nova 冷迁移配置nova用户互信
2017-07-06 15:53
190 查看
openstack 虚拟机冷迁移是nova用户通过scp命令将镜像文件拷贝至目标服务器,该过程需要设置nova用户各个节点之间(如compute81、compute82、compute83)互信,操作如下:
方案1:
#查看nova用户状态
[root@linux-node1 ~]# cat /etc/passwd|grep nova
nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
#/sbin/nologin说明此时nova用户无法登录bash
#修改nova允许登录bash
[root@linux-node1 ~]# usermod -s /bin/bash nova
#查看修改后内容
[root@linux-node1 ~]# cat /etc/passwd|grep nova
nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/bin/bash
#给nova用户创建密码
[root@linux-node1 ~]# passwd nova
Changing password for user nova.
New password: nova
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: nova
passwd: all authentication tokens updated successfully.
#切换用户
[root@linux-node1 ~]# su - nova
#创建秘钥对
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
1a:58:b0:cf:b7:df:9d:c3:e6:47:09:26:e1:2b:42:b5 nova@compute83
The key's randomart image is:
#将公钥拷贝至其他计算节点
ssh-copy-id -i .ssh/id_rsa.pub nova@compute82
ssh-copy-id -i .ssh/id_rsa.pub nova@compute83
#验证是否能免密码ssh到目标服务器
-bash-4.2$ ssh nova@compute82
-bash-4.2$ ssh nova@compute83
#其他服务器重复以上过程
方案2:
若节点过多以上过程工作量会很繁琐,且当有新节点加入时需要所有节点操作互信新节点,一种简单的方式是所有节点共用一套公钥、私钥
本示例共三个节点compute81、compute82、compute83
#compute81生成公钥、私钥
-bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
2b:84:f9:39:0f:3e:f1:2b:4e:26:a2:f4:52:b4:20:d8 nova@compute81
The key's randomart image is:
#在compute81 /var/lib/nova/.ssh目录下创建config文件,内容如下
Host *
StrictHostKeyChecking no #首次ssh不会显示确认信息
#在compute81生成authorized_keys文件
ssh-copy-id nova@compute81
#将compute81上authorized_keys config id_rsa拷贝至其他节点
scp authorized_keys config id_rsa nova@compute82:~/.ssh/
scp authorized_keys config id_rsa nova@compute83:~/.ssh/
#至此各节点已经完成互信,可以互相免密码访问,秘钥登录过程为:
发起方数据包经过私钥(id_rsa)加密->对端使用authorized_keys中的公钥解密,由于所有节点公钥秘钥对相同,所以能完成验证、互信.
验证过程中也发现authorized_keys中如果存在多个公钥,会像iptables规则一样逐个尝试解密
方案1:
#查看nova用户状态
[root@linux-node1 ~]# cat /etc/passwd|grep nova
nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
#/sbin/nologin说明此时nova用户无法登录bash
#修改nova允许登录bash
[root@linux-node1 ~]# usermod -s /bin/bash nova
#查看修改后内容
[root@linux-node1 ~]# cat /etc/passwd|grep nova
nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/bin/bash
#给nova用户创建密码
[root@linux-node1 ~]# passwd nova
Changing password for user nova.
New password: nova
BAD PASSWORD: The password is shorter than 8 characters
Retype new password: nova
passwd: all authentication tokens updated successfully.
#切换用户
[root@linux-node1 ~]# su - nova
#创建秘钥对
-bash-4.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
1a:58:b0:cf:b7:df:9d:c3:e6:47:09:26:e1:2b:42:b5 nova@compute83
The key's randomart image is:
#将公钥拷贝至其他计算节点
ssh-copy-id -i .ssh/id_rsa.pub nova@compute82
ssh-copy-id -i .ssh/id_rsa.pub nova@compute83
#验证是否能免密码ssh到目标服务器
-bash-4.2$ ssh nova@compute82
-bash-4.2$ ssh nova@compute83
#其他服务器重复以上过程
方案2:
若节点过多以上过程工作量会很繁琐,且当有新节点加入时需要所有节点操作互信新节点,一种简单的方式是所有节点共用一套公钥、私钥
本示例共三个节点compute81、compute82、compute83
#compute81生成公钥、私钥
-bash-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
2b:84:f9:39:0f:3e:f1:2b:4e:26:a2:f4:52:b4:20:d8 nova@compute81
The key's randomart image is:
#在compute81 /var/lib/nova/.ssh目录下创建config文件,内容如下
Host *
StrictHostKeyChecking no #首次ssh不会显示确认信息
#在compute81生成authorized_keys文件
ssh-copy-id nova@compute81
#将compute81上authorized_keys config id_rsa拷贝至其他节点
scp authorized_keys config id_rsa nova@compute82:~/.ssh/
scp authorized_keys config id_rsa nova@compute83:~/.ssh/
#至此各节点已经完成互信,可以互相免密码访问,秘钥登录过程为:
发起方数据包经过私钥(id_rsa)加密->对端使用authorized_keys中的公钥解密,由于所有节点公钥秘钥对相同,所以能完成验证、互信.
验证过程中也发现authorized_keys中如果存在多个公钥,会像iptables规则一样逐个尝试解密
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Moveuser迁移工作组的用户配置到域用户
- moveuser迁移工作组的用户配置到域
- 迁移工作组环境下用户配置文件到域用户
- 迁移用户配置文件
- 计算机本地用户配置文件如何迁移至域账户
- 不同域用户配置文件迁移(仅限XP)
- kilo版openstack配置nova互信,从而完成migrate操作
- 测试本地用户配置文件迁移到域用户
- moveuser迁移工作组的用户配置到域用户
- 21天让你成为Horizon View高手—Day21:用户配置文件迁移工具
- Cuyahoga研究之 用户配置数据的处理
- SQL Server2000-数据库迁移及孤立用户的解决办法
- WSS站点迁移时需要注意用户SID的问题
- 配置文件的使用——在线用户统计
- VSFTP配置虚拟用户
- XP用户配置文件消失之迷
- 终于成功配置了sendmail为本地用户转发邮件
- VSTS2005用户配置步骤
- [原创]TestLink 1.6 用户手册(一):安装配置手册
- 用户(User)和用户组(Group)配置文件详解