Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

get-credentials fails due to openssh issue

See original GitHub issue

Environment summary

Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build)

pip install azure-cli==2.0.16

CLI version (az --version)

(venv2) ~ az --version
azure-cli (2.0.16)

acr (2.0.13)
acs (2.0.16)
appservice (0.1.18)
batch (3.1.5)
billing (0.1.5)
cdn (0.0.9)
cloud (2.0.8)
cognitiveservices (0.1.8)
command-modules-nspkg (2.0.1)
component (2.0.7)
configure (2.0.11)
consumption (0.1.5)
container (0.1.11)
core (2.0.18)
cosmosdb (0.1.13)
dla (0.0.12)
dls (0.0.15)
eventgrid (0.1.4)
feedback (2.0.6)
find (0.2.7)
interactive (0.3.10)
iot (0.1.12)
keyvault (2.0.12)
lab (0.0.11)
monitor (0.0.10)
network (2.0.16)
nspkg (3.0.1)
profile (2.0.14)
rdbms (0.0.7)
redis (0.2.9)
resource (2.0.16)
role (2.0.13)
servicefabric (0.0.4)
sf (1.0.8)
sql (2.0.13)
storage (2.0.17)
vm (2.0.16)

Python location '/home/rhim/venv2/bin/python'
Extensions directory '/home/rhim/.azure/cliextensions'

Python (Linux) 2.7.12 (default, Nov 19 2016, 06:48:10)
[GCC 5.4.0 20160609]

OS version

Windows 10

Shell Type (e.g. bash, cmd.exe, Bash on Windows)

Bash on Windows

I am trying to set az tools inside a python virtual environment. Here are the steps I took:

~ virtualenv venv2
~ source venv2/bin/activate
(venv2) ~ pip install azure-cli==2.0.16

The installation seems to succeed (I had to install build-essentials and python-dev packages in order for some utils to be compiled).

I can see the clusters.

(venv2) ~ az acs list
[
  {
    "agentPoolProfiles": [
      {
        "count": 3,
        "dnsPrefix": "test-k8sagent",
        "fqdn": "",
        "name": "agentpool0",
        "vmSize": "Standard_D2_v2"
      }
    ],
    "customProfile": null,
    "diagnosticsProfile": {
      "vmDiagnostics": {
        "enabled": false,
        "storageUri": null
      }
    },
    "id": "/subscriptions/418f9673-5bfb-4756-8f0a-6b85756e8d3e/resourceGroups/K8S/providers/Microsoft.ContainerService/containerServices/test-k8s",
    "linuxProfile": {
      "adminUsername": "azureuser",
      "ssh": {
        "publicKeys": [
          {
            "keyData": "ssh-rsa ... rhim@RHIM1\n"
          }
        ]
      }
    },
    "location": "southcentralus",
    "masterProfile": {
      "count": 1,
      "dnsPrefix": "test-k8smgmt",
      "fqdn": "test-k8smgmt.southcentralus.cloudapp.azure.com"
    },
    "name": "test-k8s",
    "orchestratorProfile": {
      "orchestratorType": "Kubernetes"
    },
    "provisioningState": "Succeeded",
    "resourceGroup": "K8S",
    "servicePrincipalProfile": {
      "clientId": "d9f0e833-b27f-454f-ad38-f4843f9b8969",
      "secret": null
    },
    "tags": null,
    "type": "Microsoft.ContainerService/ContainerServices",
    "windowsProfile": null
  }
]

However, when I try to run get-credentials in order to use kubectl, it fails as follows:

(venv2) ~ az acs kubernetes get-credentials -n "test-k8s" -g "k8s"

/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: cannot enable executable stack as shared object requires: Invalid argument
Traceback (most recent call last):
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/main.py", line 36, in main
    cmd_result = APPLICATION.execute(args)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/application.py", line 212, in execute
    result = expanded_arg.func(params)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 377, in __call__
    return self.handler(*args, **kwargs)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 620, in _execute_command
    reraise(*sys.exc_info())
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/core/commands/__init__.py", line 602, in _execute_command
    result = op(client, **kwargs) if client else op(**kwargs)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 814, in k8s_get_credentials
    _k8s_get_credentials_internal(name, acs_info, path, ssh_key_file)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/custom.py", line 835, in _k8s_get_credentials_internal
    '.kube/config', path_candidate, key_filename=ssh_key_file)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 57, in secure_copy
    keys = _load_keys(key_filename, allow_agent)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 36, in _load_keys
    key = _load_key(key_filename)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/azure/cli/command_modules/acs/acs_client.py", line 23, in _load_key
    pkey = paramiko.RSAKey.from_private_key_file(key_filename, None)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/pkey.py", line 206, in from_private_key_file
    key = cls(filename=filename, password=password)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/rsakey.py", line 48, in __init__
    self._from_private_key_file(filename, password)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/rsakey.py", line 170, in _from_private_key_file
    self._decode_key(data)
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/paramiko/rsakey.py", line 179, in _decode_key
    data, password=None, backend=default_backend()
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/backends/__init__.py", line 15, in default_backend
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/__init__.py", line 7, in <module>
    from cryptography.hazmat.backends.openssl.backend import backend
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 54, in <module>
    from cryptography.hazmat.bindings.openssl import binding
  File "/home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
    from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /home/rhim/venv2/local/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: cannot enable executable stack as shared object requires: Invalid argument

I was running into a different kind issue (https://github.com/Azure/azure-cli/issues/4679) when I was trying to install directly using apt-get.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

2reactions
derekbekoecommented, Oct 18, 2017

@rajhimanshu See my related issue here. https://github.com/Microsoft/BashOnWindows/issues/2431

Your issue may be resolved by installing pip install cryptography==2.0

0reactions
derekbekoecommented, Oct 20, 2017
Read more comments on GitHub >

github_iconTop Results From Across the Web

get-credentials fails when using a custom SSH key #2736
Following the tutorial here using a custom SSH key. The deployment succeeds but I am unable to authenticate to Kubernetes: ...
Read more >
pam_krb5 does not get credentials when using ssh
it says nothing from session pam_krb5. if I change pam_krb5 (in session) from optional to required, the login fails alltogether over ssh. Thanks...
Read more >
Powershell SSH credentials - Stack Overflow
I have this script for automation execute command on multiple machines but appear one problem when I try to force user to enter...
Read more >
Troubleshoot errors with credentials when connecting ... - AWS
I'm receiving "imported-openssh-key" or "Putty Fatal Error" errors when connecting to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance. How can I...
Read more >
209415 – Cannot connect to remote host over ssh
The remote host is Fedora 16 with openssh running on VmWare 8.0.2. ... should communicate Kerberos server to get credentials, but fails to ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

az acr login failed

Next page

az acs kubernetes get-credentials fails in azure-cli-acs 2.0.17