Ssh

Permission denied (publickey) - 使用 Kubespray 設置 Kubernetes 集群

  • October 3, 2021

此問題來自以下文件How to deploy Kubernetes using Kubespray。我逐字逐句地遵循他們的文件並達到了這一點:

ansible -i inventory.ini -m ping all

這是文件中的上述命令

該文件概述了使用 Kubespray 和 Terraform 將 Kubernetes 部署到 UpCloud 的所有必要步驟。如前所述,我可以執行所有命令,直到點擊命令:ansible -i inventory.ini -m ping all

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-2 | UNREACHABLE! => {
   "changed": false,
   "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
   "unreachable": true
}

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-0 | UNREACHABLE! => {
   "changed": false,
   "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nConnection closed by <IP address> port 22",
   "unreachable": true
}

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-1 | UNREACHABLE! => {
   "changed": false,
   "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
   "unreachable": true
}
kubespray-master-0 | UNREACHABLE! => {
   "changed": false,
   "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
   "unreachable": true
}

以上圖片形式錯誤,供進一步參考

請注意:隱藏在白色墨水中的區域是分配給上圖中每個節點的公共 IP 地址

我可以通過點擊遠端訪問 Ubuntu 伺服器:ssh <username>@<ip_address>. 這是一個快照,cluster-settings.tfvars看看我是否搞砸了一些東西:

zone     = "fe-fxfx"
username = "ubuntu"

# Prefix to use for all resources to separate them from other resources
prefix = "kubespray"

inventory_file = "inventory.ini"

#  Set the operating system using UUID or exact name
template_name = "Ubuntu Server 20.04 LTS (Focal Fossa)"

ssh_public_keys = [
 # Put your public SSH key here
 "removed the Public Key for security reasons",
]

此外,cluster-settings,tfvars文件中的圖像供參考: cluster-settings.tfvars

ping 節點的結果也是不規則的,從某種意義上說,如果master-0在一個實例中成功 ping,在另一個實例中,它們都沒有被 ping 通

$$ when tried again $$. 雖然,有時worker-2被 ping 通,而休息則沒有。

在諮詢了一位前輩之後,我找到了這個問題的答案。首先,SSH 密鑰對需要在沒有密碼的情況下生成,或者如果您使用的是帶有密碼的密鑰對,只需傳遞以下命令即可禁用它:

ssh-keygyen使用-p選項執行。

ssh-keygen -p

我建議您在 SSH 密鑰對所在的目錄中執行此操作,或者使用-f ~/<username>/.ssh/id_rsa

如果您正確執行了上述步驟,則會提示您輸入現有密碼:

Enter old passphrase:

之後,輸入新的密碼

$$ basically leave it blank $$並確認:

Enter new passphrase (empty for no passphrase):
Enter same passphrase again:

如果成功,您將收到以下提示:

Your identification has been saved with the new passphrase.

**注意:**這些步驟可用於刪除或更改密碼。

Nextcluster-settings.tfvars文件中,有兩個地方可以"enter your SSH key here"選擇輸入您的公鑰。兩者都不是強制性的。就我而言,我只使用了一個公鑰,並確保密鑰對在 SSH 代理中可用。

引用自:https://serverfault.com/questions/1079334