I have the following cluster.yml file:
nodes:
- address: 172.16.20.22
user: rke
role:
- controlplane
- etcd
- worker
When executing rke up
, I get the following error:
INFO[0000] Building Kubernetes cluster
INFO[0000] [dialer] Setup tunnel for host [172.16.20.22]
WARN[0000] Failed to set up SSH tunneling for host [172.16.20.22]: Can't retrieve Docker Info: error during connect: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.24/info: Unable to access node with address [172.16.20.22:22] using SSH. Please check if you are able to SSH to the node using the specified SSH Private Key and if you have configured the correct SSH username. Error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
WARN[0000] Removing host [172.16.20.22] from node lists
FATA[0000] Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s) [172.16.20.22]
I'm unsure of why the SSH tunneling isn't working since I have port 22 open on my machine. I also have port 80 open on my machine for http traffic, which can be seen in the firewalld output:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh dhcpv6-client http
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Does anyone know why my cluster.yml configuration won't work as intended? I have confirmed that both my rke user and root user have SSH keys that work via SSH, but I'm not sure if I need to add them to my config file or how that works.
Best Answer
What kind of SSH authentication are you using? It seems that your SSH server only accepts SSH keys. This is fine, if rke has a valid key which need to be specificed in the configuration (either global or on a per node basis):
If the key is already specified and only missing in the configuration you posted here, please check if the key is working. There are a few things to keep in mind when working with SSH keys. Most important are corect permission (600 on private key). To check this, simply connect as the same user as you ran rke and try
This should work or you'll get more detailed error information. If it works, try executing
docker ps
. I had a similar error when the user isn't a member of thedocker
group. In this case, it doesn't have enough permission to connect via Docker socket.