Azure-cli: get-credentials: AuthenticationException: Authentication failed.
after successful run of az group deployment create for kubernetes arm from acs-engine, I try
az acs kubernetes get-credentials --dns-prefix=bits-m --location=westus
and get
ERROR: Authentication failed.
Traceback (most recent call last):
File "/opt/az/local/lib/python2.7/site-packages/azure/cli/main.py", line 34, in main
cmd_result = APPLICATION.execute(args)
File "/opt/az/local/lib/python2.7/site-packages/azure/cli/core/application.py", line 139, in execute
result = expanded_arg.func(params)
File "/opt/az/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 275, in _execute_command
result = op(client, **kwargs) if client else op(**kwargs)
File "/opt/az/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 477, in k8s_get_credentials
'.kube/config', path_candidate)
File "/opt/az/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 21, in SecureCopy
ssh.connect(host, username=user, key_filename=os.path.join(home, '.ssh', 'id_rsa'))
File "/opt/az/local/lib/python2.7/site-packages/paramiko/client.py", line 380, in connect
look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
File "/opt/az/local/lib/python2.7/site-packages/paramiko/client.py", line 622, in _auth
raise saved_exception
AuthenticationException: Authentication failed.
azure-cli (0.1.0b11)
cli version
azure-cli (0.1.0b11)
acr (0.1.0b11)
acs (0.1.0b11)
appservice (0.1.0b11)
cloud (0.1.0b11)
component (0.1.0b11)
configure (0.1.0b11)
container (0.1.0b11)
context (0.1.0b11)
core (0.1.0b11)
feedback (0.1.0b11)
network (0.1.0b11)
nspkg (0.1.0b11)
profile (0.1.0b11)
resource (0.1.0b11)
role (0.1.0b11)
storage (0.1.0b11)
vm (0.1.0b11)
Python (Linux) 2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609]
navicore
All 6 comments
I re-ran and get-credentials worked fine once I provisioned the kubernetes cluster with the same admin name and ssh pub key as the user I later ran the get-credentials from.
I think maybe we need some options on get-credentials to point to a name and ssh key.
Happy to make this as closed if that's the expected behavior for now.
navicore
on 22 Dec 2016
FYI - if you used anything other than /root/.ssh/id_rsa for your SSH key to provision the cluster, then it will not properly authorize to get the credentials. The solution is to add the --ssh-key-file parameter with the path to the SSH key used to provision the cluster. This is enabled in az cli equal or greater to:
azure-cli (0.1.1b2+dev)
acs (0.1.1b1+dev)
dtzar
on 26 Jan 2017
Encountered this also while trying to pull the cluster credentials on our CI server.
It would be really useful to have an option to specify the key path inside of get-credentials, rather than temporarily replacing ~/.ssh/id_rsa
devonbarrett
on 30 Jan 2017
@devonbarrett Unless I'm missing something with your request - as I mentioned above, there is a way to do this with the --ssh-key-file parameter.
dtzar
on 30 Jan 2017
@dtzar Ah thanks, somehow missed your previous comment!
devonbarrett
on 31 Jan 2017
cli is ignoring the --ssh-key-file ...
gyurobenjamin
on 27 Apr 2018
Related issues
idkjs
路
3Comments
cicorias
路
3Comments
oakeyc
路
3Comments
seanknox
路
3Comments
PrHar
路
3Comments
Most helpful comment
FYI - if you used anything other than /root/.ssh/id_rsa for your SSH key to provision the cluster, then it will not properly authorize to get the credentials. The solution is to add the
--ssh-key-fileparameter with the path to the SSH key used to provision the cluster. This is enabled in az cli equal or greater to:azure-cli (0.1.1b2+dev)
acs (0.1.1b1+dev)