Change-Id: I40999b1eb923fc3796cbb6d982e03d39cdf8c720 Implements: blueprint consistency-file-rename
2.0 KiB
Configure SSH between compute nodes
If you are resizing or migrating an instance between hypervisors, you might encounter an SSH (Permission denied) error. Ensure that each node is configured with SSH key authentication so that the Compute service can use SSH to move disks to other nodes.
To share a key pair between compute nodes, complete the following steps:
On the first node, obtain a key pair (public key and private key). Use the root key that is in the
/root/.ssh/id_rsa
and/root/.ssh/id_ras.pub
directories or generate a new key pair.Run
setenforce 0
to put SELinux into permissive mode.Enable login abilities for the nova user:
# usermod -s /bin/bash nova
Switch to the nova account.
# su nova
As root, create the folder that is needed by SSH and place the private key that you obtained in step 1 into this folder:
mkdir -p /var/lib/nova/.ssh cp <private key> /var/lib/nova/.ssh/id_rsa echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys
Repeat steps 2-4 on each node.
Note
The nodes must share the same key pair, so do not generate a new key pair for any subsequent nodes.
From the first node, where you created the SSH key, run:
ssh-copy-id -i <pub key> nova@remote-host
This command installs your public key in a remote machine's
authorized_keys
folder.Ensure that the nova user can now log in to each node without using a password:
# su nova $ ssh *computeNodeAddress* $ exit
As root on each node, restart both libvirt and the Compute services:
# systemctl restart libvirtd.service # systemctl restart openstack-nova-compute.service