重要
前因:
免密是由客户进行操作,出于安全的考虑,生成ssh-key-gen时选用的加密算法为ed25519, 而非默认的rsa, 从而生成的私钥文件目录为~/.ssh/id_ed25519
现状:
执行rke up命令,报错 ~/.ssh/id_rsa 文件不存在,集群安装失败。
1
2
3
4
5
6
7
8
9
10
11
| INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [10.0.0.1]
WARN[0000] Failed to set up SSH tunneling for host [10.0.0.1]: Can’t establish dialer connection: Error while reading SSH key file: open /root/.ssh/id_rsa: no such file or directory
INFO[0000] [dialer] Setup tunnel for host [10.0.0.2]
WARN[0000] Failed to set up SSH tunneling for host [10.0.0.2]: Can’t establish dialer connection: Error while reading SSH key file: open /root/.ssh/id_rsa: no such file or directory
INFO[0000] [dialer] Setup tunnel for host [10.0.0.3]
WARN[0000] Failed to set up SSH tunneling for host [10.0.0.3]: Can’t establish dialer connection: Error while reading SSH key file: open /root/.ssh/id_rsa: no such file or directory
WARN[0000] Removing host [10.0.0.1] from node lists
WARN[0000] Removing host [10.0.0.2] from node lists
WARN[0000] Removing host [10.0.0.3] from node lists
FATA[0000] Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s) [10.0.0.1]
|
修改配置文件cluster.yaml
1
| ssh_key_path: ~/.ssh/id_ed25519
|
如果在群集级别和节点级别都定义了ssh_key_path,则节点级别的密钥优先。
集群级别设置:
1
2
3
| cluster_name: mycluster
ssh_key_path: ~/.ssh/id_ed25519
nodes:
|
节点级别设置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| cluster_name: mycluster
nodes:
- address: 1.1.1.1
user: ubuntu
role:
- controlplane
- etcd
- worker
ssh_key_path: ~/.ssh/id_ed25519
- address: 1.1.1.2
user: ubuntu
role:
- controlplane
- etcd
- worker
ssh_key_path: ~/.ssh/id_ed25519
|
Reference
RKE配置参数-ssh_key_path
RKE配制文件-full-example
