cadd25e9bc
Import the following documents from the admin guide [1]: - cli-manage-flavors.rst - cli-nova-evacuate.rst - cli-nova-manage-projects-security.rst - cli-nova-manage-services.rst - cli-nova-numa-libvirt.rst - cli-nova-specify-host.rst - cli-set-quotas.rst - cli-set-compute-quotas.rst - cli-os-migrate.rst - cli-os-migrate-cfg-ssh.rst - ts-no-emulator-x86-64.rst - ts-multipath-warn.rst - ts-failed-connect-vol-FC-SAN.rst - ts-failed-attach-vol-no-sysfsutils.rst - ts-failed-attach-vol-after-detach.rst - ts-vol-attach-miss-sg-scan.rst These were missed in the original import [2]. All 'ts-' files are merged into a single 'support-compute' document, which is already in-tree. [1] https://github.com/openstack/openstack-manuals/tree/stable/ocata/doc/admin-guide/source [2] https://review.openstack.org/#/c/477497/ Change-Id: Ifa0039e270e54ea2fb58ab18ce6724e5e8e061a1 Closes-Bug: #1708666
78 lines
2.1 KiB
ReStructuredText
78 lines
2.1 KiB
ReStructuredText
.. _cli-os-migrate-cfg-ssh:
|
|
|
|
===================================
|
|
Configure SSH between compute nodes
|
|
===================================
|
|
|
|
.. todo::
|
|
|
|
Consider merging this into a larger "live-migration" document or to the
|
|
installation guide
|
|
|
|
If you are resizing or migrating an instance between hypervisors, you might
|
|
encounter an SSH (Permission denied) error. Ensure that each node is configured
|
|
with SSH key authentication so that the Compute service can use SSH to move
|
|
disks to other nodes.
|
|
|
|
To share a key pair between compute nodes, complete the following steps:
|
|
|
|
#. On the first node, obtain a key pair (public key and private key). Use the
|
|
root key that is in the ``/root/.ssh/id_rsa`` and ``/root/.ssh/id_ras.pub``
|
|
directories or generate a new key pair.
|
|
|
|
#. Run :command:`setenforce 0` to put SELinux into permissive mode.
|
|
|
|
#. Enable login abilities for the nova user:
|
|
|
|
.. code-block:: console
|
|
|
|
# usermod -s /bin/bash nova
|
|
|
|
Switch to the nova account.
|
|
|
|
.. code-block:: console
|
|
|
|
# su nova
|
|
|
|
#. As root, create the folder that is needed by SSH and place the private key
|
|
that you obtained in step 1 into this folder:
|
|
|
|
.. code-block:: console
|
|
|
|
mkdir -p /var/lib/nova/.ssh
|
|
cp <private key> /var/lib/nova/.ssh/id_rsa
|
|
echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config
|
|
chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys
|
|
|
|
#. Repeat steps 2-4 on each node.
|
|
|
|
.. note::
|
|
|
|
The nodes must share the same key pair, so do not generate a new key pair
|
|
for any subsequent nodes.
|
|
|
|
#. From the first node, where you created the SSH key, run:
|
|
|
|
.. code-block:: console
|
|
|
|
ssh-copy-id -i <pub key> nova@remote-host
|
|
|
|
This command installs your public key in a remote machine's
|
|
``authorized_keys`` folder.
|
|
|
|
#. Ensure that the nova user can now log in to each node without using a
|
|
password:
|
|
|
|
.. code-block:: console
|
|
|
|
# su nova
|
|
$ ssh *computeNodeAddress*
|
|
$ exit
|
|
|
|
#. As root on each node, restart both libvirt and the Compute services:
|
|
|
|
.. code-block:: console
|
|
|
|
# systemctl restart libvirtd.service
|
|
# systemctl restart openstack-nova-compute.service
|