我使用本指南[OpenStack Charms 部署指南]执行了集群节点安装。(https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-maas.html),其中网络类型为平面网络,所用组件为:
- 马斯
- 朱朱
- Openstack
我的实验室有以下网络规划:
+-------------+
Firewall
10.20.81.254
+-------------+
|
+-------------------------------------------------------------+
Switch
vlan81 vlan81 vlan81
+-------------------------------------------------------------+
| | || || || ||
+--------------+ +------------+ +------------------+
|Maas+Juju |Juju Gui| |Openstack
|10.20.81.1 |10.20.81.2 |10.20.81.3-6
+--------------+ +-------------+ +------------------+
|
+--------------------------------------------+
Private Subnet Floating Subnet
10.1.0.0/24 10.20.81.220-230/24
+---+----+--+ +----+------+
| | +----+ |
| | | | |
| +--------+ VR +-------------+
| | |
+--+-+ +----+
| |
| VM |
| .13|
| |
我无法使用 SSH 连接实例,这是错误:
[email protected]: Permission denied (publickey).
Ping 正常:
ubuntu@os-compute02:~$ sudo sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 10.1.0.13
PING 10.1.0.13 (10.1.0.13) 56(84) bytes of data.
64 bytes from 10.1.0.13: icmp_seq=1 ttl=64 time=1.47 ms
我这样做了:
$: juju ssh neutron-gateway/0
然后
ubuntu@os-compute02:~$ sudo ip netns
qrouter-e933429f-6816-47b3-9e50-581d78243935 (id: 4)
qdhcp-65727477-9d15-4f79-8bc9-078b59eb6faa (id: 3)
使用以下命令在节点上创建 SSH 密钥对:
ubuntu@os-compute02: ssh-keygen -t rsa
接下来,我尝试允许 SSH 连接
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/id_rsa.pub [email protected] -v
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 10.1.0.13 [10.1.0.13] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4
debug1: match: OpenSSH_7.6p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 10.1.0.13:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:E+2ZKulh+LewPnIPh7/OUTMcQ/FYNcUN4RuGMBCDtnA
debug1: Host '10.1.0.13' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM /home/ubuntu/.ssh/id_rsa.pub
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
Load key "/home/ubuntu/.ssh/id_rsa.pub": invalid format
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
第一个错误:
Load key "/home/ubuntu/.ssh/id_rsa.pub": invalid format
Openstack 上的“实例控制台日志”报告:
Starting Set console scheme...
[[0;32m OK [0m] Started Terminate Plymouth Boot Screen.
[[0;32m OK [0m] Started Set console scheme.
[[0;32m OK [0m] Created slice system-getty.slice.
[[0;32m OK [0m] Started Getty on tty1.
[[0;32m OK [0m] Reached target Login Prompts.
[[0;32m OK [0m] Started LSB: automatic crash report generation.
[[0;32m OK [0m] Started System Logging Service.
[[0;32m OK [0m] Started Pollinate to seed the pseudo random number generator.
Starting OpenBSD Secure Shell server...
[[0;32m OK [0m] Started OpenBSD Secure Shell server.
Ubuntu 18.04.1 LTS ubuntu ttyS0
ubuntu login: [ 95.684752] cloud-init[1089]: Cloud-init v. 18.3-9-g2e62cb8a-0ubuntu1~18.04.2 running 'modules:config' at Wed, 03 Apr 2019 10:13:41 +0000. Up 94.75 seconds.
ci-info: no authorized ssh keys fingerprints found for user ubuntu.
<14>Apr 3 10:13:43 ec2:
<14>Apr 3 10:13:43 ec2: #############################################################
<14>Apr 3 10:13:43 ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<14>Apr 3 10:13:43 ec2: 1024 SHA256:pOhpmetFuYOOTAkAR2eXy27gJAGq1g1uO9lIcRwrjCk root@ubuntu (DSA)
<14>Apr 3 10:13:43 ec2: 256 SHA256:nafzb325Ll5FKz4DOA4zmadhnNbhQKEFTIlXiXikG+Y root@ubuntu (ECDSA)
<14>Apr 3 10:13:43 ec2: 256 SHA256:zUlvRYdty80h+m5tIXEM3g59Vs8a0JGMZOIuCYG7NQs root@ubuntu (ED25519)
<14>Apr 3 10:13:43 ec2: 2048 SHA256:rK9e8f76d+ELlmU0LbUpeBL+VsC5JGkNCCpCbDPgJqE root@ubuntu (RSA)
<14>Apr 3 10:13:43 ec2: -----END SSH HOST KEY FINGERPRINTS-----
<14>Apr 3 10:13:43 ec2: #############################################################
-----BEGIN SSH HOST KEY KEYS-----
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNwKCVHrHIYxDCZ4KKRORJC1rhmVxanX5IZEdVvXlk0bdWUEpAZeRRLSnJDK3GD/xD7t/xVgMpTCWCmP60mjWU4= root@ubuntu
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvRjPqF6PCl0h/El4q+e7jmUEmxxZnZ9I94Eca+NW+Q root@ubuntu
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+0Jg/RwOuNRdj1lPIyVh8wHuZWeOk8r/INqNflyPq3DCaS5eEiSa3gfwf/2MagGxKsXmTScRDXvPulS0o+TsLaJnyd7FtDG/Wp163SpLQUl027iECoTQjb/oORJgqk0Lpsyk/D/5y93wqYsotPNEl7vP7ldkaSvl5RPcWe1U0Dqx1z4OfVM2NO5WBEEStaJ54OVfpJxiBreG6qS/kcXB9NsbIz63ObTlaSmn7BhLdnrrCXMFt+5WtKnqIjQKNb553d7dUHSbfflACva4G4BWNgPuDy5XXLxO+rLNtjT2uO3+hL9jZaMtfwWzO8Yb7bbu8xehdAZcv+r5uQf8ocxD9 root@ubuntu
-----END SSH HOST KEY KEYS-----
[ 96.584607] cloud-init[1138]: Cloud-init v. 18.3-9-g2e62cb8a-0ubuntu1~18.04.2 running 'modules:final' at Wed, 03 Apr 2019 10:13:42 +0000. Up 96.31 seconds.
[ 96.585321] cloud-init[1138]: ci-info: no authorized ssh keys fingerprints found for user ubuntu.
[ 96.585658] cloud-init[1138]: Cloud-init v. 18.3-9-g2e62cb8a-0ubuntu1~18.04.2 finished at Wed, 03 Apr 2019 10:13:43 +0000. Datasource DataSourceNone. Up 96.57 seconds
[ 96.586004] cloud-init[1138]: 2019-04-03 10:13:43,102 - cc_final_message.py[WARNING]: Used fallback datasource
详细模式向我展示了:
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/id_rsa.pub [email protected] -vvv
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: resolving "10.1.0.13" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to 10.1.0.13 [10.1.0.13] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/ubuntu/.ssh/id_rsa.pub-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4
debug1: match: OpenSSH_7.6p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.1.0.13:22 as 'ubuntu'
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys from 10.1.0.13
debug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:E+2ZKulh+LewPnIPh7/OUTMcQ/FYNcUN4RuGMBCDtnA
debug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"
debug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:7
debug3: load_hostkeys: loaded 1 keys from 10.1.0.13
debug1: Host '10.1.0.13' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:7
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /home/ubuntu/.ssh/id_rsa.pub (0x559368ea5930), explicit
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM /home/ubuntu/.ssh/id_rsa.pub
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM
debug3: sign_and_send_pubkey: RSA SHA256:z1vLieNiK9fX0UhqioSPLroGX+gdcP0w1sY0XMUeIRM
Load key "/home/ubuntu/.ssh/id_rsa.pub": invalid format
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).
然后
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 tail -f /var/log/auth.log
Apr 3 10:39:56 os-compute02 sudo: ubuntu : TTY=pts/5 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/sbin/ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i .ssh/id_rsa.pub [email protected] -v
Apr 3 10:39:56 os-compute02 sudo: pam_unix(sudo:session): session opened for user root by ubuntu(uid=0)
Apr 3 10:39:56 os-compute02 sudo: pam_unix(sudo:session): session closed for user root
Apr 3 10:40:01 os-compute02 CRON[8944]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 3 10:40:01 os-compute02 CRON[8944]: pam_unix(cron:session): session closed for user root
然后
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 journalctl -u ssh.service -f
-- Logs begin at Tue 2019-04-02 21:01:11 UTC. --
Apr 03 07:25:53 os-compute02 sshd[25670]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 03 07:51:03 os-compute02 sshd[27126]: Connection closed by 10.20.81.1 port 47780 [preauth]
Apr 03 07:51:03 os-compute02 sshd[27128]: Accepted publickey for ubuntu from 10.20.81.1 port 47782 ssh2: RSA SHA256:7ErDKB9+6yxjZtNMbAuPqIBhrrxAU1Ik6RXYda6uYkU
Apr 03 07:51:03 os-compute02 sshd[27128]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 03 08:48:14 os-compute02 sshd[10971]: Connection closed by 10.20.81.1 port 48266 [preauth]
Apr 03 08:48:14 os-compute02 sshd[10973]: Accepted publickey for ubuntu from 10.20.81.1 port 48268 ssh2: RSA SHA256:7ErDKB9+6yxjZtNMbAuPqIBhrrxAU1Ik6RXYda6uYkU
Apr 03 08:48:14 os-compute02 sshd[10973]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Apr 03 10:26:49 os-compute02 sshd[20182]: Connection closed by 10.20.81.1 port 49104 [preauth]
Apr 03 10:26:49 os-compute02 sshd[20191]: Accepted publickey for ubuntu from 10.20.81.1 port 49106 ssh2: RSA SHA256:7ErDKB9+6yxjZtNMbAuPqIBhrrxAU1Ik6RXYda6uYkU
Apr 03 10:26:49 os-compute02 sshd[20191]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
答案1
我已经解决了。我没有导入密钥,而是直接创建了 Openstack 的新密钥对,将其保存在我的桌面上,并在 .ssh/ 目录中的 neutron-gateway/0 上以相同的名称进行复制。
$: juju ssh neutron-gateway/0
ubuntu@os-compute03: nano .ssh/u1804Key.pem
复制密钥并更改权限
ubuntu@os-compute03: chmod 600 .ssh/u1804Key.pem
ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/u1804Key.pem [email protected]
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Wed Apr 3 21:19:12 UTC 2019
System load: 0.0 Processes: 90
Usage of /: 1.2% of 77.36GB Users logged in: 0
Memory usage: 12% IP address for ens2: 10.1.0.13
Swap usage: 0%
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings
Last login: Wed Apr 3 20:51:52 2019 from 10.1.0.1
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@u1804ins:~$