openstack/openstack-manuals
Code Issues Proposed changes
78bf013e03
openstack-manuals/doc/admin-guide/source/cli_nova_migrate_cfg_ssh.rst
Joseph Robinson 2ce5b11b1a [User Guides] Rename Admin-Guide-Cloud to Admin-Guide 
This patch changes the name of the Admin-Guide from the Cloud
Admin Guide to the Administrator guide. This affects the
filename in the repository, and references to cloud administrators
within the document texts.

1.) Changing instances of 'cloud administrator'
    to 'administrator'.

2.) Change links from '/admin-guide-cloud/' to
    '/admin-guide/' within the Admin Guide.

3.) Adjust .htaccess file.

Change-Id: I7f21a710e922981aa295afc0616de36fd819b523
Implements: blueprint user-guides-reorganised
2016-04-01 19:50:13 +09:00

2.0 KiB
Raw Blame History

Configure SSH between compute nodes

If you are resizing or migrating an instance between hypervisors, you might encounter an SSH (Permission denied) error. Ensure that each node is configured with SSH key authentication so that the Compute service can use SSH to move disks to other nodes.

To share a key pair between compute nodes, complete the following steps:

  1. On the first node, obtain a key pair (public key and private key). Use the root key that is in the /root/.ssh/id_rsa and /root/.ssh/id_ras.pub directories or generate a new key pair.

  2. Run setenforce 0 to put SELinux into permissive mode.

  3. Enable login abilities for the nova user:

    # usermod -s /bin/bash nova

    Switch to the nova account.

    # su nova

  4. As root, create the folder that is needed by SSH and place the private key that you obtained in step 1 into this folder:

    mkdir -p /var/lib/nova/.ssh
cp <private key>  /var/lib/nova/.ssh/id_rsa
echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config
chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys

  5. Repeat steps 2-4 on each node.

    Note

    The nodes must share the same key pair, so do not generate a new key pair for any subsequent nodes.

  6. From the first node, where you created the SSH key, run:

    ssh-copy-id -i <pub key> nova@remote-host

    This command installs your public key in a remote machine's authorized_keys folder.

  7. Ensure that the nova user can now log in to each node without using a password:

    # su nova
$ ssh *computeNodeAddress*
$ exit

  8. As root on each node, restart both libvirt and the Compute services:

    # systemctl restart libvirtd.service
# systemctl restart openstack-nova-compute.service