wget 无法从 vagrant 下载 consul

wget is failing to get consul download from vagrant

我正在尝试使用 vagrant 和 virtual box 创建一个 consul 集群。 尝试下载 consul 时,wget 无法建立 SSL 连接。 以下是来自 vagrant 的日志。 wget 对于其他下载工作正常,我验证了 consul 下载 link 也工作正常。 Curl 在 link 上也能正常工作。但是,奇怪的是,如果我在 vagrant provision 中使用 CURl,它根本就不会下载(没有日志)。 有人可以帮我解决这个奇怪的 wget 问题吗?我也尝试升级 'wget'。

==> consulredis1: --2017-01-11 02:17:04--  https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip
==> consulredis1: Resolving releases.hashicorp.com (releases.hashicorp.com)...
==> consulredis1: 151.101.65.183
==> consulredis1: ,
==> consulredis1: 151.101.129.183
==> consulredis1: ,
==> consulredis1: 151.101.193.183
==> consulredis1: , ...
==> consulredis1: Connecting to releases.hashicorp.com         (releases.hashicorp.com)|151.101.65.183|:443...
==> consulredis1: connected.
==> consulredis1: Unable to establish SSL connection.

这是我的配置脚本

#!/bin/bash

# Step 1 - Get the necessary utilities and install them.
sudo apt-get update
sudo apt-get install -y unzip curl wget
sudo apt-get install -y make gcc build-essential
#apt-get install 

# Step 2 - Copy the init script to the /etc/init folder.
cp /vagrant/consul.conf /etc/init/consul.conf

# Step 3 - Get the Consul Zip file and extract it.  
cd /usr/local/bin
wget http://download.redis.io/redis-stable.tar.gz
curl -k http://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip
unzip *.zip
rm *.zip

# Step 4 - Make the Consul directory.
sudo mkdir -p /etc/consul.d
sudo chmod a+w /etc/consul.d
sudo mkdir /var/consul

# Step 5 - Copy the server configuration.
cp  /etc/consul.d/config.json

# Step 6 - Start Consul
exec consul agent -config-file=/etc/consul.d/config.json

我的 Vagrantfile 内容

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.box = "hashicorp/precise64"

  config.vm.define "consulredis1" do |consulredis1|
    config.vm.provision "shell" do |s|
        s.path = "provision.sh"
        s.args   = ["/vagrant/node1/config.json","/vagrant/node1/redis-cluster-1.init.conf","/vagrant/node1/redis-cluster-1.conf"]
    end
    consulredis1.vm.hostname = "consulredis1"
    consulredis1.vm.network "private_network", ip: "172.20.20.10"
  end
end

您需要升级一些库(包括 libssl),所以最好包含一个 apt-get dist-upgrade -y)

#!/bin/bash

# Step 1 - Get the necessary utilities and install them.
sudo apt-get update
sudo apt-get install -y unzip curl wget
sudo apt-get install -y make gcc build-essential
sudo apt-get dist-upgrade -y
#apt-get install 

# Step 2 - Copy the init script to the /etc/init folder.
cp /vagrant/consul.conf /etc/init/consul.conf

# Step 3 - Get the Consul Zip file and extract it.  
cd /usr/local/bin
wget http://download.redis.io/redis-stable.tar.gz -nc -nv
wget http://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip  -nc -nv
unzip *.zip
rm *.zip

# Step 4 - Make the Consul directory.
sudo mkdir -p /etc/consul.d
sudo chmod a+w /etc/consul.d
sudo mkdir /var/consul

# Step 5 - Copy the server configuration.
cp  /etc/consul.d/config.json

# Step 6 - Start Consul
exec consul agent -config-file=/etc/consul.d/config.json

"hashicorp/precise64" 的分发似乎有问题。 我只是切换到使用 "ubuntu/trusty64" 并且 wget 工作正常。

#config.vm.box = "hashicorp/precise64"
config.vm.box = "ubuntu/trusty64"

Consul 的维护者 Hashicorp 似乎最近更改了其下载服务器以仅要求 TLS v1.2:

Fastly (who are fronting the releases.hashicorp.com) confirmed that this issue is caused by a change to the Hashicorp endpoint who recently went to support TLS v 1.2 only and removed support for earlier versions (1.0 and 1.1). Unfortunately, the current cURL and related libraries (e.g. OpenSSL) versions on our Precise containers don't support TLS v 1.2.

(注释 here,包括来自 Hashicorp 的人员参与)

似乎最简单的解决方法,如本问题其他地方所述,是升级 Ubuntu 的版本。如果您做不到,您可以强制 wget 选择特定的 TLS 版本 (1.2):

wget https://releases.hashicorp.com/consul/0.6.4/consul_0.6.4_linux_amd64.zip --secure-protocol=TLSv1_2