d12449a91b
The main idea of this update is to make the configuration process easier to read and follow. Change-Id: I73cf811415900eaf99673de16f83ea7c9da16045
2.3 KiB
Configure SSH between compute nodes
Consider merging this into a larger "migration" document or to the installation guide
If you are resizing or migrating an instance between hypervisors, you might encounter an SSH (Permission denied) error. Ensure that each node is configured with SSH key authentication so that the Compute service can use SSH to move disks to other nodes.
Note
It is not necessary that all the compute nodes share the same key pair. However for the ease of the configuration, this document only utilizes a single key pair for communication between compute nodes.
To share a key pair between compute nodes, complete the following steps:
On the first node, obtain a key pair (public key and private key). Use the root key that is in the
/root/.ssh/id_rsaand/root/.ssh/id_rsa.pubdirectories or generate a new key pair.Run
setenforce 0to put SELinux into permissive mode.Enable login abilities for the nova user:
# usermod -s /bin/bash novaEnsure you can switch to the nova account:
# su - novaAs root, create the folder that is needed by SSH and place the private key that you obtained in step 1 into this folder, and add the pub key to the authorized_keys file:
mkdir -p /var/lib/nova/.ssh cp <private key> /var/lib/nova/.ssh/id_rsa echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys echo <pub key> >> /var/lib/nova/.ssh/authorized_keysCopy the whole folder created in step 4 to the rest of the nodes:
# scp -r /var/lib/nova/.ssh remote-host:/var/lib/nova/Ensure that the nova user can now log in to each node without using a password:
# su - nova $ ssh *computeNodeAddress* $ exitAs root on each node, restart both libvirt and the Compute services:
# systemctl restart libvirtd.service # systemctl restart openstack-nova-compute.service