Rabbitmq容器抛出错误“cookie中的坏字符”

Question

我正在尝试设置一个Rabbitmq集群，当容器启动时，它们由于错误而失败，崩溃报告进程<0.200.0>与0邻居崩溃，原因是: auth:init_no_setcookie/0行313中的“cookie中的坏字符”。这表明传入的erlang cookie值无效：

kubectl -n demos get pods
NAME                                  READY   STATUS             RESTARTS   AGE
mongodb-deployment-6499999-vpcjh   1/1     Running            0          12h
rabbitmq-0                            0/1     CrashLoopBackOff   9          25m
rabbitmq-1                            0/1     CrashLoopBackOff   9          24m
rabbitmq-2                            0/1     CrashLoopBackOff   9          23m

当我查询其中一个豆荚的日志时：

kubectl -n demos logs -p rabbitmq-0 --previous

我得到：

WARNING: '/var/lib/rabbitmq/.erlang.cookie' was populated from 

'$RABBITMQ_ERLANG_COOKIE', which will no longer happen in 3.9 and later! (https://github.com/docker-library/rabbitmq/pull/424)
Configuring logger redirection
02:04:47.506 [error] Bad characters in cookie
02:04:47.512 [error]
02:04:47.506 [error] Supervisor net_sup had child auth started with auth:start_link() at undefined exit with reason "Bad characters in cookie" in auth:init_no_setcookie/0 line 313 in context start_error

02:04:47.506 [error] CRASH REPORT Process <0.200.0> with 0 neighbours crashed with reason: "Bad characters in cookie" in auth:init_no_setcookie/0 line 313
02:04:47.522 [error] BOOT FAILED
BOOT FAILED
02:04:47.523 [error] ===========
===========
02:04:47.523 [error] Exception during startup:
Exception during startup:
02:04:47.524 [error]

02:04:47.524 [error]     supervisor:children_map/4 line 1250
....
....
....

我就是这样在bash中生成cookie的：

dd if=/dev/urandom bs=30 count=1 | base64

在我的秘密清单中：

metadata:
name: rabbit-secret
  namespace: demos
type: Opaque
data:
  # echo -n "cookie-value" | base64
  RABBITMQ_ERLANG_COOKIE: <encoded_cookie_value_here>

在声明中我有：

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: rabbitmq
  namespace: demos
spec:
  serviceName: rabbitmq
  replicas: 3
  selector:
    matchLabels:
      app: rabbitmq
  template:
    metadata:
      labels:
        app: rabbitmq
    spec:
      serviceAccountName: rabbitmq
      initContainers:
      - name: config
        image: busybox
        imagePullPolicy: "IfNotPresent"
        command: ['/bin/sh', '-c', 'cp /tmp/config/rabbitmq.conf /config/rabbitmq.conf && ls -l /config/ && cp /tmp/config/enabled_plugins /etc/rabbitmq/enabled_plugins']
        volumeMounts:
        - name: config
          mountPath: /tmp/config/
          readOnly: false
        - name: config-file
          mountPath: /config/
        - name: plugins-file
          mountPath: /etc/rabbitmq/
      containers:
      - name: rabbitmq
        image: rabbitmq:3.8-management
        imagePullPolicy: "IfNotPresent"
        ports:
        - containerPort: 4369
          name: discovery
        - containerPort: 5672
          name: amqp
        env:
        - name: RABBIT_POD_NAME
          valueFrom:
            fieldRef:
              apiVersion: v1
              fieldPath: metadata.name
        - name: RABBIT_POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: RABBITMQ_NODENAME
          value: rabbit@$(RABBIT_POD_NAME).rabbitmq.$(RABBIT_POD_NAMESPACE).svc.cluster.local
        - name: RABBITMQ_USE_LONGNAME 
          value: "true"
        - name: RABBITMQ_CONFIG_FILE
          value: "/config/rabbitmq"
        - name: RABBITMQ_ERLANG_COOKIE
          valueFrom:
            secretKeyRef:
              name: rabbit-secret
              key: RABBITMQ_ERLANG_COOKIE
        - name: K8S_HOSTNAME_SUFFIX
          value: .rabbitmq.$(RABBIT_POD_NAMESPACE).svc.cluster.local
        volumeMounts:
        - name: data
          mountPath: /var/lib/rabbitmq
          readOnly: false
        - name: config-file
          mountPath: /config/
        - name: plugins-file
          mountPath: /etc/rabbitmq/
      volumes:
      - name: config-file
        emptyDir: {}
      - name: plugins-file
        emptyDir: {}
      - name: config
        configMap:
          name: rabbitmq-config
          defaultMode: 0755
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "cinder-csi"
      resources:
        requests:
          storage: 50Mi
---
apiVersion: v1
kind: Service
metadata:
  name: rabbitmq
  namespace: labs
spec:
  clusterIP: None
  ports:
  - port: 4369
    targetPort: 4369
    name: discovery
  - port: 5672
    targetPort: 5672
    name: amqp
  selector:
    app: rabbitmq

我错过了什么？

是否有生成cookie的推荐方法，或者与K8s集群本身有关的其他方法。

我遵循了给定的here示例，唯一的区别是我在本地机器上生成cookie，而不是在k8s主机上生成cookie。

Answer 1

duplicate question?

这需要你创造秘密。为了解决这个问题，您可以运行一个一次性命令来创建一个随机的秘密：

kubectl create secret generic rabbitmq \
  --from-literal=erlangCookie=$(dd if=/dev/urandom bs=30 count=1 | base64)

错误来自于rabbitmq的源代码文件docker-entrypoint.sh

if [ "${RABBITMQ_ERLANG_COOKIE:-}" ]; then
    cookieFile='/var/lib/rabbitmq/.erlang.cookie'
    if [ -e "$cookieFile" ]; then
        if [ "$(cat "$cookieFile" 2>/dev/null)" != "$RABBITMQ_ERLANG_COOKIE" ]; then
            echo >&2
            echo >&2 "warning: $cookieFile contents do not match RABBITMQ_ERLANG_COOKIE"
            echo >&2
        fi
    else
        echo "$RABBITMQ_ERLANG_COOKIE" > "$cookieFile"
    fi
    chmod 600 "$cookieFile"
fi

因此，您可以删除'/var/lib/rabbitmq/.erlang.cookie'文件，代码将从环境变量$RABBITMQ_ERLANG_COOKIE复制内容来创建此文件。

如果您正在为生产系统工作，您应该非常小心，并首先在您的本地系统测试，并获得经验。

此源代码将只执行rabbitmq重新启动，并将不再运行后，它是执行。您可以通过erlang:get_cookie() -> Cookie | nocookie从erlang的控制台找到实际的rabbitmq的cookie数据。