GCP 引导失败与验证错误 '公共密钥是无效的'
9247
Created On 07/12/20 05:35 AM - Last Modified 03/26/21 18:29 PM
Symptom
- VM-GCP由于验证错误和提交失败,系列引导失败。
- 部署使用 Terraform 脚本完成。
- 在引导.xml中,此公钥在任何地方都未配置。
- 与错误相关的验证错误 :"公钥无效"
提交错误:
Warnings: Details:Validation Error: mgt-config -> users -> admin -> public-key 'ZWNkc2Etc2hhMi1uaXN0cDI1NiBBQUFBRTJW...' is invalid. Invalid public key format mgt-config -> users -> admin -> public-key is invalid Commit failed
mp/毫秒.log
Error: pan_schema_verify_node_constraints(pan_schema_types.c:472): 'ZWNkc2Etc2hhMi1uaXN0cDI1NiBBQUFBRTJWalpIT...' Error: _pan_schema_verify_node(pan_schema_obj.c:6399): is invalid , node: public-key near line 12 Error: pan_cfg_verify_ex(pan_cfg_commit_handler.c:2324): invalid configuration. Schema verification failed.
Environment
- 平台: VM- 系列 GCP
- PAN-OS /插件版本:任何
- 部署:新使用地形
Cause
用于部署系列上的 Terraform 脚本 VM- GCP 配置为在"资源""google_compute_instance""main.tf 文件中的块 firewall "下使用公钥身份验证:
// Adding METADATA Key Value pairs to VM-Series metadata { // init-config.txt will perform interface swap of VM-series on bootstrap vmseries-bootstrap-gce-storagebucket = "${var.fw-bootstrap-bucket}" serial-port-enable = true sshKeys = "${var.pan-public-key}" }
Resolution
- 更改 用于 部署防火墙main.tf地形脚本。
- 在 VM- "资源""google_compute_instance" firewall 资源
- 脚本应采用与下文类似的格式:
// Adding METADATA Key Value pairs to VM-Series metadata { // init-config.txt will perform interface swap of VM-series on bootstrap vmseries-bootstrap-gce-storagebucket = "${var.fw-bootstrap-bucket}" serial-port-enable = true ssh-keys = "${var.pan-public-key}" }