From f8b5e6179cc38322f14b697bbc142ec5ab12c561 Mon Sep 17 00:00:00 2001 From: Chen Date: Wed, 8 Aug 2018 19:17:08 +0800 Subject: [PATCH] Update ssh configuration doc The main idea of this update is to make the configuration process easier to read and follow. Change-Id: I73cf811415900eaf99673de16f83ea7c9da16045 (cherry picked from commit d12449a91bb1d9286bbead86f64fa00a4d9bbde3) --- doc/source/admin/ssh-configuration.rst | 32 ++++++++++++-------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/doc/source/admin/ssh-configuration.rst b/doc/source/admin/ssh-configuration.rst index f7e054fdc690..5adff1429246 100644 --- a/doc/source/admin/ssh-configuration.rst +++ b/doc/source/admin/ssh-configuration.rst @@ -6,7 +6,7 @@ Configure SSH between compute nodes .. todo:: - Consider merging this into a larger "live-migration" document or to the + Consider merging this into a larger "migration" document or to the installation guide If you are resizing or migrating an instance between hypervisors, you might @@ -14,6 +14,12 @@ encounter an SSH (Permission denied) error. Ensure that each node is configured with SSH key authentication so that the Compute service can use SSH to move disks to other nodes. +.. note:: + + It is not necessary that all the compute nodes share the same key pair. + However for the ease of the configuration, this document only utilizes a + single key pair for communication between compute nodes. + To share a key pair between compute nodes, complete the following steps: #. On the first node, obtain a key pair (public key and private key). Use the @@ -28,14 +34,15 @@ To share a key pair between compute nodes, complete the following steps: # usermod -s /bin/bash nova - Switch to the nova account. + Ensure you can switch to the nova account: .. code-block:: console - # su nova + # su - nova #. As root, create the folder that is needed by SSH and place the private key - that you obtained in step 1 into this folder: + that you obtained in step 1 into this folder, and add the pub key to the + authorized_keys file: .. code-block:: console @@ -43,29 +50,20 @@ To share a key pair between compute nodes, complete the following steps: cp /var/lib/nova/.ssh/id_rsa echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys + echo >> /var/lib/nova/.ssh/authorized_keys -#. Repeat steps 2-4 on each node. - - .. note:: - - The nodes must share the same key pair, so do not generate a new key pair - for any subsequent nodes. - -#. From the first node, where you created the SSH key, run: +#. Copy the whole folder created in step 4 to the rest of the nodes: .. code-block:: console - ssh-copy-id -i nova@remote-host - - This command installs your public key in a remote machine's - ``authorized_keys`` folder. + # scp -r /var/lib/nova/.ssh remote-host:/var/lib/nova/ #. Ensure that the nova user can now log in to each node without using a password: .. code-block:: console - # su nova + # su - nova $ ssh *computeNodeAddress* $ exit