主页 / server / 问题 / 1079334
Accepted
Sebastian
Asked: 2021-10-02 11:07:41 +0800 CST

Permission denied (publickey) - 使用 Kubespray 设置 Kubernetes 集群

  • 772

此问题来自以下文档How to deploy Kubernetes using Kubespray。我逐字逐句地遵循他们的文档并达到了这一点:

ansible -i inventory.ini -m ping all

这是文档中的上述命令

该文档概述了使用 Kubespray 和 Terraform 将 Kubernetes 部署到 UpCloud 的所有必要步骤。如前所述,我可以执行所有命令,直到点击命令:ansible -i inventory.ini -m ping all

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
    "unreachable": true
}

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-0 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nConnection closed by <IP address> port 22",
    "unreachable": true
}

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
    "unreachable": true
}
kubespray-master-0 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
    "unreachable": true
}

以上图片形式错误,供进一步参考

请注意:隐藏在白色墨水中的区域是分配给上图中每个节点的公共 IP 地址

我可以通过点击远程访问 Ubuntu 服务器:ssh <username>@<ip_address>. 这是一个快照,cluster-settings.tfvars看看我是否搞砸了一些东西:

zone     = "fe-fxfx"
username = "ubuntu"

# Prefix to use for all resources to separate them from other resources
prefix = "kubespray"

inventory_file = "inventory.ini"

#  Set the operating system using UUID or exact name
template_name = "Ubuntu Server 20.04 LTS (Focal Fossa)"

ssh_public_keys = [
  # Put your public SSH key here
  "removed the Public Key for security reasons",
]

此外,cluster-settings,tfvars文件中的图像供参考: cluster-settings.tfvars

ping 节点的结果也是不规则的,从某种意义上说,如果master-0在一个实例中成功 ping,在另一个实例中,它们都没有被 ping [再次尝试时]。虽然,有时worker-2被 ping 通,而休息则没有。

ssh ping ansible

1 个回答

  1. Best Answer

    在咨询了一位前辈之后,我找到了这个问题的答案。首先,SSH 密钥对需要在没有密码的情况下生成,或者如果您使用的是带有密码的密钥对,只需传递以下命令即可禁用它:

    ssh-keygyen使用-p选项运行。

    ssh-keygen -p

    我建议您在 SSH 密钥对所在的目录中执行此操作,或者使用-f ~/<username>/.ssh/id_rsa

    如果您正确执行了上述步骤,则会提示您输入现有密码:

    Enter old passphrase:

    之后,输入新的密码[基本上留空]并确认:

    Enter new passphrase (empty for no passphrase):
Enter same passphrase again:

    如果成功,您将收到以下提示:

    Your identification has been saved with the new passphrase.

    注意:这些步骤可用于删除或更改密码。

    Nextcluster-settings.tfvars文件中,有两个地方可以"enter your SSH key here"选择输入您的公钥。两者都不是强制性的。就我而言,我只使用了一个公钥,并确保密钥对在 SSH 代理中可用。

    • 0

相关问题