SSH Setup
ConVirt uses ssh to read a bunch of configuration files, create VBDs, LVMs on the remote node. Basically all managed servers need to trust all client machines. (Yes, u can have more than one client machines). From client machine, ssh to managed server from the client machine using the account from which convirt would be started.
# ssh <managed server name>
This will prompt you to add the key to the known_hosts. Say yes. This will add the /etc/ssh_host_key.pub from the managed server to users $HOME/.ssh/known_hosts on client machine (Alternatively you can manually add it)
## Repeat above steps for each managed server.
If you want to use password based authentication, the you are done, you can skip the rest.
SSH Key Setup
For a small environment it may be OK to use password based authentication, but in a large setup we recommend using key based authentication for convenience and tractability.
Refer to SSH manuals and on line material for setting up key based trust and using ssh-agent. Here are couple of useful URL's
http://www.suso.org/docs/shell/ssh.sdf
http://www.linux.ie/articles/tutorials/ssh.php
Once the key setup is done, you need to do the following to use it.
1. Start the ssh-agent
For csh, eval 'ssh-agent -c'
For bash, eval 'ssh-agent -s'
Note: If you are getting the error-message "Could not open a connection to your authentication agent." at ssh-add then your session is not running under the ssh-agent. In this case try starting ssh-agent with:
exec ssh-agent bash
2. add the identity to the ssh agent.
ssh-add
3. Restart ConVirt from the same shell.
cd convirt ./convirt-ctl stop ./convirt-ctl start
Now ConVirt can use the agent authentication for server nodes.
4. When you add new servers, enable Use SSH keys option in the advanced section. While for existing server, select it, choose Edit option and enable Use SSH keys in the Advanced section.
Note: If you are using standard-key-names for convirt (~/.ssh/cms_id_rsa) the following line in /etc/rc.local can be used to start convirt automatically with enabled key-agent (insert above "exit 0"):
su - -c 'rm -f convirt/paster.pid; cd convirt && ./convirt-ctl start >convirt.log 2> convirt.err' convirt
댓글