Comments (5)
canit00
commented on June 9, 2024
Hi David -
Being able to ssh to any node in the cluster is logically done for user convenience & also taking into account that users may be working in environments with different environmental configurations, etc..
That being said, the code snippet creates an ssh key pair specifically for the cluster which configures your $HOME/.ssh/config with the FQDN provided in the vars.yaml file along with the core user as it's default in RHCOS.
https://github.com/RedHatOfficial/ocp4-helpernode/blob/master/tasks/generate_ssh_keys.yaml#L1-L23
Sorry if this caused confusion.
from ocp4-helpernode.
bassplay3r
commented on June 9, 2024
But I provided my public key in the install-config.yaml and the helper_rsa is not my private key
Did I miss a step?
I don't mind telling my users to do ssh worker0 if the key works
[root@helper ~]# ssh worker0
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@helper ~]#
It works when I do ssh -i mykey core@worker0
from ocp4-helpernode.
christianh814
commented on June 9, 2024
But I provided my public key in the install-config.yaml and the helper_rsa is not my private key
Did I miss a step?
I don't mind telling my users to do ssh worker0 if the key works[root@helper ~]# ssh worker0 Permission denied (publickey,gssapi-keyex,gssapi-with-mic). [root@helper ~]#It works when I do ssh -i mykey core@worker0
Look in ~/.ssh/config and all will be answered.
As @canit00 eluded, it defaults to use the key it auto generates https://github.com/RedHatOfficial/ocp4-helpernode/blob/master/tasks/generate_ssh_keys.yaml#L1-L23
If you look at the vars doc you'll see you can turn off creating an ssh-key by setting ssh_gen_key: false in your vars.yaml file.
from ocp4-helpernode.
bassplay3r
commented on June 9, 2024
Thanks for extra info, it's been a long day. I'll probably have to disable the feature. I looked on the worker and all of the authorized_keys files match the public key I provided. I tried renaming my private key file helper_rsa and giving it the same perms and that does not work.
You might want to add some more info after this line in the quickstart for those providing their own key to disable the keygen:
This playbook creates an sshkey for you; it's under ~/.ssh/helper_rsa. You can use this key or create/user another one if you wish.
from ocp4-helpernode.
christianh814
commented on June 9, 2024
Thanks for extra info, it's been a long day. I'll probably have to disable the feature. I looked on the worker and all of the authorized_keys files match the public key I provided. I tried renaming my private key file helper_rsa and giving it the same perms and that does not work.
You might want to add some more info after this line in the quickstart for those providing their own key to disable the keygen:
This playbook creates an sshkey for you; it's under ~/.ssh/helper_rsa. You can use this key or create/user another one if you wish.
Good idea. Added a note on commit 1058934
This will make it's way into master next release (sometime next week)
from ocp4-helpernode.
Related Issues (20)
- Bootstrap not turning red and worker0 get Internal Server Error HOT 6
- ansible-playbook failure in validate_host_names.yaml HOT 9
- Ansible Version Check HOT 6
- "Baremetal" VAR not documented HOT 1
- Update Documentation to say "Control Plane" HOT 1
- Improve validate_host_names.yaml
- Automated Testing HOT 2
- Use GitHub Pages for Docs
- Bootstrap and install with only some nodes booted HOT 1
- [RFE] Use Fedora CoreOS instead of CentOS/RHEL
- [RFE] Use OC Mirror
- How do I set search domains in /etc/resolv.conf, when using static IPs in kernel parameters HOT 2
- re-consider disk partitioning.
- Build include private registry follows error in bootstrap "x509: certificate signed by unknown authority" HOT 1
- How can the ansible playbook helpernode be used to set up one helper node for 3 clusters. HOT 1
- Need RHEL9/CentOS9 support HOT 2
- Add configuration for bonds on interfaces HOT 1
- Is helpernode ready for rhel9? HOT 2
- Slightly confusing mix of root user but "$" shell prompt
- tasks/set_facts_.yaml has what is now incorrect use of {{ }} syntax, prevents successful run HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocp4-helpernode.