search

aws / eks-anywhere

Run Amazon EKS on your own infrastructure 🚀
https://anywhere.eks.amazonaws.com
Apache License 2.0
1.98k stars 290 forks source link

Error building Ubuntu vSphere OVA node image #3213

Closed dashkan closed 2 years ago

dashkan commented 2 years ago

What happened: Followed directions here

Everything seems to work until provisioning ansible.

Get the following error when building ubuntu vSphere ova image:

image-builder build --os ubuntu --hypervisor vsphere --release-channel 1-23 --vsphere-config vsphere-connection.json
==> vsphere: File /home/image-builder/eks-anywhere-build-tooling/projects/kubernetes-sigs/image-builder/image-builder/images/capi/packer_cache/48e4ec4daa32571605576c5566f486133ecc271f.iso already uploaded; continuing
==> vsphere: File [isilon-ds1] packer_cache//48e4ec4daa32571605576c5566f486133ecc271f.iso already exists; skipping upload.
==> vsphere: Creating VM...
==> vsphere: Customizing hardware...
==> vsphere: Mounting ISO images...
==> vsphere: Adding configuration parameters...
==> vsphere: Creating floppy disk...
    vsphere: Copying files flatly from floppy_files
    vsphere: Done copying files from floppy_files
    vsphere: Collecting paths from floppy_dirs
    vsphere: Resulting paths from floppy_dirs : [./packer/ova/linux/ubuntu/http/]
    vsphere: Recursively copying : ./packer/ova/linux/ubuntu/http/
    vsphere: Done copying paths from floppy_dirs
==> vsphere: Uploading created floppy image
==> vsphere: Adding generated Floppy...
==> vsphere: Set boot order temporary...
==> vsphere: Power on VM...
==> vsphere: Waiting 10s for boot...
==> vsphere: Typing boot command...
==> vsphere: Waiting for IP...
==> vsphere: IP address: 100.99.84.79
==> vsphere: Using ssh communicator to connect: 100.99.84.79
==> vsphere: Waiting for SSH to become available...
==> vsphere: Connected to SSH!
==> vsphere: Provisioning with Ansible...
    vsphere: Setting up proxy adapter for Ansible....
==> vsphere: Executing Ansible: ansible-playbook -e packer_build_name="vsphere" -e packer_builder_type=vsphere-iso -e packer_http_addr=100.99.84.41:0 --ssh-extra-args '-o IdentitiesOnly=yes' --extra-vars containerd_url=https://github.com/containerd/containerd/releases/download/v1.5.7/cri-containerd-cni-1.5.7-linux-amd64.tar.gz containerd_sha256=7fce75bab43a39d6f9efb3c370de2da49723f0e1dbaa9732d68fa7f620d720c8 etcd_http_source=https://distro.eks.amazonaws.com/kubernetes-1-23/releases/4/artifacts/etcd/v3.5.4/etcd-linux-amd64-v3.5.4.tar.gz etcd_version=v3.5.4 etcd_sha256=84626ef08338fffbc2c6ea8e01f5c95ca5d0a2392b0929d4fa6e75ae22758847 etcdadm_http_source=https://anywhere-assets.eks.amazonaws.com/releases/bundles/15/artifacts/etcdadm/5b496a72af3d80d64a16a650c85ce9a5882bc014/etcdadm-linux-amd64.tar.gz etcdadm_version=v0.1.5 pause_image=public.ecr.aws/eks-distro/kubernetes/pause:v1.23.7-eks-1-23-4 containerd_additional_settings= containerd_cri_socket=/var/run/containerd/containerd.sock containerd_version=1.5.7 crictl_url=https://anywhere-assets.eks.amazonaws.com/releases/bundles/15/artifacts/cri-tools/v1.24.2/cri-tools-linux-amd64.tar.gz crictl_sha256=0e69588633865bc2e3da45b51353a8b4279e104aa72e64496ddf070f4d3fc453 crictl_source_type=http custom_role= custom_role_names= disable_public_repos=false extra_debs=nfs-common xfsprogs extra_repos= extra_rpms= http_proxy= https_proxy= kubeadm_template=etc/kubeadm.yml kubernetes_cni_http_source=https://distro.eks.amazonaws.com/kubernetes-1-23/releases/4/artifacts/plugins kubernetes_cni_http_checksum=sha256:c2578ba5592befc774ff7f630820b3c7436e39f7473cdcc6470cfb9d408003a7 kubernetes_http_source=https://distro.eks.amazonaws.com/kubernetes-1-23/releases/4/artifacts/kubernetes kubernetes_container_registry=public.ecr.aws/eks-distro kubernetes_rpm_repo=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 kubernetes_rpm_gpg_key="https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg" kubernetes_rpm_gpg_check=True kubernetes_deb_repo="https://apt.kubernetes.io/ kubernetes-xenial" kubernetes_deb_gpg_key=https://packages.cloud.google.com/apt/doc/apt-key.gpg kubernetes_cni_deb_version= kubernetes_cni_rpm_version= kubernetes_cni_semver=v1.1.1 kubernetes_cni_source_type=http kubernetes_semver=v1.23.7 kubernetes_source_type=http kubernetes_load_additional_imgs=true kubernetes_deb_version=1.20.10-00 kubernetes_rpm_version=1.20.10-0 no_proxy= python_path= redhat_epel_rpm=https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm epel_rpm_gpg_key= reenable_public_repos=true remove_extra_repos=false systemd_prefix=/usr/lib/systemd sysusr_prefix=/usr sysusrlocal_prefix=/usr/local load_additional_components=true additional_registry_images=false additional_registry_images_list= additional_url_images=true additional_url_images_list=https://distro.eks.amazonaws.com/kubernetes-1-22/releases/9/artifacts/kubernetes/v1.22.10/bin/linux/amd64/pause.tar additional_executables=false additional_executables_list= additional_executables_destination_path= build_target=virt --extra-vars guestinfo_datasource_slug=https://raw.githubusercontent.com/vmware/cloud-init-vmware-guestinfo guestinfo_datasource_ref=v1.4.0 guestinfo_datasource_script=https://raw.githubusercontent.com/vmware/cloud-init-vmware-guestinfo/v1.4.0/install.sh --extra-vars  -e ansible_ssh_private_key_file=/tmp/ansible-key936600266 -i /tmp/packer-provisioner-ansible421632417 /home/image-builder/eks-anywhere-build-tooling/projects/kubernetes-sigs/image-builder/image-builder/images/capi/ansible/firstboot.yml
    vsphere:
    vsphere: PLAY [all] *********************************************************************
==> vsphere: failed to handshake
    vsphere:
    vsphere: TASK [Gathering Facts] *********************************************************
    vsphere: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Unable to negotiate with 127.0.0.1 port 39045: no matching host key type found. Their offer: ssh-rsa", "unreachable": true}
    vsphere:
    vsphere: PLAY RECAP *********************************************************************
    vsphere: default                    : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0
    vsphere:
==> vsphere: Provisioning step had errors: Running the cleanup provisioner, if present...
==> vsphere: Clear boot order...
==> vsphere: Power off VM...
==> vsphere: Deleting Floppy image ...
==> vsphere: Destroying VM...
Build 'vsphere' errored after 4 minutes 32 seconds: Error executing Ansible: Non-zero exit status: exit status 4

==> Wait completed after 4 minutes 32 seconds

==> Some builds didn't complete successfully and had errors:
--> vsphere: Error executing Ansible: Non-zero exit status: exit status 4

==> Builds finished but no artifacts were created.
make[1]: *** [Makefile:323: build-node-ova-vsphere-ubuntu-2004] Error 1
make[1]: Leaving directory '/home/image-builder/eks-anywhere-build-tooling/projects/kubernetes-sigs/image-builder/image-builder/images/capi'
make: *** [Makefile:205: local-build-ova-ubuntu-2004] Error 2
make: Leaving directory '/home/image-builder/eks-anywhere-build-tooling/projects/kubernetes-sigs/image-builder'
2022/08/31 05:21:06 Error executing image-builder for vsphere hypervisor: failed to run command: exit status 2

What you expected to happen: Successful build

How to reproduce it (as minimally and precisely as possible): N/A

Anything else we need to know?:

Environment:

vignesh-goutham commented 2 years ago

Hello @dashkan, thanks for trying out the image-builder to build vsphere ubuntu nodes. It looks like the ssh process running on vm/machine running the image-builder, doesnt have ssh-rsa as an accepted algorithm. Please edit the sshd config at /home/$USER/.ssh/config and add the following two lines. 

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

This will add rsa as an accepted algorithm and allow packer to negotiate with the vm being created during image building process. Try running the image-builder command after these changes. image-builder build --os ubuntu --hypervisor vsphere --release-channel 1-23 --vsphere-config vsphere-connection.json --force

The ssh config changes do not need ssh process to be restarted to take effect. But if you still see the problem, you can try restarting the process with systemctl restart ssh

I will also update the documentation to reflect these instructions.

dashkan commented 2 years ago

That resolved the issue. Docs state to use Ubuntu 22.04 which defaults to not having ssh-rsa algorithm enabled. Maybe docs should be updated....