目标:
很多用户在OpenStack启动一个虚拟机,选择了一个云主机配置类型,例如2CPU 4GB内存,使用了一段时间,感觉这个配置并不能满足需求,所以希望能够提高配置,那么OpeNStack的管理界面可以对该云主机实例进行重新调整,但是在实际操作中会出现一些错误,这些错误可能在相关日志表现为如下问题:
Command: ssh 192.168.18.43 mkdir -p /var/lib/nova/instances/eac0e362-352f-45ad-b503-d28e588691be
Exit code:
Stdout: ''
Stderr: 'Host key verification failed.\r\n'. Setting instance vm_state to ERROR
原因:
OpenStack的云主机配置类型的修改,其实相当于做了一个云主机在不同宿主机的迁移,所以需要在相关迁移云主机进行无密码访问,
由于OpenStack是由Nova组件来管理云主机,所以需要对Nova用户进行无密码访问。
步骤:
.编辑/etc/passwd
改为:nova:x:::OpenStack Nova Daemons:/var/lib/nova:/bin/sh
.passwd nova
.计算节点间实现无密码登录
3.1 su - nova
[root@compute10 ~]# su - nova
-sh-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa):
Created directory '/var/lib/nova/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sSsbIWOSsmmWjWY1536wRp5fToNnfGca0Bc1Q71c0Og nova@compute35
The key's randomart image is:
+---[RSA 2048]----+
| oO.|
| o *|
| . o. o|
| . o. Eo |
|. oo+.. S. . . |
| +=o+= .o.. . |
|oB .o.*..B o o |
|= .= =* o = |
| ..+. . . |
+----[SHA256]-----+ -sh-4.2$ ssh-copy-id -i compute13 #如需要,这里需要修改hosts文件;如果想实现互相调整云主机大小的话,两边都需要执行这条命令
-sh-4.2$ ssh compute13 #测试是否成功,如果不需密码则成功
需要注意:
注意:记得修改权限
chown nova.nova /var/lib/nova/.ssh/
chmod /var/lib/nova/.ssh/authorized_keys
chmod /var/lib/nova/.ssh/id_rsa
情景:
.之前遇到过一个问题:节点16和17计算做了免密码登录,还是需要密码
我把节点16的权限改一下:
原来的权限:
[root@compute16 .ssh]# ls -ld /var/lib/nova/.ssh/
drwxrwxrwx root root Jan : /var/lib/nova/.ssh/
改为:
chmod /var/lib/nova/.ssh/
[root@compute16 .ssh]# ls -ld
drwx------ root root Jan : . 结果出现Permission denied
[root@compute10 ~]# su - nova
Last login: Wed Jan :: CST on pts/
-sh-4.2$ ssh-copy-id compute16
The authenticity of host 'compute16 (10.0.0.106)' can't be established.
ECDSA key fingerprint is ::d0:3e::dc:dd:c9::3f::ad:3a:b1::8e.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: key(s) remain to be installed -- if you are prompted now it is to install the new keys
nova@compute16's password:
sh: .ssh/authorized_keys: Permission denied
对比一下其他节点和节点16的权限:
[root@compute10 ~]# ls -ld /var/lib/nova/.ssh/
drwx------ nova nova Jan : /var/lib/nova/.ssh/ [root@compute16 .ssh]# ls -ld /var/lib/nova/.ssh/
drwx------ root root Jan : /var/lib/nova/.ssh/
结果发现:属组和属主不一样
修改一下节点16的属组和属主
chown nova.nova /var/lib/nova/.ssh/
结果还是不能实现免密码登录
查看/var/log/secure,发现:
[root@compute16 .ssh]# tail - /var/log/secure|grep -i "Authentication"
Jan :: compute16 sshd[]: Authentication refused: bad ownership or modes for directory /var/lib/nova
Jan :: compute16 sshd[]: Authentication refused: bad ownership or modes for directory /var/lib/nova
Jan :: compute16 sshd[]: Authentication refused: bad ownership or modes for directory /var/lib/nova
查看:
[root@compute16 nova]# ls -ld /var/lib/nova
drwxrwxrwx nova nova Sep : .
发现权限设置不对:
准确的做法:
chmod /var/lib/nova
参考:
http://blog.csdn.net/chinagissoft/article/details/50293981
http://ipinco.blog.51cto.com/2929516/1738860