Alex Schultz c6918e5da6 Migrate install to deploy-guide

The deployment guide is currently pointed at triplo-docs but it has been
requested that we actually publish a deployment guide. This change
extracts many of the installation doc pages and moves them into the
deploy-guide source tree.  Once the deploy-guide is published, we will
follow up to reference the deployment guide from tripleo-docs.

Change-Id: I0ebd26f014180a92c6cf4ab0929d99b2d860796f

2019-08-16 15:42:17 -06:00

1.4 KiB

Raw Blame History

Updating undercloud user's ssh key

In order to update the ssh key for the user on the undercloud, a few steps must be done to ensure you do not lock yourself out of the overcloud nodes. When the undercloud is installed, an ssh key is created and added to Nova running on the undercloud for provisioning the overcloud nodes. This key is uploaded into Nova as the default keypair. To view the keypair run:

source stackrc
openstack keypair list

Process to rotate ssh key

The process to rotate the user key is as follows:

Generate new key and do not replace the existing key. For example:
```
ssh-keygen -t rsa -N '' -f ~/new_ssh_key
```

Copy ssh key to all existing hosts for the heat-admin user:

for HOST in $(openstack server list -f value -c Networks | sed -e 's/ctlplane=//'); do
    ssh-copy-id -i ~/new_ssh_key heat-admin@$HOST
done

Update the Undercloud's Nova default keypair:

openstack keypair delete default
openstack keypair create --public-key ~/new_ssh_key.pub default

Backup old key and replace it with the new keys:

mkdir ~/.ssh/old_keys
mv ~/.ssh/id_rsa ~/.ssh/old_keys/id_rsa.backup-$(date +'%Y-%m-%d')
mv ~/.ssh/id_rsa.pub ~/.ssh/old_keys/id_rsa.pub.backup-$(date +'%Y-%m-%d')
mv ~/new_ssh_key ~/.ssh/id_rsa
mv ~/new_ssh_key.pub ~/.ssh/id_rsa.pub

Remove old key from the allowed hosts on the nodes.

1.4 KiB Raw Blame History

Updating undercloud user's ssh key

Process to rotate ssh key

1.4 KiB

Raw Blame History