Dell NativeEdge:故障診斷 NativeEdge Orchestrator 部署期間的憑證問題
Summary: 本文旨在協助故障診斷在 NativeEdge Orchestrator 部署期間記錄的憑證問題,這些憑證會報告錯誤0x016030001。 0x016030001 是使用 docker 與儲存庫通訊失敗時,NativeEdge Orchestrator 安裝程式回報的事件代碼。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
由於憑證問題,部署無法啟動。
場景:
Error response from daemon: Get "https://repository.nativeedge.local/v2/": x509: certificate relies on legacy Common Name field, use SANs instead Login failed. Please check the image registry credentials. Error code: 0x016030001
Error response from daemon: Get "https://repository.nativeedge.local/v2/": Get "https://<ip>/service/token?account=admin&client_id=docker&offline_token=true&service=harbor-registry": tls: failed to verify certificate: x509: certificate signed by unknown authority Login failed. Please check the image registry credentials. Error code: 0x016030001
Error response from daemon: Get "https://repository.nativeedge.local/v2/": Get "https://<ip>/service/tokenaccount=admin&client_id=docker&offline_token=true&service=harbor-registry": tls: failed to verify certificate: x509: cannot validate certificate for <ip> because it doesn't contain any IP SANs Login failed. Please check the image registry credentials. Error code: 0x016030001
Cause
在上述情況下,原因如下:
- 在儲存庫上設定的 SSL 憑證沒有在憑證中設定任何主體替代名稱 (SAN) 欄位,只有舊版通用名稱欄位。
- 檢閱此錯誤時,發現儲存庫在設定期間的 IP 位址設定錯誤,因此當 docker 嘗試將 NativeEdge 安裝程式上傳至儲存庫時,它會查詢不正確的儲存庫。
- 儲存庫上設定的 SSL 憑證並未在其 SAN x509 延伸模組中設定 IP 位址
Resolution
在上述情況下,解決方案如下:
- 更正儲存庫上的憑證,以包含主體別名 (SAN) 資訊
- 正確地重新設定儲存庫,使其使用正確的位址進行通訊
- 更正儲存庫上的憑證,以包含 SAN IP 資訊
Affected Products
NativeEdge Solutions, NativeEdgeArticle Properties
Article Number: 000217449
Article Type: Solution
Last Modified: 22 Jan 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.