Generating TKG workload cluster log bundles via kbsctl and CCLI asks for a password, however, no known password works.
2.1.x
Resolved in TCA 2.2.
The following procedure allows the TCA-CP SSH public keys to be copied to the cluster nodes and prevent the prompting of the node password during log collection using kbsctl or CCLI.
All steps are done from an SSH session on the TCA-CP.
1. SSH into the TCA-CP, switch user to root.
2. Download the attached sshpass binary to the /usr/bin directory in TCA-CP.
3. Change the binary permissions to make it executable using the chmod command:
# chmod 0755 /usr/bin/sshpass
4. Download the attached ssh-copy-id binary to the /usr/bin directory in TCA-CP.
5. Change the binary permissions to make it executable using the chmod command:
# chmod 0755 /usr/bin/ssh-copy-id
6. Download the attached copy_id.sh script to the /usr/bin directory in TCA-CP.
7. Make the script executable by using the chmod command:
# chmod 0755 /usr/bin/copy_id.sh
8. Create a file named node_info to be used as an argument by the copy_id.sh script which includes the Node IP addresses and/or passwords. Create this file in the /usr/bin/ directory of the TCA-CP using one of the following formats. Users can decide which format they want to use for running the script.
Use this format if all the cluster nodes have the same password.
File format sample:
x.x.x.x
y.y.y.y
z.z.z.z
...
Set the "SSHPASS" environment variable using the export command and the script will use the node password to copy the public key to the cluster node.
# export SSHPASS=<username>\<some_password> // Note : use '\' before a special character in the password
# echo $SSHPASS
<some_password>
If the nodes do not have the same password, then the script will prompt the user to enter a password before copying the key to the node.
The script provides up to 3 retries to enter the correct password. After 3 incorrect retries, the copy will fail and move on to the next node.
In this file format the user can also provide the node password along with the node IP address separated by a space as shown below. This will not prompt the user to enter the password while copying the keys.
x.x.x.x password1
y.y.y.y password2
z.z.z.z password3
....
9. The copy_id.sh script uses the file created above as an argument during its execution from the TCA-CP command.
The user can check the script usage before running by running the script with -h argument as shown below.
# ./copy_id.sh -h
10. When ready to run the script, switch user to root.
11. Run the script as shown below.
#./copy_id.sh input.txt ^C
Make note of any failed or skipped nodes so you can re-run the script.
12. To confirm that public key has been copied, SSH into the cluster node from the TCA-CP. There should not be a prompt for a password.
13. Update the node_info file by removing the nodes that were successful and leave only the failed nodes. Re-run the script with the updated node info for the failed node IP addresses.