ironic 注入秘钥失败 & 169.254.169.254

grep authorized_keys  cloud-init*log

正常请况下

grep authorized_keys  cloud-init*log

[root@sysu--2 log]# grep centos cloud-init*log
2019-10-22 02:14:17,322 - __init__.py[INFO]: User centos already exists, skipping.
2019-10-22 02:14:17,323 - util.py[DEBUG]: Running command ['passwd', '-l', 'centos'] with allowed return codes [0] (shell=False, capture=True)
2019-10-22 02:14:17,355 - util.py[DEBUG]: Restoring selinux mode for /home/centos/.ssh (recursive=True)
2019-10-22 02:14:17,356 - util.py[DEBUG]: Reading from /home/centos/.ssh/authorized_keys (quiet=False)
2019-10-22 02:14:17,356 - util.py[DEBUG]: Read 0 bytes from /home/centos/.ssh/authorized_keys
2019-10-22 02:14:17,357 - util.py[DEBUG]: Restoring selinux mode for /home/centos/.ssh (recursive=False)
2019-10-22 02:14:17,357 - util.py[DEBUG]: Writing to /home/centos/.ssh/authorized_keys - wb: [600] 399 bytes
2019-10-22 02:14:17,357 - util.py[DEBUG]: Restoring selinux mode for /home/centos/.ssh/authorized_keys (recursive=False)
2019-10-22 02:14:17,358 - util.py[DEBUG]: Restoring selinux mode for /home/centos/.ssh/authorized_keys (recursive=False)
2019-10-22 02:14:17,358 - util.py[DEBUG]: Changing the ownership of /home/centos/.ssh/authorized_keys to 1000:1000
2019-10-22 02:14:17,358 - util.py[DEBUG]: Restoring selinux mode for /home/centos/.ssh (recursive=True)
2019-10-22 02:14:38,400 - util.py[DEBUG]: Restoring selinux mode for /home/centos/.ssh (recursive=True)
2019-10-22 02:14:38,401 - util.py[DEBUG]: Reading from /home/centos/.ssh/authorized_keys (quiet=False)
2019-10-22 02:14:38,401 - util.py[DEBUG]: Read 399 bytes from /home/centos/.ssh/authorized_keys

调试cloud init

[root@fenghuo log]#  rm -rf /var/lib/cloud/instance
[root@fenghuo log]# cloud-init init && cloud-init modules --mode config && cloud-init modules --mode final

 

#cloud-config
ssh_deletekeys: false
ssh_authorized_keys:
  - <ENTER YOUR PUBLIC KEY HERE>
cloud_final_modules:
  - [ssh, always]
Explanation for the parameters used above in the code:

- ssh_deletekeys: False --> Instructing cloud-init to not to delete the current ssh key for the default users

- ssh_authorized_keys --> Add the below ssh public key to the authorized_keys file

- cloud_final_modules --> The keyword "always" is instructing cloud-init to add the ssh key every time upon reboot.

I will provide you an example to understand it better:

#cloud-config
ssh_deletekeys: false
ssh_authorized_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB....
cloud_final_modules:
  - [ssh, always]

/usr/lib/python3.7/site-packages/cloudinit/config/cc_rsyslog.py:205: FutureWarning: Possible nested set at position 23
  r'^(?P<proto>[@]{0,2})'
2020-05-17 09:05:18,625 - util.py[WARNING]: Failed growpart --dry-run for (/dev/sda, 2)
Cloud-init v. 17.1 running 'modules:config' at Sun, 17 May 2020 09:05:19 +0000. Up 2210.05 seconds.
Cloud-init v. 17.1 running 'modules:final' at Sun, 17 May 2020 09:05:20 +0000. Up 2211.03 seconds.
ci-info: no authorized ssh keys fingerprints found for user openEuler.
Cloud-init v. 17.1 finished at Sun, 17 May 2020 09:05:20 +0000. Datasource DataSourceOpenStack [net,ver=2].  Up 2211.25 seconds
[root@fenghuo log]# 

169.254.169.254

[Unauthorized System] root@controller-17L-A41920U-165:~/ssh_key# ip netns exec  qrouter-21414d4f-592c-4c5d-aa1f-eae48fcfb4d3  bash

 ip netns exec  qrouter-21414d4f-592c-4c5d-aa1f-eae48fcfb4d3   bash

[Unauthorized System] root@controller-17L-A41920U-165:~/ssh_key# netstat -lpn
激活Internet连接 (仅服务器)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9697            0.0.0.0:*               LISTEN      21257/python    
活跃的UNIX域套接字 (仅服务器)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    路径

[Note] System unauthorized, Please contact the system supplier.

[Unauthorized System] root@controller-17L-A41920U-165:~/ssh_key# ps -f --pid 21257 | fold -s -w 82
UID        PID  PPID  C STIME TTY          TIME CMD
42435    21257 31543  0 2月28 ?       00:00:13 /usr/bin/python 
/usr/bin/neutron-ns-metadata-proxy 
--pid_file=/var/lib/neutron/external/pids/21414d4f-592c-4c5d-aa1f-eae48fcfb4d3.pid
 --metadata_proxy_socket=/var/lib/neutron/kolla/metadata_proxy 
--router_id=21414d4f-592c-4c5d-aa1f-eae48fcfb4d3 --state_path=/var/lib/neutron 
--metadata_port=9697 --metadata_proxy_user=42435 --metadata_proxy_group=42435 
--verbose 
--log-file=neutron-ns-metadata-proxy-21414d4f-592c-4c5d-aa1f-eae48fcfb4d3.log 
--log-dir=/var/log/kolla/neutron

nova show 原来是没有key