Amazon-Web-Services
Ubuntu 18.04 - 解決“us-east-1.ec2.archive.ubuntu.com”的臨時故障
我們在 EC2 上執行 Ubuntu 18.04,安裝更新時遇到問題。
這就是我們要做的
apt update
root@host-02:~# apt update Err:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com' Err:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com' Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease Temporary failure resolving 'security.ubuntu.com' Err:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com' Reading package lists... Done Building dependency tree Reading state information... Done 22 packages can be upgraded. Run 'apt list --upgradable' to see them. W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic/InRelease Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com' W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com' W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead.
我們的 resolv.conf 文件看起來不錯並且能夠解析站點,
root@host-02:~# cat /etc/resolv.conf options timeout:2 attempts:5 ; generated by /usr/sbin/dhclient-script search domain.local ec2.internal nameserver 10.12.x.x nameserver 10.13.x.x nameserver 10.1.0.2
root@host-02:~# curl -Iv cnn.com * Rebuilt URL to: cnn.com/ * Trying 151.101.193.67... * TCP_NODELAY set * Connected to cnn.com (151.101.193.67) port 80 (#0) > HEAD / HTTP/1.1 > Host: cnn.com > User-Agent: curl/7.58.0 > Accept: */*
為了更好地衡量,受影響的 URL 的 curl 也有效
root@host-02:~# curl -I http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic/InRelease HTTP/1.1 200 OK Date: Thu, 20 May 2021 02:17:06 GMT Server: Apache/2.4.18 (Ubuntu) Last-Modified: Thu, 26 Apr 2018 23:38:40 GMT ETag: "3b180-56ac8e31ec000" Accept-Ranges: bytes Content-Length: 242048 Cache-Control: max-age=0, proxy-revalidate Expires: Thu, 20 May 2021 02:17:06 GMT
我現在有點難過。我們能夠在 apt 外部解析,使用 wget 下載,如下所示,但 apt 拒絕解析 URL 和下載包。有什麼想法嗎?
root@host-02:~# wget https://downloads.tableau.com/esdalt/2020.4.0/tableau-tabcmd-2020-4-0.noarch.rpm --2021-05-20 02:18:49-- https://downloads.tableau.com/esdalt/2020.4.0/tableau-tabcmd-2020-4-0.noarch.rpm Resolving downloads.tableau.com (downloads.tableau.com)... 23.208.44.148 Connecting to downloads.tableau.com (downloads.tableau.com)|23.208.44.148|:443... connected.
以下是內容
/etc/apt/sources.list
root@jump-02:~$ cat /etc/apt/sources.list ## Note, this file is written by cloud-init on first boot of an instance ## modifications made here will not survive a re-bundle. ## if you wish to make changes you can: ## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg ## or do the same in user-data ## b.) add sources in /etc/apt/sources.list.d ## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic main restricted # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates main restricted # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic universe # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic universe deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates universe # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic multiverse # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic multiverse deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates multiverse # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse # deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu bionic partner # deb-src http://archive.canonical.com/ubuntu bionic partner deb http://security.ubuntu.com/ubuntu bionic-security main restricted # deb-src http://security.ubuntu.com/ubuntu bionic-security main restricted deb http://security.ubuntu.com/ubuntu bionic-security universe # deb-src http://security.ubuntu.com/ubuntu bionic-security universe deb http://security.ubuntu.com/ubuntu bionic-security multiverse # deb-src http://security.ubuntu.com/ubuntu bionic-security multiverse
好老
nslookup
來救援!所以我終於發現這nslookup
不起作用但ping
有效。root@host-02:~$ nslookup -v us-east-1.ec2.archive.ubuntu.com ;; Connection to 127.0.0.1#53(127.0.0.1) for us-east-1.ec2.archive.ubuntu.com failed: connection refused. ;; Connection to ::1#53(::1) for us-east-1.ec2.archive.ubuntu.com failed: connection refused.
看起來預設解析器已損壞。
root@host-02:~$ nslookup > server Default server: 127.0.0.1 Address: 127.0.0.1#53 Default server: ::1 Address: ::1#53 > us-east-1.ec2.archive.ubuntu.com ;; connection timed out; no servers could be reached
解析器服務正在執行但沒有權限
root@host-02:~# systemctl status systemd-resolved.service ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-05-20 12:00:20 UTC; 14h ago Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 707 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 1110) CGroup: /system.slice/systemd-resolved.service └─707 /lib/systemd/systemd-resolved May 21 00:00:24 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied May 21 00:00:24 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied May 21 00:30:25 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied May 21 00:30:25 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied
恢復了預設解析器並重新啟動了服務,我們又開始營業了!
root@host-02:~# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf root@host-02:~# systemctl status systemd-resolved.service ● systemd-resolved.service - Network Name Resolution Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2021-05-21 02:22:28 UTC; 5s ago Docs: man:systemd-resolved.service(8) https://www.freedesktop.org/wiki/Software/systemd/resolved https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients Main PID: 9074 (systemd-resolve) Status: "Processing requests..." Tasks: 1 (limit: 1110) CGroup: /system.slice/systemd-resolved.service └─9074 /lib/systemd/systemd-resolved May 21 02:22:28 host-02.ahrq.local systemd[1]: Starting Network Name Resolution... May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: Positive Trust Anchors: May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: . IN DS 19036 8 2 49aac11d7b6f644670254a1607371607a1a41855200fd2ce1cdde32f24e8fb5 May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: . IN DS 20326 8 2 e06d44b80b8f1d39a95b0d7c65d08458e880409bbc683457104237c7f8ec8d May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.ar May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: Using system hostname 'host-02.ahrq.local'. May 21 02:22:28 host-02.ahrq.local systemd[1]: Started Network Name Resolution.
最後
root@host-02:~# nslookup -v us-east-1.ec2.archive.ubuntu.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: us-east-1.ec2.archive.ubuntu.com Address: 54.172.25.22