Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
OpenStack Cloud Computing Cookbook

You're reading from   OpenStack Cloud Computing Cookbook Over 100 practical recipes to help you build and operate OpenStack cloud computing, storage, networking, and automation

Arrow left icon
Product type Paperback
Published in Jan 2018
Publisher Packt
ISBN-13 9781788398763
Length 398 pages
Edition 4th Edition
Languages
Arrow right icon
Authors (4):
Arrow left icon
James Denton James Denton
Author Profile Icon James Denton
James Denton
Egle Sigler Egle Sigler
Author Profile Icon Egle Sigler
Egle Sigler
Cody Bunch Cody Bunch
Author Profile Icon Cody Bunch
Cody Bunch
Kevin Jackson Kevin Jackson
Author Profile Icon Kevin Jackson
Kevin Jackson
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

OpenStack Cloud Computing Cookbook Fourth Edition
Contributors
Preface
Another Book You May Enjoy
1. Installing OpenStack with Ansible FREE CHAPTER 2. The OpenStack Client 3. Keystone – OpenStack Identity Service 4. Neutron – OpenStack Networking 5. Nova – OpenStack Compute 6. Glance – OpenStack Image Service 7. Cinder – OpenStack Block Storage 8. Swift – OpenStack Object Storage 9. OpenStack Orchestration Using Heat and Ansible 10. Using OpenStack Dashboard Index

Root SSH keys configuration


Ansible is designed to help system administrators drive greater efficiency in the datacenter by being able to configure and operate many servers using orchestration playbooks. In order for Ansible to be able to fulfill its duties, it needs an SSH connection on the Linux systems it is managing. Furthermore, in order to have a greater degree of freedom and flexibility, a hands-off approach using SSH public private key pairs is required.

As the installation of OpenStack is expected to run as root, this stage expects the deployment host's root public key to be propagated across all servers.

Getting ready

Ensure that you are root on the deployment host. In most cases, this is the first infrastructure controller node that we have named for the purposes of this book to be called infra01. We will be assuming that all Ansible commands will be run from this host, and that it expects to be able to connect to the rest of the servers on this network over the host network via SSH.

How to do it…

In order to allow a hands-free, orchestrated OpenStack-Ansible deployment, follow these steps to create and propagate root SSH public key of infra01 across all servers required of the installation:

  1. As root, execute the following command to create an SSH key pair:

    ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
    

    The output should look similar to this:

    Generating public/private rsa key pair.
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:q0mdqJI3TTFaiLrMaPABBboTsyr3pRnCaylLU5WEDCw root@infra01
    The key's randomart image is:
    +---[RSA 2048]----+
    |ooo ..           |
    |E..o. .          |
    |=. . +           |
    |.=. o +          |
    |+o . o oS        |
    |+oo . .o       |
    |B=++.o+ +        |
    |*=B+oB.o         |
    |o+.o=.o          |
    +----[SHA256]-----+
    
  2. This has created two files in /root/.ssh, called id_rsa and id_rsa.pub. The file, id_rsa is the private key, and must not be copied across the network. It is not required to be anywhere other than on this server. The file, id_rsa.pub, is the public key and can be shared to other servers on the network. If you have other nodes (for example, named infra02), use the following to copy this key to that node in your environment:

    ssh-copy-id root@infra02
    

    Note

    Tip: Ensure that you can resolve infra02 and the other servers, else amend the preceding command to use its host IP address instead.

  3. Now repeat step 2 for all servers on your network.

  4. Important: finally, ensure that you execute the following command to be able to SSH to itself:

    ssh-copy-id root@infra01
    
  5. Test that you can ssh, as the root user, from infra01 to other servers on your network. You should be presented with a Terminal ready to accept commands if successful, without being prompted for a passphrase. Consult /var/log/auth.log on the remote server if this behavior is incorrect.

How it works…

We first generated a key pair file for use by SSH. The -t option specified the rsa type encryption, -f specified the output of the private key, where the public portion will get .pub appended to its name, and -N "" specified that no passphrase is to be used on this key. Consult your own security standards if the presented options differ from your company's requirements.

You have been reading a chapter from
OpenStack Cloud Computing Cookbook - Fourth Edition
Published in: Jan 2018
Publisher: Packt
ISBN-13: 9781788398763
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image