search

sassoftware / viya4-deployment

This project contains Ansible code that creates a baseline in an existing Kubernetes environment for use with the SAS Viya Platform, generates the manifest for an order, and then can also deploy that order into the Kubernetes environment specified.
Apache License 2.0
71 stars 64 forks source link

ssh: connect to host issue #140

Closed venu-ibex-9 closed 3 years ago

venu-ibex-9 commented 3 years ago

I am getting this below issue , do i need to open port 22 manually on that server?

Failed to connect to the host via ssh: ssh: connect to host 50.16.214.175 port 22: Operation timed out

TASK [jump-server : jump-server - lookup groups] *** fatal: [localhost -> 50.16.214.175]: FAILED! => {"msg": "Timeout (12s) waiting for privilege escalation prompt: "}

PLAY RECAP ***** localhost : ok=21 changed=3 unreachable=0 failed=1 skipped=31 rescued=0 ignored=0

enderm commented 3 years ago

you didn't provide enough information here. Please share at least the contents of your ansible vars settings, and information about how you created the k8s environment.

You are asking whether you need to open port 22 manually on "that server", which, I assume means the jump VM. I agree that a closed network port is a likely cause here. You are free to open that port manually (or programmatically) and see if that helps.

There are also ways to set up the viya4-iac-* and viya4-deployment parameters so that you do not need to do that extra step.

Some points to check:

If you used one of the viya4-iac-* projects to create your k8s cluster, double-check that you set the correct CIDR range) for client access (https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/CONFIG-VARS.md#admin-access). You can verify that by trying to log into your jump host by using ssh from the same client where your are running your ansible playbook.

Once the ssh login works, make sure that you specified the correct ssh key for your ansible play. It should be same one you specified as "ssh_public_key" when you created your cluster (https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/CONFIG-VARS.md#required-variables), and also the one you used when trying to login to your jump VM via ssh (the JUMP_SVR_PRIVATE_KEY setting: https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#jump-server)

venu-ibex-9 commented 3 years ago

Hi @enderm , i provisioned the k8s via viya4-iav and i am folllowing viya4-deployment guide. please see my variable file here

Cluster

NAMESPACE: ibexlabs

MISC

DEPLOY: true # Set to false to stop at generating the manifest LOADBALANCER_SOURCE_RANGES: []

Storage

V4_CFG_MANAGE_STORAGE: true

SAS API Access

V4_CFG_SAS_API_KEY: 'xxxxxxxxxxx' V4_CFG_SAS_API_SECRET: 'xxxxxxxxx' V4_CFG_ORDER_NUMBER:

CR Access

V4_CFG_CR_USER: V4_CFG_CR_PASSWORD:

Ingress

V4_CFG_INGRESS_TYPE: ingress V4_CFG_INGRESS_FQDN: V4_CFG_TLS_MODE: "full-stack" # [full-stack|front-door|disabled]

Postgres

LDAP

V4_CFG_EMBEDDED_LDAP_ENABLE: true

Consul UI

V4_CFG_CONSUL_ENABLE_LOADBALANCER: true

SAS/CONNECT

V4_CFG_CONNECT_ENABLE_LOADBALANCER: true

Monitoring and Logging

uncomment and update the below values when deploying the viya4-monitoring-kubernetes stack

V4M_BASE_DOMAIN:

enderm commented 3 years ago

There you are: you set LOADBALANCER_SOURCE_RANGES: []

That means to you will not be able to access anything in your cluster deployment - neither the JUMP vm nor the cluster api endpoint. Please review this section (or the equivalent section for your iac cloud project, if you are not using azure): viya4-iac-azure/CONFIG-VARS.md at main * sassoftware/viya4-iac-azure (github.com)https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/CONFIG-VARS.md#admin-access

Also check the comments for the _cidrs variable in any of the examples tfvars files (e.g. viya4-iac-azure/sample-input.tfvars at main sassoftware/viya4-iac-azure (github.com)https://github.com/sassoftware/viya4-iac-azure/blob/main/examples/sample-input.tfvars

From: venu-ibex-9 @.> Sent: Friday, September 3, 2021 8:02 AM To: sassoftware/viya4-deployment @.> Cc: Matthias Ender @.>; Mention @.> Subject: Re: [sassoftware/viya4-deployment] ssh: connect to host issue (#140)

EXTERNAL

Hi @endermhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fenderm&data=04%7C01%7Cmatthias.ender%40sas.com%7C8d1f1ca427b4423d2c3908d96ed2ad24%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637662673401677590%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pvHVo0D7dzkf6Rr6yJydB55xQNjOVw69U9arTBPUTsU%3D&reserved=0 , i provisioned the k8s via viya4-iav and i am folllowing viya4-deployment guide. please see my variable file here

Cluster

NAMESPACE: ibexlabs

MISC

DEPLOY: true # Set to false to stop at generating the manifest LOADBALANCER_SOURCE_RANGES: []

Storage

V4_CFG_MANAGE_STORAGE: true

SAS API Access

V4_CFG_SAS_API_KEY: 'xxxxxxxxxxx' V4_CFG_SAS_API_SECRET: 'xxxxxxxxx' V4_CFG_ORDER_NUMBER:

CR Access

V4_CFG_CR_USER: V4_CFG_CR_PASSWORD:

Ingress

V4_CFG_INGRESS_TYPE: ingress V4_CFG_INGRESS_FQDN: V4_CFG_TLS_MODE: "full-stack" # [full-stack|front-door|disabled]

Postgres LDAP

V4_CFG_EMBEDDED_LDAP_ENABLE: true

Consul UI

V4_CFG_CONSUL_ENABLE_LOADBALANCER: true

SAS/CONNECT

V4_CFG_CONNECT_ENABLE_LOADBALANCER: true

Monitoring and Logging uncomment and update the below values when deploying the viya4-monitoring-kubernetes stack

V4M_BASE_DOMAIN:

- You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fsassoftware%2Fviya4-deployment%2Fissues%2F140%23issuecomment-912484813&data=04%7C01%7Cmatthias.ender%40sas.com%7C8d1f1ca427b4423d2c3908d96ed2ad24%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637662673401687541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Zx1cHAM7bTLDGosNVd4renOvhsapxosBQy7C%2F74YyJk%3D&reserved=0, or unsubscribehttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FACUQLJJLFL4AP7544NOL4UTUAC2MTANCNFSM5DLF32YA&data=04%7C01%7Cmatthias.ender%40sas.com%7C8d1f1ca427b4423d2c3908d96ed2ad24%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637662673401687541%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=FSVdCugOusoHTUpNM4iQyBpumCC68GXbxca8wpSKmfw%3D&reserved=0. Triage notifications on the go with GitHub Mobile for iOShttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapps.apple.com%2Fapp%2Fapple-store%2Fid1477376905%3Fct%3Dnotification-email%26mt%3D8%26pt%3D524675&data=04%7C01%7Cmatthias.ender%40sas.com%7C8d1f1ca427b4423d2c3908d96ed2ad24%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637662673401697502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=d%2FvItyym0XmE4CuGYRWMObSZosJF%2BPv%2FX08TSfF9M0s%3D&reserved=0 or Androidhttps://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.github.android%26referrer%3Dutm_campaign%253Dnotification-email%2526utm_medium%253Demail%2526utm_source%253Dgithub&data=04%7C01%7Cmatthias.ender%40sas.com%7C8d1f1ca427b4423d2c3908d96ed2ad24%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C637662673401697502%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=3Qr0zEx2b0SdXOUKRSBo5Xu7ZXIAsw535JOfzPBOggA%3D&reserved=0.

venu-ibex-9 commented 3 years ago

I added my NAT ip there, but i am getting this belwo error

TASK [jump-server : jump-server - add host] **** changed: [localhost] Friday 03 September 2021 13:03:18 +0000 (0:00:00.132) 0:00:09.609 ** [WARNING]: Unhandled error in Python interpreter discovery for host localhost: Failed to connect to the host via ssh: Warning: Permanently added '50.16.214.175' (ECDSA) to the list of known hosts. jumpuser@50.16.214.175: Permission denied (publickey).

TASK [jump-server : jump-server - lookup groups] *** fatal: [localhost -> 50.16.214.175]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"50.16.214.175\". Make sure this host can be reached over ssh: Warning: Permanently added '50.16.214.175' (ECDSA) to the list of known hosts.\r\njumpuser@50.16.214.175: Permission denied (publickey).\r\n", "unreachable": true}

enderm commented 3 years ago

I am repeating the verification steps I posted earlier.

Verify that by trying to log into your jump host by using ssh from the same client where your are running your ansible playbook.

Once the ssh login works, make sure that you specified the correct ssh key for your ansible play. It should be same one you specified as "ssh_public_key" when you created your cluster (https://github.com/sassoftware/viya4-iac-azure/blob/main/docs/CONFIG-VARS.md#required-variables), and also the one you used when trying to login to your jump VM via ssh (the JUMP_SVR_PRIVATE_KEY setting: https://github.com/sassoftware/viya4-deployment/blob/main/docs/CONFIG-VARS.md#jump-server)

venu-ibex-9 commented 3 years ago

Hi thanks for the update, i tried to connect my jumpbox vm from my local machine but I am getting permission denied issue,can you help me how can i fix this issue, i changed the permission of file and tried but no luck. please help me on this. FYR:-

ssh jumpuser@54.209.82.131 The authenticity of host '54.209.82.131 (54.209.82.131)' can't be established. ECDSA key fingerprint is SHA256:k4ezIzL/8roO3VglLNIyyn3JC1urSuKYvxnHoUHkoNs. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '54.209.82.131' (ECDSA) to the list of known hosts. Enter passphrase for key '/Users/venugopal/.ssh/id_rsa': jumpuser@54.209.82.131: Permission denied (publickey).

enderm commented 3 years ago

that shows us that you have physical access to your VM

Now the question is whether the ssh key matches the one you used when creating the cluster. Please check that.

venu-ibex-9 commented 3 years ago

Thanks @enderm , thst issue got resolved. i got order number not founfd issue. wher i get this order number?

FYR:- atal: [localhost]: FAILED! => {"changed": true, "cmd": ["/tmp/ansible.ddxw9z6l/viya4-orders-cli", "license", "--file-path", "/data/sas-test-eks/ibexlabs/site-config", "--file-name", "license", "u003e", "lts", "2020.1"], "delta": "0:00:00.497688", "end": "2021-09-04 12:08:05.579712", "msg": "non-zero return code", "rc": 1, "start": "2021-09-04 12:08:05.082024", "stderr": "2021/09/04 12:08:05 INFO: no config file found\n2021/09/04 12:08:05 ERROR: asset request failed: {\"version\":2,\"httpStatusCode\":404,\"message\":\"Not Found\",\"errors\":[{\"message\":\"Order U003E not found\"}]}", "stderr_lines": ["2021/09/04 12:08:05 INFO: no config file found", "2021/09/04 12:08:05 ERROR: asset request failed: {\"version\":2,\"httpStatusCode\":404,\"message\":\"Not Found\",\"errors\":[{\"message\":\"Order U003E not found\"}]}"], "stdout": "", "stdout_lines": []}

venu-ibex-9 commented 3 years ago

This issue was also resolved,I deployed successfully without failures. How I can verify the SAS deployment, is there any document on this @enderm

enderm commented 3 years ago

Verify Deployment: https://go.documentation.sas.com/doc/en/sasadmincdc/v_017/calvalid/titlepage.htm The SAS Documentation is always a good place to look a first stop to find answers.

Please share how you resolved the issue. It will help others who run into similar issues understand what can go wrong and how to solve it.