项目场景:
项目场景:青山(笔者)这里尝试在openkylin系统中通过apt 安装zabbix 6.0版本
操作步骤详见:https://www.zabbix.com/cn/download
问题描述
例如:打开上面链接后,选择对应的版本(openkylin对应的linux版本为ubantu),获取实际的安装命令:
第一步, Install Zabbix repository(安装zabbix仓库):
wget https://repo.zabbix.com/zabbix/6.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.0-4+ubuntu22.04_all.deb
dpkg -i zabbix-release_6.0-4+ubuntu22.04_all.deb
apt update
执行到apt update
的时候报错,报错内容如下:
命中:1 http://archive.build.openkylin.top/openkylin yangtze InRelease
获取:2 http://ppa.build.openkylin.top/kylinsoft/anything/openkylin yangtze InRelease [53.4 kB]
命中:3 http://archive.build.openkylin.top/openkylin yangtze-security InRelease
命中:4 http://archive.build.openkylin.top/openkylin yangtze-updates InRelease
命中:5 http://software.openkylin.top/openkylin/yangtze default InRelease
获取:6 http://ppa.build.openkylin.top/kylinsoft/anything/openkylin yangtze/main amd64 Packages [9,002 kB]
忽略:7 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy InRelease
忽略:8 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy InRelease
忽略:7 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy InRelease
忽略:8 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy InRelease
获取:9 http://ppa.build.openkylin.top/kylinsoft/anything/openkylin yangtze/main Translation-en [452 kB]
获取:10 http://ppa.build.openkylin.top/kylinsoft/anything/openkylin yangtze/main Translation-zh_CN [113 kB]
忽略:7 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy InRelease
忽略:8 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy InRelease
错误:7 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy InRelease
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 178.128.6.101 443]
错误:8 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy InRelease
Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 178.128.6.101 443]
已下载 9,620 kB,耗时 11秒 (891 kB/s)
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
有 56 个软件包可以升级。请执行 ‘apt list --upgradable’ 来查看它们。
W: 无法下载 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu/dists/jammy/InRelease Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 178.128.6.101 443]
W: 无法下载 https://repo.zabbix.com/zabbix/6.0/ubuntu/dists/jammy/InRelease Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 178.128.6.101 443]
W: 部分索引文件下载失败。如果忽略它们,那将转而使用旧的索引文件。
原因分析:
直接现象是在linux系统中无法访问部分https的网站。通过查询多篇文章,大致把问题原因确定为
linux的证书库中无该网站的证书
,导致无法透过ssl协议apt获取公网的包。
解决方案:
有两种办法,第一种较为简单,是
修改仓库文件内的网站网址,由https改为http即可正常下载
;第二种方法为补充对应网站证书
,操作较为复杂,但是以后可以正常通过https协议访问对应网站,相对安全
。
方法一
cd /etc/apt/sources.list.d
sed -i 's/https/http/g' zabbix-agent2-plugins.list
sed -i 's/https/http/g' zabbix.list
此时问题已经解决,下面尝试 apt update
,输出日志如下:
root@liuk-vmware-pc:/etc/apt/sources.list.d# apt update
命中:1 http://ppa.build.openkylin.top/kylinsoft/anything/openkylin yangtze InRelease
命中:2 http://archive.build.openkylin.top/openkylin yangtze InRelease
命中:3 http://software.openkylin.top/openkylin/yangtze default InRelease
命中:4 http://archive.build.openkylin.top/openkylin yangtze-security InRelease
命中:5 http://archive.build.openkylin.top/openkylin yangtze-updates InRelease
获取:6 http://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy InRelease [4,952 B]
获取:7 http://repo.zabbix.com/zabbix/6.0/ubuntu jammy InRelease [4,958 B]
获取:8 http://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy/main Sources [1,002 B]
获取:9 http://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy/main amd64 Packages [624 B]
获取:10 http://repo.zabbix.com/zabbix/6.0/ubuntu jammy/main Sources [1,947 B]
获取:11 http://repo.zabbix.com/zabbix/6.0/ubuntu jammy/main amd64 Packages [5,494 B]
已下载 19.0 kB,耗时 5秒 (3,550 B/s)
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
有 56 个软件包可以升级。请执行 ‘apt list --upgradable’ 来查看它们。
方法二
通过访问https://repo.zabbix.com/zabbix/6.0/ubuntu/dists/jammy/
,以谷歌浏览器为例下载该网站证书。
第一步
第二步
第三步
第四步
第五步
FTP到服务器,文件cp到 /usr/local/share/ca-certificates/
下,然后执行
sudo update-ca-certificates
此时打印日志:
root@liuk-vmware-pc:/home# update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping repo.zabbix.pem,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
此时问题已经解决,让我们尝试apt update
标准打印输出:
root@liuk-vmware-pc:/home# apt update
命中:1 http://archive.build.openkylin.top/openkylin yangtze InRelease
命中:2 http://archive.build.openkylin.top/openkylin yangtze-security InRelease
命中:3 http://archive.build.openkylin.top/openkylin yangtze-updates InRelease
命中:4 http://ppa.build.openkylin.top/kylinsoft/anything/openkylin yangtze InRelease
命中:5 http://software.openkylin.top/openkylin/yangtze default InRelease
获取:6 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy InRelease [4,952 B]
获取:7 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy InRelease [4,958 B]
获取:8 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy/main Sources [1,002 B]
获取:9 https://repo.zabbix.com/zabbix-agent2-plugins/1/ubuntu jammy/main amd64 Packages [624 B]
获取:10 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy/main Sources [1,947 B]
获取:11 https://repo.zabbix.com/zabbix/6.0/ubuntu jammy/main amd64 Packages [5,494 B]
已下载 19.0 kB,耗时 4秒 (4,433 B/s)
正在读取软件包列表... 完成
正在分析软件包的依赖关系树... 完成
正在读取状态信息... 完成
有 56 个软件包可以升级。请执行 ‘apt list --upgradable’ 来查看它们。