服务器还活着,但客户端还没有! "No installed keys could decrypt the message",领事如何解决这个问题?

The servers are alive but the clients aren't! "No installed keys could decrypt the message", how to resolve this on consul?

启用 encrypt 后,我所有的 consul 集群 都失败了。这是 sudo systemctl consul status:

成员列表:接收失败:没有安装的密钥可以解密

Nov 01 08:49:30 server-1 consul[593217]: 2021-11-01T08:49:30.031+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37442
Nov 01 08:49:58 server-1 consul[593217]: 2021-11-01T08:49:58.992+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.4:41492
Nov 01 08:49:59 server-1 consul[593217]: 2021-11-01T08:49:59.882+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.12:35558
Nov 01 08:50:00 server-1 consul[593217]: 2021-11-01T08:50:00.042+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37460
Nov 01 08:50:29 server-1 consul[593217]: 2021-11-01T08:50:29.004+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.4:41510
Nov 01 08:50:29 server-1 consul[593217]: 2021-11-01T08:50:29.895+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.12:35576
Nov 01 08:50:30 server-1 consul[593217]: 2021-11-01T08:50:30.056+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37478
Nov 01 08:50:59 server-1 consul[593217]: 2021-11-01T08:50:59.018+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.4:41528
Nov 01 08:50:59 server-1 consul[593217]: 2021-11-01T08:50:59.909+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.12:35594
Nov 01 08:51:00 server-1 consul[593217]: 2021-11-01T08:51:00.067+0330 [ERROR] agent.server.memberlist.lan: memberlist: failed to receive: No installed keys could decrypt the message from=10.10.10.7:37496

ACLTLS 被注释掉了,我什至在我所有的 clients 中都注释了 encrypt,但仍然收到上面的输出。 我怎样才能解决这个问题? 谢谢。

您必须在两种类型的节点上具有完全相同的 encrypt 设置:服务器和客户端。或者,您必须在所有地方都禁用加密。现有集群开启加密的步骤official tutorial可以参考

更新: 一些有用的命令在所有节点(客户端和服务器)中使用一个密钥。

从所有节点获取密钥信息

consul keyring -list

生成新密钥

consul keygen

向所有节点广播新密钥

consul keyring -install=<<KEY>>

切换到新密钥

consul keyring -use=<<KEY>>