权限被拒绝(公钥)-使用 Kubespray 设置 Kubernetes 集群

权限被拒绝(公钥)-使用 Kubespray 设置 Kubernetes 集群

此问题来自以下文档如何使用 Kubespray 部署 Kubernetes我逐字逐句地遵循了他们的文档,并得出了这一点:

ansible -i inventory.ini -m ping all

这是文档中的上述命令

该文档概述了使用 Kubespray 和 Terraform 将 Kubernetes 部署到 UpCloud 的所有必要步骤。如前所述,我可以执行所有命令,直到命中命令:ansible -i inventory.ini -m ping all

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-2 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
    "unreachable": true
}

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-0 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nConnection closed by <IP address> port 22",
    "unreachable": true
}

Enter passphrase for key '/home/summer/.ssh/id_rsa':
kubespray-worker-1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
    "unreachable": true
}
kubespray-master-0 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '<IP address>' (ECDSA) to the list of known hosts.\r\nubuntu@<IP address>: Permission denied (publickey).",
    "unreachable": true
}

以上错误以图像形式提供,以供进一步参考

请注意:上图中用白色墨水隐藏的区域是分配给每个节点的公共 IP 地址

我可以通过点击来远程访问 Ubuntu 服务器:ssh <username>@<ip_address>。以下是快照,cluster-settings.tfvars看看我是否搞砸了什么:

zone     = "fe-fxfx"
username = "ubuntu"

# Prefix to use for all resources to separate them from other resources
prefix = "kubespray"

inventory_file = "inventory.ini"

#  Set the operating system using UUID or exact name
template_name = "Ubuntu Server 20.04 LTS (Focal Fossa)"

ssh_public_keys = [
  # Put your public SSH key here
  "removed the Public Key for security reasons",
]

另外,文件中的图像cluster-settings,tfvars可供参考: 集群设置.tfvars

ping 节点的结果也是不规则的,从某种意义上说,如果master-0在一次尝试中成功 ping 了某个节点,那么在另一次尝试中,所有节点都无法 ping 通(再次尝试时)。而有时worker-2ping 通了,其他节点则无法 ping 通。

答案1

在咨询了一位前辈后,我找到了这个问题的答案。首先,SSH 密钥对需要在没有密码的情况下生成,或者如果你使用带有密码的密钥对,只需传递此命令即可禁用它:

ssh-keygyen使用选项运行-p

ssh-keygen -p

我建议你在 SSH 密钥对所在的目录中执行此操作,或者使用以下命令指定它-f ~/<username>/.ssh/id_rsa

如果您正确完成上述步骤,系统将提示您输入现有密码:

Enter old passphrase:

之后,输入新密码[基本上留空]并确认:

Enter new passphrase (empty for no passphrase):
Enter same passphrase again:

如果成功的话,你会得到以下提示:

Your identification has been saved with the new passphrase.

笔记:这些步骤可用于删除或更改密码。

下一个 文件中cluster-settings.tfvars有两个地方"enter your SSH key here"可以输入公钥。不必同时输入两个。就我而言,我只使用了一个公钥,并确保密钥对在 SSH 代理中可用。

相关内容