Ansible:为phpfpm设置Web源失败

2024-06-08 23:04:01 发布

您现在位置:Python中文网/ 问答频道 /正文
1598 3

我正在尝试在ansible playbook中为php fpm设置WebStatic yum源代码

我的代码是:

- name: Setup webtatic yum source for php-fpm
  yum: name=https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

它失败并出现以下错误:

fatal: [test.example.com]: FAILED! => {"changed": false, "msg": "**Failed to validate the SSL certificate for mirror.webtatic.com:443. Make sure your managed systems have a valid CA certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended.** Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible. The exception msg was: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:618)."}

我怎样才能写对呢


Tags: tonamecomformirroretcmsgcertificate
2条回答
网友
1楼 · 编辑于 2024-06-08 23:04:01

当托管节点未安装CA根证书捆绑包时,往往会发生这种情况

一个可能的修复方法是在尝试安装rpm之前验证它是否存在:

- name: Setup webtatic yum source for php-fpm
  yum:
    name: "{{ packages }}"
  vars:
    packages:
    - ca-certificates # This package contains the required CA root certificate bundle 
    - https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
网友
2楼 · 编辑于 2024-06-08 23:04:01

如果同步不正确,问题根源可能在您的本地时间。

我假设您已经安装了ca-certificates

CA证书问题有时与不正确的时间有关

openssl s_client -host mirror.webtatic.com -port 443 \
    -CAfile /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt

查找Verify return code: 9 (certificate is not yet valid)notBefore=...

请尝试安装ntpntpdate软件包,然后同步您的时间。CentOS有一个如何实现的示例:https://thebackroomtech.com/2019/01/17/configure-centos-to-sync-with-ntp-time-servers/

如果问题是由于时间不同步造成的,这应该可以解决问题

相关问题 更多 >

    编程相关推荐