Nexus 存储库 OSS 版本:3.63.0-01
我们创建了一个托管 apt 存储库,并且在 apt 更新时不断收到这些消息:
E: Failed to fetch <apt-repo-url>/dists/jammy/InRelease 401 Unauthorized [IP: 10.20.179.21 8081]
E: The repository '<apt-repo-url> jammy InRelease' is not signed.
我在更新自托管 apt 存储库中的 PGP 密钥中看到您可以删除该metadata目录,但我们在 Web 视图中看不到该目录。
我们应该尝试另一个版本还是我们缺少什么?
是的 - 我已经阅读了这个类似的问题和所有答案。不幸的是,那是几年前的事了,所有答案都不再有效。
我正在运行 Ubuntu 服务器 22.04,并安装了mailutils. 在我的第一次安装即将结束时,我在终端中弹出了一个“窗口”(ncurses??),询问我想要执行什么类型的安装。由于无知,我选择了默认的“互联网”,后来才知道适合我情况的正确选择是“卫星”。
我找不到任何方法可以改变这个决定。我现在已多次卸载/删除、清除、重新启动和重新安装mailutils,但该“窗口”不会再次出现。这相当令人沮丧...有谁知道如何纠正这个问题?
FWIW,这是已安装的依赖项的列表:
将安装以下新软件包: gsasl-common guile-3.0-libs libgc1 libgsasl7 libidn12 libltdl7 libmailutils8 libmysqlclient21 libntlm0 libpq5 mailutils mailutils-common mysql-common
使用 deb (apt) 软件包存储库时,有时可以通过 http 浏览它们,以确定不同架构(amd64、arm64 等)上可用的内容。例如,Ubuntu 提供了一个文件列表来帮助浏览存储库
但是,其他来源(例如此 Elastic 存储库)不允许常规浏览。
我唯一的选择似乎是将存储库添加到我的源中(对我的系统进行修改):
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
添加后,运行apt update确认存储库提供arm64软件包(因为我在arm64主机上):
Get:7 https://artifacts.elastic.co/packages/7.x/apt stable/main arm64 Packages [78.8 kB]
但是,我想确认存储库提供的所有可用发布架构,并且我想在不必修改我的主机系统的情况下执行此操作。我怎样才能做到这一点?
在此用例中,我必须启动测试 arm64 主机才能确定软件包是否可用。我真的很想避免将来必须做此类事情,而只需远程浏览回购产品。
non-free根据 Debian 团队最近发布的公告
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.html# ,我想检查从我的服务器上的组件安装了哪些软件包非自由分裂
我简要地调查了一下man dpkg,man apt-cache但找不到我的问题的快速答案。谁能建议一个命令或一个单行?
(我什至不知道main//contrib字段non-free被称为“组件”: https: //wiki.debian.org/SourcesList#Component)
如果新软件包版本高于系统上已安装的版本,是否可以告诉dpkg只安装 a ?.deb
例子:
我htop安装了 3.0.5 版,并尝试3.0.4使用dpkg -i htop-3.0.4-ubuntu.deb. 我想要的行为是dpkg中止。
使用 Ubuntu Focal 窝。我试图为 VPN 安装检查点 ssl 软件,但似乎有些东西弄乱了我的所有证书。现在每当我尝试
sudo apt-get update
我收到以下错误。
Get:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22 InRelease
Ign:1 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22 InRelease
Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22 Release [564 B]
Get:2 file:/var/cudnn-local-repo-ubuntu2004-8.3.1.22 Release [564 B]
Ign:3 https://dl.google.com/linux/chrome/deb stable InRelease
Ign:4 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable InRelease
Err:5 https://dl.google.com/linux/chrome/deb stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 74.125.68.91 443]
Ign:6 https://dl.winehq.org/wine-builds/ubuntu focal InRelease
Ign:7 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable InRelease
Err:8 https://dl.winehq.org/wine-builds/ubuntu focal Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 199.232.46.217 443]
Ign:9 https://packages.microsoft.com/repos/azure-cli focal InRelease
Err:10 https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]
Ign:11 https://packages.microsoft.com/repos/ms-teams stable InRelease
Err:12 https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 172.65.251.78 443]
Err:13 https://packages.microsoft.com/repos/azure-cli focal Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]
Ign:14 https://download.docker.com/linux/ubuntu focal InRelease
Ign:15 https://desktop-download.mendeley.com/download/apt stable InRelease
Err:16 https://packages.microsoft.com/repos/ms-teams stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 40.65.182.21 443]
Err:17 https://download.docker.com/linux/ubuntu focal Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 13.33.33.8 443]
Err:19 https://desktop-download.mendeley.com/download/apt stable Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 162.159.130.86 443]
Ign:20 https://packagecloud.io/AtomEditor/atom/any any InRelease
Ign:21 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 InRelease
Err:22 https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 152.199.39.144 443]
Hit:23 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:24 http://archive.canonical.com/ubuntu focal InRelease
Ign:25 http://repo.vivaldi.com/stable/deb stable InRelease
Hit:26 http://repo.vivaldi.com/stable/deb stable Release
Hit:27 http://deb.volian.org/volian scar InRelease
Get:28 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Hit:29 http://ppa.launchpad.net/alessandro-strada/ppa/ubuntu focal InRelease
Err:30 https://packagecloud.io/AtomEditor/atom/any any Release
Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 52.52.107.175 443]
Get:31 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:33 http://ppa.launchpad.net/inkscape.dev/stable/ubuntu focal InRelease
Get:34 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Reading package lists... Done
W: https://dl.google.com/linux/chrome/deb/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://dl.google.com/linux/chrome/deb/dists/stable/Release: No system certificates available. Try installing ca-certificates.
W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://dl.google.com/linux/chrome/deb stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://dl.winehq.org/wine-builds/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.
W: https://packages.microsoft.com/repos/azure-cli/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://dl.winehq.org/wine-builds/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://gitlab.com/feren-os/feren-repositories-neon-focal/raw/master stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.microsoft.com/repos/ms-teams/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://gitlab.com/feren-os/feren-repositories-focal/raw/master/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://gitlab.com/feren-os/feren-repositories-focal/raw/master stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packages.microsoft.com/repos/azure-cli/dists/focal/Release: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/focal/InRelease: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.microsoft.com/repos/azure-cli focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://desktop-download.mendeley.com/download/apt/dists/stable/InRelease: No system certificates available. Try installing ca-certificates.
W: https://packages.microsoft.com/repos/ms-teams/dists/stable/Release: No system certificates available. Try installing ca-certificates.
W: https://download.docker.com/linux/ubuntu/dists/focal/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packages.microsoft.com/repos/ms-teams stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'https://download.docker.com/linux/ubuntu focal Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://desktop-download.mendeley.com/download/apt/dists/stable/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://desktop-download.mendeley.com/download/apt stable Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packagecloud.io/AtomEditor/atom/any/dists/any/InRelease: No system certificates available. Try installing ca-certificates.
W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/InRelease: No system certificates available. Try installing ca-certificates.
W: https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: https://packagecloud.io/AtomEditor/atom/any/dists/any/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://packagecloud.io/AtomEditor/atom/any any Release' no longer has a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
什么是出路,保存重新安装一切的核选项?N:有关存储库创建和用户配置的详细信息,请参见 apt-secure(8) 手册页。N:跳过获取配置文件“main/binary-i386/Packages”作为存储库“http://deb.volian.org/volian Scar InRelease”不支持架构“i386”
我有一个在 Ubuntu Server 18 上运行的 Web 应用程序。它的依赖项之一是 Ghostscript。我能够通过 apt-get 安装的最新版本是 9.26,但我了解到这个版本存在安全问题。
我正在寻找的是一种自动检测何时针对包提出 CVE 的方法。我原以为我可以简单地检查 apt-get 存储库,但它所能做的就是告诉我它是否有更新的版本,而不是它的最新版本是否有问题。
是否有某种方法可以从命令行发现某个包的版本是否存在漏洞?即一些命令,或者我可以构建脚本的公共 API 或文件?
我们正在使用Sonatype Nexus Repository Manager来托管apt存储库。其中一个的GPG密钥最近已过期,需要更新。我认为足够的是生成新的密钥对(如官方站点文档中所述),通过 Nexus UI 和新密码粘贴新的私钥,然后apt-key add在客户端系统上粘贴新的公钥,一切都会很好。相反,发生的事情apt update仍然是NO_PUBKEY <old_id>. 我不知道现在从哪里apt获取信息,它错过了旧密钥并且没有“同步”新密钥。/var/lib/apt/lists/在调用apt update. 我错过了什么?
编辑:全部在干净的 docker 中运行,其中仅添加新密钥apt-key add public.gpg.key和新存储库/etc/apt/sources.list,echo "deb <repo_url> bionic main" >> /etc/apt/sources.list
我的GCloud 上的一个实例组后面有一些虚拟机(用作 Web 服务器) 。
像往常一样,我更新了(apt dist-upgrade)我的“vm-source-image”,创建了一个新模板并将其添加到我的组中。
使用此模板的新成员从未收到来自负载均衡器的任何实际工作请求,它已启动并运行但未使用。
临时补丁
我只通过以下方式进行部分更新(安全更新):
sudo unattended-upgrade -d
这里是造成问题的剩余软件包的列表:
# apt list --upgradable
cloud-init/bionic-updates 21.3-1-g6803368d-0ubuntu1~18.04.4 all [upgradable from: 21.2-3-g899bfaa9-0ubuntu2~18.04.1]
dnsmasq-base/bionic-updates 2.79-1ubuntu0.5 amd64 [upgradable from: 2.79-1ubuntu0.4]
gce-compute-image-packages/bionic-updates 20210629.00-0ubuntu1~18.04.0 all [upgradable from: 20201222.00-0ubuntu2~18.04.0]
google-compute-engine/bionic-updates 20210629.00-0ubuntu1~18.04.0 all [upgradable from: 20201222.00-0ubuntu2~18.04.0]
google-compute-engine-oslogin/bionic-updates 20210728.00-0ubuntu1~18.04.0 amd64 [upgradable from: 20210429.00-0ubuntu1~18.04.0]
google-guest-agent/bionic-updates 20210629.00-0ubuntu1~18.04.1 amd64 [upgradable from: 20210414.00-0ubuntu1~18.04.0]
libgnutls30/bionic-updates 3.5.18-1ubuntu1.5 amd64 [upgradable from: 3.5.18-1ubuntu1.4]
libnetplan0/bionic-updates 0.99-0ubuntu3~18.04.5 amd64 [upgradable from: 0.99-0ubuntu3~18.04.4]
libpcre2-8-0/bionic 10.39-1+ubuntu18.04.1+deb.sury.org+1 amd64 [upgradable from: 10.36-2+ubuntu18.04.1+deb.sury.org+2]
netplan.io/bionic-updates 0.99-0ubuntu3~18.04.5 amd64 [upgradable from: 0.99-0ubuntu3~18.04.4]
nplan/bionic-updates 0.99-0ubuntu3~18.04.5 all [upgradable from: 0.99-0ubuntu3~18.04.4]
snapd/bionic-updates 2.51.1+18.04 amd64 [upgradable from: 2.49.2+18.04]
ubuntu-advantage-tools/bionic-updates 27.3~18.04.1 amd64 [upgradable from: 27.2.2~18.04.1]
真正的解决方案
由于我在机器上没有“自定义”包,并且这个问题的根源来自系统更新,除了通过这篇文章指出问题外,我没有看到任何解决方案。
当然,我正在监视新的更新,希望这个软件包的新版本能够解决问题,但可能没有更好的选择吗?
更多信息
将旧(和工作)成员的访问日志与新成员的访问日志进行比较:
旧 VM 成员的日志
35.191.1.148 "/" - - - [04/Nov/2021:10:34:59 +0000] 10.0.0.48 "GET /?id=HTTPHC2 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.144 "/" - - - [04/Nov/2021:10:35:00 +0000] 10.0.0.48 "GET /?id=HTTPHC2 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.154 "/" - - - [04/Nov/2021:10:35:00 +0000] 10.0.0.48 "GET /?id=HTTPHC2 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.147 "/" - - - [04/Nov/2021:10:35:01 +0000] 10.0.0.48 "GET /?id=HTTPHC1 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.145 "/" - - - [04/Nov/2021:10:35:01 +0000] 10.0.0.48 "GET /?id=HTTPHC1 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.151 "/" - - - [04/Nov/2021:10:35:02 +0000] 10.0.0.48 "GET /?id=HTTPHC1 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.153 "/" - - - [04/Nov/2021:10:35:02 +0000] 10.0.0.48 "GET /?id=HTTPHC1 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
新 VM 成员的日志
35.191.1.152 "/" - - - [04/Nov/2021:10:31:01 +0000] 10.0.0.54 "GET /?id=HTTPHC2 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.154 "/" - - - [04/Nov/2021:10:31:02 +0000] 10.0.0.54 "GET /?id=HTTPHC2 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
35.191.1.148 "/" - - - [04/Nov/2021:10:31:02 +0000] 10.0.0.54 "GET /?id=HTTPHC2 HTTP/1.1" 200 612 "-" "GoogleHC/1.0"
差异表明HTTPHC1的日志丢失。
所以新的新不响应负载均衡器(HTTPHC1)的健康检查并且不接收请求,这就是问题所在。
其他故障
新机也无法通过浏览器-window-SSH访问
添加 tcpdump
HTTPHC1健康检查员和失业成员之间:
# tcpdump -n host 35.191.1.151
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
11:30:35.109469 IP 35.191.1.151.61838 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
11:30:36.119470 IP 35.191.1.151.61838 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
11:30:38.167436 IP 35.191.1.151.61838 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
11:30:40.110784 IP 35.191.1.151.59900 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
11:30:41.111176 IP 35.191.1.151.59900 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
11:30:43.159164 IP 35.191.1.151.59900 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
11:30:45.112162 IP 35.191.1.151.36064 > 10.0.0.116.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
请注意,目标是负载平衡器前端 IP:10.0.0.116,当然它们只是同步数据包。
HTTPHC2健康检查器和失业成员之间:
# tcpdump -n host 35.191.1.148
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens4, link-type EN10MB (Ethernet), capture size 262144 bytes
10:46:12.475724 IP 35.191.1.148.64638 > 10.0.0.54.80: Flags [S], win 65535, options [mss 1420,sackOK,TS ecr 0,nop,wscale 8], length 0
10:46:12.475788 IP 10.0.0.54.80 > 35.191.1.148.64638: Flags [S.], win 64768, options [mss 1420,sackOK,TS,nop,wscale 7], length 0
10:46:12.476239 IP 35.191.1.148.64638 > 10.0.0.54.80: Flags [.], ack 1, win 256, options [nop,nop,TS], length 0
10:46:12.476239 IP 35.191.1.148.64638 > 10.0.0.54.80: Flags [P.], seq 1:117, ack 1, win 256, options [nop,nop,TS], length 116: HTTP: GET /?id=HTTPHC2 HTTP/1.1
10:46:12.476301 IP 10.0.0.54.80 > 35.191.1.148.64638: Flags [.], ack 117, win 506, options [nop,nop,TS], length 0
10:46:12.476546 IP 10.0.0.54.80 > 35.191.1.148.64638: Flags [P.], seq 1:867, ack 117, win 506, options [nop,nop,TS], length 866: HTTP: HTTP/1.1 200 OK
10:46:12.476659 IP 35.191.1.148.64638 > 10.0.0.54.80: Flags [.], ack 867, win 267, options [nop,nop,TS], length 0
10:46:12.476679 IP 35.191.1.148.64638 > 10.0.0.54.80: Flags [F.], seq 117, ack 867, win 267, options [nop,nop,TS], length 0
10:46:12.476707 IP 10.0.0.54.80 > 35.191.1.148.64638: Flags [F.], seq 867, ack 118, win 506, options [nop,nop,TS], length 0
10:46:12.476879 IP 35.191.1.148.64638 > 10.0.0.54.80: Flags [.], ack 868, win 267, options [nop,nop,TS], length 0
这里一切都很好。
经过一番研究,我发现本地表中缺少 IP 别名,毫不奇怪,这是前端负载均衡器 IP 地址,在tcpdump!
这里的工作机器:
# ip route show dev ens4 table local
local 10.0.0.48 proto kernel scope host src 10.0.0.48
local 10.0.0.116 proto 66 scope host
# uname -r
5.4.0-1056-gcp
这里是完全更新的机器:
# ip route show dev ens4 table local
local 10.0.0.54 proto kernel scope host src 10.0.0.54
# uname -r
5.4.0-1057-gcp
现在它成为一个已知问题:[Cloud Networking] 潜在服务问题:正在调查
Google Cloud 全局 TCP 代理负载平衡器可能无法通过使用 34.111.0.0/17 范围内的 IP 配置的转发规则来提供流量。IP 范围的永久修复正在进行中
我正在使用 LXD/LXC 在 Linux 主机上构建轻量级容器。
这些容器的唯一目的是托管“Dotnet 和 Dotnet 核心应用程序”
有一段时间我一直在使用 Ansible,但最近我发现我实际上可以将一个 init 脚本嵌入到容器配置的用户数据中,然后 cloud-init 会执行它。
这很棒,并且允许我设置一个给定的容器,其中包含它需要的包,除了一个问题。
微软
(我知道,我知道......保存笑话和诽谤:-D)
与大多数第 3 方软件包提供商不同,MS 将其全部添加的 deb 源和 GPG 密钥打包在一个独立的 dpkg 软件包文件中,该软件包文件未通过普通 repos 列出,因此基本上必须“wget”下载然后安装使用常规的 dpkg 命令。
现在,这就是我做事的方式:
#cloud-config
# apply updates using apt
package_update: true
package_upgrade: true
# set hostname
hostname: ****
fqdn: ****
manage_etc_hosts: true
# Install 3rd party software repos
# NOTE: This is done using run command due to the way microsoft distribute things using a raw dpkg
runcmd:
- [wget, "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb", -O, /root/packages-microsoft-prod.deb]
- dpkg -i /root/packages-microsoft-prod.deb
- rm /root/packages-microsoft-prod.deb
- apt update
- apt-get install dotnet-sdk-3.1 -y
- apt-get install dotnet-sdk-5.0 -y
# Install standard packages
packages:
- apt-transport-https
- python3
- python-is-python3
- mc
- gnupg
- nginx
- git
# Add users
users:
- name: ****
ssh-authorized-keys:
- ssh-rsa **** rsa-key-BLAH
sudo: ['****']
groups: sudo
shell: /bin/bash
final_message:
- "Container initialisation complete."
关键部分是“runcmd”部分。
因为我使用的是“runcmd”,所以它在其他所有内容之后运行,包括我放入所有需要使用的标准包的正常包安装部分。
我最喜欢做的是安装 dpkg 文件,然后只需将要安装的包名称添加到普通包部分,例如
# Something here to download and install the dpkg
# Install standard packages
packages:
- apt-transport-https
- python3
- python-is-python3
- mc
- gnupg
- nginx
- git
- dotnet-sdk-3.1
- dotnet-sdk-5.0
我确实尝试只将那个位放在 runcmd 中,但因为它作为最后一步运行,它会导致包部分失败,因为没有安装 dotnet 的 repo。
我还尝试使用“Apt”模块,将“microsoft-prod.list”安装到“/etc/apt/sources.list.d”中,但这也失败了,因为 MS 没有发布他们的 GPG 密钥,另外由于它是不受信任的源,因此在执行 apt 更新时,源会导致失败。
我已经搜索了 cloud-init 的模块文档,但我找不到任何似乎表明可以下载和添加常规 dpkg 文件的内容,因此我在这里问:-)