From: Zac Dover Date: Fri, 17 Apr 2020 04:12:37 +0000 (+1000) Subject: Add troubleshooting guidance for ssh connection failures. X-Git-Tag: v16.1.0~2555^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c4765afb81489b1df71d87be32c566ed55d29a28;p=ceph.git Add troubleshooting guidance for ssh connection failures. For more thorough information about this commit, see: https://tracker.ceph.com/issues/44905 Signed-off-by: Zac Dover Update doc/cephadm/troubleshooting.rst Co-Authored-By: Michael Fritch ibid Signed-off-by: Zac Dover Update doc/cephadm/troubleshooting.rst Co-Authored-By: Sebastian Wagner Update doc/cephadm/troubleshooting.rst Co-Authored-By: Sebastian Wagner Added mgfritch's suggestion regarding checking to see if the public key is listed in the authorized_keys file. Signed-off-by: Zac Dover --- diff --git a/doc/cephadm/troubleshooting.rst b/doc/cephadm/troubleshooting.rst index 93f42025f7fb..da4f55317b62 100644 --- a/doc/cephadm/troubleshooting.rst +++ b/doc/cephadm/troubleshooting.rst @@ -102,3 +102,49 @@ Manually running containers Cephadm writes small wrappers that run a containers. Refer to ``/var/lib/ceph///unit.run`` for the container execution command. + + +ssh errors +---------- + +Error message:: + + xxxxxx.gateway_bootstrap.HostNotFound: -F /tmp/cephadm-conf-kbqvkrkw root@10.10.1.2 + raise OrchestratorError('Failed to connect to %s (%s). Check that the host is reachable and accepts connections using the cephadm SSH key' % (host, addr)) from + orchestrator._interface.OrchestratorError: Failed to connect to 10.10.1.2 (10.10.1.2). Check that the host is reachable and accepts connections using the cephadm SSH key + +Things users can do: + +1. Ensure cephadm has an SSH identity key:: + + [root@mon1~]# cephadm shell -- ceph config-key get mgr/cephadm/ssh_identity_key > key + INFO:cephadm:Inferring fsid f8edc08a-7f17-11ea-8707-000c2915dd98 + INFO:cephadm:Using recent ceph image docker.io/ceph/ceph:v15 obtained 'mgr/cephadm/ssh_identity_key' + [root@mon1 ~] # chmod 0600 key + + If this fails, cephadm doesn't have a key. Fix this by running the following command:: + + [root@mon1 ~]# cephadm shell -- ceph cephadm generate-ssh-key + + or:: + + [root@mon1 ~]# cat key | cephadm shell -- ceph cephadm set-ssk-key -i - + +2. Ensure that the ssh config is correct:: + + [root@mon1 ~]# cephadm shell -- ceph cephadm get-ssh-config > config + +3. Verify that we can connect to the host:: + + [root@mon1 ~]# ssh -F config -i key root@mon1 + +4. There is a limitation right now: the ssh user is always `root`. + + + +Verifying that the Public Key is Listed in the authorized_keys file +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +To verify that the public key is in the authorized_keys file, run the following commands:: + + [root@mon1 ~]# cephadm shell -- ceph config-key get mgr/cephadm/ssh_identity_pub > key.pub + [root@mon1 ~]# grep "`cat key.pub`" /root/.ssh/authorized_keys