This repository has been archived by the owner on Sep 23, 2020. It is now read-only.
/
ssh-setup.html
116 lines (94 loc) · 3.34 KB
/
ssh-setup.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
m4_include(/mcs/m4/worksp.lib.m4)
_NIMBUS_HEADER(2.10 Zero To Cloud Guide)
_NIMBUS_HEADER2(n,n,y,n,n,n,n)
_NIMBUS_LEFT2_COLUMN
_NIMBUS_LEFT2_Z2C_SIDEBAR(y)
_NIMBUS_LEFT2_COLUMN_END
_NIMBUS_CENTER2_COLUMN
_NIMBUS_IS_DEPRECATED
<h2>SSH Setup</h2>
<p>
On this page, you will configure SSH on your cluster so that the
Nimbus components can properly and securely communicate.
</p>
<h3>SSH</h3>
<p>
The Nimbus service and VMM nodes communicate via SSH, so you must set up
password-less SSH keys. At this point you should have two nodes set up, each with a privileged
account (probably, but not necessary called <tt class="literal">nimbus</tt>).
You need to allow the service node account to SSH to the VMM, and vice versa.
</p>
<p>
There are several ways to set this up, but the easiest way is to generate keys
on each node and append the public keys to each others
<tt class="literal">~/.ssh/authorized_keys</tt> files. For example:
</p>
<p>Generate an SSH keypair on the service node, taking care to NOT specify a password.</p>
<pre class="panel">
nimbus@service $ ssh-keygen
</pre>
<p>Copy the generated public key to the VMM node and then login there directly</p>
<pre class="panel">
nimbus@service $ scp ~/.ssh/id_rsa.pub nimbus@vmm1:service_rsa.pub
</pre>
<pre class="panel">
nimbus@service $ ssh nimbus@vmm1
</pre>
<p>Append the service node's key to the <tt class="literal">authorized_keys</tt> file</p>
<pre class="panel">
nimbus@vmm1 $ cat service_rsa.pub >> .ssh/authorized_keys
</pre>
<p>Now generate a key pair for the VMM node itself and exit back to the service node</p>
<pre class="panel">
nimbus@vmm1 $ ssh-keygen
</pre>
<pre class="panel">
nimbus@vmm1 $ exit
</pre>
<p>Fetch the VMM's public key and authorize it (you should not be
prompted for a password during the scp transfer).</p>
<pre class="panel">
nimbus@service $ scp nimbus@vmm1:~/.ssh/id_rsa.pub ./vmm1_rsa.pub
</pre>
<pre class="panel">
nimbus@service $ cat ./vmm1_rsa.pub >> .ssh/authorized_keys
</pre>
<p>
You should now be able to freely SSH between the service and VMM nodes.
Note that as you add more VMMs in the future, you will need to ensure
that SSH works in the same way for each.
</p>
<h3>Autoconfig</h3>
<p>
Nimbus includes a configuration program that checks for a properly functioning
SSH setup and configures your first VMM node into the service. The script
is interactive and will go through a series of questions and tests before
it makes any changes. If you make a mistake, just hit Ctrl-C and start
over.
</p>
<div class="note">
In order to add the VMM node, this tool needs the Nimbus service to be running.
If it is not, you will be given a command to run later once you start the service.
</div>
<pre class="panel">
$ cd $NIMBUS_HOME
</pre>
<pre class="panel">
$ ./bin/nimbus-configure --autoconfig
</pre>
<p>
Afterwards, restart the Nimbus services in order for changes to take effect.
</p>
<pre class="panel">
$ $NIMBUS_HOME/bin/nimbusctl services restart
</pre>
<p>
The last thing the autoconfig script does is disable fake mode on the service.
Which means that you are ready for a real test, using the cloud client to
launch a real virtual machine! Proceed to the next page,
<a href="final-tests.html">Final Tests</a>.
</p>
_NIMBUS_CENTER2_COLUMN_END
_NIMBUS_FOOTER1
_NIMBUS_FOOTER2
_NIMBUS_FOOTER3