2020-11-10

Rancher 無法移動 Namespace 問題

問題:

user不知道做甚麼操作,在project內的namespace被移出了,在他的權限範圍內看不到,所以也無法搬回去。


過程:

登入Rancher後,發現該namespace N1被放置在All, 嘗試move namespace後,出現以下的error

"can't move namespace. Project P1 has resource quota set"

查詢官網文件

https://rancher.com/docs/rancher/v2.x/en/project-admin/namespaces/#moving-namespaces-to-another-project

Note: 說明

.You cannot move a namespace into a project that already has a resource quota configured.

意思是說你不能移動一個namespace, 到已經有設定namespace resource quotes的project下。


解法:

1. 先把該project的namespace resource quotes都不設,清空。

2. 移動該namespace, 就可以搬移了。

3. 再把namespace resource quotes設定回去。



at No comments:
Labels: ,

2020-11-02

CentOS 憑證路徑

 安裝ca-certificates package:
yum install ca-certificates

啟用動態設定:
update-ca-trust force-enable

加入新的憑證:
cp abc.crt /etc/pki/ca-trust/source/anchors/

設定憑證生效:
update-ca-trust extract

參考:
https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
at No comments:

CURL 基本指令

 .查看詳細資訊

curl http://abc.com --verbose

* About to connect() to abc.com port 8080 (#0)
*   Trying 10.0.0.1...
* Connected to abc.com (10.0.0.1) port 8080 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt  <== 吃憑證的路徑
  CApath: none

.帶入憑證

curl --cacert RootCA.crt --cert ClientCA.pem:passwd http://abc.com


.不驗證憑證

curl -k

curl --insecure


.取得網站憑證資訊

echo QUIT | openssl s_client -connect abc.com:8080 -servername abc.com -showcerts


openssl s_client -connect abc.com:8080 -servername abc.com -showcerts </dev/null 2>/dev/null | sed -n '/^-----BEGIN CERT/,/^-----END CERT/p'


openssl s_client -connect abc.com:8080 -servername abc.com -showcerts </dev/null 2>/dev/null | awk '/^-----BEGIN CERT/,/^-----END CERT/'


openssl s_client -connect abc.com:8080 -servername abc.com -showcerts </dev/null 2>/dev/null | sed -n '/^-----BEGIN CERT/,/^-----END CERT/p' > example.crt


.變成設定檔方式

abc.conf
cacert = "RootCA.crt"
cert = "ClientCA.pem:mypasswd"
url = "https://mail.ichiayi.com/t.txt"

curl --conf testcurl.conf




參考:

https://blog.miniasp.com/post/2020/08/23/curl-and-self-signed-certificated-or-CA-certificate

https://www.ichiayi.com/wiki/tech/curl_ssl

at No comments:
Subscribe to: Posts (Atom)