Closed oskapt closed 6 years ago
@oskapt I think what you need to do is to run rke up with the option --ssh-agent-auth
to use the ssh-agent, without this option rke will attempt to use the normal method to just ssh to the hosts with the encrypted key which will fail of course.
I tested with --ssh-agent-auth and it worked fine with the latest 0.1.8 rc.
@oskapt can you retest the issue with the --ssh-agent-auth option and see if you can still see the issue
SSH agent auth does work, however it bails out if a key file doesn't exist:
WARN[0000] Failed to set up SSH tunneling for host [elgyn1.boo.tc]: Can't establish dialer connection: Error while reading SSH key file: open /home/bootc/.ssh/id_rsa: no such file or directory
I can work around this by creating an empty file for the key:
$ touch /home/bootc/.ssh/id_rsa
$ rke up --config rke.yml
INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [stoppit.boo.tc]
INFO[0004] [dialer] Setup tunnel for host [tidyup.boo.tc]
INFO[0006] [dialer] Setup tunnel for host [elgyn1.boo.tc]
INFO[0011] [state] Found local kube config file, trying to get state from cluster
[...]
A key file shouldn't need to exist at all when using agent auth (my key is on a Yubikey), and an empty key file is particularly nonsensical IMO.
@galal-hussein can you check out this?
@galal-hussein sorry about not responding. i was having issues receiving notifications from github.
i haven't tested with --ssh-agent-auth
; i'd have to tear down and rebuild the environment.
at any rate, i'm not sure that passing a flag is the correct route. first, having a passphrase on a key is not the same as using ssh-agent
. second, i shouldn't have to remember to use some special flag when i'm using a key that has a passphrase. in both cases, it would be better if the thing that wants to use the key detects that there's a passphrase on it and asks for it or detects (through env variables perhaps) that there's an agent it can talk to.
@soumyalj the issue can be tested by the following steps:
rke should run successfully without showing an error that the key doesn't exist
Tested with rke version v0.1.10-rc4.
ssh-add testsshkeyfile(privatekey)
./rke_darwin-amd64-latest up --config testabc.yml --ssh-agent-auth
Cluster got created successfully. Creation of pods was fine.
Please see #192 for comments that this has resurfaced in v0.1.7. I'm opening a new ticket because the other is closed and unlikely to see new comments. @galal-hussein @deniseschannon