Π³ΠΎ ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ. ΠΡ ΠΌΠΎΠΆΠ΅ΡΠ΅ Π² Π»ΡΠ±ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ ΠΏΡΠΈΠ½ΡΡΡ Π΅Π³ΠΎ ( curl -k
ΠΈΠ»ΠΈ Π½Π°ΠΆΠ°ΡΡ ΠΊΠ½ΠΎΠΏΠΊΡ Π² Π±ΡΠ°ΡΠ·Π΅ΡΠ΅) ΠΈΠ»ΠΈ, ΡΡΠΎ Π»ΡΡΡΠ΅, Π΄ΠΎΠ±Π°Π²ΠΈΡΡ ΡΠ²ΠΎΠΉ ΡΠΎΠ±ΡΡΠ²Π΅Π½Π½ΡΠΉ .
@martinpitt Π― ΠΏΠΎΠ½ΡΠ». ΠΠΌΠ΅ΡΡΠΎ ΡΡΠΎΠ³ΠΎ Ρ ΠΏΠΎΠΏΡΠΎΠ±ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΠΏΠΎΠ΄ΠΏΠΈΡΠ°Π½Π½ΡΠΉ Let's Encrypt. ΠΡΠΎ ΠΌΠΎΠΆΠ΅Ρ ΡΠ΅ΡΠΈΡΡ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Ρ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠΎΠΌ.
ΠΡΠΈΠ±ΠΊΠ° Π·Π°ΠΏΡΡΠΊΠ° ΡΠ»ΡΠΆΠ±Ρ ΠΌΠΎΠΆΠ΅Ρ Π±ΡΡΡ Π²ΡΠ·Π²Π°Π½Π° ΠΌΠΎΠ΅ΠΉ ΡΠ»ΡΡΠ°ΠΉΠ½ΠΎΡΡΡΡ, Π½ΠΎ ΠΏΠΎΠ»Π½Π°Ρ ΠΏΠ΅ΡΠ΅ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΠΌΠΎΠΆΠ΅Ρ ΡΠ΅ΡΠΈΡΡ Π΅Π΅. Π’Π°ΠΊ ΡΡΠΎ Π·Π°ΠΊΡΠΎΡ ΡΡΠΎΡ Π²ΡΠΏΡΡΠΊ.
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° ΠΏΠΎΠΌΠΎΡΡ! @martinpitt : D
Π‘Π°ΠΌΡΠΉ ΠΏΠΎΠ»Π΅Π·Π½ΡΠΉ ΠΊΠΎΠΌΠΌΠ΅Π½ΡΠ°ΡΠΈΠΉ
@kxxoling : ΡΠΈΠ½ΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈ ΡΡΠΎ Π΄Π΅ΠΉΡΡΠ²ΠΈΡΠ΅Π»ΡΠ½ΡΠΉ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ, Π½ΠΎ, ΠΊΠ°ΠΊ ΡΠ»Π΅Π΄ΡΠ΅Ρ ΠΈΠ· Π½Π°Π·Π²Π°Π½ΠΈΡ, ΠΎΠ½ ΡΠ°ΠΌΠΎΠΏΠΎΠ΄ΠΏΠΈΡΠ°Π½Π½ΡΠΉ. Π’Π°ΠΊΠΈΠΌ ΠΎΠ±ΡΠ°Π·ΠΎΠΌ, curl (ΠΊΠ°ΠΊ ΠΈ Π²Π°Ρ Π±ΡΠ°ΡΠ·Π΅Ρ) Π½Π΅ ΠΏΡΠΈΠ½ΠΈΠΌΠ°Π΅Ρ Π΅Π³ΠΎ ΠΏΠΎ ΡΠΌΠΎΠ»ΡΠ°Π½ΠΈΡ. ΠΡ ΠΌΠΎΠΆΠ΅ΡΠ΅ Π² Π»ΡΠ±ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ ΠΏΡΠΈΠ½ΡΡΡ Π΅Π³ΠΎ (
curl -k
ΠΈΠ»ΠΈ Π½Π°ΠΆΠ°ΡΡ ΠΊΠ½ΠΎΠΏΠΊΡ Π² Π±ΡΠ°ΡΠ·Π΅ΡΠ΅) ΠΈΠ»ΠΈ, ΡΡΠΎ Π»ΡΡΡΠ΅, Π΄ΠΎΠ±Π°Π²ΠΈΡΡ ΡΠ²ΠΎΠΉ ΡΠΎΠ±ΡΡΠ²Π΅Π½Π½ΡΠΉ .