Amazon-Web-Services

Ubuntu 18.04 - 解決“us-east-1.ec2.archive.ubuntu.com”的臨時故障

  • May 21, 2021

我們在 EC2 上執行 Ubuntu 18.04,安裝更新時遇到問題。

這就是我們要做的apt update

root@host-02:~# apt update
Err:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
 Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'
Err:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease
 Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'
Err:3 http://security.ubuntu.com/ubuntu bionic-security InRelease
 Temporary failure resolving 'security.ubuntu.com'
Err:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease
 Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'
Reading package lists... Done                      
Building dependency tree       
Reading state information... Done
22 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'
W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'
W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'us-east-1.ec2.archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

我們的 resolv.conf 文件看起來不錯並且能夠解析站點,

root@host-02:~# cat /etc/resolv.conf
options timeout:2 attempts:5
; generated by /usr/sbin/dhclient-script
search domain.local ec2.internal
nameserver 10.12.x.x
nameserver 10.13.x.x
nameserver 10.1.0.2
root@host-02:~# curl -Iv cnn.com
* Rebuilt URL to: cnn.com/
*   Trying 151.101.193.67...
* TCP_NODELAY set
* Connected to cnn.com (151.101.193.67) port 80 (#0)
> HEAD / HTTP/1.1
> Host: cnn.com
> User-Agent: curl/7.58.0
> Accept: */*

為了更好地衡量,受影響的 URL 的 curl 也有效

root@host-02:~# curl -I http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/bionic/InRelease
HTTP/1.1 200 OK
Date: Thu, 20 May 2021 02:17:06 GMT
Server: Apache/2.4.18 (Ubuntu)
Last-Modified: Thu, 26 Apr 2018 23:38:40 GMT
ETag: "3b180-56ac8e31ec000"
Accept-Ranges: bytes
Content-Length: 242048
Cache-Control: max-age=0, proxy-revalidate
Expires: Thu, 20 May 2021 02:17:06 GMT

我現在有點難過。我們能夠在 apt 外部解析,使用 wget 下載,如下所示,但 apt 拒絕解析 URL 和下載包。有什麼想法嗎?

root@host-02:~# wget https://downloads.tableau.com/esdalt/2020.4.0/tableau-tabcmd-2020-4-0.noarch.rpm
--2021-05-20 02:18:49--  https://downloads.tableau.com/esdalt/2020.4.0/tableau-tabcmd-2020-4-0.noarch.rpm
Resolving downloads.tableau.com (downloads.tableau.com)... 23.208.44.148
Connecting to downloads.tableau.com (downloads.tableau.com)|23.208.44.148|:443... connected.

以下是內容/etc/apt/sources.list

root@jump-02:~$ cat /etc/apt/sources.list
## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
##     or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic main restricted
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates main restricted
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic universe
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic universe
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates universe
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic multiverse
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic multiverse
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates multiverse
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse
# deb-src http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ bionic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu bionic partner
# deb-src http://archive.canonical.com/ubuntu bionic partner

deb http://security.ubuntu.com/ubuntu bionic-security main restricted
# deb-src http://security.ubuntu.com/ubuntu bionic-security main restricted
deb http://security.ubuntu.com/ubuntu bionic-security universe
# deb-src http://security.ubuntu.com/ubuntu bionic-security universe
deb http://security.ubuntu.com/ubuntu bionic-security multiverse
# deb-src http://security.ubuntu.com/ubuntu bionic-security multiverse

好老nslookup來救援!所以我終於發現這nslookup不起作用但ping有效。

root@host-02:~$ nslookup -v us-east-1.ec2.archive.ubuntu.com
;; Connection to 127.0.0.1#53(127.0.0.1) for us-east-1.ec2.archive.ubuntu.com failed: connection refused.
;; Connection to ::1#53(::1) for us-east-1.ec2.archive.ubuntu.com failed: connection refused.

看起來預設解析器已損壞。

root@host-02:~$ nslookup
> server
Default server: 127.0.0.1
Address: 127.0.0.1#53
Default server: ::1
Address: ::1#53
> us-east-1.ec2.archive.ubuntu.com
;; connection timed out; no servers could be reached

解析器服務正在執行但沒有權限

root@host-02:~# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
  Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
  Active: active (running) since Thu 2021-05-20 12:00:20 UTC; 14h ago
    Docs: man:systemd-resolved.service(8)
          https://www.freedesktop.org/wiki/Software/systemd/resolved
          https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
          https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 707 (systemd-resolve)
  Status: "Processing requests..."
   Tasks: 1 (limit: 1110)
  CGroup: /system.slice/systemd-resolved.service
          └─707 /lib/systemd/systemd-resolved

May 21 00:00:24 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied
May 21 00:00:24 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied
May 21 00:30:25 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied
May 21 00:30:25 host-02.ahrq.local systemd-resolved[707]: Failed to open /etc/resolv.conf: Permission denied

恢復了預設解析器並重新啟動了服務,我們又開始營業了!

root@host-02:~# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
root@host-02:~# systemctl status systemd-resolved.service
● systemd-resolved.service - Network Name Resolution
  Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
  Active: active (running) since Fri 2021-05-21 02:22:28 UTC; 5s ago
    Docs: man:systemd-resolved.service(8)
          https://www.freedesktop.org/wiki/Software/systemd/resolved
          https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
          https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
Main PID: 9074 (systemd-resolve)
  Status: "Processing requests..."
   Tasks: 1 (limit: 1110)
  CGroup: /system.slice/systemd-resolved.service
          └─9074 /lib/systemd/systemd-resolved

May 21 02:22:28 host-02.ahrq.local systemd[1]: Starting Network Name Resolution...
May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: Positive Trust Anchors:
May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: . IN DS 19036 8 2 49aac11d7b6f644670254a1607371607a1a41855200fd2ce1cdde32f24e8fb5
May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: . IN DS 20326 8 2 e06d44b80b8f1d39a95b0d7c65d08458e880409bbc683457104237c7f8ec8d
May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: Negative trust anchors: 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.ar
May 21 02:22:28 host-02.ahrq.local systemd-resolved[9074]: Using system hostname 'host-02.ahrq.local'.
May 21 02:22:28 host-02.ahrq.local systemd[1]: Started Network Name Resolution.

最後

root@host-02:~# nslookup -v us-east-1.ec2.archive.ubuntu.com
Server:         127.0.0.53
Address:        127.0.0.53#53

Non-authoritative answer:
Name:   us-east-1.ec2.archive.ubuntu.com
Address: 54.172.25.22

引用自:https://serverfault.com/questions/1064176