Bug 1791375 - installer gather bootstrap displays misleading error about private keys when connect: operation timed out
Summary: installer gather bootstrap displays misleading error about private keys when ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.4.0
Assignee: Jeremiah Stuever
QA Contact: wang lin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-01-15 16:52 UTC by Clayton Coleman
Modified: 2020-05-04 11:25 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-05-04 11:24:44 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift installer pull 3103 None closed Bug 1791375: gather: only show ssh-agent error when auth failed 2020-09-10 07:18:07 UTC
Red Hat Product Errata RHBA-2020:0581 None None None 2020-05-04 11:25:16 UTC

Description Clayton Coleman 2020-01-15 16:52:32 UTC
1. Ran an install that failed
2. SSH gather from bootstrap failed with:

ERROR Attempted to gather debug logs after installation failure: failed to create SSH client, ensure the proper ssh key is in your keyring or specify with --key: dial tcp 10.0.0.7:22: connect: operation timed out

3. I have an SSH key in .pem combined format (pub + private key), but installer appeared to not read it.

I believe the installer method https://github.com/openshift/installer/blob/master/pkg/gather/ssh/ssh.go#L116 should also attempt to read PEM encoded private keys.

PEM encoded keys aren't totally uncommon, and most engineers / developers on the team use them, so it would increase team efficiency.

Comment 2 Abhinav Dahiya 2020-01-15 17:21:32 UTC
The currently seems more like a feature required than a bug. So it is better tracked in JIRA imo.

Comment 3 Scott Dodson 2020-02-03 18:47:29 UTC
It's not proper to add keys blindly to existing agents, we will only update the output on error to be more clear.

Comment 4 Jeremiah Stuever 2020-02-12 19:39:07 UTC
The following is the error seen when the ssh key is neither specified with --key or loaded into the keyring. It may be helpful to display the key specific error only when authentication failed, as opposed to a connection timeout as indicated in the original error above.

ERROR Attempted to gather debug logs after installation failure: failed to create SSH client, ensure the proper ssh key is in your keyring or specify with --key: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain

Comment 7 wang lin 2020-02-18 15:11:20 UTC
I want more information about how you reproduce the error " dial tcp 10.0.0.7:22: connect: operation timed out". 
if do I need disable 22 port of the some nodes' ingress rule? which node, or any other ways? Can you give me more detail?

Comment 8 wang lin 2020-02-20 09:22:09 UTC
It has fixed.
test payload:4.4.0-0.nightly-2020-02-18-211831

The log will contain "failed to create SSH client, ensure the proper ssh key is in your keyring or specify with --key" only when there is no key, otherwise,it won't contain this logs info.

Comment 9 Jeremiah Stuever 2020-02-25 16:35:32 UTC
Looks like you found a way to reproduce this. You can replicate an SSH 'operation timed out' by using a bootstrap IP of a non-existing host such as 192.168.2.1 in the following example:

openshift-install gather bootstrap --bootstrap 192.168.2.1 --master 192.168.2.1

Comment 11 errata-xmlrpc 2020-05-04 11:24:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581


Note You need to log in before you can comment on or make changes to this bug.