openstack-manuals/doc/admin-guide/source/cli-nova-migrate-cfg-ssh.rst
Anne Gentle 9843767b21 [admin-guide] Rename RST files to use hyphen instead of underbar
Change-Id: I40999b1eb923fc3796cbb6d982e03d39cdf8c720
Implements: blueprint consistency-file-rename
2016-08-06 09:51:57 -05:00

2.0 KiB

Configure SSH between compute nodes

If you are resizing or migrating an instance between hypervisors, you might encounter an SSH (Permission denied) error. Ensure that each node is configured with SSH key authentication so that the Compute service can use SSH to move disks to other nodes.

To share a key pair between compute nodes, complete the following steps:

  1. On the first node, obtain a key pair (public key and private key). Use the root key that is in the /root/.ssh/id_rsa and /root/.ssh/id_ras.pub directories or generate a new key pair.

  2. Run setenforce 0 to put SELinux into permissive mode.

  3. Enable login abilities for the nova user:

    # usermod -s /bin/bash nova

    Switch to the nova account.

    # su nova
  4. As root, create the folder that is needed by SSH and place the private key that you obtained in step 1 into this folder:

    mkdir -p /var/lib/nova/.ssh
    cp <private key>  /var/lib/nova/.ssh/id_rsa
    echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config
    chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys
  5. Repeat steps 2-4 on each node.

    Note

    The nodes must share the same key pair, so do not generate a new key pair for any subsequent nodes.

  6. From the first node, where you created the SSH key, run:

    ssh-copy-id -i <pub key> nova@remote-host

    This command installs your public key in a remote machine's authorized_keys folder.

  7. Ensure that the nova user can now log in to each node without using a password:

    # su nova
    $ ssh *computeNodeAddress*
    $ exit
  8. As root on each node, restart both libvirt and the Compute services:

    # systemctl restart libvirtd.service
    # systemctl restart openstack-nova-compute.service