Permission denied (publickey) - 使用 Kubespray 設置 Kubernetes 集群
此問題來自以下文件How to deploy Kubernetes using Kubespray。我逐字逐句地遵循他們的文件並達到了這一點:
ansible -i inventory.ini -m ping all
該文件概述了使用 Kubespray 和 Terraform 將 Kubernetes 部署到 UpCloud 的所有必要步驟。如前所述,我可以執行所有命令,直到點擊命令:
ansible -i inventory.ini -m ping all
Enter passphrase for key '/home/summer/.ssh/id_rsa': kubespray-worker-2 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).", "unreachable": true } Enter passphrase for key '/home/summer/.ssh/id_rsa': kubespray-worker-0 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nConnection closed by <IP address> port 22", "unreachable": true } Enter passphrase for key '/home/summer/.ssh/id_rsa': kubespray-worker-1 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).", "unreachable": true } kubespray-master-0 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).", "unreachable": true }
請注意:隱藏在白色墨水中的區域是分配給上圖中每個節點的公共 IP 地址。
我可以通過點擊遠端訪問 Ubuntu 伺服器:
ssh <username>@<ip_address>
. 這是一個快照,cluster-settings.tfvars
看看我是否搞砸了一些東西:zone = "fe-fxfx" username = "ubuntu" # Prefix to use for all resources to separate them from other resources prefix = "kubespray" inventory_file = "inventory.ini" # Set the operating system using UUID or exact name template_name = "Ubuntu Server 20.04 LTS (Focal Fossa)" ssh_public_keys = [ # Put your public SSH key here "removed the Public Key for security reasons", ]
此外,
cluster-settings,tfvars
文件中的圖像供參考: cluster-settings.tfvarsping 節點的結果也是不規則的,從某種意義上說,如果
master-0
在一個實例中成功 ping,在另一個實例中,它們都沒有被 ping 通$$ when tried again $$. 雖然,有時
worker-2
被 ping 通,而休息則沒有。
在諮詢了一位前輩之後,我找到了這個問題的答案。首先,SSH 密鑰對需要在沒有密碼的情況下生成,或者如果您使用的是帶有密碼的密鑰對,只需傳遞以下命令即可禁用它:
ssh-keygyen
使用-p
選項執行。ssh-keygen -p
我建議您在 SSH 密鑰對所在的目錄中執行此操作,或者使用
-f ~/<username>/.ssh/id_rsa
如果您正確執行了上述步驟,則會提示您輸入現有密碼:
Enter old passphrase:
之後,輸入新的密碼
$$ basically leave it blank $$並確認:
Enter new passphrase (empty for no passphrase): Enter same passphrase again:
如果成功,您將收到以下提示:
Your identification has been saved with the new passphrase.
**注意:**這些步驟可用於刪除或更改密碼。
Next 在
cluster-settings.tfvars
文件中,有兩個地方可以"enter your SSH key here"
選擇輸入您的公鑰。兩者都不是強制性的。就我而言,我只使用了一個公鑰,並確保密鑰對在 SSH 代理中可用。