Issue with clusterkey when using memsql-deploy setup-cluster


#1

Hi,

If clusterkey does not have a passphrase, following works without issues.
#memsql-deploy setup-cluster -y -i /home/mdc/clusterkey --license AAAABBBCCC== --hosts-file /home/jivora/hosts.ini --password secure_password --high-availability=false

If I put a passphrase for the clusterkey, same command fails with following.

Starting rollback
✓ Unregistered hosts
✓ Rollback succeeded
SSH Master process failed to start:
Error: error running command: "/usr/bin/ssh" "-oControlMaster=yes" "-oControlPath=/run/user/1000/memsql-toolbox077400217/1.socket" "-N" "-oStrictHostKeyChecking=no" "-oUserKnownHostsFile=/dev/null" "-oServerAliveInterval=60" "-oServerAliveCountMax=5" "-oBatchMode=yes" "-oUser=jivora" "-oIdentityFile=/home/jivora/clusterkey" "memsqlserver": exit status 255
Stdout:
Stderr: Warning: Permanently added ‘memsqlserver,10.0.0.12’ (ECDSA) to the list of known hosts.
jivora@memsqlserver: Permission denied (publickey).

Is there any issue with using clusterkey with passphrase? Am I missing something?

Thanks.


#3

Try running ssh-add clusterkey to store the key in your authentication agent. This will prompt for your passphrase, and then clusterkey will be usable without needing a passphrase.


#4

I’m revisiting this to expand on what I believe the problem to be and discuss the alternative solutions.

Like all tools in the memsql-toolbox package, memsql-deploy supports using whatever SSH configuration you normally use to connect to all of your hosts. In general, if ssh 198.51.100.2 works to get you into 198.51.100.2, then the tools will be able to connect to that host. For convenience, some common patterns are given dedicated support in the command-line, such as using a specific identity file (the -i flag).

When connecting to a remote host, memsql-deploy will normally allow you to perform interactive authentication, such as entering the passphrase for the SSH key. But using the -y flag (short for --yes) tells memsql-deploy to confirm all prompts and enter non-interactive mode. This prevents it from being able to show the passphrase prompt, so the authentication attempt fails.

There are two possible solutions to this:

  1. Register clusterkey in an ssh-agent using ssh-add clusterkey so that memsql-deploy will not need to prompt for the passphrase.
  2. Remove the -y flag from the memsql-deploy setup-cluster command so that memsql-deploy can show the interactive authentication prompts. This will result in a passphrase prompt for each host that it needs to connect to.