主页
产品
OpenShift Container Platform
4.19
托管 control plane
15.9. 代理服务失败，代理服务失败，代理没有加入集群

15.9. 代理服务失败，代理服务失败，代理没有加入集群

在某些情况下，代理可能会在引导带有引导工件的机器后无法加入集群。您可以通过检查 agent.service 日志中的以下错误来确认这个问题：

Error: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists

Error: copying system image from manifest list: Source image rejected: A signature was required, but no signature exists

Copy to Clipboard

Toggle word wrap

注意

出现这个问题的原因是，在没有签名时镜像签名验证会失败。作为临时解决方案，您可以通过修改容器策略来禁用签名验证。

流程

在 InfraEnv 清单中添加 ignitionConfigOverride 字段，以覆盖 /etc/containers/policy.json 文件。这会禁用容器镜像的签名验证。

根据您的镜像 registry，将 ignitionConfigOverride 中的 base64 编码内容替换为所需的 /etc/containers/policy.json 配置。

Example

{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports": {
        "docker": {
            "<REGISTRY1>": [
                {
                    "type": "insecureAcceptAnything"
                }
            ],
            "REGISTRY2": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "docker-daemon": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        }
    }
}

{
    "default": [
        {
            "type": "insecureAcceptAnything"
        }
    ],
    "transports": {
        "docker": {
            "<REGISTRY1>": [
                {
                    "type": "insecureAcceptAnything"
                }
            ],
            "REGISTRY2": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        },
        "docker-daemon": {
            "": [
                {
                    "type": "insecureAcceptAnything"
                }
            ]
        }
    }
}

Copy to Clipboard

Toggle word wrap

带有 ignitionConfigOverride的 InfraEnv 清单示例

apiVersion: agent-install.openshift.io/v1beta1
kind: InfraEnv
metadata:
  name: <hosted_cluster_name>
  namespace: <hosted_control_plane_namespace>
spec:
  cpuArchitecture: s390x
  pullSecretRef:
    name: pull-secret
  sshAuthorizedKey: <ssh_public_key>
  ignitionConfigOverride: '{"ignition":{"version":"3.2.0"},"storage":{"files":[{"path":"/etc/containers/policy.json","mode":420,"overwrite":true,"contents":{"source":"data:text/plain;charset=utf-8;base64,ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6CiAgICAgICAgewogICAgICAgICAgICAiZG9ja2VyLWRhZW1vbiI6CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIiI6IFt7InR5cGUiOiJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIn1dCiAgICAgICAgICAgICAgICB9CiAgICAgICAgfQp9"}}]}}'

apiVersion: agent-install.openshift.io/v1beta1
kind: InfraEnv
metadata:
  name: <hosted_cluster_name>
  namespace: <hosted_control_plane_namespace>
spec:
  cpuArchitecture: s390x
  pullSecretRef:
    name: pull-secret
  sshAuthorizedKey: <ssh_public_key>
  ignitionConfigOverride: '{"ignition":{"version":"3.2.0"},"storage":{"files":[{"path":"/etc/containers/policy.json","mode":420,"overwrite":true,"contents":{"source":"data:text/plain;charset=utf-8;base64,ewogICAgImRlZmF1bHQiOiBbCiAgICAgICAgewogICAgICAgICAgICAidHlwZSI6ICJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIgogICAgICAgIH0KICAgIF0sCiAgICAidHJhbnNwb3J0cyI6CiAgICAgICAgewogICAgICAgICAgICAiZG9ja2VyLWRhZW1vbiI6CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgIiI6IFt7InR5cGUiOiJpbnNlY3VyZUFjY2VwdEFueXRoaW5nIn1dCiAgICAgICAgICAgICAgICB9CiAgICAgICAgfQp9"}}]}}'

Copy to Clipboard

Toggle word wrap

返回顶部

15.9. 代理服务失败，代理服务失败，代理没有加入集群

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links